When we decrement the refcount of a node's document, we state that we
won't need it anymore. Therefore we can *always* set the pointer to the
document to NULL, what avoids invalid memory accesses for some edge cases
as demonstrated with the PHPT.
Original patch provided by Sean Heelan.
Assigning to DOMNode::textContent encodes entities, what does not match the
behavior of DOMText::__construct() and DOMDocument::createTextNode. This patch
changes the behavior of DOMNode::textContent in this regard.
* PHP-5.5:
Fix bug #69646 OS command injection vulnerability in escapeshellarg
Fix#69719 - more checks for nulls in paths
fix test description
Fixed Buf #68812 Unchecked return value.
* PHP-5.5: (27 commits)
fix non-standard C
update NEWS
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix test
fix type in fix for #69085
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
...
Conflicts:
ext/standard/http_fopen_wrapper.c
* PHP-5.4.40:
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
Fixed bug #68901 (use after free)
Fixed bug #68740 (NULL Pointer Dereference)
Fix bug #66550 (SQLite prepared statement use-after-free)
Better fix for #68601 for perf 81e9a993f2
Fix bug #68601 buffer read overflow in gd_gif_in.c
Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
Fixed bug #69293
Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
Passing DOMDocumentFragment to DOMDocument::saveHTML()
produces invalid markup, because a DocumentFragment is just a container
for child nodes and not a real node itself.
* PHP-5.4:
Suppress compiler warning "warning: variable ‘length’ set but not used [-Wunused-but-set-variable]"
Suppress compiler warning "warning: variable ‘retcount’ set but not used [-Wunused-but-set-variable]"
tests for error1: not well formed xml
tests for error2: not well formed xml attribute without colon
tests for error2: not well formed xml, typo
tests for error4: wrong xml version
tests for error5: extra content at the end of the doc
tests libxml_dtd_load
tests libxml_dtd_valid
tests for libdtd_noerror
tests for LIBXML_DTDATTR, LIBXML_NOCDATA, LIBXML_NOENT and LIBXML_NOBLANKS
the basic behavior
fix comments