Commit Graph

110353 Commits

Author SHA1 Message Date
Stanislav Malyshev
6facfa59a5 Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions 2020-02-17 00:19:30 -08:00
Stanislav Malyshev
409965fe1c Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress 2020-02-17 00:19:30 -08:00
Christoph M. Becker
0966941130 Fix #79271: DOMDocumentType::$childNodes is NULL
Dom level 2 core, DOM level 3 core and the DOM living standard agree
that `childNodes` always return a `NodeList`, and never `null`.
2020-02-17 09:07:54 +01:00
Christoph M. Becker
392dada1d6 Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fix typo in recent bugfix
2020-02-14 09:22:51 +01:00
Christoph M. Becker
8308196c97 Fix typo in recent bugfix 2020-02-14 09:21:13 +01:00
Christoph M. Becker
8ebadd1128 Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fix #77569: Write Acess Violation in DomImplementation
2020-02-13 15:15:05 +01:00
Christoph M. Becker
cec8b24c84 Fix #77569: Write Acess Violation in DomImplementation
We must not assume that the zval IS_STRING.
2020-02-13 15:13:26 +01:00
Christoph M. Becker
7b464ce6f3 Fix #79254: getenv() w/o arguments not showing changes
To be able to see changes done only with `SetEnvironmentVariable()`, we
have to use `GetEnvironmentStrings()` instead of `environ`, because the
latter sees only changes done with `putenv()`.

For best backward compatibility we're using `GetEnvironmentStringsA()`;
switching to the wide string version likely makes sense for master,
though.
2020-02-11 11:47:29 +01:00
Christoph M. Becker
f649adedfe Fix #79248: Traversing empty VT_ARRAY throws com_exception
If the `VT_ARRAY` is empty, i.e. its upperbound is less than its lower
bound, we must not call `php_com_safearray_get_elem()`, because that
function throws in this case.
2020-02-08 17:05:29 +01:00
Christoph M. Becker
674d44ad7c Skip test case on x86 where it otherwise fails [ci skip]
`-2200000000` can't be converted to integer on x86, so the constructor
call would fail.
2020-02-07 21:09:35 +01:00
Christoph M. Becker
b9738f5802 Fix #79242: COM error constants don't match com_exception codes
Because a `HRESULT` is a `LONG`[1], no special treatment is required on
x86 platforms to get appropriate values.  On x64 platforms we prefer
positive values, what we could accomplish by casting the `HRESULT`
value to `ULONG` and then to `zend_long`, but since the current
behavior is correct and the performance improvement is negligible, we
defer that to master.

[1] <https://docs.microsoft.com/en-us/windows/win32/winprog/windows-data-types#hresult>
2020-02-07 18:04:14 +01:00
Christoph M. Becker
5e2ea00b15 Fix #66322: COMPersistHelper::SaveToFile can save to wrong location
Saving under the given `filename` may also work, but since
`::LoadFromFile` uses the `fullpath` we follow suit.
2020-02-06 14:59:55 +01:00
Nikita Popov
13bfa9f5ac Fixed bug #79188 2020-02-05 11:18:46 +01:00
Christoph M. Becker
e3632fdc0d Next is 7.3.16 2020-02-04 11:38:29 +01:00
Christoph M. Becker
079905acd5 Fix #78090: bug45161.phpt takes forever to finish
Not all systems support the discard protocol (TCP port 9), and since
there is no particular reason to use it, we switch to using actual
server testing.
2020-02-04 00:44:04 +01:00
Christoph M. Becker
fe1bfb78d6 Fix #79191: Error in SoapClient ctor disables DOMDocument::save()
The culprit is the too restrictive fix for bug #71536, which prevents
`php_libxml_streams_IO_write()` from properly executing when unclean
shutdown is flagged.  A *more* suitable solution is to move the
`xmlwriter_free_resource_ptr()` call from the `free_obj` handler to an
added `dtor_obj` handler, to avoid to write to a closed stream in case
of late object freeing.  This makes the `EG(active)` guard superfluous.

We also fix bug79029.phpt which has to use different variables for the
three parts to actually check the original shutdown issue.

Thanks to bwoebi and daverandom for helping to investigate this issue.
2020-02-03 23:31:46 +01:00
Christoph M. Becker
b93e4aa11c Relax test expectation
Since we're dealing with floating point numbers, precision issues may
hit us, and actually it's not necessary to check for the exact number
anyway, because it is not exact in the first place.  Therefore, we
relax the test expectations.
2020-02-03 13:03:54 +01:00
Christoph M. Becker
c2935499b1 Fix #79212: NumberFormatter::format() may detect wrong type
We have to convert to number *before* detecting the type, to cater to
internal objects implementing `cast_object`.

We also get rid of the fallback behavior of using `FORMAT_TYPE_INT32`,
because that can no longer happen; after `convert_scalar_to_number_ex`
the type is either `IS_LONG` or `IS_DOUBLE`.  We cater explicitly to
the `IS_ARRAY` case what also avoids triggering a type confusion when
`::TYPE_INT64` is passed as `$type`.
2020-02-03 12:28:32 +01:00
Nikita Popov
ef1e4891b4 Fix bug #76047
Unlink the current stack frame before freeing CVs or extra args.
This means it will no longer show up in back traces that are
generated during CV destruction.

We already did this prior to destructing the object/closure,
presumably for the same reason.
2020-01-31 10:26:40 +01:00
Christoph M. Becker
8226e704e4 Fix #70078: XSL callbacks with nodes as parameter leak memory
The fix for bug #49634 solved a double-free by copying the node with
`xmlDocCopyNodeList()`, but the copied node is later freed by calling
`xmlFreeNode()` instead of `xmlFreeNodeList()`, thus leaking memory.
However, there is no need to treat the node as node list, i.e. to copy
also the node's siblings; just creating a recursive copy of the node
with `xmlDocCopyNode()` is sufficient, while that also avoids the leak.
2020-01-30 13:04:57 +01:00
Nikita Popov
494615fcb8 Fix leak in DateTimeImmutable::modify() 2020-01-30 12:16:56 +01:00
Nikita Popov
6ccd675776 Add SKIPIF to test requiring mbregex 2020-01-30 11:20:42 +01:00
Nikita Popov
a62c06c4cf Fix mb_ord() crash if internal encoding not supported
enc_name can be NULL here. Take the name from the mbfl_encoding
instead.
2020-01-29 16:18:46 +01:00
Nikita Popov
560ff9725e Reset MBREX(search_re) in RSHUTDOWN
This is going to cause a segfault if reused in the next request.
To illustrate the issue, run these two scripts in sequence with
the built-in server:

// script1.php
mb_ereg_search_init('foobar');
mb_ereg_search('foo');

// script2.php
var_dump(mb_ereg_search_init("foobar"));
var_dump(mb_ereg_search_pos());
2020-01-29 16:05:11 +01:00
Nikita Popov
392ad206a4 Fix use of mb_ereg_search_getregs() after invalid pattern
This segfaulted because we assumed that if there are matches,
there must be a regular expression as well.
2020-01-29 12:50:18 +01:00
Christoph M. Becker
136f51f1e1 Fix #76584: PharFileInfo::decompress not working
We actually have to decompress, when told to do so.
2020-01-28 10:31:36 +01:00
Ivan Mikheykin
fd08f062ae Fix bug #78323: Code 0 is returned on invalid options
Set CLI exit code to 1 when invalid parameters are passed,
and print error to stderr.
2020-01-27 13:32:19 +01:00
Florian Smeets
b836d9cdc1 Add CURLOPT CURLOPT_HTTP09_ALLOWED available since 7.64.0 2020-01-26 14:12:53 +01:00
George Peter Banyard
a1f2f8f06e Fixed bug #79080 [ci skip]
Rewrote session.gc_probability and session.gc_divisor INI setting
description to be more succint.
2020-01-25 13:29:36 +01:00
Christoph M. Becker
49cbd23155 Make test independent of online XSD schema
The test still needs to access <http://www.w3.org/2009/01/xml.xsd>, but
at least we no longer depend on <http://x-road.eu/xsd/x-road.xsd>,
which may be moved again.
2020-01-24 14:18:16 +01:00
Christoph M. Becker
372b678e56 Yet another check for php_strip_tags_ex() 2020-01-24 13:02:02 +01:00
Nikita Popov
2c2cbbbf55 Fix bug76348.phpt
Adjust for URL change in XSD file and mark as online test.

Is it possible for use to store http://x-road.eu/xsd/xroad.xsd
locally instead? Do relative file system paths work here?
I'm not familiar with this.
2020-01-23 15:08:20 +01:00
liudaixiao
67421a780d Fixed bug #78902 2020-01-23 14:57:16 +01:00
Léopold Jacquot
f720fb1e21 Add unit test for bug #78902 2020-01-23 14:53:28 +01:00
Nikita Popov
db9776c53c Fixed bug #79151
Make sure we also NULL out next/prev of the removed element on
pop/shift. This only matter is that element is still being referenced
by an iterator.
2020-01-23 14:20:26 +01:00
Stanislav Malyshev
dd3c664f8f Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  More checks for php_strip_tags_ex
2020-01-22 22:41:56 -08:00
Stanislav Malyshev
2dc170e25d More checks for php_strip_tags_ex 2020-01-22 22:37:30 -08:00
Christoph M. Becker
f1bf4bf6eb Don't leak encoding_str 2020-01-22 11:15:16 +01:00
Christoph M. Becker
9be31a582a Fix #79154: mb_convert_encoding() can modify $from_encoding
We must not modify arrays passed by value.
2020-01-22 10:28:07 +01:00
Remi Collet
5a9475f4b9 Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  next will be 7.2.28
2020-01-22 09:17:33 +01:00
Remi Collet
7e2bd95fa5 next will be 7.2.28 2020-01-22 09:17:00 +01:00
Christoph M. Becker
9eff906a02 Fix #79145: openssl memory leak
We must increase the refcount of `return_value` only if `cert` is a
resource; this is already done in `php_openssl_evp_from_zval()`,
though.
2020-01-21 16:17:25 +01:00
Deus Kane
3046e35718 Fix #79146: cscript can fail to run on some systems
In the buildconf and configure batch files, Windows' cscript utility was being
run without the /e:jscript flag. This works on systems that have not had the
default .js file association changed, but if .js has been re-associated to
(say) an IDE, the batch files fail with the error message:

Input Error: There is no script engine for file extension ".js".
2020-01-21 11:53:11 +01:00
Christoph M. Becker
b67fc51859 Update NEWS wrt. sec fixes 2020-01-21 11:31:14 +01:00
Stanislav Malyshev
25ec7eb346 Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Update NEWS
  Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
  Fix #79099: OOB read in php_strip_tags_ex
  Fix #79091: heap use-after-free in session_create_id()
2020-01-20 22:46:29 -08:00
Stanislav Malyshev
5c90f8eb66 Update NEWS 2020-01-20 22:12:32 -08:00
Stanislav Malyshev
2bcbc95f03 Fix bug #79037 (global buffer-overflow in mbfl_filt_conv_big5_wchar) 2020-01-20 21:43:42 -08:00
Stanislav Malyshev
0f79b1bf30 Fix #79099: OOB read in php_strip_tags_ex 2020-01-20 21:43:42 -08:00
Christoph M. Becker
f79c774274 Fix #79091: heap use-after-free in session_create_id()
If the `new_id` is released, we must not use it again.
2020-01-20 21:43:42 -08:00
Nikita Popov
07bda97e76 Fixed bug #79115 2020-01-17 11:37:35 +01:00