diff options
54 files changed, 2013 insertions, 321 deletions
@@ -3,6 +3,8 @@ PHP NEWS ?? ??? 201?, PHP 5.5.0 - General improvements: + . Add simplified password hashing API + (https://wiki.php.net/rfc/password_hash). (Anthony Ferrara) . Add generators and coroutines (https://wiki.php.net/rfc/generators). (Nikita Popov) . Support list in foreach (https://wiki.php.net/rfc/foreachlist). (Laruence) @@ -84,4 +86,8 @@ PHP NEWS - Zip: . Upgraded libzip to 0.10.1 (Anatoliy) +- Fileinfo: + . Fixed bug #63248 (Load multiple magic files from a directory under Windows). + (Anatoliy) + <<< NOTE: Insert NEWS from last stable release here prior to actual release! >>> diff --git a/Zend/acinclude.m4 b/Zend/acinclude.m4 index a7358fa85d..136d2d8bef 100644 --- a/Zend/acinclude.m4 +++ b/Zend/acinclude.m4 @@ -4,7 +4,7 @@ dnl This file contains local autoconf functions. AC_DEFUN([LIBZEND_BISON_CHECK],[ # we only support certain bison versions - bison_version_list="1.28 1.35 1.75 1.875 2.0 2.1 2.2 2.3 2.4 2.4.1 2.4.2 2.4.3 2.5 2.5.1" + bison_version_list="1.28 1.35 1.75 1.875 2.0 2.1 2.2 2.3 2.4 2.4.1 2.4.2 2.4.3 2.5 2.5.1 2.6 2.6.1 2.6.2" # for standalone build of Zend Engine test -z "$SED" && SED=sed diff --git a/Zend/zend_variables.c b/Zend/zend_variables.c index 70e61122a8..25a66a197c 100644 --- a/Zend/zend_variables.c +++ b/Zend/zend_variables.c @@ -40,6 +40,8 @@ ZEND_API void _zval_dtor_func(zval *zvalue ZEND_FILE_LINE_DC) TSRMLS_FETCH(); if (zvalue->value.ht && (zvalue->value.ht != &EG(symbol_table))) { + /* break possible cycles */ + Z_TYPE_P(zvalue) = IS_NULL; zend_hash_destroy(zvalue->value.ht); FREE_HASHTABLE(zvalue->value.ht); } diff --git a/ext/date/lib/timezonedb.h b/ext/date/lib/timezonedb.h index cee077bab4..6f52cbf572 100644 --- a/ext/date/lib/timezonedb.h +++ b/ext/date/lib/timezonedb.h @@ -507,77 +507,77 @@ const timelib_tzdb_index_entry timezonedb_idx_builtin[576] = { { "NZ" , 0x038F1A }, { "NZ-CHAT" , 0x039298 }, { "Pacific/Apia" , 0x039580 }, - { "Pacific/Auckland" , 0x03961D }, - { "Pacific/Chatham" , 0x0399A9 }, - { "Pacific/Chuuk" , 0x039CA0 }, - { "Pacific/Easter" , 0x039CF9 }, - { "Pacific/Efate" , 0x03A057 }, - { "Pacific/Enderbury" , 0x03A11D }, - { "Pacific/Fakaofo" , 0x03A18B }, - { "Pacific/Fiji" , 0x03A1DC }, - { "Pacific/Funafuti" , 0x03A36F }, - { "Pacific/Galapagos" , 0x03A3B3 }, - { "Pacific/Gambier" , 0x03A42B }, - { "Pacific/Guadalcanal" , 0x03A490 }, - { "Pacific/Guam" , 0x03A4E5 }, - { "Pacific/Honolulu" , 0x03A53B }, - { "Pacific/Johnston" , 0x03A5B2 }, - { "Pacific/Kiritimati" , 0x03A604 }, - { "Pacific/Kosrae" , 0x03A66F }, - { "Pacific/Kwajalein" , 0x03A6CC }, - { "Pacific/Majuro" , 0x03A738 }, - { "Pacific/Marquesas" , 0x03A797 }, - { "Pacific/Midway" , 0x03A7FE }, - { "Pacific/Nauru" , 0x03A888 }, - { "Pacific/Niue" , 0x03A900 }, - { "Pacific/Norfolk" , 0x03A95E }, - { "Pacific/Noumea" , 0x03A9B3 }, - { "Pacific/Pago_Pago" , 0x03AA43 }, - { "Pacific/Palau" , 0x03AACC }, - { "Pacific/Pitcairn" , 0x03AB10 }, - { "Pacific/Pohnpei" , 0x03AB65 }, - { "Pacific/Ponape" , 0x03ABBA }, - { "Pacific/Port_Moresby" , 0x03ABFF }, - { "Pacific/Rarotonga" , 0x03AC43 }, - { "Pacific/Saipan" , 0x03AD1F }, - { "Pacific/Samoa" , 0x03AD82 }, - { "Pacific/Tahiti" , 0x03AE0B }, - { "Pacific/Tarawa" , 0x03AE70 }, - { "Pacific/Tongatapu" , 0x03AEC4 }, - { "Pacific/Truk" , 0x03AF50 }, - { "Pacific/Wake" , 0x03AF95 }, - { "Pacific/Wallis" , 0x03AFE5 }, - { "Pacific/Yap" , 0x03B029 }, - { "Poland" , 0x03B06E }, - { "Portugal" , 0x03B44F }, - { "PRC" , 0x03B94B }, - { "PST8PDT" , 0x03B9FC }, - { "ROC" , 0x03BD4D }, - { "ROK" , 0x03BE65 }, - { "Singapore" , 0x03BF09 }, - { "Turkey" , 0x03BFC0 }, - { "UCT" , 0x03C3AD }, - { "Universal" , 0x03C3F1 }, - { "US/Alaska" , 0x03C435 }, - { "US/Aleutian" , 0x03C79E }, - { "US/Arizona" , 0x03CB04 }, - { "US/Central" , 0x03CB92 }, - { "US/East-Indiana" , 0x03D59C }, - { "US/Eastern" , 0x03D09D }, - { "US/Hawaii" , 0x03D806 }, - { "US/Indiana-Starke" , 0x03D877 }, - { "US/Michigan" , 0x03DBE8 }, - { "US/Mountain" , 0x03DF1F }, - { "US/Pacific" , 0x03E298 }, - { "US/Pacific-New" , 0x03E69D }, - { "US/Samoa" , 0x03EAA2 }, - { "UTC" , 0x03EB2B }, - { "W-SU" , 0x03EE22 }, - { "WET" , 0x03EB6F }, - { "Zulu" , 0x03F05C }, + { "Pacific/Auckland" , 0x03971C }, + { "Pacific/Chatham" , 0x039AA8 }, + { "Pacific/Chuuk" , 0x039D9F }, + { "Pacific/Easter" , 0x039DF8 }, + { "Pacific/Efate" , 0x03A156 }, + { "Pacific/Enderbury" , 0x03A21C }, + { "Pacific/Fakaofo" , 0x03A28A }, + { "Pacific/Fiji" , 0x03A2DB }, + { "Pacific/Funafuti" , 0x03A46E }, + { "Pacific/Galapagos" , 0x03A4B2 }, + { "Pacific/Gambier" , 0x03A52A }, + { "Pacific/Guadalcanal" , 0x03A58F }, + { "Pacific/Guam" , 0x03A5E4 }, + { "Pacific/Honolulu" , 0x03A63A }, + { "Pacific/Johnston" , 0x03A6B1 }, + { "Pacific/Kiritimati" , 0x03A703 }, + { "Pacific/Kosrae" , 0x03A76E }, + { "Pacific/Kwajalein" , 0x03A7CB }, + { "Pacific/Majuro" , 0x03A837 }, + { "Pacific/Marquesas" , 0x03A896 }, + { "Pacific/Midway" , 0x03A8FD }, + { "Pacific/Nauru" , 0x03A987 }, + { "Pacific/Niue" , 0x03A9FF }, + { "Pacific/Norfolk" , 0x03AA5D }, + { "Pacific/Noumea" , 0x03AAB2 }, + { "Pacific/Pago_Pago" , 0x03AB42 }, + { "Pacific/Palau" , 0x03ABCB }, + { "Pacific/Pitcairn" , 0x03AC0F }, + { "Pacific/Pohnpei" , 0x03AC64 }, + { "Pacific/Ponape" , 0x03ACB9 }, + { "Pacific/Port_Moresby" , 0x03ACFE }, + { "Pacific/Rarotonga" , 0x03AD42 }, + { "Pacific/Saipan" , 0x03AE1E }, + { "Pacific/Samoa" , 0x03AE81 }, + { "Pacific/Tahiti" , 0x03AF0A }, + { "Pacific/Tarawa" , 0x03AF6F }, + { "Pacific/Tongatapu" , 0x03AFC3 }, + { "Pacific/Truk" , 0x03B04F }, + { "Pacific/Wake" , 0x03B094 }, + { "Pacific/Wallis" , 0x03B0E4 }, + { "Pacific/Yap" , 0x03B128 }, + { "Poland" , 0x03B16D }, + { "Portugal" , 0x03B54E }, + { "PRC" , 0x03BA4A }, + { "PST8PDT" , 0x03BAFB }, + { "ROC" , 0x03BE4C }, + { "ROK" , 0x03BF64 }, + { "Singapore" , 0x03C008 }, + { "Turkey" , 0x03C0BF }, + { "UCT" , 0x03C4AC }, + { "Universal" , 0x03C4F0 }, + { "US/Alaska" , 0x03C534 }, + { "US/Aleutian" , 0x03C89D }, + { "US/Arizona" , 0x03CC03 }, + { "US/Central" , 0x03CC91 }, + { "US/East-Indiana" , 0x03D69B }, + { "US/Eastern" , 0x03D19C }, + { "US/Hawaii" , 0x03D905 }, + { "US/Indiana-Starke" , 0x03D976 }, + { "US/Michigan" , 0x03DCE7 }, + { "US/Mountain" , 0x03E01E }, + { "US/Pacific" , 0x03E397 }, + { "US/Pacific-New" , 0x03E79C }, + { "US/Samoa" , 0x03EBA1 }, + { "UTC" , 0x03EC2A }, + { "W-SU" , 0x03EF21 }, + { "WET" , 0x03EC6E }, + { "Zulu" , 0x03F15B }, }; /* This is a generated file, do not modify */ -const unsigned char timelib_timezone_db_data_builtin[258208] = { +const unsigned char timelib_timezone_db_data_builtin[258463] = { /* Africa/Abidjan */ @@ -8085,7 +8085,7 @@ const unsigned char timelib_timezone_db_data_builtin[258208] = { 0x45, 0x12, 0xFD, 0x50, 0x46, 0x0E, 0xD9, 0xE0, 0x46, 0xE8, 0x6F, 0x70, 0x47, 0xF1, 0x5E, 0xE0, 0x48, 0xB7, 0x11, 0xD0, 0x49, 0xCB, 0xFA, 0xE0, 0x4A, 0xA0, 0x4A, 0x70, 0x4B, 0xAD, 0x2E, 0x9C, 0x4C, 0x61, 0xBD, 0xD0, 0x4D, 0x96, 0xF3, 0xDC, 0x4E, 0x35, 0xC2, 0x50, 0x4F, 0x74, 0xDB, 0x60, -0x50, 0x64, 0xBE, 0x50, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x02, 0x01, +0x50, 0x5B, 0x91, 0xE0, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x01, 0x02, @@ -8142,7 +8142,7 @@ const unsigned char timelib_timezone_db_data_builtin[258208] = { 0x45, 0x12, 0xFD, 0x50, 0x46, 0x0E, 0xD9, 0xE0, 0x46, 0xE8, 0x6F, 0x70, 0x47, 0xF1, 0x5E, 0xE0, 0x48, 0xBB, 0x06, 0x50, 0x49, 0xCB, 0xFA, 0xE0, 0x4A, 0xA0, 0x4A, 0x70, 0x4B, 0xAD, 0x2E, 0x9C, 0x4C, 0x61, 0xBD, 0xD0, 0x4D, 0x95, 0xA2, 0x5C, 0x4E, 0x35, 0xC2, 0x50, 0x4E, 0x5C, 0x0B, 0xE0, -0x4E, 0x85, 0x06, 0x80, 0x4F, 0x74, 0xDB, 0x60, 0x50, 0x64, 0xE8, 0x80, 0x00, 0x01, 0x00, 0x01, +0x4E, 0x85, 0x06, 0x80, 0x4F, 0x74, 0xDB, 0x60, 0x50, 0x5B, 0x91, 0xE0, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, 0x03, 0x04, @@ -16559,14 +16559,30 @@ const unsigned char timelib_timezone_db_data_builtin[258208] = { /* Pacific/Apia */ 0x50, 0x48, 0x50, 0x31, 0x01, 0x57, 0x53, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, -0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x12, 0x91, 0x05, 0xFC, 0x00, +0x00, 0x00, 0x00, 0x3A, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x12, 0x91, 0x05, 0xFC, 0x00, 0xDA, 0x62, 0x04, 0x38, 0x4C, 0x9F, 0x27, 0xB0, 0x4D, 0x97, 0x2B, 0xE0, 0x4E, 0x7D, 0xE2, 0x60, -0x4E, 0xFD, 0x8B, 0xA0, 0x4F, 0x77, 0x0D, 0xE0, 0x01, 0x02, 0x03, 0x02, 0x03, 0x04, 0x05, 0xFF, -0xFF, 0x5F, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0x5E, 0x48, 0x00, 0x04, 0xFF, 0xFF, 0x65, 0x50, 0x00, -0x09, 0xFF, 0xFF, 0x73, 0x60, 0x01, 0x0D, 0x00, 0x00, 0xC4, 0xE0, 0x01, 0x0D, 0x00, 0x00, 0xB6, -0xD0, 0x00, 0x09, 0x4C, 0x4D, 0x54, 0x00, 0x53, 0x41, 0x4D, 0x54, 0x00, 0x57, 0x53, 0x54, 0x00, -0x57, 0x53, 0x44, 0x54, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -0x00, 0x00, 0x74, 0x38, 0x9A, 0x00, 0x0C, 0x9D, 0x2A, 0x00, 0x00, 0x00, 0x00, +0x4E, 0xFD, 0x8B, 0xA0, 0x4F, 0x77, 0x0D, 0xE0, 0x50, 0x66, 0xFE, 0xE0, 0x51, 0x60, 0x2A, 0x60, +0x52, 0x46, 0xE0, 0xE0, 0x53, 0x40, 0x0C, 0x60, 0x54, 0x26, 0xC2, 0xE0, 0x55, 0x1F, 0xEE, 0x60, +0x56, 0x06, 0xA4, 0xE0, 0x56, 0xFF, 0xD0, 0x60, 0x57, 0xE6, 0x86, 0xE0, 0x58, 0xDF, 0xB2, 0x60, +0x59, 0xC6, 0x68, 0xE0, 0x5A, 0xBF, 0x94, 0x60, 0x5B, 0xAF, 0x85, 0x60, 0x5C, 0xA8, 0xB0, 0xE0, +0x5D, 0x8F, 0x67, 0x60, 0x5E, 0x88, 0x92, 0xE0, 0x5F, 0x6F, 0x49, 0x60, 0x60, 0x68, 0x74, 0xE0, +0x61, 0x4F, 0x2B, 0x60, 0x62, 0x48, 0x56, 0xE0, 0x63, 0x2F, 0x0D, 0x60, 0x64, 0x28, 0x38, 0xE0, +0x65, 0x0E, 0xEF, 0x60, 0x66, 0x11, 0x55, 0x60, 0x66, 0xF8, 0x0B, 0xE0, 0x67, 0xF1, 0x37, 0x60, +0x68, 0xD7, 0xED, 0xE0, 0x69, 0xD1, 0x19, 0x60, 0x6A, 0xB7, 0xCF, 0xE0, 0x6B, 0xB0, 0xFB, 0x60, +0x6C, 0x97, 0xB1, 0xE0, 0x6D, 0x90, 0xDD, 0x60, 0x6E, 0x77, 0x93, 0xE0, 0x6F, 0x70, 0xBF, 0x60, +0x70, 0x60, 0xB0, 0x60, 0x71, 0x59, 0xDB, 0xE0, 0x72, 0x40, 0x92, 0x60, 0x73, 0x39, 0xBD, 0xE0, +0x74, 0x20, 0x74, 0x60, 0x75, 0x19, 0x9F, 0xE0, 0x76, 0x00, 0x56, 0x60, 0x76, 0xF9, 0x81, 0xE0, +0x77, 0xE0, 0x38, 0x60, 0x78, 0xD9, 0x63, 0xE0, 0x79, 0xC0, 0x1A, 0x60, 0x7A, 0xB9, 0x45, 0xE0, +0x7B, 0xA9, 0x36, 0xE0, 0x7C, 0xA2, 0x62, 0x60, 0x7D, 0x89, 0x18, 0xE0, 0x7E, 0x82, 0x44, 0x60, +0x7F, 0x68, 0xFA, 0xE0, 0x01, 0x02, 0x03, 0x02, 0x03, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, +0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, +0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, +0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0x05, 0x04, 0xFF, 0xFF, +0x5F, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0x5E, 0x48, 0x00, 0x04, 0xFF, 0xFF, 0x65, 0x50, 0x00, 0x09, +0xFF, 0xFF, 0x73, 0x60, 0x01, 0x0D, 0x00, 0x00, 0xC4, 0xE0, 0x01, 0x0D, 0x00, 0x00, 0xB6, 0xD0, +0x00, 0x09, 0x4C, 0x4D, 0x54, 0x00, 0x53, 0x41, 0x4D, 0x54, 0x00, 0x57, 0x53, 0x54, 0x00, 0x57, +0x53, 0x44, 0x54, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +0x00, 0x74, 0x38, 0x9A, 0x00, 0x0C, 0x9D, 0x2A, 0x00, 0x00, 0x00, 0x00, /* Pacific/Auckland */ 0x50, 0x48, 0x50, 0x31, 0x01, 0x4E, 0x5A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -18191,4 +18207,4 @@ const unsigned char timelib_timezone_db_data_builtin[258208] = { 0x00, 0x00, 0x55, 0x54, 0x43, 0x00, 0x00, 0x00, 0x00, 0x89, 0x54, 0x40, 0x01, 0x12, 0xA8, 0x80, 0x00, 0x00, 0x00, 0x00, }; -const timelib_tzdb timezonedb_builtin = { "2012.6", 576, timezonedb_idx_builtin, timelib_timezone_db_data_builtin }; +const timelib_tzdb timezonedb_builtin = { "2012.7", 576, timezonedb_idx_builtin, timelib_timezone_db_data_builtin }; diff --git a/ext/fileinfo/config.w32 b/ext/fileinfo/config.w32 index 46b87b56dc..873a12c2f4 100644 --- a/ext/fileinfo/config.w32 +++ b/ext/fileinfo/config.w32 @@ -4,22 +4,16 @@ ARG_ENABLE("fileinfo", "fileinfo support", "no"); if (PHP_FILEINFO != 'no') { - if (CHECK_HEADER_ADD_INCLUDE("dirent.h", "CFLAGS_FILEINFO") && - CHECK_LIB("dirent_a.lib", "fileinfo", PHP_FILEINFO)) { - LIBMAGIC_SOURCES=" apprentice.c apptype.c ascmagic.c \ - cdf.c cdf_time.c compress.c \ - encoding.c fsmagic.c funcs.c \ - is_tar.c magic.c print.c \ - readcdf.c readelf.c softmagic.c"; + LIBMAGIC_SOURCES=" apprentice.c apptype.c ascmagic.c \ + cdf.c cdf_time.c compress.c \ + encoding.c fsmagic.c funcs.c \ + is_tar.c magic.c print.c \ + readcdf.c readelf.c softmagic.c"; - if (VCVERS < 1500) { - ADD_FLAG('CFLAGS', '/Zm1000'); - } + if (VCVERS < 1500) { + ADD_FLAG('CFLAGS', '/Zm1000'); + } - EXTENSION('fileinfo', 'fileinfo.c', true, "/I" + configure_module_dirname + "/libmagic /I" + configure_module_dirname); - ADD_SOURCES(configure_module_dirname + '\\libmagic', LIBMAGIC_SOURCES, "fileinfo"); - } else { - WARNING("fileinfo not enabled; libraries and headers not found"); - PHP_FILEINFO = "no"; - } + EXTENSION('fileinfo', 'fileinfo.c', true, "/I" + configure_module_dirname + "/libmagic /I" + configure_module_dirname); + ADD_SOURCES(configure_module_dirname + '\\libmagic', LIBMAGIC_SOURCES, "fileinfo"); } diff --git a/ext/fileinfo/libmagic.patch b/ext/fileinfo/libmagic.patch index 15f6a6dadd..ecb178ffa9 100644 --- a/ext/fileinfo/libmagic.patch +++ b/ext/fileinfo/libmagic.patch @@ -1,6 +1,6 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c ---- libmagic.origin/apprentice.c 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/apprentice.c 2012-09-11 11:36:51.000000000 +0800 +--- libmagic.origin/apprentice.c Sat Dec 17 18:17:18 2011 ++++ libmagic/apprentice.c Tue Oct 16 10:21:49 2012 @@ -29,6 +29,8 @@ * apprentice - make one pass through /etc/magic, learning its secrets. */ @@ -10,7 +10,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c #include "file.h" #ifndef lint -@@ -36,18 +38,34 @@ +@@ -36,18 +38,31 @@ #endif /* lint */ #include "magic.h" @@ -43,13 +43,11 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c -#ifdef QUICK -#include <sys/mman.h> -#endif -+#ifndef PHP_WIN32 - #include <dirent.h> -+#endif +-#include <dirent.h> #define EATAB {while (isascii((unsigned char) *l) && \ isspace((unsigned char) *l)) ++l;} -@@ -112,12 +130,10 @@ +@@ -112,12 +127,10 @@ private int parse_strength(struct magic_set *, struct magic_entry *, const char *); private int parse_apple(struct magic_set *, struct magic_entry *, const char *); @@ -62,7 +60,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c private struct { const char *name; size_t len; -@@ -131,38 +147,7 @@ +@@ -131,38 +144,7 @@ { NULL, 0, NULL } }; @@ -102,7 +100,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c static const struct type_tbl_s { const char name[16]; -@@ -218,6 +203,10 @@ +@@ -218,6 +200,10 @@ # undef XX_NULL }; @@ -113,7 +111,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c private int get_type(const char *l, const char **t) { -@@ -275,15 +264,17 @@ +@@ -275,15 +261,17 @@ if (rv != 0) return -1; rv = apprentice_compile(ms, &magic, &nmagic, fn); @@ -136,7 +134,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c if (rv != 0) return -1; } -@@ -295,11 +286,7 @@ +@@ -295,11 +283,7 @@ return -1; } @@ -149,7 +147,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c ml->magic = magic; ml->nmagic = nmagic; -@@ -318,7 +305,6 @@ +@@ -318,7 +302,6 @@ } return 0; @@ -157,7 +155,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c } protected void -@@ -327,22 +313,18 @@ +@@ -327,22 +310,18 @@ if (p == NULL) return; switch (type) { @@ -186,7 +184,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c default: abort(); } -@@ -355,23 +337,27 @@ +@@ -355,23 +334,27 @@ char *p, *mfn; int file_err, errs = -1; struct mlist *mlist; @@ -223,7 +221,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c mlist->next = mlist->prev = mlist; while (fn) { -@@ -385,13 +371,13 @@ +@@ -385,13 +368,13 @@ fn = p; } if (errs == -1) { @@ -240,7 +238,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c return mlist; } -@@ -524,6 +510,7 @@ +@@ -524,6 +507,7 @@ abort(); } @@ -248,7 +246,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c /* * Magic entries with no description get a bonus because they depend * on subsequent magic entries to print something. -@@ -539,8 +526,8 @@ +@@ -539,8 +523,8 @@ private int apprentice_sort(const void *a, const void *b) { @@ -259,7 +257,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c size_t sa = apprentice_magic_strength(ma->mp); size_t sb = apprentice_magic_strength(mb->mp); if (sa == sb) -@@ -671,12 +658,22 @@ +@@ -671,12 +655,22 @@ load_1(struct magic_set *ms, int action, const char *fn, int *errs, struct magic_entry **marray, uint32_t *marraycount) { @@ -286,7 +284,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c if (errno != ENOENT) file_error(ms, errno, "cannot read magic file `%s'", fn); -@@ -684,9 +681,12 @@ +@@ -684,9 +678,12 @@ return; } @@ -302,7 +300,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c if (len == 0) /* null line, garbage, etc */ continue; if (line[len - 1] == '\n') { -@@ -736,8 +736,7 @@ +@@ -736,8 +733,7 @@ break; } } @@ -312,7 +310,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c } /* -@@ -754,23 +753,19 @@ +@@ -754,23 +750,21 @@ apprentice_load(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, const char *fn, int action) { @@ -325,8 +323,12 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c + size_t files = 0, maxfiles = 0; + char **filearr = NULL; struct stat st; - DIR *dir; - struct dirent *d; +- DIR *dir; +- struct dirent *d; ++ php_stream *dir; ++ php_stream_dirent d; ++ ++ TSRMLS_FETCH(); ms->flags |= MAGIC_CHECK; /* Enable checks for parsed files */ @@ -341,28 +343,33 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c marraycount = 0; /* print silly verbose header for USG compat. */ -@@ -778,14 +773,18 @@ +@@ -778,22 +772,26 @@ (void)fprintf(stderr, "%s\n", usg_hdr); /* load directory or file */ - if (stat(fn, &st) == 0 && S_ISDIR(st.st_mode)) { +- dir = opendir(fn); + /* FIXME: Read file names and sort them to prevent + non-determinism. See Debian bug #488562. */ + if (php_sys_stat(fn, &st) == 0 && S_ISDIR(st.st_mode)) { -+ int mflen; -+ char mfn[MAXPATHLEN]; - dir = opendir(fn); ++ int mflen; ++ char mfn[MAXPATHLEN]; ++ ++ dir = php_stream_opendir(fn, REPORT_ERRORS, NULL); if (!dir) { errs++; goto out; } - while ((d = readdir(dir)) != NULL) { +- while ((d = readdir(dir)) != NULL) { - if (asprintf(&mfn, "%s/%s", fn, d->d_name) < 0) { -+ if ((mflen = snprintf(mfn, sizeof(mfn), "%s/%s", fn, d->d_name)) < 0) { ++ while (php_stream_readdir(dir, &d)) { ++ if ((mflen = snprintf(mfn, sizeof(mfn), "%s/%s", fn, d.d_name)) < 0) { file_oomem(ms, - strlen(fn) + strlen(d->d_name) + 2); +- strlen(fn) + strlen(d->d_name) + 2); ++ strlen(fn) + strlen(d.d_name) + 2); errs++; -@@ -793,7 +792,6 @@ +- closedir(dir); ++ php_stream_closedir(dir); goto out; } if (stat(mfn, &st) == -1 || !S_ISREG(st.st_mode)) { @@ -375,7 +382,8 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c realloc(filearr, mlen))) == NULL) { file_oomem(ms, mlen); - free(mfn); - closedir(dir); +- closedir(dir); ++ php_stream_closedir(dir); errs++; goto out; } @@ -383,7 +391,8 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c - filearr[files++] = mfn; + filearr[files++] = estrndup(mfn, (mflen > sizeof(mfn) - 1)? sizeof(mfn) - 1: mflen); } - closedir(dir); +- closedir(dir); ++ php_stream_closedir(dir); qsort(filearr, files, sizeof(*filearr), cmpstrp); for (i = 0; i < files; i++) { load_1(ms, action, filearr[i], &errs, &marray, @@ -512,7 +521,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c m->mimetype[0] = '\0'; /* initialise MIME type to none */ if (m->cont_level == 0) ++(*nmentryp); /* make room for next */ -@@ -2195,56 +2180,69 @@ +@@ -2195,56 +2180,79 @@ /* * handle a compiled file. @@ -543,6 +552,16 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c + ret = 3; + goto internal_loaded; + } ++ ++#ifdef PHP_WIN32 ++ /* Don't bother on windows with php_stream_open_wrapper, ++ return to give apprentice_load() a chance. */ ++ if (php_stream_stat_path_ex(fn, 0, &st, NULL) == SUCCESS) { ++ if (st.sb.st_mode & S_IFDIR) { ++ goto error2; ++ } ++ } ++#endif dbname = mkdbname(ms, fn, 0); if (dbname == NULL) @@ -605,7 +624,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c ptr = (uint32_t *)(void *)*magicp; if (*ptr != MAGICNO) { if (swap4(*ptr) != MAGICNO) { -@@ -2259,35 +2257,55 @@ +@@ -2259,35 +2267,55 @@ else version = ptr[1]; if (version != VERSIONNO) { @@ -677,7 +696,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c return -1; } -@@ -2301,42 +2319,49 @@ +@@ -2301,42 +2329,49 @@ apprentice_compile(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, const char *fn) { @@ -738,7 +757,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c return rv; } -@@ -2349,6 +2374,7 @@ +@@ -2349,6 +2384,7 @@ { const char *p, *q; char *buf; @@ -746,7 +765,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c if (strip) { if ((p = strrchr(fn, '/')) != NULL) -@@ -2370,14 +2396,14 @@ +@@ -2370,14 +2406,14 @@ q++; /* Compatibility with old code that looked in .mime */ if (ms->flags & MAGIC_MIME) { @@ -765,7 +784,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c /* Compatibility with old code that looked in .mime */ if (strstr(p, ".mime") != NULL) -@@ -2467,7 +2493,7 @@ +@@ -2467,7 +2503,7 @@ m->offset = swap4((uint32_t)m->offset); m->in_offset = swap4((uint32_t)m->in_offset); m->lineno = swap4((uint32_t)m->lineno); @@ -775,8 +794,8 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c m->str_flags = swap4(m->str_flags); } diff -u libmagic.origin/ascmagic.c libmagic/ascmagic.c ---- libmagic.origin/ascmagic.c 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/ascmagic.c 2012-09-11 11:33:55.000000000 +0800 +--- libmagic.origin/ascmagic.c Sat Dec 17 18:17:18 2011 ++++ libmagic/ascmagic.c Tue Apr 10 09:46:33 2012 @@ -139,10 +139,8 @@ /* malloc size is a conservative overestimate; could be improved, or at least realloced after conversion. */ @@ -801,8 +820,8 @@ diff -u libmagic.origin/ascmagic.c libmagic/ascmagic.c return rv; } diff -u libmagic.origin/cdf.c libmagic/cdf.c ---- libmagic.origin/cdf.c 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/cdf.c 2012-09-11 11:33:55.000000000 +0800 +--- libmagic.origin/cdf.c Mon Feb 20 23:35:29 2012 ++++ libmagic/cdf.c Tue Apr 10 09:46:33 2012 @@ -43,7 +43,17 @@ #include <err.h> #endif @@ -865,8 +884,8 @@ diff -u libmagic.origin/cdf.c libmagic/cdf.c (void)fprintf(stderr, "timestamp %s\n", buf); } else { diff -u libmagic.origin/cdf.h libmagic/cdf.h ---- libmagic.origin/cdf.h 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/cdf.h 2012-09-11 11:33:55.000000000 +0800 +--- libmagic.origin/cdf.h Fri Feb 17 06:28:31 2012 ++++ libmagic/cdf.h Tue Apr 10 09:46:34 2012 @@ -35,7 +35,7 @@ #ifndef _H_CDF_ #define _H_CDF_ @@ -903,8 +922,8 @@ diff -u libmagic.origin/cdf.h libmagic/cdf.h void cdf_swap_header(cdf_header_t *); void cdf_unpack_header(cdf_header_t *, char *); diff -u libmagic.origin/cdf_time.c libmagic/cdf_time.c ---- libmagic.origin/cdf_time.c 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/cdf_time.c 2012-09-11 11:33:55.000000000 +0800 +--- libmagic.origin/cdf_time.c Tue Dec 13 14:48:41 2011 ++++ libmagic/cdf_time.c Tue Apr 10 09:46:34 2012 @@ -96,7 +96,7 @@ } @@ -962,8 +981,8 @@ diff -u libmagic.origin/cdf_time.c libmagic/cdf_time.c static const char *ref = "Sat Apr 23 01:30:00 1977"; char *p, *q; diff -u libmagic.origin/compress.c libmagic/compress.c ---- libmagic.origin/compress.c 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/compress.c 2012-09-11 11:33:55.000000000 +0800 +--- libmagic.origin/compress.c Sat Dec 17 18:17:18 2011 ++++ libmagic/compress.c Tue Apr 10 09:46:34 2012 @@ -32,6 +32,7 @@ * uncompress(method, old, n, newch) - uncompress old into new, * using method, return sizeof new @@ -1124,10 +1143,9 @@ diff -u libmagic.origin/compress.c libmagic/compress.c } -#endif +#endif /* if PHP_FILEINFO_UNCOMPRESS */ -Only in libmagic: diff diff -u libmagic.origin/file.h libmagic/file.h ---- libmagic.origin/file.h 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/file.h 2012-09-11 11:33:55.000000000 +0800 +--- libmagic.origin/file.h Tue Sep 20 17:30:14 2011 ++++ libmagic/file.h Mon Apr 23 17:58:54 2012 @@ -33,11 +33,9 @@ #ifndef __file_h__ #define __file_h__ @@ -1285,22 +1303,24 @@ diff -u libmagic.origin/file.h libmagic/file.h size_t strlcat(char *dst, const char *src, size_t siz); #endif #ifndef HAVE_GETLINE -@@ -500,4 +487,12 @@ - #define FILE_RCSID(id) +@@ -498,6 +485,14 @@ #endif - + #else + #define FILE_RCSID(id) ++#endif ++ +#ifdef PHP_WIN32 +#define FINFO_LSEEK_FUNC _lseek +#define FINFO_READ_FUNC _read +#else +#define FINFO_LSEEK_FUNC lseek +#define FINFO_READ_FUNC read -+#endif -+ + #endif + #endif /* __file_h__ */ diff -u libmagic.origin/fsmagic.c libmagic/fsmagic.c ---- libmagic.origin/fsmagic.c 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/fsmagic.c 2012-09-11 11:33:55.000000000 +0800 +--- libmagic.origin/fsmagic.c Tue Aug 23 10:57:10 2011 ++++ libmagic/fsmagic.c Tue Apr 10 09:46:34 2012 @@ -59,27 +59,21 @@ # define minor(dev) ((dev) & 0xff) #endif @@ -1511,10 +1531,10 @@ diff -u libmagic.origin/fsmagic.c libmagic/fsmagic.c -#else - if (file_printf(ms, "block special") == -1) - return -1; --#endif + #endif - } - return 1; - #endif +-#endif - /* TODO add code to handle V7 MUX and Blit MUX files */ + #ifdef S_IFIFO @@ -1624,8 +1644,8 @@ diff -u libmagic.origin/fsmagic.c libmagic/fsmagic.c /* diff -u libmagic.origin/funcs.c libmagic/funcs.c ---- libmagic.origin/funcs.c 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/funcs.c 2012-09-11 11:33:55.000000000 +0800 +--- libmagic.origin/funcs.c Sat Dec 17 18:17:18 2011 ++++ libmagic/funcs.c Mon Apr 23 17:58:54 2012 @@ -41,52 +41,42 @@ #if defined(HAVE_WCTYPE_H) #include <wctype.h> @@ -1920,8 +1940,8 @@ diff -u libmagic.origin/funcs.c libmagic/funcs.c } + diff -u libmagic.origin/magic.c libmagic/magic.c ---- libmagic.origin/magic.c 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/magic.c 2012-09-11 11:33:55.000000000 +0800 +--- libmagic.origin/magic.c Thu May 26 03:27:59 2011 ++++ libmagic/magic.c Tue Apr 10 09:46:34 2012 @@ -25,11 +25,6 @@ * SUCH DAMAGE. */ @@ -2298,8 +2318,8 @@ diff -u libmagic.origin/magic.c libmagic/magic.c public const char * magic_error(struct magic_set *ms) diff -u libmagic.origin/magic.h libmagic/magic.h ---- libmagic.origin/magic.h 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/magic.h 2012-09-11 11:33:55.000000000 +0800 +--- libmagic.origin/magic.h Sun Dec 18 15:54:43 2011 ++++ libmagic/magic.h Tue Apr 10 09:46:34 2012 @@ -85,6 +85,7 @@ const char *magic_getpath(const char *, int); @@ -2317,9 +2337,9 @@ diff -u libmagic.origin/magic.h libmagic/magic.h int magic_errno(magic_t); diff -u libmagic.origin/print.c libmagic/print.c ---- libmagic.origin/print.c 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/print.c 2012-09-11 11:33:55.000000000 +0800 -@@ -29,6 +29,9 @@ +--- libmagic.origin/print.c Tue Sep 20 17:28:09 2011 ++++ libmagic/print.c Tue Oct 16 10:13:39 2012 +@@ -29,12 +29,16 @@ * print.c - debugging printout routines */ @@ -2329,7 +2349,14 @@ diff -u libmagic.origin/print.c libmagic/print.c #include "file.h" #ifndef lint -@@ -46,174 +49,21 @@ + FILE_RCSID("@(#)$File: print.c,v 1.71 2011/09/20 15:28:09 christos Exp $") + #endif /* lint */ + ++#include <stdio.h> + #include <string.h> + #include <stdarg.h> + #include <stdlib.h> +@@ -45,174 +49,21 @@ #define SZOF(a) (sizeof(a) / sizeof(a[0])) @@ -2512,8 +2539,8 @@ diff -u libmagic.origin/print.c libmagic/print.c protected const char * diff -u libmagic.origin/readcdf.c libmagic/readcdf.c ---- libmagic.origin/readcdf.c 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/readcdf.c 2012-09-11 11:33:55.000000000 +0800 +--- libmagic.origin/readcdf.c Mon Feb 20 21:04:58 2012 ++++ libmagic/readcdf.c Tue Apr 10 09:46:34 2012 @@ -30,7 +30,11 @@ #endif @@ -2560,8 +2587,8 @@ diff -u libmagic.origin/readcdf.c libmagic/readcdf.c if ((ec = strchr(c, '\n')) != NULL) *ec = '\0'; diff -u libmagic.origin/readelf.c libmagic/readelf.c ---- libmagic.origin/readelf.c 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/readelf.c 2012-09-11 11:33:55.000000000 +0800 +--- libmagic.origin/readelf.c Tue Aug 23 10:57:10 2011 ++++ libmagic/readelf.c Tue Apr 10 09:46:34 2012 @@ -49,7 +49,7 @@ off_t, int *, int); private int doshn(struct magic_set *, int, int, int, off_t, int, size_t, @@ -2717,8 +2744,8 @@ diff -u libmagic.origin/readelf.c libmagic/readelf.c if (fstat(fd, &st) == -1) { diff -u libmagic.origin/softmagic.c libmagic/softmagic.c ---- libmagic.origin/softmagic.c 2012-09-11 11:09:26.000000000 +0800 -+++ libmagic/softmagic.c 2012-09-11 11:33:55.000000000 +0800 +--- libmagic.origin/softmagic.c Sat Dec 17 18:17:18 2011 ++++ libmagic/softmagic.c Fri May 25 09:59:25 2012 @@ -41,6 +41,11 @@ #include <stdlib.h> #include <time.h> diff --git a/ext/fileinfo/libmagic/apprentice.c b/ext/fileinfo/libmagic/apprentice.c index d11bd159a8..787eb79367 100644 --- a/ext/fileinfo/libmagic/apprentice.c +++ b/ext/fileinfo/libmagic/apprentice.c @@ -63,9 +63,6 @@ FILE_RCSID("@(#)$File: apprentice.c,v 1.173 2011/12/08 12:38:24 rrt Exp $") #include <assert.h> #include <ctype.h> #include <fcntl.h> -#ifndef PHP_WIN32 -#include <dirent.h> -#endif #define EATAB {while (isascii((unsigned char) *l) && \ isspace((unsigned char) *l)) ++l;} @@ -759,8 +756,10 @@ apprentice_load(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, size_t files = 0, maxfiles = 0; char **filearr = NULL; struct stat st; - DIR *dir; - struct dirent *d; + php_stream *dir; + php_stream_dirent d; + + TSRMLS_FETCH(); ms->flags |= MAGIC_CHECK; /* Enable checks for parsed files */ @@ -776,19 +775,20 @@ apprentice_load(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, /* FIXME: Read file names and sort them to prevent non-determinism. See Debian bug #488562. */ if (php_sys_stat(fn, &st) == 0 && S_ISDIR(st.st_mode)) { - int mflen; - char mfn[MAXPATHLEN]; - dir = opendir(fn); + int mflen; + char mfn[MAXPATHLEN]; + + dir = php_stream_opendir(fn, REPORT_ERRORS, NULL); if (!dir) { errs++; goto out; } - while ((d = readdir(dir)) != NULL) { - if ((mflen = snprintf(mfn, sizeof(mfn), "%s/%s", fn, d->d_name)) < 0) { + while (php_stream_readdir(dir, &d)) { + if ((mflen = snprintf(mfn, sizeof(mfn), "%s/%s", fn, d.d_name)) < 0) { file_oomem(ms, - strlen(fn) + strlen(d->d_name) + 2); + strlen(fn) + strlen(d.d_name) + 2); errs++; - closedir(dir); + php_stream_closedir(dir); goto out; } if (stat(mfn, &st) == -1 || !S_ISREG(st.st_mode)) { @@ -801,14 +801,14 @@ apprentice_load(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, if ((filearr = CAST(char **, realloc(filearr, mlen))) == NULL) { file_oomem(ms, mlen); - closedir(dir); + php_stream_closedir(dir); errs++; goto out; } } filearr[files++] = estrndup(mfn, (mflen > sizeof(mfn) - 1)? sizeof(mfn) - 1: mflen); } - closedir(dir); + php_stream_closedir(dir); qsort(filearr, files, sizeof(*filearr), cmpstrp); for (i = 0; i < files; i++) { load_1(ms, action, filearr[i], &errs, &marray, @@ -2206,6 +2206,16 @@ apprentice_map(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, goto internal_loaded; } +#ifdef PHP_WIN32 + /* Don't bother on windows with php_stream_open_wrapper, + return to give apprentice_load() a chance. */ + if (php_stream_stat_path_ex(fn, 0, &st, NULL) == SUCCESS) { + if (st.sb.st_mode & S_IFDIR) { + goto error2; + } + } +#endif + dbname = mkdbname(ms, fn, 0); if (dbname == NULL) goto error2; diff --git a/ext/gd/tests/bug43073.phpt b/ext/gd/tests/bug43073.phpt index df4ffe37e8..4f448f2b4a 100644 --- a/ext/gd/tests/bug43073.phpt +++ b/ext/gd/tests/bug43073.phpt @@ -1,9 +1,12 @@ --TEST-- -Bug #43073 (TrueType bounding box is wrong for angle<>0) +Bug #43073 (TrueType bounding box is wrong for angle<>0) freetype < 2.4.10 --SKIPIF-- <?php if(!extension_loaded('gd')){ die('skip gd extension not available'); } if(!function_exists('imagettftext')) die('skip imagettftext() not available'); + + include dirname(__FILE__) . '/func.inc'; + if(version_compare(get_freetype_version(), '2.4.10') >= 0) die('skip for freetype < 2.4.10'); ?> --FILE-- <?php diff --git a/ext/gd/tests/bug43073_1.phpt b/ext/gd/tests/bug43073_1.phpt new file mode 100644 index 0000000000..b69067d31b --- /dev/null +++ b/ext/gd/tests/bug43073_1.phpt @@ -0,0 +1,51 @@ +--TEST-- +Bug #43073 (TrueType bounding box is wrong for angle<>0) freetype >= 2.4.10 +--SKIPIF-- +<?php + if(!extension_loaded('gd')){ die('skip gd extension not available'); } + if(!function_exists('imagettftext')) die('skip imagettftext() not available'); + + include dirname(__FILE__) . '/func.inc'; + if(version_compare(get_freetype_version(), '2.4.10') == -1) die('skip for freetype >= 2.4.10'); +?> +--FILE-- +<?php +$cwd = dirname(__FILE__); +$font = "$cwd/Tuffy.ttf"; +$delta_t = 360.0 / 16; # Make 16 steps around +$g = imagecreate(800, 800); +$bgnd = imagecolorallocate($g, 255, 255, 255); +$black = imagecolorallocate($g, 0, 0, 0); +$x = 100; +$y = 0; +$cos_t = cos(deg2rad($delta_t)); +$sin_t = sin(deg2rad($delta_t)); +for ($angle = 0.0; $angle < 360.0; $angle += $delta_t) { + $bbox = imagettftext($g, 24, $angle, 400+$x, 400+$y, $black, $font, 'ABCDEF'); + $s = vsprintf("(%d, %d), (%d, %d), (%d, %d), (%d, %d)\n", $bbox); + echo $s; + $temp = $cos_t * $x + $sin_t * $y; + $y = $cos_t * $y - $sin_t * $x; + $x = $temp; +} +imagepng($g, "$cwd/bug43073.png"); +?> +--CLEAN-- +<?php @unlink(dirname(__FILE__) . '/bug43073.png'); ?> +--EXPECTF-- +(500, 400), (610, 400), (610, 376), (500, 376) +(492, 363), (591, 322), (580, 295), (480, 336) +(470, 331), (548, 254), (527, 233), (449, 310) +(439, 309), (483, 202), (461, 193), (416, 299) +(400, 300), (400, 183), (380, 183), (380, 300) +(362, 307), (316, 195), (291, 205), (337, 318) +(330, 329), (246, 244), (224, 265), (308, 350) +(308, 360), (202, 316), (190, 344), (296, 388) +(300, 400), (187, 400), (187, 425), (300, 425) +(306, 437), (195, 483), (206, 510), (318, 464) +(328, 469), (240, 557), (260, 578), (349, 491) +(359, 491), (312, 607), (334, 616), (382, 501) +(400, 500), (400, 618), (419, 618), (419, 500) +(436, 493), (483, 607), (507, 597), (461, 482) +(468, 471), (555, 558), (577, 538), (490, 450) +(490, 440), (600, 485), (611, 457), (502, 412) diff --git a/ext/gd/tests/bug48801.phpt b/ext/gd/tests/bug48801.phpt index a6a9874ab8..fd25541a52 100644 --- a/ext/gd/tests/bug48801.phpt +++ b/ext/gd/tests/bug48801.phpt @@ -1,9 +1,12 @@ --TEST-- -Bug #48801 (Problem with imagettfbbox) +Bug #48801 (Problem with imagettfbbox) freetype < 2.4.10 --SKIPIF-- <?php if(!extension_loaded('gd')){ die('skip gd extension not available'); } if(!function_exists('imageftbbox')) die('skip imageftbbox() not available'); + + include dirname(__FILE__) . '/func.inc'; + if(version_compare(get_freetype_version(), '2.4.10') >= 0) die('skip for freetype < 2.4.10'); ?> --FILE-- <?php diff --git a/ext/gd/tests/bug48801_1.phpt b/ext/gd/tests/bug48801_1.phpt new file mode 100644 index 0000000000..11af80cd4b --- /dev/null +++ b/ext/gd/tests/bug48801_1.phpt @@ -0,0 +1,25 @@ +--TEST-- +Bug #48801 (Problem with imagettfbbox) freetype >= 2.4.10 +--SKIPIF-- +<?php + if(!extension_loaded('gd')){ die('skip gd extension not available'); } + if(!function_exists('imageftbbox')) die('skip imageftbbox() not available'); + + include dirname(__FILE__) . '/func.inc'; + if(version_compare(get_freetype_version(), '2.4.10') == -1) die('skip for freetype >= 2.4.10'); +?> +--FILE-- +<?php +$cwd = dirname(__FILE__); +$font = "$cwd/Tuffy.ttf"; +$bbox = imageftbbox(50, 0, $font, "image"); +echo '(' . $bbox[0] . ', ' . $bbox[1] . ")\n"; +echo '(' . $bbox[2] . ', ' . $bbox[3] . ")\n"; +echo '(' . $bbox[4] . ', ' . $bbox[5] . ")\n"; +echo '(' . $bbox[6] . ', ' . $bbox[7] . ")\n"; +?> +--EXPECTF-- +(-1, 15) +(156, 15) +(156, -48) +(-1, -48) diff --git a/ext/gd/tests/func.inc b/ext/gd/tests/func.inc new file mode 100644 index 0000000000..f17227eccd --- /dev/null +++ b/ext/gd/tests/func.inc @@ -0,0 +1,61 @@ +<?php
+
+function get_gd_version()
+{
+ return GD_VERSION;
+}
+
+function get_php_info()
+{
+ ob_start();
+ phpinfo();
+ $info = ob_get_contents();
+ ob_end_clean();
+
+ return $info;
+}
+
+function get_freetype_version()
+{
+ $version = 0;
+
+ if (preg_match(',FreeType Version => (\d+\.\d+\.\d+),s', get_php_info(), $match)) {
+ $version = $match[1];
+ }
+
+ return $version;
+}
+
+function get_libjpeg_version()
+{
+ $version = 0;
+
+ if (preg_match(',libJPEG Version => ([a-z0-9]+),s', get_php_info(), $match)) {
+ $version = $match[1];
+ }
+
+ return $version;
+}
+
+function get_libpng_version()
+{
+ $version = 0;
+
+ if (preg_match(',libPNG Version => (\d+\.\d+\.\d+),s', get_php_info(), $match)) {
+ $version = $match[1];
+ }
+
+ return $version;
+}
+
+function get_libxpm_version()
+{
+ $version = 0;
+
+ if (preg_match(',libXpm Version => (\d+),s', get_php_info(), $match)) {
+ $version = $match[1];
+ }
+
+ return $version;
+}
+
diff --git a/ext/mysql/config.m4 b/ext/mysql/config.m4 index fa7a46f853..5968c43346 100644 --- a/ext/mysql/config.m4 +++ b/ext/mysql/config.m4 @@ -97,6 +97,13 @@ Note that the MySQL client library is not bundled anymore!]) done if test -z "$MYSQL_LIB_DIR"; then + MYSQL_LIB_CHK(lib/x86_64-linux-gnu) + fi + if test -z "$MYSQL_LIB_DIR"; then + MYSQL_LIB_CHK(lib/i386-linux-gnu) + fi + + if test -z "$MYSQL_LIB_DIR"; then AC_MSG_ERROR([Cannot find lib$MYSQL_LIBNAME under $MYSQL_DIR. Note that the MySQL client library is not bundled anymore!]) fi diff --git a/ext/mysql/tests/mysql_field_flags.phpt b/ext/mysql/tests/mysql_field_flags.phpt index 6489affc16..e07e041d2a 100644 --- a/ext/mysql/tests/mysql_field_flags.phpt +++ b/ext/mysql/tests/mysql_field_flags.phpt @@ -81,13 +81,17 @@ $tables = array( array('label1', sprintf("'%s'", @date("Y-m-d H:i:s"))), 'label1' => array( 'timestamp', - 'unsigned', - 'zerofill', 'binary', 'not_null'), ), ); +if ($version < 560) { + $tables['label1 TIMESTAMP']['label1'][] = 'zerofill'; + $tables['label1 TIMESTAMP']['label1'][] = 'unsigned'; +} + + foreach ($tables as $columns => $expected) { if (!mysql_query("DROP TABLE IF EXISTS test", $link)) { printf("[010/%s] [%d] %s\n", $columns, mysql_errno($link), mysql_error($link)); diff --git a/ext/mysql/tests/mysql_stat.phpt b/ext/mysql/tests/mysql_stat.phpt index 288c53f067..30a840a2a1 100644 --- a/ext/mysql/tests/mysql_stat.phpt +++ b/ext/mysql/tests/mysql_stat.phpt @@ -34,7 +34,7 @@ if ((!is_string($stat_def = mysql_stat())) || ('' === $stat_def)) printf("[003] Expecting non empty string, got %s/'%s', [%d] %s\n", gettype($stat_def), $stat_def, mysql_errno(), mysql_error()); -assert($stat === $stat_def); +assert(soundex($stat) === soundex($stat_def)); mysql_close($link); @@ -45,4 +45,4 @@ print "done!"; ?> --EXPECTF-- Warning: mysql_stat(): %d is not a valid MySQL-Link resource in %s on line %d -done!
\ No newline at end of file +done! diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c index 394073610c..1ac9173eec 100644 --- a/ext/mysqli/mysqli_api.c +++ b/ext/mysqli/mysqli_api.c @@ -566,14 +566,17 @@ PHP_FUNCTION(mysqli_character_set_name) { MY_MYSQL *mysql; zval *mysql_link; + const char *cs_name; if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "O", &mysql_link, mysqli_link_class_entry) == FAILURE) { return; } MYSQLI_FETCH_RESOURCE_CONN(mysql, &mysql_link, MYSQLI_STATUS_VALID); - - RETURN_STRING((char *)mysql_character_set_name(mysql->mysql), 1); + cs_name = mysql_character_set_name(mysql->mysql); + if (cs_name) { + RETURN_STRING(cs_name, 1); + } } /* }}} */ @@ -732,12 +735,16 @@ PHP_FUNCTION(mysqli_error) { MY_MYSQL *mysql; zval *mysql_link; + const char *err; if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "O", &mysql_link, mysqli_link_class_entry) == FAILURE) { return; } MYSQLI_FETCH_RESOURCE_CONN(mysql, &mysql_link, MYSQLI_STATUS_VALID); - RETURN_STRING((char *)mysql_error(mysql->mysql),1); + err = mysql_error(mysql->mysql); + if (err) { + RETURN_STRING(err, 1); + } } /* }}} */ @@ -1268,7 +1275,10 @@ PHP_FUNCTION(mysqli_free_result) Get MySQL client info */ PHP_FUNCTION(mysqli_get_client_info) { - RETURN_STRING((char *)mysql_get_client_info(), 1); + const char * info = mysql_get_client_info(); + if (info) { + RETURN_STRING(info, 1); + } } /* }}} */ @@ -1320,15 +1330,18 @@ PHP_FUNCTION(mysqli_get_server_info) { MY_MYSQL *mysql; zval *mysql_link = NULL; + const char *info; if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "O", &mysql_link, mysqli_link_class_entry) == FAILURE) { return; } MYSQLI_FETCH_RESOURCE_CONN(mysql, &mysql_link, MYSQLI_STATUS_VALID); - RETURN_STRING((char *)mysql_get_server_info(mysql->mysql), 1); + info = mysql_get_server_info(mysql->mysql); + if (info) { + RETURN_STRING(info, 1); + } } - /* }}} */ /* {{{ proto int mysqli_get_server_version(object link) @@ -1361,7 +1374,9 @@ PHP_FUNCTION(mysqli_info) MYSQLI_FETCH_RESOURCE_CONN(mysql, &mysql_link, MYSQLI_STATUS_VALID); info = mysql_info(mysql->mysql); - RETURN_STRING((info) ? (char *)info : "", 1); + if (info) { + RETURN_STRING(info, 1); + } } /* }}} */ @@ -2096,12 +2111,16 @@ PHP_FUNCTION(mysqli_sqlstate) { MY_MYSQL *mysql; zval *mysql_link; + const char *state; if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "O", &mysql_link, mysqli_link_class_entry) == FAILURE) { return; } MYSQLI_FETCH_RESOURCE_CONN(mysql, &mysql_link, MYSQLI_STATUS_VALID); - RETURN_STRING((char *)mysql_sqlstate(mysql->mysql),1); + state = mysql_sqlstate(mysql->mysql); + if (state) { + RETURN_STRING(state, 1); + } } /* }}} */ @@ -2279,13 +2298,17 @@ PHP_FUNCTION(mysqli_stmt_error) { MY_STMT *stmt; zval *mysql_stmt; + const char * err; if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "O", &mysql_stmt, mysqli_stmt_class_entry) == FAILURE) { return; } MYSQLI_FETCH_RESOURCE_STMT(stmt, &mysql_stmt, MYSQLI_STATUS_INITIALIZED); - RETURN_STRING((char *)mysql_stmt_error(stmt->stmt),1); + err = mysql_stmt_error(stmt->stmt); + if (err) { + RETURN_STRING(err, 1); + } } /* }}} */ @@ -2424,13 +2447,17 @@ PHP_FUNCTION(mysqli_stmt_sqlstate) { MY_STMT *stmt; zval *mysql_stmt; + const char * state; if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "O", &mysql_stmt, mysqli_stmt_class_entry) == FAILURE) { return; } MYSQLI_FETCH_RESOURCE_STMT(stmt, &mysql_stmt, MYSQLI_STATUS_VALID); - RETURN_STRING((char *)mysql_stmt_sqlstate(stmt->stmt),1); + state = mysql_stmt_sqlstate(stmt->stmt); + if (state) { + RETURN_STRING(state, 1); + } } /* }}} */ diff --git a/ext/mysqli/tests/bug51647.phpt b/ext/mysqli/tests/bug51647.phpt index b1c1e87a77..78540f1c33 100644 --- a/ext/mysqli/tests/bug51647.phpt +++ b/ext/mysqli/tests/bug51647.phpt @@ -24,12 +24,12 @@ if ($res = $link->query('SHOW VARIABLES LIKE "have_ssl"')) { die(sprintf("skip Failed to test for MySQL SSL support, [%d] %s", $link->errno, $link->error)); } } - + if (empty($row)) die(sprintf("skip Failed to test for MySQL SSL support, [%d] %s", $link->errno, $link->error)); -if ($row[1] == 'NO') +if (($row[1] == 'NO') || ($row[1] == 'DISABLED')) die(sprintf("skip MySQL has no SSL support, [%d] %s", $link->errno, $link->error)); $link->close(); diff --git a/ext/mysqli/tests/bug55283.phpt b/ext/mysqli/tests/bug55283.phpt index 6000fce0a9..d03daaee88 100644 --- a/ext/mysqli/tests/bug55283.phpt +++ b/ext/mysqli/tests/bug55283.phpt @@ -29,7 +29,7 @@ if ($res = $link->query('SHOW VARIABLES LIKE "have_ssl"')) { if (empty($row)) die(sprintf("skip Failed to test for MySQL SSL support, [%d] %s", $link->errno, $link->error)); -if ($row[1] == 'NO') +if (($row[1] == 'NO') || ($row[1] == 'DISABLED')) die(sprintf("skip MySQL has no SSL support, [%d] %s", $link->errno, $link->error)); $link->close(); @@ -41,7 +41,7 @@ $link->close(); $flags = MYSQLI_CLIENT_SSL; - + $link = mysqli_init(); mysqli_ssl_set($link, null, null, null, null, "RC4-MD5"); if (my_mysqli_real_connect($link, 'p:' . $host, $user, $passwd, $db, $port, null, $flags)) { diff --git a/ext/mysqli/tests/bug55859.phpt b/ext/mysqli/tests/bug55859.phpt index a8bb4b3f24..ba6e9902b3 100644 --- a/ext/mysqli/tests/bug55859.phpt +++ b/ext/mysqli/tests/bug55859.phpt @@ -12,9 +12,9 @@ require_once('skipifconnectfailure.inc'); if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) {
printf("[001] Connect failed, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
}
- var_dump(mysqli_stat($link) === $link->stat);
+ var_dump(soundex(mysqli_stat($link)) === soundex($link->stat));
echo "done!";
?>
--EXPECT--
bool(true)
-done!
\ No newline at end of file +done!
diff --git a/ext/mysqli/tests/mysqli_class_mysqli_interface.phpt b/ext/mysqli/tests/mysqli_class_mysqli_interface.phpt index 139325a3f1..19ba0086fb 100644 --- a/ext/mysqli/tests/mysqli_class_mysqli_interface.phpt +++ b/ext/mysqli/tests/mysqli_class_mysqli_interface.phpt @@ -205,7 +205,7 @@ require_once('skipifconnectfailure.inc'); $mysqli->sqlstate, gettype($mysqli->sqlstate), mysqli_sqlstate($link), gettype(mysqli_sqlstate($link))); - assert(mysqli_stat($link) === $mysqli->stat); + assert(soundex(mysqli_stat($link)) == soundex($mysqli->stat)); printf("mysqli->stat = '%s'/%s ('%s'/%s)\n", $mysqli->stat, gettype($mysqli->stat), mysqli_stat($link), gettype(mysqli_stat($link))); @@ -295,7 +295,7 @@ mysqli->insert_id = '0'/integer ('0'/integer) mysqli->sqlstate = '00000'/%unicode|string% ('00000'/%unicode|string%) mysqli->stat = 'Uptime: %d Threads: %d Questions: %d Slow queries: %d Opens: %d Flush tables: %d Open tables: %d Queries per second avg: %d.%d'/string ('Uptime: %d Threads: %d Questions: %d Slow queries: %d Opens: %d Flush tables: %d Open tables: %d Queries per second avg: %d.%d'/string) mysqli->host_info = '%s'/%unicode|string% ('%s'/%unicode|string%) -mysqli->info = ''/NULL (''/%unicode|string%) +mysqli->info = ''/NULL (''/NULL) mysqli->thread_id = '%d'/integer ('%d'/integer) mysqli->protocol_version = '%d'/integer ('%d'/integer) mysqli->server_info = '%s'/%unicode|string% ('%s'/%unicode|string%) diff --git a/ext/mysqli/tests/mysqli_constants.phpt b/ext/mysqli/tests/mysqli_constants.phpt index 613dddfc85..0f87187216 100644 --- a/ext/mysqli/tests/mysqli_constants.phpt +++ b/ext/mysqli/tests/mysqli_constants.phpt @@ -125,6 +125,12 @@ require_once('skipifconnectfailure.inc'); $expected_constants['MYSQLI_SERVER_QUERY_WAS_SLOW'] = true; } + + /* First introduced in MySQL 6.0, backported to MySQL 5.5 */ + if ($version >= 50606 || $IS_MYSQLND) { + $expected_constants['MYSQLI_SERVER_PUBLIC_KEY'] = true; + } + if ($version > 50002) { $expected_constants = array_merge($expected_constants, array( "MYSQLI_TYPE_NEWDECIMAL" => true, diff --git a/ext/mysqli/tests/mysqli_fetch_field_flags.phpt b/ext/mysqli/tests/mysqli_fetch_field_flags.phpt index 42cbc1487f..8259d2f505 100644 --- a/ext/mysqli/tests/mysqli_fetch_field_flags.phpt +++ b/ext/mysqli/tests/mysqli_fetch_field_flags.phpt @@ -84,6 +84,8 @@ mysqli_close($link); 'VARCHAR(2) NOT NULL PRIMARY KEY' => 'NOT_NULL PRI_KEY NO_DEFAULT_VALUE PART_KEY' ); + + function checkFlags($reported_flags, $expected_flags, $flags) { $found_flags = $unexpected_flags = ''; foreach ($flags as $code => $name) { @@ -104,6 +106,10 @@ mysqli_close($link); if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) printf("[001] [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error()); + if (mysqli_get_server_version($link) > 50600) { + $columns['TIMESTAMP NOT NULL'] = 'ON_UPDATE_NOW TIMESTAMP BINARY NOT_NULL'; + } + foreach ($columns as $column_def => $expected_flags) { if (!mysqli_query($link, 'DROP TABLE IF EXISTS test')) { printf("[002] %s [%d] %s\n", $column_def, diff --git a/ext/mysqli/tests/mysqli_info.phpt b/ext/mysqli/tests/mysqli_info.phpt index 2d5004fe6e..6bb5d215e0 100644 --- a/ext/mysqli/tests/mysqli_info.phpt +++ b/ext/mysqli/tests/mysqli_info.phpt @@ -21,8 +21,8 @@ require_once('skipifconnectfailure.inc'); printf("[003] [%d] %s\n", mysqli_errno($link), mysqli_error($link)); // NOTE: empty string, no multiple insert syntax - if (!is_string($tmp = mysqli_info($link)) || ('' != $tmp)) - printf("[004] Expecting string/empty, got %s/%s\n", gettype($tmp), $tmp); + if (!is_null($tmp = mysqli_info($link)) || ('' != $tmp)) + printf("[004] Expecting null, got %s/%s\n", gettype($tmp), $tmp); if (!$res = mysqli_query($link, "INSERT INTO test(id, label) VALUES (101, 'a'), (102, 'b')")) printf("[005] [%d] %s\n", mysqli_errno($link), mysqli_error($link)); @@ -54,8 +54,8 @@ require_once('skipifconnectfailure.inc'); if (!$res = mysqli_query($link, "SELECT 1")) printf("[013] [%d] %s\n", mysqli_errno($link), mysqli_error($link)); - if (!is_string($tmp = mysqli_info($link)) || ('' != $tmp)) - printf("[014] Expecting string/empty, got %s/%s\n", gettype($tmp), $tmp); + if (!is_null($tmp = mysqli_info($link)) || ('' != $tmp)) + printf("[014] Expecting null, got %s/%s\n", gettype($tmp), $tmp); mysqli_free_result($res); // NOTE: no LOAD DATA INFILE test diff --git a/ext/mysqli/tests/mysqli_pam_sha256.phpt b/ext/mysqli/tests/mysqli_pam_sha256.phpt new file mode 100644 index 0000000000..3016e200d7 --- /dev/null +++ b/ext/mysqli/tests/mysqli_pam_sha256.phpt @@ -0,0 +1,113 @@ +--TEST-- +PAM: SHA-256 +--SKIPIF-- +<?php +require_once('skipif.inc'); +require_once('skipifemb.inc'); +require_once('skipifconnectfailure.inc'); + +ob_start(); +phpinfo(INFO_MODULES); +$tmp = ob_get_contents(); +ob_end_clean(); +if (!stristr($tmp, "auth_plugin_sha256_password")) + die("skip SHA256 auth plugin not built-in to mysqlnd"); + +require_once('connect.inc'); +if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) + die(printf("skip: [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error())); + +if (mysqli_get_server_version($link) < 50606) + die("skip: SHA-256 requires MySQL 5.6.6+"); + +if (!($res = $link->query("SHOW PLUGINS"))) { + die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); +} + +$found = false; +while ($row = $res->fetch_assoc()) { + if (($row['Name'] == 'sha256_password') && ($row['Status'] == 'ACTIVE')) { + $found = true; + break; + } +} +if (!$found) + die("skip SHA-256 server plugin unavailable"); + +if (!($res = $link->query("SHOW STATUS LIKE 'Rsa_public_key'"))) { + die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); +} + +if (!($row = $res->fetch_assoc())) { + die(sprintf("skip Failed to check RSA pub key, [%d] %s\n", $link->errno, $link->error)); +} + +if (strlen($row['Value']) < 100) { + die(sprintf("skip Server misconfiguration? RSA pub key is suspicious, [%d] %s\n", $link->errno, $link->error)); +} + +if (!$link->query("SET @@session.old_passwords=2")) { + die(sprintf("skip Cannot set @@session.old_passwords=2 [%d] %s", $link->errno, $link->error)); +} + +$link->query('DROP USER shatest'); +$link->query("DROP USER shatest@localhost"); + + +if (!$link->query('CREATE USER shatest@"%" IDENTIFIED WITH sha256_password') || + !$link->query('CREATE USER shatest@"localhost" IDENTIFIED WITH sha256_password')) { + die(sprintf("skip CREATE USER failed [%d] %s", $link->errno, $link->error)); +} + +if (!$link->query('SET PASSWORD FOR shatest@"%" = PASSWORD("shatest")') || + !$link->query('SET PASSWORD FOR shatest@"localhost" = PASSWORD("shatest")')) { + die(sprintf("skip SET PASSWORD failed [%d] %s", $link->errno, $link->error)); +} + +if (!$link->query("DROP TABLE IF EXISTS test") || + !$link->query("CREATE TABLE test (id INT)") || + !$link->query("INSERT INTO test(id) VALUES (1), (2), (3)")) + die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error)); + + +if (!$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'%%'", $db)) || + !$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'localhost'", $db))) { + die(sprintf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link))); +} + +$link->close(); +?> +--FILE-- +<?php + require_once("connect.inc"); + + if (!$link = my_mysqli_connect($host, 'shatest', 'shatest', $db, $port, $socket)) { + printf("[001] Cannot connect to the server using host=%s, user=%s, passwd=***, dbname=%s, port=%s, socket=%s\n", + $host, "shatest", $db, $port, $socket); + } else { + + if (!$res = $link->query("SELECT id FROM test WHERE id = 1")) + printf("[002] [%d] %s\n", $link->errno, $link->error); + + if (!$row = mysqli_fetch_assoc($res)) { + printf("[003] [%d] %s\n", $link->errno, $link->error); + } + + if ($row['id'] != 1) { + printf("[004] Expecting 1 got %s/'%s'", gettype($row['id']), $row['id']); + } + + $res->close(); + $link->close(); + } + + print "done!"; +?> +--CLEAN-- +<?php + require_once("clean_table.inc"); + $link->query('DROP USER shatest'); + $link->query('DROP USER shatest@localhost'); +?> +--EXPECTF-- +done!
\ No newline at end of file diff --git a/ext/mysqli/tests/mysqli_pam_sha256_public_key_ini.phpt b/ext/mysqli/tests/mysqli_pam_sha256_public_key_ini.phpt new file mode 100644 index 0000000000..27bbed138c --- /dev/null +++ b/ext/mysqli/tests/mysqli_pam_sha256_public_key_ini.phpt @@ -0,0 +1,129 @@ +--TEST-- +PAM: SHA-256, mysqlnd.sha256_server_public_key +--SKIPIF-- +<?php +require_once('skipif.inc'); +require_once('skipifemb.inc'); +require_once('skipifconnectfailure.inc'); + +ob_start(); +phpinfo(INFO_MODULES); +$tmp = ob_get_contents(); +ob_end_clean(); +if (!stristr($tmp, "auth_plugin_sha256_password")) + die("skip SHA256 auth plugin not built-in to mysqlnd"); + +require_once('connect.inc'); +if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) + die(printf("skip: [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error())); + +if (mysqli_get_server_version($link) < 50606) + die("skip: SHA-256 requires MySQL 5.6.6+"); + +if (!($res = $link->query("SHOW PLUGINS"))) { + die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); +} + +$found = false; +while ($row = $res->fetch_assoc()) { + if (($row['Name'] == 'sha256_password') && ($row['Status'] == 'ACTIVE')) { + $found = true; + break; + } +} +if (!$found) + die("skip SHA-256 server plugin unavailable"); + +if (!($res = $link->query("SHOW STATUS LIKE 'Rsa_public_key'"))) { + die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); +} + +if (!($row = $res->fetch_assoc())) { + die(sprintf("skip Failed to check RSA pub key, [%d] %s\n", $link->errno, $link->error)); +} + +$key = $row['Value']; +if (strlen($key) < 100) { + die(sprintf("skip Server misconfiguration? RSA pub key is suspicious, [%d] %s\n", $link->errno, $link->error)); +} + +/* date changes may give false positive */ +$file = "test_sha256_ini"; +if ((file_exists($file) && !unlink($file)) || !($fp = @fopen($file, "w"))) { + die(sprintf("skip Cannot create RSA pub key file '%s'", $file)); +} +$key = str_replace("A", "a", $key); +$key = str_replace("M", "m", $key); +if (strlen($key) != fwrite($fp, $key)) { + die(sprintf("skip Failed to create pub key file")); +} + + +if (!$link->query("SET @@session.old_passwords=2")) { + die(sprintf("skip Cannot set @@session.old_passwords=2 [%d] %s", $link->errno, $link->error)); +} + +$link->query('DROP USER shatest'); +$link->query("DROP USER shatest@localhost"); + + +if (!$link->query('CREATE USER shatest@"%" IDENTIFIED WITH sha256_password') || + !$link->query('CREATE USER shatest@"localhost" IDENTIFIED WITH sha256_password')) { + die(sprintf("skip CREATE USER failed [%d] %s", $link->errno, $link->error)); +} + +if (!$link->query('SET PASSWORD FOR shatest@"%" = PASSWORD("shatest")') || + !$link->query('SET PASSWORD FOR shatest@"localhost" = PASSWORD("shatest")')) { + die(sprintf("skip SET PASSWORD failed [%d] %s", $link->errno, $link->error)); +} + +if (!$link->query("DROP TABLE IF EXISTS test") || + !$link->query("CREATE TABLE test (id INT)") || + !$link->query("INSERT INTO test(id) VALUES (1), (2), (3)")) + die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error)); + + +if (!$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'%%'", $db)) || + !$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'localhost'", $db))) { + die(sprintf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link))); +} + +$link->close(); +?> +--INI-- +mysqlnd.sha256_server_public_key="test_sha256_ini" +--FILE-- +<?php + require_once("connect.inc"); + + + $link = new mysqli($host, 'shatest', 'shatest', $db, $port, $socket); + if ($link->connect_errno) { + printf("[001] [%d] %s\n", $link->connect_errno, $link->connect_error); + } else { + if (!$res = $link->query("SELECT id FROM test WHERE id = 1")) + printf("[002] [%d] %s\n", $link->errno, $link->error); + + if (!$row = mysqli_fetch_assoc($res)) { + printf("[003] [%d] %s\n", $link->errno, $link->error); + } + + if ($row['id'] != 1) { + printf("[004] Expecting 1 got %s/'%s'", gettype($row['id']), $row['id']); + } + } + print "done!"; +?> +--CLEAN-- +<?php + require_once("clean_table.inc"); + $link->query('DROP USER shatest'); + $link->query('DROP USER shatest@localhost'); + $file = "test_sha256_ini"; + @unlink($file); +?> +--EXPECTF-- + +Warning: mysqli::mysqli(): (HY000/1045): %s in %s on line %d +[001] [1045] %s +done!
\ No newline at end of file diff --git a/ext/mysqli/tests/mysqli_pam_sha256_public_key_option.phpt b/ext/mysqli/tests/mysqli_pam_sha256_public_key_option.phpt new file mode 100644 index 0000000000..afed773b01 --- /dev/null +++ b/ext/mysqli/tests/mysqli_pam_sha256_public_key_option.phpt @@ -0,0 +1,132 @@ +--TEST-- +PAM: SHA-256, option: MYSQLI_SERVER_PUBLIC_KEY +--SKIPIF-- +<?php +require_once('skipif.inc'); +require_once('skipifemb.inc'); +require_once('skipifconnectfailure.inc'); + +ob_start(); +phpinfo(INFO_MODULES); +$tmp = ob_get_contents(); +ob_end_clean(); +if (!stristr($tmp, "auth_plugin_sha256_password")) + die("skip SHA256 auth plugin not built-in to mysqlnd"); + +require_once('connect.inc'); +if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) + die(printf("skip: [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error())); + +if (mysqli_get_server_version($link) < 50606) + die("skip: SHA-256 requires MySQL 5.6.6+"); + +if (!($res = $link->query("SHOW PLUGINS"))) { + die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); +} + +$found = false; +while ($row = $res->fetch_assoc()) { + if (($row['Name'] == 'sha256_password') && ($row['Status'] == 'ACTIVE')) { + $found = true; + break; + } +} +if (!$found) + die("skip SHA-256 server plugin unavailable"); + +if (!($res = $link->query("SHOW STATUS LIKE 'Rsa_public_key'"))) { + die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); +} + +if (!($row = $res->fetch_assoc())) { + die(sprintf("skip Failed to check RSA pub key, [%d] %s\n", $link->errno, $link->error)); +} + +if (strlen($row['Value']) < 100) { + die(sprintf("skip Server misconfiguration? RSA pub key is suspicious, [%d] %s\n", $link->errno, $link->error)); +} + +/* date changes may give false positive */ +$file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd")); +if ((file_exists($file) && !unlink($file)) || !($fp = @fopen($file, "w"))) { + die(sprintf("skip Cannot create RSA pub key file '%s'", $file)); +} +if (strlen($row['Value']) != fwrite($fp, $row['Value'])) { + die(sprintf("skip Failed to create pub key file")); +} + + +if (!$link->query("SET @@session.old_passwords=2")) { + die(sprintf("skip Cannot set @@session.old_passwords=2 [%d] %s", $link->errno, $link->error)); +} + +$link->query('DROP USER shatest'); +$link->query("DROP USER shatest@localhost"); + + +if (!$link->query('CREATE USER shatest@"%" IDENTIFIED WITH sha256_password') || + !$link->query('CREATE USER shatest@"localhost" IDENTIFIED WITH sha256_password')) { + die(sprintf("skip CREATE USER failed [%d] %s", $link->errno, $link->error)); +} + +if (!$link->query('SET PASSWORD FOR shatest@"%" = PASSWORD("shatest")') || + !$link->query('SET PASSWORD FOR shatest@"localhost" = PASSWORD("shatest")')) { + die(sprintf("skip SET PASSWORD failed [%d] %s", $link->errno, $link->error)); +} + +if (!$link->query("DROP TABLE IF EXISTS test") || + !$link->query("CREATE TABLE test (id INT)") || + !$link->query("INSERT INTO test(id) VALUES (1), (2), (3)")) + die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error)); + + +if (!$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'%%'", $db)) || + !$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'localhost'", $db))) { + die(sprintf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link))); +} + +$link->close(); +?> +--FILE-- +<?php + require_once("connect.inc"); + + $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd")); + if (file_exists($file) && is_readable($file)) { + + $link = mysqli_init(); + if (!($link->options(MYSQLI_SERVER_PUBLIC_KEY, $file))) { + printf("[001] mysqli_options failed, [%d] %s\n", $link->errno, $link->error); + } + + if (!$link->real_connect($host, 'shatest', 'shatest', $db, $port, $socket)) { + printf("[002] [%d] %s\n", $link->connect_errno, $link->connect_error); + } + + if (!$res = $link->query("SELECT id FROM test WHERE id = 1")) + printf("[003] [%d] %s\n", $link->errno, $link->error); + + if (!$row = mysqli_fetch_assoc($res)) { + printf("[004] [%d] %s\n", $link->errno, $link->error); + } + + if ($row['id'] != 1) { + printf("[005] Expecting 1 got %s/'%s'", gettype($row['id']), $row['id']); + } + + $res->close(); + $link->close(); + } + + print "done!"; +?> +--CLEAN-- +<?php + require_once("clean_table.inc"); + $link->query('DROP USER shatest'); + $link->query('DROP USER shatest@localhost'); + $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd")); + @unlink($file); +?> +--EXPECTF-- +done!
\ No newline at end of file diff --git a/ext/mysqli/tests/mysqli_pam_sha256_public_key_option_invalid.phpt b/ext/mysqli/tests/mysqli_pam_sha256_public_key_option_invalid.phpt new file mode 100644 index 0000000000..e2626240d8 --- /dev/null +++ b/ext/mysqli/tests/mysqli_pam_sha256_public_key_option_invalid.phpt @@ -0,0 +1,188 @@ +--TEST-- +PAM: SHA-256, option: MYSQLI_SERVER_PUBLIC_KEY (invalid) +--SKIPIF-- +<?php +require_once('skipif.inc'); +require_once('skipifemb.inc'); +require_once('skipifconnectfailure.inc'); + +ob_start(); +phpinfo(INFO_MODULES); +$tmp = ob_get_contents(); +ob_end_clean(); +if (!stristr($tmp, "auth_plugin_sha256_password")) + die("skip SHA256 auth plugin not built-in to mysqlnd"); + +require_once('connect.inc'); +if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) + die(printf("skip: [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error())); + +if (mysqli_get_server_version($link) < 50606) + die("skip: SHA-256 requires MySQL 5.6.6+"); + +if (!($res = $link->query("SHOW PLUGINS"))) { + die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); +} + +$found = false; +while ($row = $res->fetch_assoc()) { + if (($row['Name'] == 'sha256_password') && ($row['Status'] == 'ACTIVE')) { + $found = true; + break; + } +} +if (!$found) + die("skip SHA-256 server plugin unavailable"); + +if (!($res = $link->query("SHOW STATUS LIKE 'Rsa_public_key'"))) { + die(sprintf("skip [%d] %s\n", $link->errno, $link->error)); +} + +if (!($row = $res->fetch_assoc())) { + die(sprintf("skip Failed to check RSA pub key, [%d] %s\n", $link->errno, $link->error)); +} + +if (strlen($row['Value']) < 100) { + die(sprintf("skip Server misconfiguration? RSA pub key is suspicious, [%d] %s\n", $link->errno, $link->error)); +} + +/* date changes may give false positive */ +$file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd")); +if ((file_exists($file) && !unlink($file)) || !($fp = @fopen($file, "w"))) { + die(sprintf("skip Cannot create RSA pub key file '%s'", $file)); +} +if (strlen($row['Value']) != fwrite($fp, $row['Value'])) { + die(sprintf("skip Failed to create pub key file")); +} + + +if (!$link->query("SET @@session.old_passwords=2")) { + die(sprintf("skip Cannot set @@session.old_passwords=2 [%d] %s", $link->errno, $link->error)); +} + +$link->query('DROP USER shatest'); +$link->query("DROP USER shatest@localhost"); + + +if (!$link->query('CREATE USER shatest@"%" IDENTIFIED WITH sha256_password') || + !$link->query('CREATE USER shatest@"localhost" IDENTIFIED WITH sha256_password')) { + die(sprintf("skip CREATE USER failed [%d] %s", $link->errno, $link->error)); +} + +if (!$link->query('SET PASSWORD FOR shatest@"%" = PASSWORD("shatest")') || + !$link->query('SET PASSWORD FOR shatest@"localhost" = PASSWORD("shatest")')) { + die(sprintf("skip SET PASSWORD failed [%d] %s", $link->errno, $link->error)); +} + +if (!$link->query("DROP TABLE IF EXISTS test") || + !$link->query("CREATE TABLE test (id INT)") || + !$link->query("INSERT INTO test(id) VALUES (1), (2), (3)")) + die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error)); + + +if (!$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'%%'", $db)) || + !$link->query(sprintf("GRANT SELECT ON TABLE %s.test TO shatest@'localhost'", $db))) { + die(sprintf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link))); +} + +$link->close(); +?> +--FILE-- +<?php + require_once("connect.inc"); + + function sha_connect($offset, $host, $db, $port, $socket, $file) { + + $link = mysqli_init(); + if (!($link->options(MYSQLI_SERVER_PUBLIC_KEY, $file))) { + printf("[%03d + 001] mysqli_options failed, [%d] %s\n", $offset, $link->errno, $link->error); + return false; + } + + if (!$link->real_connect($host, 'shatest', 'shatest', $db, $port, $socket)) { + printf("[%03d + 002] [%d] %s\n", $offset, $link->connect_errno, $link->connect_error); + return false; + } + + if (!$res = $link->query("SELECT id FROM test WHERE id = 1")) + printf("[%03d + 003] [%d] %s\n", $offset, $link->errno, $link->error); + return false; + + if (!$row = mysqli_fetch_assoc($res)) { + printf("[%03d + 004] [%d] %s\n", $offset, $link->errno, $link->error); + return false; + } + + if ($row['id'] != 1) { + printf("[%03d + 005] Expecting 1 got %s/'%s'", $offset, gettype($row['id']), $row['id']); + return false; + } + + $res->close(); + $link->close(); + return true; + } + + $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd")); + if (file_exists($file) && is_readable($file)) { + + /* valid key */ + sha_connect(100, $host, $db, $port, $socket, $file); + + /* invalid key */ + $file_wrong = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_wrong" , @date("Ymd")); + + $key = file_get_contents($file); + $key = str_replace("A", "a", $key); + $key = str_replace("M", "m", $key); + @unlink($file_wrong); + if (!($fp = fopen($file_wrong, "w"))) { + printf("[002] Can't write public key file."); + } else { + fwrite($fp, $key); + fclose($fp); + sha_connect(200, $host, $db, $port, $socket, $file_wrong); + } + + /* empty file */ + @unlink($file_wrong); + if (!($fp = fopen($file_wrong, "w"))) { + printf("[003] Can't write public key file."); + } else { + fwrite($fp, ""); + fclose($fp); + sha_connect(300, $host, $db, $port, $socket, $file_wrong); + } + + /* file does not exist */ + @unlink($file_wrong); + sha_connect(400, $host, $db, $port, $socket, $file_wrong); + + } else { + printf("[001] Cannot read public key file."); + } + + print "done!"; +?> +--CLEAN-- +<?php + require_once("clean_table.inc"); + $link->query('DROP USER shatest'); + $link->query('DROP USER shatest@localhost'); + $file = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_" , @date("Ymd")); + @unlink($file); + $file_wrong = sprintf("%s%s%s_%s", sys_get_temp_dir(), DIRECTORY_SEPARATOR, "test_sha256_wrong" , @date("Ymd")); + @unlink($file_wrong); +?> +--EXPECTF-- +Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d +[200 + 002] [1045] %s + +Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d +[300 + 002] [1045] %s + +Warning: mysqli::real_connect(%sest_sha256_wrong_%d): failed to open stream: No such file or directory in %s on line %d + +Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d +[400 + 002] [1045] %s +done!
\ No newline at end of file diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c index f5fe075c50..ad91212f2a 100644 --- a/ext/mysqlnd/mysqlnd.c +++ b/ext/mysqlnd/mysqlnd.c @@ -1924,7 +1924,7 @@ MYSQLND_METHOD_PRIVATE(mysqlnd_conn_data, free_reference)(MYSQLND_CONN_DATA * co /* {{{ mysqlnd_conn_data::get_state */ static enum mysqlnd_connection_state -MYSQLND_METHOD_PRIVATE(mysqlnd_conn_data, get_state)(MYSQLND_CONN_DATA * const conn TSRMLS_DC) +MYSQLND_METHOD_PRIVATE(mysqlnd_conn_data, get_state)(const MYSQLND_CONN_DATA * const conn TSRMLS_DC) { DBG_ENTER("mysqlnd_conn_data::get_state"); DBG_RETURN(conn->state); diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c index f2c5adcc4d..cdbdf6d7ed 100644 --- a/ext/mysqlnd/mysqlnd_auth.c +++ b/ext/mysqlnd/mysqlnd_auth.c @@ -555,8 +555,8 @@ mysqlnd_sha256_get_rsa_key(MYSQLND_CONN_DATA * conn, DBG_INF_FMT("Public key:%*.s", len, key_str); efree(key_str); } + php_stream_free(stream, PHP_STREAM_FREE_CLOSE); } - php_stream_free(stream, PHP_STREAM_FREE_CLOSE); } DBG_RETURN(ret); } @@ -581,6 +581,7 @@ mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self if (conn->net->data->ssl) { + DBG_INF("simple clear text under SSL"); /* clear text under SSL */ *auth_data_len = passwd_len; ret = malloc(passwd_len); diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h index 7f512b7211..28def72599 100644 --- a/ext/mysqlnd/mysqlnd_structs.h +++ b/ext/mysqlnd/mysqlnd_structs.h @@ -463,7 +463,7 @@ typedef enum_func_status (*func_mysqlnd_conn_data__query_read_result_set_header) typedef MYSQLND_CONN_DATA * (*func_mysqlnd_conn_data__get_reference)(MYSQLND_CONN_DATA * const conn TSRMLS_DC); typedef enum_func_status (*func_mysqlnd_conn_data__free_reference)(MYSQLND_CONN_DATA * const conn TSRMLS_DC); -typedef enum mysqlnd_connection_state (*func_mysqlnd_conn_data__get_state)(MYSQLND_CONN_DATA * const conn TSRMLS_DC); +typedef enum mysqlnd_connection_state (*func_mysqlnd_conn_data__get_state)(const MYSQLND_CONN_DATA * const conn TSRMLS_DC); typedef void (*func_mysqlnd_conn_data__set_state)(MYSQLND_CONN_DATA * const conn, enum mysqlnd_connection_state new_state TSRMLS_DC); typedef enum_func_status (*func_mysqlnd_conn_data__simple_command)(MYSQLND_CONN_DATA * conn, enum php_mysqlnd_server_command command, const zend_uchar * const arg, size_t arg_len, enum mysqlnd_packet_type ok_packet, zend_bool silent, zend_bool ignore_upsert_status TSRMLS_DC); diff --git a/ext/pcre/tests/bug63055.phpt b/ext/pcre/tests/bug63055.phpt new file mode 100644 index 0000000000..16c50b54e5 --- /dev/null +++ b/ext/pcre/tests/bug63055.phpt @@ -0,0 +1,23 @@ +--TEST-- +Bug #63055 (Segfault in zend_gc with SF2 testsuite) +--FILE-- +<?php +/* the default gc root size is 10,000 */ +for ($i=0; $i<9998; $i++) { + $array = array(); + $array[0] = &$array; + unset($array); +} + +$matches = array("foo" => "bar"); /* this bucket will trigger the segfault */ +$dummy = array("dummy"); /* used to trigger gc_collect_cycles */ +$dummy[1] = &$dummy; + +$matches[1] = &$matches; +$matches[2] = $dummy; + +preg_match_all("/(\d)+/", "foo123456bar", $matches); +echo "okey"; +?> +--EXPECTF-- +okey diff --git a/ext/pdo_dblib/dblib_driver.c b/ext/pdo_dblib/dblib_driver.c index 77832f9520..baf1dcc670 100644 --- a/ext/pdo_dblib/dblib_driver.c +++ b/ext/pdo_dblib/dblib_driver.c @@ -315,7 +315,7 @@ static int pdo_dblib_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ DBSETOPT(H->link, DBTEXTSIZE, "2147483647"); /* allow double quoted indentifiers */ - DBSETOPT(H->link, DBQUOTEDIDENT, 1); + DBSETOPT(H->link, DBQUOTEDIDENT, NULL); if (vars[3].optval && FAIL == dbuse(H->link, vars[3].optval)) { goto cleanup; diff --git a/ext/pdo_firebird/firebird_driver.c b/ext/pdo_firebird/firebird_driver.c index e39555fb97..9b0f596959 100644 --- a/ext/pdo_firebird/firebird_driver.c +++ b/ext/pdo_firebird/firebird_driver.c @@ -401,7 +401,7 @@ static int firebird_alloc_prepare_stmt(pdo_dbh_t *dbh, const char *sql, long sql long l, pindex = -1; /* Firebird allows SQL statements up to 64k, so bail if it doesn't fit */ - if (sql_len > SHORT_MAX) { + if (sql_len > 65536) { strcpy(dbh->error_code, "01004"); return 0; } diff --git a/ext/pdo_mysql/tests/pdo_mysql_attr_server_info.phpt b/ext/pdo_mysql/tests/pdo_mysql_attr_server_info.phpt index 3c21d0f321..4d0868ae7d 100644 --- a/ext/pdo_mysql/tests/pdo_mysql_attr_server_info.phpt +++ b/ext/pdo_mysql/tests/pdo_mysql_attr_server_info.phpt @@ -23,7 +23,7 @@ $db = MySQLPDOTest::factory(); printf("[002] Wonderful, I can change the client version!\n"); $new_info = $db->getAttribute(PDO::ATTR_SERVER_INFO); - if ($new_info !== $info) + if (soundex($new_info) != soundex($info)) printf("[003] Did we change it from '%s' to '%s'?\n", $info, $info); // lets hope we always run this in the same second as we did run the server info request... diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index a2d236c9df..a30579e143 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -1854,6 +1854,25 @@ ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_INFO(arginfo_getlastmod, 0) ZEND_END_ARG_INFO() /* }}} */ +/* {{{ password.c */ +ZEND_BEGIN_ARG_INFO_EX(arginfo_password_hash, 0, 0, 2) + ZEND_ARG_INFO(0, password) + ZEND_ARG_INFO(0, algo) + ZEND_ARG_INFO(0, options) +ZEND_END_ARG_INFO() +ZEND_BEGIN_ARG_INFO_EX(arginfo_password_get_info, 0, 0, 1) + ZEND_ARG_INFO(0, hash) +ZEND_END_ARG_INFO() +ZEND_BEGIN_ARG_INFO_EX(arginfo_password_needs_rehash, 0, 0, 2) + ZEND_ARG_INFO(0, hash) + ZEND_ARG_INFO(0, algo) + ZEND_ARG_INFO(0, options) +ZEND_END_ARG_INFO() +ZEND_BEGIN_ARG_INFO_EX(arginfo_password_verify, 0, 0, 2) + ZEND_ARG_INFO(0, password) + ZEND_ARG_INFO(0, hash) +ZEND_END_ARG_INFO() +/* }}} */ /* {{{ proc_open.c */ #ifdef PHP_CAN_SUPPORT_PROC_OPEN ZEND_BEGIN_ARG_INFO_EX(arginfo_proc_terminate, 0, 0, 1) @@ -2864,6 +2883,10 @@ const zend_function_entry basic_functions[] = { /* {{{ */ PHP_FE(base64_decode, arginfo_base64_decode) PHP_FE(base64_encode, arginfo_base64_encode) + PHP_FE(password_hash, arginfo_password_hash) + PHP_FE(password_get_info, arginfo_password_get_info) + PHP_FE(password_needs_rehash, arginfo_password_needs_rehash) + PHP_FE(password_verify, arginfo_password_verify) PHP_FE(convert_uuencode, arginfo_convert_uuencode) PHP_FE(convert_uudecode, arginfo_convert_uudecode) @@ -3614,6 +3637,7 @@ PHP_MINIT_FUNCTION(basic) /* {{{ */ BASIC_MINIT_SUBMODULE(browscap) BASIC_MINIT_SUBMODULE(standard_filters) BASIC_MINIT_SUBMODULE(user_filters) + BASIC_MINIT_SUBMODULE(password) #if defined(HAVE_LOCALECONV) && defined(ZTS) BASIC_MINIT_SUBMODULE(localeconv) diff --git a/ext/standard/config.m4 b/ext/standard/config.m4 index c33ae1e05c..fba423b191 100644 --- a/ext/standard/config.m4 +++ b/ext/standard/config.m4 @@ -580,7 +580,7 @@ PHP_NEW_EXTENSION(standard, array.c base64.c basic_functions.c browscap.c crc32. incomplete_class.c url_scanner_ex.c ftp_fopen_wrapper.c \ http_fopen_wrapper.c php_fopen_wrapper.c credits.c css.c \ var_unserializer.c ftok.c sha1.c user_filters.c uuencode.c \ - filters.c proc_open.c streamsfuncs.c http.c) + filters.c proc_open.c streamsfuncs.c http.c password.c) PHP_ADD_MAKEFILE_FRAGMENT PHP_INSTALL_HEADERS([ext/standard/]) diff --git a/ext/standard/config.w32 b/ext/standard/config.w32 index d14b859e9d..5f24641b4d 100644 --- a/ext/standard/config.w32 +++ b/ext/standard/config.w32 @@ -19,7 +19,7 @@ EXTENSION("standard", "array.c base64.c basic_functions.c browscap.c \ versioning.c assert.c strnatcmp.c levenshtein.c incomplete_class.c \ url_scanner_ex.c ftp_fopen_wrapper.c http_fopen_wrapper.c \ php_fopen_wrapper.c credits.c css.c var_unserializer.c ftok.c sha1.c \ - user_filters.c uuencode.c filters.c proc_open.c \ + user_filters.c uuencode.c filters.c proc_open.c password.c \ streamsfuncs.c http.c flock_compat.c", false /* never shared */); PHP_INSTALL_HEADERS("", "ext/standard"); if (PHP_MBREGEX != "no") { diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index 27a8d82d0e..3b443fc4d5 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -145,44 +145,9 @@ static void php_to64(char *s, long v, int n) /* {{{ */ } /* }}} */ -/* {{{ proto string crypt(string str [, string salt]) - Hash a string */ -PHP_FUNCTION(crypt) +PHPAPI int php_crypt(const char *password, const int pass_len, const char *salt, int salt_len, char **result) { - char salt[PHP_MAX_SALT_LEN + 1]; - char *str, *salt_in = NULL; - int str_len, salt_in_len = 0; char *crypt_res; - salt[0] = salt[PHP_MAX_SALT_LEN] = '\0'; - - /* This will produce suitable results if people depend on DES-encryption - * available (passing always 2-character salt). At least for glibc6.1 */ - memset(&salt[1], '$', PHP_MAX_SALT_LEN - 1); - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s", &str, &str_len, &salt_in, &salt_in_len) == FAILURE) { - return; - } - - if (salt_in) { - memcpy(salt, salt_in, MIN(PHP_MAX_SALT_LEN, salt_in_len)); - } - - /* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */ - if (!*salt) { -#if PHP_MD5_CRYPT - strncpy(salt, "$1$", PHP_MAX_SALT_LEN); - php_to64(&salt[3], PHP_CRYPT_RAND, 4); - php_to64(&salt[7], PHP_CRYPT_RAND, 4); - strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11); -#elif PHP_STD_DES_CRYPT - php_to64(&salt[0], PHP_CRYPT_RAND, 2); - salt[2] = '\0'; -#endif - salt_in_len = strlen(salt); - } else { - salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len); - } - /* Windows (win32/crypt) has a stripped down version of libxcrypt and a CryptoApi md5_crypt implementation */ #if PHP_USE_PHP_CRYPT_R @@ -190,55 +155,44 @@ PHP_FUNCTION(crypt) struct php_crypt_extended_data buffer; if (salt[0]=='$' && salt[1]=='1' && salt[2]=='$') { - char output[MD5_HASH_MAX_LEN]; + char output[MD5_HASH_MAX_LEN], *out; - RETURN_STRING(php_md5_crypt_r(str, salt, output), 1); + out = php_md5_crypt_r(password, salt, output); + if (out) { + *result = estrdup(out); + return SUCCESS; + } + return FAILURE; } else if (salt[0]=='$' && salt[1]=='6' && salt[2]=='$') { - const char sha512_salt_prefix[] = "$6$"; - const char sha512_rounds_prefix[] = "rounds="; char *output; - int needed = (sizeof(sha512_salt_prefix) - 1 - + sizeof(sha512_rounds_prefix) + 9 + 1 - + salt_in_len + 1 + 86 + 1); - output = emalloc(needed); - salt[salt_in_len] = '\0'; + output = emalloc(PHP_MAX_SALT_LEN); - crypt_res = php_sha512_crypt_r(str, salt, output, needed); + crypt_res = php_sha512_crypt_r(password, salt, output, PHP_MAX_SALT_LEN); if (!crypt_res) { - if (salt[0]=='*' && salt[1]=='0') { - RETVAL_STRING("*1", 1); - } else { - RETVAL_STRING("*0", 1); - } + memset(output, 0, PHP_MAX_SALT_LEN); + efree(output); + return FAILURE; } else { - RETVAL_STRING(output, 1); + *result = estrdup(output); + memset(output, 0, PHP_MAX_SALT_LEN); + efree(output); + return SUCCESS; } - - memset(output, 0, needed); - efree(output); } else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') { - const char sha256_salt_prefix[] = "$5$"; - const char sha256_rounds_prefix[] = "rounds="; char *output; - int needed = (sizeof(sha256_salt_prefix) - 1 - + sizeof(sha256_rounds_prefix) + 9 + 1 - + salt_in_len + 1 + 43 + 1); - output = emalloc(needed); - salt[salt_in_len] = '\0'; + output = emalloc(PHP_MAX_SALT_LEN); - crypt_res = php_sha256_crypt_r(str, salt, output, needed); + crypt_res = php_sha256_crypt_r(password, salt, output, PHP_MAX_SALT_LEN); if (!crypt_res) { - if (salt[0]=='*' && salt[1]=='0') { - RETVAL_STRING("*1", 1); - } else { - RETVAL_STRING("*0", 1); - } + memset(output, 0, PHP_MAX_SALT_LEN); + efree(output); + return FAILURE; } else { - RETVAL_STRING(output, 1); + *result = estrdup(output); + memset(output, 0, PHP_MAX_SALT_LEN); + efree(output); + return SUCCESS; } - - memset(output, 0, needed); - efree(output); } else if ( salt[0] == '$' && salt[1] == '2' && @@ -251,31 +205,25 @@ PHP_FUNCTION(crypt) memset(output, 0, PHP_MAX_SALT_LEN + 1); - crypt_res = php_crypt_blowfish_rn(str, salt, output, sizeof(output)); + crypt_res = php_crypt_blowfish_rn(password, salt, output, sizeof(output)); if (!crypt_res) { - if (salt[0]=='*' && salt[1]=='0') { - RETVAL_STRING("*1", 1); - } else { - RETVAL_STRING("*0", 1); - } + memset(output, 0, PHP_MAX_SALT_LEN + 1); + return FAILURE; } else { - RETVAL_STRING(output, 1); + *result = estrdup(output); + memset(output, 0, PHP_MAX_SALT_LEN + 1); + return SUCCESS; } - - memset(output, 0, PHP_MAX_SALT_LEN + 1); } else { memset(&buffer, 0, sizeof(buffer)); _crypt_extended_init_r(); - crypt_res = _crypt_extended_r(str, salt, &buffer); + crypt_res = _crypt_extended_r(password, salt, &buffer); if (!crypt_res) { - if (salt[0]=='*' && salt[1]=='0') { - RETURN_STRING("*1", 1); - } else { - RETURN_STRING("*0", 1); - } + return FAILURE; } else { - RETURN_STRING(crypt_res, 1); + *result = estrdup(crypt_res); + return SUCCESS; } } } @@ -291,21 +239,68 @@ PHP_FUNCTION(crypt) # else # error Data struct used by crypt_r() is unknown. Please report. # endif - crypt_res = crypt_r(str, salt, &buffer); + crypt_res = crypt_r(password, salt, &buffer); if (!crypt_res) { - if (salt[0]=='*' && salt[1]=='0') { - RETURN_STRING("*1", 1); - } else { - RETURN_STRING("*0", 1); - } + return FAILURE; } else { - RETURN_STRING(crypt_res, 1); + *result = estrdup(crypt_res); + return SUCCESS; } } # endif #endif } /* }}} */ + + +/* {{{ proto string crypt(string str [, string salt]) + Hash a string */ +PHP_FUNCTION(crypt) +{ + char salt[PHP_MAX_SALT_LEN + 1]; + char *str, *salt_in = NULL, *result = NULL; + int str_len, salt_in_len = 0; + salt[0] = salt[PHP_MAX_SALT_LEN] = '\0'; + + /* This will produce suitable results if people depend on DES-encryption + * available (passing always 2-character salt). At least for glibc6.1 */ + memset(&salt[1], '$', PHP_MAX_SALT_LEN - 1); + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s", &str, &str_len, &salt_in, &salt_in_len) == FAILURE) { + return; + } + + if (salt_in) { + memcpy(salt, salt_in, MIN(PHP_MAX_SALT_LEN, salt_in_len)); + } + + /* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */ + if (!*salt) { +#if PHP_MD5_CRYPT + strncpy(salt, "$1$", PHP_MAX_SALT_LEN); + php_to64(&salt[3], PHP_CRYPT_RAND, 4); + php_to64(&salt[7], PHP_CRYPT_RAND, 4); + strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11); +#elif PHP_STD_DES_CRYPT + php_to64(&salt[0], PHP_CRYPT_RAND, 2); + salt[2] = '\0'; +#endif + salt_in_len = strlen(salt); + } else { + salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len); + } + salt[salt_in_len] = '\0'; + + if (php_crypt(str, str_len, salt, salt_in_len, &result) == FAILURE) { + if (salt[0] == '*' && salt[1] == '0') { + RETURN_STRING("*1", 1); + } else { + RETURN_STRING("*0", 1); + } + } + RETURN_STRING(result, 0); +} +/* }}} */ #endif /* diff --git a/ext/standard/password.c b/ext/standard/password.c new file mode 100644 index 0000000000..266ad0a421 --- /dev/null +++ b/ext/standard/password.c @@ -0,0 +1,460 @@ +/* + +----------------------------------------------------------------------+ + | PHP Version 5 | + +----------------------------------------------------------------------+ + | Copyright (c) 1997-2012 The PHP Group | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.01 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_01.txt | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Authors: Anthony Ferrara <ircmaxell@php.net> | + +----------------------------------------------------------------------+ +*/ + +/* $Id$ */ + +#include <stdlib.h> + +#include "php.h" +#if HAVE_CRYPT + +#include "fcntl.h" +#include "php_password.h" +#include "php_rand.h" +#include "php_crypt.h" +#include "base64.h" +#include "zend_interfaces.h" +#include "info.h" + +#if PHP_WIN32 +#include "win32/winutil.h" +#endif + +PHP_MINIT_FUNCTION(password) /* {{{ */ +{ + REGISTER_LONG_CONSTANT("PASSWORD_DEFAULT", PHP_PASSWORD_DEFAULT, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT); + + REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT_DEFAULT_COST", PHP_PASSWORD_BCRYPT_COST, CONST_CS | CONST_PERSISTENT); + + return SUCCESS; +} +/* }}} */ + +static char* php_password_get_algo_name(const php_password_algo algo) +{ + switch (algo) { + case PHP_PASSWORD_BCRYPT: + return "bcrypt"; + case PHP_PASSWORD_UNKNOWN: + default: + return "unknown"; + } +} + +static php_password_algo php_password_determine_algo(const char *hash, const size_t len) +{ + if (len > 3 && hash[0] == '$' && hash[1] == '2' && hash[2] == 'y' && len == 60) { + return PHP_PASSWORD_BCRYPT; + } + + return PHP_PASSWORD_UNKNOWN; +} + +static zend_bool php_password_salt_is_alphabet(const char *str, const size_t len) /* {{{ */ +{ + size_t i = 0; + + for (i = 0; i < len; i++) { + if (!((str[i] >= 'A' && str[i] <= 'Z') || (str[i] >= 'a' && str[i] <= 'z') || (str[i] >= '0' && str[i] <= '9') || str[i] == '.' || str[i] == '/')) { + return 0; + } + } + return 1; +} +/* }}} */ + +static zend_bool php_password_salt_to64(const char *str, const size_t str_len, const size_t out_len, char *ret) /* {{{ */ +{ + size_t pos = 0; + size_t ret_len = 0; + unsigned char *buffer; + if ((int) str_len < 0) { + return FAILURE; + } + buffer = php_base64_encode((unsigned char*) str, (int) str_len, (int*) &ret_len); + if (ret_len < out_len) { + /* Too short of an encoded string generated */ + efree(buffer); + return FAILURE; + } + for (pos = 0; pos < out_len; pos++) { + if (buffer[pos] == '+') { + ret[pos] = '.'; + } else if (buffer[pos] == '=') { + efree(buffer); + return FAILURE; + } else { + ret[pos] = buffer[pos]; + } + } + efree(buffer); + return SUCCESS; +} +/* }}} */ + +static zend_bool php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */ +{ + int buffer_valid = 0; + size_t i, raw_length; + char *buffer; + char *result; + + if (length > (INT_MAX / 3)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length is too large to safely generate"); + return FAILURE; + } + + raw_length = length * 3 / 4 + 1; + + buffer = (char *) safe_emalloc(raw_length, 1, 1); + +#if PHP_WIN32 + { + BYTE *iv_b = (BYTE *) buffer; + if (php_win32_get_random_bytes(iv_b, raw_length) == SUCCESS) { + buffer_valid = 1; + } + } +#else + { + int fd, n; + size_t read_bytes = 0; + fd = open("/dev/urandom", O_RDONLY); + if (fd >= 0) { + while (read_bytes < raw_length) { + n = read(fd, buffer + read_bytes, raw_length - read_bytes); + if (n < 0) { + break; + } + read_bytes += (size_t) n; + } + close(fd); + } + if (read_bytes >= raw_length) { + buffer_valid = 1; + } + } +#endif + if (!buffer_valid) { + for (i = 0; i < raw_length; i++) { + buffer[i] ^= (char) (255.0 * php_rand(TSRMLS_C) / RAND_MAX); + } + } + + result = safe_emalloc(length, 1, 1); + if (php_password_salt_to64(buffer, raw_length, length, result) == FAILURE) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Generated salt too short"); + efree(buffer); + efree(result); + return FAILURE; + } + memcpy(ret, result, (int) length); + efree(result); + efree(buffer); + ret[length] = 0; + return SUCCESS; +} +/* }}} */ + +PHP_FUNCTION(password_get_info) +{ + php_password_algo algo; + int hash_len; + char *hash, *algo_name; + zval *options; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &hash, &hash_len) == FAILURE) { + return; + } + + if (hash_len < 0 || (size_t) hash_len < 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied password hash too long to safely identify"); + RETURN_FALSE; + } + + ALLOC_INIT_ZVAL(options); + array_init(options); + + algo = php_password_determine_algo(hash, (size_t) hash_len); + algo_name = php_password_get_algo_name(algo); + + switch (algo) { + case PHP_PASSWORD_BCRYPT: + { + long cost = PHP_PASSWORD_BCRYPT_COST; + sscanf(hash, "$2y$%ld$", &cost); + add_assoc_long(options, "cost", cost); + } + break; + case PHP_PASSWORD_UNKNOWN: + default: + break; + } + + array_init(return_value); + + add_assoc_long(return_value, "algo", algo); + add_assoc_string(return_value, "algoName", algo_name, 1); + add_assoc_zval(return_value, "options", options); +} + +PHP_FUNCTION(password_needs_rehash) +{ + long new_algo = 0; + php_password_algo algo; + int hash_len; + char *hash; + HashTable *options = 0; + zval **option_buffer; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|H", &hash, &hash_len, &new_algo, &options) == FAILURE) { + return; + } + + if (hash_len < 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied password hash too long to safely identify"); + RETURN_FALSE; + } + + algo = php_password_determine_algo(hash, (size_t) hash_len); + + if (algo != new_algo) { + RETURN_TRUE; + } + + switch (algo) { + case PHP_PASSWORD_BCRYPT: + { + long new_cost = PHP_PASSWORD_BCRYPT_COST, cost = 0; + + if (options && zend_symtable_find(options, "cost", sizeof("cost"), (void **) &option_buffer) == SUCCESS) { + if (Z_TYPE_PP(option_buffer) != IS_LONG) { + zval cast_option_buffer; + MAKE_COPY_ZVAL(option_buffer, &cast_option_buffer); + convert_to_long(&cast_option_buffer); + new_cost = Z_LVAL(cast_option_buffer); + zval_dtor(&cast_option_buffer); + } else { + new_cost = Z_LVAL_PP(option_buffer); + } + } + + sscanf(hash, "$2y$%ld$", &cost); + if (cost != new_cost) { + RETURN_TRUE; + } + } + break; + case PHP_PASSWORD_UNKNOWN: + default: + break; + } + RETURN_FALSE; +} + +/* {{{ proto boolean password_make_salt(string password, string hash) +Verify a hash created using crypt() or password_hash() */ +PHP_FUNCTION(password_verify) +{ + int status = 0, i; + int password_len, hash_len; + char *ret, *password, *hash; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &password, &password_len, &hash, &hash_len) == FAILURE) { + RETURN_FALSE; + } + if (php_crypt(password, password_len, hash, hash_len, &ret) == FAILURE) { + RETURN_FALSE; + } + + if (strlen(ret) != hash_len || hash_len < 13) { + efree(ret); + RETURN_FALSE; + } + + /* We're using this method instead of == in order to provide + * resistence towards timing attacks. This is a constant time + * equality check that will always check every byte of both + * values. */ + for (i = 0; i < hash_len; i++) { + status |= (ret[i] ^ hash[i]); + } + + efree(ret); + + RETURN_BOOL(status == 0); + +} +/* }}} */ + +/* {{{ proto string password_hash(string password, int algo, array options = array()) +Hash a password */ +PHP_FUNCTION(password_hash) +{ + char *hash_format, *hash, *salt, *password, *result; + long algo = 0; + int password_len = 0, hash_len; + size_t salt_len = 0, required_salt_len = 0, hash_format_len; + HashTable *options = 0; + zval **option_buffer; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|H", &password, &password_len, &algo, &options) == FAILURE) { + return; + } + + switch (algo) { + case PHP_PASSWORD_BCRYPT: + { + long cost = PHP_PASSWORD_BCRYPT_COST; + + if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) { + if (Z_TYPE_PP(option_buffer) != IS_LONG) { + zval cast_option_buffer; + MAKE_COPY_ZVAL(option_buffer, &cast_option_buffer); + convert_to_long(&cast_option_buffer); + cost = Z_LVAL(cast_option_buffer); + zval_dtor(&cast_option_buffer); + } else { + cost = Z_LVAL_PP(option_buffer); + } + } + + if (cost < 4 || cost > 31) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid bcrypt cost parameter specified: %ld", cost); + RETURN_NULL(); + } + + required_salt_len = 22; + hash_format = emalloc(8); + sprintf(hash_format, "$2y$%02ld$", cost); + hash_format_len = 7; + } + break; + case PHP_PASSWORD_UNKNOWN: + default: + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown password hashing algorithm: %ld", algo); + RETURN_NULL(); + } + + if (options && zend_symtable_find(options, "salt", 5, (void**) &option_buffer) == SUCCESS) { + char *buffer; + int buffer_len_int = 0; + size_t buffer_len; + switch (Z_TYPE_PP(option_buffer)) { + case IS_STRING: + buffer = estrndup(Z_STRVAL_PP(option_buffer), Z_STRLEN_PP(option_buffer)); + buffer_len_int = Z_STRLEN_PP(option_buffer); + break; + case IS_LONG: + case IS_DOUBLE: + case IS_OBJECT: { + zval cast_option_buffer; + MAKE_COPY_ZVAL(option_buffer, &cast_option_buffer); + convert_to_string(&cast_option_buffer); + if (Z_TYPE(cast_option_buffer) == IS_STRING) { + buffer = estrndup(Z_STRVAL(cast_option_buffer), Z_STRLEN(cast_option_buffer)); + buffer_len_int = Z_STRLEN(cast_option_buffer); + zval_dtor(&cast_option_buffer); + break; + } + zval_dtor(&cast_option_buffer); + } + case IS_BOOL: + case IS_NULL: + case IS_RESOURCE: + case IS_ARRAY: + default: + efree(hash_format); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Non-string salt parameter supplied"); + RETURN_NULL(); + } + if (buffer_len_int < 0) { + efree(hash_format); + efree(buffer); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied salt is too long"); + } + buffer_len = (size_t) buffer_len_int; + if (buffer_len < required_salt_len) { + efree(hash_format); + efree(buffer); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu expecting %lu", (unsigned long) buffer_len, (unsigned long) required_salt_len); + RETURN_NULL(); + } else if (0 == php_password_salt_is_alphabet(buffer, buffer_len)) { + salt = safe_emalloc(required_salt_len, 1, 1); + if (php_password_salt_to64(buffer, buffer_len, required_salt_len, salt) == FAILURE) { + efree(hash_format); + efree(buffer); + efree(salt); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu", (unsigned long) buffer_len); + RETURN_NULL(); + } + salt_len = required_salt_len; + } else { + salt = safe_emalloc(required_salt_len, 1, 1); + memcpy(salt, buffer, (int) required_salt_len); + salt_len = required_salt_len; + } + efree(buffer); + } else { + salt = safe_emalloc(required_salt_len, 1, 1); + if (php_password_make_salt(required_salt_len, salt TSRMLS_CC) == FAILURE) { + efree(hash_format); + efree(salt); + RETURN_FALSE; + } + salt_len = required_salt_len; + } + + salt[salt_len] = 0; + + hash = safe_emalloc(salt_len + hash_format_len, 1, 1); + sprintf(hash, "%s%s", hash_format, salt); + hash[hash_format_len + salt_len] = 0; + + efree(hash_format); + efree(salt); + + /* This cast is safe, since both values are defined here in code and cannot overflow */ + hash_len = (int) (hash_format_len + salt_len); + + if (php_crypt(password, password_len, hash, hash_len, &result) == FAILURE) { + efree(hash); + RETURN_FALSE; + } + + efree(hash); + + if (strlen(result) < 13) { + efree(result); + RETURN_FALSE; + } + + RETURN_STRING(result, 0); +} +/* }}} */ + +#endif /* HAVE_CRYPT */ +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * End: + * vim600: sw=4 ts=4 fdm=marker + * vim<600: sw=4 ts=4 + */ diff --git a/ext/standard/php_crypt.h b/ext/standard/php_crypt.h index 93b232896a..7410a8c328 100644 --- a/ext/standard/php_crypt.h +++ b/ext/standard/php_crypt.h @@ -23,6 +23,7 @@ #ifndef PHP_CRYPT_H #define PHP_CRYPT_H +PHPAPI int php_crypt(const char *password, const int pass_len, const char *salt, int salt_len, char **result); PHP_FUNCTION(crypt); #if HAVE_CRYPT PHP_MINIT_FUNCTION(crypt); diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h new file mode 100644 index 0000000000..079f187703 --- /dev/null +++ b/ext/standard/php_password.h @@ -0,0 +1,48 @@ +/* + +----------------------------------------------------------------------+ + | PHP Version 5 | + +----------------------------------------------------------------------+ + | Copyright (c) 1997-2012 The PHP Group | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.01 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_01.txt | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Authors: Anthony Ferrara <ircmaxell@php.net> | + +----------------------------------------------------------------------+ +*/ + +/* $Id$ */ + +#ifndef PHP_PASSWORD_H +#define PHP_PASSWORD_H + +PHP_FUNCTION(password_hash); +PHP_FUNCTION(password_verify); +PHP_FUNCTION(password_needs_rehash); +PHP_FUNCTION(password_get_info); + +PHP_MINIT_FUNCTION(password); + +#define PHP_PASSWORD_DEFAULT PHP_PASSWORD_BCRYPT + +#define PHP_PASSWORD_BCRYPT_COST 10 + +typedef enum { + PHP_PASSWORD_UNKNOWN, + PHP_PASSWORD_BCRYPT +} php_password_algo; + +#endif + + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * End: + */ diff --git a/ext/standard/php_standard.h b/ext/standard/php_standard.h index 483dbc33bc..bccfebe543 100644 --- a/ext/standard/php_standard.h +++ b/ext/standard/php_standard.h @@ -58,6 +58,7 @@ #include "php_versioning.h" #include "php_ftok.h" #include "php_type.h" +#include "php_password.h" #define phpext_standard_ptr basic_functions_module_ptr PHP_MINIT_FUNCTION(standard_filters); diff --git a/ext/standard/tests/password/password_bcrypt_errors.phpt b/ext/standard/tests/password/password_bcrypt_errors.phpt new file mode 100644 index 0000000000..2548c9accb --- /dev/null +++ b/ext/standard/tests/password/password_bcrypt_errors.phpt @@ -0,0 +1,39 @@ +--TEST-- +Test error operation of password_hash() with bcrypt hashing +--FILE-- +<?php +//-=-=-=- + +var_dump(password_hash("foo", PASSWORD_BCRYPT, array("cost" => 3))); + +var_dump(password_hash("foo", PASSWORD_BCRYPT, array("cost" => 32))); + +var_dump(password_hash("foo", PASSWORD_BCRYPT, array("salt" => "foo"))); + +var_dump(password_hash("foo", PASSWORD_BCRYPT, array("salt" => "123456789012345678901"))); + +var_dump(password_hash("foo", PASSWORD_BCRYPT, array("salt" => 123))); + +var_dump(password_hash("foo", PASSWORD_BCRYPT, array("cost" => "foo"))); + +?> +--EXPECTF-- +Warning: password_hash(): Invalid bcrypt cost parameter specified: 3 in %s on line %d +NULL + +Warning: password_hash(): Invalid bcrypt cost parameter specified: 32 in %s on line %d +NULL + +Warning: password_hash(): Provided salt is too short: 3 expecting 22 in %s on line %d +NULL + +Warning: password_hash(): Provided salt is too short: 21 expecting 22 in %s on line %d +NULL + +Warning: password_hash(): Provided salt is too short: 3 expecting 22 in %s on line %d +NULL + +Warning: password_hash(): Invalid bcrypt cost parameter specified: 0 in %s on line %d +NULL + + diff --git a/ext/standard/tests/password/password_get_info.phpt b/ext/standard/tests/password/password_get_info.phpt new file mode 100644 index 0000000000..4c8dc04ff8 --- /dev/null +++ b/ext/standard/tests/password/password_get_info.phpt @@ -0,0 +1,58 @@ +--TEST-- +Test normal operation of password_get_info() +--FILE-- +<?php +//-=-=-=- +// Test Bcrypt +var_dump(password_get_info('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y')); +// Test Bcrypt Cost +var_dump(password_get_info('$2y$11$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y')); +// Test Bcrypt Invalid Length +var_dump(password_get_info('$2y$11$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100')); +// Test Non-Bcrypt +var_dump(password_get_info('$1$rasmusle$rISCgZzpwk3UhDidwXvin0')); + +echo "OK!"; +?> +--EXPECT-- +array(3) { + ["algo"]=> + int(1) + ["algoName"]=> + string(6) "bcrypt" + ["options"]=> + array(1) { + ["cost"]=> + int(10) + } +} +array(3) { + ["algo"]=> + int(1) + ["algoName"]=> + string(6) "bcrypt" + ["options"]=> + array(1) { + ["cost"]=> + int(11) + } +} +array(3) { + ["algo"]=> + int(0) + ["algoName"]=> + string(7) "unknown" + ["options"]=> + array(0) { + } +} +array(3) { + ["algo"]=> + int(0) + ["algoName"]=> + string(7) "unknown" + ["options"]=> + array(0) { + } +} +OK! diff --git a/ext/standard/tests/password/password_get_info_error.phpt b/ext/standard/tests/password/password_get_info_error.phpt new file mode 100644 index 0000000000..af676744c8 --- /dev/null +++ b/ext/standard/tests/password/password_get_info_error.phpt @@ -0,0 +1,17 @@ +--TEST-- +Test error operation of password_get_info() +--FILE-- +<?php +//-=-=-=- +var_dump(password_get_info()); +var_dump(password_get_info(array())); + +echo "OK!"; +?> +--EXPECTF-- +Warning: password_get_info() expects exactly 1 parameter, 0 given in %s on line %d +NULL + +Warning: password_get_info() expects parameter 1 to be string, array given in %s on line %d +NULL +OK! diff --git a/ext/standard/tests/password/password_hash.phpt b/ext/standard/tests/password/password_hash.phpt new file mode 100644 index 0000000000..f59d3d5e48 --- /dev/null +++ b/ext/standard/tests/password/password_hash.phpt @@ -0,0 +1,25 @@ +--TEST-- +Test normal operation of password_hash() +--FILE-- +<?php +//-=-=-=- + +var_dump(strlen(password_hash("foo", PASSWORD_BCRYPT))); + +$hash = password_hash("foo", PASSWORD_BCRYPT); + +var_dump($hash === crypt("foo", $hash)); + +var_dump(password_hash("rasmuslerdorf", PASSWORD_BCRYPT, array("cost" => 7, "salt" => "usesomesillystringforsalt"))); + +var_dump(password_hash("test", PASSWORD_BCRYPT, array("salt" => "123456789012345678901" . chr(0)))); + +echo "OK!"; +?> +--EXPECT-- +int(60) +bool(true) +string(60) "$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi" +string(60) "$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y" +OK! + diff --git a/ext/standard/tests/password/password_hash_error.phpt b/ext/standard/tests/password/password_hash_error.phpt new file mode 100644 index 0000000000..952250cb30 --- /dev/null +++ b/ext/standard/tests/password/password_hash_error.phpt @@ -0,0 +1,48 @@ +--TEST-- +Test error operation of password_hash() +--FILE-- +<?php +//-=-=-=- + +var_dump(password_hash()); + +var_dump(password_hash("foo")); + +var_dump(password_hash("foo", array())); + +var_dump(password_hash("foo", 19, new StdClass)); + +var_dump(password_hash("foo", PASSWORD_BCRYPT, "baz")); + +var_dump(password_hash(array(), PASSWORD_BCRYPT)); + +var_dump(password_hash("123", PASSWORD_BCRYPT, array("salt" => array()))); + +/* Non-string salt, checking for memory leaks */ +var_dump(password_hash('123', PASSWORD_BCRYPT, array('salt' => 1234))); + +?> +--EXPECTF-- +Warning: password_hash() expects at least 2 parameters, 0 given in %s on line %d +NULL + +Warning: password_hash() expects at least 2 parameters, 1 given in %s on line %d +NULL + +Warning: password_hash() expects parameter 2 to be long, array given in %s on line %d +NULL + +Warning: password_hash(): Unknown password hashing algorithm: 19 in %s on line %d +NULL + +Warning: password_hash() expects parameter 3 to be array, string given in %s on line %d +NULL + +Warning: password_hash() expects parameter 1 to be string, array given in %s on line %d +NULL + +Warning: password_hash(): Non-string salt parameter supplied in %s on line %d +NULL + +Warning: password_hash(): Provided salt is too short: 4 expecting 22 in %s on line %d +NULL diff --git a/ext/standard/tests/password/password_needs_rehash.phpt b/ext/standard/tests/password/password_needs_rehash.phpt new file mode 100644 index 0000000000..734729e63d --- /dev/null +++ b/ext/standard/tests/password/password_needs_rehash.phpt @@ -0,0 +1,45 @@ +--TEST-- +Test normal operation of password_needs_rehash() +--FILE-- +<?php +//-=-=-=- + +// Invalid Hash, always rehash +var_dump(password_needs_rehash('', PASSWORD_BCRYPT)); + +// Valid, as it's an unknown algorithm +var_dump(password_needs_rehash('', 0)); + +// Valid with cost the same +var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 10))); + +// Valid with cost the same, additional params +var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 10, 'foo' => 3))); + +// Invalid, different (lower) cost +var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 09))); + +// Invalid, different (higher) cost +var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 11))); + +// Valid with cost the default +$cost = str_pad(PASSWORD_BCRYPT_DEFAULT_COST, 2, '0', STR_PAD_LEFT); +var_dump(password_needs_rehash('$2y$'.$cost.'$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT)); + +// Should Issue Needs Rehash, Since Foo is cast to 0... +var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 'foo'))); + + + +echo "OK!"; +?> +--EXPECT-- +bool(true) +bool(false) +bool(false) +bool(false) +bool(true) +bool(true) +bool(false) +bool(true) +OK! diff --git a/ext/standard/tests/password/password_needs_rehash_error.phpt b/ext/standard/tests/password/password_needs_rehash_error.phpt new file mode 100644 index 0000000000..e25ef8db3f --- /dev/null +++ b/ext/standard/tests/password/password_needs_rehash_error.phpt @@ -0,0 +1,33 @@ +--TEST-- +Test error operation of password_needs_rehash() +--FILE-- +<?php +//-=-=-=- +var_dump(password_needs_rehash()); + +var_dump(password_needs_rehash('')); + +var_dump(password_needs_rehash('', "foo")); + +var_dump(password_needs_rehash(array(), 1)); + +var_dump(password_needs_rehash("", 1, "foo")); + +echo "OK!"; +?> +--EXPECTF-- +Warning: password_needs_rehash() expects at least 2 parameters, 0 given in %s on line %d +NULL + +Warning: password_needs_rehash() expects at least 2 parameters, 1 given in %s on line %d +NULL + +Warning: password_needs_rehash() expects parameter 2 to be long, string given in %s on line %d +NULL + +Warning: password_needs_rehash() expects parameter 1 to be string, array given in %s on line %d +NULL + +Warning: password_needs_rehash() expects parameter 3 to be array, string given in %s on line %d +NULL +OK! diff --git a/ext/standard/tests/password/password_verify.phpt b/ext/standard/tests/password/password_verify.phpt new file mode 100644 index 0000000000..e7ecc7edd3 --- /dev/null +++ b/ext/standard/tests/password/password_verify.phpt @@ -0,0 +1,21 @@ +--TEST-- +Test normal operation of password_verify) +--FILE-- +<?php +//-=-=-=- + +var_dump(password_verify(123, 123)); + +var_dump(password_verify("foo", '$2a$07$usesomesillystringforsalt$')); + +var_dump(password_verify('rasmusler', '$2a$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi')); + +var_dump(password_verify('rasmuslerdorf', '$2a$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi')); +echo "OK!"; +?> +--EXPECT-- +bool(false) +bool(false) +bool(false) +bool(true) +OK! diff --git a/ext/standard/tests/password/password_verify_error.phpt b/ext/standard/tests/password/password_verify_error.phpt new file mode 100644 index 0000000000..3e653fa04e --- /dev/null +++ b/ext/standard/tests/password/password_verify_error.phpt @@ -0,0 +1,18 @@ +--TEST-- +Test error operation of password_verify() +--FILE-- +<?php +//-=-=-=- + +var_dump(password_verify()); + +var_dump(password_verify("foo")); + +?> +--EXPECTF-- +Warning: password_verify() expects exactly 2 parameters, 0 given in %s on line %d +bool(false) + +Warning: password_verify() expects exactly 2 parameters, 1 given in %s on line %d +bool(false) + diff --git a/ext/standard/tests/streams/bug63240.phpt b/ext/standard/tests/streams/bug63240.phpt new file mode 100644 index 0000000000..7612c43745 --- /dev/null +++ b/ext/standard/tests/streams/bug63240.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #63240: stream_get_line() return contains delimiter string +--FILE-- +<?php +$fd = fopen('php://temp', 'r+'); +$delimiter = 'MM'; +$str = str_repeat('.', 8191) . $delimiter . "rest"; +fwrite($fd, $str); +rewind($fd); +$line = stream_get_line($fd, 9000, $delimiter); +var_dump(strlen($line)); +$line = stream_get_line($fd, 9000, $delimiter); +var_dump($line); +?> +--EXPECT-- +int(8191) +string(4) "rest" diff --git a/main/streams/streams.c b/main/streams/streams.c index 81bf59446f..40b18e9f5b 100644 --- a/main/streams/streams.c +++ b/main/streams/streams.c @@ -1055,9 +1055,17 @@ PHPAPI char *php_stream_get_record(php_stream *stream, size_t maxlen, size_t *re if (has_delim) { /* search for delimiter, but skip buffered_len (the number of bytes * buffered before this loop iteration), as they have already been - * searched for the delimiter */ + * searched for the delimiter. + * The left part of the delimiter may still remain in the buffer, + * so subtract up to <delim_len - 1> from buffered_len, which is + * the ammount of data we skip on this search as an optimization + */ found_delim = _php_stream_search_delim( - stream, maxlen, buffered_len, delim, delim_len TSRMLS_CC); + stream, maxlen, + buffered_len >= (delim_len - 1) + ? buffered_len - (delim_len - 1) + : 0, + delim, delim_len TSRMLS_CC); if (found_delim) { break; } diff --git a/sapi/litespeed/lsapi_main.c b/sapi/litespeed/lsapi_main.c index 5f4d2e6ec7..338b8e9d1e 100644 --- a/sapi/litespeed/lsapi_main.c +++ b/sapi/litespeed/lsapi_main.c @@ -431,7 +431,7 @@ static void cli_usage( TSRMLS_D ) " args... Arguments passed to script.\n"; php_output_startup(); php_output_activate(TSRMLS_C); - php_printf( usage ); + php_printf( "%s", usage ); #ifdef PHP_OUTPUT_NEWAPI php_output_end_all(TSRMLS_C); #else |