Commit Graph

11842 Commits

Author SHA1 Message Date
Christoph M. Becker
c47b18a222 Fix #79033: Curl timeout error with specific url and post
We must not set an empty mime structure as `CURLOPT_MIMEPOST`; instead
we set it to `NULL` if `CURLOPT_POSTFIELDS` has been set to an empty
array.
2019-12-28 10:47:03 +01:00
Xinchen Hui
27bb3289ac Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter).
We backport the fix PHP 7.3, since this branch is affected as well.

(cherry picked from commit b5e0043796)
(cherry picked from commit e36daa6927)
(cherry picked from commit 2704ee6844)
2019-12-25 12:33:30 +01:00
SATO Kentaro
37d11d123e Fix #78982: pdo_pgsql returns dead persistent connection
Call PQconsumeInput() before PQstatus() to update the status.
2019-12-20 12:05:17 +01:00
SATO Kentaro
7e39e6934d Fix #78980: pgsqlGetNotify() overlooks dead connection
pgsqlGetNotify() didn't check result of PQconsumeInput().
2019-12-20 11:44:07 +01:00
Sergei Turchanov
c62cd9a43a Fix #74170: locale information change after mime_content_type
Some functions in libmagic (distributed with fileinfo extension) perform this sequence of calls:
func() {
setlocale(LC_TYPE, "C")
.. do some work ..
setlocale(LC_TYPE, "")
}

It effectively resets LC_TYPE if it that was set before the function call.

To avoid manipulations with current locale at all, the problematic functions
were modified to use locale-independent functions.
2019-12-20 11:22:59 +01:00
SATO Kentaro
cbb0efaeeb Fix #78402: pcntl_signal() misleading error message
An error message can be misleading when a handler
passed to pcntl_signal() is not callable.
2019-12-20 11:02:20 +01:00
Dmitry Stogov
eb846939b1 Fixed bug #78999 (Cycle leak when using function result as temporary) 2019-12-19 23:11:08 +03:00
SATO Kentaro
3e35b08980 Fix #78983: pdo_pgsql config.w32 cannot find libpq-fe.h
When configured with a path specified.
2019-12-19 13:20:43 +01:00
Remi Collet
bacfae8baf fix release date 2019-12-18 14:17:31 +01:00
Christoph M. Becker
3d50131ef7 Update/fix NEWS [ci skip] 2019-12-17 10:04:42 +01:00
Stanislav Malyshev
0e413241ec [ci skip] Update NEWS 2019-12-16 23:45:11 -08:00
Christoph M. Becker
17a9f1401a Extend CURLFile to support streams
Due to former restrictions of the libcurl API, curl multipart/formdata
file uploads supported only proper files.  However, as of curl 7.56.0
the new `curl_mime_*()` API is available (and already supported by
PHP[1]), which allows us to support arbitrary *seekable* streams, which
is generally desirable, and particularly resolves issues with the
transparent Unicode and long part support on Windows (see bug #77711).

Note that older curl versions are still supported, but CURLFile is
still restricted to proper files in this case.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=a83b68ba56714bfa06737a61af795460caa4a105>

(cherry picked from commit c68dc6b5e3)
2019-12-09 10:30:00 +01:00
willson-chen
b5d2cbe027 Fix #78923: Artifacts when convoluting image with transparency
We have to properly initialize `pxl` before using it.

Fix ported from <https://github.com/libgd/libgd/pull/559>.
2019-12-07 12:06:33 +01:00
Christoph M. Becker
65bbc67063 Next is 7.3.14 2019-12-03 12:04:17 +01:00
Christoph M. Becker
861fa60814 Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fix #78814: strip_tags allows / in tag name => whitelist bypass
2019-12-02 11:38:45 +01:00
Christoph M. Becker
600f1f898f Fix #78814: strip_tags allows / in tag name => whitelist bypass
When normalizing tags to check whether they are contained in the set
of allowable tags, we must not strip slashes, unless they come
immediately after the opening `<`, or immediately before the closing
`>`.
2019-12-02 11:37:25 +01:00
Christoph M. Becker
bb735c9e9e Fix #78296: is_file fails to detect file
If we're constructing extended-length paths (i.e. paths prefixed with
`\\?\`), we have to replace all forward slashes with backward slashes,
because the former are not supported by Windows for extended-length
paths.

The more efficient and likely cleaner alternative solution would be to
cater to this in `php_win32_ioutil_normalize_path_w()` by always
replacing forward slashes, but that might break existing code.  It
might be sensible to change that for `master`, though.
2019-12-02 11:29:10 +01:00
Christoph M. Becker
3d81c54879 Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fix #78833: Integer overflow in pack causes out-of-bound access
2019-12-02 11:19:15 +01:00
Christoph M. Becker
db420cb6a1 Fix #78833: Integer overflow in pack causes out-of-bound access
We check for potential signed integer overflow, and bail out
gracefully, in that case.
2019-12-02 11:18:19 +01:00
Christoph M. Becker
1979c5d16f Upgrade to Oniguruma 6.9.4
Oniguruma 6.9.4 fixes several CVEs.
2019-11-30 14:00:41 +01:00
Christoph M. Becker
fee38633d2 Fix #78840: imploding $GLOBALS crashes
We add support for IS_INDIRECT zvals to implode().
2019-11-27 09:32:16 +01:00
Christoph M. Becker
23c65a8173 Fix #77638: var_export'ing certain class instances segfaults
If objects return immutable property hash tables (typically,
`zend_empty_array`), we must not try to apply recursion protection on
those.
2019-11-25 15:54:11 +01:00
Dmitry Stogov
bb30fe9e2b Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value) 2019-11-25 14:05:43 +03:00
Christoph M. Becker
e1da72bdf1 Fix #78853: preg_match() may return integer > 1
Commit 54ebebd[1] optimized the match loop, but for this case it has
been overlooked, that we must only loop if we're doing global matching.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=54ebebd686255c5f124af718c966edb392782d4a>
2019-11-22 19:26:26 +01:00
Christoph M. Becker
b4f501d5a4 Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fix #78849: GD build broken with -D SIGNED_COMPARE_SLOW
2019-11-21 10:01:05 +01:00
Christoph M. Becker
9b92c1d154 Fix #78849: GD build broken with -D SIGNED_COMPARE_SLOW
Apparently, this has not been tested for a long time, and might be a
refactoring relict.  Anyhow, we have to pass the context to
`GIFNextPixel` as well.
2019-11-21 09:59:26 +01:00
Christoph M. Becker
3b46fbfc36 Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Update NEWS
2019-11-18 12:47:53 +01:00
Christoph M. Becker
f6eac76b65 Update NEWS 2019-11-18 12:46:43 +01:00
Christoph M. Becker
39d04f15f8 Fix ASLR related invalid opline handler issues
Opcache stores `opline->handler`s in shared memory.  These pointers are
invalid, if the main PHP DLL is loaded at another base address due to
ASLR.  We therefore store the address of `execute_ex` in the mmap base
file, and check on startup whether it matches its current address.  If
not, we fall back on the file cache if enabled, and bail out otherwise.

This still does not address cases where the opline handler is located
inside of another DLL (e.g. for some profilers, debuggers), but there
seems to be no general solution for now.

(cherry picked from commit 8ba10b8fbc)
2019-11-15 09:46:58 +01:00
Stanislav Malyshev
2c9926f156 Fix bug #78804 - Segmentation fault in Locale::filterMatches 2019-11-11 22:32:35 -08:00
Nikita Popov
8d2a9d8859 Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fixed bug #78759
2019-11-07 11:16:24 +01:00
Nikita Popov
5fa6dcd972 Fixed bug #78759
Handle INDIRECT values in array.
2019-11-07 11:15:29 +01:00
Nikita Popov
6d4965febd Fixed bug #78787
Not the first time inheritance of shadow properties causes an issue,
thankfully this whole concept is gone in PHP 7.4.
2019-11-06 12:52:34 +01:00
Christoph M. Becker
4c9ba3e042 7.3.13 is next 2019-11-05 18:20:56 +01:00
Sara Golemon
d317e16e89
Bump for 7.2.26-dev 2019-11-05 10:57:29 -05:00
Nikita Popov
747cb46244 Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fixed bug #78775
2019-11-05 12:15:44 +01:00
Nikita Popov
4f984a2fdb Fixed bug #78775
Clear the OpenSSL error queue before performing SSL stream operations.
As we don't control all code that could possibly be using OpenSSL,
we can't rely on the error queue being empty.
2019-11-05 12:13:46 +01:00
Nikita Popov
33dd25d21c Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fixed bug #78689
2019-10-29 15:06:52 +01:00
Nikita Popov
f9895b4bf5 Fixed bug #78689 2019-10-29 15:06:16 +01:00
Christoph M. Becker
736cd93ef5 Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fix #78751: Serialising DatePeriod converts DateTimeImmutable
2019-10-28 13:08:34 +01:00
Christoph M. Becker
89c327f884 Fix #78751: Serialising DatePeriod converts DateTimeImmutable
When getting the properties of a DatePeriod instance we have to retain
the proper classes, and when restoring a DatePeriod instance we have to
cater to DateTimeImmutable instances as well.
2019-10-28 13:07:28 +01:00
Nikita Popov
b61b60d15b Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fix bug #78752
2019-10-28 10:28:04 +01:00
Nikita Popov
16c4910876 Fix bug #78752
NULL out the execute_data before destroying it, otherwise GC may
trigger while the execute_data is partially destroyed, resulting
in double-frees.

The handling of call stack unfreezing is a bit awkward because it's
a ZEND_API function, so we can't change the signature.
2019-10-28 10:27:32 +01:00
Nikita Popov
74699533e5 Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fixed bug #78747
2019-10-25 12:50:12 +02:00
Nikita Popov
5249993814 Fixed bug #78747 2019-10-25 12:47:18 +02:00
Christoph M. Becker
36943dfff1 Update NEWS 2019-10-22 09:50:11 +02:00
Remi Collet
2213bd36fd add NEWS entry 2019-10-22 09:37:35 +02:00
Joe Watkins
1c9b62fbd4
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fix bug #78697: inaccurate error message
2019-10-21 09:23:26 +02:00
Fabien Villepinte
bea2ff88c9
Fix bug #78697: inaccurate error message 2019-10-21 09:22:09 +02:00
Christoph M. Becker
ce035dc4a0 Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fix #78694: Appending to a variant array causes segfault
2019-10-19 11:49:18 +02:00