Add sodium_crypto_stream_xchacha20_xor_ic()

There are many use-cases where a PHP user is currently using sodium_compat's implementation of this low-level XChaCha20 API. For example, multi-pa

Add sodium_crypto_stream_xchacha20_xor_ic()

There are many use-cases where a PHP user is currently using sodium_compat's implementation of this low-level XChaCha20 API. For example, multi-part message processing (in low-memory settings) for a ciphertext that was encrypted with XChaCha20-Poly1305 (rather than the secretstream API).

Adding this function to ext/sodium offers better performance and lowers users' memory usage with the polyfill, and ensures that users coming from other languages that provide libsodium bindings have a more consistent experience with our bindings. This is a win-win.

This patch follows the libsodium precedent of adding functions instead of optional parameters to existing functions. The parameter order is also consistent with the C API.

https://doc.libsodium.org/advanced/stream_ciphers/xchacha20#usage

Closes GH-8276.

show more ...

Added: [zend_]memory_reset_peak_usage() (#8151)

Fix GH-7939: Cannot unserialize IntlTimeZone objects

As it is now, `IntlTimeZone`, `IntlCalendar` and `IntlDateFormatter`
and some other intl class instances can be serialized, but the

Fix GH-7939: Cannot unserialize IntlTimeZone objects

As it is now, `IntlTimeZone`, `IntlCalendar` and `IntlDateFormatter`
and some other intl class instances can be serialized, but the
representation is meaningless, and unserialization yields uninitialized/
unusable objects. To prevent users from noticing this too late, we deny
serialization of such objects in the first place.

Closes GH-7945.

show more ...

sockets: add SO_INCOMING_CPU constant

get/set the cpu attached to a socket, no special treatment needed,
it is simply an integer.

Closes GH-7753.

Oracle Client 10g is no longer supported

Thus, we drop respective config option for Windows.

Implement php_handle_avif() using libavifinfo

See #80828 and the internals@ mailing list discussion at
https://externals.io/message/116543

Use libavifinfo's AvifInfoGetFeaturesS

Implement php_handle_avif() using libavifinfo

See #80828 and the internals@ mailing list discussion at
https://externals.io/message/116543

Use libavifinfo's AvifInfoGetFeaturesStream() in php_handle_avif() to
get the width, height, bit depth and channel count from an AVIF
payload. Implement stream reading/skipping functions and data struct.
Use libavifinfo's AvifInfoIdentifyStream() in php_is_image_avif().

Update the expected features read from "test1pix.avif" in
getimagesize.phpt.

Closes GH-7711.

show more ...

Make strtolower() and strtoupper() do ASCII case conversion (#7506)

Implement RFC https://wiki.php.net/rfc/strtolower-ascii

It's past time to drop linking support for Oracle Client 10g

Add oci_set_prefetch_lob()

Deprecate implicit dynamic properties

Writing to a proprety that hasn't been declared is deprecated,
unless the class uses the #[AllowDynamicProperties] attribute or
defines __get()/

Deprecate implicit dynamic properties

Writing to a proprety that hasn't been declared is deprecated,
unless the class uses the #[AllowDynamicProperties] attribute or
defines __get()/__set().

RFC: https://wiki.php.net/rfc/deprecate_dynamic_properties

show more ...

Add oci8.prefetch_lob_size

Refactor dba_(p)open() to be more sensible (#7610)

Actually use ZPP
Throw ValueErrors for invalid values
Use dedicated struc members for file permission and map size instead of a zva

Refactor dba_(p)open() to be more sensible (#7610)

Actually use ZPP
Throw ValueErrors for invalid values
Use dedicated struc members for file permission and map size instead of a zval stack

show more ...

Use neutral language instead of default on Windows

Most notably, this affects some Windows specific error messages, which
are no longer in the default language of the system, to better m

Use neutral language instead of default on Windows

Most notably, this affects some Windows specific error messages, which
are no longer in the default language of the system, to better match
error messages provided by PHP which are not localized anyway.

This also affects the com_dotnet extension, where it could fix some
DCOM related issues. Furthermore, the constant `LOCALE_NEUTRAL` is
added, which can be used for `variant_cmp()`.

Closes GH-7613.

show more ...

Add support for PCRE n modifier

Add support for /n (NO_AUTO_CAPTURE) modifier, which makes simple
`(xyz)` groups non-capturing.

Closes GH-7583.

Deprecate use of mbstring to convert text to Base64/QPrint/HTML entities/etc

The purpose of mbstring is for working with Unicode and legacy text
encodings; but Base64, QPrint, etc. are n

Deprecate use of mbstring to convert text to Base64/QPrint/HTML entities/etc

The purpose of mbstring is for working with Unicode and legacy text
encodings; but Base64, QPrint, etc. are not text encodings and don't
really belong in mbstring. PHP already contains separate implementations
of Base64, QPrint, and HTML entities. It will be better to eventually
remove these non-encodings from mbstring.

Regarding HTML entities... there is a bit more to say. mbstring's
implementation of HTML entities is different from the other built-in
implementation (htmlspecialchars and htmlentities). Those functions
convert <, >, and & to HTML entities, but mbstring does not.

It appears that the original author of mbstring intended for something
to be done with <, >, and &. He used a table to identify which
characters should be converted to HTML entities, and </>/& all have a
special value in that table. However, nothing ever checks for that
special value, so the characters are passed through unconverted.

This seems like a very useless implementation of HTML entities. The most
important characters which need to be expressed as entities in HTML
documents are those three!

show more ...

Fix a method name `ZipArchive::clearError` typo

Closes GH-7616.

Refactor DBA

Use proper ZPP union types
Use standard function signature semantics for dba_fetch()
Re-ordering of checks

Deprecate partially supported callables

This deprecates all callables that are accepted by
call_user_func($callable) but not by $callable(). In particular:

"self::method"

Deprecate partially supported callables

This deprecates all callables that are accepted by
call_user_func($callable) but not by $callable(). In particular:

"self::method"
"parent::method"
"static::method"
["self", "method"]
["parent", "method"]
["static", "method"]
["Foo", "Bar::method"]
[new Foo, "Bar::method"]

RFC: https://wiki.php.net/rfc/deprecate_partially_supported_callables

Closes GH-7446.

show more ...

Add `CURLINFO_EFFECTIVE_METHOD`

Since Curl 7.72.0, it supports a new parameter
called `CURLINFO_EFFECTIVE_METHOD`, which returns the effect method
in HTTP(s) requests. This is simila

Add `CURLINFO_EFFECTIVE_METHOD`

Since Curl 7.72.0, it supports a new parameter
called `CURLINFO_EFFECTIVE_METHOD`, which returns the effect method
in HTTP(s) requests. This is similar to `CURLINFO_EFFECTIVE_URL`.

- https://curl.se/libcurl/c/CURLINFO_EFFECTIVE_METHOD.html

This adds support for CURLINFO_EFFECTIVE_URL if ext/curl is built
with libcurl >= 7.72.0 (0x074800).

Closes GH-7595.

show more ...

Add ZipArchive::clearError, getStreamIndex and getStreamName methods

public function clearError(): void {}
public function getStreamIndex(int $index, int $flags = 0) {}
p

Add ZipArchive::clearError, getStreamIndex and getStreamName methods

public function clearError(): void {}
public function getStreamIndex(int $index, int $flags = 0) {}
public function getStreamName(string $name, int $flags = 0) {}

ZipArchive::getStream is kept for BC

See https://github.com/pierrejoye/php_zip/issues/20

show more ...

Revert "Fix DATE_FORMAT_COOKIE definition"

This reverts commit ac34648cf6bf5493a8cd1a4c9a82406599f3f25c.

As pointed out on GH-6783, the new format doesn't match any of
the speci

Revert "Fix DATE_FORMAT_COOKIE definition"

This reverts commit ac34648cf6bf5493a8cd1a4c9a82406599f3f25c.

As pointed out on GH-6783, the new format doesn't match any of
the specified formats. Previously the constant generated

Thursday, 14-Jul-2005 22:30:41 BST

which is obsolete. Now it generates

Thu, 14-Jul-2005 22:30:41 BST

which is not specified at all. The correct version would be:

Thu, 14 Jul 2005 22:30:41 BST

Reverting the change for now.

show more ...

Fix DATE_FORMAT_COOKIE definition

In all of http://curl.haxx.se/rfc/cookie_spec.html,
https://docs.microsoft.com/de-de/windows/win32/wininet/http-cookies
and https://tools.ietf.org/h

Fix DATE_FORMAT_COOKIE definition

In all of http://curl.haxx.se/rfc/cookie_spec.html,
https://docs.microsoft.com/de-de/windows/win32/wininet/http-cookies
and https://tools.ietf.org/html/rfc7234#section-5.3 the cookie
datetime is specified as Mon, DD-Mon-YYYY HH:MM:SS GMT. However,
the current definition returns Monday, DD-Mon-YYY HH:MM:SS GMT.
Therefore, the "l" in "l, d-M-Y H:i:s T" must be changed to "D".

Closes GH-6783.

show more ...

Prepare for PHP 8.2

Add UPGRADING for ini parser changes

Missed the "git add" once again...

[ci skip]

Switch default PKCS7/CMS cipher to AES-128-CBC

Switch default cipher for openssl_pkcs7_encrypt() and
openssl_cms_encrypt() from RC2-40 to AES-128-CBC.

The RC2-40 cipher is consi

Switch default PKCS7/CMS cipher to AES-128-CBC

Switch default cipher for openssl_pkcs7_encrypt() and
openssl_cms_encrypt() from RC2-40 to AES-128-CBC.

The RC2-40 cipher is considered insecure and is not loaded by
default in OpenSSL 3, which means that these functions will
always fail with default arguments.

As the used algorithm is embedded in the result (which makes this
different from the openssl_encrypt() case) changing the default
algorithm should be safe.

Closes GH-7357.

show more ...