Because the UID= and PWD= values are appended to the SQLDriverConnect
case when credentials are passed, we have to append them to the string
in case users are relying on this behaviour. However, they must be
quoted, or the arguments will be invalid (or possibly more injected).
This means users had to quote arguments or append credentials to the raw
connection string themselves.
It seems that ODBC quoting rules are consistent enough (and that
Microsoft trusts them enough to encode into the .NET BCL) that we can
actually check if the string is already quoted (in case a user is
already quoting because of this not being fixed), and if not, apply the
appropriate ODBC quoting rules.
This is because the code exists in main/, and are shared between
both ODBC extensions, so it doesn't make sense for it to only exist
in one or the other. There may be a better spot for it.
Closes GH-8307.
This allows users to use PECL/zip, which is well maintained and often
brings new features which are not yet available in ext/zip, as drop-in
replacement for the official Windows php-src builds.
Closes GH-8549.
`CURLOPT_XFERINFOFUNCTION` is available as of cURL 7.32.0, and
supersedes `CURLOPT_PROGRESSFUNCTION` which is still supported by
latest cURL, though.
Closes GH-7823.
The deny_ptrace is a OS runtime setting and is off by default,
at least on workstations flavors (fedora) however it might be
different on production servers.
There are many use-cases where a PHP user is currently using sodium_compat's implementation of this low-level XChaCha20 API. For example, multi-part message processing (in low-memory settings) for a ciphertext that was encrypted with XChaCha20-Poly1305 (rather than the secretstream API).
Adding this function to ext/sodium offers better performance and lowers users' memory usage with the polyfill, and ensures that users coming from other languages that provide libsodium bindings have a more consistent experience with our bindings. This is a win-win.
This patch follows the libsodium precedent of adding functions instead of optional parameters to existing functions. The parameter order is also consistent with the C API.
https://doc.libsodium.org/advanced/stream_ciphers/xchacha20#usage
Closes GH-8276.
When we have a complex connection string (more than a DSN), PHP
appends a UID and PWD if none are present and a username and password
are called, so SQLDriverConnect works as expected.
However, it seems spprintf doesn't allocate with persistence if
required. As a result, it'll be considering leaking and crash PHP on
free when a persistent connection is used.
Closes GH-8110.
As it is now, `IntlTimeZone`, `IntlCalendar` and `IntlDateFormatter`
and some other intl class instances can be serialized, but the
representation is meaningless, and unserialization yields uninitialized/
unusable objects. To prevent users from noticing this too late, we deny
serialization of such objects in the first place.
Closes GH-7945.
Closes GH-7847
Closes GH-7852
Previously stripos/stristr would lowercase both the haystack and the
needle to reuse strpos. The approach in this PR is similar to strpos.
memchr is highly optimized so we're using it to search for the first
character of the needle in the haystack. If we find it we compare the
remaining characters of the needle manually.
The new implementation seems to perform about half as well as strpos (as
two memchr calls are necessary to find the next candidate).
See #80828 and the internals@ mailing list discussion at
https://externals.io/message/116543
Use libavifinfo's AvifInfoGetFeaturesStream() in php_handle_avif() to
get the width, height, bit depth and channel count from an AVIF
payload. Implement stream reading/skipping functions and data struct.
Use libavifinfo's AvifInfoIdentifyStream() in php_is_image_avif().
Update the expected features read from "test1pix.avif" in
getimagesize.phpt.
Closes GH-7711.
There is no particular reason to exclude wireless network interfaces
from the results of `net_get_interfaces()` on Windows, especially since
`getifaddrs(3)` includes these as well.
Closes GH-7718.
Zero-initialize the sa4/sa6 structures. On musl sin6_scope_id is
used by getnameinfo() without NI_NUMERICHOST flag. In the interest
of being conservative simply zero out everything.
We can't take ownership of the delayed autoload table here. It is
important that pending classes get loaded before resolving variance
of any nested classed, as they might actually be lower in the
hierarchy.
AIX assembler is a bit more strict than GNU assembler. Thus, adjust
the XCOFF asm files to be able to accept both assembler.
This pulls in upstream boost context changes from
https://github.com/boostorg/context/pull/191.
Closes GH-7579.
iterator_funcs_ptr may be null for Iterators with custom
get_iterator. Ideally MultipleIterator would make use of get_iterator,
but this would require a large implementation change.
