Jump to content
Harald Ponce de Leon

Legacy Code and PHP 7.3 Compatibility Checks (HOWTO)

Recommended Posts

Posted (edited)

Hi All..

Here are instructions on how to check how compatible your online store installation / PHP code is against all PHP versions from 5.0 up to the latest version (currently 7.3). This guide requires a minimum PHP 5.4 version to run.

This is a medium level skill guide and requires the installation of Composer - a dependency manager for PHP that manages the installation and updates of third party libraries. I will link to the installation instructions of Composer instead of writing how to install it here.

It's possible to perform this guide either remotely on the web server in a ssh terminal, or locally on a backup copy of the PHP code.

Step 1 - Install Composer

Composer can be installed on Windows, Linux, Mac, and Unix. If you're installing on Linux, there may be a Linux distribution package that can be installed depending on your access privileges on the server, otherwise a manual installation is required. The manual installation can be performed locally in your home directory without special user permissions.

Instructions for how to install Composer on Windows can be found here:

https://getcomposer.org/doc/00-intro.md#installation-windows

Instructions for how to install Composer on Linux, Mac, and Unix can be found here:

https://getcomposer.org/doc/00-intro.md#installation-linux-unix-macos

Step 2 - Create Composer Project File

Composer needs to create a composer project file in the directory where your online store installation or PHP code resides. This will create two files that will be publicly accessible through the web server - this will not pose any security issues. The setup will also eventually create a "vendor" directory however Composer will be configured to place this in the "includes" directory to block public web server requests to the directory.

Copy and paste the following to composer.json in the directory where your online store installation resides:

{
    "config": {
        "vendor-dir": "includes/thirdparty/composer"
    },
    "require-dev": {
        "squizlabs/php_codesniffer": "^3.4",
        "phpcompatibility/php-compatibility": "^9.2"
    }
}

Step 3 - Install PHP_CodeSniffer

PHP_Codesniffer detects violations of defined rules in your code. There are several coding standard rule sets available to make sure each PHP file meets the coding standards. There is no rule set currently available for OSCOM v2.x - for v3 the PSR12 rule set is used.

As there will be a lot of violations running this with a coding standard, we will instead run it to use only one rule set to check compatibility against the latest PHP version. We will also configure PHP_CodeSniffer to ignore certain violations which is already taken care of in the online store installation.

Run the following command to install PHP_CodeSniffer:

composer install

After this installs PHP_CodeSniffer and the PHP Compatibility rule set, a PHP_CodeSniffer configuration file will be created to configure the rule set that should be used.

Copy and paste the following to phpcs.xml in the directory where your online store installation resides:

<?xml version="1.0"?>
<ruleset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="PHP_CodeSniffer" xsi:noNamespaceSchemaLocation="phpcs.xsd">
    <description>The coding standard for osCommerce.</description>

    <file>.</file>

    <exclude-pattern>*/includes/thirdparty/*$</exclude-pattern>

    <arg name="basepath" value="."/>
    <arg name="colors"/>
    <arg value="nps"/>

    <rule ref="PHPCompatibility"/>

    <config name="installed_paths" value="includes/thirdparty/composer/phpcompatibility/php-compatibility" />
</ruleset>

Step 4 - Run PHP_CodeSniffer

PHP_CodeSniffer can now be executed with the following command. It will automatically use the configuration file created in step 3:

./includes/thirdparty/composer/bin/phpcs

which will produce the following output report:

FILE: admin/includes/functions/compatibility.php
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
FOUND 15 ERRORS AFFECTING 12 LINES
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 32 | ERROR | Global variable '$HTTP_GET_VARS' is deprecated since PHP 5.3 and removed since PHP 5.4; Use $_GET instead (PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_get_varsDeprecatedRemoved)
 33 | ERROR | Global variable '$HTTP_POST_VARS' is deprecated since PHP 5.3 and removed since PHP 5.4; Use $_POST instead (PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_post_varsDeprecatedRemoved)
 34 | ERROR | Global variable '$HTTP_COOKIE_VARS' is deprecated since PHP 5.3 and removed since PHP 5.4; Use $_COOKIE instead
    |       | (PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_cookie_varsDeprecatedRemoved)


FILE: admin/includes/functions/database.php
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
FOUND 25 ERRORS AFFECTING 24 LINES
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 179 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and removed since PHP 7.0; Use mysqli instead (PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved)
 181 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and removed since PHP 7.0; Use mysqli instead (PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved)
 185 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and removed since PHP 7.0; Use mysqli instead (PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved)

Here we can see which files violate a PHP Compatibility rule set, the line in the file where the violation occurs, the reason for the violation, and the actual rule set that was violated that we'll be using to ignore the false positive reports with.

In the example output, it states that $HTTP_GET_VARS, $HTTP_POST_VARS, and $HTTP_COOKIE_VARS are deprecated since PHP 5.3 and are still used in your online store installation. This is a false positive as osCommerce Online Merchant already has its own implementation to work with or around it. In this case, the variables are safely defined in admin/includes/functions/compatibility.php and includes/functions/compatibility.php.

It also states that "mysql_" is deprecated in PHP 5.5 and still used in the online store installation. This is also a false positive as osCommerce Online Merchant wraps calls to the "mysql_" functions if "mysqli" does not exist.

We'll add to the PHP_CodeSniffer configuration the rules that can be ignored. The rules can be seen in the output report in brackets ( ). Below is an updated phpcs.xml file with a list of rules being safely ignored for a osCommerce Online Merchant v2.3.4.1 installation:

<?xml version="1.0"?>
<ruleset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="PHP_CodeSniffer" xsi:noNamespaceSchemaLocation="phpcs.xsd">
    <description>The coding standard for osCommerce.</description>

    <file>.</file>

    <exclude-pattern>*/includes/thirdparty/*$</exclude-pattern>

    <arg name="basepath" value="."/>
    <arg name="colors"/>
    <arg value="nps"/>

    <rule ref="PHPCompatibility"/>

    <config name="installed_paths" value="includes/thirdparty/composer/phpcompatibility/php-compatibility" />

    <rule ref="PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_get_varsDeprecatedRemoved">
        <severity>0</severity>
    </rule>
    <rule ref="PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_post_varsDeprecatedRemoved">
        <severity>0</severity>
    </rule>
    <rule ref="PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_cookie_varsDeprecatedRemoved">
        <severity>0</severity>
    </rule>
    <rule ref="PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_session_varsDeprecatedRemoved">
        <severity>0</severity>
    </rule>
    <rule ref="PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_server_varsDeprecatedRemoved">
        <severity>0</severity>
    </rule>
    <rule ref="PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_post_filesDeprecatedRemoved">
        <severity>0</severity>
    </rule>
    <rule ref="PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved">
        <severity>0</severity>
    </rule>
    <rule ref="PHPCompatibility.IniDirectives.RemovedIniDirectives.session_bug_compat_42DeprecatedRemoved">
        <severity>0</severity>
    </rule>
    <rule ref="PHPCompatibility.IniDirectives.RemovedIniDirectives.session_bug_compat_warnDeprecatedRemoved">
        <severity>0</severity>
    </rule>
    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.session_registerDeprecatedRemoved">
        <severity>0</severity>
    </rule>
    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.session_is_registeredDeprecatedRemoved">
        <severity>0</severity>
    </rule>
    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.session_unregisterDeprecatedRemoved">
        <severity>0</severity>
    </rule>
    <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.mysql_escape_stringDeprecatedRemoved">
        <severity>0</severity>
    </rule>
</ruleset>

Please remember that a lot of false positives will be reported and will need to be individually checked to see if a workaround exists in the PHP code. Additional rules to ignore can be added to the PHP_CodeSniffer configuration file.

Happy PHP 7.3 incompatibility hunting!

Edited by Harald Ponce de Leon
grammar fix

:heart:, osCommerce

Share this post


Link to post
Share on other sites

Hi Harald. I tried to install Composer locally, on Windows, as described above, but the process stopped at step 4 (Run PHP_CodeSniffer). After starting from the console PHP_CodeSniffer everything stops at 25%. How can I fix this situation?CodeSniffer-1.jpg.c0f3e9a423740db26baf855ec9cdad3f.jpg

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×