| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
When no test paths are specified this shows up when 'make test' is used on a PECL extension without specifying tests to run (or in php-src too, I guess...)
Closes GH-6717.
|
|
|
|
| |
(cherry picked from commit ab8177de2c89672e63a7a1ccef4df8f7bf34fbd2)
|
| |
|
|
|
|
|
| |
This reverts commit 491488d21707062fa8e9b9187db3585fb0d347da, since
PHP-7.3 is in security mode, and this does not look security related.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.
[1] <https://github.com/php/php-src/commit/5174de7cd33c3d4fa591c9c93859ff9989b07e8c#commitcomment-45967652>
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| | |
* PHP-7.2:
Fix #77423: parse_url() will deliver a wrong host to user
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.
For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In MariaDB-10.4.3 EXPIRE passwords where supported for
MariaDB. This only behaves like MySQL when the system
variable disconnect_on_expired_passwords=1.
MariaDB if there was no password it could not be considered
expired. So the test is adjusted to use actual passwords.
(MariaDB commit a94b20a8e0d9e64eeaabdaaa7a3e03fcdb8a686e)
The error codes produced my MariaDB are different
however still conforming to the SQL specification.
Closes GH-6480.
|
| |
| |
| |
| |
| |
| |
| | |
On x32 sizeof(size_t) != sizeof(zend_long), so we need to be
careful with sign extension here.
Patch by bruno dot premont at restena dot lu.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
MySQL removed RENAME DATABASE in 18300001c1dbbfddf9a0adcbaeea68956102bdd0
(Sept 2007, 5.1.23). As this briefest existance is very insignificant lets remove it.
It also breaks when testing against MariaDB.
As the alternate path in this test covers all supported MySQL and MariaDB
versions and a signifant portion of unsupported versions lets keep it simple.
Closes GH-6459.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
On stable versions, bring back the TRUE/FALSE defines by defining
_U_DEFINE_TRUE_AND_FALSE.
Closes GH-6397.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As of commit 81b2f3e[1], `parse_url()` accepts URLs with a zero port,
but does not report that port, what is wrong in hindsight.
Since the port number is stored as `unsigned short` there is no way to
distinguish between port zero and no port. For BC reasons, we thus
introduce `parse_url_ex2()` which accepts an output parameter that
allows that distinction, and use the new function to fix the behavior.
The introduction of `parse_url_ex2()` has been suggested by Nikita.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=81b2f3e5d9fcdffd87a4fcd12bd8c708a97091e1>
Closes GH-6399.
|
| |
| |
| |
| |
| | |
As mentioned on bug #80171. This one is in libtool.m4, might get
lost on libtool updates.
|
| |
| |
| |
| |
| |
| | |
Patch contributed by Alexander Bergmann.
Closes GH-6389.
|
| |
| |
| |
| | |
In this function, `i` is of type `size_t`.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Unless `SQLGetData()` returns `SQL_SUCCESS` or `SQL_SUCCESS_WITH_INFO`,
the `StrLen_or_IndPtr` output argument is not guaranteed to be properly
set. Thus we handle retrieval failure other than `SQL_ERROR` by
yielding `false` for those column values and raising a warning.
Closes GH-6281.
|
| |
| |
| |
| | |
Using a cloned finfo object will crash.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit bf6873a18e3b6b00f82a645c0893a281ae8eadb8.
CVE-2020-26159 is bogus; the "bug" was apparently a false positive
reported by Coverity, and the "fix" apparently wrong, see
<https://github.com/kkos/oniguruma/issues/221>.
Closes GH-6357.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
libxml2 has no particular issues parsing HTML strings with NUL bytes;
these just cause truncation of the current text content, but parsing
continues generally. Since `::loadHTMLFile()` already supports NUL
bytes, `::loadHTML()` should as well.
Note that this is different from XML, which does not allow any NUL
bytes.
Closes GH-6368.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
We have to make sure that the variant is of type `VT_DISPATCH` before
we access it as such.
Closes GH-6372.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A recent bug fix regarding symlinks claimed:
> After resolving reparse points, the path still may be a reparse
> point; in that case we have to resolve that reparse point as well.
While that is basically correct, some reparse points may point to
inaccessible system folders (e.g. `IO_REPARSE_TAG_DEDUP` points to
"\System Volume Information"). Since we don't know details about
arbitrary reparse points, and are mainly interested in nested symlinks,
we take a step back, and only resolve `IO_REPARSE_TAG_SYMLINK` for now.
Close GH-6354.
|
| |
| |
| |
| |
| |
| |
| |
| | |
`ADD_EXTENSION_DEP()` relies on the `PHP_<extname>` config variables to
be set to `"yes"`, and since the standard and date extension are always
enabled, we define the respective variables uncoditionally.
Closes GH-6383.
|
| |
| |
| |
| | |
Apply patch which was attached to the bug in July 2018
|
| |
| |
| |
| |
| |
| | |
"Uninitialized" here means that the object was created ordinarily
-- no constructor skipping involved. Most tidy methods seem to
handle this fine, but these three need to be guarded.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
libc-client expects `TYPEMESSAGE` with an explicit subtype of `RFC822`
to have a `nested.msg` (otherwise there will be a segfault during
free), but not to have any `contents.text.data` (this will leak
otherwise).
Closes GH-6345.
|
| |
| |
| |
| |
| |
| |
| |
| | |
In libc-client 2007f `data` is declared as `unsigned char *`; there may
be variants which declare it as `void *`, but in any case picky
compilers may warn about a pointer type mismatch in the conditional
(and error with `-W-error`), so we're adding a `char *` cast for good
measure.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The original fix for that bug[1] broke the formerly working composition
of message/rfc822 messages, which results in a segfault when freeing
the message body now. While `imap_mail_compose()` does not really
support composition of meaningful message/rfc822 messages (although
libc-client appears to support that), some code may still use this to
compose partial messages, and using string manipulation to create the
final message.
The point is that libc-client expects `TYPEMESSAGE` with an explicit
subtype of `RFC822` to have a `nested.msg` (otherwise there will be a
segfault during free), but not to have any `contents.text.data` (this
will leak otherwise).
[1] <http://git.php.net/?p=php-src.git;a=commit;h=0d022ddf03c5fabaaa22e486d1e4a367ed9170a7>
Closes GH-6343.
|
| | |
|
| |
| |
| |
| | |
No idea why that `git am` failed that badly.
|
| |
| |
| |
| | |
We have to free the address when we're finished with it.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If unsupported `$search_criteria` are passed to `imap_sort()`, the
function returns an empty array, but there is also an error on the
libc-client error stack ("Unknown search criterion: UNSUPPORTED
(errflg=2)"). If, on the other hand, unsupported `$criteria` or
unsupported `$flags` are passed, the function returns `false`. We
solve this inconsistency by returning `false` for unsupported
`$search_criteria` as well.
Closes GH-6332.
|
| | |
|
| |
| |
| |
| |
| |
| | |
We need to free what we have allocated.
Closes GH-6327.
|
| |
| |
| |
| |
| |
| |
| | |
We need to check whether the given `type`s and `encoding`s are within
bounds to avoid segfaults and out-of-bound reads.
Closes GH-6323.
|
| |
| |
| |
| |
| |
| | |
We have to clean up even on failure.
Closes GH-6322.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Unless `topbod` is of `TYPEMULTIPART`, `mail_free_body()` does not free
the `nested.part`; while we could do this ourselves, instead we just
ignore additional bodies in this case, i.e. we don't attach them in the
first place.
Closes GH-6321.
|
| |
| |
| |
| |
| |
| |
| | |
While the zvals may be different, they may still point to the
same array.
Fixes oss-fuzz #26245.
|
| |
| |
| |
| |
| |
| |
| |
| | |
If the RHS has INDIRECT elements, we do not those to be added to
the LHS verbatim. As we're using UPDATE_INDIRECT, we might even
create a nested INDIRECT that way.
This is a side-quest of oss-fuzz #26245.
|
| | |
|