Both of these functions are well-defined when used with a single
array argument -- rejecting this case was an artificial limitation.
This is not useful when called with explicit arguments, but removes
edge-cases when used with argument unpacking:
// OK even if $excludes is empty.
array_diff($array, ...$excludes);
// OK even if $arrays contains a single array only.
array_intersect(...$arrays);
This matches the behavior of functions like array_merge() and
array_push(), which also allow calls with no array or a single
array respectively.
Closes GH-6097.
This field is not used (and has not been used for a long time --
I've seen some mailing list thread from 2003 about it!) and throws
a deprecation warning. The port is part of peername instead (for
transports that support a port at all).
Currently we treat paths with null bytes as a TypeError, which is
incorrect, and rather inconsistent, as we treat empty paths as
ValueError. We do this because the error is generated by zpp and
it's easier to always throw TypeError there.
This changes the zpp implementation to throw a TypeError only if
the type is actually wrong and throw ValueError for null bytes.
The error message is also split accordingly, to be more precise.
Closes GH-6094.
RC4 is considered insecure, and it's not possible to change the
default of these functions. As such, require the method to be
passed explicitly.
Closes GH-6093.
The only thing that can promoted are the path-related checked.
Everything else is input dependent and error-suppressing these
functions is both the typical and the recommended usage.
Quoting from the bug report:
> The domain names passed to getmxrr() do not contain a trailing dot.
> DNS lookups which do not find records will (depending on the local
> resolver config) try again by adding the local domain to the end of
> the searched host/domain. In many environments there's an mx record
> for any subdomain of the local domain and the MX query will return
> a hit. But the test expects no hit. So the test fails when checking
> that "qa.php.net" does not have an MX record in DNS. In our local
> environment the resolver falls back to also check qa.php.net.kippdata.de
> which does have an MX record. Using "qa.php.net." instead of "qa.php.net"
> should fix this for everyone.
crypt() without salt generates a weak $1$ MD5 hash. It has been
throwing a notice since 2013 and we provide a much better alternative
in password_hash() (which can auto-generate salts for strong
password hashes), so keeping this is just a liability.
Create a separate general context that uses ZMM as allocator and
use it to allocate temporary PCRE match data (there is still one
global match data). There is no requirement that the match data
and the compiled regex / match context use the same general context.
This makes sure that we do not leak persistent memory on bailout
and fixes oss-fuzz #25296, on which half the libfuzzer runs
currently get stuck.
To allow exporting the php_curl.h header containing curl class
entries, split off a separate curl_private.h header with all the
implementation details.
We may move or expose additional APIs in php_curl.h on an as-needed
basis.
A recurring pattern in old extension: Putting the whole source
code behind HAVE_EXTNAME. This is pointless, as the code is only
compiled if the extension is enabled.
This removes a couple of them, but not all.
`php -a` treats lines starting with `#` as comments when deciding if
the provided statement is valid.
So it passed `#[MyAttr]` to the parser after the user hits enter,
causing a syntax error for multi-line statements..
With this patch, the following snippet is parsed correctly
```
php > #[Attr]
php > function x() { }
php > var_export((new ReflectionFunction('x'))->getAttributes()[0]->getName());
'Attr'
```
Followup to GH-6085
Closes GH-6086
