You may already know, PHP is a scripting language suitable for web development that runs on the server side.
PHP is used on virtually every website, from blogs to the world's most popular websites.
PHP is widely used, so it is necessary to monitor the publication of updates concerning security, in order to correct the vulnerabilities on your servers.
Pour connaitre le cycle de vie d’une version de PHP, voir la page suivante : https://www.php.net/supported-versions.php
A version of PHP is generally supported (regular updates) for 3 years (2 years in "full support", followed by 1 year in "critical security support only").
As of today (19.10.2021), versions of PHP prior to version 7.3 are no longer supported. Version 7.3 comes to the end of "security support" on 12/06/2021.
So if you are still using version 7.3 or earlier of PHP, you should immediately consider updating (servers + applications) to a supported version (7.4 or 8.0) according to the table.
Note that PHP version 7.4 is currently supported for critical security updates until 28th November 2022, then this version will no longer be supported.
Updating major version of PHP
To do (non-exhaustive list):
- Do a backup before any change / modification
- Read the differences and new features that the new version brings (Release notes)
- Make a clone of the production server, to have a server for testing
- On the testing server, install the new version of PHP, delete the old version then analyze the impact
- Test each web application using PHP
- Analyze errors and correct one by one in the code according to the recommendations of the new version of PHP
Compatibility check
It is possible even before installing the new version of PHP, to know the compatibility of the PHP code for a specific version, by using these two tools :
- PHP_CodeSniffer : Allows to detect syntax errors, coding violation according to a coding standard (PHP, JavaScript and CSS).
- PHPCompatibility => It is a standard library (sniffs) for "PHP_CodeSniffer" to check PHP compatibility between versions. It allows to analyze the code to know the compatibility with the higher and lower versions of PHP.
Regarding the installation of the two tools, you just have to follow the documentation provided.
There are several ways to install these two modules.
De notre côté, c’est en utilisant « Composer » (Gestionnaire des dépendences pour PHP) que ça a fonctionné.
Small installation help (Non-exaustive):
Small installation help (Non-exaustive):
Installation of Composer:
# apt-get install composer
Installation of "php_codesniffer" with composer:
# composer global require "squizlabs/php_codesniffer=*"
Download latest version of "PHPCompatibility" from the github, then extract it:
# wget ..FileToDownload..
# tar xvf
Add the path of the "PHPCompatibility" directory in the "PHP CodeSniffer" config:
# ~/.composer/vendor/bin/phpcs --config-set installed_paths
Check that the configuration has been added:
# ~/.composer/vendor/bin/phpcs -i
Result: The installed coding standards are PSR2, PSR12, Squiz, MySource, PEAR, Zend, PSR1 and PHPCompatibility
Start the verification of a directory containing PHP files, for version PHP8.0:
# ~/.composer/vendor/bin/phpcs --standard=PHPCompatibility -p /répertoire/à/analyser/ --runtime-set testVersion 8.0-
After analyzing the directory, messages indicate the various errors found depending on the version of PHP.
Installation of PHP8.0 under Debian (Buster) :
Currently, PHP version 8.0 is not available in Debian 10 (Buster) repositories.
You must manually add the repository where PHP is published directly by the developers. More info at https://deb.sury.org.
To add the "sury.org" repository, you must run the following command lines :
# sudo apt install -y lsb-release apt-transport-https ca-certificates wget
# sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
# sudo echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" |tee /etc/apt/sources.list.d/php.list
# sudo apt-get update
If an error appears while adding, consult the README file at https://packages.sury.org/php/README.txt
Then to install PHP8.0 under Debian :
Perform the following commands:
# sudo apt-get install php8.0
Most of the time, PHP extensions are needed: adapt the following command according to your needs:
# sudo apt-get install -y php8.0- {curl, mysql, xml}
Once the new version of PHP is installed, check the active version:
# php -v
To know :
- It is possible to have several versions of PHP installed and choose the version to use by default. With the command :
- # update-alternatives –config php
- Do not forget to put the same configuration back, if the file "/etc/php/__php_version__ /apache2/php.ini" had been modified