Usage of deprecated PHP functions
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	• bzimport
	Feb 8 2011, 9:58 PM

Description

Author: wikimedia

Description:
Deprecated PHP functions are used in the PHP code.

#!/bin/bash

PHP 5.3 Deprecated function checker #
Author: Michiel Roos <michiel@donationbasedhosting.org>
http://www.php.net/manual/en/migration53.deprecated.php
Please note that there will be some false positives. Some PHP code is mixed
with JS code. In JS 'split' is still a valid function. #

deprecatedFunctions=(

call_user_method
call_user_method_array
define_syslog_variables
dl
ereg
ereg_replace
eregi
eregi_replace
set_magic_quotes_runtime
session_register
session_unregister
session_is_registered
set_socket_blocking
split
spliti
sql_regcase
mysql_db_query
mysql_escape_string

while [ $i -lt $len ]; do

echo "  // checking for '${deprecatedFunctions[$i]}()'"
grep -rn --color --include=*.php "[^a-zA-Z_]${deprecatedFunctions[$i]}(" *;
echo ""
let i++

done

// checking for 'dl()'

config/Installer.php:348: if( extension_loaded( $compname ) || ( mw_have_dl() && dl( "{$compname}." . PHP_SHLIB_SUFFIX ) ) ) {
HISTORY:2595:* (bug 11013) Make sure dl() is available before attempting to use it to check
includes/DifferenceEngine.php:438: dl('php_wikidiff.so');
includes/DifferenceEngine.php:448: @dl('php_wikidiff2.so');
includes/MimeMagic.php:105: if(!extension_loaded('fileinfo')) dl('fileinfo.' . PHP_SHLIB_SUFFIX);
includes/db/DatabaseMssql.php:71: @dl('mssql.so');
includes/db/DatabaseMysql.php:30: @dl('mysql.so');
includes/db/DatabaseIbm_db2.php:488: @dl('ibm_db2.so');
includes/diff/DifferenceInterface.php:656: dl( 'php_wikidiff.so' );
includes/diff/DifferenceInterface.php:663: dl( 'php_wikidiff2.so' );
includes/Database.php:567: @dl('mysql.so');
includes/normal/UtfNormalTest.php:48: dl( 'php_utfnormal.so' );
includes/normal/UtfNormalBench.php:29: dl( 'php_utfnormal.so' );
includes/normal/CleanUpTest.php:27: dl( 'php_utfnormal.so' );
install-utils.inc:128: * Is dl() available to us?
install-utils.inc:130: * According to http://uk.php.net/manual/en/function.dl.php, dl()

// checking for 'ereg()'

includes/db/DatabaseMssql.php:568:# if (ereg('_id$',$keys[0])) {
includes/db/DatabaseMssql.php:577:# if (ereg('_id$',$keys[0]) && empty($a[$keys[0]])) unset($a[$keys[0]]); # remove primary-key column from insert list if empty value
includes/db/DatabaseMssql.php:879: return ereg("^(.+[0-9]+\\.[0-9]+\\.[0-9]+) ",$row[0],$m) ? $m[1] : $row[0];
includes/SpecialUpload.php:516: && ereg( "[0-9]{2}" , substr( $partname , 0, 2) ) )
maintenance/fuzz-tester.php:2623: if (!ereg("(.*)" . str_replace(".", "\.", DATA_FILE) . "$", $file, $matches)) continue;

// checking for 'ereg_replace()'

includes/db/DatabaseMssql.php:836: $sql = ereg_replace("^SELECT", "SELECT TOP $limit", $sql);

// checking for 'eregi()'

includes/SpecialUpload.php:1133: if (eregi("<!DOCTYPE *X?HTML",$chunk)) return true;

// checking for 'split()'

includes/filerepo/ICRepo.php:179: list($key,$value) = split("=",$match);

// checking for 'mysql_escape_string()'

maintenance/namespace2sql.php:9: $nsname = mysql_escape_string( $wgLang->getNsText( $i ) );
maintenance/namespace2sql.php:10: $dbname = mysql_escape_string( $wgDBname );

Version: 1.16.x
Severity: enhancement

Details

Reference: bz27265

Event Timeline

• bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:20 PM

• bzimport added a project: MediaWiki-General.

• bzimport set Reference to bz27265.

• bzimport added a subscriber: Unknown Object (MLST).

• bzimport created this task.Feb 8 2011, 9:58 PM

wikimedia wrote:

Sorry,

The real output against 1.16.2 is as follows:

// checking for 'dl()'

config/Installer.php:348: if( extension_loaded( $compname ) || ( mw_have_dl() && dl( "{$compname}." . PHP_SHLIB_SUFFIX ) ) ) {
HISTORY:2595:* (bug 11013) Make sure dl() is available before attempting to use it to check
includes/MimeMagic.php:105: if(!extension_loaded('fileinfo')) dl('fileinfo.' . PHP_SHLIB_SUFFIX);
includes/db/DatabaseMssql.php:71: @dl('mssql.so');
includes/db/DatabaseMysql.php:30: @dl('mysql.so');
includes/db/DatabaseIbm_db2.php:488: @dl('ibm_db2.so');
includes/diff/DifferenceInterface.php:656: dl( 'php_wikidiff.so' );
includes/diff/DifferenceInterface.php:663: dl( 'php_wikidiff2.so' );
includes/normal/UtfNormalTest.php:48: dl( 'php_utfnormal.so' );
includes/normal/UtfNormalBench.php:29: dl( 'php_utfnormal.so' );
includes/normal/CleanUpTest.php:27: dl( 'php_utfnormal.so' );

// checking for 'ereg()'

includes/db/DatabaseMssql.php:568:# if (ereg('_id$',$keys[0])) {
includes/db/DatabaseMssql.php:577:# if (ereg('_id$',$keys[0]) && empty($a[$keys[0]])) unset($a[$keys[0]]); # remove primary-key column from insert list if empty value
includes/db/DatabaseMssql.php:879: return ereg("^(.+[0-9]+\\.[0-9]+\\.[0-9]+) ",$row[0],$m) ? $m[1] : $row[0];
maintenance/fuzz-tester.php:2623: if (!ereg("(.*)" . str_replace(".", "\.", DATA_FILE) . "$", $file, $matches)) continue;

// checking for 'ereg_replace()'

includes/db/DatabaseMssql.php:836: $sql = ereg_replace("^SELECT", "SELECT TOP $limit", $sql);

I disagree with dl() There is a usage for that (and note it is not marked as deprecated in www.php.net).

Thanks for the list. I have added it to check-vars.php in r81784.

You seem to be checking an old version. There's no longer a file includes/SpecialUpload.php It has been moved to specials folder. Other instances such as ereg or split are also fixed.

wikimedia wrote:

Please read here:
http://php.net/manual/en/migration53.deprecated.php

And here:
http://www.php.net/manual/en/function.dl.php

It says:
Warning, This function has been removed from some SAPI's in PHP 5.3.

The changelog for 5.3.0 states:
5.3.0 dl() is now disabled in some SAPI's due to stability issues. The only SAPI's that allow dl() are: CLI, CGI and Embed. Use the Extension Loading Directives instead.

Do as you wish.

I'm just the messenger.

;-)

Though amusingly

Use extension_loaded() to test whether a given extension is already available or not. This works on both built-in extensions and dynamically loaded ones (either through php.ini or dl()

But never tells you how to then load them afterwards if you need to

Use the wfDl() wrapper if you must use dl().

It bails if you can't use dl() (either due to deprecation or safe_mode).

So what is it exactly that needs to be fixed to close this bug?

sumanah wrote:

Michiel, would you like to regenerate your list against the current codebase?

(In reply to comment #6)

So what is it exactly that needs to be fixed to close this bug?

I think the only real offender here is any code in core still calling dl() by hand, but I think we've cleaned most of that up. All the ereg's are gone too.

I think if anyone finds other deprecated functions we're using they can just open a new bug. Leaving this open for any possible deprecated functions to be listed is not really necessary.

Also: https://www.mediawiki.org/wiki/User:MaxSem/PHP_5.3_warnings

wikimedia wrote:

The output against svn phase3 is:

// checking for 'dl()'

HISTORY:418:* (bug 16902) Installer spews warnings when exec() and dl() are not available
HISTORY:4023:* (bug 11013) Make sure dl() is available before attempting to use it to check
includes/normal/UtfNormalMemStress.php:30: dl( 'php_utfnormal.so' );
includes/normal/UtfNormalTest.php:49: dl( 'php_utfnormal.so' );
includes/normal/UtfNormalBench.php:28: dl( 'php_utfnormal.so' );
includes/GlobalFunctions.php:2398: * Wrapper function for PHP's dl(). This doesn't work in most situations from
includes/GlobalFunctions.php:2426: dl( $fileName . '.' . PHP_SHLIB_SUFFIX );

Where the GlobalFunctions.php and HISTORY hits are false positives.

And those things in includes/normal are cli scripts anyway, so they don't matter.

I think we can close this FIXED.

Usage of deprecated PHP functionsClosed, ResolvedPublicActions

Description

done

Details

Event Timeline

Usage of deprecated PHP functions
Closed, ResolvedPublic
Actions