From 1af1afdfdc2e3c2beade0f6c62d07a73ecb44f90 Mon Sep 17 00:00:00 2001
From: Rasmus Lerdorf <rasmus@php.net>
Date: Fri, 10 Jul 2015 15:17:06 -0700
Subject: DOMDocument::saveXML has a 2nd optional arg

---
 ext/dom/document.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'ext/dom/document.c')

diff --git a/ext/dom/document.c b/ext/dom/document.c
index 0ab0e498c8..001b477354 100644
--- a/ext/dom/document.c
+++ b/ext/dom/document.c
@@ -133,6 +133,7 @@ ZEND_END_ARG_INFO();
 
 ZEND_BEGIN_ARG_INFO_EX(arginfo_dom_document_savexml, 0, 0, 0)
 	ZEND_ARG_OBJ_INFO(0, node, DOMNode, 1)
+	ZEND_ARG_INFO(0, options)
 ZEND_END_ARG_INFO();
 
 ZEND_BEGIN_ARG_INFO_EX(arginfo_dom_document_construct, 0, 0, 0)
-- 
cgit v1.2.1


From 545b364d560b9550f853bd8dd5ab1641225a03c2 Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Sun, 2 Aug 2015 13:42:01 +0200
Subject: remove TSRMLS_*

either remains or merged in from PHP5
---
 ext/dom/document.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ext/dom/document.c')

diff --git a/ext/dom/document.c b/ext/dom/document.c
index 001b477354..2fde4dc39a 100644
--- a/ext/dom/document.c
+++ b/ext/dom/document.c
@@ -1811,7 +1811,7 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type
 			php_error_docref(NULL, E_WARNING, "Invalid Schema file source");
 			RETURN_FALSE;
 		}
-		valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN  TSRMLS_CC);
+		valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN );
 		if (!valid_file) {
 			php_error_docref(NULL, E_WARNING, "Invalid Schema file source");
 			RETURN_FALSE;
@@ -1911,7 +1911,7 @@ static void _dom_document_relaxNG_validate(INTERNAL_FUNCTION_PARAMETERS, int typ
 			php_error_docref(NULL, E_WARNING, "Invalid RelaxNG file source");
 			RETURN_FALSE;
 		}
-		valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN  TSRMLS_CC);
+		valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN );
 		if (!valid_file) {
 			php_error_docref(NULL, E_WARNING, "Invalid RelaxNG file source");
 			RETURN_FALSE;
-- 
cgit v1.2.1


From ed3c7adc5f28485f0ca3d82a4a30db937dc81647 Mon Sep 17 00:00:00 2001
From: Dmitry Patsura <zaets28rus@gmail.com>
Date: Mon, 3 Aug 2015 18:38:41 +0800
Subject: Remove unneded space(s)

---
 ext/dom/document.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ext/dom/document.c')

diff --git a/ext/dom/document.c b/ext/dom/document.c
index 2fde4dc39a..64d3ca4ad6 100644
--- a/ext/dom/document.c
+++ b/ext/dom/document.c
@@ -1811,7 +1811,7 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type
 			php_error_docref(NULL, E_WARNING, "Invalid Schema file source");
 			RETURN_FALSE;
 		}
-		valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN );
+		valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN);
 		if (!valid_file) {
 			php_error_docref(NULL, E_WARNING, "Invalid Schema file source");
 			RETURN_FALSE;
@@ -1911,7 +1911,7 @@ static void _dom_document_relaxNG_validate(INTERNAL_FUNCTION_PARAMETERS, int typ
 			php_error_docref(NULL, E_WARNING, "Invalid RelaxNG file source");
 			RETURN_FALSE;
 		}
-		valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN );
+		valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN);
 		if (!valid_file) {
 			php_error_docref(NULL, E_WARNING, "Invalid RelaxNG file source");
 			RETURN_FALSE;
-- 
cgit v1.2.1


From 201afce875b90d3675ff2eedc8b8d74f1e62b2d1 Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Tue, 25 Aug 2015 17:54:27 +0200
Subject: add some range checks to ext/dom

---
 ext/dom/document.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

(limited to 'ext/dom/document.c')

diff --git a/ext/dom/document.c b/ext/dom/document.c
index 64d3ca4ad6..6db61a3794 100644
--- a/ext/dom/document.c
+++ b/ext/dom/document.c
@@ -1493,6 +1493,14 @@ static void dom_parse_document(INTERNAL_FUNCTION_PARAMETERS, int mode) {
 		php_error_docref(NULL, E_WARNING, "Empty string supplied as input");
 		RETURN_FALSE;
 	}
+	if (ZEND_SIZE_T_INT_OVFL(source_len)) {
+		php_error_docref(NULL, E_WARNING, "Input string is too long");
+		RETURN_FALSE;
+	}
+	if (ZEND_LONG_EXCEEDS_INT(options)) {
+		php_error_docref(NULL, E_WARNING, "Invalid options");
+		RETURN_FALSE;
+	}
 
 	newdoc = dom_document_parser(id, mode, source, source_len, options);
 
@@ -2001,6 +2009,11 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */
 		RETURN_FALSE;
 	}
 
+	if (ZEND_LONG_EXCEEDS_INT(options)) {
+		php_error_docref(NULL, E_WARNING, "Invalid options");
+		RETURN_FALSE;
+	}
+
 	if (mode == DOM_LOAD_FILE) {
 		if (CHECK_NULL_PATH(source, source_len)) {
 			php_error_docref(NULL, E_WARNING, "Invalid file source");
@@ -2009,7 +2022,11 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */
 		ctxt = htmlCreateFileParserCtxt(source, NULL);
 	} else {
 		source_len = xmlStrlen((xmlChar *) source);
-		ctxt = htmlCreateMemoryParserCtxt(source, source_len);
+		if (ZEND_SIZE_T_INT_OVFL(source_len)) {
+			php_error_docref(NULL, E_WARNING, "Input string is too long");
+			RETURN_FALSE;
+		}
+		ctxt = htmlCreateMemoryParserCtxt(source, (int)source_len);
 	}
 
 	if (!ctxt) {
@@ -2017,7 +2034,7 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */
 	}
 
 	if (options) {
-		htmlCtxtUseOptions(ctxt, options);
+		htmlCtxtUseOptions(ctxt, (int)options);
 	}
 
 	ctxt->vctxt.error = php_libxml_ctx_error;
-- 
cgit v1.2.1


From 5d035b57ee68a5b3305b51ff9e6329411b3e5774 Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Sat, 12 Sep 2015 18:53:30 +0200
Subject: fix data types

---
 ext/dom/document.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'ext/dom/document.c')

diff --git a/ext/dom/document.c b/ext/dom/document.c
index 6db61a3794..5526e30f66 100644
--- a/ext/dom/document.c
+++ b/ext/dom/document.c
@@ -382,7 +382,7 @@ int dom_document_standalone_read(dom_object *obj, zval *retval)
 int dom_document_standalone_write(dom_object *obj, zval *newval)
 {
 	xmlDoc *docp = (xmlDocPtr) dom_object_get_node(obj);
-	int standalone;
+	zend_long standalone;
 
 	if (docp == NULL) {
 		php_dom_throw_error(INVALID_STATE_ERR, 0);
@@ -978,9 +978,9 @@ PHP_FUNCTION(dom_document_import_node)
 	xmlNodePtr nodep, retnodep;
 	dom_object *intern, *nodeobj;
 	int ret;
-	zend_long recursive = 0;
+	zend_bool recursive = 0;
 
-	if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "OO|l", &id, dom_document_class_entry, &node, dom_node_class_entry, &recursive) == FAILURE) {
+	if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "OO|b", &id, dom_document_class_entry, &node, dom_node_class_entry, &recursive) == FAILURE) {
 		return;
 	}
 
-- 
cgit v1.2.1


From 969dcf7b61b1570a8dec1c41e9b967643bb19085 Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Sat, 12 Sep 2015 18:57:23 +0200
Subject: add overflow check

---
 ext/dom/document.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'ext/dom/document.c')

diff --git a/ext/dom/document.c b/ext/dom/document.c
index 5526e30f66..443fe4850d 100644
--- a/ext/dom/document.c
+++ b/ext/dom/document.c
@@ -1728,9 +1728,14 @@ PHP_FUNCTION(dom_document_xinclude)
 		return;
 	}
 
+	if (ZEND_LONG_EXCEEDS_INT(flags)) {
+		php_error_docref(NULL, E_WARNING, "Invalid flags");
+		RETURN_FALSE;
+	}
+
 	DOM_GET_OBJ(docp, id, xmlDocPtr, intern);
 
-	err = xmlXIncludeProcessFlags(docp, flags);
+	err = xmlXIncludeProcessFlags(docp, (int)flags);
 
 	/* XML_XINCLUDE_START and XML_XINCLUDE_END nodes need to be removed as these
 	are added via xmlXIncludeProcess to mark beginning and ending of xincluded document
-- 
cgit v1.2.1


From 49493a2dcfb2cd1758b69b13d9006ead3be0e066 Mon Sep 17 00:00:00 2001
From: Lior Kaplan <kaplanlior@gmail.com>
Date: Fri, 1 Jan 2016 19:19:27 +0200
Subject: Happy new year (Update copyright to 2016)

---
 ext/dom/document.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ext/dom/document.c')

diff --git a/ext/dom/document.c b/ext/dom/document.c
index 1bf4c541dd..d33aaf160e 100644
--- a/ext/dom/document.c
+++ b/ext/dom/document.c
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2015 The PHP Group                                |
+   | Copyright (c) 1997-2016 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
-- 
cgit v1.2.1