Commit Graph

283 Commits

Author SHA1 Message Date
Nikita Popov
162aa1a5fc Deprecate __autoload() 2017-02-03 18:52:57 +01:00
Sammy Kaye Powers
9e29f841ce Update copyright headers to 2017 2017-01-02 09:30:12 -06:00
Nikita Popov
5af586bec5 Remove more PHP 6 leftovers from tests 2016-11-24 22:39:39 +01:00
Dmitry Stogov
323b2733f6 Fixed compilation warnings 2016-06-22 00:40:50 +03:00
Anatol Belski
3d3f11ede4 Fixed the UTF-8 and long path support in the streams on Windows.
Since long the default PHP charset is UTF-8, however the Windows part is
out of step with this important point. The current implementation in PHP
doesn't technically permit to handle UTF-8 filepath and several other
things. Till now, only the ANSI compatible APIs are being used. Here is more
about it

https://msdn.microsoft.com/en-us/library/windows/desktop/dd317752%28v=vs.85%29.aspx

The patch fixes not only issues with multibyte filenames under
incompatible codepages, but indirectly also issues with some other multibyte
encodings like BIG5, Shift-JIS, etc. by providing a clean way to access
filenames in UTF-8. Below is a small list of issues from the bug tracker,
that are getting fixed:

https://bugs.php.net/63401
https://bugs.php.net/41199
https://bugs.php.net/50203
https://bugs.php.net/71509
https://bugs.php.net/64699
https://bugs.php.net/64506
https://bugs.php.net/30195
https://bugs.php.net/65358
https://bugs.php.net/61315
https://bugs.php.net/70943
https://bugs.php.net/70903
https://bugs.php.net/63593
https://bugs.php.net/54977
https://bugs.php.net/54028
https://bugs.php.net/43148
https://bugs.php.net/30730
https://bugs.php.net/33350
https://bugs.php.net/35300
https://bugs.php.net/46990
https://bugs.php.net/61309
https://bugs.php.net/69333
https://bugs.php.net/45517
https://bugs.php.net/70551
https://bugs.php.net/50197
https://bugs.php.net/72200
https://bugs.php.net/37672

Yet more related tickets can for sure be found - on bugs.php.net, Stackoverflow
and Github. Some of the bugs are pretty recent, some descend to early
2000th, but  the user comments in there last even till today. Just for example,
bug #30195 was opened in 2004, the latest comment in there was made in 2014. It
is certain, that these bugs descend not only to pure PHP use cases, but get also
redirected from the popular PHP based projects. Given the modern systems (and
those supported by PHP) are always based on NTFS, there is no excuse to keep
these issues unresolved.

The internalization approach on Windows is in many ways different from
UNIX and Linux, while it supports and is based on Unicode. It depends on the
current system code page, APIs used and exact kind how the binary was compiled
The locale doesn't affect the way Unicode or ANSI API work. PHP in particular
is being compiled without _UNICODE defined and this is conditioned by the
way we handle strings. Here is more about it

https://msdn.microsoft.com/en-us/library/tsbaswba.aspx

However, with any system code page ANSI functions automatically convert
paths to UTF-16. Paths in some encodings incompatible with the
current system code page, won't work correctly with ANSI APIs. PHP
till now only uses the ANSI Windows APIs.

For example, on a system with the current code page 1252, the paths
in cp1252 are supported and transparently converted to UTF-16 by the
ANSI functions. Once one wants to handle a filepath encoded with cp932 on
that particular system, an ANSI or a POSIX compatible function used in
PHP will produce an erroneous result. When trying to convert that cp932 path
to UTF-8 and passing to the ANSI functions, an ANSI function would
likely interpret the UTF-8 string as some string in the current code page and
create a filepath that represents every single byte of the UTF-8 string.
These behaviors are not only broken but also disregard the documented
INI settings.

This patch solves the issies with the multibyte paths on Windows by
intelligently enforcing the usage of the Unicode aware APIs. For
functions expect Unicode (fe CreateFileW, FindFirstFileW, etc.), arguments
will be converted to UTF-16 wide chars. For functions returning Unicode
aware data (fe GetCurrentDirectoryW, etc.), resulting wide string is
converted back to char's depending on the current PHP charset settings,
either to the current ANSI codepage (this is the behavior prior to this patch)
or to UTF-8 (the default behavior).

In a particular case, users might have to explicitly set
internal_encoding or default_charset, if filenames in ANSI codepage are
necessary. Current tests show no regressions and witness that this will be an
exotic case, the current default UTF-8 encoding is compatible with any
supported system. The dependency libraries are long switching to Unicode APIs,
so some tests were also added for extensions not directly related to streams.
At large, the patch brings over 150 related tests into the core. Those target
and was run on various environments with European, Asian, etc. codepages.
General PHP frameworks was tested and showed no regressions.

The impact on the current C code base is low, the most places affected
are the Windows only places in the three files tsrm_win32.c, zend_virtual_cwd.c
and plain_wrapper.c. The actual implementation of the most of the wide
char supporting functionality is in win32/ioutil.* and win32/codepage.*,
several  low level functionsare extended in place to avoid reimplementation for
now. No performance impact was sighted. As previously mentioned, the ANSI APIs
used prior the patch perform Unicode conversions internally. Using the
Unicode  APIs directly while doing custom conversions just retains the status
quo. The ways to optimize it are open (fe. by implementing caching for the
strings converted to wide variants).

The long path implementation is user transparent. If a path exceeds the
length of _MAX_PATH, it'll be automatically prefixed with \\?\. The MAXPATHLEN
is set to 2048 bytes.

Appreciation to Pierre Joye, Matt Ficken, @algo13 and others for tips, ideas
and testing.

Thanks.
2016-06-20 12:45:39 +02:00
Dmitry Stogov
f0a2e8eb13 Removed "zend_fcall_info.function_table". It was assigned in many places, but is never used. 2016-04-27 13:46:38 +03:00
Anatol Belski
8309e12cc7 Merge branch 'PHP-7.0'
* PHP-7.0:
  fix test
  Update NEWS
2016-03-14 15:58:40 +01:00
Anatol Belski
ab7764d99b Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
  fix test
2016-03-14 15:58:05 +01:00
Anatol Belski
beda05269c fix test
Many warnings won't appear with libxml2 >= 2.9.3 because in many
cases libxml2 2.9.3 will just abort processing.
2016-03-14 15:53:02 +01:00
Dmitry Stogov
c67c166f93 Removed zend_fcall_info.symbol_table 2016-03-02 17:50:55 +03:00
Stanislav Malyshev
c3e0ef6b63 Merge branch 'PHP-7.0'
* PHP-7.0:
  More fixing for bug #71540
2016-02-15 01:53:24 -08:00
Stanislav Malyshev
c1355152db More fixing for bug #71540 2016-02-15 01:53:02 -08:00
Stanislav Malyshev
889e3b62f4 Fix bug #71540 - NULL pointer dereference in xsl_ext_function_php() 2016-02-15 00:10:21 -08:00
Stanislav Malyshev
cf0cf5b507 Fix bug #71540 - NULL pointer dereference in xsl_ext_function_php() 2016-02-15 00:09:09 -08:00
Stanislav Malyshev
c11b23c465 Fix bug #71540 - NULL pointer dereference in xsl_ext_function_php() 2016-02-15 00:08:18 -08:00
Lior Kaplan
3d5438bf7b Merge branch 'PHP-7.0'
* PHP-7.0:
  Update header to PHP Version 7
  Happy new year (Update copyright to 2016)
  Happy new year (Update copyright to 2016)
2016-01-01 20:04:31 +02:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
  Happy new year (Update copyright to 2016)
2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Tom Van Looy
6d0dec27fa Remove leftovers of TSRMLS in docs 2015-12-25 11:13:28 +01:00
Felipe Pena
20a384dfa9 Fixed bug #70678 (PHP7 returns true when false is expected)
Cherry-pick from master.
2015-10-16 17:44:17 +02:00
Felipe Pena
8d12ff7513 - Fixed bug #70678 (PHP7 returns true when false is expected) 2015-10-11 12:08:34 -03:00
Dmitry Stogov
560e4fa393 Removed or simplified incorrect SEPARATE_*() macros usage. 2015-09-29 11:17:43 +03:00
Xinchen Hui
4febfc25a6 Use die 2015-09-20 09:34:28 -07:00
Xinchen Hui
3fc5f5cdb5 Fixed bug #70535 (XSLT: free(): invalid pointer) 2015-09-20 09:30:50 -07:00
Stanislav Malyshev
9b1a224d4e Merge branch 'PHP-5.6'
* PHP-5.6: (21 commits)
  fix unit tests
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  ...

Conflicts:
	ext/exif/exif.c
	ext/gmp/gmp.c
	ext/pcre/php_pcre.c
	ext/session/session.c
	ext/session/tests/session_decode_variation3.phpt
	ext/soap/soap.c
	ext/spl/spl_observer.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/xsl/xsltprocessor.c
2015-09-02 00:37:20 -07:00
Stanislav Malyshev
33d3acaae7 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
2015-09-01 11:42:19 -07:00
Stanislav Malyshev
1744be2d17 Fix for bug #69782 2015-08-16 17:16:15 -07:00
Nikita Popov
4854b11566 Partially fix XSLT warnings
The two remaining issues seem to be genuine problems. We're treating
node->children as a string, even though it's actually an xmlNode.
The same code exists twice in xpath.c. In all cases gcov shows no
coverage for it.
2015-07-17 21:12:15 +02:00
Dmitry Stogov
4a2e40bb86 Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes). 2015-06-30 04:05:24 +03:00
Rasmus Lerdorf
41774bceff Fix more minor mistakes in the proto comments 2015-06-23 15:47:33 -04:00
Nikita Popov
3ae995f03c Tweak uncaught exception message display
This implements a reduced variant of #1226 with just the following
change:

-Fatal error: Uncaught exception 'EngineException' with message 'Call to private method foo::bar() from context ''' in %s:%d
+Fatal error: Uncaught EngineException: Call to private method foo::bar() from context '' in %s:%d

The '' wrapper around messages is very weird if the exception
message itself contains ''. Futhermore having the message wrapped
in '' doesn't work for the "and defined" suffix of
TypeExceptions.
2015-05-17 18:47:06 +02:00
Anatol Belski
17d4be0cb7 fix libxml2 headers lookup 2015-05-13 15:20:19 +02:00
Nikita Popov
6ef9216269 Finish PHP 4 constructor deprecation 2015-03-31 17:55:27 +02:00
Anatol Belski
663074b6b1 cleanup mod version macros and mod defs, round x 2015-03-23 21:30:22 +01:00
Dmitry Stogov
8633685675 Use specialized macro for string zval creation 2015-03-12 16:53:51 +03:00
Nikita Popov
a81e65a501 Remove xsl.security_prefs ini option
Conflicts:
	ext/xsl/php_xsl.c
	ext/xsl/xsltprocessor.c
2015-03-09 11:06:18 +01:00
Dmitry Stogov
9e70d7672d Move zend_object->guards into additional slot of zend_object->properties_table[]. As result size of objects without __get/__set/__unset/__isset magic methods is reduced. 2015-02-04 15:24:13 +03:00
Xinchen Hui
fc33f52d8c bump year 2015-01-15 23:27:30 +08:00
Xinchen Hui
73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Stanislav Malyshev
b7a7b1a624 trailing whitespace removal 2015-01-10 15:07:38 -08:00
Anatol Belski
e112f6a04e second shot on removing TSRMLS_* 2014-12-14 14:07:59 +01:00
Anatol Belski
bdeb220f48 first shot remove TSRMLS_* things 2014-12-13 23:06:14 +01:00
Stanislav Malyshev
f782d6710d Merge branch 'PHP-5.6'
* PHP-5.6:
  test to function addcslashes
  test
  Test PHP Init Fail Without Params
  Add my information to this test
  Add a test for the exception cases of readline_read_history
  added some tests to datetime and dateinterval functions
  added various tests for XSLTProcessor and one test for iconv extension
  teste basico da funcao timezone_version_get
2014-11-23 17:26:35 -08:00
Rodrigo Prado de Jesus
813830e763 added various tests for XSLTProcessor and one test for iconv extension 2014-09-28 20:29:29 -03:00
Anatol Belski
4b3e198023 removed *.dsw and *.dsp files 2014-09-28 19:02:09 +02:00
Florian MARGAINE
8eb7e7bf7f Merge branch 'master' into issue-67910
Conflicts:
	README.PARAMETER_PARSING_API
	ext/gmp/tests/001.phpt
2014-09-20 10:09:21 +02:00
Florian MARGAINE
cf0303e782 Replaces php5 with php7, without whitespace changes. 2014-09-20 10:01:44 +02:00
Johannes Schlüter
d0cb715373 s/PHP 5/PHP 7/ 2014-09-19 18:33:14 +02:00
Dmitry Stogov
bccc653185 Avoid double IS_INTERNED() check 2014-09-19 17:32:50 +04:00
Anatol Belski
6db8d4f829 's' works with size_t round 3 2014-08-27 20:49:36 +02:00