#
2be4d91f |
| 22-Jun-2023 |
Remi Collet |
[ci skip] add CVE in NEWS
|
#
6c4b1e04 |
| 20-Jun-2023 |
Patrick Allaert |
PHP-8.1 is now for PHP 8.1.22-dev
|
#
c174ebfc |
| 19-Jun-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Revert "Fix GH-11404: DOMDocument::savexml and friends ommit xmlns="" declaration for null namespace, creating incorrect xml representation of the DOM" This reverts commit 7eb3e9cd173fbdd39e
Revert "Fix GH-11404: DOMDocument::savexml and friends ommit xmlns="" declaration for null namespace, creating incorrect xml representation of the DOM" This reverts commit 7eb3e9cd173fbdd39eefa791aab610858e76399d. Although the fix follows the spec, it causes issues because a lot of old code assumes the incorrect behaviour PHP had since a long time. We cannot do this yet, especially not in a stable release. We revert this for the time being. See GH-11428.
show more ...
|
#
9f7d8880 |
| 17-Jun-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix #80332: Completely broken array access functionality with DOMNamedNodeMap The problem is the usage of zval_get_long(). In particular, if the string is non-numeric the result of zval_
Fix #80332: Completely broken array access functionality with DOMNamedNodeMap The problem is the usage of zval_get_long(). In particular, if the string is non-numeric the result of zval_get_long() will be 0 without giving an error or warning. This is misleading for users: users get the impression that they can use strings to access the map because it coincidentally works for the first item (which is at index 0). Of course, this fails with any other index which causes confusion and bugs. This patch adds proper support for using string offsets while accessing the map. It does so by detecting if it's a non-numeric string, and then using the getNamedItem() method instead of item(). I had to split up the array access implementation code for DOMNodeList and DOMNamedNodeMap first to be able to do this. Closes GH-11468.
show more ...
|
#
f194cdf8 |
| 08-Jun-2023 |
David CARLIER |
ext/pgsql: fix PGtrace invalid free issue. disable trace when closing the connection, is a no op if there is no stream attached to it. Close GH-11403
|
#
7eb3e9cd |
| 16-Jun-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11404: DOMDocument::savexml and friends ommit xmlns="" declaration for null namespace, creating incorrect xml representation of the DOM The NULL namespace is only correct when there i
Fix GH-11404: DOMDocument::savexml and friends ommit xmlns="" declaration for null namespace, creating incorrect xml representation of the DOM The NULL namespace is only correct when there is no default namespace override. When there is, we need to manually set it to the empty string namespace. Closes GH-11428.
show more ...
|
#
b30be40b |
| 14-Jun-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Fix bug #55294 and #47530 and #47847: namespace reconciliation issues We'll use the DOM wrapper version of libxml2 instead of the regular one. It's conforming to the behaviour we expect
Fix bug #55294 and #47530 and #47847: namespace reconciliation issues We'll use the DOM wrapper version of libxml2 instead of the regular one. It's conforming to the behaviour we expect of DOM. Most of this patch is tests. I based and extended the tests on the code attached with the aforementioned bug reports. Therefore the credits for the tests: Co-authored-by: hilse at web dot de Co-authored-by: robin2008 at altruists dot org Co-authored-by: sgunderson at bigfoot dot com We'll also change the searching point of the internal reconciliation to start at the top of the added tree to avoid redundant work now that the function is changed. Closes GH-11454.
show more ...
|
#
4fcb3e0d |
| 12-Jun-2023 |
Peter |
Fix cross-compilation check in phar generation for FreeBSD FreeBSD's shell is very POSIX strict. This patch makes sure it works correctly under FreeBSD too. Closes GH-11441.
|
#
a8a3b99e |
| 12-Jun-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11433: Unable to set CURLOPT_ACCEPT_ENCODING to NULL Closes GH-11446.
|
#
10d94aca |
| 11-Jun-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix "invalid state error" with cloned namespace declarations Closes GH-11429.
|
#
e309fd84 |
| 10-Jun-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix lifetime issue with getAttributeNodeNS() It's the same issue that I fixed previously in GH-11402, but in a different place. Closes GH-11422.
|
#
f2d673fb |
| 08-Jun-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Fix #70359 and #78577: segfaults with DOMNameSpaceNode * Fix type confusion and parent reference * Manually manage the lifetime of the parent * Add regression tests * Break out t
Fix #70359 and #78577: segfaults with DOMNameSpaceNode * Fix type confusion and parent reference * Manually manage the lifetime of the parent * Add regression tests * Break out to a helper, and apply the use-after-free fix to xpath Closes GH-11402.
show more ...
|
#
fd09728b |
| 28-Apr-2023 |
James Lucas |
Fix bug GH-9356: Incomplete SAN validation of IPv6 address IPv6 addresses are valid entries in subjectAltNames. Certificate Authorities may issue certificates including IPv6 addresses ex
Fix bug GH-9356: Incomplete SAN validation of IPv6 address IPv6 addresses are valid entries in subjectAltNames. Certificate Authorities may issue certificates including IPv6 addresses except if they fall within addresses in the RFC 4193 range. Google and CloudFlare provide IPv6 addresses in their DNS over HTTPS services. Internal CAs do not have those restrictions and can issue Unique local addresses in certificates. Closes GH-11145
show more ...
|
#
5604f7ae |
| 06-Jun-2023 |
Pierrick Charron |
Update NEWS
|
#
b720ab99 |
| 06-Jun-2023 |
Pierrick Charron |
Update NEWS
|
#
0e34ac86 |
| 04-Jun-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix bug #77686: Removed elements are still returned by getElementById From the moment an ID is created, libxml2's behaviour is to cache that element, even if that element is not yet atta
Fix bug #77686: Removed elements are still returned by getElementById From the moment an ID is created, libxml2's behaviour is to cache that element, even if that element is not yet attached to the document. Similarly, only upon destruction of the element the ID is actually removed by libxml2. Since libxml2 has such behaviour deeply ingrained in the library, and uses the cache for various purposes, it seems like a bad idea and lost cause to fight it. Instead, we'll simply walk the tree upwards to check if the node is attached to the document. Closes GH-11369.
show more ...
|
#
23f70025 |
| 03-Jun-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix bug #81642: DOMChildNode::replaceWith() bug when replacing a node with itself Closes GH-11363.
|
#
b1d8e240 |
| 03-Jun-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix bug #67440: append_node of a DOMDocumentFragment does not reconcile namespaces The test was amended from the original issue report. For the test: Co-authored-by: php@deep-freeze.ca
Fix bug #67440: append_node of a DOMDocumentFragment does not reconcile namespaces The test was amended from the original issue report. For the test: Co-authored-by: php@deep-freeze.ca The problem is that the regular dom_reconcile_ns() only works on a single node. We actually have to reconciliate the whole tree in case a fragment was added. This also required to move some code around such that this special case could be handled separately. Closes GH-11362.
show more ...
|
#
78127721 |
| 30-May-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11347: Memory leak when calling a static method inside an xpath query It's a type confusion bug. `zend_make_callable` may change the function name of the fci to become an array, c
Fix GH-11347: Memory leak when calling a static method inside an xpath query It's a type confusion bug. `zend_make_callable` may change the function name of the fci to become an array, causing a crash in debug mode on `zval_ptr_dtor_str(&fci.function_name);` in `dom_xpath_ext_function_php`. On a production build it doesn't crash but only causes a leak, because the array elements are not destroyed, only the array container itself is. We can use the nogc variant because it cannot contain cycles, the potential array can only contain 2 strings. Closes GH-11350.
show more ...
|
#
c6ae7a55 |
| 16-May-2023 |
James Lucas |
Fix bug GH-11246 cli/get_set_process_title Fail to clobber_error only when the argv is a non-contiguous area Don't increment the end_of_error if a non-contiguous area is encountered in e
Fix bug GH-11246 cli/get_set_process_title Fail to clobber_error only when the argv is a non-contiguous area Don't increment the end_of_error if a non-contiguous area is encountered in environ Closes GH-11247
show more ...
|
#
b374ec39 |
| 29-May-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Fix DOMElement::append() and DOMElement::prepend() hierarchy checks We could end up in an invalid hierarchy, resulting in infinite loops and eventual crashes if we don't check for the DO
Fix DOMElement::append() and DOMElement::prepend() hierarchy checks We could end up in an invalid hierarchy, resulting in infinite loops and eventual crashes if we don't check for the DOM hierarchy validity. Closes GH-11344.
show more ...
|
#
154c2510 |
| 29-May-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix spec compliance error for DOMDocument::getElementsByTagNameNS Spec link: https://dom.spec.whatwg.org/#concept-getelementsbytagnamens Spec says we should match any namespace when '*'
Fix spec compliance error for DOMDocument::getElementsByTagNameNS Spec link: https://dom.spec.whatwg.org/#concept-getelementsbytagnamens Spec says we should match any namespace when '*' is provided. This was however not the case: elements that didn't have a namespace were not returned. This patch fixes the error by modifying the namespace check. Closes GH-11343.
show more ...
|
#
9c59d22a |
| 29-May-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11336: php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked I chose to check for the value of lock_file instead of checking the
Fix GH-11336: php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked I chose to check for the value of lock_file instead of checking the file_cache_only, because it is probably a little bit faster and we're going to access the lock_file variable anyway. It's also more generic. Closes GH-11341.
show more ...
|
#
bce53606 |
| 29-May-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11338: SplFileInfo empty getBasename with more than one slash Regressed in 13e4ce386bb7. Closes GH-11340.
|
#
761b9a44 |
| 29-May-2023 |
divinity76 |
Fix return value in stub file for DOMNodeList::item Not explicitly documenting the possibility of returning DOMElement causes the Intelephense linter (a popular PHP linter with ~9 millio
Fix return value in stub file for DOMNodeList::item Not explicitly documenting the possibility of returning DOMElement causes the Intelephense linter (a popular PHP linter with ~9 million downloads: https://marketplace.visualstudio.com/items?itemName=bmewburn.vscode-intelephense-client) to think this code is bad: $xp->query("whatever")->item(0)->getAttribute("foo"); DOMNode does not have getAttribute (while DOMElement does). Documenting the DOMElement return type should fix Intelephense's linter. Closes GH-11342.
show more ...
|