Poster 2 issue with PHP (function deprecated)

uhebeisen · 11 September 2022 07:58

hello, after testing the various functions and features of Poster 2 it is time to give it a try. I’ve setup a subdomain to see the new blog in real life.
Now if I call this URL the page shows a list of errors (or warnings) which is sure not what I want ;-)
It reads:

Deprecated : parse_str(): Passing null to parameter #1 ($string) of type string is deprecated in /srv/www/vhosts/mc-wyland.ch/subdomains/next/httpdocs/index.php on line 205

Deprecated: Function strftime() is deprecated in /srv/www/vhosts/mc-wyland.ch/subdomains/next/httpdocs/rw_common/plugins/stacks/poster2/Poster/Util.php on line 339

and for each and every item on the blog it shows the second message above. You find this website on https://next.mc-wyland.ch

I’ve set the PHP version to 7.4 (down from 8.1) as mentioned on the inStacks website. How can this be fixed?

Erwin-Leerentveld · 11 September 2022 08:34

Hi @uhebeisen,

Those functions are deprecated in PHP 8.1, so it appears setting PHP to v7.4 hasn’t worked.

I advise to check again if PHP is indeed v7.4 for the the site, including the next.mc-wyland.ch subdomain.

Cheers,
Erwin

uhebeisen · 11 September 2022 08:52

thx @Erwin-Leerentveld
you’re right. I’ve set the PHP version in the main domain but when creating a subdomain it will set the PHP version to default (8.1). But I have to set version for the subdomain manually.
Now it looks fine. But I think in a next version of Poster2 this function should have been replaced by a current one.

HAND
ueli

Erwin-Leerentveld · 11 September 2022 09:12

Hi @uhebeisen,

Good to hear it worked!

I’m with you in hoping we’ll all be able to upgrade to 8.1 (or 8.0 at the very least) soon.

At the moment, a lot of stacks are dependant on PHP 7.4. Currently, PHP 7.4 is in extended support, meaning it gets security fixes only (no new features or performance fixes). This extended support window closes at the end of November 2022, so a little over 2 months from now.

This means that developers will need to make sure their stacks can run on (at least) 8.0 by then, although 8.1 is a safer bet. 8.1 is currently the newest version.

Now, websites with 7.4 will not cease to work when support ends. In fact, there are tons of websites running on much older versions of PHP (which have all been end-of-life for a while). The big downside of running an older, unsupported version of PHP is security: if an exploit is discovered, your site could, in theory at least, be vulnerable.

To get an idea of the risks, you could take a look at the list of vulnerabilities of PHP (all versions, including the current 8.1), here.

As you can see, there are quite a few. A number of these are scored higher than a 5.0. Mostly though, the issues involve an attacker to input data somewhere that causes PHP to crash. Meaning (parts of) your website will not work as intended until PHP has been restarted.

But a few, like CVE-2021-21708 and CVE-2021-21703 enable an attacker to gain privileges to alter your site; e.g. write to files they’re not supposed to, modifying the contents of your site or install malicious files etc.

Those issues have been fixed, but if a similar issue is discovered in 7.4 after November 2022, it will not be fixed. That can be a serious problem for sites running.

Cheers,
Erwin

Jannis · 11 September 2022 11:08

It’s a depreciating notice. Which means it will just work fine in PHP 8.1.

Your PHP installation is not configured correctly and should not print the notices on the screen.