Support for upcoming PHP 7.3?
377 views
Skip to first unread message
Stefan Winter
Oct 16, 2018, 3:44:19 AM10/16/18
to SimpleSAMLphp
Hello,
I'm looking ahead for our piece of software (eduroam CAT) on PHP 7.3
when it comes out.
I cloned my dev box and on the clone changed the PHP version to
7.3.0-rc3, nothing else changed (well, IP and metadata URLs obviously
adapted). The SSP version 1.16.1.
As an SP, I can successfully trigger authentication, get redirected to
the IdP, the IdP comes back to me and then I get this in the logs:
PHP Warning: preg_replace(): Compilation failed: invalid range in
character class at offset 8 in
/export/simplesamlphp-1.16.1/vendor/robrichards/xmlseclibs/src/Utils/XPath.php
on line 42, referer:
https://monitor.eduroam.org/sp/module.php/saml/sp/saml2-acs.php/default-sp
PHP Warning: DOMXPath::query(): Invalid expression in
/export/simplesamlphp-1.16.1/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php
on line 501, referer:
https://monitor.eduroam.org/sp/module.php/saml/sp/saml2-acs.php/default-sp
And then stay at a white page, it being
https://ticker.eduroam.lu/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
If I try the same on the PHP 7.0 clone, all succeeds and I can log in.
So I'm rather sure this is not the IdP's problem of sending something
wrong, it's more on the receiving end.
Is there already a policy for PHP 7.3 support? Is it supposed to work ->
should I file a GitHub issue? Or is it known not to work yet and I
should just be more patient :-)
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
I'm looking ahead for our piece of software (eduroam CAT) on PHP 7.3
when it comes out.
I cloned my dev box and on the clone changed the PHP version to
7.3.0-rc3, nothing else changed (well, IP and metadata URLs obviously
adapted). The SSP version 1.16.1.
As an SP, I can successfully trigger authentication, get redirected to
the IdP, the IdP comes back to me and then I get this in the logs:
PHP Warning: preg_replace(): Compilation failed: invalid range in
character class at offset 8 in
/export/simplesamlphp-1.16.1/vendor/robrichards/xmlseclibs/src/Utils/XPath.php
on line 42, referer:
https://monitor.eduroam.org/sp/module.php/saml/sp/saml2-acs.php/default-sp
PHP Warning: DOMXPath::query(): Invalid expression in
/export/simplesamlphp-1.16.1/vendor/robrichards/xmlseclibs/src/XMLSecurityDSig.php
on line 501, referer:
https://monitor.eduroam.org/sp/module.php/saml/sp/saml2-acs.php/default-sp
And then stay at a white page, it being
https://ticker.eduroam.lu/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
If I try the same on the PHP 7.0 clone, all succeeds and I can log in.
So I'm rather sure this is not the IdP's problem of sending something
wrong, it's more on the receiving end.
Is there already a policy for PHP 7.3 support? Is it supposed to work ->
should I file a GitHub issue? Or is it known not to work yet and I
should just be more patient :-)
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Tim van Dijen
Oct 16, 2018, 3:59:17 AM10/16/18
to SimpleSAMLphp
Hi Stefan,
The mentioned invalid pattern in preg_replace() was addressed in a new release of our dependency robrichards/xmlseclibs.
That new release has been included to our 1.16.2, so I'm pretty confident that the latest version of SimpleSAMLphp will work for you..
- Tim
Op dinsdag 16 oktober 2018 09:44:19 UTC+2 schreef Stefan Winter:
Stefan Winter
Oct 16, 2018, 4:03:41 AM10/16/18
to SimpleSAMLphp
Hi,
> If I try the same on the PHP 7.0 clone, all succeeds and I can log in.
> So I'm rather sure this is not the IdP's problem of sending something
> wrong, it's more on the receiving end.
>
> Is there already a policy for PHP 7.3 support? Is it supposed to work ->
> should I file a GitHub issue? Or is it known not to work yet and I
> should just be more patient :-)
Always good to bring the answer along with the question.
I just found a copy of the upcoming "Upgrading" instructions for PHP
7.3, and they speak about PCRE to PCRE2 changes:
https://ayesh.me/Upgrade-PHP-7.3#pcre2
It appears like vendor/robrichards/xmlseclibs/src/Utils/XPath.php needs
a one-character change in its regular expression:
- const EXTENDED_ALPHANUMERIC = '\w\d\s-_:\.';
+ const EXTENDED_ALPHANUMERIC = '\w\d\s\-_:\.';
(the hyphen needs to be escaped)
The other warning was a subsequent collateral. With this one-char fix in
place, authentication succeeded.
The upgrade documentation states that this change should be
backwards-compatible to the old PCRE, so even older PHP versions should
be able to work with this.
This is probably a change in PHP that warrants a close inspection of
/every/ regex in use. Sigh.
> If I try the same on the PHP 7.0 clone, all succeeds and I can log in.
> So I'm rather sure this is not the IdP's problem of sending something
> wrong, it's more on the receiving end.
>
> Is there already a policy for PHP 7.3 support? Is it supposed to work ->
> should I file a GitHub issue? Or is it known not to work yet and I
> should just be more patient :-)
I just found a copy of the upcoming "Upgrading" instructions for PHP
7.3, and they speak about PCRE to PCRE2 changes:
https://ayesh.me/Upgrade-PHP-7.3#pcre2
It appears like vendor/robrichards/xmlseclibs/src/Utils/XPath.php needs
a one-character change in its regular expression:
- const EXTENDED_ALPHANUMERIC = '\w\d\s-_:\.';
+ const EXTENDED_ALPHANUMERIC = '\w\d\s\-_:\.';
(the hyphen needs to be escaped)
The other warning was a subsequent collateral. With this one-char fix in
place, authentication succeeded.
The upgrade documentation states that this change should be
backwards-compatible to the old PCRE, so even older PHP versions should
be able to work with this.
This is probably a change in PHP that warrants a close inspection of
/every/ regex in use. Sigh.
Thijs Kinkhorst
Oct 16, 2018, 5:00:42 AM10/16/18
to simple...@googlegroups.com
Op 16-10-18 om 10:03 schreef Stefan Winter:
(and add PHP 7.3 to its Travis test matrix)?
Cheers,
Thijs
> It appears like vendor/robrichards/xmlseclibs/src/Utils/XPath.php needs
> a one-character change in its regular expression:
>
> - const EXTENDED_ALPHANUMERIC = '\w\d\s-_:\.';
> + const EXTENDED_ALPHANUMERIC = '\w\d\s\-_:\.';
>
> (the hyphen needs to be escaped)
Indeed. Will you create an pull request with Xmlseclibs to get it fixed
> a one-character change in its regular expression:
>
> - const EXTENDED_ALPHANUMERIC = '\w\d\s-_:\.';
> + const EXTENDED_ALPHANUMERIC = '\w\d\s\-_:\.';
>
> (the hyphen needs to be escaped)
(and add PHP 7.3 to its Travis test matrix)?
Cheers,
Thijs
Stefan Winter
Oct 17, 2018, 2:26:16 AM10/17/18
to simple...@googlegroups.com
Hello,
> Indeed. Will you create an pull request with Xmlseclibs to get it fixed
> (and add PHP 7.3 to its Travis test matrix)?
Tim's earlier reply says this is already part of Xmlseclibs and shipped
with SSP 1.16.2. I was apparently just not eager enough to be on the
very latest SSP patchlevel.
But then again, the Changelog in 1.16.2 also didn't suggest that it's
fixing any PHP7.3 compat issues.
Maybe it would be nice to mention that in the Changelog at future occasions.
Greetings,
Stefan
> Indeed. Will you create an pull request with Xmlseclibs to get it fixed
> (and add PHP 7.3 to its Travis test matrix)?
with SSP 1.16.2. I was apparently just not eager enough to be on the
very latest SSP patchlevel.
But then again, the Changelog in 1.16.2 also didn't suggest that it's
fixing any PHP7.3 compat issues.
Maybe it would be nice to mention that in the Changelog at future occasions.
Greetings,
Stefan
Tim van Dijen
Oct 17, 2018, 2:31:25 AM10/17/18
to SimpleSAMLphp
I was too quick there, unfortunately...
The regex pattern was touched recently and I asumed it was for 7.3 compatibility.
However, the dash still needs escaping...
- Tim
Op woensdag 17 oktober 2018 08:26:16 UTC+2 schreef Stefan Winter:
Stefan Winter
Oct 18, 2018, 1:25:15 AM10/18/18
to simple...@googlegroups.com
Hi,
> I was too quick there, unfortunately...
> The regex pattern was touched recently and I asumed it was for 7.3
> compatibility.
> However, the dash still needs escaping...
Okay, created a PR against xmlseclibs master branch.
Greetings,
Stefan Winter
> <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66>
>
> --
> This is a mailing list for users of SimpleSAMLphp, not a support
> service. If you are willing to buy commercial support, please take a
> look here:
>
> https://simplesamlphp.org/support
>
> Before sending your question, make sure it is related to SimpleSAMLphp,
> and not your web server's configuration or any other third-party
> software. This mailing list cannot help with software that uses
> SimpleSAMLphp, only regarding SimpleSAMLphp itself.
>
> Make sure to read the documentation:
>
> https://simplesamlphp.org/docs/stable/
>
> If you have an issue with SimpleSAMLphp that you cannot resolve and
> reading the documentation doesn't help, you are more than welcome to ask
> here for help. Subscribe to the list and send an email with your
> question. However, you will be expected to comply with some minimum,
> common sense standards in your questions. Please read this carefully:
>
> http://catb.org/~esr/faqs/smart-questions.html
> ---
> You received this message because you are subscribed to the Google
> Groups "SimpleSAMLphp" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to simplesamlph...@googlegroups.com
> <mailto:simplesamlph...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
> I was too quick there, unfortunately...
> The regex pattern was touched recently and I asumed it was for 7.3
> compatibility.
> However, the dash still needs escaping...
Greetings,
Stefan Winter
>
> --
> This is a mailing list for users of SimpleSAMLphp, not a support
> service. If you are willing to buy commercial support, please take a
> look here:
>
> https://simplesamlphp.org/support
>
> Before sending your question, make sure it is related to SimpleSAMLphp,
> and not your web server's configuration or any other third-party
> software. This mailing list cannot help with software that uses
> SimpleSAMLphp, only regarding SimpleSAMLphp itself.
>
> Make sure to read the documentation:
>
> https://simplesamlphp.org/docs/stable/
>
> If you have an issue with SimpleSAMLphp that you cannot resolve and
> reading the documentation doesn't help, you are more than welcome to ask
> here for help. Subscribe to the list and send an email with your
> question. However, you will be expected to comply with some minimum,
> common sense standards in your questions. Please read this carefully:
>
> http://catb.org/~esr/faqs/smart-questions.html
> ---
> You received this message because you are subscribed to the Google
> Groups "SimpleSAMLphp" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to simplesamlph...@googlegroups.com
> <mailto:simplesamlph...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages