Add ZEND_ACC_NOT_SERIALIZABLE flag

This prevents serialization and unserialization of a class and its
children in a way that does not depend on the zend_class_serialize_deny
and zend

Add ZEND_ACC_NOT_SERIALIZABLE flag

This prevents serialization and unserialization of a class and its
children in a way that does not depend on the zend_class_serialize_deny
and zend_class_unserialize_deny handlers that will be going away
in PHP 9 together with the Serializable interface.

In stubs, `@not-serializable` can be used to set this flag.

This patch only uses the new flag for a handful of Zend classes,
converting the remainder is left for later.

Closes GH-7249.
Fixes bug #81111.

show more ...

[skip-ci] Fixup UPGRADING documents

Some entries were in the wrong section/wrong document.

Restore zend_atoi()

I dropped this in preparation for changes that I didn't end up
doing. Restore the function for now to avoid unnecessary churn for
extensions.

Add upgrading note

I was originally planning more changes here, but then I realized
that zend_atol() is actually used to parse all numbers in inis,
not just those expecting sizes. I

Add upgrading note

I was originally planning more changes here, but then I realized
that zend_atol() is actually used to parse all numbers in inis,
not just those expecting sizes. I think I'll just leave it at
that.

[ci skip]

show more ...

Drop support for printf p modifier

To be conservative, cause a fatal error if the p modifier is
encountered, in case this is still used by some extension.

Remove ZVAL_NEW_ARR() macro

This macro is a footgun because it creates an uninitialized array
(only an allocation). This macro is no longer used in php-src,
and we have better altern

Remove ZVAL_NEW_ARR() macro

This macro is a footgun because it creates an uninitialized array
(only an allocation). This macro is no longer used in php-src,
and we have better alternatives like array_init() or
ZVAL_ARR(arr, zend_new_array(size_hint)).

show more ...

NEWS: UPGRADING.INTERNALS: Add PCRE2 10.37 info

[ci skip]

Signed-off-by: Anatol Belski <ab@php.net>

Refactor PGSQL extension to use zend_string*

* Prevents some unnecessary strlen() computation
* Use interned "NULL"
* Certain PGSQL_API functions now accept zend_string* instead o

Refactor PGSQL extension to use zend_string*

* Prevents some unnecessary strlen() computation
* Use interned "NULL"
* Certain PGSQL_API functions now accept zend_string* instead of char*

Closes GH-6792

show more ...

Formalize return type to zend_result for PGSQL_API functions

Drop -Wno-implicit-fallthrough compiler flag

And add it back to ext/date, ext/hash, and ext/opcache

Add zend_get_opcode_id() to get opcode id from name

[skip-ci] Update UPGRADING documents for the new argument for fputcsv()

Change Zend Stream API to use zend_string* instead of char*.

This allows to eliminate re-calculation of string lenght and hash value.
See the detailed list of changes in UPGRADING.INTERN

Change Zend Stream API to use zend_string* instead of char*.

This allows to eliminate re-calculation of string lenght and hash value.
See the detailed list of changes in UPGRADING.INTERNALS.

show more ...

Remove php_pdo_str_tolower_dup() function

Fix bug #80816 Document the removal of alias class entries from ext/spl

Closes GH-6748 [skip-ci]

UPGRADING: Add note about xxHash secret and fix a typo

[ci skip]

Signed-off-by: Anatol Belski <ab@php.net>

Refactor PDO's last inserted ID handler to use and return zend_string

Closes GH-6617

Refactor PDO doer handler to use zend_string

Refactor PDO's quoter handler to return a zend_string

Closes GH-6547

Update UPGRADIN.INTERNALS

Rewrite PDO result binding

Instead of requiring the type to be determined in advance by the
describer function and then requiring get_col to return a buffer
of appropriate type, allo

Rewrite PDO result binding

Instead of requiring the type to be determined in advance by the
describer function and then requiring get_col to return a buffer
of appropriate type, allow get_col to return an arbitrary zval.
See UPGRADING.INTERNALS for a more detailed description of the
change.

This makes the result fetching simpler, more efficient and more
flexible. The general possibility already existed via the special
PDO_PARAM_ZVAL type, but the usage was very inconvenient and/or
inefficient. Now it's possible to easily implement behavior like
"return int if it fits, otherwise string" and to avoid any kind
of complex management of temporary buffers.

This also fixes bug #40913 (our second highest voted bug of all
time, for some reason). PARAM_LOB result bindings will now
consistently return a stream resource, independently of the used
database driver.

I've tried my best to update all PDO drivers for this change, but
some of the changes may be broken, as I cannot test or even build
some of these drivers (in particular PDO dblib and PDO oci).
Fixes are appreciated -- a working CI setup would be even more
appreciated ;)

show more ...

UPGRADING.INTERNALS: Document hash init signature changes [ci skip]

Signed-off-by: Anatol Belski <ab@php.net>

Prepare for PHP 8.1

Closes GH-6305.

Extensions should have the final say on their compiler flags

Currently compiler flags passed by extensions using the standard
``PHP_NEW_EXTENSION`` and ``PHP_ADD_SOURCES`` m4 macros are

Extensions should have the final say on their compiler flags

Currently compiler flags passed by extensions using the standard
``PHP_NEW_EXTENSION`` and ``PHP_ADD_SOURCES`` m4 macros are prepended
before the ones defined by ``Zend/Zend.m4``.

This was not really an issue before as ``Zend.m4`` only included
``-Wall`` but since the addition of ``-Wextra`` various issue about
disabling flags have been brought up.

A preliminary attempt was done in commit 5c1cf7669b937dcb4589cb0c8deccd343dfd85f9
but this turns out to be more or less irrelevant.

The root issue is that ``PHP_NEW_EXTENSION`` and ``PHP_ADD_SOURCES`` call the
``PHP_ADD_SOURCES_X`` macro and pass their flags as the 3rd argument which prepends
the flags. There exists a 6th argument for this macro which appends them but from a
cursory look at https://heap.space/search?full=PHP_ADD_SOURCES_X&project=php-src
this is not used. Moreover, the comment describing this macro explicitly informs
that this macro should not be used directly.

As such we drop the 6th argument of ``PHP_ADD_SOURCES_X`` and move the `special-flags`
argument to be appended instead of prepended.

Closes GH-6204

show more ...

Check linker compatibility directly from HMODULE

Checking the linker compatibility with extranous `ImageLoad()` calls is
possible, but unnecessary, since the modules are either already l

Check linker compatibility directly from HMODULE

Checking the linker compatibility with extranous `ImageLoad()` calls is
possible, but unnecessary, since the modules are either already loaded
or loaded shortly afterwards, so that we can get the required
information directly from the module handles. And actually, doing
`ImageLoad()` as well as `LoadLibrary()` leaves a tiny room for a race
condition, because both functions will lookup the module in the search
path, so there is no *guarantee* that both are dealing with the same
module. Dropping the `ImageLoad()` calls also has the advantage to no
longer face the issue reported in bug #79557. A very minor additional
advantage is that we no longer have to link against Imagehlp.dll.

Furthermore, there is no need to check for CRT compatibility multiple
times, so we can simplify the signature of `php_win32_crt_compatible`,
and at the same time clean up main.c a bit.

These changes require to change the signature of the exported
`php_win32_image_compatible` and `php_win32_crt_compatible` functions,
which now expect a `HMODULE` and nothing, respectively, instead of the
module name.

show more ...