Fix #80927: Removing documentElement after creating attribute node: possible use-after-free

Closes GH-11892.

Remove useless hashmap check

php_libxml_unlink_entity is called from a hashmap iterator, so using
xmlHashLookup to check if it comes from that hashmap will always be
true.

Cleanup php_libxml_node_decrement_resource()

obj_node is already checked, so checking it again in the second if is
not necessary.
Merge declarations and assignments while we're at it.

Fix GH-9628: Implicitly removing nodes from \DOMDocument breaks existing references

Change the way lifetime works in ext/libxml and ext/dom

Previously, a node could be freed even wh

Fix GH-9628: Implicitly removing nodes from \DOMDocument breaks existing references

Change the way lifetime works in ext/libxml and ext/dom

Previously, a node could be freed even when holding a userland reference
to it. This resulted in exceptions when trying to access that node after
it has been implicitly or explicitly removed. After this patch, a node
will only be freed when the last userland reference disappears.

Fixes GH-9628.
Closes GH-11576.

show more ...

Get rid of return value for php_libxml_unregister_node() (#11398)

Implement iteration cache, item cache and length cache for node list iteration (#11330)

* Implement iteration cache, item cache and length cache for node list iteration

The current

Implement iteration cache, item cache and length cache for node list iteration (#11330)

* Implement iteration cache, item cache and length cache for node list iteration

The current implementation follows the spec requirement that the list
must be "live". This means that changes in the document must be
reflected in the existing node lists without requiring the user to
refetch the node list.
The consequence is that getting any item, or the length of the list,
always starts searching from the root element of the node list. This
results in O(n) time to get any item or the length. If there's a for
loop over the node list, this means the iterations will take O(n²) time
in total. This causes real-world performance issues with potential for
downtime (see GH-11308 and its references for details).

We fix this by introducing a caching strategy. We cache the last
iterated object in the iterator, the last requested item in the node
list, and the last length computation. To invalidate the cache, we
simply count the number of modifications made to the containing
document. If the modification number does not match what the number was
during caching, we know the document has been modified and the cache is
invalid. If this ever overflows, we saturate the modification number and
don't do any caching anymore. Note that we don't check for overflow on
64-bit systems because it would take hundreds of years to overflow.

Fixes GH-11308.

show more ...

Merge branch 'PHP-8.2'

* PHP-8.2:
Fix GH-11160: Few tests failed building with new libxml 2.11.0

Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
Fix GH-11160: Few tests failed building with new libxml 2.11.0

Fix GH-11160: Few tests failed building with new libxml 2.11.0

It's possible to categorise the failures into 2 categories:
- Changed error message. In this case we either duplicate the

Fix GH-11160: Few tests failed building with new libxml 2.11.0

It's possible to categorise the failures into 2 categories:
- Changed error message. In this case we either duplicate the test and
modify the error message. Or if the change in error message is
small, we use the EXPECTF matchers to make the test compatible with both
old and new versions of libxml2.
- Missing warnings. This is caused by a change in libxml2 where the
parser started using SAX APIs internally [1]. In this case the
error_type passed to php_libxml_internal_error_handler() changed from
PHP_LIBXML_ERROR to PHP_LIBXML_CTX_WARNING because it internally
started to use the SAX handlers instead of the generic handlers.
However, for the SAX handlers the current input stack is empty, so
nothing is actually printed. I fixed this by falling back to a
regular warning without a filename & line number reference, which
mimicks the old behaviour. Furthermore, this change now also shows
an additional warning in a test which was previously hidden.

[1] https://gitlab.gnome.org/GNOME/libxml2/-/commit/9a82b94a94bd310db426edd453b0f38c6c8f69f5

Closes GH-11162.

show more ...

ext: make various internal functions static (#10650)

Namely in:
* ext/date
* ext/libxml
* ext/dba
* ext/curl

Handle trampolines correctly in new FCC API + usages (#9877)

Only use FCC for libxml entity loader callback

Add libxml_get_external_entity_loader()

Add libxml_get_external_entity_loader(), which returns the currently
installed external entity loader, i.e. the value which was passed to
libx

Add libxml_get_external_entity_loader()

Add libxml_get_external_entity_loader(), which returns the currently
installed external entity loader, i.e. the value which was passed to
libxml_set_external_entity_loader() or null if no loader was installed
and the default entity loader will be used.

This allows libraries to save and restore the loader, controlling entity
expansion without interfering with the rest of the application.

Add macro Z_PARAM_FUNC_OR_NULL_WITH_ZVAL(). This allows us to get the
zval for a callable parameter without duplicating callable argument
parsing.

The saved zval keeps the object needed for fcc/fci alive, simplifying
memory management.

Fixes #76763.

show more ...

Merge branch 'PHP-8.1'

* PHP-8.1:
xmlRelaxNGCleanupTypes() is deprecated as of libxml2 2.10.0

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
xmlRelaxNGCleanupTypes() is deprecated as of libxml2 2.10.0

xmlRelaxNGCleanupTypes() is deprecated as of libxml2 2.10.0

The documentation[1] suggest to call `xmlCleanupParser()` instead, but
we are not doing that for reasons[2]. Thus, we do no l

xmlRelaxNGCleanupTypes() is deprecated as of libxml2 2.10.0

The documentation[1] suggest to call `xmlCleanupParser()` instead, but
we are not doing that for reasons[2]. Thus, we do no longer call
`xmlRelaxNGCleanupTypes()` for libxml2 ≥ 2.10.0.

[1] <https://gnome.pages.gitlab.gnome.org/libxml2/devhelp/libxml2-relaxng.html#xmlRelaxNGCleanupTypes>
[2] <https://github.com/php/php-src/commit/8742276eb3905eb97a585417000c7b8df85006d4>

Closes GH-9417.

show more ...

Declare ext/libxml constants in stubs (#8721)

Optimize stripos/stristr

Closes GH-7847
Closes GH-7852

Previously stripos/stristr would lowercase both the haystack and the
needle to reuse strpos. The approach in this PR i

Optimize stripos/stristr

Closes GH-7847
Closes GH-7852

Previously stripos/stristr would lowercase both the haystack and the
needle to reuse strpos. The approach in this PR is similar to strpos.
memchr is highly optimized so we're using it to search for the first
character of the needle in the haystack. If we find it we compare the
remaining characters of the needle manually.

The new implementation seems to perform about half as well as strpos (as
two memchr calls are necessary to find the next candidate).

show more ...

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Fix #79971: special character is breaking the path in xml function

Merge branch 'PHP-8.0'

* PHP-8.0:
Fix #79971: special character is breaking the path in xml function

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
Fix #79971: special character is breaking the path in xml function

Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
Fix #79971: special character is breaking the path in xml function

Fix #79971: special character is breaking the path in xml function

The libxml based XML functions accepting a filename actually accept
URIs with possibly percent-encoded characters. Per

Fix #79971: special character is breaking the path in xml function

The libxml based XML functions accepting a filename actually accept
URIs with possibly percent-encoded characters. Percent-encoded NUL
bytes lead to truncation, like non-encoded NUL bytes would. We catch
those, and let the functions fail with a respective warning.

show more ...

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...

Introduce pseudo-keyword ZEND_FALLTHROUGH

And use it instead of comments