Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[IMPORTANT] Platform check is causing to broke websites with unfair way #11091

Closed
jakubboucek opened this issue Sep 30, 2022 · 5 comments
Closed
Labels
Milestone

Comments

@jakubboucek
Copy link
Contributor

jakubboucek commented Sep 30, 2022

Composer from version 2.3.0 can be application runtime afflicted by unpredicted Composer's platform check.

// autoload.php @generated by Composer
if (PHP_VERSION_ID < 50600) {
echo 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
exit(1);
}

It is understandable and justified, but completely poorly implemented. This is same problem as I reported formerly at #9411 and fixed at #9410, #9414 and #9418.

Problems:

  • Web application is stopped and replaced with the some error message, but presented with HTTP 200 OK status code. This can ruin SEO reputation!
  • In CLI is error message presented simply to standard output instead of error output.
  • Developer is not notified because is not any standard error mechanism triggered.

It's now shutdowns websites across the world.
Trust me its't very serious problem, try to search -echo "Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running" for proof.

Please fix that with same way as another platform check (see above to previous PR references):

// platform_check.php @generated by Composer
\$issues = array();
{$requiredPhp}{$requiredExtensions}
if (\$issues) {
if (!headers_sent()) {
header('HTTP/1.1 500 Internal Server Error');
}
if (!ini_get('display_errors')) {
if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
fwrite(STDERR, 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . implode(PHP_EOL, \$issues) . PHP_EOL.PHP_EOL);
} elseif (!headers_sent()) {
echo 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . str_replace('You are running '.PHP_VERSION.'.', '', implode(PHP_EOL, \$issues)) . PHP_EOL.PHP_EOL;
}
}
trigger_error(
'Composer detected issues in your platform: ' . implode(' ', \$issues),
E_USER_ERROR
);
}

Please be always very very careful when you adding any check/error message which is fired at autoload runtime! Composer have enormous power, they should also have enormous responsibility.

@derrabus
Copy link
Contributor

derrabus commented Oct 6, 2022

If you need to stay compatible with ancient versions of PHP (no judgement here), I'd strongly recommend to use Composer 2.2 instead. It's an LTS version that is still maintained to accomodate projects like yours.

The world has moved on and this version check that troubles you right now indicates that the authors of Composer cannot guarantee anymore that the generated autoloader code will be compatible with the PHP version your project is running on.

@stof
Copy link
Contributor

stof commented Oct 6, 2022

@derrabus it would still be a good idea to build it on the same reporting way than the platform checks, which were designed to break in a good way (reporting a 500 error and not a 200 error)

@jakubboucek
Copy link
Contributor Author

@derrabus Dropping support of legacy is OK. This issue is only HOW is dropping implemented.

@Seldaek Seldaek added this to the 2.4 milestone Oct 13, 2022
@Seldaek Seldaek added the Bug label Oct 13, 2022
@Seldaek
Copy link
Member

Seldaek commented Oct 13, 2022

Sorry about that. Hopefully resolved by c447c12 - tho it'll still kill websites, just in a nicer way. I guess this is due to shared hosts upgrading things automatically without checking compatibility at all?

@jakubboucek
Copy link
Contributor Author

tho it'll still kill websites, just in a nicer way.

Yes, it's what I ask. The fair kill. Thanks.

Upgrades are maked automatically by lot of (semi-)automated app hosting, like a clouds and similar one. The problem lies in the detail, here can be not any change in runtime (PHP version, server, atc.), neither app itself, but can be upgraded build tool only (Composer) which is not presented to production. Only modicum od developer expects trap here wen nothich in APP nor Runtime changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants