9 1. Changes to INI directives
10 2. Changes to reserved words and classes
11 3. Changes to engine behavior
12 4. Changes to existing functions
13 5. Changes to existing classes
14 6. Changes to existing methods
15 7. Deprecated Functionality
16 8. Removed Functionality
20 d. Removed hash algorithms
22 a. Extensions no longer maintained
23 b. Extensions with changed behavior
24 10. Changes in SAPI support
30 d. New global constants
33 g. New hash algorithms
35 =============================
36 1. Changes to INI directives
37 =============================
39 - PHP 5.4 now checks at compile time if /dev/urandom or /dev/arandom
40 are present. If either is available, session.entropy_file now
41 defaults to that file and session.entropy_length defaults to 32.
42 This provides non-blocking entropy to session id generation. If you
43 do not want extra entropy for your session ids, add:
46 session.entropy_length=0
48 to your php.ini to preserve pre-PHP 5.4 behavior.
50 - Deprecated php.ini directives will now throw an E_CORE_WARNING's
51 instead of the previous E_WARNING's.
53 - The following php.ini directives are no longer available in PHP 5.4
54 and will now throw an E_CORE_ERROR upon startup:
55 - allow_call_time_pass_reference
56 - define_syslog_variables
59 - magic_quotes_runtime
62 - register_long_arrays
65 - safe_mode_include_dir
67 - safe_mode_allowed_env_vars
68 - safe_mode_protected_env_vars
69 - session.bug_compat_42
70 - session.bug_compat_warn
72 - zend.ze1_compatibility_mode
74 - the following new php.ini directives were added:
75 - max_input_vars - specifies how many GET/POST/COOKIE input
76 variables may be accepted. The default value is 1000.
78 - E_ALL now includes E_STRICT.
80 - The recommended production value for error_reporting changed to E_ALL &
81 ~E_DEPRECATED & ~E_STRICT.
83 - Added new session support directives:
84 session.upload_progress.enabled
85 session.upload_progress.cleanup
86 session.upload_progress.prefix
87 session.upload_progress.name
88 session.upload_progress.freq
89 session.upload_progress.min_freq
91 - Added a zend.multibyte directive as a replacement of the PHP compile time
92 configuration option --enable-zend-multibyte. Now the Zend Engine always
93 contains code for multibyte support, which can be enabled or disabled at
94 runtime. Note: It doesn't make a lot of sense to enable this option if
95 ext/mbstring is not enabled, because most functionality is implemented by
98 - Added zend.script_encoding. This value will be used unless a
99 "declare(encoding=...)" directive appears at the top of the script.
101 - Added zend.signal_check to check for replaced signal handlers on shutdown
103 - Added enable_post_data_reading, which is enabled by default. When it's
104 disabled, the POST data is not read (or processed); the behavior is similar
105 to that of other request methods with body, like PUT. This allows reading
106 the raw POST data in multipart requests and reading/processing the POST data
107 in a stream fashion (through php://input) without having it copied in memory
110 - Added windows_show_crt_warning. This directive shows the CRT warnings when
111 enabled. These warnings were displayed by default until now. It is disabled
114 - Added cli.pager to set a pager for CLI interactive shell output.
116 - Added cli.prompt to configure the CLI interactive shell prompt.
118 - Added cli_server.color to enable the CLI web server to use ANSI color coding
121 ========================================
122 2. Changes to reserved words and classes
123 ========================================
125 - "callable", "insteadof" and "trait" are now reserved words.
127 =============================
128 3. Changes to engine behavior
129 =============================
131 - The __construct arguments of an extended abstract constructor must
136 abstract public function __construct();
138 class Foo extends Base
140 public function __construct($bar) {}
143 This now emits a Fatal error due the incompatible declaration.
145 - In previous versions, superglobal names could be used for parameter
146 names, thereby shadowing the corresponding superglobal. In PHP 5.4
147 this now causes a fatal error such as "Cannot re-assign auto-global
150 - Turning null, false or an empty string into an object by adding a
151 property will now emit a warning instead of an E_STRICT error.
156 To create a generic object you can use StdClass:
158 $test = new StdClass;
161 - Converting an array to a string now will cause an E_NOTICE warning.
163 - Non-numeric string offsets, e.g. $a['foo'] where $a is a string, now
164 return false on isset() and true on empty(), and produce warning if
165 trying to use them. Offsets of types double, bool and null produce
166 notice. Numeric strings ($a['2']) still work as before.
168 Note that offsets like '12.3' and '5 and a half' are considered
169 non-numeric and produce warning, but are converted to 12 and 5
170 respectively for backwards compatibility reasons.
172 - Long numeric strings that do not fit in integer or double (such as
173 "92233720368547758070") are compared using string comparison if
174 they could otherwise result in precision loss - since 5.4.4.
176 - Closures now support scopes and $this and can be rebound to
177 objects using Closure::bind() and Closure::bindTo().
179 - <?= is now always available regardless of the short_open_tag
182 - Parse error messages are changed to contain more information about
185 - __clone and __destruct since 5.4.4 follow the same scoping rules as
186 the rest of the methods (see bug #61782 for details).
188 ================================
189 4. Changes to existing functions
190 ================================
192 - array_combine now returns array() instead of FALSE when two empty arrays are
193 provided as parameters.
195 - dns_get_record() has an extra parameter which allows requesting DNS records
196 by numeric type and makes the result include only the raw data of the
199 - call_user_func_array() no longer allows call-time pass by reference.
201 - the default character set for htmlspecialchars() and htmlentities() is
202 now UTF-8. In previous versions it was ISO-8859-1. Note that changing
203 your output charset via the php.ini default_charset directive does not
204 affect htmlspecialchars/htmlentities unless you are passing "" (an
205 empty string) as the encoding parameter to your htmlspecialchars/htmlentities
208 - htmlentities() and htmlspecialchars() are stricter in the code units they
209 accept for the asian encodings. For Big5-HKSCS, the octets 0x80 and 0xFF are
210 rejected. For GB2312/EUC-CN, the octets 0x8E, 0x8F, 0xA0 and 0xFF are
211 rejected. For SJIS, the octets 0x80, 0xA0, 0xFD, 0xFE and 0xFF are rejected,
212 except maybe after a valid starting byte. For EUC-JP, the octets 0xA0 and
215 - htmlentities() now emits an E_STRICT warning when used with asian characters,
216 as in that case htmlentities has (and already had before this version) the
217 same functionality as htmlspecialchars.
219 - htmlentities() no longer numerically encodes high characters for single-byte
220 encodings (except when there's actually a corresponding named entity). This
221 behavior was not documented and was inconsistent with that for "UTF-8".
223 - html_entity_decode() and htmlspecialchars_decode() behave more consistently,
224 now decoding entities in malformed strings such as "&&" or "&#&".
226 - htmlentities(), htmlspecialchars(), html_entity_decode(), and
227 htmlspecialchars_decode: Added the flags ENT_HTML401, ENT_XML1, ENT_XHTML,
228 and ENT_HTML5. The behavior of these functions including, but not limited to,
229 the characters that are encoded and the entities that are decoded depend on
230 the document type that is specified by those flags.
232 - htmlentities() and htmlspecialchars() with !$double_encode do more strict
233 checks on the validity of the entities. Numerical entities are checked for a
234 valid range (0 to 0x10FFFF); if the flag ENT_DISALLOWED is given, the
235 validity of such numerical entity in the target document type is also
236 checked. Named entities are checked for necessary existence in the target
237 document type instead of only checking whether they were constituted by
238 alphanumeric characters.
240 - The flag ENT_DISALLOWED was added. In addition to the behavior described in
241 the item before, it also makes htmlentities() and htmlspecialchars()
242 substitute characters that appear literally in the argument string and which
243 are not allowed in the target document type with U+FFFD (UTF-8) or �.
245 - The flag ENT_SUBSTITUTE was added. This flag makes invalid multibyte
246 sequences be replaced by U+FFFD (UTF-8) or &#FFFD; by htmlspecialchars() and
247 htmlentities(). It is an alternative to the default behavior, which just
248 returns an empty string and to ENT_IGNORE, which is a security risk. The
249 behavior follows the recommendations of Unicode Technical Report #36.
251 - htmlspecialchars_decode() and html_entity_decode() now decode ' if the
252 document type is ENT_XML1, ENT_XHTML, or ENT_HTML5.
254 - Charset detection with $charset == '' no longer turns to mbstring's
255 internal encoding defined through mb_internal_encoding(). Only the encoding
256 defined through the php.ini setting mbstring.internal_encoding is considered.
258 - number_format() no longer truncates multibyte decimal points and thousand
259 separators to the first byte.
261 - The third parameter ($matches) to preg_match_all() is now optional. If
262 omitted, the function will simply return the number of times the pattern was
263 matched in the subject and will have no other side effects.
265 - The second argument of scandir() now accepts SCANDIR_SORT_NONE (2) as a
266 possible value. This value results in scandir() performing no sorting: on
267 local filesystems, this allows files to be returned in native filesystem
270 - stream_select() now preserves the keys of the passed array, be they numeric or
271 strings. This breaks code that iterated the resulting stream array using a
272 numeric index, but makes easier to identify which of the passed streams are
273 present in the result.
275 - stream_set_write_buffer() no longer disables the read buffer of a plain
276 stream when 0 is given as the second argument.
278 - stream_set_write_buffer() no longer changes the chunk size in socket streams.
280 - fclose() closes streams with resource refcount > 1; it doesn't merely
281 decrement the resource refcount.
283 - socket_set_options() and socket_get_options() now support multicast options.
285 - The raw data parameter in openssl_encrypt() and openssl_decrypt() is now an
286 options integer rather than a boolean. A value of true produces the same
289 - Write operations within XSLT (for example with the extension sax:output) are
290 disabled by default. You can define what is forbidden with the method
291 XsltProcess::setSecurityPrefs($options).
293 - Added AES support to OpenSSL.
295 - openssl_csr_new() expects the textual data to be in UTF-8.
297 - Added no-padding option to openssl_encrypt() and openssl_decrypt().
299 - Added a "no_ticket" SSL context option to disable the SessionTicket TLS
302 - Added new json_encode() options: JSON_PRETTY_PRINT, JSON_UNESCAPED_SLASHES,
303 JSON_NUMERIC_CHECK, JSON_BIGINT_AS_STRING, JSON_UNESCAPED_UNICODE.
305 - Added Tokyo Cabinet and Berkley DB 5 support to DBA extension.
307 - Added support for CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE
310 - Added optional argument to debug_backtrace() and debug_print_backtrace()
311 to limit the amount of stack frames returned.
313 - Fixed crypt_blowfish handling of 8-bit characters. crypt() in Blowfish mode
314 now supports hashes marked $2a$, $2x$, $2y$ and $2z$.
316 - mbstring now supports following encodings: Shift_JIS/UTF-8 Emoji,
317 JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004),
318 MacJapanese (Shift_JIS), gb18030.
320 - Added encode and decode in hex format to mb_encode_numericentity() and
321 mb_decode_numericentity().
323 - Added support for SORT_NATURAL and SORT_FLAG_CASE in array sort functions:
324 sort(), rsort(), ksort(), krsort(), asort(), arsort() and array_multisort().
326 - is_a() and is_subclass_of() now have third boolean parameter, which specifies
327 if the first argument can be a string class name. Default if false for is_a
328 and true for is_subclass_of() for BC reasons.
330 - ob_start() will now treat a chunk size of 1 as meaning 1 byte, rather than
331 the previous special case behavior of treating it as 4096 bytes.
333 - idn_to_ascii() and idn_to_utf8() now take two extra parameters, one indicating
334 the variant (IDNA 2003 or UTS #46) and another, passed by reference, to return
335 details about the operation in case UTS #46 is chosen.
337 - gzencode() used with FORCE_DEFLATE now generates RFC1950 compliant data.
339 - ob_start() no longer starts multiple output buffers when passed
340 array("callback1", "callback2", "callback3", ...).
342 - Since 5.4.4, "php://fd" stream syntax is available only in CLI build.
344 - Since 5.4.5, resourcebundle_create() accepts null for the first two arguments.
346 - Since 5.4.6, SimpleXMLElement::getDocNamespaces() has and extra parameter which
347 allows for toggling if the list of namespaces starts from the document root
348 or from the node you call the method on
350 - Since 5.4.7, ctor is always called when new user stream wrapper object is created.
351 Before, it was called only when stream_open was called.
353 ==============================
354 5. Changes to existing classes
355 ==============================
357 - Classes that implement stream wrappers can define a method called
358 stream_truncate that will respond to truncation, e.g. through ftruncate.
359 Strictly speaking, this is an addition to the user-space stream wrapper
360 template, not a change to an actual class.
362 - Classes that implement stream wrappers can define a method called
363 stream_metadata that will be called on touch(), chmod(), chgrp(), chown().
365 - Arrays cast from SimpleXMLElement now always contain all nodes instead of
366 just the first matching node.
368 - All SimpleXMLElement children are now always printed when using var_dump(),
369 var_export(), and print_r().
371 - Added iterator support in MySQLi. mysqli_result implements Traversable.
373 ==============================
374 6. Changes to existing methods
375 ==============================
377 - DateTime::parseFromFormat() now has a "+" modifier to allow trailing text in
378 the string to parse without throwing an error.
380 - Added the ability to pass options to DOMDocument::loadHTML().
382 - FilesystemIterator, GlobIterator and (Recursive)DirectoryIterator now use
383 the default stream context.
385 - Since 5.4.5, the constructor of ResourceBundle accepts NULL for the first two
388 ===========================
389 7. Deprecated Functionality
390 ===========================
392 - The following functions are deprecated in PHP 5.4:
393 - mcrypt_generic_end(): use mcrypt_generic_deinit() instead
396 ========================
397 8. Removed Functionality
398 ========================
402 The following features have been removed from PHP 5.4:
407 - Session extension bug compatibility mode
408 - Y2K compliance mode
412 The following functions are no longer available in PHP 5.4:
414 - define_syslog_variables()
415 - import_request_variables()
416 - session_is_registered()
418 - session_unregister()
419 - set_magic_quotes_runtime()
420 - mysqli_bind_param() (alias of mysqli_stmt_bind_param())
421 - mysqli_bind_result() (alias of mysqli_stmt_bind_result())
422 - mysqli_client_encoding() (alias of mysqli_character_set_name())
423 - mysqli_fetch() (alias of mysqli_stmt_fetch())
424 - mysqli_param_count() (alias of mysqli_stmt_param_count())
425 - mysqli_get_metadata() (alias of mysqli_stmt_result_metadata())
426 - mysqli_send_long_data() (alias of mysqli_stmt_send_long_data())
427 - mysqli::client_encoding() (alias of mysqli::character_set_name)
428 - mysqli_stmt::stmt() (never worked/always throws, undocumented)
435 d. Removed hash algorithms
437 - Salsa10 and Salsa20, which are actually stream ciphers
443 a. Extensions no longer maintained
445 - ext/sqlite is no longer part of the base distribution and has been moved
446 to PECL. Use sqlite3 or PDO_SQLITE instead.
448 b. Extensions with changed behavior
450 - The MySQL extensions (ext/mysql, mysqli and PDO_MYSQL) use mysqlnd
451 as the default library now. It is still possible to use libmysql by
452 specifying a path to the configure options.
454 - PDO_MYSQL: Support for linking with MySQL client libraries older
457 - The session extension now can hook into the file upload feature
458 in order to provide upload progress information through session
462 - Functions in SNMP extension now returns FALSE on every error
463 condition including SNMP-related (no such instance, end of MIB,
464 etc). Thus, in patricular, breaks previous behavior of get/walk
465 functions returning an empty string on SNMP-related errors.
466 - Multi OID get/getnext/set queries are now supported.
467 - New constants added for use in snmp_set_oid_output_format()
469 - Function snmp_set_valueretrieval() changed it's behavior:
470 SNMP_VALUE_OBJECT can be combined with one of
471 SNMP_VALUE_PLAIN or SNMP_VALUE_LIBRARY resulting OID value
472 changes. When no SNMP_VALUE_PLAIN or SNMP_VALUE_LIBRARY
473 is supplied with SNMP_VALUE_OBJECT, SNMP_VALUE_LIBRARY is used.
474 Prior to 5.4.0 when no SNMP_VALUE_PLAIN or SNMP_VALUE_LIBRARY
475 was supplied with SNMP_VALUE_OBJECT, SNMP_VALUE_PLAIN was used.
476 - Added feature-rich OO API (SNMP class)
477 - Dropped UCD-SNMP compatibility code. Consider upgrading to
478 net-snmp v5.3+. Net-SNMP v5.4+ is required for Windows version.
479 - In sake of adding support for IPv6 DNS name resolution of
480 remote SNMP agent (peer) is done by extension now, not by Net-SNMP
484 - Setting the timezone with the TZ environment variable is no longer
485 supported, instead date.timezone and/or date_default_timezone_set()
487 - The extension will no longer guess the default timezone if none
488 is set with date.timezone and/or date_default_timezone_set().
489 Instead it will always fall back to "UTC".
492 - the output of the tiger hash family has been corrected, see
493 https://bugs.php.net/61307
495 ===========================
496 10. Changes in SAPI support
497 ===========================
499 - A REQUEST_TIME_FLOAT value returns a floating point number indicating the
500 time with microsecond precision. All SAPIs providing this value should be
501 returning float and not time_t.
503 - apache_child_terminate(), getallheaders(), apache_request_headers()
504 and apache_response_headers() are now supported on FastCGI.
506 - The interactive shell allows a shortcut #inisetting=value to change php.ini
507 settings at run-time.
509 - The interactive shell now works with the shared readline extension.
511 - The interactive shell no longer terminates on fatal errors.
513 - A new PHP CLI command line option --rz <name> shows information about the
514 named Zend extension.
520 - is_link now works properly for symbolic links on Windows Vista
521 or later. Earlier systems do not support symbolic links.
523 - As of PHP 5.4.5 and above the COM extension isn't compiled statically in PHP
524 anymore but shared. It'll still be delivered with the standard PHP release but
525 must be activated manually with the "extension = php_com_dotnet.dll" directive
528 - Apache 2.4 handler is supported as of PHP 5.4.9
536 - A built-in CLI web server for testing purposes is now available:
537 $ php -S 127.0.0.1:8888
539 - File Upload Progress support is implemented in the Session extension.
545 public function sayHello() {
554 $hello = new CanIGetHello();
557 - Function call result array access, e.g.:
561 - Callable typehint indicating argument must be callable:
562 function foo(callable $do) {
566 $o = new ArrayObject();
567 foo(array($o, "count"));
569 - Short array syntax:
571 $a = ['one' => 1, 'two' => 2, 'three' => 3, 'four' => 4];
572 $a = ['one' => 1, 2, 'three' => 3, 4];
574 - Binary number format:
577 - Chained string array offsets now work.
581 - Anonymous functions now support using $this and class scope.
582 Anonymous function can be declared as "static" to ignore the scope.
584 - Class::{expr}() syntax is now supported:
586 static function foo() {
587 echo "Hello world!\n";
594 - Class member access on instantiation:
603 - get_declared_traits()
604 - getimagesizefromstring()
606 - header_register_callback()
607 - http_response_code()
608 - stream_set_chunk_size()
609 - socket_import_stream()
613 - transliterator_create()
614 - transliterator_create_from_rules()
615 - transliterator_create_inverse()
616 - transliterator_get_error_code()
617 - transliterator_get_error_message()
618 - transliterator_list_ids()
619 - transliterator_transliterate()
622 - ldap_control_paged_result()
623 - ldap_control_paged_result_response()
626 - libxml_set_external_entity_loader()
629 - mysqli_error_list()
630 - mysqli_stmt_error_list()
633 - pg_escape_identifier() (5.4.4)
634 - pg_escape_literal() (5.4.4)
637 - session_register_shutdown()
643 d. New global constants
645 - CURLOPT_MAX_RECV_SPEED_LARGE
646 - CURLOPT_MAX_SEND_SPEED_LARGE
655 - IPV6_MULTICAST_HOPS
657 - IPV6_MULTICAST_LOOP
661 - JSON_BIGINT_AS_STRING
662 - JSON_OBJECT_AS_ARRAY
664 - JSON_UNESCAPED_SLASHES
665 - JSON_UNESCAPED_UNICODE
666 - LIBXML_HTML_NODEFDTD
667 - LIBXML_HTML_NOIMPLIED
672 - MCAST_UNBLOCK_SOURCE
673 - MCAST_JOIN_SOURCE_GROUP
674 - MCAST_LEAVE_SOURCE_GROUP
675 - OPENSSL_CIPHER_AES_128_CBC
676 - OPENSSL_CIPHER_AES_192_CBC
677 - OPENSSL_CIPHER_AES_256_CBC
679 - OPENSSL_ZERO_PADDING
680 - PHP_OUTPUT_HANDLER_CLEAN
681 - PHP_OUTPUT_HANDLER_CLEANABLE
682 - PHP_OUTPUT_HANDLER_DISABLED
683 - PHP_OUTPUT_HANDLER_FINAL
684 - PHP_OUTPUT_HANDLER_FLUSH
685 - PHP_OUTPUT_HANDLER_FLUSHABLE
686 - PHP_OUTPUT_HANDLER_REMOVABLE
687 - PHP_OUTPUT_HANDLER_STARTED
688 - PHP_OUTPUT_HANDLER_STDFLAGS
689 - PHP_OUTPUT_HANDLER_WRITE
693 - PHP_SESSION_DISABLED
695 - SCANDIR_SORT_ASCENDING
696 - SCANDIR_SORT_DESCENDING
702 - STREAM_META_GROUP_NAME
704 - STREAM_META_OWNER_NAME
710 - ZLIB_ENCODING_DEFLATE
713 - U_IDNA_DOMAIN_NAME_TOO_LONG_ERROR
715 - IDNA_CHECK_CONTEXTJ
716 - IDNA_NONTRANSITIONAL_TO_ASCII
717 - IDNA_NONTRANSITIONAL_TO_UNICODE
718 - INTL_IDNA_VARIANT_2003
719 - INTL_IDNA_VARIANT_UTS46
720 - IDNA_ERROR_EMPTY_LABEL
721 - IDNA_ERROR_LABEL_TOO_LONG
722 - IDNA_ERROR_DOMAIN_NAME_TOO_LONG
723 - IDNA_ERROR_LEADING_HYPHEN
724 - IDNA_ERROR_TRAILING_HYPHEN
725 - IDNA_ERROR_HYPHEN_3_4
726 - IDNA_ERROR_LEADING_COMBINING_MARK
727 - IDNA_ERROR_DISALLOWED
728 - IDNA_ERROR_PUNYCODE
729 - IDNA_ERROR_LABEL_HAS_DOT
730 - IDNA_ERROR_INVALID_ACE_LABEL
732 - IDNA_ERROR_CONTEXTJ
737 - ReflectionZendExtension
753 - CallbackFilterIterator
754 - RecursiveCallbackFilterIterator
763 - ReflectionClass::getTraitAliases()
764 - ReflectionClass::getTraitNames()
765 - ReflectionClass::getTraits()
766 - ReflectionClass::isCloneable()
767 - ReflectionClass::isTrait()
768 - ReflectionClass::newInstanceWithoutConstructor()
769 - ReflectionExtension::isPersistent()
770 - ReflectionExtension::isTemporary()
771 - ReflectionFunction::getClosure()
772 - ReflectionFunction::getClosureScopeClass()
773 - ReflectionFunction::getClosureThis()
774 - ReflectionFunctionAbstract::getClosureScopeClass()
775 - ReflectionFunctionAbstract::getClosureThis()
776 - ReflectionMethod::getClosure()
777 - ReflectionMethod::getClosureScopeClass()
778 - ReflectionMethod::getClosureThis()
779 - ReflectionObject::getTraitAliases()
780 - ReflectionObject::getTraitNames()
781 - ReflectionObject::getTraits()
782 - ReflectionObject::isCloneable()
783 - ReflectionObject::isTrait()
784 - ReflectionObject::newInstanceWithoutConstructor()
785 - ReflectionParameter::canBePassedByValue()
786 - ReflectionParameter::isCallable()
792 - DirectoryIterator::getExtension()
793 - RegexIterator::getRegex()
794 - SplDoublyLinkedList::serialize()
795 - SplDoublyLinkedList::unserialize()
796 - SplFileInfo::getExtension()
797 - SplFileObject::fputcsv()
798 - SplObjectStorage::getHash()
799 - SplQueue::serialize
800 - SplQueue::unserialize
801 - SplStack::serialize
802 - SplStack::unserialize
803 - SplTempFileObject::fputcsv
806 - XsltProcessor::setSecurityPrefs()
807 - XsltProcessor::getSecurityPrefs()
813 g. New Hash algorithms