Compatibility with PHP 7.x.x. about site-kit-wp HOT 4 CLOSED

@sviluppomania Thanks for the info, I have filed this as a bug now for further investigation

from site-kit-wp.

Hello @jamesozzie ,
as you can see from my report, there are many compatibility errors with PHP 7 and higher versions.
As you can still see, the directory that leads to the file and all the errors are in bold.

A question:
Why didn't you consider sites that use PHP 7?

System Information (please complete the following information):

PHP Version: 7.3.6.
OS: Windows 10
Browser: Google Chrome

from site-kit-wp.

@sviluppomania Thanks for the follow-up. The violations are caused by a third-party dependency we don't have control over. I will look into whether we can replace it with an alternative or solve the problems upstream.

from site-kit-wp.

phpseclib author here.

If this library isn't being used then it shouldn't be a dependency, I get it, BUT that doesn't change the fact that all but one of the "issues" identified by this static analysis tool are completely 110% bogus.

• if mbstring is installed and mbstring.func_overload is set such that functions like strlen / substr / etc would be overloaded phpseclib throws a "Overloading of string functions using mbstring.func_overload is not supported by phpseclib" exception. See phpseclib/phpseclib#1239

• mcrypt is only used IF IT'S AVAILABLE for speed. OpenSSL is PREFERENTIALLY USED if it's available BUT if it isn't then mcrypt is used because a pure-PHP implementation cannot hope to match even mcrypt's speed. And when it is used the error suppression operator is used. See phpseclib/phpseclib#1028

As for the one issue that isn't 100% bogus... the ${$host} issue... I contend that fixing that issue would be a BC break. It's used for the SFTP stream wrapper. phpseclib 1.0 / 2.0 support fopen('ssh2.sftp://$session/path/to/file', 'r');. Note the single quotes. phpseclib dev-master, however, doesn't support that. That supports fopen("ssh2.sftp://$session/path/to/file", 'r'); (note the double quotes). In-so-doing, dev-master is able to emulate libssh2's SFTP stream wrapper more faithfully than the 1.0 / 2.0 branches are. Here's the PR where this was done: phpseclib/phpseclib#787 . Now, I'll admit... the global requirement that the 1.0 / 2.0 branch has means that that functionality can't very easily be used inside of functions because you'd have to declare $session in the function, as well. I may actually be willing to change this (backport the afore mentioned PR) in the 2.0 branch because (1) my suspicion is that it's not really being used by any projects and (2) if BC breaking in minor releases was completely verboten some bugs would be impossible to fix. I'm not sure I'd call this a "bug", as such, since it is working as designed, but, depending on my mood, I may be willing to be a little more flexible on some things.

If anyone can convince me that any of the issues raised brought up in this ticket are legit (outside of the ${$host} issue) I will PayPal you $100 dollars. I do apologize that I can't do more but I don't have pockets nearly as deep as Google does.

But I mean, seriously, common sense, people. phpseclib is unit tested on Travis CI up to PHP 7.4snapshot. If these deprecation issues were legit the unit tests would be failing but they're not.

from site-kit-wp.