A picture is worth a thousand message digests

The bundled GD test suites makes heavy use of md5() to verify the result
of drawing operations. This leads to fragile tests (even a slight c

A picture is worth a thousand message digests

The bundled GD test suites makes heavy use of md5() to verify the result
of drawing operations. This leads to fragile tests (even a slight change
in a PNG header would cause failure, and of course there is the
possibility of collisions), and even worse, eventual test failures are
rather unrevealing.

Therefore we replace all md5() verification with a simplistic
test_image_equals_file(), which is basically a simplified port of libgd's
gdTestImageCompareToFile(), adapted to the needs of PHPTs.

In the long run better tests helpers should be introduced (see also
<http://news.php.net/php.internals/94081>), but for now this solution
is preferable over the former.

(cherry picked from commit 24f9e96792518ec2a75f26b1eb2471dd7694f2b7)

show more ...

Add regression test for bug #73053

The test succeeds with libxml < 2.9.4, and is supposed to succeed with
libxml > 2.9.4. Unfortunately, we can't conditionally mark a test case
as XF

Add regression test for bug #73053

The test succeeds with libxml < 2.9.4, and is supposed to succeed with
libxml > 2.9.4. Unfortunately, we can't conditionally mark a test case
as XFAIL, so we're simply skipping the test for libxml 2.9.4 instead.

show more ...

update NEWS

Bug #73058 crypt broken when salt is 'too' long

Remove ignored --FAIL-- section from test case

This is just confusing.

Fix #73054: default option ignored when object passed to int filter

If an object that can't be converted to string is validated, we must not
bail out early, but rather check for a reques

Fix #73054: default option ignored when object passed to int filter

If an object that can't be converted to string is validated, we must not
bail out early, but rather check for a requested default value.

show more ...

Partially fix bug #67167 - Wrong return value...

...from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE

The remainer of the fix would require the filter functions to only
conve

Partially fix bug #67167 - Wrong return value...

...from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE

The remainer of the fix would require the filter functions to only
convert to string when it makes sense for that particular filter.

(cherry picked from commit 432dc527adcbc3bf4809f6315350300d42c16c52)

show more ...

Fixed Bug #68015 Session does not report invalid uid for files save handler

backport 59444347 and 3d7343f6

Fix bug26639.phpt

Update NEWS

Fix Bug #72992 mbstring.internal_encoding doesn't inherit default_charset

Fix potential memory issue with USE_ZEND_ALLOC=0

The PHP core and extensions are written with the assumption that memory
allocation either succeeds, or the allocator bails out (i.e. the

Fix potential memory issue with USE_ZEND_ALLOC=0

The PHP core and extensions are written with the assumption that memory
allocation either succeeds, or the allocator bails out (i.e. the allocator
is infallible). Therefore the result of emalloc() and friends are not checked
for NULL values.

However, with USE_ZEND_ALLOC=0, malloc() and friends are used as allocators,
but these are fallible, i.e. they return NULL instead of bailing out if they
fail. This easily leads to invalid memory accesses in the following, such as
in <https://bugs.php.net/73032>. Some of these cases may constitute
exploitable vulnerabilities.

Therefore we make the infallible __zend_alloc() and friends the default for
USE_ZEND_ALLOC=0.

show more ...

Fix #73025: Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c

`command_length` is retrieved via strlen() and later passed to emalloc()
and memcpy(), so the appropriate type is

Fix #73025: Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c

`command_length` is retrieved via strlen() and later passed to emalloc()
and memcpy(), so the appropriate type is `size_t`.

We don't add a regression test, because that would need to allocate a string
of at least 2 GiB.

show more ...

Update NEWS

Fixed Bug #66964 mb_convert_variables() cannot detect recursion

Fix #70752: Depacking with wrong password leaves 0 length files

We should not open the output stream before we have tried to open the
archive entry, as failing the latter could leave an

Fix #70752: Depacking with wrong password leaves 0 length files

We should not open the output stream before we have tried to open the
archive entry, as failing the latter could leave an empty file behind.

show more ...

Updated NEWS

Fixes #72590: Opcache restart with kill_all_lockers does not work

ACCEL_LOG_ERROR is special and causes a zend_bailout() and the code
never gets to call kill() in the next line after the

Fixes #72590: Opcache restart with kill_all_lockers does not work

ACCEL_LOG_ERROR is special and causes a zend_bailout() and the code
never gets to call kill() in the next line after the logging. Change
the log level to WARNING.

show more ...

Limit editorconfig to C code

PHPT files do not follow this.

[ci skip]

Updated NEWS

Fix #72972, Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE

Added editorconfig file

Implement #47456: Missing PCRE option 'J'

While it is possible to force the same behavior by setting the internal
option (?J), having a dedicated modifier appears to be useful. After all

Implement #47456: Missing PCRE option 'J'

While it is possible to force the same behavior by setting the internal
option (?J), having a dedicated modifier appears to be useful. After all,
J is even listed on the "Pattern Modifiers" man page[1], but the description
referrs to (?J).

[1] <http://php.net/manual/en/reference.pcre.pattern.modifiers.php>

show more ...

Merge branch 'pull-request/2061' into PHP-5.6

* pull-request/2061:
Recognize TDS versions 7.3 and 7.4