| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.
[1] <https://github.com/php/php-src/commit/5174de7cd33c3d4fa591c9c93859ff9989b07e8c#commitcomment-45967652>
|
| |
|
|
|
|
|
| |
This aligns with the PHP-7.4 and PHP-7.3 branches, and should
fix the `sgolemon/php-release` script run for releasing 8.0.2.
|
|\ |
|
| | |
|
| | |
|
| |
| |
| |
| | |
Use %e instead of a hardcoded forward slash.
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-7.4:
Fixed bug #42560
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Check open_basedir after the fallback to the system's temporary
directory in tempnam().
In order to preserve the current behavior of upload_tmp_dir
(do not check explicitly specified dir, but check fallback),
new flags are added to check open_basedir for explicit dir
and for fallback.
Closes GH-6526.
|
| |
| |
| |
| |
| |
| |
| | |
See the description of <https://www.php.net/ldap-search>, and also the
implementation.
Closes GH-6620.
|
|\ \
| |/
| |
| |
| | |
* PHP-7.4:
Fix #69279: Compressed ZIP Phar extractTo() creates garbage files
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When extracting compressed files from an uncompressed Phar, we must not
use the direct file pointer, but rather get an uncompressed file
pointer.
We also add a test to show that deflated and stored entries are
properly extracted.
This also fixes #79912, which appears to be a duplicate of #69279.
Co-authored-by: Anna Filina <afilina@gmail.com>
Closes GH-6599.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When one thread tries to compile a script, another thread may
already be executing JITed code. In this case we can't make the
memory non-executable.
This violates the W^X principle, but doesn't seem to be avoidable
for ZTS builds for now. The same problem does not exist for NTS,
as it's a different process executing there, which has it's own
memory protection mapping.
Closes GH-6595.
|
| |
| |
| |
| |
| | |
Even if the return value is not used, it should still be available
to the observer.
|
| |
| |
| |
| |
| |
| | |
Opcache inlines functions that only return a constant. Disable
optimizations to prevent differences in tests where such functions
are used (or rewrite the test to not depend on it).
|
| |
| |
| |
| |
| | |
spl_filesystem_file_read() is called with silent=0, so it will
throw on failure.
|
| | |
|
| |
| |
| |
| |
| | |
In this case, it's only a matter of using the same type order
in both cases.
|
| |
| |
| |
| |
| |
| | |
Remove the explicit mention of IntlGregorianCalendar in the latter.
It is a subclass of IntlCalendar, and as such covered if only
IntlCalendar is used as the return type.
|
| |
| |
| |
| | |
This function/method cannot return false.
|
| |
| |
| |
| | |
The name should be the same as for Phar::getMetadata().
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes multiple issues:
* The first parameter may be resource|string.
* It's an overloaded signature. The second parameter cannot be
passed if the first one is a string. Use UNKNOWN default
value for that reason.
* Make parameter names in PharData::setStub() match those in
Phar.
Closes GH-6596.
|
|\ \
| |/
| |
| |
| | |
* PHP-7.4:
Fix #80595: Resetting POSTFIELDS to empty array breaks request
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is mainly to work around https://github.com/curl/curl/issues/6455,
but not building the mime structure for empty hashtables is a general
performance optimization, so we do not restrict it to affected cURL
versions (7.56.0 to 7.75.0).
The minor change to bug79033.phpt is unexpected, but should not matter
in practice.
Closes GH-6606.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Cut off part after null byte when resolving the class name, to
avoid cutting off a larger part lateron.
Closes GH-6601.
|
| | |
|
| |
| |
| |
| | |
Closes GH-6592.
|
| |
| |
| |
| |
| |
| |
| | |
macOS uses an AES based arc4random_buf implementation since at least
macOS 10.2.
Closes GH-6591.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This closes the last hole in the supported types for internal
function arginfo types. It's now possible to represent unions of
multiple classes. This is done by storing them as TypeA|TypeB and
PHP will then convert this into an appropriate union type list.
Closes GH-6581.
|
| |
| |
| |
| | |
Avoid parallelism issues.
|
| |
| |
| |
| |
| |
| |
| |
| | |
This converts the remaining "non well-formed" warnings in bcmath
to ValueErrors, in line with the other warning promotions that
have been performed in this extension.
Closes GH-80545.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CentOS 7 ships with re2c 0.13.5 by default, so we should not have
bumped the required re2c version to 0.13.7. However, 0.13.5 does not
support default rules, so we cannot use them to fix bug 76813.
This reverts commit 420184ad529443182c9a348a55b1c9216005c613 and
5e15c9c41f8318a8392c2e2c78544f218736549c.
Closes GH-6593.
|
|\ \
| |/
| |
| |
| | |
* PHP-7.4:
Revert "Fix #76813: Access violation near NULL on source operand"
|
| |
| |
| |
| |
| | |
This reverts commit 5e15c9c41f8318a8392c2e2c78544f218736549c, since
re2c default rules are only available as of re2c 0.13.7.
|
| |
| |
| |
| | |
during recording
|
| |
| |
| |
| | |
All other functions use ``zip_entry``
|
|\ \
| |/
| |
| |
| | |
* PHP-7.4:
Avoid modifying the return value of readline_completion_function()
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The internal function `_readline_command_generator()` modifies the
internal array pointer of `readline_completion_function()`'s return
value. We therefore separate the array, what also avoids failing
assertions regarding the array refcount.
Closes GH-6582.
|
| |
| |
| |
| | |
Clsoses GH-6580.
|
| |
| |
| |
| |
| |
| | |
We must not release the strings until we are done with them.
Closes GH-6579.
|