| #
c283c3ab |
| 15-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Sanitize libxml2 globals before parsing
Fixes GHSA-3qrf-m4j2-pcrr.
To parse a document with libxml2, you first need to create a parsing context.
The parsing context contains par
Sanitize libxml2 globals before parsing
Fixes GHSA-3qrf-m4j2-pcrr.
To parse a document with libxml2, you first need to create a parsing context.
The parsing context contains parsing options (e.g. XML_NOENT to substitute
entities) that the application (in this case PHP) can set.
Unfortunately, libxml2 also supports providing default set options.
For example, if you call xmlSubstituteEntitiesDefault(1) then the XML_NOENT
option will be added to the parsing options every time you create a parsing
context **even if the application never requested XML_NOENT**.
Third party extensions can override these globals, in particular the
substitute entity global. This causes entity substitution to be
unexpectedly active.
Fix it by setting the parsing options to a sane known value.
For API calls that depend on global state we introduce
PHP_LIBXML_SANITIZE_GLOBALS() and PHP_LIBXML_RESTORE_GLOBALS().
For other APIs that work directly with a context we introduce
php_libxml_sanitize_parse_ctxt_options().
show more ...
|
| #
112527d6 |
| 03-Aug-2021 |
Remi Collet |
Fix bug #81325 Segfault in zif_simplexml_import_dom
|
| #
1b88c85c |
| 27-Apr-2021 |
Stanislav Malyshev |
Revert "Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement"
Sorry, this solution seems to have BC breaks, will need to look
for better one.
This reverts commit 9
Revert "Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement"
Sorry, this solution seems to have BC breaks, will need to look
for better one.
This reverts commit 9f7e8b777cb3e8aac53e677f3152af18413ab672.
show more ...
|
| #
9f7e8b77 |
| 11-Mar-2021 |
Christoph M. Becker |
Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement
We ignore `XML_ENTITY_DECL` nodes when getting the hash of the
properties of a `SimpleXMLElement`.
|
| #
cb84e5c3 |
| 23-Apr-2021 |
Máté Kocsis |
Fix arginfo/ZPP mismatch for simplexml_import_dom
Closes GH-6905
|
|
Revision tags: php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23, php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1 |
|
| #
628db3f3 |
| 04-Sep-2020 |
Máté Kocsis |
Fix UNKNOWN default values in various extensions
Closes GH-6075
|
|
Revision tags: php-8.0.0beta3, php-7.4.10, php-7.3.22 |
|
| #
6c8fb123 |
| 18-Aug-2020 |
Máté Kocsis |
Promote warnings to exceptions in ext/simplexml
Closes GH-6011
Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
|
| #
f4e9d0e3 |
| 25-Aug-2020 |
Nikita Popov |
Don't return temporary from SXE write_property handler
Return the original value. If we don't return the original value,
we need to own the zval, which we don't.
For clarity als
Don't return temporary from SXE write_property handler
Return the original value. If we don't return the original value,
we need to own the zval, which we don't.
For clarity also switch things to work on a zend_string* value
instead of a zval*.
show more ...
|
| #
afde6dcf |
| 25-Aug-2020 |
Nikita Popov |
Simplify change_node_zval implementation
At this point, the value has already been converted into a string.
|
|
Revision tags: php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1 |
|
| #
8f618541 |
| 13-Aug-2020 |
Nikita Popov |
Add a missing null check in simplexml
|
| #
fc7bab3a |
| 13-Aug-2020 |
Nikita Popov |
Throw on uninitialized SimpleXMLElement
Elevate this warning into an Error, as usual. Add a few checks
in places that were missing them.
|
|
Revision tags: php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21, php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1, php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20 |
|
| #
2b5de6f8 |
| 01-Jul-2020 |
Max Semenik |
Remove proto comments from C files
Closes GH-5758
|
| #
312201dc |
| 01-Jul-2020 |
Nikita Popov |
Add get_gc handle for object iterators
Optional handler with the same semantics as the object handler.
|
|
Revision tags: php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1, php-7.4.7, php-7.3.19, php-7.4.7RC1, php-7.3.19RC1, php-7.4.6, php-7.2.31, php-7.4.6RC1, php-7.3.18RC1, php-7.2.30, php-7.4.5, php-7.3.17, php-7.4.5RC1, php-7.3.17RC1, php-7.3.18, php-7.4.4, php-7.2.29, php-7.3.16 |
|
| #
4730b06f |
| 04-Mar-2020 |
Nikita Popov |
Make SimpleXMLElement a RecursiveIterator
Context: https://externals.io/message/108789
This essentially moves the functionality of SimpleXMLIterator into
SimpleXMLElement, and m
Make SimpleXMLElement a RecursiveIterator
Context: https://externals.io/message/108789
This essentially moves the functionality of SimpleXMLIterator into
SimpleXMLElement, and makes SimpleXMLIterator a no-op extension.
Ideally SimpleXMLElement would be an IteratorAggregate, whose
getIterator() method returns SimpleXMLIterator. However, because
SimpleXMLIterator extends SimpleXMLElement (and code depends on
this in non-trivial ways), this is not possible.
The only way to not keep SimpleXMLElement as a magic Traversable
(that implements neither Iterator nor IteratorAggregate) is to
move the SimpleXMLIterator functionality into it.
Closes GH-5234.
show more ...
|
| #
3a0bdb72 |
| 23-Apr-2020 |
Christoph M. Becker |
Fix #63575: Root elements are not properly cloned
Cloning of root elements has to preserve that property, so they require
some special treatment.
|
| #
15846ff1 |
| 17-Jun-2020 |
Nikita Popov |
Add ZVAL_OBJ_COPY macro
For the common ZVAL_OBJ + GC_ADDREF pattern.
This mirrors the existing ZVAL_STR_COPY API.
|
| #
1b85e749 |
| 06-Jun-2020 |
twosee |
Fix warning of strict-prototypes
Closes GH-5673.
|
| #
f0794c77 |
| 20-May-2020 |
George Peter Banyard |
Fix [-Wundef] warning in SimpleXML extension
|
| #
54148fd6 |
| 01-May-2020 |
Christoph M. Becker |
Fix #79528: Different object of the same xml between 7.4.5 and 7.4.4
Revert "Fix #61597: SXE properties may lack attributes and content"
This reverts commit 7c081db885756d7b176a55b9
Fix #79528: Different object of the same xml between 7.4.5 and 7.4.4
Revert "Fix #61597: SXE properties may lack attributes and content"
This reverts commit 7c081db885756d7b176a55b90b8746f664d1e042.
show more ...
|
| #
4815be44 |
| 19-Apr-2020 |
Máté Kocsis |
Generate function entries from stubs
Converts ext/pcntl, ext/simplexml, ext/snmp, ext/soap, ext/sqlite3.
Closes GH-5421
|
| #
6bf483a9 |
| 31-Mar-2020 |
Nikita Popov |
Clarify SimpleXML comparison logic
|
| #
fb5bfcb7 |
| 31-Mar-2020 |
Nikita Popov |
Add a ZEND_UNCOMPARABLE value
To explicitly indicate that objects are uncomparable. For now
this has no functional difference from the usual 1 return value,
but makes intent clearer.
|
| #
01b266aa |
| 18-Mar-2020 |
Máté Kocsis |
Improve error messages of various extensions
Closes GH-5278
|
| #
7c081db8 |
| 07-Mar-2020 |
Christoph M. Becker |
Fix #61597: SXE properties may lack attributes and content
We must not treat a node as string if it has attributes, unless it is
an entity declaration which is always treated as string b
Fix #61597: SXE properties may lack attributes and content
We must not treat a node as string if it has attributes, unless it is
an entity declaration which is always treated as string by simplexml.
show more ...
|
|
Revision tags: php-7.4.4RC1, php-7.3.16RC1, php-7.4.3, php-7.2.28, php-7.3.15RC1, php-7.4.3RC1, php-7.3.15, php-7.2.27, php-7.4.2, php-7.3.14 |
|
| #
9e775db0 |
| 13-Jan-2020 |
Nicolas Grekas |
Define Stringable with __toString():string method
|
