PHP 8.4 | Fix CSV escaping deprecation notices #5991

jrfnl · 2024-09-27T14:18:43Z

Okay, so this is an awkward one....

The short of it, is that the custom escaping mechanism available for fputcsv(), fgetcsv() and str_getcsv() is kind of broken and using it is discouraged. However, the default parameter value for the optional $escape parameter is still "\\", which activates it.

Since PHP 7.4, it is allowed to pass an empty string to $escape, which effectively de-activates the PHP native custom escaping mechanism. Prior to PHP 7.4, passing an empty string would fall through to the default value of the parameter.

Since PHP 8.4, not passing the $escape is deprecated - which effectively makes it a required parameter after two optional parameters... 🤦🏻‍♀️ The intention is to change the default value to an empty string in a future PHP version (PHP 9.0?) and once that's done, the "required optional" $escape parameter can be removed again (providing you want to follow the advise of disabling the custom escaping mechanism)...

Yes, don't ask. I've challenged the implementation of this deprecation, but my objections were waved aside.

So, generally speaking to handle this deprecation there are three options:

Pass the parameter and set it explicitly to the current default value "\\".
Pass the parameter and set it explicitly to an empty string to deactivate the PHP custom escaping mechanism on PHP 7.4+ and let it fall through to the default value for escaping prior to PHP 7.4. This may cause issues when an export was created with the "\\" value for escaping and an import is done without escaping.
Silence the deprecation notice for the time being by using the @ operator and run the risk of other notices/warnings (and prior to PHP 8.0 errors) from the function call being silenced.

All things considering and keeping in mind that this code base still has a PHP 5.6 minimum, I think it would probably be best to go for option 1, to prevent potential import/export file compatibility problems.

This commit implements this.

Refs:

Okay, so this is an awkward one.... The short of it, is that the custom escaping mechanism available for `fputcsv()`, `fgetcsv()` and `str_getcsv()` is kind of broken and using it is discouraged. However, the default parameter value for the optional `$escape` parameter is still `"\\"`, which activates it. Since PHP 7.4, it is allowed to pass an empty string to `$escape`, which effectively de-activates the PHP native custom escaping mechanism. Prior to PHP 7.4, passing an empty string would fall through to the default value of the parameter. Since PHP 8.4, not passing the `$escape` is deprecated - which effectively makes it a required parameter _after_ two optional parameters... 🤦🏻‍♀️ The intention is to change the default value to an empty string in a future PHP version (PHP 9.0?) and once that's done, the "required optional" `$escape` parameter can be removed again (providing you want to follow the advise of disabling the custom escaping mechanism)... Yes, don't ask. I've [challenged the implementation of this deprecation](php/php-src#15569 (comment)), but my objections were waved aside. So, generally speaking to handle this deprecation there are three options: * Pass the parameter and set it explicitly to the current default value `"\\"`. * Pass the parameter and set it explicitly to an empty string to deactivate the PHP custom escaping mechanism on PHP 7.4+ and let it fall through to the default value for escaping prior to PHP 7.4. This may cause issues when an export was created with the `"\\"` value for escaping and an import is done without escaping. * Silence the deprecation notice for the time being by using the `@` operator and run the risk of other notices/warnings (and prior to PHP 8.0 errors) from the function call being silenced. All things considering and keeping in mind that this code base still has a PHP 5.6 minimum, I think it would probably be best to go for option 1, to prevent potential import/export file compatibility problems. This commit implements this. Refs: * https://wiki.php.net/rfc/deprecations_php_8_4#deprecate_proprietary_csv_escaping_mechanism * https://wiki.php.net/rfc/kill-csv-escaping * php/php-src 15362 * php/php-src 15569

jrfnl requested a review from a team as a code owner September 27, 2024 14:18

swissspidy approved these changes Oct 1, 2024

View reviewed changes

swissspidy added this to the 2.12.0 milestone Oct 1, 2024

swissspidy added the scope:framework label Oct 1, 2024

swissspidy added 2 commits October 1, 2024 13:50

Merge branch 'main' into feature/php-8.4-fix-csv-deprecation

7514cef

Merge branch 'main' into feature/php-8.4-fix-csv-deprecation

0eecadc

swissspidy merged commit e214df2 into wp-cli:main Oct 1, 2024
38 of 42 checks passed

jrfnl deleted the feature/php-8.4-fix-csv-deprecation branch October 1, 2024 21:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

PHP 8.4 | Fix CSV escaping deprecation notices #5991

PHP 8.4 | Fix CSV escaping deprecation notices #5991

Uh oh!

jrfnl commented Sep 27, 2024

Uh oh!

Uh oh!

Uh oh!

PHP 8.4 | Fix CSV escaping deprecation notices #5991

PHP 8.4 | Fix CSV escaping deprecation notices #5991

Uh oh!

Conversation

jrfnl commented Sep 27, 2024

Uh oh!

Uh oh!

Uh oh!