Adding two `zend_long`s may overflow, and casting `size_t` to
`zend_long` may truncate; we can avoid this here by enforcing unsigned
arithmetic.
Closes GH-7240.
These are deprecated in favor of date()/DateTime::format() (for
locale-indendent formatting) and IntlDateFormatter::format()
(for locale-dependent formatting).
Part of https://wiki.php.net/rfc/deprecations_php_8_1.
We specify that this needs to return an int, so do so.
PSFS_ERR_FATAL has value 0 which is what the null value previously
returned would be interpreted as.
Thanks to Joe Drago for help with the AVIF detection code.
Co-authored-by: Nikita Popov <nikita.ppv@googlemail.com>
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
Closes GH-7091.
I was trying to figure out when fgetcsv parsing can return false.
Apparently this can only happen if there is an unclosed enclosure
and no terminating newline -- why does the newline matter???
As suggested on the patch discussion, adding init/end macros. Plus,
prefixed the new functions with php_ to avoid possible symbol conflicts.
Signed-off-by: Anatol Belski <ab@php.net>
That happens on Travis s390x for whatever reasons. Thus, instead of
checking for `fallocate -h`, we attempt the real allocation and skip if
that fails.
When mapping the file, we need to pass the proper `dwFileOffsetHigh`
instead of `0`.
Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
Closes GH-7158.
This reverts commit a3e55286a6.
This commit broke the build for OSX before Sierra.
The apple documentation states the equivalent uses raw uptime, and
the source code of the non portable function says raw uptime would
call the same routine we were calling before this commit.
Since the correct version of this commit - according to docs -
would bring no value whatsoever, and this version breaks the build
there doesn't seem any sense in making this change.
On IBM i, getifaddrs is available renamed as Qp2getifaddrs; freeifaddrs
and struct ifaddr follow a similar fate. I assume this is in case AIX
decides to add it (as if). As such, just use the same implementation,
but rename the standard ones to the IBM i definitions and include its
header.
Updates the deprecation message for implicit incompatible float to int conversion from:
```
Implicit conversion from non-compatible float %.*H to int in %s on line %d
```
to
```
Implicit conversion from float %.*H to int loses precision in %s on line %d
```
Related: #6661
As PHP has a minimum memory usage of 2M (size of allocator chunk),
setting a limit below that value is not meaningful and will be
automatically rounded up to the chunk size. Rather than doing this
silently, show the newly introduced error message.
The memory limit had to be increased to 2M for a number of tests.
tests/lang/bug45392 has been marked as XFAIL. This old bugfix is
not working as intended. The memory limit in main's `PG(memory_limit)`
differs from the one in zend_alloc. In zend_alloc the `AG(mm_heap)->limit`
is defined as `max(passed_value, ZEND_MM_CHUNK_SIZE)`. The check made in
an unclean shutdown will never be true unless the memory limit is lower
than ZEND_MM_CHUNK_SIZE, which happened to be the case in the test.
https://bugs.php.net/bug.php?id=45392fcc0fdd125
This format matches against null bytes, and prevents the test
expectation from being interpreted as binary data.
bless_tests.php will automatically replace \0 with %0 as well.
While resolving the path, the last step will reduce it down to ""
(an empty string) and realpath() will resolve this to getcwd().
If open_basedir contains the CWD, then that means open_basedir
will be bypassed for paths that don't have any components that
exist (if one of the components exists, then we abort the realpath
loop at that point).
Closes GH-7015.
If the connection times out rather than being refused outright,
don't wait the full 60 seconds that are used by default. If this
happens, the error message will also be different.
Now that we properly dereference references of the superglobals. we
also need to dereference contained references to avoid to string
conversion.
Closes GH-7014.
In the meantime, additional tests for ftp:// with opendir() have
been added, which tests actual behavior against a server. This one
just uses localhost (without running a server), which can make the
test very slow on systems that don't refuse the connection outright.
The object hash is not particularly useful (anymore) and just
clutters the output. It encodes the same information as the
object ID, which is already part of the output.
Create name using either zend_init_string_fast (no repetitions) or by concatenating the name with zend_print_ulong_to_buf. This is much more efficient than using snprintf. We also avoid repeated strlen() calculations.
compact() is documented (https://www.php.net/manual/en/function.compact) as a variadic function accepting parameters which are strings or arrays of strings referencing defined symbols.
In actuality, passing nonsense parameters e.g. compact(true, 42) merely returns an empty array. I propose throwing a warning in these cases, to prevent silent bugs.
This is a re-application of the original match against master.
The patch was originally applied to master, then reverted from
there, incorrectly applied to PHP-8.0, reverted from there due
to ABI break, and now lands on master again. We can only hope
that it does not get reverted again ;)
Use FCI/FCC structure instead of custom implementation which does the same.
This also fixes the "bug" which prevented static methods from being shutdown functions.
Closes GH-5829
Co-authored-by: Aaron Piotrowski <aaron@trowski.com>
* Fix return type of php_user_filter::onCreate()
* Fix return type of mysqli::init()
* Fix return type of UConverter::fromUCallback() and UConverter::toUCallback()
zend_string_dup() can return the original string if it is interned.
Of course, the string can't be interned here, but GCC doesn't know
that and throws a warning in release builds.
Replace zend_string_dup() (which is a bad API anyway) with a direct
call to zend_string_init(), which makes it more obvious that the
original alloca'd string cannot be reused.
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
If Serializable is implemented, require that __serialize() and
__unserialize() are implemented as well, else issue a deprecation
warning.
Also deprecate use of PDO::FETCH_SERIALIZE.
RFC: https://wiki.php.net/rfc/phase_out_serializable
Closes GH-6494.
The ASSERT_CALLBACK value is not validated at all -- it's possible
to set it to an arbitrary value. As such, the function can also
return any value or type (even without outright abuse, the opcache
func info was wrong in that the return can be rcn, and the array
can be array_of_ref).
The deprecation of passing null is thrown otherwise.
If the timeout is calculated conditionally before calling stream_select(), passing to avoid the deprecation seems unreasonable, example:
7d4bbc6e0b/lib/Loop/NativeDriver.php (L286)
Also enforce that if $seconds is null, then $microseconds should be null as well. However 0 is still accepted (with deprecation) for backwards compatibility.
Firstly, we must not forget to set appropriate error codes for "manual"
checks in `virtual_file_ex()`.
Secondly, we must not call `php_error_docref2()` for warnings regarding
unary functions; thus, we introduce `php_win32_docref1_from_error()`.
Closes GH-6872.
fsync is a straightforward wrapper around the same C function
(implemented on Windows API as _commit() with identical signature).
From the man pages:
fsync() transfers ("flushes") all modified in-core data of (i.e.,
modified buffer cache pages for) the file referred to by the file
descriptor fd to the disk device (or other permanent storage
device) so that all changed information can be retrieved even if
the system crashes or is rebooted. This includes writing through
or flushing a disk cache if present. The call blocks until the
device reports that the transfer has completed.
RFC: https://wiki.php.net/rfc/fsync_function
Closes GH-6650.
We can use unwind_exit instead of the evil zend_bailout without breaking the original behavior in this way because the original zend_bailout will longjmp out of the executor, so the exception will never be caught and it always triggers the E_ERROR here.
The actual name of this function is dir(), but ever since it was
introduced in PHP 3, its internal name was "getdir", leading to it
being mistaken for an alias. This went unnoticed until the switch
to stubs for generating arginfo, at which point getdir() became a
real but undocumented function.
Fixes bug #80914.
Closes GH-6855.
When serialising object properties, they are oftet may override the
default values, however default values are most often scalars, interned
strings or immutable arrays.
This doesn't seem to serve a purpose anymore. Stats are expensive,
so doing an unnecessary stat just to short-circuit the zero size
case is rather dubious. It can also break with stream wrappers
that return inaccurate sizes (symfony/symfony#40574) and probably
can also break with stream filters.
Drop the special case and adjust code to make it more obvious that
it will still be handled correctly.
Closes GH-6807.
When opening HTTP streams, and reading the headers, we currently
discard header lines longer than `HTTP_HEADER_BLOCK_SIZE` (1024 bytes).
While this is not generally forbidden by RFC 7230, section 3.2.5, it
is not generally allowed either, since that may change the "message
framing or response semantics".
We thus fix this by allowing arbitrarily long header lines.
Closes GH-6720.
So far, `SendText()` simply separates potential email address lists at
any comma, disregarding that commas inside a quoted-string do not
delimit addresses. We fix that by introducing an own variant of
`strtok_r()` which caters to quoted-strings.
We also make `FormatEmailAddress()` aware of quoted strings.
We do not cater to email address comments, and potentially other quirks
of RFC 5322 email addresses, but catering to quoted-strings is supposed
to solve almost all practical use cases.
Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
Closes GH-6735.
Because of the memcpy, compilers can't infer that ZSTR_LEN (i.e. class_name->len)
did not change, so they copy it out of memory into a register for the last two
accesses.
php_var_serialize_string already does something similar.
Closes GH-6734
First, the `bzip2.compress` filter has the same issue as `zlib.deflate`
so we port the respective fix[1] to ext/bz2.
Second, there is still an issue, if a stream with an attached
compression filter is flushed before it is closed, without any writes
in between. In that case, the compression is never finalized. We fix
this by enforcing a `_php_stream_flush()` with the `closing` flag set
in `_php_stream_free()`, whenever a write filter is attached. This
call is superfluous for most write filters, but does not hurt, even
when it is unnecessary.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=20e75329f2adb11dd231852c061926d0e4080929>
Closes GH-6703.
The UNDEF marker here is important to prevent the creation of
a reference to the property currently being overwritten, which
would then leak.
This fixes oss-fuzz 6029559193534464, which was incorrectly
merged into oss-fuzz #30584 (which is reported at
https://github.com/google/oss-fuzz/issues/5211).
This restores the previous behavior for this case. We'll continue
to use the mangled name, even if it does not correspond to a
declared property.
This also fixes an assertion failure for the case of property
overwrite, as the add_new was not guaranteed to be "new" previously.
Fixes oss-fuzz #31045.
This deprecates passing null to non-nullable scale arguments of
internal functions, with the eventual goal of making the behavior
consistent with userland functions, where null is never accepted
for non-nullable arguments.
This change is expected to cause quite a lot of fallout. In most
cases, calling code should be adjusted to avoid passing null. In
some cases, PHP should be adjusted to make some function arguments
nullable. I have already fixed a number of functions before landing
this, but feel free to file a bug if you encounter a function that
doesn't accept null, but probably should. (The rule of thumb for
this to be applicable is that the function must have special behavior
for 0 or "", which is distinct from the natural behavior of the
parameter.)
RFC: https://wiki.php.net/rfc/deprecate_null_to_scalar_internal_arg
Closes GH-6475.
This changes ini_set() to accept all scalar types
(string|int|float|bool|null) for the new value. The idea here is
that while the INI system ultimately works with strings, its value
interpretation is designed to be consistent with PHP's casting rules,
e.g. "1" and "" are interpreted as boolean true and false respectively.
I personally believe that writing ini_set('precision', 10) makes more
sense than ini_set('precision', '10'), and find strict_types to be
unnecessarily pedantic here.
Closes GH-6680.
The get_info() handler should never fail, but even if it does,
we should still return a proper info array -- it doesn't make
sense that a completely incorrect hash returns an info array,
but a hash that is recognized but for which the options can't
be extracted would return null.
We need to handle the case where a CRLF after a Bcc header is not the
beginning of a folding marker, because in that case the Bcc header was
not the last "thing".
Closes GH-6666.
We remove the arbitrary restriction to `INT_MAX`; it is superfluous on
32bit systems where `ZEND_LONG_MAX == INT_MAX` anyway, and not useful
on 64bit systems, where larger files should be readable, if the
`memory_limit` is large enough.
Closes GH-6648.
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.
[1] <5174de7cd3 (commitcomment-45967652)>
This function tests if an array contains only sequential integer keys. While
list isn't an official type, this usage is consistent with the community usage
of "list" as an annotation type, cf.
https://psalm.dev/docs/annotating_code/type_syntax/array_types/#lists
Rebased and modified version of #4886
- Use .stub.php files
- Add opcache constant evaluation when argument is a constant
- Change from is_list(mixed $value) to array_is_list(array $array)
RFC: https://wiki.php.net/rfc/is_list
Co-Authored-By: Tyson Andre <tysonandre775@hotmail.com>
Co-Authored-By: Dusk <dusk@woofle.net>
Closes GH-6070
Check open_basedir after the fallback to the system's temporary
directory in tempnam().
In order to preserve the current behavior of upload_tmp_dir
(do not check explicitly specified dir, but check fallback),
new flags are added to check open_basedir for explicit dir
and for fallback.
Closes GH-6526.
Some functions have multiple aliases, while the $aliasMap can
only record one.
Methodsynopsis generation probably shouldn't use it either, but
at least that case seems to only be interested in whether there
is an alias at all.
This is slightly more aggressive about rejecting obviously incorrect
element counts. Previously the number of elements was allowed to
match the number of characters. Now it is the number of characters
divided by two (this can actually be increased further to at least 4).
This doesn't really matter in the grand scheme of things (as it
just cuts maximum memory usage by half), but should fix
oss-fuzz #29356.
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool is retained as an alias.
debug_zval_dump() currently prints refcount 1 for interned strings
and arrays, which does not really reflect the truth. These values
are not refcounted, so the refcount is misleading. Instead print
an "interned" tag.
Closes GH-6598.
Historically, the _ex variants separated the zval first, if a
conversion was necessary. This distinction no longer makes sense
since PHP 7.
The only difference that was still left is that _ex checked whether
the type is the same first, but the usage of these macros did not
actually distinguish on whether such an inlined check is valuable
or not in a given context.
Also drop the unused convert_to_explicit_type macros.
Separation can only possibly make sense for array parameters
(or something that can contain arrays, like zval parameters). It
never makes sense to separate a bool.
The deref parameters are also of dubious utility, but leaving them
for now.
