Jump to content

Development update for September 2022

Welcome to our September developer's update!

I can say with some confidence that both the Invision Community team and our marketplace developers have had a busy September as we prepare for PHP8. Thank you for your patience with this necessary step. As I've mentioned elsewhere, PHP8 is a pretty big jump and is much more strict about many things, and now throws fatal errors when before it would have been a harmless notice.

PHP7 is now end of life, and security updates will no longer be available from November.

Could contain: Text, Logo, Trademark, Symbol, Word, Alphabet, Label

Preparing for PHP8

I've talked about this on the forums a lot over the last few weeks, but I'll summarise the timeline here so you can prepare your plugins and apps to be PHP8-ready.

September release (4.7.2): The PHP8 scanner will disable any plugins and applications that would cause issues with PHP8, but Invision Community owners can re-enable them if they choose to do so.

October release (4.7.3): A warning shows in the AdminCP if Invision Community is installed with PHP7. As of October, the PHP8 scanner will disable plugins, but they can be re-enabled.

November release (4.7.4): The PHP8 scanner will disable plugins and applications found not to be PHP8-ready. They cannot be re-enabled via the AdminCP. The only way to re-enable them is to upload a new version.

Code changes to be aware of

October hasn't been the biggest of releases, but it does come with the new Events front-end for Calendar, and this changed the parameter signature for getItemsWithPermission(), which is probably the most overloaded method we have.

The new parameter signature is as follows:

public static function getItemsWithPermission( $where=array(), $order=NULL, $limit=10, $permissionKey='read', $includeHiddenItems=\IPS\Content\Hideable::FILTER_AUTOMATIC, $queryFlags=0, \IPS\Member $member=NULL, $joinContainer=FALSE, $joinComments=FALSE, $joinReviews=FALSE, $countOnly=FALSE, $joins=NULL, $skipPermission=FALSE, $joinTags=TRUE, $joinAuthor=TRUE, $joinLastCommenter=TRUE, $showMovedLinks=FALSE, $location=NULL )

Note, $location has now been added to the list. If you overload getItemsWithPermission then you will need to update any hooks with his new parameter, or it will be flagged via the PHP8 scanner. The reason for this addition is to allow an easier way to get items via a latitude and longitude lookup. If you manage this elsewhere, you might find using getItemsWithPermission a much simpler way.

@Daniel F has also been working on improving the GraphQL API, and the GraphQL library has been updated to 14.11.6. We'll cover the upcoming GraphQL changes in a future blog.


Invision Community is a mature product, and some features and code that we added in the past no longer make sense, work correctly or are no longer appropriate for a modern platform running on well-maintained servers.

You can see the upcoming deprecations in this topic. I suspect the biggest change will be removing the option to allow Display Names to form part of the authentication credentials when logging in, which is coming out in November.

The other to watch for is the removal of the sockets fallback for when curl is not installed on the server or using a version older than 7.36. It's worth noting that curl 7.36 was released in March 2014 and now has hundreds of CVEs (known vulnerabilities) however, our techs still come across the odd server still using an older version. We will likely run AdminCP notifications to warn those affected of the upcoming socket fallback deprecation nearer the time, as it has no version attached. Just be mindful of this in your own apps if you use sockets directly for anything.

You may also note that we've started adding deprecations to the release notes.

As a reminder, we do not approve Marketplace submissions that restore functionality we've removed.

That's it for September! Hopefully, it won't take too long to run through your apps and plugins. As always, comment here, or reach out via the forums if you need anything clarifying.

Happy developing!


Recommended Comments

FWIW Red Hat 7 / Centos 7 installs lock in at curl 7.29 and YUM updates just patched in security fixes as the third point (7.29.14, 7.29.23, etc.).

The clown car that was Centos 8 didn't help matters as most people (I know...) skipped 8 and stayed on 7 once all that silliness went down.  It's not particularly difficult to force curl to upgrade to a more sane version but does require some manual work on your end to do so (repo and command-line stuff).

So, what I'm saying is, if you are rolling with RH/Centos 7 still and never updated curl, you need to force it on through or make the move to a higher OS version (or switch to Ubuntu or Rocky or ???).


Link to comment
Share on other sites

  • Create New...