Am 08.07.24 um 05:04 schrieb Juliette Reinders Folmer:
[...]
I also don't agree that there are "more appropriate replacements available".
The suggested hash()
replacements for the md5/sha1* functions have the exact same functionality, which the RFC considers "incorrect use", so what are we actually solving by this deprecation ? Devs not having enough to do already ?
The problem (for open source) with "force-replacing" the uses of md5/sha1*
functions with the hash
function calls, is that the hash extension was not part of PHP core until PHP 7.4, which means that for a significant number of open source projects, the replacement is not a one-on-one function call replacement, but needs guard code for PHP < 7.4 in case the hash extension is not available.
From the docs it looks like the hash function was part of the core since php 5.1.2 but perhaps I read that wrongly from the docs.
Anyhow, a replacement could possibly be to declare a userland function that then does the version check and either calls the respective function directly or delegates to the hash-function.
Agreed, but the fact that it is solvable, is not a justification for adding "busy-work" when the replacement for the deprecated function is, by all accounts, just as bad/incorrect as the original....
I don't mind putting the work in when there is a good justification, but I don't see one for this deprecation.
Smile,
Juliette