| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
|
| | |
| |
| |
| | |
Closes GH-6636.
|
| | |
| |
| |
| | |
As pointed out on GH-6456.
|
| | |
| |
| |
| |
| |
| | |
Move the load_wsdl_ex call into the zend_try that destroys the
docs hash table. The wsdl will be inserted into docs early on,
and will thus be released on subsequent bailout.
|
| |\ \
| |/
| |
| |
| | |
* PHP-7.3:
Revert "Updated to version 2021.1 (2021a)"
|
| | |
| |
| |
| |
| | |
This reverts commit 491488d21707062fa8e9b9187db3585fb0d347da, since
PHP-7.3 is in security mode, and this does not look security related.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We remove the arbitrary restriction to `INT_MAX`; it is superfluous on
32bit systems where `ZEND_LONG_MAX == INT_MAX` anyway, and not useful
on 64bit systems, where larger files should be readable, if the
`memory_limit` is large enough.
Closes GH-6648.
|
| | |
| |
| |
| | |
Now requires PHP 7.4, so use php7.4 to run composer everywhere.
|
| | | |
|
| |\ \
| |/
| |
| |
| | |
* PHP-7.3:
Fix bug #80672 - Null Dereference in SoapClient
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| |/
| |
| |
| | |
* PHP-7.3:
Rm unneeded function
|
| | | |
|
| |\ \
| |/
| |
| |
| | |
* PHP-7.3:
Alternative fix for bug 77423
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.
[1] <https://github.com/php/php-src/commit/5174de7cd33c3d4fa591c9c93859ff9989b07e8c#commitcomment-45967652>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The default encoding of filenames in a ZIP archive is IBM Code Page
437. Phar, however, only supports UTF-8 filenames. Therefore we have
to mark filenames as being stored in UTF-8 by setting the general
purpose bit 11 (the language encoding flag).
The effect of not setting this bit for non ASCII filenames can be seen
in popular tools like 7-Zip and UnZip, but not when extracting the
archives via ext/phar (which is agnostic to the filename encoding), or
via ext/zip (which guesses the encoding). Thus we add a somewhat
brittle low-level test case.
Closes GH-6630.
|
| | |
| |
| |
| | |
That appears to have been forgotten for a while.
|
| | |
| |
| |
| |
| |
| | |
We add the failure reason to the error message.
Closes GH-6638.
|
| | | |
|
| |\ \
| |/ |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Instead of checking for actually affected libzip versions, we now always
`ZIP_TRUNCATE` empty files unless `ZIP_RDONLY` is set.
Closes GH-6625.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Check open_basedir after the fallback to the system's temporary
directory in tempnam().
In order to preserve the current behavior of upload_tmp_dir
(do not check explicitly specified dir, but check fallback),
new flags are added to check open_basedir for explicit dir
and for fallback.
Closes GH-6526.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When extracting compressed files from an uncompressed Phar, we must not
use the direct file pointer, but rather get an uncompressed file
pointer.
We also add a test to show that deflated and stored entries are
properly extracted.
This also fixes #79912, which appears to be a duplicate of #69279.
Co-authored-by: Anna Filina <afilina@gmail.com>
Closes GH-6599.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is mainly to work around https://github.com/curl/curl/issues/6455,
but not building the mime structure for empty hashtables is a general
performance optimization, so we do not restrict it to affected cURL
versions (7.56.0 to 7.75.0).
The minor change to bug79033.phpt is unexpected, but should not matter
in practice.
Closes GH-6606.
|
| | |
| |
| |
| |
| | |
This reverts commit 5e15c9c41f8318a8392c2e2c78544f218736549c, since
re2c default rules are only available as of re2c 0.13.7.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The internal function `_readline_command_generator()` modifies the
internal array pointer of `readline_completion_function()`'s return
value. We therefore separate the array, what also avoids failing
assertions regarding the array refcount.
Closes GH-6582.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We must not assume that the first end of central dir signature in a ZIP
archive actually designates the end of central directory record, since
the data in the archive may contain arbitrary byte patterns. Thus, we
better search from the end of the data, what is also slightly more
efficient.
There is, however, no way to detect the end of central directory
signature by searching from the end of the ZIP archive with absolute
certainty, since the signature could be part of the trailing comment.
To mitigate, we check that the comment length fits to the found
position, but that might still not be the correct position in rare
cases.
Closes GH-6507.
|
| | |
| |
| |
| | |
Closes GH-6574.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
I noticed this problem while dumping the contents of EG(function_table),
where keys for closures start with a null byte. printf interprets this
as a zero-length string and emits nothing. This allows the key to be
rendered properly in readable form.
Closes GH-6577.
|
| | |
| |
| |
| |
| | |
This was already done for PHP-8.0 and master, do it for PHP-7.4
as well.
|
| | | |
|
| |\ \
| |/
| |
| |
| | |
* PHP-7.3:
[ci skip] Fix order
|
| | | |
|
| |\ \
| |/
| |
| |
| | |
* PHP-7.3:
[ci skip] Unpdate NEWS
|
| | | |
|
| |\ \
| |/
| |
| |
| | |
* PHP-7.3:
Fix #77423: parse_url() will deliver a wrong host to user
|
| | |\
| | |
| | |
| | |
| | | |
* PHP-7.2:
Fix #77423: parse_url() will deliver a wrong host to user
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.
For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.
|
| | | |
| | |
| | |
| | | |
Closes GH-6541.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In the case of a stream with no filters, php_stream_fill_read_buffer
only reads stream->chunk_size into the read buffer. If the stream has
filters attached, it could unnecessarily buffer a large amount of data.
With this change, php_stream_fill_read_buffer only proceeds until either
the requested size or stream->chunk_size is available in the read buffer.
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
Closes GH-6444.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes two related issues:
1. When a PS with cursor is used in store_result/get_result,
perform a COM_FETCH with maximum number of rows rather than
silently switching to an unbuffered result set (in the case of
store_result) or erroring (in the case of get_result).
In the future, we might want to make get_result unbuffered for
PS with cursors, as using cursors with buffered result sets
doesn't really make sense. Unlike store_result, get_result
isn't very explicit about what kind of result set is desired.
2. If the client did not request a cursor, but the server reports
that a cursor exists, ignore this and treat the PS as if it
has no cursor (i.e. to not use COM_FETCH). It appears to be a
server side bug that a cursor used inside an SP will be reported
to the client, even though the client cannot use the cursor.
Fixes bug #64638, bug #72862, bug #77935.
Closes GH-6518.
|
| | | |
| | |
| | |
| | |
| | | |
We need to check the BIT case first, otherwise it will get skipped
in INT_AND_FLOAT_NATIVE mode.
|
