Fix regression introduced by fixing bug 81726

When a tar phar is created, `phar_open_from_fp()` is also called, but
since the file has just been created, none of the format checks can

Fix regression introduced by fixing bug 81726

When a tar phar is created, `phar_open_from_fp()` is also called, but
since the file has just been created, none of the format checks can
succeed, so we continue to loop, but must not check again for the
format. Therefore, we bring back the old `test` variable.

Closes GH-9620.

show more ...

Fix #81726: phar wrapper: DOS when using quine gzip file

The phar wrapper needs to uncompress the file; the uncompressed file
might be compressed, so the wrapper implementation loops. Th

Fix #81726: phar wrapper: DOS when using quine gzip file

The phar wrapper needs to uncompress the file; the uncompressed file
might be compressed, so the wrapper implementation loops. This raises
potential DOS issues regarding too deep or even infinite recursion (the
latter are called compressed file quines[1]). We avoid that by
introducing a recursion limit; we choose the somewhat arbitrary limit
`3`.

This issue has been reported by real_as3617 and gPayl0ad.

[1] <https://honno.dev/gzip-quine/>

show more ...

Fix #53467: Phar cannot compress large archives

When Phars are flushed, a new temporary file is created for each entry
which should be compressed, and the `compressed_filesize` is retrie

Fix #53467: Phar cannot compress large archives

When Phars are flushed, a new temporary file is created for each entry
which should be compressed, and the `compressed_filesize` is retrieved.
Afterwards, the Phar manifest is written, and only after that the files
are copied to the actual Phar. So for each such entry there is an open
temp file, what easily exceeds the limit.

Therefore, we use a single temporary file for all entries, and store
the start offset in the otherwise unused `header_offset` member. We
ensure that the `cfp` members are properly set to NULL even if flushing
fails, to avoid use after free scenarios.

This solution is based on a suggestion by @lserni[1].

Closes GH-6643.

[1] <https://github.com/box-project/box2/issues/80#issuecomment-77147371>

show more ...

Fix #75850: Unclear error message wrt. __halt_compiler() w/o semicolon

We add the failure reason to the error message.

Closes GH-6638.

Call zend_unregister_ini_entries() when unload extension loaded through dl() without MSHUTDOWN callback.
Extensions with MSHUTDOWN should use UNREGISTER_INI_ENTRIES().

Fix leak in phar open

Revert "Drop free_filename field from zend_file_handle"

This reverts commit e0eca262852dba1a78afcde64a49126c81fead1a.

free_filename is used by the wincache extension, restore this

Revert "Drop free_filename field from zend_file_handle"

This reverts commit e0eca262852dba1a78afcde64a49126c81fead1a.

free_filename is used by the wincache extension, restore this
field for PHP 7.4.

show more ...

Also report errors from Zend stream reader operation

Revert "Avoid unused fstat() call"

This reverts commit 5a90dc77b8f244f603082aea022fadc0ce2c009c.

Let's try to go with the reverse direction here and actually trust
the reported

Revert "Avoid unused fstat() call"

This reverts commit 5a90dc77b8f244f603082aea022fadc0ce2c009c.

Let's try to go with the reverse direction here and actually trust
the reported size...

show more ...

Avoid unused fstat() call

If we're including a file via PHP streams, we're not going to trust
the reported file size anyway and populate in a loop -- so don't
bother determining the

Avoid unused fstat() call

If we're including a file via PHP streams, we're not going to trust
the reported file size anyway and populate in a loop -- so don't
bother determining the file size in the first place. Only do this
for non-tty HANDLE_FP now, which is the only case where this
information was used.

show more ...

Remove ZEND_HANDLE_MAPPED

The buf/len members are now simply used in addition to the main
stream, without changing the handle kind.

Drop free_filename field from zend_file_handle

free_filename was always zero.

Use ZEND_HASH_FOREACH APIs in a few more places

Sync HAVE_HASH, HAVE_HASH_EXT, PHAR_HASH_OK symbols

The hash extension is always available since PHP-7.4. The symbol
HAVE_HASH_EXT is kept for BC reasons and removed in PHP-8.0.

Sync HAVE_HASH, HAVE_HASH_EXT, PHAR_HASH_OK symbols

The hash extension is always available since PHP-7.4. The symbol
HAVE_HASH_EXT is kept for BC reasons and removed in PHP-8.0.

This patch also removes the PHAR_HASH_OK since it is no longer
relevant.

show more ...

Fix stream leak in phar cache_list

Avoid confusing gotos in phar_split_cache_list

Fix VirtualProtect() related Phar issues

We must not (try to) modify shared values, but rather have to use our
own copies, if unixified filenames are required on Windows. To avoid
e

Fix VirtualProtect() related Phar issues

We must not (try to) modify shared values, but rather have to use our
own copies, if unixified filenames are required on Windows. To avoid
excessive string duplication, we add checks whether the filenames are
already unixified (i.e. do not contain backslashes). To improve the
performance if we need to copy strings, we use do_alloca() and friends.

Besides generally being somewhat messy, the handling of unixified
filenames is still suboptimal performance-wise, but we leave this for a
future cleanup, and focus on fixing the issue at hand for now.

We also enable opcache.protect_memory for the AppVeyor CI.

show more ...

Fix bug #77396 - Null Pointer Dereference in phar_create_or_parse_filename

Update and fix remaining year ranges (2019)

This patch follows previous license year ranges updates. With new
approach source code files now have simplified headers with license
info

Update and fix remaining year ranges (2019)

This patch follows previous license year ranges updates. With new
approach source code files now have simplified headers with license
information without year ranges.

show more ...

Remove local variables

This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly

Remove local variables

This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.

A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.

This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.

With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.

Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files. All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.

show more ...

Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)

Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)

Added missing invalidations.

Use HT_IS_INITIALIZED() and HT_INVALIDATE() macros instead of hackish HT_FLAGS assumtions.

Fix bug #77143 - add more checks to buffer reads