Jump to content

Update to PHP 8.0


pjlarssons@gmail.com

Recommended Posts

34 minuty temu, [email protected] napisał:

My web host is shutting down PHP 7.4 soon and then I have to switch to PHP 8.0.
But now the page crashes when I update to 8.

Is there any solution?

/Joakim

Most hosting company has the option to keep the older PHP version for the clients with or without additional costs. i.e some of my client's hostings have PHP 5.6 up to 8.0. Ask your provider for any options.

Link to comment
Share on other sites

  • 1 month later...

@PrestaHeroes.com@ComGrafPL@Mediacom87

It is definatelly not a good idea to tell people, change your web host to use a deprecated PHP version. There is a reason for new PHP versions. And I hope that you guys don't operate any of those onlineshops where user data is stolen from, due to a lack of security understanding. Please upgrade your servers very soon to a fully supported PHP version.

Thanks in advance.
Tim Beck
----inspirimental----

Link to comment
Share on other sites

2 minutes ago, Inspirimental said:

@PrestaHeroes.com@ComGrafPL@Mediacom87

It is definatelly not a good idea to tell people, change your web host to use a deprecated PHP version. There is a reason for new PHP versions. And I hope that you guys don't operate any of those onlineshops where user data is stolen from, due to a lack of security understanding. Please upgrade your servers very soon to a fully supported PHP version.

Thanks in advance.
Tim Beck
----inspirimental----

That's your opinion.  One should update PS when they need new features not to be made to do so.  Maybe you don't have a lot of upgrade experience and difficulties that can be faced. 

 

Please don't decide who is has good idea unless you have better, you don't.

Link to comment
Share on other sites

1 hour ago, PrestaHeroes.com said:

That's your opinion.  One should update PS when they need new features not to be made to do so.  Maybe you don't have a lot of upgrade experience and difficulties that can be faced. 

 

Please don't decide who is has good idea unless you have better, you don't.

I have to contradict again. We are not living 20 years ago. Phishing or hacking attacks are being done automatically by powerful botnets. It's not about your needs to avoid hard work updating a running system. It is about security and privacy protection of all your customers. How do you think do all these millions of leaked passwords have been grabbed? Because of security issues of deprecated versions of php, software, and so on.

Unless you are behind a firewall in an extra secured intranet, you can go with the old stuff. But once you are on the internet and you are in charge of customer data, you are obligated to use software that is not outdated. In the last 15 years I had to do a lot of updating, to fulfill recent security standards. Even if that meant to rebuild parts of a running system. If you can't update a system, shut it down and build a new one.

  • Like 1
Link to comment
Share on other sites

Il y a 3 heures, Inspirimental a dit :

I have to contradict again. We are not living 20 years ago. Phishing or hacking attacks are being done automatically by powerful botnets. It's not about your needs to avoid hard work updating a running system. It is about security and privacy protection of all your customers. How do you think do all these millions of leaked passwords have been grabbed? Because of security issues of deprecated versions of php, software, and so on.

Unless you are behind a firewall in an extra secured intranet, you can go with the old stuff. But once you are on the internet and you are in charge of customer data, you are obligated to use software that is not outdated. In the last 15 years I had to do a lot of updating, to fulfill recent security standards. Even if that meant to rebuild parts of a running system. If you can't update a system, shut it down and build a new one.

I understand your point of view and confirm it on many points.

Except that here, we are talking about a complex open-source script that follows quite long validation processes and therefore, the update of the system to PHP8 takes time and you can participate with your expertise to help the project.

In the state, only the version 8.0 which is released very soon brings this compatibility, in the meantime, the users can continue to use old version of PHP, because the cost and the risks of migration are enormous.

It is possible to hack elements on old PHP versions, possible yes, easy no and for the moment, I have not collected any conclusive testimony of a merchant using PrestaShop on an old version of PHP having suffered a hacking of its server and its data through this means.

But I agree, there are alternative solutions already compatible with PHP 8 and also open-source, but beware, the versions of PHP 8 follow each other to fill in flaws, other concerns, so should we prefer a recent version, perhaps not yet patched or obsolete versions that have already filled potential flaws, the answer is not so simple, especially for small merchants who trust their shared host who often takes very to heart, the evolution of their infrastructure.

Link to comment
Share on other sites

@Inspirimental

Believe it or not, a poorly designed code can do far more harm to your security that any outdated / end-of-life underlying components (os / php / ...). Specialy if you have done your due diligence to investigate security reports to mitigate their weaknessees.

Having a buffer overrun situation while using exif extraction for instance poses no threat to your code if it does not use such function.

 

Most the hack (if not all) I have seen in the framework where consequences of badly designed code that will put your implementation at risk whatever PHP version your are using.

Link to comment
Share on other sites

Hi.
Please... if you are going to write on my post, write constructively and something with facts that can help us!

The problem persists, either prestashop needs to come with an update before nobember ends otherwise I have to change host or website builder.
Write in this thread if you know that v.8 has arrived. Or if it doesn't arrive within a few weeks... what's the easiest way to change supplier?
Please discuss technicalities and what is worst or best elsewhere.

The moust importent is that my (and others) webshop still running in december!

No matter how it is done!

Link to comment
Share on other sites

26 minutes ago, [email protected] said:

Write in this thread if you know that v.8 has arrived

You can follow the release here:
https://github.com/PrestaShop/PrestaShop/issues/26427

As you can see the final version was estimated for 24.10. which is overdue already. Anyway it's not recommended to change to such a early version with a live shop, rather wait for few minor releases for bug fixes. In the meantime you can upgrade your test enviroment to check for compatibilitiy with your theme and 3rd party modules which usually cause the most trouble

Link to comment
Share on other sites

You can upgrade it manually, do it on a test machine.


I have described in the german forum how to do it:

 


 Instructions:
- Upload and upgrade the autoupgrade module to v4.15  -> Download from: https://github.com/PrestaShop/autoupgrade/pull/513

- Upload ZIP archive Prestashop8.0.0 to adminXXXXX/autoupgrade/download -> Download from (with xml-file): https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.0

- Upload XML to adminXXXXX/autoupgrade/download

- Perform 1-click upgrade with expert function Update local archive

- select XML file and Prestashop ZIP file, enter version 8.0.0 -> update

 

Attention: looking for jsonDecode or Encode errors in section "Deprecations and removals":


This 2 console command fixes these errors (change module path):
 

find /path/to/modulefolder/modules -type f -exec sed -i 's/Tools:jsonEncode/json_encode/g' {} \;

find /path/to/modulefolder/modules -type f -exec sed -i 's/Tools::jsonDecode/json_decode/g' {} \;

 

for me the upgrade from 1.7.8.7 to 8.0.0 worked fine on a 1:1 test platform.

 

 

Edited by BlackCrow (see edit history)
  • Like 3
Link to comment
Share on other sites

  • 2 weeks later...
On 10/31/2022 at 1:03 PM, BlackCrow said:

You can upgrade it manually, do it on a test machine.


I have described in the german forum how to do it:

 


 Instructions:
- Upload and upgrade the autoupgrade module to v4.15  -> Download from: https://github.com/PrestaShop/autoupgrade/pull/513

- Upload ZIP archive Prestashop8.0.0 to adminXXXXX/autoupgrade/download -> Download from (with xml-file): https://github.com/PrestaShop/PrestaShop/releases/tag/8.0.0

- Upload XML to adminXXXXX/autoupgrade/download

- Perform 1-click upgrade with expert function Update local archive

- select XML file and Prestashop ZIP file, enter version 8.0.0 -> update

 

Attention: looking for jsonDecode or Encode errors in section "Deprecations and removals":


This 2 console command fixes these errors (change module path):
 

find /path/to/modulefolder/modules -type f -exec sed -i 's/Tools:jsonEncode/json_encode/g' {} \;

find /path/to/modulefolder/modules -type f -exec sed -i 's/Tools::jsonDecode/json_decode/g' {} \;

 

for me the upgrade from 1.7.8.7 to 8.0.0 worked fine on a 1:1 test platform.

 

 

Hi.

Thank you for this.

I did it on one of my sits ad it worked fine.  😀

Im trying to do it on another site with a diffrent host.

I use 1-click 4.15

The checklist are all green  except one    "It's not possible to create a PHP session"

Can someone tell me what to do.

I attache a picture

Regards

1-click.jpg

Link to comment
Share on other sites

Hi.

Im sooooo sorry for the missinformation.

I updated my shop but it did not work.

The shop crash.

The root page worked but nothing else.

I could not open products list or product page or Back office "only white side"

I have made a fresh installment of prestsashop 8.0 beta and transported all my products.

Now i have a page working with PHP 8.1 but not 100%

Im still waiting for real prestashop 8.0

Regards and sorry for missinformation.

Link to comment
Share on other sites

On 11/9/2022 at 12:47 PM, plutten22 said:

Hi.

Thank you for this.

I did it on one of my sits ad it worked fine.  😀

Im trying to do it on another site with a diffrent host.

I use 1-click 4.15

The checklist are all green  except one    "It's not possible to create a PHP session"

Can someone tell me what to do.

I attache a picture

Regards

1-click.jpg

 

Did you find a soulution for "It's not possible to create a PHP session"

Link to comment
Share on other sites

I´m going to move all of my pages from one.com to https://misshosting.com/ in stead!
I talked to them and they support PHP 7,4 and the servers are places in Europe/Sweden.

As I understand it is only to copy the folders/installation and the database... and then place it at the new host.

FYI: one.com stops supporting the PHP 7... the 28.november.

Link to comment
Share on other sites

On 10/25/2022 at 8:02 PM, Mediacom87 said:

I understand your point of view and confirm it on many points.

Except that here, we are talking about a complex open-source script that follows quite long validation processes and therefore, the update of the system to PHP8 takes time and you can participate with your expertise to help the project.

In the state, only the version 8.0 which is released very soon brings this compatibility, in the meantime, the users can continue to use old version of PHP, because the cost and the risks of migration are enormous.

It is possible to hack elements on old PHP versions, possible yes, easy no and for the moment, I have not collected any conclusive testimony of a merchant using PrestaShop on an old version of PHP having suffered a hacking of its server and its data through this means.

But I agree, there are alternative solutions already compatible with PHP 8 and also open-source, but beware, the versions of PHP 8 follow each other to fill in flaws, other concerns, so should we prefer a recent version, perhaps not yet patched or obsolete versions that have already filled potential flaws, the answer is not so simple, especially for small merchants who trust their shared host who often takes very to heart, the evolution of their infrastructure.

But then, the Prestashop team should be done this since last year. Many other e-commerce platforms like Magento, Shopify and CMS like Joomla, WordPress, Drupal already are running under PHP8 since last year. I don't have a clue why Prestashop are so slow in the language version transition, behind (far off) from their rivals.

Edited by NestorAcevedo (see edit history)
Link to comment
Share on other sites

Il y a 1 heure, NestorAcevedo a dit :

But then, the Prestashop team should be don this since last year. Many other e-commerce platforms like Magento, Shopify and CMS like Joomla, WordPress, Drupal already are running under PHP8 since last year. I don't have a clue why Prestashop are so slow in the language version transition, behind (far off) from their rivals.

PrestaShop was using a complete class that was in direct conflict with PHP 8.

This does not justify the delay, but it may explain it.

Link to comment
Share on other sites

On 10/25/2022 at 4:15 PM, Inspirimental said:

I have to contradict again. We are not living 20 years ago. Phishing or hacking attacks are being done automatically by powerful botnets. It's not about your needs to avoid hard work updating a running system. It is about security and privacy protection of all your customers. How do you think do all these millions of leaked passwords have been grabbed? Because of security issues of deprecated versions of php, software, and so on.

Unless you are behind a firewall in an extra secured intranet, you can go with the old stuff. But once you are on the internet and you are in charge of customer data, you are obligated to use software that is not outdated. In the last 15 years I had to do a lot of updating, to fulfill recent security standards. Even if that meant to rebuild parts of a running system. If you can't update a system, shut it down and build a new one.

you are not just contradicting but your opionion counts, unlike you who dispagerd my advice, I have and have had the only  US agency and I come here  to provide my experience

your simple view of the world is cute, but for 'real' shops 'really' selling and upgrade to support php is a lot more complex and generally requires  and agency (like ours) or inhouse staff...so it has to be planned and should not be pushed to rush because of CHEAP ASS hosting.

We have clients running php 5.6 still, they don't want to upgrade..they have it just the way they want.

you of course fall into the knee  jerk scare routine of back leveled php....we are not only in  charge of customer data, but also their security...

I hope someday to learn something new here...but that has not happened in a long time..

 

Link to comment
Share on other sites

  • 1 month later...

Just for the record, PHP5.6 does not receive security updates anymore since end of 2018. That's 4 full years.
Any exploit or security issue being found since then, in this old PHP version, has not been fixed anymore.

Expierience or not, this is a fact, not a "scare tactic".

Anyone who collects customer (and maybe even payment-) data of his/her clients, has a responsibiliy to protect these!

How can you ensure this, using such an outdated environment?
Answer: You can not

 

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...