This reverts commit 23bd7bcde0.
Looks like this change is unstable. If same CSP is use but multiple processers,
the initialization failures are possible. Thus, CryptAcquireContext in
every process, even if it won't be used at all, is not sensible. This
might actually motivate to look for better CSP APIs.
Merge branch 'master' of github.com:commercebyte/php-src
* 'master' of github.com:commercebyte/php-src:
Added EG(flags) - executor global flags EG_FLAGS_IN_SHUTDOWN - is set when PHP is in shutdown state
newly added zend_object_store.no_reuse is redefined as a global zend_object_store_no_reuse, to avoid alignment issues
Alignment fix, as per @nikic
The test scripts bug64720.phpt and bug68652.phpt were relying on the buggy behavior, when PHP returns "Undefined static property" error due to class entry corruption. With my fix for bug 74053, both tests return no errors now, I corrected the EXPECTF accordingly
Bug Fix: Corrupted class entries on shutdown when a destructor spawns another object (C) 2017 CommerceByte Consulting
configure.ac was introduced in 2001 with automake-1.15 and autoconf-2.50
to replace the file named configure.in.
Autotools is preparing to remove configure.in in Automake 2.0.
All new software should be using configure.ac.
This also fixes Bug #69770 where extensions are creating configure.in
Signed-off-by: Brian Evans <grknight@gentoo.org>
HT functions that modify the array now assert that rc=1. As we don't
respect this COW constraint everywhere, either for a good reason or
because fixing it would take more work, we provide an escape hatch
in the form of HT_ALLOW_COW_VIOLATION(ht). If this macro is called
assertions on this ht are disabled. The macro is a no-op in release
mode.
php_check_open_basedir() expects a local filesystem path,
but we're handing it a `glob://...` URI instead.
Move the check to after the path trim so that we're checking
a meaningful pathspec.
As fcgi_request is an opaque struct as of PHP 7, expose a new API
function fcgi_end() which does fcgi_flush() with end=1 and checks/
sets the ->ended flag.
"closed" refers to whether FCGI_END_REQUEST has been sent, while
the "close" operation does something entirely different. It gets
extra confusing when fcgi_is_closed() does not actually return
fcgi_request.closed...
vs(tr)pprintf is now implemented in Zend on top of
printf_to_smart_str(int), which is provided as a utility function.
This allows us to efficiently printf to the end of a smart string.
It's annoying that in Zend you have to use zend_strpprintf instead
of strpprintf, while in PHP you have to use strpprintf instead of
zend_strpprintf.
Make zend_s(tr)pprintf always available and keep s(tr)pprintf as
macro aliases.
If PHP CLI is used with programs with no Unicode support, the default
PHP console codepage might cause backward incompatible behaviors. This
is solved with this patch by separating the handling of I/O codepage.
As per https://wiki.php.net/rfc/default_encoding input_encodnig and
output_encoding are centralized INI settings, so they're used for the
purpose of adjusting the codepage. This gives user the ability to use
UTF-8 internally, while letting the system API to convert the output
to a compatible codepage. This also might solve the font issues on
systems without good true type support.
Note, that there no change to the default behavior - if input and
output encoding are not set, which is the default case, the default
charset applies to both console input and output. The patch is just
a compilment to the backward compatibility, not more and not less.
If this does not break the Unix system somehow, I'll be amazed. This should get most of it out, apologies for any errors this may cause on non-Windows ends which I cannot test atm.
If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be pointing
at unallocated memory.
Catch the bailout, clear the variable, then continue bailing.
Closes https://bugs.php.net/bug.php?id=73188
(cherry picked from commit 9f86cdaf7f)
If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be pointing
at unallocated memory.
Catch the bailout, clear the variable, then continue bailing.
Closes https://bugs.php.net/bug.php?id=73188
If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be pointing
at unallocated memory.
Catch the bailout, clear the variable, then continue bailing.
Closes https://bugs.php.net/bug.php?id=73188
If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be pointing
at unallocated memory.
Catch the bailout, clear the variable, then continue bailing.
Closes https://bugs.php.net/bug.php?id=73188
E_RECOVERABLE errors are reported as "Catchable fatal error". This is
misleading, because they actually can't be caught via try-catch statements.
Therefore we change the wording to "Recoverable fatal error" as suggested by
Nikita.
As revealed by #72857, this value conflicts with the xport option.
Wrong code can otherwise cause streams misbehave, fe if local and
network streams APIs are mixed.
This is one of the last old and odd deprecated settings we still have in PHP, it was never fully implemented in all the database extensions and should probably have been gone back in 5.4, along with safe_mode. Although if my memory strikes me right, mysql was also supporting it back then, but not mysqli.
So far only interbase was supporting this feature, and the removal of it causes two effects for interbase:
- CREATE DATABASE is now allowed no matter
- The default database set by php.ini (ibase.default_db) is no longer forced
http://php.net/ini.core#ini.sql.safe-mode
This moves the WSACleanup() call to after zend_shutdown() in main.c, I did some testing and I could not find any issues with this. I don't expect this to cause any issues on Netware either, although untested as I do not have such an env available (do we even support Netware anymore? Last release was in 2009 and it is now discontinued)
Besides the movie, then this commit also contains a fix to the check of WSAStartup() where we don't actually confirm we get the desired version of the winsock.dll (We use 2.0).
zlib: support is broken since a really long time.
It never worked on versions >= PHP5.6 so we can just remove
this dead code.
Bug was introduced 2006-05-14 (Before 5.2.0)
As the tests already show, the data URI wrapper is supposed to fail
for corrupt input, but for some reason, one case of invalid input is
still allowed to pass?! Strict base64 makes a lot more sense here.
Also, Chromium and Firefox fail on invalid base64, so it's a logical
choice for PHP as well.
* PHP-7.0: (27 commits)
fix#72519, possible OOB using imagegif
fix#72512, invalid read or write for palette image when invalid transparent index is used
Apparently some envs miss SIZE_MAX
Fix tests
Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
Partial fix for bug #72613 - do not allow reading past error read
Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
update NEWS
Fixed bug #72570 Segmentation fault when binding parameters on a query without placeholders
Fix bug #72562 - destroy var_hash properly
Fix bug #72551 and bug #72552 - check before converting size_t->int
Fix bug #72541 - size_t overflow lead to heap corruption
Fix bug #72533 (locale_accept_from_http out-of-bounds access)
Fix fir bug #72520
Fix for bug #72513
Fix for bug #72513
CS fix and comments with bug ID
...
Conflicts:
ext/standard/basic_functions.c
* PHP-5.6:
fix#72519, possible OOB using imagegif
fix#72512, invalid read or write for palette image when invalid transparent index is used
Apparently some envs miss SIZE_MAX
Fix tests
Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
Fix bug #72562 - destroy var_hash properly
Fix bug #72533 (locale_accept_from_http out-of-bounds access)
Fix fir bug #72520
Fix for bug #72513
Fix for bug #72513
CS fix and comments with bug ID
Fix for HTTP_PROXY issue.
5.6.24RC1
add tests for bug #72512
Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
Fixed bug #72479 - same as #72434
Conflicts:
Zend/zend_virtual_cwd.c
ext/bz2/bz2.c
ext/exif/exif.c
ext/session/session.c
ext/snmp/snmp.c
ext/standard/basic_functions.c
main/SAPI.c
main/php_variables.c
* PHP-5.5:
fix#72519, possible OOB using imagegif
fix#72512, invalid read or write for palette image when invalid transparent index is used
Apparently some envs miss SIZE_MAX
Fix tests
Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
Fix bug #72562 - destroy var_hash properly
Fix bug #72533 (locale_accept_from_http out-of-bounds access)
Fix fir bug #72520
Fix for bug #72513
CS fix and comments with bug ID
Fix for HTTP_PROXY issue.
add tests for bug #72512
Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
Fixed bug #72479 - same as #72434
Conflicts:
ext/bz2/bz2.c
main/SAPI.c
main/php_variables.c
This mainly involves a separate abstraction layer for elements (e.g. $a->b) and watchpoints (on pointer of the Bucket for example).
Also better comparison handling (value backup vs. page dumps).
It is not yet finished (there are sometimes false positives announced and names not yet perfect), but the functionality is working and not crashing as far as I have tested.
Future scope is also relative watchpoints, e.g. "w $this->val expression()" which does not have the symbol tables as basis, but the value (in this example: return value of expression()) as basis.
The following changes are made:
- _SERVER/_ENV only has HTTP_PROXY if the local environment has it,
and only one from the environment.
- getenv('HTTP_PROXY') only returns one from the local environment
- getenv has optional second parameter, telling it to only consider
local environment
To give userland developers who work with large numbers of file descriptors
the opportunity to avoid problems on systems which may not support that
many descriptors (e.g. when calling socket_select()), we make FD_SETSIZE
available in PHP as PHP_FD_SETSIZE.
