| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Instead of using either oniguruma or pcre depending on which is
available. We always have PCRE, so use it. This ensures consistent
behavior.
|
|
|
|
| |
Closes GH-5819
|
|
|
|
|
|
|
|
| |
RC4 is considered insecure, and it's not possible to change the
default of these functions. As such, require the method to be
passed explicitly.
Closes GH-6093.
|
|
|
|
|
|
| |
The only thing that can promoted are the path-related checked.
Everything else is input dependent and error-suppressing these
functions is both the typical and the recommended usage.
|
|\
| |
| |
| |
| | |
* PHP-7.4:
Fixed bug #80077
|
| |\
| | |
| | |
| | |
| | | |
* PHP-7.3:
Fixed bug #80077
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Quoting from the bug report:
> The domain names passed to getmxrr() do not contain a trailing dot.
> DNS lookups which do not find records will (depending on the local
> resolver config) try again by adding the local domain to the end of
> the searched host/domain. In many environments there's an mx record
> for any subdomain of the local domain and the MX query will return
> a hit. But the test expects no hit. So the test fails when checking
> that "qa.php.net" does not have an MX record in DNS. In our local
> environment the resolver falls back to also check qa.php.net.kippdata.de
> which does have an MX record. Using "qa.php.net." instead of "qa.php.net"
> should fix this for everyone.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
Closes GH-5972
|
| | |
| | |
| | |
| | | |
Closes GH-6075
|
| | |
| | |
| | |
| | | |
Closes GH-6026
|
|\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.4:
Don't leave behind temporary file in bug70362.phpt
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
We already protect against optimizing away loop frees in DFA pass,
but not in block pass.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
crypt() without salt generates a weak $1$ MD5 hash. It has been
throwing a notice since 2013 and we provide a much better alternative
in password_hash() (which can auto-generate salts for strong
password hashes), so keeping this is just a liability.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Create a separate general context that uses ZMM as allocator and
use it to allocate temporary PCRE match data (there is still one
global match data). There is no requirement that the match data
and the compiled regex / match context use the same general context.
This makes sure that we do not leak persistent memory on bailout
and fixes oss-fuzz #25296, on which half the libfuzzer runs
currently get stuck.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To allow exporting the php_curl.h header containing curl class
entries, split off a separate curl_private.h header with all the
implementation details.
We may move or expose additional APIs in php_curl.h on an as-needed
basis.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A recurring pattern in old extension: Putting the whole source
code behind HAVE_EXTNAME. This is pointless, as the code is only
compiled if the extension is enabled.
This removes a couple of them, but not all.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
More straightforward approach to get the path of the
current PHP process.
Closes GH-6082.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`php -a` treats lines starting with `#` as comments when deciding if
the provided statement is valid.
So it passed `#[MyAttr]` to the parser after the user hits enter,
causing a syntax error for multi-line statements..
With this patch, the following snippet is parsed correctly
```
php > #[Attr]
php > function x() { }
php > var_export((new ReflectionFunction('x'))->getAttributes()[0]->getName());
'Attr'
```
Followup to GH-6085
Closes GH-6086
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
PHP treats `#ini_setting=value` as a call to
`ini_set('ini_setting', 'value')`,
and silently skips undeclared settings.
This is a problem due to `#[` becoming supported attribute syntax:
- `#[Attr] const X = 123;` (this is not a valid place to put an attribute)
This does not create a constant.
- `#[Attr] function test($x=false){}` also contains `=`.
This does not create a function.
Instead, only treat lines starting with `#` as a special case
when the next character isn't `[`
Closes GH-6085
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
Closes GH-6065
|
| | |
| | |
| | |
| | | |
We can add these types as a native type declaration to stubs as a side-effect. Closes GH-6068
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
As SPL is currently a copie of the code in file.c
Closes GH-6069
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When using zpp 'f' or Z_PARAM_FUNC, if the fcc points to a call
trampoline release it immediately and force zend_call_function
to refetch it. This may require additional callability checks
if __call is used, but avoids the need to carefully free fcc
values in all internal functions -- in some cases this is not
simple, as a type error might be triggered by a later argument
in the same zpp call.
This fixes oss-fuzz #25390.
Closes GH-6073.
|
| | |
| | |
| | |
| | | |
This returns 127.0.1.1 on travis bionic.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Warning to Error promotion and a Notice to Warning promotion to align
with the behaviour specified in the Reclassify Engine Warnings RFC.
Closes GH-6072
|
| | |
| | |
| | |
| | |
| | |
| | | |
Those should be the last ones other than set(raw)cookie()
Closes GH-5814
|
| | |
| | |
| | |
| | |
| | |
| | | |
side exit.
Remove unnecessary exception checks.
|
| | |
| | |
| | |
| | | |
Also correct misspelling of 'hiragana' as 'hirangana' at the same time.
|
| | | |
|
| | |
| | |
| | |
| | | |
Explain the 'ZEN' and 'HAN' in symbolic constant names.
|
| | |
| | |
| | |
| | |
| | | |
This was the default destructor for mbfl_identify_filter structs, but there's nothing
we actually need to do to those structs before freeing them.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is a default destructor for mbfl_convert_filter structs. The thing is: there
isn't really anything that needs to be done to those structs before freeing them.
The default destructor just zeroed out some fields, but there's no reason why
we should actually do that.
|
| | | |
|
| | | |
|
| | | |
|