| #
c283c3ab |
| 15-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Sanitize libxml2 globals before parsing
Fixes GHSA-3qrf-m4j2-pcrr.
To parse a document with libxml2, you first need to create a parsing context.
The parsing context contains par
Sanitize libxml2 globals before parsing
Fixes GHSA-3qrf-m4j2-pcrr.
To parse a document with libxml2, you first need to create a parsing context.
The parsing context contains parsing options (e.g. XML_NOENT to substitute
entities) that the application (in this case PHP) can set.
Unfortunately, libxml2 also supports providing default set options.
For example, if you call xmlSubstituteEntitiesDefault(1) then the XML_NOENT
option will be added to the parsing options every time you create a parsing
context **even if the application never requested XML_NOENT**.
Third party extensions can override these globals, in particular the
substitute entity global. This causes entity substitution to be
unexpectedly active.
Fix it by setting the parsing options to a sane known value.
For API calls that depend on global state we introduce
PHP_LIBXML_SANITIZE_GLOBALS() and PHP_LIBXML_RESTORE_GLOBALS().
For other APIs that work directly with a context we introduce
php_libxml_sanitize_parse_ctxt_options().
show more ...
|
|
Revision tags: php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23 |
|
| #
2f601d84 |
| 28-Sep-2020 |
Nikita Popov |
Promote warnings in ext/xsl
|
| #
41b096b3 |
| 25-Sep-2020 |
Máté Kocsis |
Promote a few forgotten warnings to exceptions
Closes GH-6211
|
|
Revision tags: php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1 |
|
| #
c98d4769 |
| 10-Sep-2020 |
Máté Kocsis |
Consolidate new union type ZPP macro names
They will now follow the canonical order of types. Older macros are
left intact due to maintaining BC.
Closes GH-6112
|
|
Revision tags: php-8.0.0beta3, php-7.4.10, php-7.3.22 |
|
| #
3e800e99 |
| 24-Aug-2020 |
Máté Kocsis |
Move custom type checks to ZPP
Closes GH-6034
|
|
Revision tags: php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1, php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21, php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1, php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20, php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1, php-7.4.7, php-7.3.19, php-7.4.7RC1, php-7.3.19RC1, php-7.4.6, php-7.2.31, php-7.4.6RC1, php-7.3.18RC1, php-7.2.30, php-7.4.5, php-7.3.17 |
|
| #
d92229d8 |
| 06-Apr-2020 |
Nikita Popov |
Implement named parameters
From an engine perspective, named parameters mainly add three
concepts:
* The SEND_* opcodes now accept a CONST op2, which is the
argument nam
Implement named parameters
From an engine perspective, named parameters mainly add three
concepts:
* The SEND_* opcodes now accept a CONST op2, which is the
argument name. For now, it is looked up by linear scan and
runtime cached.
* This may leave UNDEF arguments on the stack. To avoid having
to deal with them in other places, a CHECK_UNDEF_ARGS opcode
is used to either replace them with defaults, or error.
* For variadic functions, EX(extra_named_params) are collected
and need to be freed based on ZEND_CALL_HAS_EXTRA_NAMED_PARAMS.
RFC: https://wiki.php.net/rfc/named_params
Closes GH-5357.
show more ...
|
| #
302933da |
| 07-Jul-2020 |
Nikita Popov |
Remove no_separation flag
|
| #
632766a5 |
| 07-Jul-2020 |
Nikita Popov |
Disallow separation in a number of callbacks
All of these clearly do not need separation support.
|
| #
2b5de6f8 |
| 01-Jul-2020 |
Max Semenik |
Remove proto comments from C files
Closes GH-5758
|
| #
049467d3 |
| 25-Jun-2020 |
Nikita Popov |
Avoid warning on exception in xsl ext
|
| #
336998f1 |
| 20-May-2020 |
George Peter Banyard |
Fix [-Wundef] warning in XLS extension
|
| #
89d17075 |
| 03-May-2020 |
Máté Kocsis |
Fix UNKNOWN default values in ext/xsl
|
| #
68a56483 |
| 11-Apr-2020 |
Máté Kocsis |
Generate method entries for ext/xsl
Closes GH-5372
|
|
Revision tags: php-7.4.5RC1, php-7.3.17RC1, php-7.3.18, php-7.4.4, php-7.2.29, php-7.3.16 |
|
| #
9d0eccd9 |
| 05-Mar-2020 |
Máté Kocsis |
Perform some maintenance work on the XSL extension
Added stubs, fixed some ZPP, and changed PHP_FALIASes to PHP_METHODs.
Closes GH-5241
|
| #
c5f091e4 |
| 09-Mar-2020 |
Nikita Popov |
Remove DOM_GET_THIS macro
This macro is trivial, it's more obvious to use ZEND_THIS directly.
|
|
Revision tags: php-7.4.4RC1, php-7.3.16RC1, php-7.4.3, php-7.2.28, php-7.3.15RC1, php-7.4.3RC1 |
|
| #
8226e704 |
| 29-Jan-2020 |
Christoph M. Becker |
Fix #70078: XSL callbacks with nodes as parameter leak memory
The fix for bug #49634 solved a double-free by copying the node with
`xmlDocCopyNodeList()`, but the copied node is later fr
Fix #70078: XSL callbacks with nodes as parameter leak memory
The fix for bug #49634 solved a double-free by copying the node with
`xmlDocCopyNodeList()`, but the copied node is later freed by calling
`xmlFreeNode()` instead of `xmlFreeNodeList()`, thus leaking memory.
However, there is no need to treat the node as node list, i.e. to copy
also the node's siblings; just creating a recursive copy of the node
with `xmlDocCopyNode()` is sufficient, while that also avoids the leak.
show more ...
|
|
Revision tags: php-7.3.15, php-7.2.27, php-7.4.2, php-7.3.14, php-7.3.14RC1, php-7.4.2RC1 |
|
| #
34570372 |
| 31-Dec-2019 |
Máté Kocsis |
Use RETURN_THROWS() during ZPP in most of the extensions
Except for some bigger ones: reflection, sodium, spl
|
|
Revision tags: php-7.4.1, php-7.2.26, php-7.3.13, php-7.4.1RC1, php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1 |
|
| #
94938934 |
| 29-Oct-2019 |
Máté Kocsis |
Cleanup return values when parameter parsing is unsuccessful
|
|
Revision tags: php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3 |
|
| #
5d6e923d |
| 24-Sep-2019 |
Gabriel Caruso |
Remove mention of PHP major version in Copyright headers
Closes GH-4732.
|
|
Revision tags: php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1 |
|
| #
457392fa |
| 05-Jun-2019 |
Dmitry Stogov |
Cheaper checks for exceptions thrown from __toString()
|
|
Revision tags: php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16 |
|
| #
a31f4642 |
| 26-Feb-2019 |
Nikita Popov |
Allow exceptions in __toString()
RFC: https://wiki.php.net/rfc/tostring_exceptions
And convert some object to string conversion related recoverable
fatal errors into Error excep
Allow exceptions in __toString()
RFC: https://wiki.php.net/rfc/tostring_exceptions
And convert some object to string conversion related recoverable
fatal errors into Error exceptions.
Improve exception safety of internal code performing string
conversions.
show more ...
|
| #
3c23084c |
| 12-Apr-2019 |
Nikita Popov |
Fix strict aliasing violation in phpdbg
By explicitly computing the message length from bytes. This also
makes sure that the length is interpreted in an endianness-independent
manner.
|
|
Revision tags: php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2 |
|
| #
91ef4124 |
| 31-Jan-2019 |
Dmitry Stogov |
Refactor zend_object_handlers API to pass zend_object* and zend_string* insted of zval(s).
|
|
Revision tags: php-7.2.15RC1 |
|
| #
92ac598a |
| 22-Jan-2019 |
Peter Kokot |
Remove local variables
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly
Remove local variables
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.
A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.
This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.
With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.
Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files. All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.
show more ...
|
| #
0cf7de1c |
| 30-Jan-2019 |
Zeev Suraski |
Remove yearly range from copyright notice
|
