main: Deprecate deriving $_SERVER['argc'] and $_SERVER['argv'] from the query string#19606
main: Deprecate deriving $_SERVER['argc'] and $_SERVER['argv'] from the query string#19606TimWolla merged 6 commits intophp:masterfrom
Conversation
TimWolla
force-pushed
the
argc-argv-from-query
branch
from
6900d7e to
c1f22ff
Compare
TimWolla
force-pushed
the
argc-argv-from-query
branch
from
c1f22ff to
090baf3
Compare
TimWolla
force-pushed
the
argc-argv-from-query
branch
2 times, most recently
from
90a3ccd to
6086512
Compare
This INI is ignored since the previous commit, which makes the hardcoded setting obsolete.
TimWolla
force-pushed
the
argc-argv-from-query
branch
from
6086512 to
85f7cb1
Compare
main/php_variables.c
Outdated
| zend_hash_update(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZSTR_KNOWN(ZEND_STR_ARGC), argc); | ||
| } | ||
| } else if (PG(register_argc_argv)) { | ||
| zend_error(E_DEPRECATED, "Deriving $_SERVER['argc'] and $_SERVER['argv'] from $_SERVER['QUERY_STRING'] is deprecated, configure register_argc_argv=0 to suppress this message and access the query parameters via $_SERVER['QUERY_STRING'] or $_GET"); |
There was a problem hiding this comment.
Trying to make the message shorter while still accurate.
Accessing the query parameters might be a bad suggestion (as that might reintroduce the security issue)
| zend_error(E_DEPRECATED, "Deriving $_SERVER['argc'] and $_SERVER['argv'] from $_SERVER['QUERY_STRING'] is deprecated, configure register_argc_argv=0 to suppress this message and access the query parameters via $_SERVER['QUERY_STRING'] or $_GET"); | |
| zend_error(E_DEPRECATED, "Deriving $_SERVER['argv'] from the query string is deprecated, configure register_argc_argv=0 to turn this off."); |
There was a problem hiding this comment.
I would go with thisshortened variant, but also split it up in two sentences as I originally suggested, and maybe "this" -> "this message" ?
zend_error(E_DEPRECATED, "Deriving $_SERVER['argv'] from the query string is deprecated. Configure register_argc_argv=0 to turn this message off");
(make sure not to include the . at the end!)
There was a problem hiding this comment.
"this message", but also this deriving from behavior; that's why I didn't add message in my suggestion (but I understand it makes things a bit more implicit, while accurate :)
There was a problem hiding this comment.
I've used Derick's suggestion and used UPGRADING to put a little more explanation there.
Girgias
left a comment
Girgias
left a comment
There was a problem hiding this comment.
The implementation looks OK. I will let others judge the deprecation message content.
TimWolla
requested review from
a team and
nicolas-grekas
and removed request for
nicolas-grekas
| . Deriving $_SERVER['argc'] and $_SERVER['argv'] from the query string for non-CLI | ||
| SAPIs has been deprecated. Configure register_argc_argv=0 and switch to either | ||
| $_GET or $_SERVER['QUERY_STRING'] to access the information, after verifying | ||
| that the usage is safe. |
DanielEScherzer
left a comment
DanielEScherzer
left a comment
There was a problem hiding this comment.
RM approval, technical review not performed
Scanned the code and saw some extra whitespace in tests
| Testing $argc and $argv handling (GET empty) | ||
| --SKIPIF-- | ||
| <?php | ||
| if(substr(PHP_OS, 0, 3) == 'WIN') die("skip on windows: --INI-- is ignored due to 4b9cd27ff5c0177dcb160caeae1ea79e761ada58"); |
There was a problem hiding this comment.
| if(substr(PHP_OS, 0, 3) == 'WIN') die("skip on windows: --INI-- is ignored due to 4b9cd27ff5c0177dcb160caeae1ea79e761ada58"); | |
| if(substr(PHP_OS, 0, 3) == 'WIN') die("skip on windows: --INI-- is ignored due to 4b9cd27ff5c0177dcb160caeae1ea79e761ada58"); |
There was a problem hiding this comment.
This is consistent with tests/basic/011.phpt (which itself is consistent with ext/date/tests/date_default_timezone_get-1.phpt).
| Testing $argc and $argv handling (GET, register_argc_argv=0) | ||
| --SKIPIF-- | ||
| <?php | ||
| if(substr(PHP_OS, 0, 3) == 'WIN') die("skip on windows: --INI-- is ignored due to 4b9cd27ff5c0177dcb160caeae1ea79e761ada58"); |
There was a problem hiding this comment.
| if(substr(PHP_OS, 0, 3) == 'WIN') die("skip on windows: --INI-- is ignored due to 4b9cd27ff5c0177dcb160caeae1ea79e761ada58"); | |
| if(substr(PHP_OS, 0, 3) == 'WIN') die("skip on windows: --INI-- is ignored due to 4b9cd27ff5c0177dcb160caeae1ea79e761ada58"); |
| $response = $tester->request(); | ||
| echo "=====", PHP_EOL; | ||
| $response->printBody(); | ||
| echo "=====", PHP_EOL; |
There was a problem hiding this comment.
I prefer not to do formatting in tests but if you feel it's important, it should be added to printBody (adding new parameter). It's a NIT though.
There was a problem hiding this comment.
The purpose of the echo is to clearly delimit the body output to distinguish what is being printed by the subprocess vs what is being printed by the test script to make sure that the Deprecation is coming from the subprocess.
| @@ -0,0 +1,68 @@ | |||
| --TEST-- | |||
There was a problem hiding this comment.
NIT: I usually prefer not to use 001 names in FPM to see immediately from the test name what it is for which was quite useful for me. But it's not a huge issue if there are few such tests.
There was a problem hiding this comment.
There are already some tests that are even less explaining...
There was a problem hiding this comment.
I try to avoid those either, but in this case the two tests are very closely related and only differ in the INI value, so numbering them made sense to me.
7 participants
RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_register_argc_argv_ini_directive