| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| | |
* PHP-8.0:
Fix #80838: HTTP wrapper waits for HTTP 1 response after HTTP 101
|
| | |\
| | |
| | |
| | |
| | | |
* PHP-7.4:
Fix #80838: HTTP wrapper waits for HTTP 1 response after HTTP 101
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Don't wait for further responses after a HTTP 101 (Switching Protocols) response
Closes GH-6730.
|
| | | |
| | |
| | |
| | | |
Closes GH-6750.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-8.0:
Fix test wrt. server.inc changes
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-8.0:
Fix #78719: http wrapper silently ignores long Location headers
|
| | |\ \
| | |/
| | |
| | |
| | | |
* PHP-7.4:
Fix #78719: http wrapper silently ignores long Location headers
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When opening HTTP streams, and reading the headers, we currently
discard header lines longer than `HTTP_HEADER_BLOCK_SIZE` (1024 bytes).
While this is not generally forbidden by RFC 7230, section 3.2.5, it
is not generally allowed either, since that may change the "message
framing or response semantics".
We thus fix this by allowing arbitrarily long header lines.
Closes GH-6720.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-8.0:
Fix #80751: Comma in recipient name breaks email delivery
|
| | |\ \
| | |/
| | |
| | |
| | | |
* PHP-7.4:
Fix #80751: Comma in recipient name breaks email delivery
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
So far, `SendText()` simply separates potential email address lists at
any comma, disregarding that commas inside a quoted-string do not
delimit addresses. We fix that by introducing an own variant of
`strtok_r()` which caters to quoted-strings.
We also make `FormatEmailAddress()` aware of quoted strings.
We do not cater to email address comments, and potentially other quirks
of RFC 5322 email addresses, but catering to quoted-strings is supposed
to solve almost all practical use cases.
Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
Closes GH-6735.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
etc.
Now properties are ordered according to their layout in zend_object structure.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This is barely used and more of a hinderence than anything else
Closes GH-6712
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-8.0:
Fix #75776: Flushing streams with compression filter is broken
|
| | |\ \
| | |/
| | |
| | |
| | | |
* PHP-7.4:
Fix #75776: Flushing streams with compression filter is broken
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
First, the `bzip2.compress` filter has the same issue as `zlib.deflate`
so we port the respective fix[1] to ext/bz2.
Second, there is still an issue, if a stream with an attached
compression filter is flushed before it is closed, without any writes
in between. In that case, the compression is never finalized. We fix
this by enforcing a `_php_stream_flush()` with the `closing` flag set
in `_php_stream_free()`, whenever a write filter is attached. This
call is superfluous for most write filters, but does not hurt, even
when it is unnecessary.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=20e75329f2adb11dd231852c061926d0e4080929>
Closes GH-6703.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-8.0:
Fix #80771: phpinfo(INFO_CREDITS) displays nothing in CLI
|
| | |\ \
| | |/
| | |
| | |
| | | |
* PHP-7.4:
Fix #80771: phpinfo(INFO_CREDITS) displays nothing in CLI
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
There is no good reason not to show the credits in text based SAPIs,
except for brevity. Thus, we suppress the credits from `php -i`.
Closes GH-6710.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The UNDEF marker here is important to prevent the creation of
a reference to the property currently being overwritten, which
would then leak.
This fixes oss-fuzz 6029559193534464, which was incorrectly
merged into oss-fuzz #30584 (which is reported at
https://github.com/google/oss-fuzz/issues/5211).
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-8.0:
Avoid signed integer overflow in substr()
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Perform negation after the (size_t) cast rather than before,
so as to avoid a signed integer overflow for PHP_INT_MIN.
Fixes oss-fuzz #31069.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This restores the previous behavior for this case. We'll continue
to use the mangled name, even if it does not correspond to a
declared property.
This also fixes an assertion failure for the case of property
overwrite, as the add_new was not guaranteed to be "new" previously.
Fixes oss-fuzz #31045.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This deprecates passing null to non-nullable scale arguments of
internal functions, with the eventual goal of making the behavior
consistent with userland functions, where null is never accepted
for non-nullable arguments.
This change is expected to cause quite a lot of fallout. In most
cases, calling code should be adjusted to avoid passing null. In
some cases, PHP should be adjusted to make some function arguments
nullable. I have already fixed a number of functions before landing
this, but feel free to file a bug if you encounter a function that
doesn't accept null, but probably should. (The rule of thumb for
this to be applicable is that the function must have special behavior
for 0 or "", which is distinct from the natural behavior of the
parameter.)
RFC: https://wiki.php.net/rfc/deprecate_null_to_scalar_internal_arg
Closes GH-6475.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This changes ini_set() to accept all scalar types
(string|int|float|bool|null) for the new value. The idea here is
that while the INI system ultimately works with strings, its value
interpretation is designed to be consistent with PHP's casting rules,
e.g. "1" and "" are interpreted as boolean true and false respectively.
I personally believe that writing ini_set('precision', 10) makes more
sense than ini_set('precision', '10'), and find strict_types to be
unnecessarily pedantic here.
Closes GH-6680.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Also make test output not produce trailling whitespaces
Closes GH-6662
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-8.0:
Fix #80706: mail(): Headers after Bcc headers may be ignored
|
| | |\ \
| | |/
| | |
| | |
| | | |
* PHP-7.4:
Fix #80706: mail(): Headers after Bcc headers may be ignored
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We need to handle the case where a CRLF after a Bcc header is not the
beginning of a folding marker, because in that case the Bcc header was
not the last "thing".
Closes GH-6666.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-8.0:
Alternative fix for bug 77423
|
| | |\ \
| | |/
| | |
| | |
| | | |
* PHP-7.4:
Alternative fix for bug 77423
|
| | | |\
| | | |
| | | |
| | | |
| | | | |
* PHP-7.3:
Alternative fix for bug 77423
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.
[1] <https://github.com/php/php-src/commit/5174de7cd33c3d4fa591c9c93859ff9989b07e8c#commitcomment-45967652>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This function tests if an array contains only sequential integer keys. While
list isn't an official type, this usage is consistent with the community usage
of "list" as an annotation type, cf.
https://psalm.dev/docs/annotating_code/type_syntax/array_types/#lists
Rebased and modified version of #4886
- Use .stub.php files
- Add opcache constant evaluation when argument is a constant
- Change from is_list(mixed $value) to array_is_list(array $array)
RFC: https://wiki.php.net/rfc/is_list
Co-Authored-By: Tyson Andre <tysonandre775@hotmail.com>
Co-Authored-By: Dusk <dusk@woofle.net>
Closes GH-6070
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-8.0:
Fixed bug #42560
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | | |
* PHP-7.4:
Fixed bug #42560
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Check open_basedir after the fallback to the system's temporary
directory in tempnam().
In order to preserve the current behavior of upload_tmp_dir
(do not check explicitly specified dir, but check fallback),
new flags are added to check open_basedir for explicit dir
and for fallback.
Closes GH-6526.
|
| | | |\ \
| | | |/
| | | |
| | | |
| | | | |
* PHP-7.3:
Fix #77423: parse_url() will deliver a wrong host to user
|
| | | | |\
| | | | |
| | | | |
| | | | |
| | | | | |
* PHP-7.2:
Fix #77423: parse_url() will deliver a wrong host to user
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.
For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
htmlspecialchars() etc now use ENT_QUOTES | ENT_SUBSTITUTE rather
than ENT_COMPAT by default.
Closes GH-6583.
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
debug_zval_dump() currently prints refcount 1 for interned strings
and arrays, which does not really reflect the truth. These values
are not refcounted, so the refcount is misleading. Instead print
an "interned" tag.
Closes GH-6598.
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Closes GH-6600.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This restricts allowed usage of $GLOBALS, with the effect that
plain PHP arrays can no longer contain INDIRECT elements.
RFC: https://wiki.php.net/rfc/restrict_globals_usage
Closes GH-6487.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Introduced by the recent switch to a zend_object. Unserialize the
object into a tmp_var to avoid leaving behind a stack reference.
Fixes oss-fuzz #29271.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
RFC: https://wiki.php.net/rfc/explicit_octal_notation
Add an extensive test suits for other variants of integer literals
Closes GH-6360
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This was using strcmp instead of zend_string_equals_literal.
As a result, the property count didn't match the number of properties
being serialized if properties started with
"__PHP_Incomplete_Class\0" (unlikely)
(before, `'O:8:"Missing_":1:{}'` would be serialized, which failed to
unserialize)
Everywhere else expects the MAGIC_MEMBER to match exactly,
and this should use zend_string_equals_literal as an example for other code.
This has used strcmp since 2004 in deb84befae4bbc3686a4f2ed82b04e2cabae5dc0
Closes GH-6555
|
