Am 08.07.24 um 05:04 schrieb Juliette Reinders Folmer: [...]
I also don't agree that there are "more appropriate replacements available".The suggested `hash()` replacements for the md5/sha1* functions have the exact same functionality, which the RFC considers "incorrect use", so what are we actually solving by this deprecation ? Devs not having enough to do already ? The problem (for open source) with "force-replacing" the uses of `md5/sha1*` functions with the `hash` function calls, is that the hash extension was not part of PHP core until PHP 7.4, which means that for a significant number of open source projects, the replacement is not a one-on-one function call replacement, but needs guard code for PHP < 7.4 in case the hash extension is not available.
From the docs it looks like the hash function was part of the core since php 5.1.2 but perhaps I read that wrongly from the docs.
Anyhow, a replacement could possibly be to declare a userland function that then does the version check and either calls the respective function directly or delegates to the hash-function.
The replacement could be a
```
function md5_userland(string $string, bool $binary = false): string {
if (version_compare(PHP_VERSION, '7.4.0', '<')) {
return md5($string, $binary);
}
return hash('md5', $string, $binary);
}
```
Replacing all occurrences of `md5(` with `md5_userland(` in code is then
a doable task.
Alternatively accepting the deprecation and adding a
```
if (! function_exists('md5')){
function md5(string $string, bool $binary = false): string
{
return hash('md5', $string, $binary);
}
}
```
would even skip the step of having to replace the function calls at the
cost of having the deprecations in the log as long as the function still
exists.
A way to mark specific deprecation messages as OK (and not show up in the logs) would be helpful here, but there are already userland libraries that allow such things. So people that are concerend about that already have the possibility to "fix" that.
So to me that looks like a solvable problem.Yes! It needs to be addressed by people! But that is probably the cost of supporting legacy infrastructure.
What might be another idea is to allow overwriting deprecated language functions with userland functions, so that it would immediatel possible to replace the deprecated function with a userland one. But that is for sure a different RFC.
Just my 0.02 €
Cheers
Andreas
--
,,,
(o o)
+---------------------------------------------------------ooO-(_)-Ooo-+
| Andreas Heigl |
| mailto:andr...@heigl.org N 50°22'59.5" E 08°23'58" |
| https://andreas.heigl.org |
+---------------------------------------------------------------------+
| https://hei.gl/appointmentwithandreas |
+---------------------------------------------------------------------+
| GPG-Key: https://hei.gl/keyandreasheiglorg |
+---------------------------------------------------------------------+
OpenPGP_signature.asc
Description: OpenPGP digital signature
