Go to file
Jakub Zelenka 2f5aa9f9d1
Fix GHSA-h35g-vwh6-m678: Mysqlnd - various heap buffer over-reads
This fixes issues causing buffer over-read that leak heap content:
- RESP packet field default left over for COM_LIST
- RESP packet upsert filename
- OK packet message
- RESP packet for stmt row data
  - ps_fetch_from_1_to_8_bytes
  - ps_fetch_float
  - ps_fetch_double
  - ps_fetch_time
  - ps_fetch_date
  - ps_fetch_datetime
  - ps_fetch_string
  - ps_fetch_bit
- RESP packet for query row data (just possible overflow on 32bit)

It also adds various protocol tests using a new fake server.
2024-11-17 19:30:13 +01:00
.circleci Move ARM build to CircleCI 2023-10-12 13:11:38 +02:00
.github Stick with icu4c 74.2 on macOS CI for PHP-8.1 2024-11-15 14:24:24 +01:00
build Fix GH-12273 - configure __builtin_cpu_init() check 2023-09-24 08:04:02 +01:00
docs Retire AppVeyor 2023-07-05 15:14:20 +02:00
ext Fix GHSA-h35g-vwh6-m678: Mysqlnd - various heap buffer over-reads 2024-11-17 19:30:13 +01:00
main PHP-8.1 is now for PHP 8.1.31-dev 2024-09-26 12:52:41 -05:00
pear [ci skip] Remove text editor modelines 2019-03-23 21:09:38 +01:00
sapi Fix GHSA-865w-9rf3-2wh5: FPM: Logs from childrens may be altered 2024-09-23 11:24:35 +01:00
scripts Ensure tar is not bsdtar 2023-02-14 14:13:01 -06:00
tests Skip GHSA-9pqp-7h25-4f32 test on Windows 2024-09-23 18:54:31 +01:00
travis Skip slow tests on Travis 2023-11-22 20:39:30 -06:00
TSRM Fix GH-10737: PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c 2023-04-08 16:34:07 +02:00
win32 zend win32 RE2C header files to Make targets and generated_files 2023-02-17 16:37:14 +00:00
Zend Backport CI fixes to security branches 2024-10-28 15:57:16 +01:00
.cirrus.yml Update FreeBSD CI 2024-11-15 18:20:48 +01:00
.editorconfig Fix JIT crash with large number of match/switch arms (#8961) 2022-07-18 12:34:20 +02:00
.gdbinit Merge branch 'PHP-7.4' into PHP-8.0 2021-04-05 21:11:19 +02:00
.gitattributes Sync mysqlnd version with PHP version 2019-07-15 14:20:58 +02:00
.gitignore .github/workflows/push.yml: enable ccache 2023-02-02 18:58:30 +01:00
.travis.yml Move ARM64 build to Cirrus 2023-03-15 01:35:01 +01:00
buildconf Remove build.mk usage 2019-07-21 11:40:23 +02:00
buildconf.bat Fix #79146: cscript can fail to run on some systems 2020-01-21 11:53:11 +01:00
CODING_STANDARDS.md Improve documentation for contributors 2021-06-17 06:29:38 +02:00
configure.ac PHP-8.1 is now for PHP 8.1.31-dev 2024-09-26 12:52:41 -05:00
CONTRIBUTING.md Retire AppVeyor 2023-07-05 15:14:20 +02:00
EXTENSIONS EXTENSIONS: Update fileinfo maintainership info [ci skip] 2020-08-29 21:05:10 +02:00
LICENSE Update year to 2021 2021-02-02 16:46:16 +01:00
NEWS PHP-8.1 is now for PHP 8.1.31-dev 2024-09-26 12:52:41 -05:00
php.ini-development Add max_multipart_body_parts info into php.ini files 2023-02-17 13:21:18 +00:00
php.ini-production Add max_multipart_body_parts info into php.ini files 2023-02-17 13:21:18 +00:00
README.md Retire AppVeyor 2023-07-05 15:14:20 +02:00
README.REDIST.BINS [ci skip] Fix GH-9918: License information for xxHash is not included in README.REDIST.BINS file 2022-11-10 12:37:08 +01:00
run-tests.php Retry tests on deadlock 2023-11-22 20:39:29 -06:00
UPGRADING Fix phpGH-10648: add check function pointer into mbfl_encoding 2023-03-25 09:52:10 +02:00
UPGRADING.INTERNALS Use zend_long for resource ID 2021-08-31 14:58:59 +02:00

The PHP Interpreter

PHP is a popular general-purpose scripting language that is especially suited to web development. Fast, flexible and pragmatic, PHP powers everything from your blog to the most popular websites in the world. PHP is distributed under the PHP License v3.01.

Build status Build Status Fuzzing Status

Documentation

The PHP manual is available at php.net/docs.

Installation

Prebuilt packages and binaries

Prebuilt packages and binaries can be used to get up and running fast with PHP.

For Windows, the PHP binaries can be obtained from windows.php.net. After extracting the archive the *.exe files are ready to use.

For other systems, see the installation chapter.

Building PHP source code

For Windows, see Build your own PHP on Windows.

For a minimal PHP build from Git, you will need autoconf, bison, and re2c. For a default build, you will additionally need libxml2 and libsqlite3.

On Ubuntu, you can install these using:

sudo apt install -y pkg-config build-essential autoconf bison re2c \
                    libxml2-dev libsqlite3-dev

On Fedora, you can install these using:

sudo dnf install re2c bison autoconf make libtool ccache libxml2-devel sqlite-devel

Generate configure:

./buildconf

Configure your build. --enable-debug is recommended for development, see ./configure --help for a full list of options.

# For development
./configure --enable-debug
# For production
./configure

Build PHP. To speed up the build, specify the maximum number of jobs using -j:

make -j4

The number of jobs should usually match the number of available cores, which can be determined using nproc.

Testing PHP source code

PHP ships with an extensive test suite, the command make test is used after successful compilation of the sources to run this test suite.

It is possible to run tests using multiple cores by setting -jN in TEST_PHP_ARGS:

make TEST_PHP_ARGS=-j4 test

Shall run make test with a maximum of 4 concurrent jobs: Generally the maximum number of jobs should not exceed the number of cores available.

The qa.php.net site provides more detailed info about testing and quality assurance.

Installing PHP built from source

After a successful build (and test), PHP may be installed with:

make install

Depending on your permissions and prefix, make install may need super user permissions.

PHP extensions

Extensions provide additional functionality on top of PHP. PHP consists of many essential bundled extensions. Additional extensions can be found in the PHP Extension Community Library - PECL.

Contributing

The PHP source code is located in the Git repository at github.com/php/php-src. Contributions are most welcome by forking the repository and sending a pull request.

Discussions are done on GitHub, but depending on the topic can also be relayed to the official PHP developer mailing list internals@lists.php.net.

New features require an RFC and must be accepted by the developers. See Request for comments - RFC and Voting on PHP features for more information on the process.

Bug fixes don't require an RFC. If the bug has a GitHub issue, reference it in the commit message using GH-NNNNNN. Use #NNNNNN for tickets in the old bugs.php.net bug tracker.

Fix GH-7815: php_uname doesn't recognise latest Windows versions
Fix #55371: get_magic_quotes_gpc() throws deprecation warning

See Git workflow for details on how pull requests are merged.

Guidelines for contributors

See further documents in the repository for more information on how to contribute:

Credits

For the list of people who've put work into PHP, please see the PHP credits page.