The fix for bug #49634 solved a double-free by copying the node with
`xmlDocCopyNodeList()`, but the copied node is later freed by calling
`xmlFreeNode()` instead of `xmlFreeNodeList()`, thus leaking memory.
However, there is no need to treat the node as node list, i.e. to copy
also the node's siblings; just creating a recursive copy of the node
with `xmlDocCopyNode()` is sufficient, while that also avoids the leak.
The fix for bug #78929 disabled the conversion of spaces in cookie
values to plus signs, but failed to adapt `php_setcookie()`
accordingly, so that it uses raw URL encoding as well.
Always operate on copies of the functions, so we don't reference
temporary trait methods that have gone out of scope.
This could be more efficient, but doing an allocated copy only when
strictly necessary turned out to be somewhat tricky.
We need to extend the hash table before performing raw append
operations.
This doesn't matter if preloading happens in the same process,
as the tables will be large enough to hold all entries as a
side-effect of the preloading process. However, if preloading
happens in a different process, we need to reserve space here.
auth_plugin_data_len here is 21, including the trailing null byte.
Directly use SCRAMBLE_LENGTH instead. Also add a sanity check that
the provided scramble is long enough.
In the buildconf and configure batch files, Windows' cscript utility was being
run without the /e:jscript flag. This works on systems that have not had the
default .js file association changed, but if .js has been re-associated to
(say) an IDE, the batch files fail with the error message:
Input Error: There is no script engine for file extension ".js".
Remove the check of PHP_OPENSSL inside SETUP_OPENSSL. It's the
responsibility of the caller to determine whether they want to
enable openssl or not. This makes SSL detection in IMAP work,
which uses a different option.
Additionally also clarify that --with-openssl-dir cannot actually
be used to specify an OpenSSL directory -- these options just
serve as a way to enable OpenSSL in extensions without also
enabling the OpenSSL extension. They need to be renamed to
something clearer in master.
Closes GH-5091.
This is a backport of fcdc0a6db0
to the PHP-7.3 branch. We need to make sure that OnUpdateString
is also called for a NULL value, otherwise the reset of the encoding
at the end of the request will not work.
I believe I already tried to land this before once, but it didn't
actually end up on the PHP-7.3 branch due to a push conflict that
I only noticed just now.
We must not assume that the size of a function's return value is at
most `sizeof(ffi_arg)`, but rather have to use the size which already
has been determined for the return type if it is larger than
`sizeof(ffi_arg)`.
To be able to have a regression test, we export the required test
function from the zend-test extension, and make sure that the test
can be run on different platforms regardless of whether zend-tests was
built statically or dynamically.
Due to ASLR restrictions, preloading on Windows does not work with
any code that has preloading dependencies on internal classes.
This effectively makes it unusable for any non-trivial codebase.
Instead of pretending like preloading is going to work, only to
make people realize that it really doesn't once they get beyond
a dummy example, we disable support for preloading on Windows
entirely.
Closes GH-4999.
Previously this generated a notice, but would likely generate an
Error when unserializing.
Now we treat it with the same distinction as direct property
accesses, i.e. referencing an unset/undefined normal property
stays a notice, while a typed property becomes an Error exception.
This fixed bug #79002.
Closes GH-5050.
