Use ASCII case conversion instead of locale-dependent case conversion in
the following places:
* grapheme_stripos() and grapheme_strripos() in the "fast" path
* ldap_get_entries()
* oci_pconnect() for case folding of parameters when constructing a key
into the connection or session pool
* SoapClient: case folding of function names
* get_meta_tags(): case conversion of property names
* http stream wrapper: header names
* phpinfo(): anchor names
* php_verror(): docref URLs
* rfc1867.c: Content-Type boundary parameter name
* streams.c: stream protocol names
Using locale-dependent case folding for these cases is either
unnecessary or actively incorrect. These functions could have
misbehaved when used with certain locales (e.g. Turkish).
Closes GH-7511.
This was previously implicitly public due to the use of dynamic
properties. Make this internal state private.
If someone complains, we can consider relaxing this to protected
or public on a case-by-case basis.
Currently, _digest is used both to request that digest auth be
used (_digest == null) and to later store the _digest parameters.
This relies on the ability to distinguish between _digest being
null and it being not set, which is not present with declared
properties. (Well, technically it is, we could just leave it
uninitialized, but that would be non-idiomatic.)
Resolve this by splitting into separate _use_digest and _digest
properties.
Error exceptions should generally not be converted into domain-
specific exception types. They indicate programming errors that
should not be handled locally.
Instead use ssl stream context options instead. The direct
equivalent would be crypto_method, but min_proto_version /
max_proto_version are recommended instead.
Part of https://wiki.php.net/rfc/deprecations_php_8_1.
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
For rationale, see #6787
Extensions migrated in part 4:
* simplexml
* skeleton
* soap
* spl
* sqlite3
* sysvmsg
* sysvsem
* tidy - also removed a check for an ancient dependency version
`xmlNewNs()` does not XML encode the passed `href`, so we need to do
that manually.
Closes GH-6804.
Signed-off-by: Christoph M. Becker <cmbecker69@gmx.de>
The parameter is not nullable, so it will be interpreted as
an empty string anyway.
The entire code here is pretty confusing though, and probably
deserves a second loop. The HTTP code only send SOAPAction/action
if soapaction is non-NULL -- but it always is, because it is
accepted through a non-nullable string parameter.
Regarding the SOAPAction header, it appears that always sending
it is actually a requirement of the standard:
> An HTTP client MUST use this header field when issuing a SOAP
> HTTP Request.
Although it does make a distinction between absence of value and
an empty string:
> The header field value of empty string ("") means that the intent
> of the SOAP message is provided by the HTTP Request-URI. No value
> means that there is no indication of the intent of the message.
The empty string interpretation appears to be the desired one.
However, for the action MIME tag the SOAP 1.2 Part 2 specification
says that
> The media type specifies an optional action parameter, which can
> be used to optimize dispatch or routing, among other things.
but also
> The SOAP Action feature defines a single property, which is
> described in Table 14. The value of this property MUST be an
> absolute URI[RFC 3986] and MUST NOT be empty.
which would indicate that we should not be sending an empty
action here.
As I'm not familiar with SOAP and this is long-standing behavior,
I'm just leaving this alone for now...
Currently an empty string is used to unset the location. Once
again, it makes more sense to use a null value for this purpose
(though the special behavior of empty strings is retained).
The code comment above the function also explicitly indicates
that null should be accepted, and the function does return null
rather than an empty string for the old location value (if it
is missing).