History log of /PHP-8.2/main/php_variables.c (Results 1 – 25 of 285)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 87d59d7f 16-Sep-2024 Christoph M. Becker

Fix GH-15905: Assertion failure for TRACK_VARS_SERVER

When the superglobals are eagerly initialized, but "S" is not contained
in `variables_order`, `TRACK_VARS_SERVER` is created as empt

Fix GH-15905: Assertion failure for TRACK_VARS_SERVER

When the superglobals are eagerly initialized, but "S" is not contained
in `variables_order`, `TRACK_VARS_SERVER` is created as empty array
with refcount > 1. Since this hash table may later be modified, a flag
is set which allows such COW violations for assertions. However, when
`register_argc_argv` is on, the so far uninitialized hash table is
updated with `argv`, what causes the hash table to be initialized, what
drops the allow-COW-violations flag. The following update with `argc`
then triggers a refcount violation assertion.

Since we consider `HT_ALLOW_COW_VIOLATION` a hack, we do not want to
keep the flag during hash table initialization, so we initialize the
hash table right away after creation for this code path.

Closes GH-15930.

show more ...


# 093c08af 17-Mar-2024 Niels Dossche <7771979+nielsdos@users.noreply.github.com>

Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

The check happened too early as later code paths may perform more
mangling rules. Move the chec

Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

The check happened too early as later code paths may perform more
mangling rules. Move the check downwards right before adding the actual
variable.

show more ...


# cd66fcc6 17-Jun-2023 Ilija Tovilo

Add request_parse_body() function

RFC: https://wiki.php.net/rfc/rfc1867-non-post

This function allows populating the $_POST and $_FILES globals for non-post
requests. This avoid

Add request_parse_body() function

RFC: https://wiki.php.net/rfc/rfc1867-non-post

This function allows populating the $_POST and $_FILES globals for non-post
requests. This avoids manual parsing of RFC1867 requests.

Fixes #55815
Closes GH-11472

show more ...


# 732d92c0 28-Apr-2023 Javier Eguiluz

[skip ci] Fix various typos and grammar issues (#11143)


# bc30ae4f 19-Jan-2024 Jakub Zelenka

Fix bug #75712: getenv in php-fpm should not read $_ENV, $_SERVER

Closes GH-13195


# 0611be4e 09-Sep-2022 Derick Rethans

Fix #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning.


# 55908db0 16-May-2022 George Peter Banyard

Add php_register_known_variable() for know var names


# b9e895bc 31-Mar-2022 Max Kellermann

Replace memcmp() with zend_string functions (#8216)

* ext/oci8: use zend_string_equals()

Eliminate duplicate code.

* main/php_variables: use zend_string_equals_literal()

Replace memcmp() with zend_string functions (#8216)

* ext/oci8: use zend_string_equals()

Eliminate duplicate code.

* main/php_variables: use zend_string_equals_literal()

Eliminate duplicate code.

* Zend/zend_string: add zend_string_equals_cstr()

Allows eliminating duplicate code.

* Zend, ext/{opcache,standard}, main/output: use zend_string_equals_cstr()

Eliminate duplicate code.

* Zend/zend_string: add zend_string_starts_with()

* ext/{opcache,phar,spl,standard}: use zend_string_starts_with()

This adds missing length checks to several callers, e.g. in
cache_script_in_shared_memory(). This is important when the
zend_string is shorter than the string parameter, when memcmp()
happens to check backwards; this can result in an out-of-bounds memory
access.

show more ...


# 93a3c71e 11-Jan-2022 Christoph M. Becker

Fix GH-7896: Environment vars may be mangled on Windows

When bug 77574[1] has been fixed, the fix only catered to variables
retrieved via `getenv()` with a `$varname` passed, but neither

Fix GH-7896: Environment vars may be mangled on Windows

When bug 77574[1] has been fixed, the fix only catered to variables
retrieved via `getenv()` with a `$varname` passed, but neither to
`getenv()` without arguments nor to the general import of environment
variables into `$_ENV` and `$_SERVER`. We catch up on this by using
`GetEnvironmentStringsW()` in `_php_import_environment_variables()` and
converting the encoding to whatever had been chosen by the user.

[1] <https://bugs.php.net/bug.php?id=75574>

Closes GH-7928.

show more ...


# 01b3fc03 06-May-2021 KsaR

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...


# 462da6e0 31-Mar-2021 Josh Soref

Fix spelling and grammar mistakes

This PR corrects misspellings identified by the check-spelling action.

The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465

Fix spelling and grammar mistakes

This PR corrects misspellings identified by the check-spelling action.

The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465

The action reports that the changes in this PR would make it happy: jsoref@602417c

Closes GH-6822.

show more ...


# 4ce5d2ea 09-Apr-2021 Nikita Popov

Add known strings for jit autoglobals

We always create interned strings for all autoglobals anyway, so
we might as well add known strings to make them more widely usable.


# 3e01f5af 15-Jan-2021 Nikita Popov

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool is retained as an alias.

show more ...


# 95e1a415 21-Sep-2020 Stanislav Malyshev

Do not decode cookie names anymore


# 6559fe91 21-Sep-2020 Stanislav Malyshev

Do not decode cookie names anymore


# fc4d462e 23-Jul-2020 Christoph M. Becker

Fix #78236: convert error on receiving variables when duplicate [

When an input variable name contains a non matched open bracket, we not
only have to replace that with an underscore, bu

Fix #78236: convert error on receiving variables when duplicate [

When an input variable name contains a non matched open bracket, we not
only have to replace that with an underscore, but also all following
forbidden characters.

show more ...


# 2b5de6f8 01-Jul-2020 Max Semenik

Remove proto comments from C files

Closes GH-5758


# 83a77015 08-Jun-2020 twosee

Add helper APIs for maybe-interned string creation

Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using
ZVAL_INTERNED_STRING and ZSTR_CHAR.

Add zend_string_init_fast()

Add helper APIs for maybe-interned string creation

Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using
ZVAL_INTERNED_STRING and ZSTR_CHAR.

Add zend_string_init_fast() as a helper for the empty string /
one char interned string / zend_string_init() pattern.

Also add corresponding ZVAL_STRINGL_FAST etc macros.

Closes GH-5684.

show more ...


# 88355dd3 07-Jun-2020 twosee

Constify char * arguments of APIs

Closes GH-5676.


# f91f7260 22-Apr-2020 George Peter Banyard

Drop unnecessary stdint and inttypes header checks

These are always available as of C99.

Closes GH-5323

Co-authored-by: "Christoph M. Becker" <cmbecker69@gmx.de>


# 7b464ce6 11-Feb-2020 Christoph M. Becker

Fix #79254: getenv() w/o arguments not showing changes

To be able to see changes done only with `SetEnvironmentVariable()`, we
have to use `GetEnvironmentStrings()` instead of `environ`,

Fix #79254: getenv() w/o arguments not showing changes

To be able to see changes done only with `SetEnvironmentVariable()`, we
have to use `GetEnvironmentStrings()` instead of `environ`, because the
latter sees only changes done with `putenv()`.

For best backward compatibility we're using `GetEnvironmentStringsA()`;
switching to the wide string version likely makes sense for master,
though.

show more ...


# 58b17906 03-Feb-2020 Nikita Popov

Apply tidy formatting

Mostly reindent PHP scripts to spaces.


# 79376ab2 12-Dec-2019 Kachalin Alexey

Fix #78929: plus signs in cookie values are converted to spaces

We switch the cookie value parsing function from `php_url_decode()` to
`php_raw_url_decode()`, so that cookie values are n

Fix #78929: plus signs in cookie values are converted to spaces

We switch the cookie value parsing function from `php_url_decode()` to
`php_raw_url_decode()`, so that cookie values are now parsed according
to RFC 6265, section 4.1.1. We also refactor to remove duplicate code
without changing the execution flow.

show more ...


Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3
# 5d6e923d 24-Sep-2019 Gabriel Caruso

Remove mention of PHP major version in Copyright headers

Closes GH-4732.


Revision tags: php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1
# d59aac58 18-Jul-2019 Nikita Popov

Report errors from stream read and write operations

The php_stream_read() and php_stream_write() functions now return
an ssize_t value, with negative results indicating failure. Function

Report errors from stream read and write operations

The php_stream_read() and php_stream_write() functions now return
an ssize_t value, with negative results indicating failure. Functions
like fread() and fwrite() will return false in that case.

As a special case, EWOULDBLOCK and EAGAIN on non-blocking streams
should not be regarded as error conditions, and be reported as
successful zero-length reads/writes instead. The handling of EINTR
remains unclear and is internally inconsistent (e.g. some code-paths
will automatically retry on EINTR, while some won't).

I'm landing this now to make sure the stream wrapper ops API changes
make it into 7.4 -- however, if the user-facing changes turn out to
be problematic we have the option of clamping negative returns to
zero in php_stream_read() and php_stream_write() to restore the
old behavior in a relatively non-intrusive manner.

show more ...


12345678910>>...12