Drop PHP 5.3 from Travis-CI build matrix #880
Conversation
billschaller
changed the title
|
👍 as long as you cleaned all 5.3 stuff I'm okay with it. Just for a reference: this PR also optimized some things like |
|
@deeky666 as far as I can tell there's no similar changes needed to dbal - no issues with $this in closures, no conditional blocks checking PHP_VERSION_ID other than 50600, etc. |
|
@zeroedin-bill there is a reference to PHP 5.3 in https://github.com/doctrine/dbal/blob/master/docs/en/reference/security.rst#non-ascii-compatible-charsets-in-mysql |
|
@Tobion This means that people who expect to use non-ascii charsets with MySQL MUST use the charset parameter, right? So essentially the paragraph should remain, but the bit about PHP < 5.3.6 should be removed? |
|
No, from what I understand this is only relevant for PHP <= 5.3.6. Using a newer version should fix the charset problem automatically using SET NAMES, which is what doctrine does. |
To me this seems to imply that if you are running PHP > 5.3.6, and you do not set the charset, you are still open to injection. I don't use MySQL regularly, so I'm not up on the standard practice here... If I don't set the charset, but I am using emulated prepared statements, is it possible to inject using UTF-8 characters in parameter values? |
|
What this describes is the workaround for |
|
@Tobion OK, thanks. |
|
@Ocramius ready to merge from my POV. Anything missing here? Otherwise you can mergie :) |
billschaller
force-pushed
the
drop-53-travis
branch
from
e604955 to
d36037d
Compare
|
@deeky666 done :) |
|
Note: created http://www.doctrine-project.org/jira/browse/DBAL-1292 to track this. |
|
@Ocramius good idea. thx! |
Ocramius
changed the title
Drops php 5.3 from travis build matrix and updates composer.json to require php >= 5.4