Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

The check happened too early as later code paths may perform more
mangling rules. Move the chec

Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

The check happened too early as later code paths may perform more
mangling rules. Move the check downwards right before adding the actual
variable.

show more ...

Fix #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning.

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Fix GH-7896: Environment vars may be mangled on Windows

Fix GH-7896: Environment vars may be mangled on Windows

When bug 77574[1] has been fixed, the fix only catered to variables
retrieved via `getenv()` with a `$varname` passed, but neither

Fix GH-7896: Environment vars may be mangled on Windows

When bug 77574[1] has been fixed, the fix only catered to variables
retrieved via `getenv()` with a `$varname` passed, but neither to
`getenv()` without arguments nor to the general import of environment
variables into `$_ENV` and `$_SERVER`. We catch up on this by using
`GetEnvironmentStringsW()` in `_php_import_environment_variables()` and
converting the encoding to whatever had been chosen by the user.

[1] <https://bugs.php.net/bug.php?id=75574>

Closes GH-7928.

show more ...

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...

Fix spelling and grammar mistakes

This PR corrects misspellings identified by the check-spelling action.

The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465

Fix spelling and grammar mistakes

This PR corrects misspellings identified by the check-spelling action.

The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465

The action reports that the changes in this PR would make it happy: jsoref@602417c

Closes GH-6822.

show more ...

Add known strings for jit autoglobals

We always create interned strings for all autoglobals anyway, so
we might as well add known strings to make them more widely usable.

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool is retained as an alias.

show more ...

Merge branch 'PHP-7.4'

* PHP-7.4:
Update UPGRADING
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/

Merge branch 'PHP-7.4'

* PHP-7.4:
Update UPGRADING
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)

show more ...

Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES

Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)

show more ...

Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 1

Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)

show more ...

Do not decode cookie names anymore

Fix #78236: convert error on receiving variables when duplicate [

When an input variable name contains a non matched open bracket, we not
only have to replace that with an underscore, bu

Fix #78236: convert error on receiving variables when duplicate [

When an input variable name contains a non matched open bracket, we not
only have to replace that with an underscore, but also all following
forbidden characters.

show more ...

Remove proto comments from C files

Closes GH-5758

Add helper APIs for maybe-interned string creation

Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using
ZVAL_INTERNED_STRING and ZSTR_CHAR.

Add zend_string_init_fast()

Add helper APIs for maybe-interned string creation

Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using
ZVAL_INTERNED_STRING and ZSTR_CHAR.

Add zend_string_init_fast() as a helper for the empty string /
one char interned string / zend_string_init() pattern.

Also add corresponding ZVAL_STRINGL_FAST etc macros.

Closes GH-5684.

show more ...

Constify char * arguments of APIs

Closes GH-5676.

Drop unnecessary stdint and inttypes header checks

These are always available as of C99.

Closes GH-5323

Co-authored-by: "Christoph M. Becker" <cmbecker69@gmx.de>

Merge branch 'PHP-7.4'

* PHP-7.4:
Fix #79254: getenv() w/o arguments not showing changes

Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
Fix #79254: getenv() w/o arguments not showing changes

Fix #79254: getenv() w/o arguments not showing changes

To be able to see changes done only with `SetEnvironmentVariable()`, we
have to use `GetEnvironmentStrings()` instead of `environ`,

Fix #79254: getenv() w/o arguments not showing changes

To be able to see changes done only with `SetEnvironmentVariable()`, we
have to use `GetEnvironmentStrings()` instead of `environ`, because the
latter sees only changes done with `putenv()`.

For best backward compatibility we're using `GetEnvironmentStringsA()`;
switching to the wide string version likely makes sense for master,
though.

show more ...

Merge branch 'PHP-7.4'

* PHP-7.4:
Apply tidy formatting

Apply tidy formatting

Mostly reindent PHP scripts to spaces.

Merge branch 'PHP-7.4'

* PHP-7.4:
Fix #78929: plus signs in cookie values are converted to spaces

Fix #78929: plus signs in cookie values are converted to spaces

We switch the cookie value parsing function from `php_url_decode()` to
`php_raw_url_decode()`, so that cookie values are n

Fix #78929: plus signs in cookie values are converted to spaces

We switch the cookie value parsing function from `php_url_decode()` to
`php_raw_url_decode()`, so that cookie values are now parsed according
to RFC 6265, section 4.1.1. We also refactor to remove duplicate code
without changing the execution flow.

show more ...

Remove mention of PHP major version in Copyright headers

Closes GH-4732.