As of PHP 7.2, create_function is supposed to be replaced by anonymous functions, added in 5.3.

Create function is used in one place, in the drush command, as per this issue: https://www.drupal.org/project/entitycache/issues/2086633

Entitycache has a minimum PHP version of 5.3, as per this issue: https://www.drupal.org/project/entitycache/issues/2619270

So the solution seems pretty straight-forward.

CommentFileSizeAuthor
#2 entitycache_php_7-2981629-0.patch715 bytesMPetrovic

Comments

MPetrovic created an issue. See original summary.

MPetrovic’s picture

MPetrovic commented
StatusFileSize
new entitycache_php_7-2981629-0.patch715 bytes

Patch to fix deprecation attached.

herved’s picture

herved commented

+1
Thanks for the patch. It looks good to me.

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Status: Active » Needs review

A patch needs review.

Status: Needs review » Needs work

The last submitted patch, 2: entitycache_php_7-2981629-0.patch, failed testing. View results

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

I don't understand those test run results :/

MPetrovic’s picture

MPetrovic commented

Neither do I. Build successful, all tests passed, failed testing, build failed?

herved’s picture

herved commented

I think there's an issue with the testbot ATM. I noticed this in another contrib issue (context).
I believe this is the related issue: #2990645: "Build Successful" is treated as a test failure
They may have fixed it a few hours ago. Let's try a retest...

herved’s picture

herved commented
Status: Needs work » Needs review

So the testbot seems to be working again, all tests passed here.
Switching back to needs review.

smaz’s picture

smaz
Primary language English
Location England, UK
commented
Status: Needs review » Reviewed & tested by the community

I've just tested the patch in #2, and all works ok - after using drush to clear both a specific entity table + all caches, the relevant tables were cleared.

It also clears the warning being generated by PHPCodesniffer.

As above, the tests appeared to be ok so marking this as RTBC.

  • catch committed eca3ad0 on 7.x-1.x authored by MPetrovic 
    Issue #2981629 by MPetrovic, smaz: create_function is deprecated in PHP...
catch’s picture

catch
he/him
Primary language English
commented
Status: Reviewed & tested by the community » Fixed

Committed/pushed to 7.x-1.x, thanks!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

harlor’s picture

harlor commented

Damn I guess I'm too late to fix the typo in lamdba :S

ressa’s picture

ressa
he/him
commented
Related issues: +#3298693: Drush pm-update and cache-clear fails

Thanks for fixing this. Since more and more sites are using PHP 8, could a fresh release be considered at some point?

philsward’s picture

philsward commented

+1 for an updated release to fix this issue.

mcdruid’s picture

mcdruid commented

There's an issue about a 7.x-1.6 release #3002960: Issues to fix as part of next stable release (7.x-1.6).

The presence of create_function() in the current release could be exploited to gain Remote Code Execution although the conditions for this to happen are pretty extreme / unlikely. It could represent part of a chained attack though.

I filed a private security issues about this a long time ago and it was agreed that the discussion could take place in public.

I won't put the exact details here just yet as the "vulnerable" code is still in the latest supported release.