Running Magento Under PHP 5.5 – preg_replace deprecation issues

Magento versions prior to 1.9 aren’t formally certified to run under PHP 5.5 (have a look here for formal supported versions) but in the main runs fine, and we like it because of all of the performance perks you can get in this version compared to 5.4 and prior.

However, we have seen one issue – which we’ve been able to fix. You might see a scary php error showing up if you are using Magento under PHP 5.5 and are using the Mageme.com Web Forms Pro module when attempting to preview a form you’ve designed.

The fault isn’t actually in the module code per-se, it’s just that it sends Magento down a code path to a library file which contains a function which is now issuing a deprecation warning “E_DEPRECATED” under PHP 5.5

So, seemingly the Magento codebase has some functions in it that PHP 5.5 correctly flags as now deprecated:

Deprecated functionality: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead  in /lib/Varien/Filter/Template/Simple.php on line 42

The symptom is that this causes an ugly crash when previewing a form with the module, or just causes a silent failure to render the page when attempting to view the form on the front end.

What’s Going On?

The “\e” modifier on the preg_replace() function was deprecated due to severe security implications.

(PHP suggests uses preg_replace_callback() instead)

As it’s a security related deprecation, it technically applies to all PHP versions.  But the warning notice has only been added on 5.5.0 and above.  (Basically PHP don’t care about older versions as they’re all coming to end of life.  PHP 5.6 is out now, 5.5 is maintained as legacy and 5.3/5.4 are going to fade out)

The function was deprecated on 20th June 2013 (over a year ago), and now PHP 5.5 is issuing warnings to that effect. Prior versions still have the severe security implications, they just don’t warn about it like 5.5 does!

How to Fix

Ultimately this fault is with an underlying Magento / Varien Library file, so it isn’t something you can go changing lightly or simply overriding and creating a version for your theme.

One of the possible fixes to this is to suppress the reporting of deprecated PHP functions, but this doesn’t solve the underlying security issue.

What you would need to do to implement the suppression fix is very carefully and deliberately take a backup copy of this file:

/lib/Varien/Filter/Template/Simple.php

and add the line:

error_reporting(E_ALL ^ E_DEPRECATED);

before the class definition.

However, what we actually recommend is to change the deprecated function into the latest, secure PHP 5.5+ version.

So, instead, in the same file replace this line:

return preg_replace('#'.$this->_startTag.'(.*?)'.$this->_endTag.'#e', '$this->getData("$1")', $value);

With this:

return preg_replace_callback('#'.$this->_startTag.'(.*?)'.$this->_endTag.'#',
function ($matches) {return $this->getData($matches[0]);}
, $value);

Note very carefully if you’re copying this by sight, that the final ‘e’ in _endTag. ‘#e’ has disappeared in the first argument of the new function call – miss this subtlety and your replacement code won’t work!

Warning!

Attempt this fix at your own risk, no warranty given or implied for this fix.

Please also note that we have seen conflicting opinions on whether it should be ($matches[1]) or ($matches[0]) in that second line. Both worked reliably for us and solved the problem, but we’ve yet to assess which is actually formally correct. We’re sticking with 0 for now, until we observe any issues or symptoms elsewhere, however given this code path was only reached in one circumstance (our use of WebForms Pro on PHP 5.5) we think it’s quite a rare code path route we’re hitting.

We will advise when Magento formally supports PHP 5.5 (and hence you can remove this fix and revert back to a stock version of that file) or if Vladimir of MageMe.com, the developer of WebForms Pro, comes back with an alternative recommendation (or endorses ours!).

In the meantime that might be a get out of jail free card for you.

Get in touch if you have any problems, success stories, or maybe have any comments or experience on this subject.