On Wed, Apr 24, 2019 at 8:19 PM Michael Kliewe <i...@phpgangsta.de> wrote:
> Some random thoughts:
> - What happens to .phar files? Do we have to scan the contents?
>
Phar relies upon the engine's tokenizer. If your phar build script uses <?,
then you need an engine that supports <? to build your phar. If your phar
contains files that each use <?, you need an engine that supports <? to run
your phar.
$ cat create-test.phar.php
<?php
$phar = new Phar('test.phar');
$phar['index.php'] = '<? echo "I am a short tag" . PHP_EOL;';
$stub = $phar->createDefaultStub('index.php');
$phar->setStub($stub);
$ php -d phar.readonly=Off create-test.phar.php
$ php -d short_open_tag=On test.phar
I am a short tag
$ php -d short_open_tag=Off test.phar
<? echo "I am a short tag" . PHP_EOL;
This is the same problem library maintainers face: one can't distribute a
phar using <? anywhere and expect it to run everywhere. Since phar files
are far more portable than say a zip file of code - like being directly
runnable from the command line - engine compatibility is a primary concern
for phar distributors. Of course, if one wrote phar for controlled
distribution, then one might not have considered this angle. These are the
folks we need to worry about in this deprecation.
So, yes, any extant .phar files using <? need to be re-built with contents
using <?php. Note that means phar contents created by string need to be
manually checked for <? as well. Said another way, php-cs-fixer would not
fix my phar example from above, because <? is embedded in a string. The
grep+sed solution might work for that [1].
In my opinion, both as maintainer of the phar extension and a long-time
user of PHP, we need engine-enforced deprecation sooner rather than later.
We should also move toward outright removal at a prudent speed. But I would
caution that if long, long-time community members and lodestars are saying
"outright removal in 8.0 is too soon" then we should heed that. Once we
remove it, it's gone and there's no going back.
[1] A phar file scanner looking for instances of <? inside a phar could
also be written. I'd be willing to lead that development if there's
interest.
