phpList in the future (and present)

Technical discussion for developers and service providers

phpList in the future (and present)

Postby ttremain » 10:39pm, Fri 24 May, 2013

I have just installed phpList for the first time, to use on one of my sites.

I was looking at various parts of the source code, and a few things jumped out at me.

I make the majority of my living as a PHP programmer, but I see a couple of things that are not compatible with PHP 5.4, and another that will be more problematic as time progresses.

1) "ereg" is used, and that command has been depreciated as of php 5.3.0

2) Magic Quotes are REMOVED from php 5.4

3) mysql_* commands will be depreciated in the next major release of PHP, and should be replaced with mysqli, or PDO (my favorite)

A quick fix for #3 will be to just replace, but that doesn't take advantage of prepared statements.

I was about to upgrade this server to php 5.4, and it looks like this is going to be problematic. What is phpList going to do about this? Is there a plan in place?
phpList newbie
Posts: 2
Joined: 10:26pm, Fri 24 May, 2013

Re: phpList in the future (and present)

Postby ttremain » 4:17pm, Mon 27 May, 2013

Not a single reply? Ouch, I hope that isn't THE answer to my question...

Replacing ereg, will require changing about 100 lines.. Most of which should be using str_replace, and not regular expressions... (regular expressions are slower)

Changing from the dependance of expecting your server to handle quoting GPC strings for you, is a lot more work. A temporary workaround would be to manually escape in the absence of magic_quotes...

These two changes should at least allow the script to function under php 5.4, buying maybe a couple years before mysql_* is out the door... But in preparation of that, the dependency of quoting should be removed. I could design such a migration plan...
phpList newbie
Posts: 2
Joined: 10:26pm, Fri 24 May, 2013

Re: phpList in the future (and present)

Postby duncanc » 1:33pm, Tue 28 May, 2013

phplist 2.10.x runs fine on php version 5.4. But note that 2.10.x is not now being maintained, except for security issues. The 'development' version, currently 2.11.9, is the way that phplist will evolve, so any work should be done on that.

The points you make are valid but 'deprecated' means that the feature will be removed in a future release of php but the feature still works.

The 'development' release, 2.11.x, has fixed the use of ereg.

phplist already handles magic quotes being disabled by doing its own quoting, so I think that will still work when magic quotes is removed from php.

The file admin/ isolates the mysql calls. It should be possible to create a similar file that uses mysqli instead. I had a look at that a while ago and think that there are some parts of the code that use the mysql calls directly.

If you are interested in contributing then subscribe to the developer mailing list
Posts: 2440
Joined: 6:34am, Sat 08 May, 2010
Location: London

Return to Developers Space

Who is online

Users browsing this forum: No registered users and 2 guests