#
36576936 |
| 12-Oct-2021 |
Christoph M. Becker |
Fix #81518: Header injection via default_mimetype / default_charset We forbid setting these INI options to values containing NUL bytes, CR or LF. Closes GH-7574.
|
#
98a21d1d |
| 12-Feb-2021 |
Calvin Buckley |
Fix bug #80728: Don't reset the timeout on ini deactivate When the time limit for a script is changed, when the script ends, its INI value will be reset. This calls the event handler for
Fix bug #80728: Don't reset the timeout on ini deactivate When the time limit for a script is changed, when the script ends, its INI value will be reset. This calls the event handler for the timeout change, which will unset then reset the timeout. However, this is done even if the script is done executing, and say, the CGI or CLI web server process is idle. This is probably incorrect, but isn't a problem on most platforms, because PHP uses a timer that only ticks when the process is active (that is, executing code). Since when it's idle, it's blocking on listen/read, it won't tick because nothing executes. However, on platforms where only the real-time timer is supported, (Cygwin/PASE) it ticks regardless of if PHP is even executing. This means that the idle processes are subject to timeouts from the INI reset on script end. This makes it so the timer is never set if the state is deactivating. Testing with the CLI web server indicates the timer no longer spuriously activates under PASE. Closes GH-6683.
show more ...
|
#
d8165c25 |
| 08-Jun-2021 |
Nikita Popov |
Fixed bug #81104 When the memory limit is restored during shutdown, we may still be using a lot of memory. Ignore the failure at that point and set it again after the MM is shut down
Fixed bug #81104 When the memory limit is restored during shutdown, we may still be using a lot of memory. Ignore the failure at that point and set it again after the MM is shut down, at which point memory usage should be at its lowest point.
show more ...
|
#
1b3b5c94 |
| 30-May-2021 |
Peter van Dommelen |
Fixed bug #81070 When the memory limit is reduced using an `ini_set("memory_limit", ..)` below the currently allocated memory, the out-of-memory check overflowed. Instead of implemen
Fixed bug #81070 When the memory limit is reduced using an `ini_set("memory_limit", ..)` below the currently allocated memory, the out-of-memory check overflowed. Instead of implementing additional checks during allocation, `zend_set_memory_limit()` now validates the new memory limit. When below the current memory usage the ini_set call will fail and throw a warning. This is part of GH-7040.
show more ...
|
#
39ddf6b8 |
| 23-Apr-2021 |
Christoph M. Becker |
Fix #67792: HTTP Authorization schemes are treated as case-sensitive We use `zend_binary_strncasecmp()` to avoid any locale issues, and refactor. We also add a test case for Digest auth
Fix #67792: HTTP Authorization schemes are treated as case-sensitive We use `zend_binary_strncasecmp()` to avoid any locale issues, and refactor. We also add a test case for Digest authentication. Closes GH-6900.
show more ...
|
#
ea3c992b |
| 19-Apr-2021 |
Christoph M. Becker |
Fix #80960: opendir() warning wrong info when failed on Windows Firstly, we must not forget to set appropriate error codes for "manual" checks in `virtual_file_ex()`. Secondly,
Fix #80960: opendir() warning wrong info when failed on Windows Firstly, we must not forget to set appropriate error codes for "manual" checks in `virtual_file_ex()`. Secondly, we must not call `php_error_docref2()` for warnings regarding unary functions; thus, we introduce `php_win32_docref1_from_error()`. Closes GH-6872.
show more ...
|
#
bfcee2c7 |
| 14-May-2020 |
Christoph M. Becker |
Check compatibility with proper runtime DLL In practise, this likely does not matter, because usually these DLLs are installed side by side, but still we should check the proper DLL.
|
#
51743189 |
| 09-May-2020 |
Indrek Ardel |
Fix default sendmail path when not found during build Closes GH-5548.
|
#
018251a7 |
| 03-Jan-2020 |
Nikita Popov |
Fixed bug #71876 This is a backport of fcdc0a6db0ae63fbed9e3828137b899b844623ce to the PHP-7.3 branch. We need to make sure that OnUpdateString is also called for a NULL value, other
Fixed bug #71876 This is a backport of fcdc0a6db0ae63fbed9e3828137b899b844623ce to the PHP-7.3 branch. We need to make sure that OnUpdateString is also called for a NULL value, otherwise the reset of the encoding at the end of the request will not work. I believe I already tried to land this before once, but it didn't actually end up on the PHP-7.3 branch due to a push conflict that I only noticed just now.
show more ...
|
#
e45b6139 |
| 17-Dec-2019 |
Nikita Popov |
Free buffer in php_verror even if it is empty vspprintf allocates a buffer even if the resulting string is empty.
|
#
fcdc0a6d |
| 17-Dec-2019 |
Nikita Popov |
Fix resetting of internal_encoding and friends We need to update the value even if new_value is NULL. In particular, it should be reset back to NULL after each request if the setting was
Fix resetting of internal_encoding and friends We need to update the value even if new_value is NULL. In particular, it should be reset back to NULL after each request if the setting was not specified on startup. Otherwise we leave dangling pointers.
show more ...
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4 |
|
#
3164186d |
| 09-Oct-2019 |
Erik Lundin |
Fix #78656: Parse errors classified as highest log-level
|
Revision tags: php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1 |
|
#
b01824e5 |
| 13-Aug-2019 |
Nikita Popov |
Fixed bug #78406
|
Revision tags: php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1 |
|
#
38f1288b |
| 23-Jul-2019 |
Nikita Popov |
Fix Zend signals unblocking There are a few parts here: * opcache should not be blocking signals while invoking compile_file, otherwise signals may remain blocked on a compile er
Fix Zend signals unblocking There are a few parts here: * opcache should not be blocking signals while invoking compile_file, otherwise signals may remain blocked on a compile error. While at it, also protect SHM memory during compile_file. * We should deactivate Zend signals at the end of the request, to make sure that we gracefully recover from a missing unblock and signals don't remain blocked forever. * We don't use a critical section in deactivation, because it should not be necessary. Additionally we want to clean up the signal queue, if it is non-empty. * Enable SIGG(check) in debug builds so we notice issues in the future.
show more ...
|
Revision tags: php-7.2.21RC1, php-7.3.8RC1 |
|
#
b3f74b0b |
| 12-Jul-2019 |
Nikita Popov |
Deprecate allow_url_include
|
#
856c5d28 |
| 17-Jul-2019 |
Nikita Popov |
Revert "Avoid unused fstat() call" This reverts commit 5a90dc77b8f244f603082aea022fadc0ce2c009c. Let's try to go with the reverse direction here and actually trust the reported
Revert "Avoid unused fstat() call" This reverts commit 5a90dc77b8f244f603082aea022fadc0ce2c009c. Let's try to go with the reverse direction here and actually trust the reported size...
show more ...
|
#
5a90dc77 |
| 17-Jul-2019 |
Nikita Popov |
Avoid unused fstat() call If we're including a file via PHP streams, we're not going to trust the reported file size anyway and populate in a loop -- so don't bother determining the
Avoid unused fstat() call If we're including a file via PHP streams, we're not going to trust the reported file size anyway and populate in a loop -- so don't bother determining the file size in the first place. Only do this for non-tty HANDLE_FP now, which is the only case where this information was used.
show more ...
|
#
a986e709 |
| 17-Jul-2019 |
Nikita Popov |
Avoid double buffering in Zend streams Disable buffering in PHP streams, to avoid storing and copying the file contents twice. This will call stream_set_option() on custom strea
Avoid double buffering in Zend streams Disable buffering in PHP streams, to avoid storing and copying the file contents twice. This will call stream_set_option() on custom stream wrapper as well, so the method needs to be implemented to avoid a warning.
show more ...
|
#
b317f0eb |
| 16-Jul-2019 |
Nikita Popov |
Remove ZEND_HANDLE_MAPPED The buf/len members are now simply used in addition to the main stream, without changing the handle kind.
|
#
e0eca262 |
| 16-Jul-2019 |
Nikita Popov |
Drop free_filename field from zend_file_handle free_filename was always zero.
|
#
49bac9b7 |
| 16-Jul-2019 |
Nikita Popov |
Introduce zend_stream_init_filename() Avoid more ad-hoc initialization of zend_file_handle structures.
|
#
5161cebe |
| 16-Jul-2019 |
Nikita Popov |
Fix bug #52752 by not using mmap() to lex files Using mmap() is unsafe under concurrent modification. If the file is truncated, access past the end of the file may occur, which will
Fix bug #52752 by not using mmap() to lex files Using mmap() is unsafe under concurrent modification. If the file is truncated, access past the end of the file may occur, which will generate a SIGBUS error. Even if the length does not change, the contents may, which is a situation that the lexer certainly is not prepared to deal with either. Reproduce with test.php: <?php file_put_contents(__DIR__ . '/test.tpl', 'AAA<?php $string = "' . str_repeat('A', mt_rand(1, 256 * 1024)) . '"; ?>BBB' . "\r\n"); require_once __DIR__ . '/test.tpl'; And: for ((n=0;n<100;n++)); do sapi/cli/php test.php & done
show more ...
|
#
548d1ec2 |
| 15-Jul-2019 |
George Peter Banyard |
Small typo and proto name fix Closes GH-4415
|
#
c5f1b384 |
| 15-Jul-2019 |
Nikita Popov |
Move shebang handling into the lexer Instead of handling shebang lines by adjusting the file pointer in individual SAPIs, move the handling into the lexer, where this is both a lot s
Move shebang handling into the lexer Instead of handling shebang lines by adjusting the file pointer in individual SAPIs, move the handling into the lexer, where this is both a lot simpler and more robust. Whether the shebang should be skipped is controlled by CG(skip_shebang) -- we might want to do that in more cases. This fixed bugs #60677 and #78066.
show more ...
|
#
1c1de0c4 |
| 13-Jul-2019 |
George Peter Banyard |
Convert all php_error_docref0 to php_error_docref Closes GH-4394
|