Fix regression introduced by fixing bug 81726

When a tar phar is created, `phar_open_from_fp()` is also called, but
since the file has just been created, none of the format checks can

Fix regression introduced by fixing bug 81726

When a tar phar is created, `phar_open_from_fp()` is also called, but
since the file has just been created, none of the format checks can
succeed, so we continue to loop, but must not check again for the
format. Therefore, we bring back the old `test` variable.

Closes GH-9620.

show more ...

Fix #81726: phar wrapper: DOS when using quine gzip file

The phar wrapper needs to uncompress the file; the uncompressed file
might be compressed, so the wrapper implementation loops. Th

Fix #81726: phar wrapper: DOS when using quine gzip file

The phar wrapper needs to uncompress the file; the uncompressed file
might be compressed, so the wrapper implementation loops. This raises
potential DOS issues regarding too deep or even infinite recursion (the
latter are called compressed file quines[1]). We avoid that by
introducing a recursion limit; we choose the somewhat arbitrary limit
`3`.

This issue has been reported by real_as3617 and gPayl0ad.

[1] <https://honno.dev/gzip-quine/>

show more ...

Duplicate possibly persistent string in phar metadata clone

Fix #53467: Phar cannot compress large archives

When Phars are flushed, a new temporary file is created for each entry
which should be compressed, and the `compressed_filesize` is retrie

Fix #53467: Phar cannot compress large archives

When Phars are flushed, a new temporary file is created for each entry
which should be compressed, and the `compressed_filesize` is retrieved.
Afterwards, the Phar manifest is written, and only after that the files
are copied to the actual Phar. So for each such entry there is an open
temp file, what easily exceeds the limit.

Therefore, we use a single temporary file for all entries, and store
the start offset in the otherwise unused `header_offset` member. We
ensure that the `cfp` members are properly set to NULL even if flushing
fails, to avoid use after free scenarios.

This solution is based on a suggestion by @lserni[1].

Closes GH-6643.

[1] <https://github.com/box-project/box2/issues/80#issuecomment-77147371>

show more ...

Fix #75850: Unclear error message wrt. __halt_compiler() w/o semicolon

We add the failure reason to the error message.

Closes GH-6638.

[RFC] Only unserialize Phar metadata when getMetadata() is called

In other words, don't automatically unserialize when the magic
phar:// stream wrappers are used.
RFC: https://wiki.p

[RFC] Only unserialize Phar metadata when getMetadata() is called

In other words, don't automatically unserialize when the magic
phar:// stream wrappers are used.
RFC: https://wiki.php.net/rfc/phar_stop_autoloading_metadata

Also, change the signature from `getMetadata()`
to `getMetadata(array $unserialize_options = [])`.
Start throwing earlier if setMetadata() is called and serialization threw.

See https://externals.io/message/110856 and
https://bugs.php.net/bug.php?id=76774

This was refactored to add a phar_metadata_tracker for the following reasons:
- The way to properly copy a zval was previously implicit and undocumented
(e.g. is it a pointer to a raw string or an actual value)
- Avoid unnecessary serialization and unserialization in the most common case
- If a metadata value is serialized once while saving a new/modified phar file,
this allows reusing the same serialized string.
- Have as few ways to copy/clone/lazily parse metadata (etc.) as possible,
so that code changes can be limited to only a few places in the future.
- Performance is hopefully not a concern - copying a string should be faster
than unserializing a value, and metadata should be rare in most cases.

Remove unnecessary skip in a test(Compression's unused)

Add additional assertions about usage of persistent phars

Improve robustness of `Phar*->setMetadata()`

- Add sanity checks for edge cases freeing metadata, when destructors
or serializers modify the phar recursively.
- Typical use cases of php have phar.readonly=1 and would not be affected.

Closes GH-5855

show more ...

Get rid of empty function entries

Closes GH-5917

Remove proto comments from C files

Closes GH-5758

Call zend_unregister_ini_entries() when unload extension loaded through dl() without MSHUTDOWN callback.
Extensions with MSHUTDOWN should use UNREGISTER_INI_ENTRIES().

Fix leak in phar open

Revert "Drop free_filename field from zend_file_handle"

This reverts commit e0eca262852dba1a78afcde64a49126c81fead1a.

free_filename is used by the wincache extension, restore this

Revert "Drop free_filename field from zend_file_handle"

This reverts commit e0eca262852dba1a78afcde64a49126c81fead1a.

free_filename is used by the wincache extension, restore this
field for PHP 7.4.

show more ...

Also report errors from Zend stream reader operation

Revert "Avoid unused fstat() call"

This reverts commit 5a90dc77b8f244f603082aea022fadc0ce2c009c.

Let's try to go with the reverse direction here and actually trust
the reported

Revert "Avoid unused fstat() call"

This reverts commit 5a90dc77b8f244f603082aea022fadc0ce2c009c.

Let's try to go with the reverse direction here and actually trust
the reported size...

show more ...

Avoid unused fstat() call

If we're including a file via PHP streams, we're not going to trust
the reported file size anyway and populate in a loop -- so don't
bother determining the

Avoid unused fstat() call

If we're including a file via PHP streams, we're not going to trust
the reported file size anyway and populate in a loop -- so don't
bother determining the file size in the first place. Only do this
for non-tty HANDLE_FP now, which is the only case where this
information was used.

show more ...

Remove ZEND_HANDLE_MAPPED

The buf/len members are now simply used in addition to the main
stream, without changing the handle kind.

Drop free_filename field from zend_file_handle

free_filename was always zero.

Use ZEND_HASH_FOREACH APIs in a few more places

Sync HAVE_HASH, HAVE_HASH_EXT, PHAR_HASH_OK symbols

The hash extension is always available since PHP-7.4. The symbol
HAVE_HASH_EXT is kept for BC reasons and removed in PHP-8.0.

Sync HAVE_HASH, HAVE_HASH_EXT, PHAR_HASH_OK symbols

The hash extension is always available since PHP-7.4. The symbol
HAVE_HASH_EXT is kept for BC reasons and removed in PHP-8.0.

This patch also removes the PHAR_HASH_OK since it is no longer
relevant.

show more ...

Fix stream leak in phar cache_list

Avoid confusing gotos in phar_split_cache_list

Fix VirtualProtect() related Phar issues

We must not (try to) modify shared values, but rather have to use our
own copies, if unixified filenames are required on Windows. To avoid
e

Fix VirtualProtect() related Phar issues

We must not (try to) modify shared values, but rather have to use our
own copies, if unixified filenames are required on Windows. To avoid
excessive string duplication, we add checks whether the filenames are
already unixified (i.e. do not contain backslashes). To improve the
performance if we need to copy strings, we use do_alloca() and friends.

Besides generally being somewhat messy, the handling of unixified
filenames is still suboptimal performance-wise, but we leave this for a
future cleanup, and focus on fixing the issue at hand for now.

We also enable opcache.protect_memory for the AppVeyor CI.

show more ...

Remove usage of HAVE_HASH_EXT and COMPILE_DL_HASH as ext/hash is always available (master only)

Fix bug #77396 - Null Pointer Dereference in phar_create_or_parse_filename

Fix bug #77396 - Null Pointer Dereference in phar_create_or_parse_filename

Update and fix remaining year ranges (2019)

This patch follows previous license year ranges updates. With new
approach source code files now have simplified headers with license
info

Update and fix remaining year ranges (2019)

This patch follows previous license year ranges updates. With new
approach source code files now have simplified headers with license
information without year ranges.

show more ...