After commit 3e62aae1, number_format() returns string with length,
but _php_math_number_format_ex_len() didn't set string length
on nan and inf. This cause segfault when destruct the return value.
- removed php_logo_guid()
- removed php_egg_logo_guid()
- removed php_real_logo_guid()
- removed zend_logo_guid()
- removed logo GUID handling
- removed logo GUIDs from source
- added logo data URIs instead for phpinfo()
- added credits to phpinfo() page, but hidden by default
The test is known to fail on windows with zlib version < 1.2.7 (current dep is 1.2.5),
with 1.2.7 it works. As it's primarily a zlib 1.2.5 issue on windows, skip it for now.
* upstream/master: (101 commits)
Fixed Bug #62500 (Segfault in DateInterval class when extended)
Fixed test bug #62312 (warnings changed one more time)
fix valgrind warning
fix valgrind warning
fixed#62433 test for win
update NEWS
Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false)
appease MSVC (doesnt like unary minus of unsigned ints)
appease MSVC (doesnt like unary minus of unsigned ints)
appease MSVC (doesnt like unary minus of unsigned ints)
- Fixed bug #62507 (['REQUEST_TIME'] under mod_php5 returns miliseconds instead of seconds)
Fixed Bug #62500 (Segfault in DateInterval class when extended)
Added in NEWS and UPGRADING for feature 55218
Fix two issues with run-tests.php
Fix potential integer overflow in nl2br
Fix potential integer overflow in bin2hex
This wil be PHP 5.3.16
Revert change 3f3ad30c50: There shouldn't be new features in 5.3, especially not if they aren't in 5.4, too.
fix (signed) integer overflow (part of bug #52550
fix (signed) integer overflow (part of bug #52550
...
* PHP-5.4:
update NEWS
Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false)
appease MSVC (doesnt like unary minus of unsigned ints)
appease MSVC (doesnt like unary minus of unsigned ints)
The buffer size was calculated manually, thus creating integer overflows
for very large inputs, e.g. nl2br(str_repeat("\n", 613566757)).
The code now uses safe_emalloc, thus making the code throw an error
instead of crashing.
The code was already using safe_emalloc but did the multiplication in
the first argument, thus making the use of safe_emalloc pretty useless.
The *2 is now moved to the second argument.
Use salt_len_in instead of strlen(salt) or PHP_MAX_SALT_LEN, otherwise too
much memory will be allocated.
sha512 has a 86 character checksum, not 43. That probably was a copy&paste
from the sha256 code which indeed has 43.
The allocation also was using sizeof(char *), thus allocating 4 or 8 times
as much memory as necessary. The sizeof(char *) was removed in the 5.4
branch in b7a92c9 but forgotten on 5.3.
The memset 0 call was using PHP_MAX_SALT_LEN which can be smaller than the
output buffer and thus not zeroing out everything. Use the size of the
output buffer (needed) instead.
json_encode() no longer throws warnings. Instead only the error code for
json_last_error() is set.
As it is hard to debug the error from just an error code an optional
$as_string parameter was added to json_last_error(), which returns an
error message instead of an error code.
* break_iterator:
Fix typo in error message
BreakIterator: fix compat with old ICU versions
Fix build error one ext/intl
BreakIterator::getPartsIterator: new optional arg
Added IntlCodePointBreakIterator.
Add Intl prefix to BreakIterator/RuleBasedBI
Remove trailing space
Replaced zend_parse_method_params with plain zpp
BreakIter: Removed getAvailableLocales/getHashCode
Change in BreakIterator::getPartsIterator()
BreakIterator: add rules status constants
Tests for (RuleBased)BreakIterator.
BreakIterator and RuleBasedBreakiterator added
This was causing segfaults at least in the resourcebundle
constructor.
Also moved intl_locale_get_default() to a more central location
and fixed a constness warning in resourcebundle_ctor().
base64_encode used safe_emalloc, but one of the arguments was derived from a
multiplication, thus making the allocation unsafe again.
There was a size check in place, but it was off by a factor of two as it
didn't account for the signedness of the integer type.
The unsafe allocation is not exploitable, but still causes funny behavior
when the sized overflows into a negative number.
To fix the issue the *4 factor is moved into the size argument (where it is
known to be safe), so safe_emalloc can carry out the multiplication.
The size check is removed as it doesn't really make sense once safe_emalloc
works correctly. (Would only cause base64_encode to silently return false
instead of throwing an error. Also could cause problems with other uses of
the base64 encoding API, which all don't check for a NULL return value.)
Furthermore the (length + 2) < 0 check is replaced with just length < 0.
Allowing lengths -2 and -1 doesn't make sense semantically and also is not
honored in the following code (negative length would access unallocated
memory.)
Actually the length < 0 check doesn't make sense altogether, but I left it
there just to be safe.
json_encode() now returns bool(false) for all possible errors, throws the
respective warning and also sets the respective json_last_error() error
code. Three new error codes have been added:
* JSON_ERROR_RECURSION
* JSON_ERROR_INF_OR_NAN
* JSON_ERROR_UNSUPPORTED_TYPE
To get a partial JSON output instead of bool(false) the option
JSON_PARTIAL_OUTPUT_ON_ERROR can be specified. In this case the invalid
segments will be replaced either by null (for recursion, unsupported type
and invalid JSON) or 0 (for Inf and NaN).
The warning for invalid UTF-8 stays intact and is thrown also with
display_errors = On. If this behavior is undesired this can be remedied
later.
Can take one of:
* IntlPartsIterator::KEY_SEQUENTIAL (keys are 0, 1, ...)
* IntlPartsIterator::KEY_LEFT (keys are left boundaries)
* IntlPartsIterator::KEY_LEFT (keys are right boundaries)
The default is IntlPartsIterator::KEY_SEQUENTIAL (the previous behavior).
Objects of this class can be instantiated with
IntlBreakIterator::createCodePointInstance()
The method does not take a locale, as it would not make sense in this
context.
This class has one additional method:
long IntlCodePointIterator::getLastCodePoint()
which returns either -1 or the last code point we moved over, if any
(and discounting any movement before the last call to
IntlBreakIterator::first() or IntlBreakIterator::last()).
* 5.4:
Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell.
Add PBKDF2 support via openssl()
Conflicts:
ext/openssl/openssl.c
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.
Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.
Will backport to 5.4 potentially with Stas' approval.
Test Plan:
Ran newly added tests which came from RFC 6070
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.
Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.
Will backport to 5.4 potentially with Stas' approval.
Test Plan:
Ran newly added tests which came from RFC 6070
Summary:
No easy way to put these in the hash extension since we don't really support optional
parameters to certain algorithms. Implemented in openssl for now since it has it already
and is pretty stable.
Only SHA1 is confirmed to work as an algorithm but openssl has a parameter so it can be
changed in the future.
Will backport to 5.4 potentially with Stas' approval.
Test Plan:
Ran newly added tests which came from RFC 6070
BreakIterator::getPartsIterator() now returns an IntlIterator subclass
with a special method, getBreakIterator(), that returns the
associated BreakIterator.
Any call to getRuleStatus() is forwarded to the BreakIterator.
Custom extension segfaults during xmlParseFile with FPM SAPI
because the regular list is not prepared during the MINIT phase
and our custom external entity loader tries to open PHP streams.
* PHP-5.4:
zip windows fixes
fixed bc break related to #57905
fixed a bit overlooked from the last libzip port
brought the fix for #47667 back
fixed zip entry freeing
rechecked the merged libzip, took also the indents from the original to avoid confusion next time
fixed a double freeing crash
fixed header include
initial libzip upgrade patch to 0.10.1
- BFN
* PHP-5.3:
zip windows fixes
fixed bc break related to #57905
fixed a bit overlooked from the last libzip port
brought the fix for #47667 back
fixed zip entry freeing
rechecked the merged libzip, took also the indents from the original to avoid confusion next time
fixed a double freeing crash
fixed header include
initial libzip upgrade patch to 0.10.1
- BFN
Conflicts:
NEWS
Modify the scanner to check if the first char of the raw data is an opening " in which case we
need to find the closing one. Otherwise just search for the next end of value char [\r\n;\000]
By Gustavo André dos Santos Lopes (4) and others
via Felipe Pena (2) and Xinchen Hui (2)
* PHP-5.4:
Remove unused codes
based on microsoft's description,the direct convert from FILETIME struct to __int64 is unsafe.
merge 5.3 entries
restore NEWS
Fix ext/intl build on ICU < 4.8
Optimization in ext/intl/msgformat
Fixed tests in ext/intl
Changed XFAILed collator_get_sort_key.phpt
By Gustavo André dos Santos Lopes (4) and others
via Felipe Pena (1) and Xinchen Hui (1)
* PHP-5.3:
Remove unused codes
based on microsoft's description,the direct convert from FILETIME struct to __int64 is unsafe.
Fix ext/intl build on ICU < 4.8
Optimization in ext/intl/msgformat
Fixed tests in ext/intl
Changed XFAILed collator_get_sort_key.phpt
This commit adds wrappers for the classes BreakIterator and
RuleBasedbreakIterator. The C++ ICU classes are described here:
<http://icu-project.org/apiref/icu4c/classBreakIterator.html>
<http://icu-project.org/apiref/icu4c/classRuleBasedBreakIterator.html>
Additionally, a tutorial is available at:
<http://userguide.icu-project.org/boundaryanalysis>
This implementation wraps UTF-8 text in a UText. The text is
iterated without any copying or conversion to UTF-16. There is
also no validation that the input is actually UTF-8; where there
are malformed sequences, the UText will simply U+FFFD.
The class BreakIterator cannot be instantiated directly (has a
private constructor). It provides the interface exposed by the ICU
abstract class with the same name. The PHP class is not abstract
because we may use it to wrap native subclasses of BreakIterator
that we don't know how to wrap. This class includes methods to
move the iterator position to the beginning (first()), to the
end (last()), forward (next()), backwards (previous()), to the
boundary preceding a certain position (preceding()) and following
a certain position (following()) and to obtain the current position
(current()). next() can also be used to advance or recede an
arbitrary number of positions.
BreakIterator also exposes other native methods:
getAvailableLocales(), getLocale() and factory methods to build
several predefined types of BreakIterators: createWordInstance()
for word boundaries, createCharacterInstance() for locale
dependent notions of "characters", createSentenceInstance() for
sentences, createLineInstance() and createTitleInstance() -- for
title casing breaks. These factories currently return
RuleBasedbreakIterators where the names of the rule sets are found
in the ICU data, observing the passed locale (although the locale
is taken into considering there are very few exceptions to the
root rules).
The clone and compare_object PHP object handlers are also
implemented, though the comparison does not yield meaningful results
when used with >, <, >= and <=.
Note that BreakIterator is an iterator only in the sense of the
first 'Iterator' in 'IteratorIterator', i.e., it does not
implement the Iterator interface. The reason is that there is
no sensible implementation for Iterator::key(). Using it for
an ordinal of the current boundary is not feasible because
we are allowed to move to any boundary at any time. It we were
to determine the current ordinal when last() is called we'd
have to traverse the whole input text to find out how many
breaks there were before. Therefore, BreakIterator implements
only Traversable. It can be wrapped in an IteratorIterator,
but the usual warnings apply.
Finally, I added a convenience method to BreakIterator:
getPartsIterator(). This provides an IntlIterator, backed
by the BreakIterator PHP object (i.e. moving the pointer or
changing the text in BreakIterator affects the iterator
and also moving the iterator affects the backing BreakIterator),
which allows traversing the text between each boundary.
This iterator uses the original text to retrieve the text
between two positions, not the code points returned by the
wrapping UText. Therefore, if the text includes invalid code
unit sequences, these invalid sequences will be in the output
of this iterator, not U+FFFD code points.
The class RuleBasedIterator exposes a constructor that allows
building an iterator from arbitrary compiled or non-compiled
rules. The form of these rules in described in the tutorial linked
above. The rest of the methods allow retrieving the rules --
getRules() and getCompiledRules() --, a hash code of the rule set
(hashCode()) and the rules statuses (getRuleStatus() and
getRuleStatusVec()).
Because the RuleBasedBreakIterator constructor may return parse
errors, I reuse the UParseError to text function that was in the
transliterator files. Therefore, I move that function to
intl_error.c.
common_enum.cpp was also changed, mainly to expose previously
static functions. This avoided code duplication when implementing
the BreakIterator iterator and the IntlIterator returned by
BreakIterator::getPartsIterator().
Ressurected and limited to ICU 4.8 in the hope that the sort keys
will remain stable in more recent ICU versions. I have only tested
with ICU 4.8 so far.
* datefmt_tz_cal_interop:
Added and fixed tests given eb346ef
DateFormat plays nice with Calendar, TimeZone
Added private constructor to IntlTimeZone.
Fixed write in constant memory.
The following changes were made:
* The IntlDateFormatter constructor now accepts the usual values
for its $timezone argument. This includes timezone identifiers,
IntlTimeZone objects, DateTimeZone objects and NULL. An empty
string is not accepted. An invalid time zone is no longer accepted
(it used to use UTC in this case).
* When NULL is passed to IntlDateFormatter, the time zone specified in
date.timezone is used instead of the ICU default.
* The IntlDateFormatter $calendar argument now accepts also an
IntlCalendar. In this case, IntlDateFormatter::getCalendar() will
return false.
* The time zone passed to the IntlDateFormatter is ignored if it is
NULL and if the calendar passed is an IntlCalendar object -- in this
case, the IntlCalendar time zone will be used instead. Otherwise,
the time zone specified in the $timezone argument is used instead.
* Added IntlDateFormatter::getCalendarObject(), which always returns
the IntlCalendar object that backs the DateFormat, even if a
constant was passed to the constructor, i.e., if an IntlCalendar
was not passed to the constructor.
* Added IntlDateFormatter::setTimeZone(). It accepts the usual values
for time zone arguments. If NULL is passed, the time zone of the
IntlDateFormatter WILL be overridden with the default time zone,
even if an IntlCalendar object was passed to the constructor.
* Added IntlDateFormatter::getTimeZone(), which returns the time zone
that's associated with the DateFormat.
* Depreacated IntlDateFormatter::setTimeZoneId() and made it an alias
for IntlDateFormatter::setTimeZone(), as the new ::setTimeZone()
also accepts plain identifiers, besides other types.
IntlDateFormatter::getTimeZoneId() is not deprecated however.
* IntlDateFormatter::setCalendar() with a constant passed should now
work correctly. This requires saving the requested locale to the
constructor.
* Centralized the hacks required to avoid compilation disasters on
Windows due to some headers being included inside and outside of
extern "C" blocks.
* PHP-5.4:
Fix bug #62150 Test Bug - ext/fileinfo/tests/finfo_open_error.phpt
Bug #62177 deactivate the linux test version on win
Fix bug #62177 Test Bug - finfo_file_regex.phpt
* PHP-5.3:
Fix bug #62150 Test Bug - ext/fileinfo/tests/finfo_open_error.phpt
Bug #62177 deactivate the linux test version on win
Fix bug #62177 Test Bug - finfo_file_regex.phpt
* PHP-5.4: (21 commits)
Fixed bug #62176 Test Bug - sapi/cli/tests/bug61546.phpt
fix unchecked emalloc
add CVE
add bug 62146
add bug #62082
sync with HEAD
sync with HEAD
Fixed bug #61218 (the previous patch was not enough restritive on fcgi name string checks)
Fixed bug #61218 (the previous patch was not enough restritive on fcgi name string checks)
Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests)
Fixed bug #61218 (FPM drops connection while receiving some binary valuesin FastCGI requests)
Fixed bug #62033 (USR2 signal was sent even if not catch when daemonize and an error occured)
- Fixed bug #62033 (USR2 signal was sent even if not catch when daemonize and an error occured)
- Fixed bug #62160 (Add process.priority to set nice(2) priorities)
- Fixed bug #62160 (Add process.priority to set nice(2) priorities)
- add missing headers to avoid warnings
- add missing headers to avoid warnings
- Fixed bug #62153 (when using unix sockets, multiples FPM instances can be launched without errors)
- Fixed bug #62153 (when using unix sockets, multiples FPM instances can be launched without errors)
- Fixed bug #62033 (php-fpm exits with status 0 on some failures to start)
...
Conflicts:
NEWS
There's no change from the intended behavior. If INTL_G(default_locale)
is NULL, the default ICU locale, as given by locale_get_default() in
master, will still be used by ures_open().
null is now accepted for two first (mandatory arguments).
Passing null as the package name causes NULL to be passed to ICU and
the default ICU data to be loaded.
Passing null as the locale name causes the default locale to be used.
Memory leak in IntlDateFormatter constructor.
udat_setCalendar() clones the calendar before it adopts it,
so we were leaking the original calendar.
Also we now validate the calendar type.
The bug report actually urges PHP 5.3's behavior to be
reinstated -- that is, make "\0", when used as a separator,
be the same as no separator at all. I believe that is not a
proper course of action and that "\0" being interpreted as
no seperator was a bug in PHP 5.3.
Using "" for no separator, in both 5.3 and 5.4, before and
after this change, causes no separator to be used, so
there is no functionality loss.
* PHP-5.4:
Revert NEWS
Revert "Implemented FR #61602 Allow access to name of constant used as default value"
Fix typo while resolving conflicts
Revert "Implemented FR #61602 Allow access to name of constant used as default value"
This reverts commit 054f3e3ce5.
See: http://news.php.net/php.cvs/69137 and the author confirmed.
Will commit later after the author fixed this then make a new PR.
Conflicts:
ext/reflection/php_reflection.c
This reverts commit 054f3e3ce5.
See: http://news.php.net/php.cvs/69137 and the author confirmed.
Will commit later after the author fixed this then make a new PR.
Conflicts:
ext/reflection/php_reflection.c