On 30/07/2024 20:15, Tim Düsterhus wrote:
Part of the motivation of the deprecation (and my argument against the addition of a standalone sha256() function) is simplifying the documentation: Everything needs to be written down in multiple different places, any changes to hash_file() will likely also need to be applied to md5_file() and sha1_file() - and then it will need to be translated.
We already have a solution for this: named snippets (implemented as XML entities), which exist in the source once, are translated once, and then inserted into every page that applies when it's rendered to HTML.
For instance, the yellow "Caution" box on pages like https://www.php.net/rand is defined once in "language-snippets.ent", and can be inserted into any page with &caution.cryptographically-insecure;
Given that the md5(), sha1(), md5_file(), and sha1_file() functions are not part of the hash extension, it's also much harder for the user to discover the incremental hashing functionality provided by hash_init().
Again, that seems easily solved: ext/hash is now always-on, so moving the functions there from ext/standard would have no effect on users.
-- Rowan Tommins [IMSoP]