| #
c473787a |
| 06-Jan-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-10234: Setting DOMAttr::textContent results in an empty attribute value
We can't directly call xmlNodeSetContent, because it might encode the string
through xmlStringLenGetNodeLis
Fix GH-10234: Setting DOMAttr::textContent results in an empty attribute value
We can't directly call xmlNodeSetContent, because it might encode the string
through xmlStringLenGetNodeList for types
XML_DOCUMENT_FRAG_NODE, XML_ELEMENT_NODE, XML_ATTRIBUTE_NODE.
In these cases we need to use a text node to avoid the encoding.
For the other cases, we *can* rely on xmlNodeSetContent because it is either
a no-op, or handles the content without encoding and clears the properties
field if needed.
The test was taken from the issue report, for the test:
Co-authored-by: ThomasWeinert <thomas@weinert.info>
Closes GH-10245.
show more ...
|
| #
1dfa277a |
| 25-May-2023 |
Daniil Gentili |
Fix GCC 12 compilation on riscv64
Close GH-11321
|
| #
cba335d6 |
| 22-May-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11288 and GH-11289 and GH-11290 and GH-9142: DOMExceptions and segfaults with replaceWith
This replaces the implementation of before and after with one following
the spec very str
Fix GH-11288 and GH-11289 and GH-11290 and GH-9142: DOMExceptions and segfaults with replaceWith
This replaces the implementation of before and after with one following
the spec very strictly, instead of trying to figure out the state we're
in by looking at the pointers. Also relaxes the condition on text node
copying to prevent working on a stale node pointer.
Closes GH-11299.
show more ...
|
| #
8946b7b1 |
| 24-May-2023 |
KoudelkaB <33930155+KoudelkaB@users.noreply.github.com> |
Access violation when ALLOC_FALLBACK fixed
Close GH-11312
|
| #
150825d1 |
| 25-May-2023 |
Pierrick Charron |
[skip ci] Fix release date of PHP 8.2.7
|
| #
6267601f |
| 23-May-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Fix allocation loop in zend_shared_alloc_startup()
The break is outside the if, so if it succeeds or not this will always
stop after the first loop iteration instead of trying more alloc
Fix allocation loop in zend_shared_alloc_startup()
The break is outside the if, so if it succeeds or not this will always
stop after the first loop iteration instead of trying more allocators if
the first one fails.
Closes GH-11306.
show more ...
|
| #
b2ec6c24 |
| 23-May-2023 |
Ilija Tovilo |
Fix exception handling in array_multisort()
Closes GH-11302
|
| #
7c7698f7 |
| 23-May-2023 |
Ilija Tovilo |
Fix preg_replace_callback_array() pattern validation
Closes GH-11301
|
| #
f5c54fd8 |
| 23-May-2023 |
Ilija Tovilo |
Fix access on NULL pointer in array_merge_recursive()
Closes GH-11303
|
| #
2f2fd06b |
| 23-May-2023 |
Ben Ramsey |
PHP-8.1 is now for PHP 8.1.21-dev
|
| #
d5f68b50 |
| 23-May-2023 |
Pierrick Charron |
PHP-8.2 is now for PHP 8.2.8-dev
|
| #
f9117eb8 |
| 19-May-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11281: DateTimeZone::getName() does not include seconds in offset
If the seconds portion is non-zero, include the seconds in the output.
Closes GH-11282.
|
| #
5cad1a71 |
| 16-May-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11245 (In some specific cases SWITCH with one default statement will cause segfault)
The block optimizer pass allows the use of sources of the preceding
block if the block is a fo
Fix GH-11245 (In some specific cases SWITCH with one default statement will cause segfault)
The block optimizer pass allows the use of sources of the preceding
block if the block is a follower and not a target. This causes issues
when trying to remove FREE instructions: if the source is not in the
block of the FREE, then the FREE and source are still removed. Therefore
the other successor blocks, which must consume or FREE the temporary,
will still contain the FREE opline. This opline will now refer to a
temporary that doesn't exist anymore, which most of the time results in
a crash. For these kind of non-local scenarios, we'll let the SSA
based optimizations handle those cases.
Closes GH-11251.
show more ...
|
| #
93fa9613 |
| 15-May-2023 |
Peter |
Fix GH-11099: Generating phar.php during cross-compile can't be done
Closes GH-11243.
|
| #
1ede3137 |
| 19-May-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11274: POST/PATCH request via file_get_contents + stream_context_create switches to GET after a HTTP 308 redirect
RFC 7231 states that status code 307 should keep the POST method upon
Fix GH-11274: POST/PATCH request via file_get_contents + stream_context_create switches to GET after a HTTP 308 redirect
RFC 7231 states that status code 307 should keep the POST method upon
redirect. RFC 7538 does the same for code 308. Although it's not
mandated by the RFCs that PATCH is also kept (we can choose), it seems
like keeping PATCH will be the most consistent and understandable behaviour.
This patch also changes an existing test because it was testing for the
wrong behaviour.
Closes GH-11275.
show more ...
|
| #
727e26f9 |
| 04-Dec-2022 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix #97836 and #81705: Segfault / type confusion in concat_function
The following sequence of actions was happening which caused a null
pointer dereference:
1. debug_backtrace() retu
Fix #97836 and #81705: Segfault / type confusion in concat_function
The following sequence of actions was happening which caused a null
pointer dereference:
1. debug_backtrace() returns an array
2. The concatenation to $c will transform the array to a string via
`zval_get_string_func` for op2 and output a warning.
Note that zval op1 is of type string due to the first do-while
sequence.
3. The warning of an implicit "array to string conversion" triggers
the ob_start callback to run. This code transform $c (==op1) to a long.
4. The code below the 2 do-while sequences assume that both op1 and op2
are strings, but this is no longer the case. A dereference of the
string will therefore result in a null pointer dereference.
The solution used here is to work with the zend_string directly instead
of with the ops.
For the tests:
Co-authored-by: changochen1@gmail.com
Co-authored-by: cmbecker69@gmx.de
Co-authored-by: yukik@risec.co.jp
Closes GH-10049.
show more ...
|
| #
aa553af9 |
| 10-May-2023 |
Ilija Tovilo |
Fix segfault in mb_strrpos/mb_strripos with ASCII encoding and negative offset
We're setting the encoding from PHP_FUNCTION(mb_strpos), but mbfl_strpos would
discard it, setting it to mb
Fix segfault in mb_strrpos/mb_strripos with ASCII encoding and negative offset
We're setting the encoding from PHP_FUNCTION(mb_strpos), but mbfl_strpos would
discard it, setting it to mbfl_encoding_pass, making zend_memnrstr fail due to a
null-pointer exception.
Fixes GH-11217
Closes GH-11220
show more ...
|
| #
0600f513 |
| 10-May-2023 |
Ilija Tovilo |
Implement delayed early binding for classes without parents
Normally, we add classes without parents (and no interfaces or traits) directly
to the class map, early binding the class. How
Implement delayed early binding for classes without parents
Normally, we add classes without parents (and no interfaces or traits) directly
to the class map, early binding the class. However, if the same class has
already been registered, we would instead just add a ZEND_DECLARE_CLASS
instruction and let the handler throw a duplicate class declaration exception.
However, with opcache, if on the next request the files are included in the
opposite order, we won't perform early binding. To fix this, create a
ZEND_DECLARE_CLASS_DELAYED instruction instead and handle classes without
parents accordingly, skipping any linking for classes that are already linked in
delayed early binding.
Fixes GH-8846
show more ...
|
| #
4294e8d4 |
| 16-Apr-2023 |
Jakub Zelenka |
FPM: Fix memory leak for invalid primary script file handle
Closes GH-11088
|
| #
5e64ead6 |
| 10-Apr-2023 |
Jakub Zelenka |
Fix bug #64539: FPM status - query_string not properly JSON encoded
Closes GH-11050
|
| #
10295373 |
| 15-Apr-2023 |
Jakub Zelenka |
Fix GH-10461: Postpone FPM child freeing in event loop
This is to prevent after free accessing of the child event that might
happen when child is killed and the message is delivered at t
Fix GH-10461: Postpone FPM child freeing in event loop
This is to prevent after free accessing of the child event that might
happen when child is killed and the message is delivered at that same
time.
Also fixes GH-10889 and properly fixes GH-8517 that was not previously
fixed correctly.
show more ...
|
| #
7b768485 |
| 24-Mar-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-10834: exif_read_data() cannot read smaller stream wrapper chunk sizes
php_stream_read() may return less than the requested amount of bytes by
design. This patch introduces a stat
Fix GH-10834: exif_read_data() cannot read smaller stream wrapper chunk sizes
php_stream_read() may return less than the requested amount of bytes by
design. This patch introduces a static function for exif which reads
from the stream in a loop until all the requested bytes are read.
For the test: Co-authored-by: dotpointer
Closes GH-10924.
show more ...
|
| #
e3499130 |
| 10-May-2023 |
Ilija Tovilo |
Fix delayed early binding class redeclaration error
If we bind the class to the runtime slot even if we're not the ones who have
performed early binding we'll miss the redeclaration erro
Fix delayed early binding class redeclaration error
If we bind the class to the runtime slot even if we're not the ones who have
performed early binding we'll miss the redeclaration error in the
ZEND_DECLARE_CLASS_DELAYED handler.
Closes GH-11226
show more ...
|
| #
730f32ba |
| 20-Apr-2023 |
iamluc |
Keep the orig_path for xport stream
Closes GH-11113
|
| #
975d28e2 |
| 10-May-2023 |
Bob Weinand |
Fix GH-11222: foreach by-ref may jump over keys during a rehash
Signed-off-by: Bob Weinand <bobwei9@hotmail.com>
|
