Fixed bug #79778

In the interest of avoiding side-effects during dumping, I'm
replacing the value with a <constant ast> string instead of
performing an update constant operation.

Fix #70362: Can't copy() large 'data://' with open_basedir

open_basedir is only relevant for plain files, so there is no need to
check it for other URL wrappers.

Fix #63208: BSTR to PHP string conversion not binary safe

A `BSTR` is similar to a `zend_string`; it stores the length of the
string just before the actual string, and thus the string ma

Fix #63208: BSTR to PHP string conversion not binary safe

A `BSTR` is similar to a `zend_string`; it stores the length of the
string just before the actual string, and thus the string may contain
NUL bytes. However, `php_com_olestring_to_string()` is supposed to
deal with arbitrary `OLECHAR*`s which may not be `BSTR`s, so we
introduce `php_com_bstr_to_string()` and use it for the only case where
we actually have to deal with `BSTR`s which may contain NUL bytes.

Contrary to `php_com_olestring_to_string()` we return a `zend_string`,
so we can save the re-allocation when converting to a `zval`.

We also cater to `php_com_string_to_olestring()` not being binary safe,
with basically the same fix we did for `php_com_olestring_to_string()`.

show more ...

Fix #79756: finfo_file crash (FILEINFO_MIME)

If `ctime` or `asctime` return `NULL`, we must not attempt to copy the
buffer, but rather return `NULL` as well.

Fixed bug #79741

Fixed bug #79030 Use usec from apache request time

Don't unnecessarily truncate to milliseconds.

Closes GH-5760.

Fix #55857: ftp_size on large files

`atol()` returns a `long` which is not the same as `zend_long` on
LLP64; we use `ZEND_ATOL()` instead.

There is no need for a new test case,

Fix #55857: ftp_size on large files

`atol()` returns a `long` which is not the same as `zend_long` on
LLP64; we use `ZEND_ATOL()` instead.

There is no need for a new test case, since filesize_large.phpt already
tests for that behavior; unfortunately, the FTP test suite relies on
`pcntl_fork()` and therefore cannot be run on Windows.

show more ...

7.3 is now 7.3.21-dev

Fixed bug #79570

Use the same logic for getgrgid_r, getpwnam_r and getpwuid_r
as for getgrnam_r in #75696

Closes GH-5740.

Fixed bug #79710

Make sure we don't use zresource after the stream has been destroyed.

Fix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes

Even if the length of a maker note does not match our expectations
(either because the maker note is corrupted, or becaus

Fix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes

Even if the length of a maker note does not match our expectations
(either because the maker note is corrupted, or because our
expectations do not quite match reality), there is no need to let
parsing fail; we can still go on parsing the other meta information.

show more ...

Fix #79676: imagescale adds black border with IMG_BICUBIC

We have to loop over all image pixels to avoid the black border. This
is also done in external libgd in `_gdScaleOneAxis` and `

Fix #79676: imagescale adds black border with IMG_BICUBIC

We have to loop over all image pixels to avoid the black border. This
is also done in external libgd in `_gdScaleOneAxis` and `_gdScalePass`.

show more ...

Fix possibly unsupported timercmp() usage

The `timercmp()` manpage[1] points out that some systems have a broken
implementation which does not support `>=`. This is definitely the
c

Fix possibly unsupported timercmp() usage

The `timercmp()` manpage[1] points out that some systems have a broken
implementation which does not support `>=`. This is definitely the
case for the Windows SDK, which only supports `<` and `>`.

[1] <https://linux.die.net/man/3/timercmp>

show more ...

Fix #62890: default_socket_timeout=-1 causes connection to timeout

While unencrypted connections ignore negative timeouts, SSL/TLS
connections did not special case that, and so always fa

Fix #62890: default_socket_timeout=-1 causes connection to timeout

While unencrypted connections ignore negative timeouts, SSL/TLS
connections did not special case that, and so always failed due to
timeout.

show more ...

[ci skip] Update NEWS

Fix #74267: segfault with streams and invalid data

If the current character is a line break character, it cannot be a tab
or space character, so we would always fail with an invalid sequ

Fix #74267: segfault with streams and invalid data

If the current character is a line break character, it cannot be a tab
or space character, so we would always fail with an invalid sequence
error. Obviously, these `scan_stat == 4` conditions are meant to be
exclusive.

Furthermore, if `in_pp == NULL || in_left_p == NULL` is true, we hit a
segfault if we are not returning right away. Obviously, the additional
constraints don't make sense, so we remove them.

show more ...

Fix #73527: Invalid memory access in php_filter_strip

Fix #79668: get_defined_functions(true) may miss functions

Instead of some brittle and unefficient string matching, we can just
check for the function handler.

Fix #79664: PDOStatement::getColumnMeta fails on empty result set

As its name suggests, `sqlite3_data_count` returns the number of
columns in the current row of the result set; we are in

Fix #79664: PDOStatement::getColumnMeta fails on empty result set

As its name suggests, `sqlite3_data_count` returns the number of
columns in the current row of the result set; we are interested in the
number of columns regardless of the current row, so we have to use
`sqlite3_column_count` instead.

show more ...

Fix #79650: php-win.exe 100% cpu lockup

As of PHP 7.3.0, `sapi_cli_single_write()` is supposed to return `< 0`
on failure, but `fwrite()` returns a `size_t`, and signals error by
set

Fix #79650: php-win.exe 100% cpu lockup

As of PHP 7.3.0, `sapi_cli_single_write()` is supposed to return `< 0`
on failure, but `fwrite()` returns a `size_t`, and signals error by
setting the stream's error indicator. We have to cater to that.

show more ...

7.3.20 will be next

Fix #79615: Wrong GIF header written in GD GIFEncode

The color resolution is expected in bits 4-6 of the packed fields byte
of the logical screen descriptor (byte 10 of the GIF data stre

Fix #79615: Wrong GIF header written in GD GIFEncode

The color resolution is expected in bits 4-6 of the packed fields byte
of the logical screen descriptor (byte 10 of the GIF data stream),
according to the specification[1], section 18.

[1] <https://www.w3.org/Graphics/GIF/spec-gif89a.txt>

show more ...

Fix #79596: MySQL FLOAT truncates to int some locales

We must not do locale aware float to string conversion here; instead
we using our `snprintf()` implementation with the `F` specifier.

Fix #79588: Boolean opcache settings ignore on/off values

We should display boolean INI settings as boolean.

Fix #79489: .user.ini does not inherit

On Windows, PATH_TRANSLATED may contain backslashes as well as slashes,
so we must not only check for `DEFAULT_SLASH`.