Jump to content
Lindy
 Share


PHP7 Compatibility

There is a lot to be excited about with PHP7 - the performance gains are significant and we are eagerly awaiting mainstream adoption. With that said, IPS4 utilizes several third party libraries to provide functionality across the suite -- one of these libraries is HTMLPurifier. The developers of that library are not yet supporting PHP7 and are specifically recommending PHP5. While we have resolved any known IPS specific issues within the suite for the next release, we too must recommend that you remain with PHP 5.4, 5.5 or PHP 5.6 until which time third party library developers update their libraries with full PHP7 compatibility. We will provide an update as soon as full support for PHP7 is given. 

Please note that IP.Board 3.x does not work at all on PHP7. There are no plans to release a PHP7 compatible update to IP.Board 3.x at this time.

 

 Share

Comments

Recommended Comments



I understand the position of Invision, because a Company needs to play safe, so if a third party plugin don't recommend php7, Invison cannot also do it.

But for anyone that want tio use php7, im using it for some months now, since the RC's versions, and i can tell that HTMLPurifier is working as expected. Probably we are not using any function of it, that don't work with php7.

Edited by RevengeFNF
Link to comment
Share on other sites

2 hours ago, TheSonic said:

I also use PHP7 since goldrelease and had no issue. What's the job of HTMLPurifier and how can i check its fuctionality ? For now, i keep using PHP7 :-)

 

Quote

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.

While you do not notice any issues, there might be security holes due to using PHP7 (it changed the behaviour of some functions that HTMLPurifier makes use of).

Link to comment
Share on other sites

A Google search pretty much reveals the job of HTML Purifier straight away: HTML filter that guards against XSS and ensures standards-compliant output.

I won't be risking the security of my users with PHP7 due to a lack of official support. I'd rather everything be a little bit slower, but a lot more secure.

Link to comment
Share on other sites

After checking the official forums of HTML Purifier, the developer does not know, if there will be ever a version for PHP7 because of its libraries.... 
One-Way-Road ? Inision always pushes us to use actual PHP-Versions or you are out off luck, use the newest MySQL-Versions or feel bad.
And now? I should use an old PHP-Version :-( 

So reverse from userpoint: HELLO COMPANY, PLEASE SUPPORT ACTUAL VERSIONS, that said: i paid my bills!
Sad enough to see, there are such h dependencies (It feels so OpenSource and not a highpriced commerccial productline) 

Link to comment
Share on other sites

The guy from HTMLPurifier clearly is asking for help. I don't think he will be able to do it alone.

PHP 5.5 will stop receiving active support in 5 Months, and PHP 5.6 in 8 Months. PHP.net is really pushing things to PHP7.

In a year and 8 months, PHP 5.6 will be EOL, which means, no more security updates. By that time, we hope HTMLPurifier already supports PHP7, or Invision will need to find another solution.

PS: But like i said, i already tested with a member account on my site, disabling javascript and post forbidden html in the editor, and the htmlpurifier cleaned it. So at least its working. 

Edited by RevengeFNF
Link to comment
Share on other sites

Does this only affect usergroups who are allowed to post HTML? I disabled HTML for the most usergroups.... If Usergroups, which are not allowed to post HTML are not affected, my sites are not affected, too

Link to comment
Share on other sites

HTMLPurifier will get updated - many of you are misreading the situation. It may not be soon but it isn't as if the dev (and others contributing code) have stopped developing it. The last commit was two days ago.

The problem is apparently with libraries they use to *TEST* HTMLPurifier. That is a big difference from libraries needed for HTMLPurifier to work.

And if any patches someone makes are back compatible with PHP 5.x he'll gladly merge them in.

Link to comment
Share on other sites

This is one reason why I use only those versions of PHP and MySQL that my webhost recommends. PHP7 simply hasn't hit widespread adoption yet and it's still a relatively new release.It's just not stable enough for me to request it from my webhost.

Link to comment
Share on other sites

On 12/23/2015 at 10:30 AM, Morisato said:

This is one reason why I use only those versions of PHP and MySQL that my webhost recommends. PHP7 simply hasn't hit widespread adoption yet and it's still a relatively new release.It's just not stable enough for me to request it from my webhost.

This topic has nothing to do with PHP 7's stability.

 

Link to comment
Share on other sites

58 minutes ago, Morisato said:

Obviously it's a stability issue if there are problems with PHP7. Oh, and this is a blog post. :lol:

There is a difference in stability and compatibility...
PHP7 got out of RC and is STABLE now if you like it or not. Maybe not widely used or widely supported yet but it indeed is stable...

You don't need to reply, I won't reply any further btw. since you do not seem to understand that fact.

Edited by Ahmad E.
Link to comment
Share on other sites

@TheSonic That does seem to be the problem. The libraries they use to thoroughly test the hell out of the thing are reliant on PHP 5 something so until those things get pushed to PHP 7 compatibility they are unwilling to risk PHP 7 patches. However, if someone can patch stuff for HTMLPurifier that fixes PHP 7 problems *AND* are backwards compatible with the current PHP 5 stuff they use to test then they are all for it.

 

Link to comment
Share on other sites

  • Management

TheSonic - I think you're off base on a couple of points. Firstly, we're certainly not the only company that uses third party libraries. I'm not aware of any competing product that doesn't use a third party library. It's ridiculous to reinvent the wheel when a solution exists... a solution that has far more widespread use, has been further tested, etc. 

Regarding hosting and requirements. I don't make habit of defending other hosts, but to be fair, they don't cater to one user and one application in a shared hosting environment. PHP7 may be considered "stable" but it may also break older software (it breaks IPB3) -- so jumping immediately on the bandwagon and forcing network-wide changes such as this is a disaster. Just like developers have to account for the lowest common denominator hosts, hosts have to account for lowest common denominator users who are using software that's not compatible with the latest offerings. It's the nature of the beast -- the problem is, power users think they are the majority when in reality they represent a very small portion of nearly any non-niche company's business - they just tend to be more vocal about it. Most hosting customers have absolutely no idea what PHP is let alone what version they want and it's those that drive a business and thus the ones that need to be largely accounted for in key decisions as they're the majority. You don't make sweeping decisions that impact most customers to pander to a minority opinion just because they're loud about it. 

We do not force any odd requirements and we don't require cutting edge technology. We just don't support EOL products. If the developer of a product doesn't support it, we're certainly pressing forward without caring as well. :)

Link to comment
Share on other sites

I've worked in the server IT departments of some very large companies before. There's no way we would jump on a major release like this until probably 6-12 months at the earliest. There would be a vocal set of internal customers who would want it immediately for whatever new features it has. But as the 'server guys' we have to support it. Once we put it out, and it breaks, we own it now. There are also a hundred and one unintended consequences that nobody foresaw - we have support tools, customers have third party apps they use, etc. I don't think it's unreasonable at all to expect at least a several month delay before anything like this should even be on the radar. At the end of the day, the software needs to be stable and reliable.

Link to comment
Share on other sites

honestly "stable" is subjective matter for each person, from owner of a dedicated server to sysadmins who manage shared hosting servers. 

from my experience im not really experiening a stable php with opcache as i experience fatal errors too many times. to remove it i had to reset opcache cache.

Link to comment
Share on other sites

@Lindy : Thanks for your detailed answer. First of all, i don't wanted my comment to be serious, perhaps i missed some smileys. Sorry for that.

That said, i don't like hosts dealing with old PHP-Versions... If xou know servers, it's easy to install different handlers for different PHP-Versions without breaking other instances. I know, i am "serverguy" or "techfreak" and i am my "own host" and do what i want. That said, i host really more and more people and take care of them, I know, i am still a hobbyist and no majorplayer, but i installed PHP7 without breaking anyone elses PHP5-Instance. I have 3 PHP5-versions installed and PHP 7.0.1, everyone may switch in the controlpanel in less than 10 seconds forward and backward. I know of IPB3-Sites on my servers and checked them a second ago and they still operating using the 5.whatever-handlers. So, using outdated PHP-Versions are a sign of bad IT-Infrastructure or bad Sysadmins... Sorry....

Link to comment
Share on other sites

5 hours ago, kar3n2 said:

I havent got a darn clue what you are talking about ...  should I be talking to my web host or have another bottle of wine and hope for the best?

Generally speaking, you should be fine. :) This only applies if your host is actively looking to migrate to PHP7. If they haven't said anything, then you shouldn't have much to worry about.

Link to comment
Share on other sites

On 25/12/2015 at 0:07 AM, maidos said:

but but my hosting company says its unstable since their software crash when they test it on php 7

Its not php 7 fault. The problem is with your host and if something is unstable, is the software they use and not php.

Im running php 7, no crash on anything.

On 25/12/2015 at 7:36 AM, Lindy said:

We just don't support EOL products. If the developer of a product doesn't support it, we're certainly pressing forward without caring as well. :)

Lindy, with that said, IPS can't support php 5.4, because its an EOL product.

Link to comment
Share on other sites




Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...