[GitHub/WoltLab/woltlab.github.io.git] / docs / migration_wsc-53_php.md

# Migrating from WSC 5.3 - PHP

## Minimum requirements

The minimum requirements have been increased to the following:

- **PHP:** 7.2.24
- **MySQL:** 5.7.31 or 8.0.19
- **MariaDB:** 10.1.44

Most notably PHP 7.2 contains usable support for scalar types by the addition of nullable types in PHP 7.1 and parameter type widening in PHP 7.2.

It is recommended to make use of scalar types and other newly introduced features whereever possible.
Please refer to the PHP documentation for details.

## Flood Control

To prevent users from creating massive amounts of contents in short periods of time, i.e., spam, existing systems already use flood control mechanisms to limit the amount of contents created within a certain period of time.
With WoltLab Suite 5.4, we have added a general API that manages such rate limiting.
Leveraging this API is easily done.

1. Register an object type for the definition `com.woltlab.wcf.floodControl`: `com.example.foo.myContent`.
2. Whenever the active user creates content of this type, call
   ```php
   FloodControl::getInstance()->registerContent('com.example.foo.myContent');
   ```
   You should only call this method if the user creates the content themselves.
   If the content is automatically created by the system, for example when copying / duplicating existing content, no activity should be registered.
3. To check the last time when the active user created content of the relevant type, use
   ```php
   FloodControl::getInstance()->getLastTime('com.example.foo.myContent');
   ```
   If you want to limit the number of content items created within a certain period of time, for example within one day, use
   ```php
   $data = FloodControl::getInstance()->countContent('com.example.foo.myContent', new \DateInterval('P1D'));
   // number of content items created within the last day
   $count = $data['count'];
   // timestamp when the earliest content item was created within the last day
   $earliestTime = $data['earliestTime'];
   ```
   The method also returns `earliestTime` so that you can tell the user in the error message when they are able again to create new content of the relevant type.
   !!! info "Flood control entries are only stored for 31 days and older entries are cleaned up daily."

The previously mentioned methods of `FloodControl` use the active user and the current timestamp as reference point.
`FloodControl` also provides methods to register content or check flood control for other registered users or for guests via their IP address.
For further details on these methods, please refer to the [documentation in the FloodControl class](https://github.com/WoltLab/WCF/blob/master/wcfsetup/install/files/lib/system/flood/FloodControl.class.php).

!!! warning "Do not interact directly with the flood control database table but only via the `FloodControl` class!"

## PHP Database API

The PHP API to add and change database tables during package installations and updates in the `wcf\system\database\table` namespace now also supports renaming existing table columns with the new `IDatabaseTableColumn::renameTo()` method:

```php
PartialDatabaseTable::create('wcf1_test')
        ->columns([
                NotNullInt10DatabaseTableColumn::create('oldName')
                        ->renameTo('newName')
        ]);
```

!!! info "Like with every change to existing database tables, packages can only rename columns that they installed." 

## Captcha

The reCAPTCHA v1 implementation was completely removed.
This includes the `\wcf\system\recaptcha\RecaptchaHandler` class (not to be confused with the one in the `captcha` namespace).

The reCAPTCHA v1 endpoints have already been turned off by Google and always return a HTTP 404.
Thus the implementation was completely non-functional even before this change.

See [WoltLab/WCF#3781](https://github.com/WoltLab/WCF/pull/3781) for details.

## Search

The generic implementation in the `AbstractSearchEngine::parseSearchQuery()` method was dangerous, because it did not have knowledge about the search engine’s specifics.
The implementation was completely removed: `AbstractSearchEngine::parseSearchQuery()` now always throws a `\BadMethodCallException`.

If you implemented a custom search engine and relied on this method, you can inline the previous implementation to preserve existing behavior.
You should take the time to verify the rewritten queries against the manual of the search engine to make sure it cannot generate malformed queries or security issues.

See [WoltLab/WCF#3815](https://github.com/WoltLab/WCF/issues/3815) for details.
Commit	Line	Data
e3747bbc	1	# Migrating from WSC 5.3 - PHP
f64d43c9	2
df236679 TD	3	## Minimum requirements
	4
	5	The minimum requirements have been increased to the following:
	6
	7	- PHP: 7.2.24
	8	- MySQL: 5.7.31 or 8.0.19
	9	- MariaDB: 10.1.44
	10
	11	Most notably PHP 7.2 contains usable support for scalar types by the addition of nullable types in PHP 7.1 and parameter type widening in PHP 7.2.
	12
	13	It is recommended to make use of scalar types and other newly introduced features whereever possible.
	14	Please refer to the PHP documentation for details.
	15
f64d43c9 MS	16	## Flood Control
	17
	18	To prevent users from creating massive amounts of contents in short periods of time, i.e., spam, existing systems already use flood control mechanisms to limit the amount of contents created within a certain period of time.
	19	With WoltLab Suite 5.4, we have added a general API that manages such rate limiting.
	20	Leveraging this API is easily done.
	21
	22	1. Register an object type for the definition `com.woltlab.wcf.floodControl`: `com.example.foo.myContent`.
	23	2. Whenever the active user creates content of this type, call
	24	```php
	25	FloodControl::getInstance()->registerContent('com.example.foo.myContent');
	26	```
	27	You should only call this method if the user creates the content themselves.
	28	If the content is automatically created by the system, for example when copying / duplicating existing content, no activity should be registered.
	29	3. To check the last time when the active user created content of the relevant type, use
	30	```php
	31	FloodControl::getInstance()->getLastTime('com.example.foo.myContent');
	32	```
	33	If you want to limit the number of content items created within a certain period of time, for example within one day, use
	34	```php
	35	$data = FloodControl::getInstance()->countContent('com.example.foo.myContent', new \DateInterval('P1D'));
	36	// number of content items created within the last day
	37	$count = $data['count'];
	38	// timestamp when the earliest content item was created within the last day
	39	$earliestTime = $data['earliestTime'];
	40	```
	41	The method also returns `earliestTime` so that you can tell the user in the error message when they are able again to create new content of the relevant type.
9003992d	42	!!! info "Flood control entries are only stored for 31 days and older entries are cleaned up daily."
f64d43c9 MS	43
	44	The previously mentioned methods of `FloodControl` use the active user and the current timestamp as reference point.
	45	`FloodControl` also provides methods to register content or check flood control for other registered users or for guests via their IP address.
	46	For further details on these methods, please refer to the [documentation in the FloodControl class](https://github.com/WoltLab/WCF/blob/master/wcfsetup/install/files/lib/system/flood/FloodControl.class.php).
	47
9003992d	48	!!! warning "Do not interact directly with the flood control database table but only via the `FloodControl` class!"
97c25e32	49
6954627f MS	50	## PHP Database API
	51
	52	The PHP API to add and change database tables during package installations and updates in the `wcf\system\database\table` namespace now also supports renaming existing table columns with the new `IDatabaseTableColumn::renameTo()` method:
	53
	54	```php
	55	PartialDatabaseTable::create('wcf1_test')
	56	->columns([
	57	NotNullInt10DatabaseTableColumn::create('oldName')
	58	->renameTo('newName')
	59	]);
	60	```
	61
9003992d	62	!!! info "Like with every change to existing database tables, packages can only rename columns that they installed."
6954627f	63
97c25e32 TD	64	## Captcha
	65
	66	The reCAPTCHA v1 implementation was completely removed.
	67	This includes the `\wcf\system\recaptcha\RecaptchaHandler` class (not to be confused with the one in the `captcha` namespace).
	68
	69	The reCAPTCHA v1 endpoints have already been turned off by Google and always return a HTTP 404.
	70	Thus the implementation was completely non-functional even before this change.
	71
	72	See [WoltLab/WCF#3781](https://github.com/WoltLab/WCF/pull/3781) for details.
944c6773 TD	73
	74	## Search
	75
	76	The generic implementation in the `AbstractSearchEngine::parseSearchQuery()` method was dangerous, because it did not have knowledge about the search engine’s specifics.
	77	The implementation was completely removed: `AbstractSearchEngine::parseSearchQuery()` now always throws a `\BadMethodCallException`.
	78
	79	If you implemented a custom search engine and relied on this method, you can inline the previous implementation to preserve existing behavior.
	80	You should take the time to verify the rewritten queries against the manual of the search engine to make sure it cannot generate malformed queries or security issues.
	81
	82	See [WoltLab/WCF#3815](https://github.com/WoltLab/WCF/issues/3815) for details.