#
a054ef2a |
| 15-Jul-2021 |
Christoph M. Becker |
Fix #80849: HTTP Status header truncation While truncating the contents of a header is okay, we must never omit the trailing CRLF. Closes GH-7238.
|
#
a942cf5b |
| 14-Jul-2021 |
Christoph M. Becker |
Fix #72595: php_output_handler_append illegal write access We must make sure that `handler->buffer.size + grow_max` does not overflow, so we're using `safe_erealloc()` instead.
Fix #72595: php_output_handler_append illegal write access We must make sure that `handler->buffer.size + grow_max` does not overflow, so we're using `safe_erealloc()` instead. Closes GH-7241.
show more ...
|
#
33f8dfb1 |
| 14-Jul-2021 |
Christoph M. Becker |
Fix #72146: Integer overflow on substr_replace Adding two `zend_long`s may overflow, and casting `size_t` to `zend_long` may truncate; we can avoid this here by enforcing unsigned ar
Fix #72146: Integer overflow on substr_replace Adding two `zend_long`s may overflow, and casting `size_t` to `zend_long` may truncate; we can avoid this here by enforcing unsigned arithmetic. Closes GH-7240.
show more ...
|
#
f40dcedb |
| 13-Jul-2021 |
Derick Rethans |
Update NEWS for 7.4.22
|
#
717f1ed5 |
| 13-Jul-2021 |
Christoph M. Becker |
Fix #79908: json_encode encodes negative zero as int Encoding a negative zero as `-0` is likely to loose the sign when decoding (at least it does with `json_decode()`). Therefore, we en
Fix #79908: json_encode encodes negative zero as int Encoding a negative zero as `-0` is likely to loose the sign when decoding (at least it does with `json_decode()`). Therefore, we encode it as if `JSON_PRESERVE_ZERO_FRACTION` was specified, i.e. as `-0.0`. Closes GH-7234.
show more ...
|
#
9db3eda2 |
| 07-Jul-2021 |
Christoph M. Becker |
Fix #73226: --r[fcez] always return zero exit code This makes the behavior consistent with `--ri`, and is likely useful for scripting. Closes GH-7221.
|
#
a6b43086 |
| 12-Jul-2021 |
Christoph M. Becker |
Fix #81243: Too much memory is allocated for preg_replace() Trimming a potentially over-allocated string appears to be reasonable, so we drop the condition altogether. We also r
Fix #81243: Too much memory is allocated for preg_replace() Trimming a potentially over-allocated string appears to be reasonable, so we drop the condition altogether. We also re-allocate twice the size needed in the first place, and not roughly tripple the size. Closes GH-7231.
show more ...
|
#
520c00a5 |
| 05-Jul-2021 |
Christoph M. Becker |
Fix #81223: flock() only locks first byte of file `flock()` should lock the whole file, like on other systems which use mandatory locking. We cannot use `0` like for `flck.l_len`, so we
Fix #81223: flock() only locks first byte of file `flock()` should lock the whole file, like on other systems which use mandatory locking. We cannot use `0` like for `flck.l_len`, so we use the largest number, what is valid according to the documentation: <https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-lockfileex#remarks>. Closes GH-7216.
show more ...
|
#
28c93763 |
| 05-Jul-2021 |
Christoph M. Becker |
Fix #74264: grapheme_strrpos() broken for negative offsets We must not assume that `usearch_last()` gives the proper result for negative offsets. Instead we'd need to continue to search
Fix #74264: grapheme_strrpos() broken for negative offsets We must not assume that `usearch_last()` gives the proper result for negative offsets. Instead we'd need to continue to search backwards (`usearch_previous`) until we find a proper match. However, apparently searching backwards is broken, so we work around by searching forward from the start of the string until we pass the `offset_pos`, and then use the previous result. Closes GH-7189.
show more ...
|
#
bdc60fa7 |
| 02-Jul-2021 |
Nikita Popov |
Fixed bug #80173 The analysis in the bug report wasn't correct (at least not in this case -- there may still be a more general problem here), the issue was that write_property return
Fixed bug #80173 The analysis in the bug report wasn't correct (at least not in this case -- there may still be a more general problem here), the issue was that write_property returned the original variable_ptr rather than the zend_assign_to_variable() return value, which will DEREF the variable before overwriting it.
show more ...
|
#
334387bb |
| 01-Jul-2021 |
Christoph M. Becker |
Fix #52093: openssl_csr_sign truncates $serial We use `ASN1_INTEGER_set_int64()` if supported[1], to avoid the truncation of the integer. [1] <https://www.openssl.org/docs/man1.
Fix #52093: openssl_csr_sign truncates $serial We use `ASN1_INTEGER_set_int64()` if supported[1], to avoid the truncation of the integer. [1] <https://www.openssl.org/docs/man1.1.0/man3/ASN1_INTEGER_set_int64.html#HISTORY> Closes GH-7209.
show more ...
|
#
d7db5701 |
| 30-Jun-2021 |
Christoph M. Becker |
Fix #73630: Built-in Weberver - overwrite $_SERVER['request_uri'] The built-in Webserver's `on_path`, `on_query_string` and `on_url` callbacks may be called multiple times from the parse
Fix #73630: Built-in Weberver - overwrite $_SERVER['request_uri'] The built-in Webserver's `on_path`, `on_query_string` and `on_url` callbacks may be called multiple times from the parser; we must not simply replace the old values, but need to concatenate the new values instead. This appears to be tricky for `on_path` due to the path normalization, so we fail if the function is called again. The built-in Webserver logs errors during request parsing to stderr, but this is ignored by the php_cli_server framework, and apparently the Webserver does not send a resonse at all in such cases (instead of an 4xx). Thus we can only check that a request with an overly long path fails. Closes GH-7207.
show more ...
|
#
98a21d1d |
| 12-Feb-2021 |
Calvin Buckley |
Fix bug #80728: Don't reset the timeout on ini deactivate When the time limit for a script is changed, when the script ends, its INI value will be reset. This calls the event handler for
Fix bug #80728: Don't reset the timeout on ini deactivate When the time limit for a script is changed, when the script ends, its INI value will be reset. This calls the event handler for the timeout change, which will unset then reset the timeout. However, this is done even if the script is done executing, and say, the CGI or CLI web server process is idle. This is probably incorrect, but isn't a problem on most platforms, because PHP uses a timer that only ticks when the process is active (that is, executing code). Since when it's idle, it's blocking on listen/read, it won't tick because nothing executes. However, on platforms where only the real-time timer is supported, (Cygwin/PASE) it ticks regardless of if PHP is even executing. This means that the idle processes are subject to timeouts from the INI reset on script end. This makes it so the timer is never set if the state is deactivating. Testing with the CLI web server indicates the timer no longer spuriously activates under PASE. Closes GH-6683.
show more ...
|
#
1a01f781 |
| 23-Jun-2021 |
Christoph M. Becker |
Fix #68471: IntlDateFormatter fails for "GMT+00:00" timezone GMT+00:00 is recognized by ICU, and is normalized to GMT. There are no issues when GMT+00:00 is passed to `IntlTimeZone::cre
Fix #68471: IntlDateFormatter fails for "GMT+00:00" timezone GMT+00:00 is recognized by ICU, and is normalized to GMT. There are no issues when GMT+00:00 is passed to `IntlTimeZone::createTimeZone()`, but passing it to IntlDateFormatter::__construct() causes a failure, since there is an additional check regarding the validity. While checking the validity of the result of `TimeZone::createTimeZone()`[1] is a good idea, comparing the IDs is overly restrictive. Instead we just check that the timezone is supported by ICU. [1] <https://unicode-org.github.io/icu-docs/apidoc/dev/icu4c/classicu_1_1TimeZone.html#a35da0507b62754ffe5d8d59c19775cdb> Closes GH-7190.
show more ...
|
#
c68a6875 |
| 21-Jun-2021 |
Stanislav Malyshev |
Update NEWS
|
#
4d8eb892 |
| 19-Jun-2021 |
Anatol Belski |
NEWS: Add bug #81101 note [ci skip] Signed-off-by: Anatol Belski <ab@php.net>
|
#
bc59b046 |
| 18-Jun-2021 |
Joe Watkins |
Fix bug #81163 indirect vars in __sleep
|
#
2555efad |
| 17-Jun-2021 |
Christoph M. Becker |
Fix #81145: copy() and stream_copy_to_stream() fail for +4GB files When mapping the file, we need to pass the proper `dwFileOffsetHigh` instead of `0`. Co-authored-by: Nikita Po
Fix #81145: copy() and stream_copy_to_stream() fail for +4GB files When mapping the file, we need to pass the proper `dwFileOffsetHigh` instead of `0`. Co-authored-by: Nikita Popov <nikita.ppv@gmail.com> Closes GH-7158.
show more ...
|
#
0f1b17e3 |
| 14-Jun-2021 |
Christoph M. Becker |
Fix #72809: Locale::lookup() wrong result with canonicalize option Canonicalization converts the locale to ICU format[1]. However, the lookup described in RFC 4647, section 3.4, is abou
Fix #72809: Locale::lookup() wrong result with canonicalize option Canonicalization converts the locale to ICU format[1]. However, the lookup described in RFC 4647, section 3.4, is about POSIX format. To make that lookup work for ICU format, we also need to cater to keyword separators. The results are somewhat unexpected, but apparently canonical lookup is explicitly supposed to return canonical language tags[2]. [1] <https://unicode-org.github.io/icu/userguide/locale/#canonicalization> [2] <https://github.com/php/php-src/blob/php-7.4.20/ext/intl/locale/locale_methods.c#L1504> Closes GH-7151.
show more ...
|
#
8370a084 |
| 15-Jun-2021 |
Derick Rethans |
Prepare for 7.4.22
|
#
a1738d8b |
| 07-Jun-2021 |
Christoph M. Becker |
Fix #81092: fflush before stream_filter_remove corrupts stream When doing a non finishing flush, BZ2_bzCompress() returns BZ_FLUSH_OK (not BZ_FINISH_OK) what requires us to do further fl
Fix #81092: fflush before stream_filter_remove corrupts stream When doing a non finishing flush, BZ2_bzCompress() returns BZ_FLUSH_OK (not BZ_FINISH_OK) what requires us to do further flushes right away. We also refactor the while-loop as do-loop. Closes GH-7113.
show more ...
|
#
1b3b5c94 |
| 30-May-2021 |
Peter van Dommelen |
Fixed bug #81070 When the memory limit is reduced using an `ini_set("memory_limit", ..)` below the currently allocated memory, the out-of-memory check overflowed. Instead of implemen
Fixed bug #81070 When the memory limit is reduced using an `ini_set("memory_limit", ..)` below the currently allocated memory, the out-of-memory check overflowed. Instead of implementing additional checks during allocation, `zend_set_memory_limit()` now validates the new memory limit. When below the current memory usage the ini_set call will fail and throw a warning. This is part of GH-7040.
show more ...
|
#
7fd48264 |
| 27-May-2021 |
Christoph M. Becker |
Fix #76694: native Windows cert verification uses CN as sever name This is not guaranteed to work, since the actual server name may only be given as SAN. Since we're doing the peer veri
Fix #76694: native Windows cert verification uses CN as sever name This is not guaranteed to work, since the actual server name may only be given as SAN. Since we're doing the peer verification later anyway (using the respective context options as appropriate), there is no need to even supply a server name when verifying against the Windows cert store. Closes GH-7060.
show more ...
|
#
82f6f6da |
| 31-May-2021 |
Nikita Popov |
Fixed bug #81090 For concatenation, the in-place variant can be much more efficient, because it will reallocate the string in-place. Special-case the typed property compound assignme
Fixed bug #81090 For concatenation, the in-place variant can be much more efficient, because it will reallocate the string in-place. Special-case the typed property compound assignment code for the case where we concatenate to a string, in which case we know that the result will also be a string, and we don't need the type check anyway.
show more ...
|
#
ee9e0754 |
| 21-May-2021 |
Christoph M. Becker |
Fix #76359: open_basedir bypass through adding ".." We explicitly forbid adding paths with a leading `..` to `open_basedir` at runtime. Closes GH-7024.
|