Fix #78666 mysqli_options generates Warning on var_dump()

Closes GH-5121

Fix #79174: cookie values with spaces fail to round-trip

The fix for bug #78929 disabled the conversion of spaces in cookie
values to plus signs, but failed to adapt `php_setcookie()`

Fix #79174: cookie values with spaces fail to round-trip

The fix for bug #78929 disabled the conversion of spaces in cookie
values to plus signs, but failed to adapt `php_setcookie()`
accordingly, so that it uses raw URL encoding as well.

show more ...

Fixed bug #78989

Always operate on copies of the functions, so we don't reference
temporary trait methods that have gone out of scope.

This could be more efficient, but doing an

Fixed bug #78989

Always operate on copies of the functions, so we don't reference
temporary trait methods that have gone out of scope.

This could be more efficient, but doing an allocated copy only when
strictly necessary turned out to be somewhat tricky.

show more ...

Fix #76584: PharFileInfo::decompress not working

We actually have to decompress, when told to do so.

- bump zip extension version to 1.15.6
- add ZipArchive::LIBZIP_VERSION
- skip bug53885.phpt with libzip 1.6.0 (empty file is no more valid archive)

Fix #78969 Make PASSWORD_DEFAULT match PASSWORD_BCRYPT instead of being null

It was an unintentional BC break.

Fix bug #78323: Code 0 is returned on invalid options

Set CLI exit code to 1 when invalid parameters are passed,
and print error to stderr.

Fixed bug #79128

We need to extend the hash table before performing raw append
operations.

This doesn't matter if preloading happens in the same process,
as the tables will

Fixed bug #79128

We need to extend the hash table before performing raw append
operations.

This doesn't matter if preloading happens in the same process,
as the tables will be large enough to hold all entries as a
side-effect of the preloading process. However, if preloading
happens in a different process, we need to reserve space here.

show more ...

Fixed bug #79011

auth_plugin_data_len here is 21, including the trailing null byte.
Directly use SCRAMBLE_LENGTH instead. Also add a sanity check that
the provided scramble is long e

Fixed bug #79011

auth_plugin_data_len here is 21, including the trailing null byte.
Directly use SCRAMBLE_LENGTH instead. Also add a sanity check that
the provided scramble is long enough.

show more ...

Add ZipArchive::CM_LZMA2 constant (since libzip 1.6.0)

Fixed bug #78902

Fixed bug #79151

Make sure we also NULL out next/prev of the removed element on
pop/shift. This only matter is that element is still being referenced
by an iterator.

Fixed bug #79155

Make sure we only unset the NULLABLE flag temporarily for class
resolution, as the same type may be compiled multiple types.

Fix #79154: mb_convert_encoding() can modify $from_encoding

We must not modify arrays passed by value.

Fix #79149: SEGV in mb_convert_encoding with non-string encodings

We must not assume that `hash_entry` `IS_STRING`, but rather use
`encoding_str` which is guaranteed to be.

next will be 7.2.28

Fix #79145: openssl memory leak

We must increase the refcount of `return_value` only if `cert` is a
resource; this is already done in `php_openssl_evp_from_zval()`,
though.

Fix #79146: cscript can fail to run on some systems

In the buildconf and configure batch files, Windows' cscript utility was being
run without the /e:jscript flag. This works on systems

Fix #79146: cscript can fail to run on some systems

In the buildconf and configure batch files, Windows' cscript utility was being
run without the /e:jscript flag. This works on systems that have not had the
default .js file association changed, but if .js has been re-associated to
(say) an IDE, the batch files fail with the error message:

Input Error: There is no script engine for file extension ".js".

show more ...

Update NEWS wrt. sec fixes

Update NEWS

Fix bug #79112: IMAP can't find OpenSSL during configure

Remove the check of PHP_OPENSSL inside SETUP_OPENSSL. It's the
responsibility of the caller to determine whether they want to

Fix bug #79112: IMAP can't find OpenSSL during configure

Remove the check of PHP_OPENSSL inside SETUP_OPENSSL. It's the
responsibility of the caller to determine whether they want to
enable openssl or not. This makes SSL detection in IMAP work,
which uses a different option.

Additionally also clarify that --with-openssl-dir cannot actually
be used to specify an OpenSSL directory -- these options just
serve as a way to enable OpenSSL in extensions without also
enabling the OpenSSL extension. They need to be renamed to
something clearer in master.

Closes GH-5091.

show more ...

Fixed bug #79114 (Eval class during preload causes class to be only half available)

Fixed bug #79115

Fixed bug #71876

This is a backport of fcdc0a6db0ae63fbed9e3828137b899b844623ce
to the PHP-7.3 branch. We need to make sure that OnUpdateString
is also called for a NULL value, other

Fixed bug #71876

This is a backport of fcdc0a6db0ae63fbed9e3828137b899b844623ce
to the PHP-7.3 branch. We need to make sure that OnUpdateString
is also called for a NULL value, otherwise the reset of the encoding
at the end of the request will not work.

I believe I already tried to land this before once, but it didn't
actually end up on the PHP-7.3 branch due to a push conflict that
I only noticed just now.

show more ...

Fix #79096: FFI Struct Segfault

We must not assume that the size of a function's return value is at
most `sizeof(ffi_arg)`, but rather have to use the size which already
has been det

Fix #79096: FFI Struct Segfault

We must not assume that the size of a function's return value is at
most `sizeof(ffi_arg)`, but rather have to use the size which already
has been determined for the return type if it is larger than
`sizeof(ffi_arg)`.

To be able to have a regression test, we export the required test
function from the zend-test extension, and make sure that the test
can be run on different platforms regardless of whether zend-tests was
built statically or dynamically.

show more ...