Since long the default PHP charset is UTF-8, however the Windows part is
out of step with this important point. The current implementation in PHP
doesn't technically permit to handle UTF-8 filepath and several other
things. Till now, only the ANSI compatible APIs are being used. Here is more
about it
https://msdn.microsoft.com/en-us/library/windows/desktop/dd317752%28v=vs.85%29.aspx
The patch fixes not only issues with multibyte filenames under
incompatible codepages, but indirectly also issues with some other multibyte
encodings like BIG5, Shift-JIS, etc. by providing a clean way to access
filenames in UTF-8. Below is a small list of issues from the bug tracker,
that are getting fixed:
https://bugs.php.net/63401https://bugs.php.net/41199https://bugs.php.net/50203https://bugs.php.net/71509https://bugs.php.net/64699https://bugs.php.net/64506https://bugs.php.net/30195https://bugs.php.net/65358https://bugs.php.net/61315https://bugs.php.net/70943https://bugs.php.net/70903https://bugs.php.net/63593https://bugs.php.net/54977https://bugs.php.net/54028https://bugs.php.net/43148https://bugs.php.net/30730https://bugs.php.net/33350https://bugs.php.net/35300https://bugs.php.net/46990https://bugs.php.net/61309https://bugs.php.net/69333https://bugs.php.net/45517https://bugs.php.net/70551https://bugs.php.net/50197https://bugs.php.net/72200https://bugs.php.net/37672
Yet more related tickets can for sure be found - on bugs.php.net, Stackoverflow
and Github. Some of the bugs are pretty recent, some descend to early
2000th, but the user comments in there last even till today. Just for example,
bug #30195 was opened in 2004, the latest comment in there was made in 2014. It
is certain, that these bugs descend not only to pure PHP use cases, but get also
redirected from the popular PHP based projects. Given the modern systems (and
those supported by PHP) are always based on NTFS, there is no excuse to keep
these issues unresolved.
The internalization approach on Windows is in many ways different from
UNIX and Linux, while it supports and is based on Unicode. It depends on the
current system code page, APIs used and exact kind how the binary was compiled
The locale doesn't affect the way Unicode or ANSI API work. PHP in particular
is being compiled without _UNICODE defined and this is conditioned by the
way we handle strings. Here is more about it
https://msdn.microsoft.com/en-us/library/tsbaswba.aspx
However, with any system code page ANSI functions automatically convert
paths to UTF-16. Paths in some encodings incompatible with the
current system code page, won't work correctly with ANSI APIs. PHP
till now only uses the ANSI Windows APIs.
For example, on a system with the current code page 1252, the paths
in cp1252 are supported and transparently converted to UTF-16 by the
ANSI functions. Once one wants to handle a filepath encoded with cp932 on
that particular system, an ANSI or a POSIX compatible function used in
PHP will produce an erroneous result. When trying to convert that cp932 path
to UTF-8 and passing to the ANSI functions, an ANSI function would
likely interpret the UTF-8 string as some string in the current code page and
create a filepath that represents every single byte of the UTF-8 string.
These behaviors are not only broken but also disregard the documented
INI settings.
This patch solves the issies with the multibyte paths on Windows by
intelligently enforcing the usage of the Unicode aware APIs. For
functions expect Unicode (fe CreateFileW, FindFirstFileW, etc.), arguments
will be converted to UTF-16 wide chars. For functions returning Unicode
aware data (fe GetCurrentDirectoryW, etc.), resulting wide string is
converted back to char's depending on the current PHP charset settings,
either to the current ANSI codepage (this is the behavior prior to this patch)
or to UTF-8 (the default behavior).
In a particular case, users might have to explicitly set
internal_encoding or default_charset, if filenames in ANSI codepage are
necessary. Current tests show no regressions and witness that this will be an
exotic case, the current default UTF-8 encoding is compatible with any
supported system. The dependency libraries are long switching to Unicode APIs,
so some tests were also added for extensions not directly related to streams.
At large, the patch brings over 150 related tests into the core. Those target
and was run on various environments with European, Asian, etc. codepages.
General PHP frameworks was tested and showed no regressions.
The impact on the current C code base is low, the most places affected
are the Windows only places in the three files tsrm_win32.c, zend_virtual_cwd.c
and plain_wrapper.c. The actual implementation of the most of the wide
char supporting functionality is in win32/ioutil.* and win32/codepage.*,
several low level functionsare extended in place to avoid reimplementation for
now. No performance impact was sighted. As previously mentioned, the ANSI APIs
used prior the patch perform Unicode conversions internally. Using the
Unicode APIs directly while doing custom conversions just retains the status
quo. The ways to optimize it are open (fe. by implementing caching for the
strings converted to wide variants).
The long path implementation is user transparent. If a path exceeds the
length of _MAX_PATH, it'll be automatically prefixed with \\?\. The MAXPATHLEN
is set to 2048 bytes.
Appreciation to Pierre Joye, Matt Ficken, @algo13 and others for tips, ideas
and testing.
Thanks.
* PHP-5.6.18:
fix tests
fix NEWS
Update NEWS
update NEWS
Fixed bug #71488: Stack overflow when decompressing tar archives
update NEWS
add missing headers for SIZE_MAX
backport the escapeshell* functions hardening branch
add tests
Fix bug #71459 - Integer overflow in iptcembed()
prepare 5.6.18RC1
Fix test when run with openssl < 1.0.2 (reorder so no more SSLv2 message) Fix skip message to work
improve fix for bug #71201
Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
Fix bug #71335: Type Confusion in WDDX Packet Deserialization
Fix bug #71354 - remove UMR when size is 0
Conflicts:
configure.in
ext/phar/dirstream.c
ext/phar/phar_object.c
ext/phar/tar.c
ext/standard/exec.c
ext/standard/iptc.c
ext/standard/math.c
ext/standard/streamsfuncs.c
ext/wddx/wddx.c
main/php_version.h
main/streams/memory.c
The original commit for this issue (62b1293) assumed Z_BLOCK was
only defined in < 1.2.4. However, this flush type *is* defined but
is only unavailable for use with deflate().
This new commit correctly checks the ZLIB_VERNUM constant to
determine if Z_BLOCK flush is available for the current deflate()
operation and triggers an appropriate error as needed.
New ZLIB_VERSION and ZLIB_VERNUM constants are also exposed in
userland to allow testing this behavior in environments running
zlib < 1.2.4 (ZLIB_VERNUM check is needed).
* deflate:
Add inflate_*() test cases
Add incremental zlib inflate API
Add deflate_*() test cases
Several deflate_* changes (more after the jump)
Add incremental zlib deflate API
- Remove deflate_flush()
- Add ZLIB_FINISH constant for use with deflate_add()
- Use options array at parameter 2 of deflate_add() to insulate
against future API changes
- Minor bug fixes
- deflate_init() and deflate_add() now always return FALSE in the
event of an error
* PHP-5.6: (27 commits)
fix non-standard C
update NEWS
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix test
fix type in fix for #69085
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
...
Conflicts:
Zend/zend_exceptions.c
ext/curl/interface.c
ext/dom/document.c
ext/fileinfo/libmagic/softmagic.c
ext/gd/gd.c
ext/hash/hash.c
ext/pgsql/pgsql.c
ext/phar/phar.c
ext/phar/phar_internal.h
ext/standard/http_fopen_wrapper.c
ext/standard/link.c
ext/standard/streamsfuncs.c
ext/xmlwriter/php_xmlwriter.c
ext/zlib/zlib.c
* PHP-5.5: (27 commits)
fix non-standard C
update NEWS
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix test
fix type in fix for #69085
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
...
Conflicts:
ext/standard/http_fopen_wrapper.c
* PHP-5.4.40:
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
Fixed bug #68901 (use after free)
Fixed bug #68740 (NULL Pointer Dereference)
Fix bug #66550 (SQLite prepared statement use-after-free)
Better fix for #68601 for perf 81e9a993f2
Fix bug #68601 buffer read overflow in gd_gif_in.c
Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
Fixed bug #69293
Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
* origin/master:
fix unserializer patch
move this entry to the correct version
add missing NEWS entry
add missing NEWS entry
Updated or skipped certain 32-bit tests
add NEWS entry for #68594
5.4.37
add more BC breaks
update news
add CVE
add missing test file
Fix bug #68594 - Use after free vulnerability in unserialize()
Fix typo
Hash value must not zero?
* origin/master:
updated NEWS
refactored the mbstring config.w32
Update NEWS
Fixed compilation warnings
Fixed bug #68504 --with-libmbfl configure option not present on Windows
Changed "finally" handling. Removed EX(fast_ret) and EX(delayed_exception). Allocate and use additional IS_TMP_VAR slot on VM stack instead.
the darwin specific test fails for me with the same output which is the expected for the original test I couldn't find anybody who managed to see this test passing, but I found a bunch of other reports on qa.php.net/reports and on google which do see this test failing on mac. if this change causes you to have this test failing on Mac, please drop me a mail so we can improve the current test so it passes for everybody.
#68446 is fixed
Reimplemented silence operator (@) handling on exceptions. Now each silence region is stored in op_array->brk_cont_array. On exception ZEND_HANDLE_EXCEPTION handler traverse this array and restore original EG(error_reporting) if exception occured inside a "silence" region.
remove the NEWS entries for the reverted stuff
typo fix
go back with phpdbg to the state of 5.6.3, reverting the controversial commits(remote debugging/xml protocol)
5.5.21 now
New label length test
Fix ext/filter/tests/033.phpt
Fix filter_list test
FILTER_VALIDATE_DOMAIN and RFC conformance for FILTER_VALIDATE_URL
Conflicts:
ext/mbstring/config.w32
* PHP-5.6:
the darwin specific test fails for me with the same output which is the expected for the original test I couldn't find anybody who managed to see this test passing, but I found a bunch of other reports on qa.php.net/reports and on google which do see this test failing on mac. if this change causes you to have this test failing on Mac, please drop me a mail so we can improve the current test so it passes for everybody.
5.5.21 now
* PHP-5.5:
the darwin specific test fails for me with the same output which is the expected for the original test I couldn't find anybody who managed to see this test passing, but I found a bunch of other reports on qa.php.net/reports and on google which do see this test failing on mac. if this change causes you to have this test failing on Mac, please drop me a mail so we can improve the current test so it passes for everybody.
5.5.21 now
Conflicts:
configure.in
main/php_version.h
I couldn't find anybody who managed to see this test passing, but I found a bunch of other reports on
qa.php.net/reports and on google which do see this test failing on mac.
if this change causes you to have this test failing on Mac, please drop me a mail so we can improve
the current test so it passes for everybody.
* origin/master: (102 commits)
fix dir separator in test
fix TS build
fix TS build
Better fix for bug #68446
Revert "Merge remote-tracking branch 'origin/PHP-5.6'"
Revert NEWS and set test to XFAIL
Revert "Fix bug #68446 (bug with constant defaults and type hints)"
Improved zend_hash_clean() and added new optimized zend_symtable_clean()
Use inline version of zval_ptr_dtor()
Added new optimized zend_array_destroy() function
Moved i_zval_ptr_dtor() from zend_execute.h to zend_variables.h
fix REGISTER_NS_*_CONSTANT macros
Removed useless assert. EG(uninitialized_zval) can't be refcounted.
Use specialized destructors when types of zvals are known.
move tests into proper place
Improved assignment to object property
Reuse zend_assign_to_variable() in zend_std_write_property()
cleanup comments from svn/cvs era
fix dir separator in test
fork test for windows
...
* origin/master: (398 commits)
NEWS
add test for bug #68381
Fixed bug #68381 Set FPM log level earlier during init
proper dllexport
move to size_t where zend_string is used internally
fix some datatype mismatches
return after the warning, to fix uninitialized salt usage
fix datatype mismatches
add missing type specifier
fix datatype mismatches
fix unsigned check
"extern" shouldn't be used for definitions
joined identical conditional blocks
simplify fpm tests
SEND_VAR_NO_REF optimization
Add test for bug #68442
Add various tests for FPM - covering recent bugs (68420, 68421, 68423, 68428) - for UDS - for ping and status URI - for multi pool and multi mode
Include small MIT FastCGI client library from https://github.com/adoy/PHP-FastCGI-Client
Get rid of zend_free_op structure (use zval* instead). Get rid of useless TSRMLS arguments.
Add new FPM test for IPv4/IPv6
...
Conflicts:
win32/build/config.w32
* PHP-5.6:
Fixed bug #53829 Compiling PHP with large file support will replace function gzopen by gzopen64
Remove unneeded md5 hashing from PHP-5.6 branch. It's removed from master already by my previous commit.
Conflicts:
ext/session/session.c
* origin/master:
bring back the correct php_version.h
fix the empty_strings SAPI shutdown leak in TS build
Use fastcall calling convention for heap functions
fix leaking the empty_string in TS builds
remove successive assignment
* origin/master: (26 commits)
Micro optimization
Drop unused INIT_STRING opcode
Drop unused RAISE_ABSTRACT_ERROR opcode
CT substitute unqualified true/false/null in namespaces
Fix a couple compile warnings
fix test filename
one more test to illustrate transfer of an arbitrary data amount throug pipes
fix tests on linux
better test cleanup
Use more readable inline functions
increase the polling period to not to break existing behaviours
updated NEWS
Fixed bug #51800 proc_open on Windows hangs forever
Fixed segfault
Set an LDAP error code when failing ldap_bind due to null bytes
Fix segmentation fault in debug_backtrace()
Drop support for GMP 4.1
Make gmp_setbit and gmp_clrbit return values consistent
removed *.dsw and *.dsp files
Opcache compatibility for coalesce operator
...
* PHP-5.6:
fix bug #67865
updated NEWS to fit last release
NEWS
Fix bug #67878 program_prefix not honoured in man pages
NEWS
Fix bug #67878 program_prefix not honoured in man pages
