Fix #81720: Uninitialized array in pg_query_params() leading to RCE

We must not free parameters which we haven't initialized yet.

We also fix the not directly related issue, that we

Fix #81720: Uninitialized array in pg_query_params() leading to RCE

We must not free parameters which we haven't initialized yet.

We also fix the not directly related issue, that we checked for the
wrong value being `NULL`, potentially causing a segfault.

show more ...

Fix php_pgsql_fd_cast() wrt. php_stream_can_cast()

`php_stream_can_cast()` forwards to `_php_stream_cast()` with `ret` set
to `NULL`. `php_pgsql_fd_cast()` needs to cater to that, becau

Fix php_pgsql_fd_cast() wrt. php_stream_can_cast()

`php_stream_can_cast()` forwards to `_php_stream_cast()` with `ret` set
to `NULL`. `php_pgsql_fd_cast()` needs to cater to that, because
otherwise the stream would report that it is not castable.

This *might* fix https://bugs.php.net/73903.

Closes GH-6888.

show more ...

Fix locale dependent parsing of PostgreSQL version number

Version numbers are not supposed to be localized, so we must not apply
locale dependent parsing with `atof()`.

Using `p

Fix locale dependent parsing of PostgreSQL version number

Version numbers are not supposed to be localized, so we must not apply
locale dependent parsing with `atof()`.

Using `php_version_compare()` might even be better.

Closes GH-6668.

show more ...

Report errors from stream read and write operations

The php_stream_read() and php_stream_write() functions now return
an ssize_t value, with negative results indicating failure. Function

Report errors from stream read and write operations

The php_stream_read() and php_stream_write() functions now return
an ssize_t value, with negative results indicating failure. Functions
like fread() and fwrite() will return false in that case.

As a special case, EWOULDBLOCK and EAGAIN on non-blocking streams
should not be regarded as error conditions, and be reported as
successful zero-length reads/writes instead. The handling of EINTR
remains unclear and is internally inconsistent (e.g. some code-paths
will automatically retry on EINTR, while some won't).

I'm landing this now to make sure the stream wrapper ops API changes
make it into 7.4 -- however, if the user-facing changes turn out to
be problematic we have the option of clamping negative returns to
zero in php_stream_read() and php_stream_write() to restore the
old behavior in a relatively non-intrusive manner.

show more ...

Cheaper checks for exceptions thrown from __toString()

Allow exceptions in __toString()

RFC: https://wiki.php.net/rfc/tostring_exceptions

And convert some object to string conversion related recoverable
fatal errors into Error excep

Allow exceptions in __toString()

RFC: https://wiki.php.net/rfc/tostring_exceptions

And convert some object to string conversion related recoverable
fatal errors into Error exceptions.

Improve exception safety of internal code performing string
conversions.

show more ...

Disable PACKAGE_* preprocessor symbols

Autoconf defines PACKAGE_* symbols:
- PACKAGE_NAME
- PACKAGE_VERSION
- PACKAGE_TARNAME
- PACKAGE_STRING
- PACKAGE_BUGREPORT
- P

Disable PACKAGE_* preprocessor symbols

Autoconf defines PACKAGE_* symbols:
- PACKAGE_NAME
- PACKAGE_VERSION
- PACKAGE_TARNAME
- PACKAGE_STRING
- PACKAGE_BUGREPORT
- PACKAGE_URL

and appends them to the generated config.h.in files. With AC_INIT change
via afd52f9d9986d92dd0c63832a07ab1a16bf11d53 where package version, URL,
bug report location and similar meta data are defined, these
preprocessor macros are then non empty strings in the generated
configuration header file. When using phpize, PHP shares the config
files in extensions, warnings of redefined macros appear, such as:
- `warning: 'PACKAGE_NAME' macro redefined`

This patch now disables these non utilized symbols in the generated
config header files.

Better practice would be to include only API specific headers where
needed but this would require even more refactorings. Some extensions
such as pcre, pgsql, and pdo_pgsql solve this issue by undefining some
of these symbols before including the library configuration headers in
the code also. Because these symbols can be defined by any library which
uses Autotools.

Additionally, the unused PACKAGE_* symbols were cleaned for the bundled
libmbfl library and with this patch not needed undef code removed.

show more ...

Don't use php_strtok_r in build_tablename

This is unnecessary convoluted... we just want to find the position
of the dot. Using php_strtok_r requires a copy of the string, and the
im

Don't use php_strtok_r in build_tablename

This is unnecessary convoluted... we just want to find the position
of the dot. Using php_strtok_r requires a copy of the string, and the
implementation also relied on the specific semantics of the scratch
space that strtok_r uses.

show more ...

Fix pgsql use after free trying to reuse closed connection

When a connection is closed, we also need to remove the hash entry
from the regular_list, as it now points to freed memory. To

Fix pgsql use after free trying to reuse closed connection

When a connection is closed, we also need to remove the hash entry
from the regular_list, as it now points to freed memory. To do this
store a reverse mapping from the connection to the hash string.

It would be nicer to introduce a wrapping structure for the pgsql
link resource that could store the hash (and notices), but that would
require large changes to the extension, so I'm going for a more
minimal fix here.

show more ...

Fix use after free on pg_close() of default connection

Remove local variables

This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly

Remove local variables

This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.

A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.

This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.

With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.

Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files. All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.

show more ...

Remove yearly range from copyright notice

Remove unnecessary uses of object_and_properties_init

Use object_init_ex instead if the properties are NULL.

Fixed bug #77047 pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type

Backport 369c991d and 282a63da to 7.1, closes #3634

FIX #77047: fixes regex for "time" data type

Future-proof email addresses

Future-proof email addresses...

Fix some misspellings

Fix typos in code comments

Remove unused Git attributes ident

The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
use

Remove unused Git attributes ident

The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.

In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.

This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.

show more ...

Reduce error buffer size

120 bytes is ample, the doc says.

Use zval_ptr_dtor() imstead of zval_dtor()

Replace legacy zval_dtor() by zval_ptr_dtor_nogc() or even more specialized destructors.
zval_dtor() doesn't make a lot of sense in PHP-7.* and it's used incorrectly in some places.
Its occur

Replace legacy zval_dtor() by zval_ptr_dtor_nogc() or even more specialized destructors.
zval_dtor() doesn't make a lot of sense in PHP-7.* and it's used incorrectly in some places.
Its occurances should be replaced by zval_ptr_dtor() or zval_ptr_dtor_nogc(), or even more specialized destructors.

show more ...

Fixed bug #76548 pg_fetch_result did not fetch the next row

Removed "dead" code (zend_hash_update() never fails)