| #
51e2015a |
| 23-Feb-2021 |
Christoph M. Becker |
Fix #78719: http wrapper silently ignores long Location headers
When opening HTTP streams, and reading the headers, we currently
discard header lines longer than `HTTP_HEADER_BLOCK_SIZE`
Fix #78719: http wrapper silently ignores long Location headers
When opening HTTP streams, and reading the headers, we currently
discard header lines longer than `HTTP_HEADER_BLOCK_SIZE` (1024 bytes).
While this is not generally forbidden by RFC 7230, section 3.2.5, it
is not generally allowed either, since that may change the "message
framing or response semantics".
We thus fix this by allowing arbitrarily long header lines.
Closes GH-6720.
show more ...
|
| #
e8579365 |
| 11-Sep-2020 |
Nikita Popov |
Fixed bug #80805
Handle missing result_var in binary_op_result_type.
(cherry picked from commit 8446e2827585c37d0739f8d44fa8d359cbbb6551)
|
| #
78b0a85d |
| 24-Feb-2021 |
Felipe Pena |
Update NEWS
|
| #
963e50c8 |
| 16-Feb-2021 |
Christoph M. Becker |
Fix #75776: Flushing streams with compression filter is broken
First, the `bzip2.compress` filter has the same issue as `zlib.deflate`
so we port the respective fix[1] to ext/bz2.
Fix #75776: Flushing streams with compression filter is broken
First, the `bzip2.compress` filter has the same issue as `zlib.deflate`
so we port the respective fix[1] to ext/bz2.
Second, there is still an issue, if a stream with an attached
compression filter is flushed before it is closed, without any writes
in between. In that case, the compression is never finalized. We fix
this by enforcing a `_php_stream_flush()` with the `closing` flag set
in `_php_stream_free()`, whenever a write filter is attached. This
call is superfluous for most write filters, but does not hurt, even
when it is unnecessary.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=20e75329f2adb11dd231852c061926d0e4080929>
Closes GH-6703.
show more ...
|
| #
073b6ea8 |
| 22-Feb-2021 |
Christoph M. Becker |
Fix #80771: phpinfo(INFO_CREDITS) displays nothing in CLI
There is no good reason not to show the credits in text based SAPIs,
except for brevity. Thus, we suppress the credits from `ph
Fix #80771: phpinfo(INFO_CREDITS) displays nothing in CLI
There is no good reason not to show the credits in text based SAPIs,
except for brevity. Thus, we suppress the credits from `php -i`.
Closes GH-6710.
show more ...
|
| #
d7c98ca1 |
| 19-Feb-2021 |
Christoph M. Becker |
Fix #80774: session_name() problem with backslash
Since we do no longer URL decode cookie names[1], we must not URL
encode the session name. We need to prevent broken Set-Cookie headers
Fix #80774: session_name() problem with backslash
Since we do no longer URL decode cookie names[1], we must not URL
encode the session name. We need to prevent broken Set-Cookie headers,
by rejecting names which contain invalid characters.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=6559fe912661ca5ce5f0eeeb591d928451428ed0>
Closes GH-6711.
show more ...
|
| #
6dd85f83 |
| 22-Feb-2021 |
Nikita Popov |
Fixed bug #80781
zend_find_array_dim_slow() may throw, make sure to handle this.
This backports the code we already use for this on PHP-8.0,
and also backports an exception check tha
Fixed bug #80781
zend_find_array_dim_slow() may throw, make sure to handle this.
This backports the code we already use for this on PHP-8.0,
and also backports an exception check that makes this easier to
catch.
show more ...
|
| #
84b61528 |
| 17-Feb-2021 |
Christoph M. Becker |
Fix #80763: msgfmt_format() does not accept DateTime references
`intl_zval_to_millis()` needs to cater to references.
Closes GH-6707.
|
| #
9552cf6b |
| 16-Feb-2021 |
Nikita Popov |
Handle incomplete result set metadata more gracefully
Rather than segfaulting because sname is missing lateron, report
a FAIL here. As this indicates a server bug, the errors is reported
Handle incomplete result set metadata more gracefully
Rather than segfaulting because sname is missing lateron, report
a FAIL here. As this indicates a server bug, the errors is reported
as an out of band warning, rather than a client error.
This fixes the PHP side of bug #80713.
show more ...
|
| #
2d858fbf |
| 16-Feb-2021 |
Derick Rethans |
Fixed dates
|
| #
6d3d9104 |
| 16-Feb-2021 |
Derick Rethans |
PHP-7.4 is now 7.4.17-dev
|
| #
64b10854 |
| 15-Feb-2021 |
Nikita Popov |
Fixed bug #80747
If RSA key generation fails, actually report that failure.
|
| #
36466042 |
| 05-Feb-2021 |
Daniel Black |
Fix #78680: mysqlnd pam plugin missing terminating null
The PAM service requires the terminating null to be part
of the communication.
Tested with MariaDB-10.4(pam) and Percona
Fix #78680: mysqlnd pam plugin missing terminating null
The PAM service requires the terminating null to be part
of the communication.
Tested with MariaDB-10.4(pam) and Percona Server 5.7.32(auth_pam_compat).
Also changed MySQL Enterprise test to the server side plugin, authentication_pam
as opposed to the client plugin mysql_clear_password.
Add additional check for pamtest user and pam service file as
all are required for the test.
More importantly, test result should actually succeed.
Thanks Geoff Montee for bug report.
Closes GH-78680.
show more ...
|
| #
c34c5234 |
| 11-Feb-2021 |
Nikita Popov |
Fixed bug #80719
|
| #
ca7547c9 |
| 04-Feb-2021 |
Christoph M. Becker |
Fix #80706: mail(): Headers after Bcc headers may be ignored
We need to handle the case where a CRLF after a Bcc header is not the
beginning of a folding marker, because in that case the
Fix #80706: mail(): Headers after Bcc headers may be ignored
We need to handle the case where a CRLF after a Bcc header is not the
beginning of a folding marker, because in that case the Bcc header was
not the last "thing".
Closes GH-6666.
show more ...
|
| #
3f8d21b9 |
| 04-Feb-2021 |
Christoph M. Becker |
Fix #74779: x() and y() truncating floats to integers
We must not use the locale dependent `atof()`, but instead use the
(hopefully) locale independent `zend_strtod()`, when converting s
Fix #74779: x() and y() truncating floats to integers
We must not use the locale dependent `atof()`, but instead use the
(hopefully) locale independent `zend_strtod()`, when converting string
representations of floating point numbers which are sent by the server.
Closes GH-6665.
show more ...
|
| #
1bb2a4f9 |
| 26-Jan-2021 |
Christoph M. Becker |
Fix #53467: Phar cannot compress large archives
When Phars are flushed, a new temporary file is created for each entry
which should be compressed, and the `compressed_filesize` is retrie
Fix #53467: Phar cannot compress large archives
When Phars are flushed, a new temporary file is created for each entry
which should be compressed, and the `compressed_filesize` is retrieved.
Afterwards, the Phar manifest is written, and only after that the files
are copied to the actual Phar. So for each such entry there is an open
temp file, what easily exceeds the limit.
Therefore, we use a single temporary file for all entries, and store
the start offset in the otherwise unused `header_offset` member. We
ensure that the `cfp` members are properly set to NULL even if flushing
fails, to avoid use after free scenarios.
This solution is based on a suggestion by @lserni[1].
Closes GH-6643.
[1] <https://github.com/box-project/box2/issues/80#issuecomment-77147371>
show more ...
|
| #
7e947908 |
| 28-Jan-2021 |
Christoph M. Becker |
Fix #80654: file_get_contents() maxlen fails above (2**31)-1 bytes
We remove the arbitrary restriction to `INT_MAX`; it is superfluous on
32bit systems where `ZEND_LONG_MAX == INT_MAX` a
Fix #80654: file_get_contents() maxlen fails above (2**31)-1 bytes
We remove the arbitrary restriction to `INT_MAX`; it is superfluous on
32bit systems where `ZEND_LONG_MAX == INT_MAX` anyway, and not useful
on 64bit systems, where larger files should be readable, if the
`memory_limit` is large enough.
Closes GH-6648.
show more ...
|
| #
3c939e3f |
| 01-Feb-2021 |
Stanislav Malyshev |
Fix bug #80672 - Null Dereference in SoapClient
|
| #
aeb4f215 |
| 28-Jan-2021 |
Remi Collet |
NEWS
|
| #
6a0b889f |
| 26-Jan-2021 |
Christoph M. Becker |
Fix #70091: Phar does not mark UTF-8 filenames in ZIP archives
The default encoding of filenames in a ZIP archive is IBM Code Page
437. Phar, however, only supports UTF-8 filenames. Th
Fix #70091: Phar does not mark UTF-8 filenames in ZIP archives
The default encoding of filenames in a ZIP archive is IBM Code Page
437. Phar, however, only supports UTF-8 filenames. Therefore we have
to mark filenames as being stored in UTF-8 by setting the general
purpose bit 11 (the language encoding flag).
The effect of not setting this bit for non ASCII filenames can be seen
in popular tools like 7-Zip and UnZip, but not when extracting the
archives via ext/phar (which is agnostic to the filename encoding), or
via ext/zip (which guesses the encoding). Thus we add a somewhat
brittle low-level test case.
Closes GH-6630.
show more ...
|
| #
61ed904c |
| 25-Jan-2021 |
Christoph M. Becker |
Fix #75850: Unclear error message wrt. __halt_compiler() w/o semicolon
We add the failure reason to the error message.
Closes GH-6638.
|
| #
6adfb8c9 |
| 20-Jan-2021 |
Christoph M. Becker |
Fix #80648: Fix for bug 79296 should be based on runtime version
Instead of checking for actually affected libzip versions, we now always
`ZIP_TRUNCATE` empty files unless `ZIP_RDONLY` i
Fix #80648: Fix for bug 79296 should be based on runtime version
Instead of checking for actually affected libzip versions, we now always
`ZIP_TRUNCATE` empty files unless `ZIP_RDONLY` is set.
Closes GH-6625.
show more ...
|
| #
a33d0c3a |
| 19-Jan-2021 |
Derick Rethans |
Update NEWS and version
|
| #
e8a89c49 |
| 19-Jan-2021 |
Derick Rethans |
Update NEWS for PHP 7.4.15RC1
|
