Fix #70461: disable md5 code when it is not supported in net-snmp

Patch contributed by Alexander Bergmann.

Closes GH-6389.

Fix #44618: Fetching may rely on uninitialized data

Unless `SQLGetData()` returns `SQL_SUCCESS` or `SQL_SUCCESS_WITH_INFO`,
the `StrLen_or_IndPtr` output argument is not guaranteed to be

Fix #44618: Fetching may rely on uninitialized data

Unless `SQLGetData()` returns `SQL_SUCCESS` or `SQL_SUCCESS_WITH_INFO`,
the `StrLen_or_IndPtr` output argument is not guaranteed to be properly
set. Thus we handle retrieval failure other than `SQL_ERROR` by
yielding `false` for those column values and raising a warning.

Closes GH-6281.

show more ...

Fix #80268: loadHTML() truncates at NUL bytes

libxml2 has no particular issues parsing HTML strings with NUL bytes;
these just cause truncation of the current text content, but parsing

Fix #80268: loadHTML() truncates at NUL bytes

libxml2 has no particular issues parsing HTML strings with NUL bytes;
these just cause truncation of the current text content, but parsing
continues generally. Since `::loadHTMLFile()` already supports NUL
bytes, `::loadHTML()` should as well.

Note that this is different from XML, which does not allow any NUL
bytes.

Closes GH-6368.

show more ...

Fix #62474: com_event_sink crashes on certain arguments

We have to make sure that the variant is of type `VT_DISPATCH` before
we access it as such.

Closes GH-6372.

Fix #80258: Windows Deduplication Enabled, randon permission errors

A recent bug fix regarding symlinks claimed:

> After resolving reparse points, the path still may be a reparse

Fix #80258: Windows Deduplication Enabled, randon permission errors

A recent bug fix regarding symlinks claimed:

> After resolving reparse points, the path still may be a reparse
> point; in that case we have to resolve that reparse point as well.

While that is basically correct, some reparse points may point to
inaccessible system folders (e.g. `IO_REPARSE_TAG_DEDUP` points to
"\System Volume Information"). Since we don't know details about
arbitrary reparse points, and are mainly interested in nested symlinks,
we take a step back, and only resolve `IO_REPARSE_TAG_SYMLINK` for now.

Close GH-6354.

show more ...

Fix #80280: ADD_EXTENSION_DEP() fails for ext/standard and ext/date

`ADD_EXTENSION_DEP()` relies on the `PHP_<extname>` config variables to
be set to `"yes"`, and since the standard and

Fix #80280: ADD_EXTENSION_DEP() fails for ext/standard and ext/date

`ADD_EXTENSION_DEP()` relies on the `PHP_<extname>` config variables to
be set to `"yes"`, and since the standard and date extension are always
enabled, we define the respective variables uncoditionally.

Closes GH-6383.

show more ...

Fix bug 76618

Apply patch which was attached to the bug in July 2018

Fix #80242: imap_mail_compose() segfaults for multipart with rfc822

libc-client expects `TYPEMESSAGE` with an explicit subtype of `RFC822`
to have a `nested.msg` (otherwise there will be

Fix #80242: imap_mail_compose() segfaults for multipart with rfc822

libc-client expects `TYPEMESSAGE` with an explicit subtype of `RFC822`
to have a `nested.msg` (otherwise there will be a segfault during
free), but not to have any `contents.text.data` (this will leak
otherwise).

Closes GH-6345.

show more ...

Properly fix #80220

The original fix for that bug[1] broke the formerly working composition
of message/rfc822 messages, which results in a segfault when freeing
the message body now.

Properly fix #80220

The original fix for that bug[1] broke the formerly working composition
of message/rfc822 messages, which results in a segfault when freeing
the message body now. While `imap_mail_compose()` does not really
support composition of meaningful message/rfc822 messages (although
libc-client appears to support that), some code may still use this to
compose partial messages, and using string manipulation to create the
final message.

The point is that libc-client expects `TYPEMESSAGE` with an explicit
subtype of `RFC822` to have a `nested.msg` (otherwise there will be a
segfault during free), but not to have any `contents.text.data` (this
will leak otherwise).

[1] <http://git.php.net/?p=php-src.git;a=commit;h=0d022ddf03c5fabaaa22e486d1e4a367ed9170a7>

Closes GH-6343.

show more ...

Fix #80239: imap_rfc822_write_address() leaks memory

We have to free the address when we're finished with it.

Fix #64076: imap_sort() does not return FALSE on failure

If unsupported `$search_criteria` are passed to `imap_sort()`, the
function returns an empty array, but there is also an error on

Fix #64076: imap_sort() does not return FALSE on failure

If unsupported `$search_criteria` are passed to `imap_sort()`, the
function returns an empty array, but there is also an error on the
libc-client error stack ("Unknown search criterion: UNSUPPORTED
(errflg=2)"). If, on the other hand, unsupported `$criteria` or
unsupported `$flags` are passed, the function returns `false`. We
solve this inconsistency by returning `false` for unsupported
`$search_criteria` as well.

Closes GH-6332.

show more ...

7.3.25 is next

Fix #80226: imap_sort() leaks sortpgm memory

We need to free what we have allocated.

Closes GH-6327.

Fix #80216: imap_mail_compose() does not validate types/encodings

We need to check whether the given `type`s and `encoding`s are within
bounds to avoid segfaults and out-of-bound reads.

Fix #80216: imap_mail_compose() does not validate types/encodings

We need to check whether the given `type`s and `encoding`s are within
bounds to avoid segfaults and out-of-bound reads.

Closes GH-6323.

show more ...

Fix #80223: imap_mail_compose() leaks envelope on malformed bodies

We have to clean up even on failure.

Closes GH-6322.

Fix #80220: imap_mail_compose() may leak memory

Unless `topbod` is of `TYPEMULTIPART`, `mail_free_body()` does not free
the `nested.part`; while we could do this ourselves, instead we ju

Fix #80220: imap_mail_compose() may leak memory

Unless `topbod` is of `TYPEMULTIPART`, `mail_free_body()` does not free
the `nested.part`; while we could do this ourselves, instead we just
ignore additional bodies in this case, i.e. we don't attach them in the
first place.

Closes GH-6321.

show more ...

Fix #80215: imap_mail_compose() may modify by-val parameters

We separate the input arrays and all sub-arrays to avoid modification
of the passed parameters.

This should be rewri

Fix #80215: imap_mail_compose() may modify by-val parameters

We separate the input arrays and all sub-arrays to avoid modification
of the passed parameters.

This should be rewritten to use `zend_string`s for the "master" branch.

Closes GH-6316.

show more ...

Fix #80213: imap_mail_compose() segfaults on certain $bodies

We have to cater to non-associative arrays where the key may be `NULL`;
we just skip these elements.

Closes GH-6315.

Fix #77040: tidyNode::isHtml() is completely broken

The documentation of `tidyNode::isHtml()` states that this method
"checks if a node is part of a HTML document". That is, of course,

Fix #77040: tidyNode::isHtml() is completely broken

The documentation of `tidyNode::isHtml()` states that this method
"checks if a node is part of a HTML document". That is, of course,
nonsense, since a tidyNode is "an HTML node in an HTML file, as
detected by tidy."

What this method is actually supposed to do is to check whether a node
is an element (unless it is the root element). This has been broken by
commit d8eeb8e[1], which assumed that `enum TidyNodeType` would
represent flags of a bitmask, what it does not.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=d8eeb8e28673236bca3f066ded75037a5bdf6378>

Closes GH-6290.

show more ...

Fix #80185: jdtounix() fails after 2037

There is no such thing as the "end of the unix epoch", and if it was,
it would certainly not be 2037-10-11T02:00:00. There is, however,
poten

Fix #80185: jdtounix() fails after 2037

There is no such thing as the "end of the unix epoch", and if it was,
it would certainly not be 2037-10-11T02:00:00. There is, however,
potential integer overflow which we need to avoid.

Closes GH-6288.

show more ...

Fix #46050: odbc_next_result corrupts prepared resource

When resetting the result's values, we also have to reset its numcols.

[ci skip] moved soap fix to 7.3.23

When committing I didn't notice that version had been just bumped

[ci skip] Add 7.3.23 security fixes to NEWS

Fix #80152: odbc_execute() moves internal pointer of $params

As least intrusive fix, we separate the passed array argument.

Closes GH-6219.

Fix #80150: Failure to fetch error message

In case of statement related errors, we need to pass the respective
statement handle to `SQLError()`.

Closes GH-6217.