Welcome! Log In Create A New Profile

Advanced

[PHP-DEV] always_populate_raw_post_data E_DEPRECATED thrown by default

Posted by Davey Shafik 
Hey folks,

A thread on reddit (here:
https://www.reddit.com/r/PHP/comments/2jpzzj/php_56_throws_e_deprecated_by_default_for_no/)
noted that in 5.6 there is an E_DEPRECATED thrown if
"always_populate_raw_post_data" is set to anything but -1

There is an issue in that the default value is 0 (see:
http://lxr.php.net/xref/PHP_5_6/main/main.c#641 I believe).

This means that the E_DEPRECATED is always thrown in the default case, and
if you've never cared about this setting, and don't use it, you may now be
seeing an unnecessary warning.

I'd like to set the default to -1.

The php.ini-* files state:

; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior
is
; to disable this feature and it will be removed in a future version.
; If post reading is disabled through enable_post_data_reading,
; $HTTP_RAW_POST_DATA is *NOT* populated.
; http://php.net/always-populate-raw-post-data
;always_populate_raw_post_data = -1

Being as the current default is not to populate it, and (currently) -1 has
the same affect and also suppresses the E_DEPRECATED, I don't think this
change is a BC issue.

The other option is to only throw the E_DEPRECATED when it's set to 1 (as
you are actively trying to use the feature).

Thoughts?

Thanks,

- Davey
On 20 October 2014 05:48:04 GMT+01:00, Davey Shafik <[email protected]> wrote:
>Hey folks,
>
>A thread on reddit (here:
>https://www.reddit.com/r/PHP/comments/2jpzzj/php_56_throws_e_deprecated_by_default_for_no/)
>noted that in 5.6 there is an E_DEPRECATED thrown if
>"always_populate_raw_post_data" is set to anything but -1
>
>There is an issue in that the default value is 0 (see:
>http://lxr.php.net/xref/PHP_5_6/main/main.c#641 I believe).
>
>This means that the E_DEPRECATED is always thrown in the default case,
>and
>if you've never cared about this setting, and don't use it, you may now
>be
>seeing an unnecessary warning.
>
>I'd like to set the default to -1.
>
>The php.ini-* files state:
>
>; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default
>behavior
>is
>; to disable this feature and it will be removed in a future version.
>; If post reading is disabled through enable_post_data_reading,
>; $HTTP_RAW_POST_DATA is *NOT* populated.
>; http://php.net/always-populate-raw-post-data
>;always_populate_raw_post_data = -1
>
>Being as the current default is not to populate it, and (currently) -1
>has
>the same affect and also suppresses the E_DEPRECATED, I don't think
>this
>change is a BC issue.
>
>The other option is to only throw the E_DEPRECATED when it's set to 1
>(as
>you are actively trying to use the feature).
>
>Thoughts?
>
>Thanks,
>
>- Davey

I remember there being a fair amount of back and forth about this on the list when the change was made.

The problem is that people who have it set to 0/false - either explicitly, or because they've never touched the default value - may still be relying on $HTTP_RAW_POST_DATA, since the default is basically for it to be populated whenever $_POST isn't.

Until 5.6, there were a handful of situations where php://input didn't work as desired, but with these resolved, the idea is to encourage everyone to avoid $HTTP_RAW_POST_DATA completely, and actively set their configuration to never populate it.

So, messy though it is to have the default be deprecated, that is actually a deliberate intention. Distributors can of course include php.ini files which set this to -1 for new users.

Regards,
--
Rowan Collins
[IMSoP]


--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
2014.10.20. 10:21 ezt √≠rta ("Rowan Collins" <[email protected]>):
>
> On 20 October 2014 05:48:04 GMT+01:00, Davey Shafik <[email protected]> wrote:
> >Hey folks,
> >
> >A thread on reddit (here:
> >
https://www.reddit.com/r/PHP/comments/2jpzzj/php_56_throws_e_deprecated_by_default_for_no/
)
> >noted that in 5.6 there is an E_DEPRECATED thrown if
> >"always_populate_raw_post_data" is set to anything but -1
> >
> >There is an issue in that the default value is 0 (see:
> >http://lxr.php.net/xref/PHP_5_6/main/main.c#641 I believe).
> >
> >This means that the E_DEPRECATED is always thrown in the default case,
> >and
> >if you've never cared about this setting, and don't use it, you may now
> >be
> >seeing an unnecessary warning.
> >
> >I'd like to set the default to -1.
> >
> >The php.ini-* files state:
> >
> >; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default
> >behavior
> >is
> >; to disable this feature and it will be removed in a future version.
> >; If post reading is disabled through enable_post_data_reading,
> >; $HTTP_RAW_POST_DATA is *NOT* populated.
> >; http://php.net/always-populate-raw-post-data
> >;always_populate_raw_post_data = -1
> >
> >Being as the current default is not to populate it, and (currently) -1
> >has
> >the same affect and also suppresses the E_DEPRECATED, I don't think
> >this
> >change is a BC issue.
> >
> >The other option is to only throw the E_DEPRECATED when it's set to 1
> >(as
> >you are actively trying to use the feature).
> >
> >Thoughts?
> >
> >Thanks,
> >
> >- Davey
>
> I remember there being a fair amount of back and forth about this on the
list when the change was made.
>
> The problem is that people who have it set to 0/false - either
explicitly, or because they've never touched the default value - may still
be relying on $HTTP_RAW_POST_DATA, since the default is basically for it to
be populated whenever $_POST isn't.
>
> Until 5.6, there were a handful of situations where php://input didn't
work as desired, but with these resolved, the idea is to encourage everyone
to avoid $HTTP_RAW_POST_DATA completely, and actively set their
configuration to never populate it.
>
> So, messy though it is to have the default be deprecated, that is
actually a deliberate intention. Distributors can of course include php.ini
files which set this to -1 for new users.
>
> Regards,
> --
> Rowan Collins
> [IMSoP]
>
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>

Yep, the thing is, that $HTTP_RAW_POST_DATA can be even populated when
always_populate_raw_post_data is set to 0, so we had to introduce the -1
value to not break BC but allow to opt-in to the never populate
$HTTP_RAW_POST_DATA which can save a huge amount of resources.
We also wanted a deprecated so people are aware that $HTTP_RAW_POST_DATA is
going away and it was not feassible to add the warning when acessing
$HTTP_RAW_POST_DATA as it is a non-super global so it would have required a
check for every access to global variables.

I'm planning to update the upgrading docs with some notice and rationale as
somebody already reported that the deprecated notice broke his app (he
is/was running a soap service with display_errors On ...)
Sorry, only registered users may post in this forum.

Click here to login