summaryrefslogtreecommitdiff
path: root/ext
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'PHP-7.2' into PHP-7.3Stanislav Malyshev2020-01-216-5/+115
| | | | | | | | | | * PHP-7.2: Update NEWS Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`) Fix #79099: OOB read in php_strip_tags_ex Fix #79091: heap use-after-free in session_create_id() (cherry picked from commit 25ec7eb3463f34a2be666c6785d1c6b3cc89575e)
* Revert "Extend CURLFile to support streams"Christoph M. Becker2020-01-065-146/+1
| | | | | | This reverts commit 17a9f1401aeb35fe1e3657b38102a410d151d42f, because this commit would break ABI, and also due to bug #79013. We keep the commit for PHP 7.4+, though.
* Fix #54298: Using empty additional_headers adding extraneous CRLFChristoph M. Becker2020-01-062-1/+25
| | | | | If the header string is empty, we pass `NULL` to `php_mail()` to avoid further checks on the string length.
* Fix #79068: gdTransformAffineCopy() changes interpolation methodChristoph M. Becker2020-01-063-1/+22
| | | | | We port <https://github.com/libgd/libgd/commit/9088591eae437358ee5b929adf82865e37e3001e>.
* Fix #79067: gdTransformAffineCopy() may use unitialized valuesChristoph M. Becker2020-01-063-3/+20
| | | | | We port <https://github.com/libgd/libgd/commit/7a06c1669c563917bc48c464521e3de962ddb4e8>.
* Fix #78808: [LMDB] MDB_MAP_FULL: Environment mapsize limit reachedChristoph M. Becker2020-01-032-0/+41
| | | | | | | We implement support for a fifth parameter, which allows to specify the mapsize. The parameter defaults to zero, in which case the compiled in default mapsize (usually 1048576) will be used. The mapsize should be a multiple of the page size of the OS.
* Fix #79015: undefined-behavior in php_date.cChristoph M. Becker2020-01-032-5/+49
| | | | | | We check that the given microsecond fraction is in the valid range [0, 1000000[, and otherwise mark it as invalid. We also drop the useless do loop; a plain block is sufficient here.
* Fix #79040: Warning Opcode handlers are unusable due to ASLRChristoph M. Becker2019-12-301-4/+5
| | | | | | | We must not use the same shared memory OPcache instance for different SAPIs, since their memory layout is different. To avoid this, we add the SAPI name (truncated to at most 20 characters) to the names of the memory base file, the mutex and the file mapping.
* Add missing skipif clauseChristoph M. Becker2019-12-281-0/+1
|
* Fix #79033: Curl timeout error with specific url and postChristoph M. Becker2019-12-282-4/+35
| | | | | | We must not set an empty mime structure as `CURLOPT_MIMEPOST`; instead we set it to `NULL` if `CURLOPT_POSTFIELDS` has been set to an empty array.
* Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter).Xinchen Hui2019-12-253-7/+47
| | | | | | | | We backport the fix PHP 7.3, since this branch is affected as well. (cherry picked from commit b5e004379647bd1ebb75eb2eac8826fb6abdd3d8) (cherry picked from commit e36daa6927c05d2e687bb77495ef206cde118b33) (cherry picked from commit 2704ee6844c03348de9d15e74646d09007ef0f7c)
* Fix #78982: pdo_pgsql returns dead persistent connectionSATO Kentaro2019-12-201-1/+1
| | | | Call PQconsumeInput() before PQstatus() to update the status.
* Fix #78980: pgsqlGetNotify() overlooks dead connectionSATO Kentaro2019-12-201-2/+10
| | | | pgsqlGetNotify() didn't check result of PQconsumeInput().
* Fix #74170: locale information change after mime_content_typeSergei Turchanov2019-12-204-16/+43
| | | | | | | | | | | | | | Some functions in libmagic (distributed with fileinfo extension) perform this sequence of calls: func() { setlocale(LC_TYPE, "C") .. do some work .. setlocale(LC_TYPE, "") } It effectively resets LC_TYPE if it that was set before the function call. To avoid manipulations with current locale at all, the problematic functions were modified to use locale-independent functions.
* Fix #78402: pcntl_signal() misleading error messageSATO Kentaro2019-12-202-3/+6
| | | | | An error message can be misleading when a handler passed to pcntl_signal() is not callable.
* Fix #78983: pdo_pgsql config.w32 cannot find libpq-fe.hSATO Kentaro2019-12-191-1/+1
| | | | When configured with a path specified.
* Add destructor annotations in ini parserNikita Popov2019-12-191-0/+10
| | | | | It would be better to switch this to use %union and %type annotations, but not going to do that change for 7.3.
* Fix testStanislav Malyshev2019-12-161-1/+0
|
* Merge branch 'PHP-7.2' into PHP-7.3Stanislav Malyshev2019-12-163-3/+16
|\ | | | | | | | | | | * PHP-7.2: Fix test Fix bug #78793
| * Fix testStanislav Malyshev2019-12-161-1/+1
| |
| * Fix bug #78793Stanislav Malyshev2019-12-162-2/+15
| |
* | Fix build - no model field anymoreStanislav Malyshev2019-12-161-2/+0
| |
* | Merge branch 'PHP-7.2' into PHP-7.3Stanislav Malyshev2019-12-169-7/+88
|\ \ | |/ | | | | | | | | | | | | | | * PHP-7.2: Fixed bug #78910 Fix #78878: Buffer underflow in bc_shift_addsub Fix test Fix #78862: link() silently truncates after a null byte on Windows Fix #78863: DirectoryIterator class silently truncates after a null byte
| * Fixed bug #78910Stanislav Malyshev2019-12-162-1/+19
| |
| * Fix #78878: Buffer underflow in bc_shift_addsubChristoph M. Becker2019-12-162-2/+15
| | | | | | | | | | We must not rely on `isdigit()` to detect digits, since we only support decimal ASCII digits in the following processing.
| * Fix testStanislav Malyshev2019-12-161-1/+1
| |
| * Fix #78862: link() silently truncates after a null byte on WindowsChristoph M. Becker2019-12-162-1/+18
| | | | | | | | | | Since link() is supposed to accepts paths (i.e. strings without NUL bytes), we must not accept arbitrary strings.
| * Fix #78863: DirectoryIterator class silently truncates after a null byteChristoph M. Becker2019-12-162-2/+33
| | | | | | | | | | | | Since the constructor of DirectoryIterator and friends is supposed to accepts paths (i.e. strings without NUL bytes), we must not accept arbitrary strings.
* | Fix DCE with FE_FETCHNikita Popov2019-12-102-2/+25
| | | | | | | | For now, don't treat FE_FETCH op2 as no-val use. See GH-4982.
* | Extend CURLFile to support streamsChristoph M. Becker2019-12-095-1/+146
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to former restrictions of the libcurl API, curl multipart/formdata file uploads supported only proper files. However, as of curl 7.56.0 the new `curl_mime_*()` API is available (and already supported by PHP[1]), which allows us to support arbitrary *seekable* streams, which is generally desirable, and particularly resolves issues with the transparent Unicode and long part support on Windows (see bug #77711). Note that older curl versions are still supported, but CURLFile is still restricted to proper files in this case. [1] <http://git.php.net/?p=php-src.git;a=commit;h=a83b68ba56714bfa06737a61af795460caa4a105> (cherry picked from commit c68dc6b5e37e74d89e0a387079139c054c8faa81)
* | Use curl_mime_*() functions if availableChristoph M. Becker2019-12-091-1/+50
| | | | | | | | | | | | | | As of curl 7.56.0, `curl_formadd()` is deprecated in favor of `curl_mime_*()`, so we use the latter if available. (cherry picked from commit a83b68ba56714bfa06737a61af795460caa4a105)
* | Fix #78923: Artifacts when convoluting image with transparencywillson-chen2019-12-073-3/+2
| | | | | | | | | | | | We have to properly initialize `pxl` before using it. Fix ported from <https://github.com/libgd/libgd/pull/559>.
* | Fix print_r return types in opcacheTyson Andre2019-12-041-1/+1
| | | | | | | | | | | | | | https://www.php.net/print_r > When the return parameter is TRUE, this function will return a string. > Otherwise, the return value is TRUE.
* | Merge branch 'PHP-7.2' into PHP-7.3Christoph M. Becker2019-12-022-1/+9
|\ \ | |/ | | | | | | * PHP-7.2: Fix #78814: strip_tags allows / in tag name => whitelist bypass
| * Fix #78814: strip_tags allows / in tag name => whitelist bypassChristoph M. Becker2019-12-022-1/+9
| | | | | | | | | | | | | | When normalizing tags to check whether they are contained in the set of allowable tags, we must not strip slashes, unless they come immediately after the opening `<`, or immediately before the closing `>`.
* | Fix #78296: is_file fails to detect fileChristoph M. Becker2019-12-021-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | If we're constructing extended-length paths (i.e. paths prefixed with `\\?\`), we have to replace all forward slashes with backward slashes, because the former are not supported by Windows for extended-length paths. The more efficient and likely cleaner alternative solution would be to cater to this in `php_win32_ioutil_normalize_path_w()` by always replacing forward slashes, but that might break existing code. It might be sensible to change that for `master`, though.
* | Merge branch 'PHP-7.2' into PHP-7.3Christoph M. Becker2019-12-022-1/+13
|\ \ | |/ | | | | | | * PHP-7.2: Fix #78833: Integer overflow in pack causes out-of-bound access
| * Fix #78833: Integer overflow in pack causes out-of-bound accessChristoph M. Becker2019-12-022-1/+13
| | | | | | | | | | We check for potential signed integer overflow, and bail out gracefully, in that case.
* | Upgrade to Oniguruma 6.9.4Christoph M. Becker2019-11-3073-2923/+3688
| | | | | | | | Oniguruma 6.9.4 fixes several CVEs.
* | Add missing skip checksChristoph M. Becker2019-11-291-1/+5
| |
* | Partially revert "Adapt test cases for Oniguruma 6.9.4"Christoph M. Becker2019-11-292-33/+0
| | | | | | | | | | | | | | This partially reverts commit c55d09c2f547634b577aa5aeaa1438d772bc29d1, because `MB_ONIGURUMA_VERSION` is only available as of PHP 7.4.0, so that change made no sense for PHP-7.3; we keep it for PHP-7.4, though. We also stick with the modification to bug78633.phpt.
* | Adapt test cases for Oniguruma 6.9.4Christoph M. Becker2019-11-293-2/+40
| | | | | | | | | | | | Apparently, bug 78633 has now really been fixed; the former fix only catered to the buffer overflow, but yielded a wrong result. Also, the order of the named captures has been fixed.
* | Fix #78840: imploding $GLOBALS crashesChristoph M. Becker2019-11-272-2/+12
| | | | | | | | We add support for IS_INDIRECT zvals to implode().
* | Fix #77638: var_export'ing certain class instances segfaultsChristoph M. Becker2019-11-252-2/+15
| | | | | | | | | | | | If objects return immutable property hash tables (typically, `zend_empty_array`), we must not try to apply recursion protection on those.
* | Fix #78853: preg_match() may return integer > 1Christoph M. Becker2019-11-222-1/+13
| | | | | | | | | | | | | | Commit 54ebebd[1] optimized the match loop, but for this case it has been overlooked, that we must only loop if we're doing global matching. [1] <http://git.php.net/?p=php-src.git;a=commit;h=54ebebd686255c5f124af718c966edb392782d4a>
* | Merge branch 'PHP-7.2' into PHP-7.3Christoph M. Becker2019-11-211-1/+1
|\ \ | |/ | | | | | | * PHP-7.2: Fix #78849: GD build broken with -D SIGNED_COMPARE_SLOW
| * Fix #78849: GD build broken with -D SIGNED_COMPARE_SLOWChristoph M. Becker2019-11-211-1/+1
| | | | | | | | | | | | Apparently, this has not been tested for a long time, and might be a refactoring relict. Anyhow, we have to pass the context to `GIFNextPixel` as well.
* | Merge branch 'PHP-7.2' into PHP-7.3Dmitry Stogov2019-11-181-0/+34
|\ \ | |/ | | | | | | * PHP-7.2: Fix $x = (bool)$x; for undefined with opcache
| * Fix $x = (bool)$x; for undefined with opcacheTyson Andre2019-11-181-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | And `$x = !$x` Noticed while working on GH-4912 The included test would not emit undefined variable errors in php 8.0 with opcache enabled. The command used: ``` php -d zend_extension=opcache.so --no-php-ini -d error_reporting=E_ALL \ -d opcache.file_cache= -d opcache.enable_cli=1 test.php ```
* | Fix ASLR related invalid opline handler issuesChristoph M. Becker2019-11-151-7/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Opcache stores `opline->handler`s in shared memory. These pointers are invalid, if the main PHP DLL is loaded at another base address due to ASLR. We therefore store the address of `execute_ex` in the mmap base file, and check on startup whether it matches its current address. If not, we fall back on the file cache if enabled, and bail out otherwise. This still does not address cases where the opline handler is located inside of another DLL (e.g. for some profilers, debuggers), but there seems to be no general solution for now. (cherry picked from commit 8ba10b8fbc020dc225d3b19d8f088f1351a3e304)
View Lorry Controller Status