Fix GH-15034: Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB

We were using atoi, which is only for integers. When the size does not
fit in

Fix GH-15034: Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB

We were using atoi, which is only for integers. When the size does not
fit in an integer this breaks. Use ZEND_STRTOUL instead. Also make sure
invalid data isn't accidentally parsed into a file size.

Closes GH-15035.

show more ...

http_fopen_wrapper: fix [-Wanalyzer-deref-before-check]

warning: check of ‘*resource.scheme’ for NULL after already dereferencing it [-Wanalyzer-deref-before-check]
186 |

http_fopen_wrapper: fix [-Wanalyzer-deref-before-check]

warning: check of ‘*resource.scheme’ for NULL after already dereferencing it [-Wanalyzer-deref-before-check]
186 | use_ssl = resource->scheme && (ZSTR_LEN(resource->scheme) > 4) && ZSTR_VAL(resource->scheme)[4] == 's';
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Although resource->scheme is already dereferenced on line 163 in the IF condition

show more ...

Fix GH-11274: POST/PATCH request via file_get_contents + stream_context_create switches to GET after a HTTP 308 redirect

RFC 7231 states that status code 307 should keep the POST method upon

Fix GH-11274: POST/PATCH request via file_get_contents + stream_context_create switches to GET after a HTTP 308 redirect

RFC 7231 states that status code 307 should keep the POST method upon
redirect. RFC 7538 does the same for code 308. Although it's not
mandated by the RFCs that PATCH is also kept (we can choose), it seems
like keeping PATCH will be the most consistent and understandable behaviour.

This patch also changes an existing test because it was testing for the
wrong behaviour.

Closes GH-11275.

show more ...

Fix GH-10031: [Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data

It's possible that the server already sent in more data than just the headers.
Since th

Fix GH-10031: [Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data

It's possible that the server already sent in more data than just the headers.
Since the stream only accepts progress increments after the headers are
processed, the already read data is never added to the process.
We account for this by adjusting the progress counter by the difference of
already read header data and the body.

For the test:
Co-authored-by: aetonsi <18366087+aetonsi@users.noreply.github.com>

Closes GH-10492.

show more ...

[skip ci] Fix various typos and grammar issues (#11143)

Use new ZSTR_INIT_LITERAL macro (#10879)

Fix GH-9316: $http_response_header is wrong for long status line

While the reason-phrase in a HTTP response status line is usually
short, there is no actual limit specified by the RFCs.

Fix GH-9316: $http_response_header is wrong for long status line

While the reason-phrase in a HTTP response status line is usually
short, there is no actual limit specified by the RFCs. As such, we
must not assume that the line fits into the buffer (which is currently
128 bytes large).

Since there is no real need to present the complete status line, we
simply read and discard the rest of a long line.

Co-authored-by: Tim Düsterhus <timwolla@googlemail.com>

Closes GH-9319.

show more ...

Fix [-Wundef] warnings in standard extension

Use ASCII lower case for misc case folding

Use ASCII case conversion instead of locale-dependent case conversion in
the following places:

* grapheme_stripos() and grapheme_strri

Use ASCII lower case for misc case folding

Use ASCII case conversion instead of locale-dependent case conversion in
the following places:

* grapheme_stripos() and grapheme_strripos() in the "fast" path
* ldap_get_entries()
* oci_pconnect() for case folding of parameters when constructing a key
into the connection or session pool
* SoapClient: case folding of function names
* get_meta_tags(): case conversion of property names
* http stream wrapper: header names
* phpinfo(): anchor names
* php_verror(): docref URLs
* rfc1867.c: Content-Type boundary parameter name
* streams.c: stream protocol names

Using locale-dependent case folding for these cases is either
unnecessary or actively incorrect. These functions could have
misbehaved when used with certain locales (e.g. Turkish).

Closes GH-7511.

show more ...

Fixed some spaces used instead of tabs

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...

Micro optimizations for http_fopen_wrapper.c (#6864)

Fix #80838: HTTP wrapper waits for HTTP 1 response after HTTP 101

Don't wait for further responses after a HTTP 101 (Switching Protocols) response

Closes GH-6730.

Fix #78719: http wrapper silently ignores long Location headers

When opening HTTP streams, and reading the headers, we currently
discard header lines longer than `HTTP_HEADER_BLOCK_SIZE`

Fix #78719: http wrapper silently ignores long Location headers

When opening HTTP streams, and reading the headers, we currently
discard header lines longer than `HTTP_HEADER_BLOCK_SIZE` (1024 bytes).
While this is not generally forbidden by RFC 7230, section 3.2.5, it
is not generally allowed either, since that may change the "message
framing or response semantics".

We thus fix this by allowing arbitrarily long header lines.

Closes GH-6720.

show more ...

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool is retained as an alias.

show more ...

Don't force rebuild of symbol table, when populating $http_response_header variable by the HTTP stream wrapper

Fixed bug #80256

Remove the transfer_encoding stream filter immediately when we
destroy the old stream, to make sure it doesn't get attached to
the new stream.

Make http stream wrapper advertise HTTP/1.1 by default

In practice, we always act as an HTTP/1.1 client, for compatibility
with servers which ignore protocol version. Sending the version

Make http stream wrapper advertise HTTP/1.1 by default

In practice, we always act as an HTTP/1.1 client, for compatibility
with servers which ignore protocol version. Sending the version in
the request will avoid problems with servers which don't ignore it.

HTTP/1.0 can still be forced using a stream context option.

Closes GH-5899.

show more ...

Don't treat any WS as start of header

Check that the header occurs after \n, not other whitespace
characters.

Reduce code duplication in HTTP header checks

Reduce code duplication in HTTP header checks

Fixes #79265: Improper injection of Host header when using fopen for http requests

Check all occurrences of the string "host:" (and other headers),
not just the first one.

Remove mention of PHP major version in Copyright headers

Closes GH-4732.

Fix #76342: file_get_contents waits twice specified timeout

Fix another pointer indexing UB in http_fopen_wrapper

Only compute the gep after checking whether the pointer is NULL.