Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:120907 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 10808 invoked from network); 14 Aug 2023 23:51:24 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 14 Aug 2023 23:51:24 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 4EF4F1804B0 for ; Mon, 14 Aug 2023 16:51:24 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: * X-Spam-Status: No, score=1.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_SOFTFAIL,STOX_BOUND_090909_B,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS36483 23.83.208.0/21 X-Spam-Virus: No X-Envelope-From: Received: from bumble.birch.relay.mailchannels.net (bumble.birch.relay.mailchannels.net [23.83.209.25]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 14 Aug 2023 16:51:23 -0700 (PDT) X-Sender-Id: a2hosting|x-authuser|juliette@adviesenzo.nl Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id B8EBC6C0167 for ; Mon, 14 Aug 2023 23:51:22 +0000 (UTC) Received: from nl1-ss105.a2hosting.com (unknown [127.0.0.6]) (Authenticated sender: a2hosting) by relay.mailchannels.net (Postfix) with ESMTPA id C06866C094F for ; Mon, 14 Aug 2023 23:51:21 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1692057082; a=rsa-sha256; cv=none; b=FSuIRWK5hNJlKfwjct8Imv4TjbMicLDg2UANxGh8j6a5npgfIwOqXlmf0/6/yODlUl7YYG 0bChAb+Zr00szn41ubiIMFq1ROo/JXQecrcv0mON66wrtvjA/z2ZLCCuK5zlF1PH15Cdr1 S7mSfaaJOX3Z8HMZklShjVfgmh6bLoqx0e7H1Oh0ESXib5DfbqxDBECXBJPnl2xnQoIMHQ IygnfKgR8nQcBCtInm4W1Krzdygje5cnOgoJT/2XsbMdl8HOi5NixKPGS5zFMDSzSEv6mR nNOHiyd03IEke5ouBAiStuGKk3qoq95MkuryGYWqqL9mvIOyY8dZKVntLTc4Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1692057082; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:dkim-signature; bh=wp3Fs6CR4rFUsn+UUXshB5NEK3IjGfiZc4hbhZjL7GI=; b=63NX4EQam8dLk6tq3DbDMbpLmLnpgol4/lC4z9BootWrSXE/PL7Imiwp8k7nYOddlwG/ZT vFxBOve/1Ll517UF7wJupb6kTBfJdK0XiOa8BEEIDlZU+l6lYpdYqvzy0Ug47XuqHHhVPF zA28Koeb4+CqjZAGzQGxMizRYOMUW2jw9Qd69ZvkKmDiUPLoci/RPOXQrX9ph+HhFgGIwv kJEmnIEryfWH7dvyRkzKE3uglJhze9feneOybzMe7k5lqsMBkG/7pFhuRSQHF33sSEarwu K3uwGeCgYvxJ3NcLpgYhDniW7cf/22HmjtF1BGvI9pmZsslYyndpygy0K7GuUg== ARC-Authentication-Results: i=1; rspamd-849d547c58-2g5px; auth=pass smtp.auth=a2hosting smtp.mailfrom=php-internals_nospam@adviesenzo.nl X-Sender-Id: a2hosting|x-authuser|juliette@adviesenzo.nl X-MC-Relay: Neutral X-MailChannels-SenderId: a2hosting|x-authuser|juliette@adviesenzo.nl X-MailChannels-Auth-Id: a2hosting X-Callous-Madly: 32c3865c2614b964_1692057082565_1356691413 X-MC-Loop-Signature: 1692057082565:1613498860 X-MC-Ingress-Time: 1692057082565 Received: from nl1-ss105.a2hosting.com (nl1-ss105.a2hosting.com [85.187.142.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.108.72.20 (trex/6.9.1); Mon, 14 Aug 2023 23:51:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=adviesenzo.nl; s=default; h=Content-Type:In-Reply-To:MIME-Version:Date: Message-ID:From:References:To:Subject:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=wp3Fs6CR4rFUsn+UUXshB5NEK3IjGfiZc4hbhZjL7GI=; b=XpvimCaUmzB3T+b6QAU39B8sLz NLZAgZhJM3fWsJGpgx24rTieJV198iLHoV8QjTh+qEfnCcfOLkIHlWwwhjzJMeGQbt2Y2swwVKdtG CUb/qby8leC0ia0L1Py5aPv7dbsCfXRwllKLz4InYHnc8RWFxZI9J1IWLT5Ql2oi0noc=; Received: from 86-154-178-143.ftth.glasoperator.nl ([143.178.154.86]:54345 helo=[192.168.1.16]) by nl1-ss105.a2hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1qVhLF-0014a5-1m for internals@lists.php.net; Tue, 15 Aug 2023 01:51:20 +0200 To: internals@lists.php.net References: <64DA7ACC.1050909@adviesenzo.nl> Message-ID: <64DABDF7.5010400@adviesenzo.nl> Date: Tue, 15 Aug 2023 01:51:19 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------090701090207050909090105" X-AuthUser: juliette@adviesenzo.nl Subject: Re: [PHP-DEV] Removing support for the disable_classes INI setting From: php-internals_nospam@adviesenzo.nl (Juliette Reinders Folmer) --------------090701090207050909090105 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit On 14-8-2023 22:11, G. P. B. wrote: > On Mon, 14 Aug 2023 at 20:04, Juliette Reinders Folmer < > php-internals_nospam@adviesenzo.nl> wrote: > >> Would deprecating it in PHP 8.3 and removing it in PHP 9.0 be an option ? > One option is to "keep" the INI setting, but have it basically do nothing. > Is this what you had in mind? That sounds iffy as well in a way as people (hosts) may then "think" it works, while it doesn't. Disabling the actually functionality (as broken) and then throwing a warning could possibly be a middle-of-the-road solution ? Note - warning, not deprecation if the functionality is turned off in PHP 8.3. With any luck, the hosts' error logs would fill up quickly enough for them to take notice ;-) > >> As for the lack of bug reports - the typical type of end users using >> those hosts will not know to report these type of issues to PHP (or even >> be able to properly identify the issue). Instead they will complain >> extensively to whatever open source project (read: WordPress) they are >> running on the shared hosting without providing enough information for >> the open source maintainers to even begin to identify the actual >> issue... ;-) > On a minimal build of PHP, with only the mandatory extensions enabled, > there are 148 classes/interfaces/traits defined. [1] > > Other than the SPL ones (and even then), disabling any of these classes > will cause issues within the engine. > Moreover, the SPL ones are not a security concern. > > Therefore, any other class that can be disabled must come from an extension > that can be disabled altogether. And "disabling" a class from an extension > without disabling said extension will render it useless anyway. > > If a hosting provided is concerned about an extension, then it should not > enable it in the first place. Not break it ad hoc. 100% agreed. Unfortunately (in my experience), the hosts using this ini setting are generally not what anyone would consider high quality hosts who know what they are doing.... more the penny-and-dime teenager with a server in the attic type... (which is hopefully a dying breed, but I've seen too many of them come and go over the years - oh and apologies to the potential teenager-host-exception-to-the-rule-who-does-know-what-they-are-doing who may be reading this... ). And the type of end-user I was talking about would describe it as "You broke my website"... (not realizing that it's not the open source package, but the hosting which broke it) > Considering the above, I cannot see how this functionality was ever useful. I have absolutely no doubts at all about your analysis. My only remarks were about how to communicate this effectively to the type of ill-informed hosts/end-users who will be affected by the removal. Smile, Juliette --------------090701090207050909090105--