Merge branch 'PHP-5.3' of git.php.net:/php-src into PHP-5.3

18 files changed, 225 insertions, 24 deletions

diff --git a/NEWS b/NEWS
index 18be193762..26b179db30 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,32 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+?? ??? 2ß12, PHP 5.3.20
+
+- Core:
+  . Fixed bug #63451 (config.guess file does not have AIX 7 defined, 
+    shared objects are not created). (kemcline at au1 dot ibm dot com)
+
 ?? ??? 2012, PHP 5.3.19
 
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ADD NEWS ONLY ABOVE IN 5.3.20 SECTION
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+RM will merge 5.3.19 entries when merging to release branch
+
+- Core
+  . Fixed bug #63241 (PHP fails to open Windows deduplicated files).
+    (daniel dot stelter-gliese at innogames dot de)
+  . Fixed bug #62444 (Handle leak in is_readable on windows). 
+    (krazyest at seznam dot cz)
+
+- Libxml
+  . Fixed bug #63389 (Missing context check on libxml_set_streams_context()
+    causes memleak). (Laruence)
+
+- Mbstring:
+  . Fixed bug #63447 (max_input_vars doesn't filter variables when
+    mbstring.encoding_translation = On). (Laruence)
+
 - MySQL:
   . Fixed compilation failure on mixed 32/64 bit systems. (Andrey)
 
@@ -18,6 +43,10 @@ PHP                                                                        NEWS
   . Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).
     (Martin Osvald, Remi)
 
+- PDO_pgsql:
+  . Fixed bug #62593 (Emulate prepares behave strangely with PARAM_BOOL).
+    (Will Fitch)
+
 - Streams:
   . Fixed bug #63240 (stream_get_line() return contains delimiter string).
     (Tjerk, Gustavo)
@@ -1381,6 +1410,7 @@ PHP                                                                        NEWS
 
 - GD extension:
   . Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre)
+  . Fixed potential memory leak on a png error (Rasmus, Paul Saab)
 
 - GMP extension:
   . Fixed bug #52906 (gmp_mod returns negative result when non-negative is 
diff --git a/TSRM/tsrm_virtual_cwd.c b/TSRM/tsrm_virtual_cwd.c
index e734406837..d4ee223288 100644
--- a/TSRM/tsrm_virtual_cwd.c
+++ b/TSRM/tsrm_virtual_cwd.c
@@ -40,6 +40,10 @@
 #  define IO_REPARSE_TAG_SYMLINK 0xA000000C
 # endif
 
+# ifndef IO_REPARSE_TAG_DEDUP
+#  define IO_REPARSE_TAG_DEDUP   0x80000013
+# endif
+
 # ifndef VOLUME_NAME_NT
 #  define VOLUME_NAME_NT 0x2
 # endif
@@ -958,6 +962,11 @@ static int tsrm_realpath_r(char *path, int start, int len, int *ll, time_t *t, i
 					return -1;
 				};
 				substitutename[substitutename_len] = 0;
+			}
+			else if (pbuffer->ReparseTag == IO_REPARSE_TAG_DEDUP) {
+				isabsolute = 1;
+				memcpy(substitutename, path, len + 1);
+				substitutename_len = len;
 			} else {
 				tsrm_free_alloca(pbuffer, use_heap_large);
 				return -1;
diff --git a/TSRM/tsrm_win32.c b/TSRM/tsrm_win32.c
index 9e029f60af..03327683cb 100644
--- a/TSRM/tsrm_win32.c
+++ b/TSRM/tsrm_win32.c
@@ -193,7 +193,7 @@ Finished:
 TSRM_API int tsrm_win32_access(const char *pathname, int mode)
 {
 	time_t t;
-	HANDLE thread_token;
+	HANDLE thread_token = NULL;
 	PSID token_sid;
 	SECURITY_INFORMATION sec_info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION;
 	GENERIC_MAPPING gen_map = { FILE_GENERIC_READ, FILE_GENERIC_WRITE, FILE_GENERIC_EXECUTE, FILE_ALL_ACCESS };
@@ -365,6 +365,9 @@ Finished_Impersonate:
 		}
 
 Finished:
+		if(thread_token != NULL) {
+			CloseHandle(thread_token);
+		}
 		if(real_path != NULL) {
 			free(real_path);
 			real_path = NULL;
diff --git a/config.guess b/config.guess
index f32079abda..d407b8cde6 100644
--- a/config.guess
+++ b/config.guess
@@ -532,7 +532,7 @@ EOF
 		echo rs6000-ibm-aix3.2
 	fi
 	exit ;;
-    *:AIX:*:[456])
+    *:AIX:*:[4567])
 	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
 	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
 		IBM_ARCH=rs6000
diff --git a/configure.in b/configure.in
index 050f8d40f1..66900b455c 100644
--- a/configure.in
+++ b/configure.in
@@ -41,7 +41,7 @@ AC_CONFIG_HEADER(main/php_config.h)
 
 PHP_MAJOR_VERSION=5
 PHP_MINOR_VERSION=3
-PHP_RELEASE_VERSION=19
+PHP_RELEASE_VERSION=20
 PHP_EXTRA_VERSION="-dev"
 PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
 PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
diff --git a/ext/filter/filter_private.h b/ext/filter/filter_private.h
index daa688b4ac..6c26d98075 100644
--- a/ext/filter/filter_private.h
+++ b/ext/filter/filter_private.h
@@ -107,8 +107,10 @@
 	if (len < 1) { \
 		RETURN_VALIDATION_FAILED \
 	} \
-	while (p[len-1] == ' ' || p[len-1] == '\t' || p[len-1] == '\r' || p[len-1] == '\v' || p[len-1] == '\n') { \
-		len--; \
+	if (len > 0) { \
+		while (p[len-1] == ' ' || p[len-1] == '\t' || p[len-1] == '\r' || p[len-1] == '\v' || p[len-1] == '\n') { \
+			len--; \
+		} \
 	} \
 }
 
diff --git a/ext/gd/libgd/gd_png.c b/ext/gd/libgd/gd_png.c
index 49f7cb0777..bdbb7ee7d3 100644
--- a/ext/gd/libgd/gd_png.c
+++ b/ext/gd/libgd/gd_png.c
@@ -127,8 +127,8 @@ gdImagePtr gdImageCreateFromPngCtx (gdIOCtx * infile)
 	png_color_16p trans_gray_rgb;
 	png_color_16p trans_color_rgb;
 	png_bytep trans;
-	png_bytep image_data = NULL;
-	png_bytepp row_pointers = NULL;
+	volatile png_bytep image_data = NULL;
+	volatile png_bytepp row_pointers = NULL;
 	gdImagePtr im = NULL;
 	int i, j, *open = NULL;
 	volatile int transparent = -1;
diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c
index a17847868a..788736e756 100644
--- a/ext/libxml/libxml.c
+++ b/ext/libxml/libxml.c
@@ -699,7 +699,7 @@ static PHP_FUNCTION(libxml_set_streams_context)
 {
 	zval *arg;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &arg) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &arg) == FAILURE) {
 		return;
 	}
 	if (LIBXML(stream_context)) {
diff --git a/ext/libxml/tests/004.phpt b/ext/libxml/tests/004.phpt
index 8bdf593b93..aa87ab7503 100644
--- a/ext/libxml/tests/004.phpt
+++ b/ext/libxml/tests/004.phpt
@@ -27,26 +27,26 @@ echo "Done\n";
 
 ?>
 --EXPECTF--
-Warning: stream_context_create(): options should have the form ["wrappername"]["optionname"] = $value in %s004.php on line 10
-NULL
+Warning: stream_context_create(): options should have the form ["wrappername"]["optionname"] = $value in %s004.php on line %d
 
-Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18
-bool(true)
+Warning: libxml_set_streams_context() expects parameter 1 to be resource, null given in %s004.php on line %d
 NULL
-
-Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18
 bool(true)
-NULL
 
-Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18
-bool(true)
+Warning: libxml_set_streams_context() expects parameter 1 to be resource, string given in %s004.php on line %d
 NULL
+bool(true)
 
-Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18
+Warning: libxml_set_streams_context() expects parameter 1 to be resource, integer given in %s004.php on line %d
+NULL
 bool(true)
+
+Warning: libxml_set_streams_context() expects parameter 1 to be resource, object given in %s004.php on line %d
 NULL
+bool(true)
 
-Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18
+Warning: libxml_set_streams_context() expects parameter 1 to be resource, array given in %s004.php on line %d
+NULL
 bool(true)
 NULL
 bool(true)
diff --git a/ext/libxml/tests/bug63389.phpt b/ext/libxml/tests/bug63389.phpt
new file mode 100644
index 0000000000..e9498aae08
--- /dev/null
+++ b/ext/libxml/tests/bug63389.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #63389 (Missing context check on libxml_set_streams_context() causes memleak)
+--SKIPIF--
+<?php if (!extension_loaded('libxml')) die('skip'); ?>
+--FILE--
+<?php
+$fp = fopen("php://input", "r");
+libxml_set_streams_context($fp);
+libxml_set_streams_context("a");
+echo "okey";
+?>
+--EXPECTF--
+Warning: libxml_set_streams_context() expects parameter 1 to be resource, string given in %sbug63389.php on line %d
+okey
diff --git a/ext/mbstring/mb_gpc.c b/ext/mbstring/mb_gpc.c
index dd60302d03..b35ece31de 100644
--- a/ext/mbstring/mb_gpc.c
+++ b/ext/mbstring/mb_gpc.c
@@ -262,6 +262,12 @@ enum mbfl_no_encoding _php_mb_encoding_handler_ex(const php_mb_encoding_handler_
 		n++;
 		var = php_strtok_r(NULL, info->separator, &strtok_buf);
 	} 
+
+	if (n > (PG(max_input_vars) * 2)) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
+		goto out;
+	}
+
 	num = n; /* make sure to process initilized vars only */
 	
 	/* initialize converter */
diff --git a/ext/mbstring/tests/bug63447_001.phpt b/ext/mbstring/tests/bug63447_001.phpt
new file mode 100644
index 0000000000..51302994db
--- /dev/null
+++ b/ext/mbstring/tests/bug63447_001.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On)
+--SKIPIF--
+<?php
+extension_loaded('mbstring') or die('skip');
+?>
+--INI--
+max_input_nesting_level=10
+max_input_vars=5
+mbstring.encoding_translation=1
+--POST--
+a=1&b=2&c=3&d=4&e=5&f=6
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECT--
+Warning: Unknown: Input variables exceeded 5. To increase the limit change max_input_vars in php.ini. in Unknown on line 0
+array(0) {
+}
diff --git a/ext/mbstring/tests/bug63447_002.phpt b/ext/mbstring/tests/bug63447_002.phpt
new file mode 100644
index 0000000000..e51089b794
--- /dev/null
+++ b/ext/mbstring/tests/bug63447_002.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On)
+--SKIPIF--
+<?php
+extension_loaded('mbstring') or die('skip');
+?>
+--INI--
+max_input_nesting_level=10
+max_input_vars=4
+mbstring.encoding_translation=1
+--POST--
+a=1&b=2&c=3&d=4&e=5
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECT--
+Warning: Unknown: Input variables exceeded 4. To increase the limit change max_input_vars in php.ini. in Unknown on line 0
+array(0) {
+}
diff --git a/ext/mbstring/tests/bug63447_003.phpt b/ext/mbstring/tests/bug63447_003.phpt
new file mode 100644
index 0000000000..a4a7e14851
--- /dev/null
+++ b/ext/mbstring/tests/bug63447_003.phpt
@@ -0,0 +1,34 @@
+--TEST--
+Bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On)
+--SKIPIF--
+<?php
+extension_loaded('mbstring') or die('skip');
+?>
+--INI--
+max_input_nesting_level=5
+max_input_vars=100
+mbstring.encoding_translation=1
+--POST--
+a=1&b[][][]=2&c[][][][][][]=7
+--FILE--
+<?php
+print_r($_POST);
+?>
+--EXPECT--
+Array
+(
+    [a] => 1
+    [b] => Array
+        (
+            [0] => Array
+                (
+                    [0] => Array
+                        (
+                            [0] => 2
+                        )
+
+                )
+
+        )
+
+)
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
index 1318c37a73..ec0ff496f4 100644
--- a/ext/mysqlnd/mysqlnd_wireprotocol.c
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
@@ -982,7 +982,7 @@ php_mysqlnd_rset_field_read(void *_packet, MYSQLND *conn TSRMLS_DC)
 	p += 2;
 	BAIL_IF_NO_MORE_DATA;
 
-	meta->decimals = uint2korr(p);
+	meta->decimals = uint1korr(p);
 	p += 1;
 	BAIL_IF_NO_MORE_DATA;
 
diff --git a/ext/pdo_pgsql/pgsql_statement.c b/ext/pdo_pgsql/pgsql_statement.c
index c35ee33c7f..1dc0d58e97 100644
--- a/ext/pdo_pgsql/pgsql_statement.c
+++ b/ext/pdo_pgsql/pgsql_statement.c
@@ -362,8 +362,20 @@ static int pgsql_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_data *
 				}
 				break;
 		}
+	} else {
+#endif
+	if (param->is_param) {
+        /* We need to manually convert to a pg native boolean value */
+        if (PDO_PARAM_TYPE(param->param_type) == PDO_PARAM_BOOL &&
+            ((param->param_type & PDO_PARAM_INPUT_OUTPUT) != PDO_PARAM_INPUT_OUTPUT)) {
+            SEPARATE_ZVAL(&param->parameter);
+            param->param_type = PDO_PARAM_STR;
+            ZVAL_STRINGL(param->parameter, Z_BVAL_P(param->parameter) ? "t" : "f", 1, 1);
+        }
+    }
+#if HAVE_PQPREPARE
 	}
-#endif	
+#endif
 	return 1;
 }
 
diff --git a/ext/pdo_pgsql/tests/bug62593.phpt b/ext/pdo_pgsql/tests/bug62593.phpt
new file mode 100644
index 0000000000..e3ebf46ed5
--- /dev/null
+++ b/ext/pdo_pgsql/tests/bug62593.phpt
@@ -0,0 +1,51 @@
+--TEST--
+PDO PgSQL Bug #62593 (Emulate prepares behave strangely with PARAM_BOOL)
+--SKIPIF--
+<?php
+if (!extension_loaded('pdo') || !extension_loaded('pdo_pgsql')) die('skip not loaded');
+require dirname(__FILE__) . '/config.inc';
+require dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc';
+PDOTest::skip();
+?>
+--FILE--
+<?php
+require dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc';
+$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt');
+$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, true);
+$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
+$errors = array();
+
+$value = true;
+$query = $db->prepare('SELECT :foo IS FALSE as val_is_false');
+$query->bindValue(':foo', $value, PDO::PARAM_BOOL);
+$query->execute();
+$errors[] = $query->errorInfo();
+var_dump($value);
+
+$query->bindValue(':foo', 0, PDO::PARAM_BOOL);
+$query->execute();
+$errors[] = $query->errorInfo();
+
+// Verify bindParam maintains reference and only passes when execute is called
+$value = true;
+$query->bindParam(':foo', $value, PDO::PARAM_BOOL);
+$value = false;
+$query->execute();
+$errors[] = $query->errorInfo();
+var_dump($value);
+
+$expect = 'No errors found';
+
+foreach ($errors as $error)
+{
+  if (strpos('Invalid text representation', $error[2]) !== false)
+  {
+    $expect = 'Invalid boolean found';
+  }
+}
+echo $expect;
+?>
+--EXPECTF--
+bool(true)
+bool(false)
+No errors found
diff --git a/main/php_version.h b/main/php_version.h
index e4ba15eba9..331f30a051 100644
--- a/main/php_version.h
+++ b/main/php_version.h
@@ -2,7 +2,7 @@
 /* edit configure.in to change version number */
 #define PHP_MAJOR_VERSION 5
 #define PHP_MINOR_VERSION 3
-#define PHP_RELEASE_VERSION 19
+#define PHP_RELEASE_VERSION 20
 #define PHP_EXTRA_VERSION "-dev"
-#define PHP_VERSION "5.3.19-dev"
-#define PHP_VERSION_ID 50319
+#define PHP_VERSION "5.3.20-dev"
+#define PHP_VERSION_ID 50320