Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:97475
Return-Path: <cmbecker69@gmx.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 37270 invoked from network); 27 Dec 2016 23:42:34 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Dec 2016 23:42:34 -0000
Authentication-Results: pb1.pair.com smtp.mail=cmbecker69@gmx.de; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=cmbecker69@gmx.de; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmx.de designates 212.227.17.21 as permitted sender)
X-PHP-List-Original-Sender: cmbecker69@gmx.de
X-Host-Fingerprint: 212.227.17.21 mout.gmx.net  
Received: from [212.227.17.21] ([212.227.17.21:56841] helo=mout.gmx.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id EE/5F-04761-96CF2685 for <internals@lists.php.net>; Tue, 27 Dec 2016 18:42:34 -0500
Received: from [192.168.2.109] ([217.82.227.120]) by mail.gmx.com (mrgmx103
 [212.227.17.168]) with ESMTPSA (Nemesis) id 0Lp3Qu-1d0YnL38AW-00eqEu; Wed, 28
 Dec 2016 00:42:23 +0100
To: Zeev Suraski <zeev@zend.com>, PHP internals <internals@lists.php.net>
References: <BY2PR02MB298106B3E23A1E779593A6FAC920@BY2PR02MB298.namprd02.prod.outlook.com>
Message-ID: <57b8ac82-754e-3a02-12b1-0a91aeb98e27@gmx.de>
Date: Wed, 28 Dec 2016 00:43:00 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <BY2PR02MB298106B3E23A1E779593A6FAC920@BY2PR02MB298.namprd02.prod.outlook.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:PbEgHqCfZX9ytdtLXzcJlHUfspuB/k4X4fRuZ5MB81EwGOn+5ao
 OfP7YqpSy7qJ14hCxphTjudBMgA87sIj6ufkHEmDEv2ASBSwh4vvOpA6sJTChYsu8l2sHpY
 3wQNiP8S8EJF2xMD3yPBQ8HFyiGDb5WptcWvXQ3MiazH77g4/oh+mSUHfOdjAf87DOXK18S
 lOsEbYstEl8qsuET9KqWg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:nBQUHv/Q7mw=:SIjJQrh1P3ZZPLzNTiaj+x
 ouWLRVFDwFMggAxt76M26dzPN6cPFMudEy3/XoHUM6pducBTu+AOJRnar49ELLorLEzpJX8Ew
 1F1s6i9DgBders9O8vlHsraTT1RG6cFY2PqBDmOJBTmG+Ib/1tEwill0YpicwU7v8f7b/VbgQ
 IXHAht53fOxdfwwUH3U0O+wPaRzFeol12n203VmNqY/gYhNfgSunQrwZ/cD17pN/AV5uFsg6c
 /hU59NRMdxObw6o002BfCW0D+08gZuPZX+GuPi0cMe5wr9IiltCU54DT5TmmwhHTtPEXjT0aO
 95WC750Bdj7I9bKR1LkCAL3o+LUmxGP3Uy5EdQ5Q3GNLWP+igZ1RG6V8oSBI/tgUQjQdMSjfI
 F7+pdIRMW3KNYm5OXxI8eMAE9Sn5BLcScy739UcbvQ3WbLQ0GF8UbATwuj45RCUWC0uLQY/WL
 /0tq8234hGdyHWnkZb8BTJFo4ZRuZr/nJhVHiMMK1oI7zNE0CV13PuU/0TI1pjoF8og0foTEi
 wYl5qqHjceM57bd4y00lEIRlKsJMDvGWaH5RhbkkTmrzug2hBOJqAPWw0SpYhQ190RDcCmIUe
 pCL1CvJWrua50jyk5ClTA7rPbZoLUOA/XWNALkV2ijbZ/DU7dpeoGv6dBcuvoIA3XseQLh3Xm
 pQMJRpaW1odHNPAYcVvNAAWZuvGJbbwgEqlsIljBv3J6d1zEzl6/NdLyc9Qc7wLPgPz1Dtzzp
 Ca4RHgAVfZ4wjqfnx8ezFHDNw/2HMs43l22PFGp+pjOXNY9wZZkhYX6/Q36FHL0pMhu+2WB8G
 0c0hwXOihN4020kWJAc49vmeYUCo92Pusu3VH+FNEBWaj+6EnJqcJUHI3vFjK68apbLFhtKoi
 vf64txxzYHpy03HQQ7vxdiuDM6+Tu9r5drr/yw3V9W+wxNEpO5zjqpCshnjvafs4Q60GHI87x
 MHQWMIqKOY8zGsgq0PLSIi7EsU5H5llCyNkDde1/PR/miZT988K0Hn3OIJi9z6oXm+smKrnPN
 apYTX9eNT+kaDfRZbB9CUfU=
Subject: Re: Fix for issue #72320 - compatibility breakage in 7.0.11
From: cmbecker69@gmx.de ("Christoph M. Becker")

On 22.12.2016 at 16:13, Zeev Suraski wrote:

> All,
> 
> In 7.0.11, the behavior of iconv_substr() was changed so that if the length argument is equal to the length of the string - an empty string is returned, as opposed to FALSE.
> 
> While I think there's a case to be made that this makes sense - what worries me is that we've introduced a behavioral change for a function in a bugfix release - one that has bitten us in Zend Framework - and I think it's safe to assume that it will affect plenty of other codebases.
> 
> Personally, I think we should be *much* more selective about introducing behavioral changes in maintenance releases, even if they can be considered bugfixes.  Depending on their scope and impact, they should either go into the next mini version (this one probably falls in that category) or the next major version.  Of course - there are plenty of bugfixes where the existing behavior is a crash, or undefined/unpredictable - those are obviously fine to fix without further discussion.  I'm talking about the cases where the current behavior is very much defined and has been that way for a long time, but for whatever reason, people think it should change.
> 
> We've worked hard to establish trust that people can upgrade into the next maintenance version with minimal testing - which greatly helps people keep current with the latest and greatest fixes incl. security, and even the next minor version with relatively limited testing, when we ensured downwards compatibility within these versions.  It does mean that our finger needs to be a lot more hesitant on the trigger when we evaluate behavioral changes such as these.
> 
> It's arguably too late to revert this patch now, but I think it's a good opportunity to discuss the guidelines for dealing with such issues.
> 
> Thoughts?

What about bug #73817?  (I'm omitting a proper link due to the current
mailing list issues regarding "spammy URLs" from php dot net.)

Some related code[1] is obviously wrong, but it is wrong since at least
PHP 5.4.x[2].  Fixing this may very well introduce a BC break, as any
user relying on the current behavior might already have introduced some
fix in userland.  So, should the fix be postponed to PHP 7.2.0? :-)

[1]
<https://github.com/php/php-src/blob/PHP-7.1.0/ext/standard/html.c#L1600-L1601>
[2]
<https://github.com/php/php-src/blob/PHP-5.4/ext/standard/html.c#L1583-L1584>

-- 
Christoph M. Becker