* PHP-7.2:
Fixed bug #78910Fix#78878: Buffer underflow in bc_shift_addsub
Fix test
Fix#78862: link() silently truncates after a null byte on Windows
Fix#78863: DirectoryIterator class silently truncates after a null byte
Since the constructor of DirectoryIterator and friends is supposed to
accepts paths (i.e. strings without NUL bytes), we must not accept
arbitrary strings.
Due to former restrictions of the libcurl API, curl multipart/formdata
file uploads supported only proper files. However, as of curl 7.56.0
the new `curl_mime_*()` API is available (and already supported by
PHP[1]), which allows us to support arbitrary *seekable* streams, which
is generally desirable, and particularly resolves issues with the
transparent Unicode and long part support on Windows (see bug #77711).
Note that older curl versions are still supported, but CURLFile is
still restricted to proper files in this case.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=a83b68ba56714bfa06737a61af795460caa4a105>
(cherry picked from commit c68dc6b5e3)
As of curl 7.56.0, `curl_formadd()` is deprecated in favor of
`curl_mime_*()`, so we use the latter if available.
(cherry picked from commit a83b68ba56)
When normalizing tags to check whether they are contained in the set
of allowable tags, we must not strip slashes, unless they come
immediately after the opening `<`, or immediately before the closing
`>`.
If we're constructing extended-length paths (i.e. paths prefixed with
`\\?\`), we have to replace all forward slashes with backward slashes,
because the former are not supported by Windows for extended-length
paths.
The more efficient and likely cleaner alternative solution would be to
cater to this in `php_win32_ioutil_normalize_path_w()` by always
replacing forward slashes, but that might break existing code. It
might be sensible to change that for `master`, though.
This partially reverts commit c55d09c2f5,
because `MB_ONIGURUMA_VERSION` is only available as of PHP 7.4.0, so
that change made no sense for PHP-7.3; we keep it for PHP-7.4, though.
We also stick with the modification to bug78633.phpt.
Apparently, bug 78633 has now really been fixed; the former fix only
catered to the buffer overflow, but yielded a wrong result. Also,
the order of the named captures has been fixed.
Apparently, this has not been tested for a long time, and might be a
refactoring relict. Anyhow, we have to pass the context to
`GIFNextPixel` as well.
And `$x = !$x`
Noticed while working on GH-4912
The included test would not emit undefined variable errors in php 8.0
with opcache enabled. The command used:
```
php -d zend_extension=opcache.so --no-php-ini -d error_reporting=E_ALL \
-d opcache.file_cache= -d opcache.enable_cli=1 test.php
```
Opcache stores `opline->handler`s in shared memory. These pointers are
invalid, if the main PHP DLL is loaded at another base address due to
ASLR. We therefore store the address of `execute_ex` in the mmap base
file, and check on startup whether it matches its current address. If
not, we fall back on the file cache if enabled, and bail out otherwise.
This still does not address cases where the opline handler is located
inside of another DLL (e.g. for some profilers, debuggers), but there
seems to be no general solution for now.
(cherry picked from commit 8ba10b8fbc)
Clear the OpenSSL error queue before performing SSL stream operations.
As we don't control all code that could possibly be using OpenSSL,
we can't rely on the error queue being empty.
When getting the properties of a DatePeriod instance we have to retain
the proper classes, and when restoring a DatePeriod instance we have to
cater to DateTimeImmutable instances as well.
