Commit Graph

253 Commits

Author SHA1 Message Date
Michael Orlitzky
a552ac5bd5 ext/tidy: add support for the new tidy-html5 library.
Our existing libtidy support is based on the legacy "HTML tidy"
project. That project now has a successor called tidy-html5, where all
new features and bugfixes happen. Of particular note are the fixes for
two security vulnerabilities, CVE-2015-5522 and CVE-2015-5523.

The API is largely unchanged in the new project (which is truly the
successor of the original -- not a fork), and so it is almost a
drop-in replacement as far as PHP is concerned. However, one file has
changed in the new project: "buffio.h" has been moved to
"tidybuffio.h".

This commit detects the presence of tidybuffio.h at build time, and
then adjusts the import statement in tidy.c accordingly. The result is
a build that works against either the legacy project or the new
tidy-html5 project, although the test suite for the tidy extension now
fails. Those failures are not critical and will be fixed.

Gentoo-Bug: 561452
Gentoo-Bug: 585474
PHP-Bug: 72379
2016-07-11 14:05:43 +02:00
Aaron Piotrowski
24237027bc Merge branch 'throw-error-in-extensions' 2016-07-05 02:08:39 -05:00
Anatol Belski
3d3f11ede4 Fixed the UTF-8 and long path support in the streams on Windows.
Since long the default PHP charset is UTF-8, however the Windows part is
out of step with this important point. The current implementation in PHP
doesn't technically permit to handle UTF-8 filepath and several other
things. Till now, only the ANSI compatible APIs are being used. Here is more
about it

https://msdn.microsoft.com/en-us/library/windows/desktop/dd317752%28v=vs.85%29.aspx

The patch fixes not only issues with multibyte filenames under
incompatible codepages, but indirectly also issues with some other multibyte
encodings like BIG5, Shift-JIS, etc. by providing a clean way to access
filenames in UTF-8. Below is a small list of issues from the bug tracker,
that are getting fixed:

https://bugs.php.net/63401
https://bugs.php.net/41199
https://bugs.php.net/50203
https://bugs.php.net/71509
https://bugs.php.net/64699
https://bugs.php.net/64506
https://bugs.php.net/30195
https://bugs.php.net/65358
https://bugs.php.net/61315
https://bugs.php.net/70943
https://bugs.php.net/70903
https://bugs.php.net/63593
https://bugs.php.net/54977
https://bugs.php.net/54028
https://bugs.php.net/43148
https://bugs.php.net/30730
https://bugs.php.net/33350
https://bugs.php.net/35300
https://bugs.php.net/46990
https://bugs.php.net/61309
https://bugs.php.net/69333
https://bugs.php.net/45517
https://bugs.php.net/70551
https://bugs.php.net/50197
https://bugs.php.net/72200
https://bugs.php.net/37672

Yet more related tickets can for sure be found - on bugs.php.net, Stackoverflow
and Github. Some of the bugs are pretty recent, some descend to early
2000th, but  the user comments in there last even till today. Just for example,
bug #30195 was opened in 2004, the latest comment in there was made in 2014. It
is certain, that these bugs descend not only to pure PHP use cases, but get also
redirected from the popular PHP based projects. Given the modern systems (and
those supported by PHP) are always based on NTFS, there is no excuse to keep
these issues unresolved.

The internalization approach on Windows is in many ways different from
UNIX and Linux, while it supports and is based on Unicode. It depends on the
current system code page, APIs used and exact kind how the binary was compiled
The locale doesn't affect the way Unicode or ANSI API work. PHP in particular
is being compiled without _UNICODE defined and this is conditioned by the
way we handle strings. Here is more about it

https://msdn.microsoft.com/en-us/library/tsbaswba.aspx

However, with any system code page ANSI functions automatically convert
paths to UTF-16. Paths in some encodings incompatible with the
current system code page, won't work correctly with ANSI APIs. PHP
till now only uses the ANSI Windows APIs.

For example, on a system with the current code page 1252, the paths
in cp1252 are supported and transparently converted to UTF-16 by the
ANSI functions. Once one wants to handle a filepath encoded with cp932 on
that particular system, an ANSI or a POSIX compatible function used in
PHP will produce an erroneous result. When trying to convert that cp932 path
to UTF-8 and passing to the ANSI functions, an ANSI function would
likely interpret the UTF-8 string as some string in the current code page and
create a filepath that represents every single byte of the UTF-8 string.
These behaviors are not only broken but also disregard the documented
INI settings.

This patch solves the issies with the multibyte paths on Windows by
intelligently enforcing the usage of the Unicode aware APIs. For
functions expect Unicode (fe CreateFileW, FindFirstFileW, etc.), arguments
will be converted to UTF-16 wide chars. For functions returning Unicode
aware data (fe GetCurrentDirectoryW, etc.), resulting wide string is
converted back to char's depending on the current PHP charset settings,
either to the current ANSI codepage (this is the behavior prior to this patch)
or to UTF-8 (the default behavior).

In a particular case, users might have to explicitly set
internal_encoding or default_charset, if filenames in ANSI codepage are
necessary. Current tests show no regressions and witness that this will be an
exotic case, the current default UTF-8 encoding is compatible with any
supported system. The dependency libraries are long switching to Unicode APIs,
so some tests were also added for extensions not directly related to streams.
At large, the patch brings over 150 related tests into the core. Those target
and was run on various environments with European, Asian, etc. codepages.
General PHP frameworks was tested and showed no regressions.

The impact on the current C code base is low, the most places affected
are the Windows only places in the three files tsrm_win32.c, zend_virtual_cwd.c
and plain_wrapper.c. The actual implementation of the most of the wide
char supporting functionality is in win32/ioutil.* and win32/codepage.*,
several  low level functionsare extended in place to avoid reimplementation for
now. No performance impact was sighted. As previously mentioned, the ANSI APIs
used prior the patch perform Unicode conversions internally. Using the
Unicode  APIs directly while doing custom conversions just retains the status
quo. The ways to optimize it are open (fe. by implementing caching for the
strings converted to wide variants).

The long path implementation is user transparent. If a path exceeds the
length of _MAX_PATH, it'll be automatically prefixed with \\?\. The MAXPATHLEN
is set to 2048 bytes.

Appreciation to Pierre Joye, Matt Ficken, @algo13 and others for tips, ideas
and testing.

Thanks.
2016-06-20 12:45:39 +02:00
Aaron Piotrowski
771e5cc247 Replace zend_ce_error with NULL and replace more E_ERROR with thrown Error 2016-06-13 09:02:17 -05:00
Aaron Piotrowski
e3c681aa5c Merge branch 'master' into throw-error-in-extensions 2016-06-10 22:02:23 -05:00
Nikita Popov
1ac152938c Move semicolon into TSRMLS_CACHE_EXTERN/DEFINE
Also re bug #71575.
2016-03-03 16:50:01 +01:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
  Happy new year (Update copyright to 2016)
2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Dmitry Stogov
ad4fa8f758 Fixed incorrect usage of HASH_OF() macro. Replaced HASH_OF() with more appropriate Z_ARRVAL_P() or Z_OBJPROP_P(). 2015-09-24 22:39:59 +03:00
Anatol Belski
ce3e3f7884 more range checks in ext/tidy 2015-08-26 16:39:52 +02:00
Anatol Belski
871acceace add range checks to ext/tidy 2015-08-26 16:39:51 +02:00
Julien Pauli
aae9004ebd Removed dead code 2015-08-17 17:18:25 +02:00
Anatol Belski
4e66cce87c switch to the unified globals accessor where appropriate 2015-07-29 13:26:35 +02:00
Nikita Popov
42e32c33e2 More warning fixes 2015-07-17 21:12:15 +02:00
Aaron Piotrowski
907476f34c Convert E_ERROR to thrown Error in extensions 2015-07-05 12:16:57 -05:00
Dmitry Stogov
4a2e40bb86 Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes). 2015-06-30 04:05:24 +03:00
Dmitry Stogov
4bd22cf1c1 Improved zend_string API (Francois Laupretre)
Squashed commit of the following:

commit d96eab8d79
Author: Francois Laupretre <francois@tekwire.net>
Date:   Fri Jun 26 01:23:31 2015 +0200

    Use the new 'ZSTR' macros in the rest of the code.

    Does not change anything to the generated code (thanks to compat macros) but cleaner.

commit b352643910
Author: Francois Laupretre <francois@tekwire.net>
Date:   Thu Jun 25 13:45:06 2015 +0200

    Improve zend_string API

    Add missing methods
2015-06-29 16:44:54 +03:00
Aaron Piotrowski
e97d5fab35 Update exception names in tests after formatting changes. 2015-05-17 17:31:43 -05:00
Nikita Popov
3ae995f03c Tweak uncaught exception message display
This implements a reduced variant of #1226 with just the following
change:

-Fatal error: Uncaught exception 'EngineException' with message 'Call to private method foo::bar() from context ''' in %s:%d
+Fatal error: Uncaught EngineException: Call to private method foo::bar() from context '' in %s:%d

The '' wrapper around messages is very weird if the exception
message itself contains ''. Futhermore having the message wrapped
in '' doesn't work for the "and defined" suffix of
TypeExceptions.
2015-05-17 18:47:06 +02:00
Nikita Popov
c9f27ee422 Display EngineExceptions like ordinary exceptions
TypeException stays as-is for now because it uses messages that are
incompatible with the way exception messages are displayed.

closure_038.phpt and a few others now show that we're generating
too many exceptions for compound operations on undefined properties
-- this needs to be fixed in a followup.
2015-05-15 23:40:32 +02:00
Dmitry Stogov
5bd71e9713 Avoid reallocation 2015-04-07 02:35:21 +03:00
Andrea Faulds
db76b708cf Deprecate PHP 4 constructors 2015-03-31 17:55:27 +02:00
Anatol Belski
663074b6b1 cleanup mod version macros and mod defs, round x 2015-03-23 21:30:22 +01:00
Anatol Belski
af3ca74501 made ZEND_TSRMLS_CACHE_* macros look like function calls
which also comply with the current semantics for such macros
2015-02-16 17:19:32 +01:00
Anatol Belski
08c739c78e fix int to pointer cast 2015-02-12 18:39:39 +01:00
Anatol Belski
614a628ace fix data type 2015-02-04 18:13:24 +01:00
Dmitry Stogov
9e70d7672d Move zend_object->guards into additional slot of zend_object->properties_table[]. As result size of objects without __get/__set/__unset/__isset magic methods is reduced. 2015-02-04 15:24:13 +03:00
Xinchen Hui
fc33f52d8c bump year 2015-01-15 23:27:30 +08:00
Xinchen Hui
0579e8278d bump year 2015-01-15 23:26:37 +08:00
Stanislav Malyshev
b7a7b1a624 trailing whitespace removal 2015-01-10 15:07:38 -08:00
Xinchen Hui
b5b617674e Micro optimaztion (yeah, I know compiler supposed to do that) 2014-12-22 00:10:46 -05:00
Anatol Belski
bdeb220f48 first shot remove TSRMLS_* things 2014-12-13 23:06:14 +01:00
Anatol Belski
bb66f385d0 Merge remote-tracking branch 'origin/master' into native-tls
* origin/master: (37 commits)
  NEWS
  NEWS
  Fix bug #68601 buffer read overflow in gd_gif_in.c
  Fixed compilation warnings
  Removed unnecessary checks
  pcntl_signal_dispatch: Speed up by preventing system calls when unnecessary
  Merged PR #911.
  Removed ZEND_ACC_FINAL_CLASS which is unnecessary. This also fixed some currently defined classes as final which were just not being considered as such before.
  Updated NEWS
  Updated NEWS
  Updated NEWS
  Fix bug #68532: convert.base64-encode omits padding bytes
  Updated NEWS
  Updated NEWS
  Updated NEWS
  Fixed Bug #65576 (Constructor from trait conflicts with inherited constructor)
  Updated NEWS
  Updated NEWS
  Fix MySQLi tests
  Fixed gd test
  ...
2014-12-13 19:43:45 +01:00
Guilherme Blanco
094d409b3d Removed ZEND_ACC_FINAL_CLASS which is unnecessary. This also fixed some currently defined classes as final which were just not being considered as such before. 2014-12-12 17:29:54 +01:00
Anatol Belski
c51a42076c Merge remote-tracking branch 'origin/master' into native-tls
* origin/master: (214 commits)
  fix datatype mismatch warnings
  fix datatype mismatches
  fix datatype mismatches
  fix datatype mismatches
  fix datatype mismatch warnings
  fix datatype mismatch warnings
  fix datatype mismatch warnings
  fix datatype mismatch warning
  fix datatype mismatches
  fix datatype mismatch warnings
  Re-add phpdbg to travis
  Added some NEWS
  Make xml valid (missing space between attrs)
  Fix info classes file name in xml
  Add note about <eval> tag for errors in xml.md
  Name the tag <eval> if the error id during ev cmd
  Do not print out xml as PHP print...
  Fix output to wrong function
  Fixed parameter order on %.*s
  Too much copypaste...
  ...
2014-10-24 22:28:32 +02:00
Xinchen Hui
b6d5e8d8d7 Fixed zval copying 2014-10-22 17:08:35 +08:00
Anatol Belski
7a6a3d923b fix arg order, CFLAGS is the fifth arg in m4 2014-10-17 16:03:40 +02:00
Anatol Belski
073c79b8b5 moved tidy to use static tsrmls pointer 2014-10-16 16:30:26 +02:00
Anatol Belski
c00424e427 bring back all the TSRMLS_FETCH() stuff
for better comparability with the mainstream
2014-10-15 09:37:55 +02:00
Anatol Belski
d624b0d5eb Merge remote-tracking branch 'origin/master' into native-tls
* origin/master: (26 commits)
  Micro optimization
  Drop unused INIT_STRING opcode
  Drop unused RAISE_ABSTRACT_ERROR opcode
  CT substitute unqualified true/false/null in namespaces
  Fix a couple compile warnings
  fix test filename
  one more test to illustrate transfer of an arbitrary data amount throug pipes
  fix tests on linux
  better test cleanup
  Use more readable inline functions
  increase the polling period to not to break existing behaviours
  updated NEWS
  Fixed bug #51800 proc_open on Windows hangs forever
  Fixed segfault
  Set an LDAP error code when failing ldap_bind due to null bytes
  Fix segmentation fault in debug_backtrace()
  Drop support for GMP 4.1
  Make gmp_setbit and gmp_clrbit return values consistent
  removed *.dsw and *.dsp files
  Opcache compatibility for coalesce operator
  ...
2014-10-01 01:33:46 +02:00
Anatol Belski
4b3e198023 removed *.dsw and *.dsp files 2014-09-28 19:02:09 +02:00
Anatol Belski
9b025fbe91 cleanup TSRMLS_FETCH 2014-09-26 20:59:58 +02:00
Anatol Belski
14eefc82b5 cleanup after the removed PHP_OUTPUT_TSRMLS 2014-09-26 12:11:07 +02:00
Florian MARGAINE
8eb7e7bf7f Merge branch 'master' into issue-67910
Conflicts:
	README.PARAMETER_PARSING_API
	ext/gmp/tests/001.phpt
2014-09-20 10:09:21 +02:00
Florian MARGAINE
58ed832fc9 Deletes patch leftovers 2014-09-20 10:03:54 +02:00
Florian MARGAINE
cf0303e782 Replaces php5 with php7, without whitespace changes. 2014-09-20 10:01:44 +02:00
Johannes Schlüter
d0cb715373 s/PHP 5/PHP 7/ 2014-09-19 18:33:14 +02:00
Dmitry Stogov
88d7ca44f6 Refactored INI subsystem to use zend_string* instead of char* 2014-09-01 20:57:33 +04:00
Anatol Belski
3234480827 first show to make 's' work with size_t 2014-08-27 20:49:31 +02:00
Anatol Belski
202e8db1dc fixed several long vs zend_long casts 2014-08-26 11:26:53 +02:00