#
c283c3ab |
| 15-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Sanitize libxml2 globals before parsing Fixes GHSA-3qrf-m4j2-pcrr. To parse a document with libxml2, you first need to create a parsing context. The parsing context contains par
Sanitize libxml2 globals before parsing Fixes GHSA-3qrf-m4j2-pcrr. To parse a document with libxml2, you first need to create a parsing context. The parsing context contains parsing options (e.g. XML_NOENT to substitute entities) that the application (in this case PHP) can set. Unfortunately, libxml2 also supports providing default set options. For example, if you call xmlSubstituteEntitiesDefault(1) then the XML_NOENT option will be added to the parsing options every time you create a parsing context **even if the application never requested XML_NOENT**. Third party extensions can override these globals, in particular the substitute entity global. This causes entity substitution to be unexpectedly active. Fix it by setting the parsing options to a sane known value. For API calls that depend on global state we introduce PHP_LIBXML_SANITIZE_GLOBALS() and PHP_LIBXML_RESTORE_GLOBALS(). For other APIs that work directly with a context we introduce php_libxml_sanitize_parse_ctxt_options().
show more ...
|
#
112527d6 |
| 03-Aug-2021 |
Remi Collet |
Fix bug #81325 Segfault in zif_simplexml_import_dom
|
#
1b88c85c |
| 27-Apr-2021 |
Stanislav Malyshev |
Revert "Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement" Sorry, this solution seems to have BC breaks, will need to look for better one. This reverts commit 9
Revert "Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement" Sorry, this solution seems to have BC breaks, will need to look for better one. This reverts commit 9f7e8b777cb3e8aac53e677f3152af18413ab672.
show more ...
|
#
9f7e8b77 |
| 11-Mar-2021 |
Christoph M. Becker |
Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement We ignore `XML_ENTITY_DECL` nodes when getting the hash of the properties of a `SimpleXMLElement`.
|
#
cb84e5c3 |
| 23-Apr-2021 |
Máté Kocsis |
Fix arginfo/ZPP mismatch for simplexml_import_dom Closes GH-6905
|
Revision tags: php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23, php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1 |
|
#
628db3f3 |
| 04-Sep-2020 |
Máté Kocsis |
Fix UNKNOWN default values in various extensions Closes GH-6075
|
Revision tags: php-8.0.0beta3, php-7.4.10, php-7.3.22 |
|
#
6c8fb123 |
| 18-Aug-2020 |
Máté Kocsis |
Promote warnings to exceptions in ext/simplexml Closes GH-6011 Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
|
#
f4e9d0e3 |
| 25-Aug-2020 |
Nikita Popov |
Don't return temporary from SXE write_property handler Return the original value. If we don't return the original value, we need to own the zval, which we don't. For clarity als
Don't return temporary from SXE write_property handler Return the original value. If we don't return the original value, we need to own the zval, which we don't. For clarity also switch things to work on a zend_string* value instead of a zval*.
show more ...
|
#
afde6dcf |
| 25-Aug-2020 |
Nikita Popov |
Simplify change_node_zval implementation At this point, the value has already been converted into a string.
|
Revision tags: php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1 |
|
#
8f618541 |
| 13-Aug-2020 |
Nikita Popov |
Add a missing null check in simplexml
|
#
fc7bab3a |
| 13-Aug-2020 |
Nikita Popov |
Throw on uninitialized SimpleXMLElement Elevate this warning into an Error, as usual. Add a few checks in places that were missing them.
|
Revision tags: php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21, php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1, php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20 |
|
#
2b5de6f8 |
| 01-Jul-2020 |
Max Semenik |
Remove proto comments from C files Closes GH-5758
|
#
312201dc |
| 01-Jul-2020 |
Nikita Popov |
Add get_gc handle for object iterators Optional handler with the same semantics as the object handler.
|
Revision tags: php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1, php-7.4.7, php-7.3.19, php-7.4.7RC1, php-7.3.19RC1, php-7.4.6, php-7.2.31, php-7.4.6RC1, php-7.3.18RC1, php-7.2.30, php-7.4.5, php-7.3.17, php-7.4.5RC1, php-7.3.17RC1, php-7.3.18, php-7.4.4, php-7.2.29, php-7.3.16 |
|
#
4730b06f |
| 04-Mar-2020 |
Nikita Popov |
Make SimpleXMLElement a RecursiveIterator Context: https://externals.io/message/108789 This essentially moves the functionality of SimpleXMLIterator into SimpleXMLElement, and m
Make SimpleXMLElement a RecursiveIterator Context: https://externals.io/message/108789 This essentially moves the functionality of SimpleXMLIterator into SimpleXMLElement, and makes SimpleXMLIterator a no-op extension. Ideally SimpleXMLElement would be an IteratorAggregate, whose getIterator() method returns SimpleXMLIterator. However, because SimpleXMLIterator extends SimpleXMLElement (and code depends on this in non-trivial ways), this is not possible. The only way to not keep SimpleXMLElement as a magic Traversable (that implements neither Iterator nor IteratorAggregate) is to move the SimpleXMLIterator functionality into it. Closes GH-5234.
show more ...
|
#
3a0bdb72 |
| 23-Apr-2020 |
Christoph M. Becker |
Fix #63575: Root elements are not properly cloned Cloning of root elements has to preserve that property, so they require some special treatment.
|
#
15846ff1 |
| 17-Jun-2020 |
Nikita Popov |
Add ZVAL_OBJ_COPY macro For the common ZVAL_OBJ + GC_ADDREF pattern. This mirrors the existing ZVAL_STR_COPY API.
|
#
1b85e749 |
| 06-Jun-2020 |
twosee |
Fix warning of strict-prototypes Closes GH-5673.
|
#
f0794c77 |
| 20-May-2020 |
George Peter Banyard |
Fix [-Wundef] warning in SimpleXML extension
|
#
54148fd6 |
| 01-May-2020 |
Christoph M. Becker |
Fix #79528: Different object of the same xml between 7.4.5 and 7.4.4 Revert "Fix #61597: SXE properties may lack attributes and content" This reverts commit 7c081db885756d7b176a55b9
Fix #79528: Different object of the same xml between 7.4.5 and 7.4.4 Revert "Fix #61597: SXE properties may lack attributes and content" This reverts commit 7c081db885756d7b176a55b90b8746f664d1e042.
show more ...
|
#
4815be44 |
| 19-Apr-2020 |
Máté Kocsis |
Generate function entries from stubs Converts ext/pcntl, ext/simplexml, ext/snmp, ext/soap, ext/sqlite3. Closes GH-5421
|
#
6bf483a9 |
| 31-Mar-2020 |
Nikita Popov |
Clarify SimpleXML comparison logic
|
#
fb5bfcb7 |
| 31-Mar-2020 |
Nikita Popov |
Add a ZEND_UNCOMPARABLE value To explicitly indicate that objects are uncomparable. For now this has no functional difference from the usual 1 return value, but makes intent clearer.
|
#
01b266aa |
| 18-Mar-2020 |
Máté Kocsis |
Improve error messages of various extensions Closes GH-5278
|
#
7c081db8 |
| 07-Mar-2020 |
Christoph M. Becker |
Fix #61597: SXE properties may lack attributes and content We must not treat a node as string if it has attributes, unless it is an entity declaration which is always treated as string b
Fix #61597: SXE properties may lack attributes and content We must not treat a node as string if it has attributes, unless it is an entity declaration which is always treated as string by simplexml.
show more ...
|
Revision tags: php-7.4.4RC1, php-7.3.16RC1, php-7.4.3, php-7.2.28, php-7.3.15RC1, php-7.4.3RC1, php-7.3.15, php-7.2.27, php-7.4.2, php-7.3.14 |
|
#
9e775db0 |
| 13-Jan-2020 |
Nicolas Grekas |
Define Stringable with __toString():string method
|