[MediaWiki-commits] [Gerrit] mediawiki/core[master]: [DNM] Bump PHP version requirement to 7.0.0+

Thu, 18 Jan 2018 15:38:58 -0800 

Jforrester has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/405216 )

Change subject: [DNM] Bump PHP version requirement to 7.0.0+
......................................................................

[DNM] Bump PHP version requirement to 7.0.0+

Intended to be merged into master before the branch of REL1_31, pending the
upgrade and clean-up of Wikimedia production to make this possible.

Bug: T172165
Change-Id: I740f32ac859d9bb3787fdf8414f82ae6f410492f
---
M INSTALL
M RELEASE-NOTES-1.31
M composer.json
M includes/GlobalFunctions.php
M includes/PHPVersionCheck.php
M includes/libs/CSSMin.php
6 files changed, 6 insertions(+), 74 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/16/405216/1

diff --git a/INSTALL b/INSTALL
index 1a59f0b..5c6669e 100644
--- a/INSTALL
+++ b/INSTALL
@@ -6,7 +6,7 @@
 "in-place", as long as you have the necessary prerequisites available.
 
 Required software:
-* Web server with PHP 5.5.9 or higher.
+* Web server with PHP 7.0.0 or HHVM 3.18.5 or higher.
 * A SQL server, the following types are supported
 ** MySQL 5.5.8 or higher
 ** PostgreSQL 8.3 or higher
diff --git a/RELEASE-NOTES-1.31 b/RELEASE-NOTES-1.31
index a50159c..422f7e9 100644
--- a/RELEASE-NOTES-1.31
+++ b/RELEASE-NOTES-1.31
@@ -179,8 +179,8 @@
   default driver for MySQL has been 'mysqli' since MediaWiki 1.22.
 
 == Compatibility ==
-MediaWiki 1.31 requires PHP 5.5.9 or later. Although HHVM 3.18.5 or later is 
supported,
-it is generally advised to use PHP 5.5.9 or later for long term support.
+MediaWiki 1.31 requires PHP 7.0.0 or later. Although HHVM 3.18.5 or later is 
supported,
+it is generally advised to use PHP 7.0.0 or later for long term support.
 
 MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
 but support for them is somewhat less mature. There is experimental support for
diff --git a/composer.json b/composer.json
index 4ae1f00..4d8982e 100644
--- a/composer.json
+++ b/composer.json
@@ -27,7 +27,7 @@
                "mediawiki/at-ease": "1.1.0",
                "oojs/oojs-ui": "0.25.1",
                "oyejorge/less.php": "1.7.0.14",
-               "php": ">=5.5.9",
+               "php": ">=7.0.0",
                "psr/log": "1.0.2",
                "wikimedia/assert": "0.2.2",
                "wikimedia/base-convert": "1.0.1",
diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index b181628..a365e6c 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -32,75 +32,6 @@
 use Wikimedia\ScopedCallback;
 use Wikimedia\Rdbms\DBReplicationWaitError;
 
-// Hide compatibility functions from Doxygen
-/// @cond
-/**
- * Compatibility functions
- *
- * We support PHP 5.5.9 and up.
- * Re-implementations of newer functions or functions in non-standard
- * PHP extensions may be included here.
- */
-
-// hash_equals function only exists in PHP >= 5.6.0
-// https://secure.php.net/hash_equals
-if ( !function_exists( 'hash_equals' ) ) {
-       /**
-        * Check whether a user-provided string is equal to a fixed-length 
secret string
-        * without revealing bytes of the secret string through timing 
differences.
-        *
-        * The usual way to compare strings (PHP's === operator or the 
underlying memcmp()
-        * function in C) is to compare corresponding bytes and stop at the 
first difference,
-        * which would take longer for a partial match than for a complete 
mismatch. This
-        * is not secure when one of the strings (e.g. an HMAC or token) must 
remain secret
-        * and the other may come from an attacker. Statistical analysis of 
timing measurements
-        * over many requests may allow the attacker to guess the string's 
bytes one at a time
-        * (and check his guesses) even if the timing differences are extremely 
small.
-        *
-        * When making such a security-sensitive comparison, it is essential 
that the sequence
-        * in which instructions are executed and memory locations are accessed 
not depend on
-        * the secret string's value. HOWEVER, for simplicity, we do not 
attempt to minimize
-        * the inevitable leakage of the string's length. That is generally 
known anyway as
-        * a chararacteristic of the hash function used to compute the secret 
value.
-        *
-        * Longer explanation: http://www.emerose.com/timing-attacks-explained
-        *
-        * @codeCoverageIgnore
-        * @param string $known_string Fixed-length secret string to compare 
against
-        * @param string $user_string User-provided string
-        * @return bool True if the strings are the same, false otherwise
-        */
-       function hash_equals( $known_string, $user_string ) {
-               // Strict type checking as in PHP's native implementation
-               if ( !is_string( $known_string ) ) {
-                       trigger_error( 'hash_equals(): Expected known_string to 
be a string, ' .
-                               gettype( $known_string ) . ' given', 
E_USER_WARNING );
-
-                       return false;
-               }
-
-               if ( !is_string( $user_string ) ) {
-                       trigger_error( 'hash_equals(): Expected user_string to 
be a string, ' .
-                               gettype( $user_string ) . ' given', 
E_USER_WARNING );
-
-                       return false;
-               }
-
-               $known_string_len = strlen( $known_string );
-               if ( $known_string_len !== strlen( $user_string ) ) {
-                       return false;
-               }
-
-               $result = 0;
-               for ( $i = 0; $i < $known_string_len; $i++ ) {
-                       $result |= ord( $known_string[$i] ) ^ ord( 
$user_string[$i] );
-               }
-
-               return ( $result === 0 );
-       }
-}
-/// @endcond
-
 /**
  * Load an extension
  *
diff --git a/includes/PHPVersionCheck.php b/includes/PHPVersionCheck.php
index da428dd..e5ece41 100644
--- a/includes/PHPVersionCheck.php
+++ b/includes/PHPVersionCheck.php
@@ -95,7 +95,7 @@
                        'version' => PHP_VERSION,
                        'vendor' => 'the PHP Group',
                        'upstreamSupported' => '5.5.0',
-                       'minSupported' => '5.5.9',
+                       'minSupported' => '7.0.0',
                        'upgradeURL' => 'https://secure.php.net/downloads.php',
                );
        }
diff --git a/includes/libs/CSSMin.php b/includes/libs/CSSMin.php
index f2c7ed2..dc829b1 100644
--- a/includes/libs/CSSMin.php
+++ b/includes/libs/CSSMin.php
@@ -406,6 +406,7 @@
                        // Match these three variants separately to avoid 
broken urls when
                        // e.g. a double quoted url contains a parenthesis, or 
when a
                        // single quoted url contains a double quote, etc.
+                       // FIXME: Simplify now we only support PHP 7.0.0+
                        // Note: PCRE doesn't support multiple capture groups 
with the same name by default.
                        // - PCRE 6.7 introduced the "J" modifier 
(PCRE_INFO_JCHANGED for PCRE_DUPNAMES).
                        //   
https://secure.php.net/manual/en/reference.pcre.pattern.modifiers.php

-- 
To view, visit https://gerrit.wikimedia.org/r/405216
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I740f32ac859d9bb3787fdf8414f82ae6f410492f
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Jforrester <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to