#
c283c3ab |
| 15-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Sanitize libxml2 globals before parsing Fixes GHSA-3qrf-m4j2-pcrr. To parse a document with libxml2, you first need to create a parsing context. The parsing context contains par
Sanitize libxml2 globals before parsing Fixes GHSA-3qrf-m4j2-pcrr. To parse a document with libxml2, you first need to create a parsing context. The parsing context contains parsing options (e.g. XML_NOENT to substitute entities) that the application (in this case PHP) can set. Unfortunately, libxml2 also supports providing default set options. For example, if you call xmlSubstituteEntitiesDefault(1) then the XML_NOENT option will be added to the parsing options every time you create a parsing context **even if the application never requested XML_NOENT**. Third party extensions can override these globals, in particular the substitute entity global. This causes entity substitution to be unexpectedly active. Fix it by setting the parsing options to a sane known value. For API calls that depend on global state we introduce PHP_LIBXML_SANITIZE_GLOBALS() and PHP_LIBXML_RESTORE_GLOBALS(). For other APIs that work directly with a context we introduce php_libxml_sanitize_parse_ctxt_options().
show more ...
|
#
ec10b28d |
| 27-Jan-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix array overrun when appending slash to paths Fix it by extending the array sizes by one character. As the input is limited to the maximum path length, there will always be place to ap
Fix array overrun when appending slash to paths Fix it by extending the array sizes by one character. As the input is limited to the maximum path length, there will always be place to append the slash. As the php_check_specific_open_basedir() simply uses the strings to compare against each other, no new failures related to too long paths are introduced. We'll let the DOM and XML case handle a potentially too long path in the library code.
show more ...
|
#
ab92ffee |
| 09-Feb-2021 |
Nikita Popov |
Make getElementsByTagNameNS $namespace nullable According to the DOM specification, this argument is supposed to be nullable.
|
Revision tags: php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24 |
|
#
6d2bc725 |
| 23-Oct-2020 |
Christoph M. Becker |
Fix #80268: loadHTML() truncates at NUL bytes libxml2 has no particular issues parsing HTML strings with NUL bytes; these just cause truncation of the current text content, but parsing
Fix #80268: loadHTML() truncates at NUL bytes libxml2 has no particular issues parsing HTML strings with NUL bytes; these just cause truncation of the current text content, but parsing continues generally. Since `::loadHTMLFile()` already supports NUL bytes, `::loadHTML()` should as well. Note that this is different from XML, which does not allow any NUL bytes. Closes GH-6368.
show more ...
|
Revision tags: php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23 |
|
#
f3c58a5e |
| 25-Sep-2020 |
Dik Takken |
Make handling of NULL bytes in file paths more consistent (WIP) Not all extensions consistently throw exceptions when the user passes a path name containing null bytes. Also, some extens
Make handling of NULL bytes in file paths more consistent (WIP) Not all extensions consistently throw exceptions when the user passes a path name containing null bytes. Also, some extensions would throw a ValueError while others would throw a TypeError. Error messages also varied. Now a ValueError is thrown after all failed path checks, at least for as far as these occur in functions that are exposed to userland. Closes GH-6216.
show more ...
|
#
72e8719e |
| 23-Sep-2020 |
Máté Kocsis |
Fix a few ZEND_UNREACHABLE() calls
|
Revision tags: php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1, php-8.0.0beta3, php-7.4.10, php-7.3.22, php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1, php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21, php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1, php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20, php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1, php-7.4.7, php-7.3.19, php-7.4.7RC1, php-7.3.19RC1, php-7.4.6, php-7.2.31, php-7.4.6RC1, php-7.3.18RC1 |
|
#
8fef83dd |
| 19-Apr-2020 |
George Peter Banyard |
Promote warnings to error in DOM extension Closes GH-5418
|
#
d30cd7d7 |
| 26-May-2020 |
Máté Kocsis |
Review the usage of apostrophes in error messages Closes GH-5590
|
#
2b5de6f8 |
| 01-Jul-2020 |
Max Semenik |
Remove proto comments from C files Closes GH-5758
|
#
c9bc7dd1 |
| 25-Jun-2020 |
Nikita Popov |
Don't throw warning if exception thrown during dom validation
|
#
706d4f35 |
| 06-Jun-2020 |
George Peter Banyard |
Fix invalid usage of zend_bool in DOM extension
|
#
62b1d2cb |
| 12-May-2020 |
George Peter Banyard |
Fix [-Wundef] warning in DOM extension
|
#
6111d64c |
| 16-Apr-2020 |
Máté Kocsis |
Improve a last couple of argument error messages Closes GH-5404
|
Revision tags: php-7.2.30, php-7.4.5, php-7.3.17 |
|
#
dfd0acf0 |
| 11-Apr-2020 |
Máté Kocsis |
Generate method entries for ext/dom Closes GH-5374
|
Revision tags: php-7.4.5RC1, php-7.3.17RC1 |
|
#
305b17e8 |
| 29-Mar-2020 |
Máté Kocsis |
Do not include the same stub multiple times Closes GH-5322
|
Revision tags: php-7.3.18, php-7.4.4, php-7.2.29, php-7.3.16, php-7.4.4RC1, php-7.3.16RC1 |
|
#
5acd86df |
| 28-Feb-2020 |
Benjamin Eberlei |
[RFC] Implement new DOM Living Standard APIs in ext/dom
|
Revision tags: php-7.4.3, php-7.2.28 |
|
#
4804dc2b |
| 17-Feb-2020 |
Christoph M. Becker |
Rename php_dom_create_interator() to php_dom_create_iterator() Thus fixing an obvious typo.
|
#
cec8b24c |
| 13-Feb-2020 |
Christoph M. Becker |
Fix #77569: Write Acess Violation in DomImplementation We must not assume that the zval IS_STRING.
|
Revision tags: php-7.3.15RC1, php-7.4.3RC1, php-7.3.15, php-7.2.27, php-7.4.2, php-7.3.14, php-7.3.14RC1, php-7.4.2RC1 |
|
#
349a2864 |
| 01-Jan-2020 |
Máté Kocsis |
Use RETURN_THROWS() after zend_throw_error()
|
#
2f7309b1 |
| 30-Dec-2019 |
Máté Kocsis |
Use RETURN_THROWS() during ZPP in the date, dba and dom extensions
|
Revision tags: php-7.4.1, php-7.2.26, php-7.3.13, php-7.4.1RC1, php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6 |
|
#
f905a819 |
| 09-Nov-2019 |
Benjamin Eberlei |
ext/dom: Replace usages of PHP_FUNCTION and aliases with PHP_METHOD.
|
#
4253ca48 |
| 08-Nov-2019 |
Benjamin Eberlei |
Convert ext/dom to use arginfo stub.
|
Revision tags: php-7.3.12RC1, php-7.2.25RC1 |
|
#
4008704f |
| 01-Nov-2019 |
Christoph M. Becker |
zend_parse_parameters_throw() is obsolete Since `zend_parse_parameters()` throws now, there is no reason to explicitly call `zend_parse_parameters_throw()` anymore, and since both ha
zend_parse_parameters_throw() is obsolete Since `zend_parse_parameters()` throws now, there is no reason to explicitly call `zend_parse_parameters_throw()` anymore, and since both have actually the same implementation, we redefine the latter as macro.
show more ...
|
#
504f7ffd |
| 29-Oct-2019 |
Nikita Popov |
Small ext/dom cleanups
|
Revision tags: php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1 |
|
#
f085bddb |
| 07-Oct-2019 |
Nikita Popov |
Fix number of required arguments in arginfo * pack() only requires one argument * stream_context_set_option() only requires two arguments * ReflectionMethod::getClosure() accepts no
Fix number of required arguments in arginfo * pack() only requires one argument * stream_context_set_option() only requires two arguments * ReflectionMethod::getClosure() accepts no args for static methods * DOMDocument::createProcessingInstruction() only requires one arg * DOMImplementation::createDocument() only requires two arguments * DOMDocument::importNode() only requires one arg * mysql_get_client_version() doesn't accept any args, despite what the docs say...
show more ...
|