Skip to main content

What's new in PHP 8.3+

Minimum PHP version updated

The application now requires PHP 8.3 as the minimum version.

Database updates

BIGINT columns
All columns containing crmids are now BIGINT (for new installations). When creating columns that store crmid, always use BIGINT (or I8 when using adodb datadict).

TINYINT columns
All columns containing only boolean integers (e.g., 0/1 for checkbox fields uitype 56, deleted=0/1, or various status columns with only small ints) are now TINYINT (or I1 when using adodb datadict).

Licence tag

A new SPDX license tag is now mandatory in all vtenext core files (php, js and tpl) that are not external libraries.

/*************************************
 * SPDX-FileCopyrightText: 2009-present Vtenext S.r.l. Società Benefit 
 * SPDX-License-Identifier: LicenseRef-vtenext-business-license 
 ************************************/

New configuration files

All new custom configuration files (e.g., custom api token) must be placed in the /config folder. If some configuration is different from dev/prod environments, use the corresponding config file in /config/.

  • config.$envType.php: Overrides of PHP configuration and global variables for a specific environment type
  • phpstan/*: Configuration to use when running phpstan
  • smarty/*: Configuration directory for Smarty library
  • logging.php: Configuration for the legacy logs (old log4php)
  • request.config.php: See Configuration - RequestHandler

New config variables

The following global config variables have been added to config.inc.php:

$enableLegacyLogs

Activate the legacy logs (the old log4php), which logs a lot of stuff in logs/vtenext.log. The usefulness of this log is not certain. Configuration of this log is in /config/logging.php.

$envType

Specify the environment type. Possible values:

  • "prod" (default)
  • "preprod"
  • "dev"
  • "debug"

Each level activates more error messages. The default configuration is in config.inc.php, variable $php_config, overridden by the specific /config/config.$envType.php file.

$php_config

Used to specify the default PHP configuration used by $envType.

New functions and methods

RequestHandler (RH)

RequestHandler provides secure, centralized access to HTTP request data. It automatically sanitizes input using vtlib_purify() and applies type-safe filters from F:: enum. This replaces direct access to superglobals like $_REQUEST$_GET$_POST, etc.

For details, see: RequestHandler

CRMEntity methods update

The old retrieve_entity_info has been renamed to retrieve_html and retrieve_entity_info_no_html to retrieve. This is to make more explicit that there is a HTML conversion going on. The old functions are deprecated, but still working.

  • CRMEntity::retrieve_html(): Retrieves entity with HTML conversion
  • CRMEntity::retrieve(): Retrieves entity without HTML conversion
Translation aliases

New convenient aliases for translation functions:

  • trans(): Alias for getTranslatedString()
  • trans_app(): Alias for getTranslatedString($str, "APP_STRINGS")
  • trans_js(): Alias for getTranslatedString($str, "ALERT_ARR")

New database query methods

New database query methods are available. For details, see: Database Best Practices

Autoescaping of all Smarty variable

All variables outputted by Smarty templates (for example {$VARIABLE}) by default have all applicable characters are converted to html &...; notation.

The reason of this change is to reduce as much as possible exposure to XSS attacks, since it was extremely difficult to track every possible variable in templates and ensure it was properly escaped.

For details, see: Escape.

New tools

tools/change-env

Allows to easily change the $envType variable in config.inc.php and automatically execute scripts afterwards. Scripts to execute are located in plugins/envs/make.$env/*.

Important files and folders

cache_local/

This folder should contain cache files to be stored on the same host as the webserver. It is useful in case of cluster deployment, where the cache/ folder is normally shared, but cache_local/ is only local.

plugins/envs/

Contains the scripts to be executed when changing the environment type (e.g., after cloning the prod in the dev host).

GDPR portal update

The GDPR portal has been significantly updated with the following improvements:

    Migration of libraries to Composer for better dependency management API calls switched to vtenext RestClient Smarty templating engine upgraded to the latest version (^5.4)

    Libraries

    All third party libraries now must be imported via composer (living in the /vendor/ folder), or placed in the /vendor-extra/ folder. Libraries in vendor-extra are automatically included in the class path.

    Important note
    Whenever a new library is added, either via composer or manually, the following command must be executed to refresh the classmap: composer optimize → alias of composer dump-autoload -o

    Libraries updated
    Library Previous version New version
    phpmailer/phpmailer 6.6.5 6.9.3
    ezyang/htmlpurifier 4.13.0 4.18.0
    mpdf/mpdf 8.0.12 8.2.5
    league/iso3166 2.1.5 4.3.2
    league/oauth2-client 2.7.0 2.8.1
    league/oauth2-google 3.0.4 4.0.1
    spomky-labs/otphp 10.0.3 11.3.0
    joypixels/emoji-toolkit 6.6.0 9.0.1
    phpoffice/phpspreadsheet 1.8.2 4.1.0
    phpseclib/phpseclib 3.0.42 3.0.43
    jaybizzle/crawler-detect 1.3.0 1.3.4
    hubspot/hubspot-php 2.0 5.3.0
    slince/shopify-api-php 2.5 3.1.0
    zendesk/zendesk_api_client_php 2.29 4.1.0
    lesstif/php-jira-rest-client 1.41 5.9.0
    Libraries added
    • web-token/jwt-library 4.0.4
    • php-amqplib/php-amqplib 3.7.3
    • econea/nusoap 0.9.18
    • dragonmantank/cron-expression 3.4.0
    • qualityunit/tnef-decoder 1.2.9
    • sabre/vobject 4.5.6
    • flipboxdigital/oauth2-hubspot 1.0.1
    • stevenmaguire/oauth2-salesforce 2.0.1
    • stevenmaguire/oauth2-zendesk 2.1.0
    • automattic/woocommerce 3.1.0
    • monolog (replaces log4php) 3.8.1
    Libraries moved to vendor

    The following libraries have been moved from various locations to /vendor/ or /vendor-extra/:

    • include/nusoap → moved to vendor
    • modules/Settings/ProcessMaker/thirdparty/cron-expression → moved to vendor
    • modules/PDFMaker/classes/simple_html_dom.php → moved to vendor-extra
    • include/magpierss → moved to vendor-extra
    • modules/Morphsuit/utils/RSA → replaced with phpseclib in vendor
    • modules/Newsletter/bounce_driver.class.php → moved to vendor-extra
    • modules/Messages/src/attachment_tnef → moved to vendor
    • modules/Messages/src/Squirrelmail.php → moved to vendor-extra
    • smartoptimizer → moved to vendor-extra (updated minifier, added brotli and zstandard support)
    • portal/nusoap → moved to vendor
    • portal/include/htmlpurifier → removed
    • include/pChart → patched and moved to vendor-extra
    • include/freetag → fixed and moved to vendor-extra
    • modules/VteSync/vendor → moved to main vendor
    • modules/VteSync/VteSyncLib/src/Connector/Jira/vendor → moved to main vendor
    Removed libraries
    • log4php - Replaced with monolog
    • vtlib/SimplePie - No longer used
    • include/antlr - Not working, grammar unknown and never used
    • modules/SDK/examples/intellisense - Removed
    • modules/Calendar/iCal/ical-parser-class.php - Not used
    • modules/Calendar/iCal/iCalendar_*.php (Bennu) - Replaced with sabre/vobject
    • modules/Calendar/iCal/iCalcreator - Replaced with sabre/vobject
    • include/Zend - Simplified
    • gdpr/include/vtwsclib/lib/Zend - Removed
    • portal/include/Zend - Removed
    • videlalvaro/php-amqplib - Replaced with php-amqplib/php-amqplib
    • web-token/jwt-easy, web-token/jwt-key-mgmt, web-token/signature-pack - Replaced with web-token/jwt-library

    Removed config variables

    The following config variables have been removed:

    $display_empty_home_blocks

    Never used.

    $php_max_execution_time

    Misleading, since it was applied only in a few cases, and it was always 0, setting the limit to unlimited. Replaced by the $php_config and specific overrides when needed (e.g., Report export, PDF generation).

    Removed files and folders

    modules/Dashboard

    Removed this module, already deprecated and inactive.

    PEAR.php

    Used only by Dashboard and by obsolete libraries.

    Image/*

    Used only by Dashboard module.

    include/db_backup

    Not used anymore (and also a bad idea to make a full backup on admin logout).

    Smarty/templates_c

    Moved to cache_local/smarty to keep the number of writable folders limited.

    plugins/erpconnectorDir

    This folder was used in the past to perform one/two-way synchronizations with external systems. It has now been replaced by the Data Import.

    Old portal (v1)

    The previous version of the portal is no longer supported. You can choose one of the following options:

    1. Switch to the new Business Portal

      Go to Settings → Business Portal to start using the updated version.

    2. Restore the portal from the upgrade backup

      You may restore the previous version from the upgrade backup and update it to ensure compatibility with the new system. Please note that the old portal is not compatible with PHP 8. For more information and assistance, contact support.

    GDPR portal update

    The GDPR portal has been significantly updated with the following improvements:

      Migration of libraries to Composer for better dependency management API calls switched to vtenext RestClient Smarty templating engine upgraded to the latest version (^5.4)

      Back to top