Fix GH-16595: Another UAF in DOM -> cloneNode

We need to perform all sanity checks before doing any modification.
I don't have a reliable and easy test for this on 8.2, but I have one

Fix GH-16595: Another UAF in DOM -> cloneNode

We need to perform all sanity checks before doing any modification.
I don't have a reliable and easy test for this on 8.2, but I have one
for 8.4.

Closes GH-16598.

show more ...

Fix GH-16593: Assertion failure in DOM->replaceChild

This is already forbidden by libxml, but this condition isn't properly
checked; so the return value and lack of error makes it seem l

Fix GH-16593: Assertion failure in DOM->replaceChild

This is already forbidden by libxml, but this condition isn't properly
checked; so the return value and lack of error makes it seem like it
worked while it actually didn't. Furthermore, this can break assumptions
and assertions later on.

Closes GH-16596.

show more ...

Fix GH-16535: UAF when using document as a child

Documents can never be children of any node.

Closes GH-16539.

Fix GH-16533: Segfault when adding attribute to parent that is not an element

Attributes are only valid as children of elements. This bug goes back
all the way.

Closes GH-16537.

Fix various document ref pointer mismanagements

- Properly handle attributes
- Fix potential NULL dereference if the intern document pointer is NULL

Fixes GH-16336.
Fixes GH

Fix various document ref pointer mismanagements

- Properly handle attributes
- Fix potential NULL dereference if the intern document pointer is NULL

Fixes GH-16336.
Fixes GH-16338.
Closes GH-16345.

show more ...

Restore accidentally deleted check

Add missing hierarchy checks to replaceChild

You can break the hierarchy for attribute nodes, use the helper function
introduced recently [1] to fix this issue.

[1] 066d18f2

Add missing hierarchy checks to replaceChild

You can break the hierarchy for attribute nodes, use the helper function
introduced recently [1] to fix this issue.

[1] 066d18f2

Closes GH-16377.

show more ...

Fix bugs GH-16150 and GH-16152: intern document mismanagement

The reference counts of the internal document pointer are mismanaged.
In the case of fragments the refcount may be increased

Fix bugs GH-16150 and GH-16152: intern document mismanagement

The reference counts of the internal document pointer are mismanaged.
In the case of fragments the refcount may be increased too much, while
for other cases the document reference may not be applied to all
children.

This bug existed for a long time and this doesn't reproduce (easily)
on 8.2 due to other bugs. Furthermore 8.2 will enter security mode soon,
and this change may be too risky.

Fixes GH-16150.
Fixed GH-16152.
Closes GH-16178.

show more ...

Fix GH-16190: Using reflection to call Dom\Node::__construct causes assertion failure

Closes GH-16193.

Fix GH-16151: Assertion failure in ext/dom/parentnode/tree.c

Unfortunately, old DOM allows attributes to be used as parent nodes.
Only text nodes and entities are allowed as children for

Fix GH-16151: Assertion failure in ext/dom/parentnode/tree.c

Unfortunately, old DOM allows attributes to be used as parent nodes.
Only text nodes and entities are allowed as children for these types of
nodes, because that's the constraint DOM and libxml give us.

Closes GH-16156.

show more ...

[ci skip] Remove confusing comments

They are readonly / not readonly depending on the class where they're used.
However, the comment makes this confusing [1].

[1] https://github

[ci skip] Remove confusing comments

They are readonly / not readonly depending on the class where they're used.
However, the comment makes this confusing [1].

[1] https://github.com/php/php-src/issues/15578#issuecomment-2310389300

show more ...

Convert more common methods in dom/node.c to fast ZPP (#15043)

Deduplicate NULL checks in ext/dom (#15015)

This introduces a new helper php_dom_create_nullable_object() that does
the NULL check and puts NULL in return_value. Otherwise it runs
ph

Deduplicate NULL checks in ext/dom (#15015)

This introduces a new helper php_dom_create_nullable_object() that does
the NULL check and puts NULL in return_value. Otherwise it runs
php_dom_create_object(). This deduplicates a bit of code.

show more ...

Support templated content

The template element in HTML 5 is special in the sense that it does not
add its contents into the DOM tree, but instead keeps them in a separate
shadow DOM

Support templated content

The template element in HTML 5 is special in the sense that it does not
add its contents into the DOM tree, but instead keeps them in a separate
shadow DOM document fragment. Interacting with the DOM tree cannot touch
the elements in the document fragment.

Closes GH-14906.

show more ...

Split off private data from the ns mapper

Implement Dom $innerHTML property

Fix arginfo violation in removeChild() (#14717)

It was possible to return false without throwing an exception.
This is even wrong in "old DOM" because we expect either a NOT_FOUND_ERR

Fix arginfo violation in removeChild() (#14717)

It was possible to return false without throwing an exception.
This is even wrong in "old DOM" because we expect either a NOT_FOUND_ERR
or NO_MODIFICATION_ALLOWED_ERR according to the documentation.
A side effect of this patch is that it prioritises NOT_FOUND_ERR over
NO_MODIFICATION_ALLOWED_ERR but I think that's fine.

show more ...

Preferably include from build dir (#13516)

* Include from build dir first

This fixes out of tree builds by ensuring that configure artifacts are included
from the build dir.

Preferably include from build dir (#13516)

* Include from build dir first

This fixes out of tree builds by ensuring that configure artifacts are included
from the build dir.

Before, out of tree builds would preferably include files from the src dir, as
the include path was defined as follows (ignoring includes from ext/ and sapi/) :

-I$(top_builddir)/main
-I$(top_srcdir)
-I$(top_builddir)/TSRM
-I$(top_builddir)/Zend
-I$(top_srcdir)/main
-I$(top_srcdir)/Zend
-I$(top_srcdir)/TSRM
-I$(top_builddir)/

As a result, an out of tree build would include configure artifacts such as
`main/php_config.h` from the src dir.

After this change, the include path is defined as follows:

-I$(top_builddir)/main
-I$(top_builddir)
-I$(top_srcdir)/main
-I$(top_srcdir)
-I$(top_builddir)/TSRM
-I$(top_builddir)/Zend
-I$(top_srcdir)/Zend
-I$(top_srcdir)/TSRM

* Fix extension include path for out of tree builds

* Include config.h with the brackets form

`#include "config.h"` searches in the directory containing the including-file
before any other include path. This can include the wrong config.h when building
out of tree and a config.h exists in the source tree.

Using `#include <config.h>` uses exclusively the include path, and gives
priority to the build dir.

show more ...

Fix bug #79701: getElementById does not correctly work with duplicate definitions

This is a long standing bug: IDs aren't properly tracked causing either
outdated or plain incorrect resu

Fix bug #79701: getElementById does not correctly work with duplicate definitions

This is a long standing bug: IDs aren't properly tracked causing either
outdated or plain incorrect results from getElementById.

This PR implements a pragmatic solution in which we still try to use the
ID lookup table to a degree, but only as a performance boost not as a
"single source of truth". Full details are explained in the
getElementById code.

Closes GH-14349.

show more ...

Avoid narrowing

Remove unused arguments

Get rid of reserved name usage

Fix missing deref in C14N (#14203)

Follow-up for 30a0b0359ed8338c0e3acd1682de3cf96429e898, which didn't fix
all places. This is the last remaining place.

Update ext/dom names after policy change (#14171)

Fix references not handled correctly in C14N

Closes GH-14090.