[ci skip] add CVE in NEWS

PHP-8.1 is now for PHP 8.1.22-dev

Revert "Fix GH-11404: DOMDocument::savexml and friends ommit xmlns="" declaration for null namespace, creating incorrect xml representation of the DOM"

This reverts commit 7eb3e9cd173fbdd39e

Revert "Fix GH-11404: DOMDocument::savexml and friends ommit xmlns="" declaration for null namespace, creating incorrect xml representation of the DOM"

This reverts commit 7eb3e9cd173fbdd39eefa791aab610858e76399d.

Although the fix follows the spec, it causes issues because a lot of old
code assumes the incorrect behaviour PHP had since a long time.
We cannot do this yet, especially not in a stable release.
We revert this for the time being.
See GH-11428.

show more ...

Fix #80332: Completely broken array access functionality with DOMNamedNodeMap

The problem is the usage of zval_get_long(). In particular, if the
string is non-numeric the result of zval_

Fix #80332: Completely broken array access functionality with DOMNamedNodeMap

The problem is the usage of zval_get_long(). In particular, if the
string is non-numeric the result of zval_get_long() will be 0 without
giving an error or warning. This is misleading for users: users get the
impression that they can use strings to access the map because it
coincidentally works for the first item (which is at index 0). Of
course, this fails with any other index which causes confusion and bugs.

This patch adds proper support for using string offsets while accessing
the map. It does so by detecting if it's a non-numeric string, and then
using the getNamedItem() method instead of item(). I had to split up the
array access implementation code for DOMNodeList and DOMNamedNodeMap
first to be able to do this.

Closes GH-11468.

show more ...

ext/pgsql: fix PGtrace invalid free issue.

disable trace when closing the connection, is a no op if there is no stream
attached to it.

Close GH-11403

Fix GH-11404: DOMDocument::savexml and friends ommit xmlns="" declaration for null namespace, creating incorrect xml representation of the DOM

The NULL namespace is only correct when there i

Fix GH-11404: DOMDocument::savexml and friends ommit xmlns="" declaration for null namespace, creating incorrect xml representation of the DOM

The NULL namespace is only correct when there is no default namespace
override. When there is, we need to manually set it to the empty string
namespace.

Closes GH-11428.

show more ...

Fix bug #55294 and #47530 and #47847: namespace reconciliation issues

We'll use the DOM wrapper version of libxml2 instead of the regular one.
It's conforming to the behaviour we expect

Fix bug #55294 and #47530 and #47847: namespace reconciliation issues

We'll use the DOM wrapper version of libxml2 instead of the regular one.
It's conforming to the behaviour we expect of DOM.
Most of this patch is tests.

I based and extended the tests on the code attached with the aforementioned
bug reports. Therefore the credits for the tests:
Co-authored-by: hilse at web dot de
Co-authored-by: robin2008 at altruists dot org
Co-authored-by: sgunderson at bigfoot dot com

We'll also change the searching point of the internal reconciliation to
start at the top of the added tree to avoid redundant work now that the
function is changed.

Closes GH-11454.

show more ...

Fix cross-compilation check in phar generation for FreeBSD

FreeBSD's shell is very POSIX strict. This patch makes sure it works
correctly under FreeBSD too.

Closes GH-11441.

Fix GH-11433: Unable to set CURLOPT_ACCEPT_ENCODING to NULL

Closes GH-11446.

Fix "invalid state error" with cloned namespace declarations

Closes GH-11429.

Fix lifetime issue with getAttributeNodeNS()

It's the same issue that I fixed previously in GH-11402, but in a
different place.

Closes GH-11422.

Fix #70359 and #78577: segfaults with DOMNameSpaceNode

* Fix type confusion and parent reference
* Manually manage the lifetime of the parent
* Add regression tests
* Break out t

Fix #70359 and #78577: segfaults with DOMNameSpaceNode

* Fix type confusion and parent reference
* Manually manage the lifetime of the parent
* Add regression tests
* Break out to a helper, and apply the use-after-free fix to xpath

Closes GH-11402.

show more ...

Fix bug GH-9356: Incomplete SAN validation of IPv6 address

IPv6 addresses are valid entries in subjectAltNames. Certificate
Authorities may issue certificates including IPv6 addresses ex

Fix bug GH-9356: Incomplete SAN validation of IPv6 address

IPv6 addresses are valid entries in subjectAltNames. Certificate
Authorities may issue certificates including IPv6 addresses except
if they fall within addresses in the RFC 4193 range. Google and
CloudFlare provide IPv6 addresses in their DNS over HTTPS services.

Internal CAs do not have those restrictions and can issue Unique
local addresses in certificates.

Closes GH-11145

show more ...

Update NEWS

Update NEWS

Fix bug #77686: Removed elements are still returned by getElementById

From the moment an ID is created, libxml2's behaviour is to cache that element,
even if that element is not yet atta

Fix bug #77686: Removed elements are still returned by getElementById

From the moment an ID is created, libxml2's behaviour is to cache that element,
even if that element is not yet attached to the document. Similarly, only upon
destruction of the element the ID is actually removed by libxml2.
Since libxml2 has such behaviour deeply ingrained in the library, and uses the
cache for various purposes, it seems like a bad idea and lost cause to fight it.
Instead, we'll simply walk the tree upwards to check if the node is attached to
the document.

Closes GH-11369.

show more ...

Fix bug #81642: DOMChildNode::replaceWith() bug when replacing a node with itself

Closes GH-11363.

Fix bug #67440: append_node of a DOMDocumentFragment does not reconcile namespaces

The test was amended from the original issue report. For the test:
Co-authored-by: php@deep-freeze.ca

Fix bug #67440: append_node of a DOMDocumentFragment does not reconcile namespaces

The test was amended from the original issue report. For the test:
Co-authored-by: php@deep-freeze.ca

The problem is that the regular dom_reconcile_ns() only works on a
single node. We actually have to reconciliate the whole tree in case a
fragment was added. This also required to move some code around such
that this special case could be handled separately.

Closes GH-11362.

show more ...

Fix GH-11347: Memory leak when calling a static method inside an xpath query

It's a type confusion bug. `zend_make_callable` may change the function name
of the fci to become an array, c

Fix GH-11347: Memory leak when calling a static method inside an xpath query

It's a type confusion bug. `zend_make_callable` may change the function name
of the fci to become an array, causing a crash in debug mode on
`zval_ptr_dtor_str(&fci.function_name);` in `dom_xpath_ext_function_php`.
On a production build it doesn't crash but only causes a leak, because
the array elements are not destroyed, only the array container itself
is. We can use the nogc variant because it cannot contain cycles, the
potential array can only contain 2 strings.

Closes GH-11350.

show more ...

Fix bug GH-11246 cli/get_set_process_title

Fail to clobber_error only when the argv is a non-contiguous area
Don't increment the end_of_error if a non-contiguous area is encountered in e

Fix bug GH-11246 cli/get_set_process_title

Fail to clobber_error only when the argv is a non-contiguous area
Don't increment the end_of_error if a non-contiguous area is encountered in environ

Closes GH-11247

show more ...

Fix DOMElement::append() and DOMElement::prepend() hierarchy checks

We could end up in an invalid hierarchy, resulting in infinite loops and
eventual crashes if we don't check for the DO

Fix DOMElement::append() and DOMElement::prepend() hierarchy checks

We could end up in an invalid hierarchy, resulting in infinite loops and
eventual crashes if we don't check for the DOM hierarchy validity.

Closes GH-11344.

show more ...

Fix spec compliance error for DOMDocument::getElementsByTagNameNS

Spec link: https://dom.spec.whatwg.org/#concept-getelementsbytagnamens
Spec says we should match any namespace when '*'

Fix spec compliance error for DOMDocument::getElementsByTagNameNS

Spec link: https://dom.spec.whatwg.org/#concept-getelementsbytagnamens
Spec says we should match any namespace when '*' is provided. This was
however not the case: elements that didn't have a namespace were not
returned. This patch fixes the error by modifying the namespace check.

Closes GH-11343.

show more ...

Fix GH-11336: php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked

I chose to check for the value of lock_file instead of checking the

Fix GH-11336: php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked

I chose to check for the value of lock_file instead of checking the
file_cache_only, because it is probably a little bit faster and we're
going to access the lock_file variable anyway. It's also more generic.

Closes GH-11341.

show more ...

Fix GH-11338: SplFileInfo empty getBasename with more than one slash

Regressed in 13e4ce386bb7.

Closes GH-11340.

Fix return value in stub file for DOMNodeList::item

Not explicitly documenting the possibility of returning DOMElement causes
the Intelephense linter (a popular PHP linter with ~9 millio

Fix return value in stub file for DOMNodeList::item

Not explicitly documenting the possibility of returning DOMElement causes
the Intelephense linter (a popular PHP linter with ~9 million downloads:
https://marketplace.visualstudio.com/items?itemName=bmewburn.vscode-intelephense-client)
to think this code is bad:

$xp->query("whatever")->item(0)->getAttribute("foo");

DOMNode does not have getAttribute (while DOMElement does).
Documenting the DOMElement return type should fix Intelephense's linter.

Closes GH-11342.

show more ...