Deprecated or Removed Security-Related Functionality

Any changes to functionality that affect security are extremely important to note. Ignoring these changes can very easily lead not only to breaks in our code but also open our websites to potential attackers. We cover a variety of security-related changes in functionality present in PHP 8. Let’s start the discussion by examining filters.

Examining PHP 8 stream-filter changes

PHP input/output (I/O) operations depend upon a subsystem known as streams. One of the interesting aspects of this architecture is the ability to append a stream filter to any given stream. The filters we can append can be either custom-defined stream filters registered using stream_filter_register(), or predefined filters included with our PHP installation.

An important change of which we need to be aware is that in PHP 8, all mcrypt.* and mdecrypt.* filters have been removed, as well as the string.strip_tags filter. If we’re not sure which filters are included in our PHP installation, we can either run phpinfo() or, better yet, stream_get_filters(). ...