Fix #81518: Header injection via default_mimetype / default_charset

We forbid setting these INI options to values containing NUL bytes, CR
or LF.

Closes GH-7574.

Fix bug #80728: Don't reset the timeout on ini deactivate

When the time limit for a script is changed, when the script ends,
its INI value will be reset. This calls the event handler for

Fix bug #80728: Don't reset the timeout on ini deactivate

When the time limit for a script is changed, when the script ends,
its INI value will be reset. This calls the event handler for the
timeout change, which will unset then reset the timeout. However,
this is done even if the script is done executing, and say, the CGI
or CLI web server process is idle.

This is probably incorrect, but isn't a problem on most platforms,
because PHP uses a timer that only ticks when the process is active
(that is, executing code). Since when it's idle, it's blocking on
listen/read, it won't tick because nothing executes. However, on
platforms where only the real-time timer is supported, (Cygwin/PASE)
it ticks regardless of if PHP is even executing. This means that the
idle processes are subject to timeouts from the INI reset on script
end.

This makes it so the timer is never set if the state is deactivating.
Testing with the CLI web server indicates the timer no longer
spuriously activates under PASE.

Closes GH-6683.

show more ...

Fixed bug #81104

When the memory limit is restored during shutdown, we may still
be using a lot of memory. Ignore the failure at that point and
set it again after the MM is shut down

Fixed bug #81104

When the memory limit is restored during shutdown, we may still
be using a lot of memory. Ignore the failure at that point and
set it again after the MM is shut down, at which point memory
usage should be at its lowest point.

show more ...

Fixed bug #81070

When the memory limit is reduced using an `ini_set("memory_limit", ..)`
below the currently allocated memory, the out-of-memory check overflowed.
Instead of implemen

Fixed bug #81070

When the memory limit is reduced using an `ini_set("memory_limit", ..)`
below the currently allocated memory, the out-of-memory check overflowed.
Instead of implementing additional checks during allocation,
`zend_set_memory_limit()` now validates the new memory limit. When
below the current memory usage the ini_set call will fail and throw
a warning.

This is part of GH-7040.

show more ...

Fix #67792: HTTP Authorization schemes are treated as case-sensitive

We use `zend_binary_strncasecmp()` to avoid any locale issues, and
refactor. We also add a test case for Digest auth

Fix #67792: HTTP Authorization schemes are treated as case-sensitive

We use `zend_binary_strncasecmp()` to avoid any locale issues, and
refactor. We also add a test case for Digest authentication.

Closes GH-6900.

show more ...

Fix #80960: opendir() warning wrong info when failed on Windows

Firstly, we must not forget to set appropriate error codes for "manual"
checks in `virtual_file_ex()`.

Secondly,

Fix #80960: opendir() warning wrong info when failed on Windows

Firstly, we must not forget to set appropriate error codes for "manual"
checks in `virtual_file_ex()`.

Secondly, we must not call `php_error_docref2()` for warnings regarding
unary functions; thus, we introduce `php_win32_docref1_from_error()`.

Closes GH-6872.

show more ...

Check compatibility with proper runtime DLL

In practise, this likely does not matter, because usually these DLLs
are installed side by side, but still we should check the proper DLL.

Fix default sendmail path when not found during build

Closes GH-5548.

Fixed bug #71876

This is a backport of fcdc0a6db0ae63fbed9e3828137b899b844623ce
to the PHP-7.3 branch. We need to make sure that OnUpdateString
is also called for a NULL value, other

Fixed bug #71876

This is a backport of fcdc0a6db0ae63fbed9e3828137b899b844623ce
to the PHP-7.3 branch. We need to make sure that OnUpdateString
is also called for a NULL value, otherwise the reset of the encoding
at the end of the request will not work.

I believe I already tried to land this before once, but it didn't
actually end up on the PHP-7.3 branch due to a push conflict that
I only noticed just now.

show more ...

Free buffer in php_verror even if it is empty

vspprintf allocates a buffer even if the resulting string is empty.

Fix resetting of internal_encoding and friends

We need to update the value even if new_value is NULL. In particular,
it should be reset back to NULL after each request if the setting was

Fix resetting of internal_encoding and friends

We need to update the value even if new_value is NULL. In particular,
it should be reset back to NULL after each request if the setting was
not specified on startup. Otherwise we leave dangling pointers.

show more ...

Fix #78656: Parse errors classified as highest log-level

Fixed bug #78406

Fix Zend signals unblocking

There are a few parts here:
* opcache should not be blocking signals while invoking compile_file,
otherwise signals may remain blocked on a compile er

Fix Zend signals unblocking

There are a few parts here:
* opcache should not be blocking signals while invoking compile_file,
otherwise signals may remain blocked on a compile error. While at
it, also protect SHM memory during compile_file.
* We should deactivate Zend signals at the end of the request, to make
sure that we gracefully recover from a missing unblock and signals
don't remain blocked forever.
* We don't use a critical section in deactivation, because it should
not be necessary. Additionally we want to clean up the signal queue,
if it is non-empty.
* Enable SIGG(check) in debug builds so we notice issues in the future.

show more ...

Deprecate allow_url_include

Revert "Avoid unused fstat() call"

This reverts commit 5a90dc77b8f244f603082aea022fadc0ce2c009c.

Let's try to go with the reverse direction here and actually trust
the reported

Revert "Avoid unused fstat() call"

This reverts commit 5a90dc77b8f244f603082aea022fadc0ce2c009c.

Let's try to go with the reverse direction here and actually trust
the reported size...

show more ...

Avoid unused fstat() call

If we're including a file via PHP streams, we're not going to trust
the reported file size anyway and populate in a loop -- so don't
bother determining the

Avoid unused fstat() call

If we're including a file via PHP streams, we're not going to trust
the reported file size anyway and populate in a loop -- so don't
bother determining the file size in the first place. Only do this
for non-tty HANDLE_FP now, which is the only case where this
information was used.

show more ...

Avoid double buffering in Zend streams

Disable buffering in PHP streams, to avoid storing and copying the
file contents twice.

This will call stream_set_option() on custom strea

Avoid double buffering in Zend streams

Disable buffering in PHP streams, to avoid storing and copying the
file contents twice.

This will call stream_set_option() on custom stream wrapper as
well, so the method needs to be implemented to avoid a warning.

show more ...

Remove ZEND_HANDLE_MAPPED

The buf/len members are now simply used in addition to the main
stream, without changing the handle kind.

Drop free_filename field from zend_file_handle

free_filename was always zero.

Introduce zend_stream_init_filename()

Avoid more ad-hoc initialization of zend_file_handle structures.

Fix bug #52752 by not using mmap() to lex files

Using mmap() is unsafe under concurrent modification. If the file
is truncated, access past the end of the file may occur, which will

Fix bug #52752 by not using mmap() to lex files

Using mmap() is unsafe under concurrent modification. If the file
is truncated, access past the end of the file may occur, which will
generate a SIGBUS error. Even if the length does not change, the
contents may, which is a situation that the lexer certainly is not
prepared to deal with either.

Reproduce with test.php:

<?php
file_put_contents(__DIR__ . '/test.tpl',
'AAA<?php $string = "' .
str_repeat('A', mt_rand(1, 256 * 1024)) .
'"; ?>BBB' . "\r\n");
require_once __DIR__ . '/test.tpl';

And:

for ((n=0;n<100;n++)); do sapi/cli/php test.php & done

show more ...

Small typo and proto name fix

Closes GH-4415

Move shebang handling into the lexer

Instead of handling shebang lines by adjusting the file pointer in
individual SAPIs, move the handling into the lexer, where this is
both a lot s

Move shebang handling into the lexer

Instead of handling shebang lines by adjusting the file pointer in
individual SAPIs, move the handling into the lexer, where this is
both a lot simpler and more robust. Whether the shebang should be
skipped is controlled by CG(skip_shebang) -- we might want to do
that in more cases.

This fixed bugs #60677 and #78066.

show more ...

Convert all php_error_docref0 to php_error_docref

Closes GH-4394