Fix regression introduced by fixing bug 81726

When a tar phar is created, `phar_open_from_fp()` is also called, but
since the file has just been created, none of the format checks can

Fix regression introduced by fixing bug 81726

When a tar phar is created, `phar_open_from_fp()` is also called, but
since the file has just been created, none of the format checks can
succeed, so we continue to loop, but must not check again for the
format. Therefore, we bring back the old `test` variable.

Closes GH-9620.

show more ...

Fix #81726: phar wrapper: DOS when using quine gzip file

The phar wrapper needs to uncompress the file; the uncompressed file
might be compressed, so the wrapper implementation loops. Th

Fix #81726: phar wrapper: DOS when using quine gzip file

The phar wrapper needs to uncompress the file; the uncompressed file
might be compressed, so the wrapper implementation loops. This raises
potential DOS issues regarding too deep or even infinite recursion (the
latter are called compressed file quines[1]). We avoid that by
introducing a recursion limit; we choose the somewhat arbitrary limit
`3`.

This issue has been reported by real_as3617 and gPayl0ad.

[1] <https://honno.dev/gzip-quine/>

show more ...

implement openssl_256 and openssl_512 for phar singatures

Merge branch 'PHP-8.0'

* PHP-8.0:
Create interned strings for internal union types
Duplicate possibly persistent string in phar metadata clone

Duplicate possibly persistent string in phar metadata clone

phar: crc32: Extend and cleanup API for the new bulk crc32 functions

As suggested on the patch discussion, adding init/end macros. Plus,
prefixed the new functions with php_ to avoid pos

phar: crc32: Extend and cleanup API for the new bulk crc32 functions

As suggested on the patch discussion, adding init/end macros. Plus,
prefixed the new functions with php_ to avoid possible symbol conflicts.

Signed-off-by: Anatol Belski <ab@php.net>

show more ...

phar: use crc32 bulk method instead. (#6099)

phar: use crc32 bulk method instead.

Benefit from the hardware crc32 computing.

Signed-off-by: Frank Du <frank.du@intel.com>

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...

Use zend_string_equals_(literal_)ci() API more often

Also drive-by usage of zend_ini_parse_bool()

Closes GH-6844

Change Zend Stream API to use zend_string* instead of char*.

This allows to eliminate re-calculation of string lenght and hash value.
See the detailed list of changes in UPGRADING.INTERN

Change Zend Stream API to use zend_string* instead of char*.

This allows to eliminate re-calculation of string lenght and hash value.
See the detailed list of changes in UPGRADING.INTERNALS.

show more ...

Merge branch 'PHP-8.0'

* PHP-8.0:
Fix #53467: Phar cannot compress large archives

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
Fix #53467: Phar cannot compress large archives

Fix #53467: Phar cannot compress large archives

When Phars are flushed, a new temporary file is created for each entry
which should be compressed, and the `compressed_filesize` is retrie

Fix #53467: Phar cannot compress large archives

When Phars are flushed, a new temporary file is created for each entry
which should be compressed, and the `compressed_filesize` is retrieved.
Afterwards, the Phar manifest is written, and only after that the files
are copied to the actual Phar. So for each such entry there is an open
temp file, what easily exceeds the limit.

Therefore, we use a single temporary file for all entries, and store
the start offset in the otherwise unused `header_offset` member. We
ensure that the `cfp` members are properly set to NULL even if flushing
fails, to avoid use after free scenarios.

This solution is based on a suggestion by @lserni[1].

Closes GH-6643.

[1] <https://github.com/box-project/box2/issues/80#issuecomment-77147371>

show more ...

Merge branch 'PHP-8.0'

* PHP-8.0:
Fix #75850: Unclear error message wrt. __halt_compiler() w/o semicolon

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
Fix #75850: Unclear error message wrt. __halt_compiler() w/o semicolon

Fix #75850: Unclear error message wrt. __halt_compiler() w/o semicolon

We add the failure reason to the error message.

Closes GH-6638.

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool is retained as an alias.

show more ...

Remove some INDIRECT handling in standard library

[RFC] Only unserialize Phar metadata when getMetadata() is called

In other words, don't automatically unserialize when the magic
phar:// stream wrappers are used.
RFC: https://wiki.p

[RFC] Only unserialize Phar metadata when getMetadata() is called

In other words, don't automatically unserialize when the magic
phar:// stream wrappers are used.
RFC: https://wiki.php.net/rfc/phar_stop_autoloading_metadata

Also, change the signature from `getMetadata()`
to `getMetadata(array $unserialize_options = [])`.
Start throwing earlier if setMetadata() is called and serialization threw.

See https://externals.io/message/110856 and
https://bugs.php.net/bug.php?id=76774

This was refactored to add a phar_metadata_tracker for the following reasons:
- The way to properly copy a zval was previously implicit and undocumented
(e.g. is it a pointer to a raw string or an actual value)
- Avoid unnecessary serialization and unserialization in the most common case
- If a metadata value is serialized once while saving a new/modified phar file,
this allows reusing the same serialized string.
- Have as few ways to copy/clone/lazily parse metadata (etc.) as possible,
so that code changes can be limited to only a few places in the future.
- Performance is hopefully not a concern - copying a string should be faster
than unserializing a value, and metadata should be rare in most cases.

Remove unnecessary skip in a test(Compression's unused)

Add additional assertions about usage of persistent phars

Improve robustness of `Phar*->setMetadata()`

- Add sanity checks for edge cases freeing metadata, when destructors
or serializers modify the phar recursively.
- Typical use cases of php have phar.readonly=1 and would not be affected.

Closes GH-5855

show more ...

Get rid of empty function entries

Closes GH-5917

Remove proto comments from C files

Closes GH-5758

Call zend_unregister_ini_entries() when unload extension loaded through dl() without MSHUTDOWN callback.
Extensions with MSHUTDOWN should use UNREGISTER_INI_ENTRIES().

Merge branch 'PHP-7.3' into PHP-7.4

Merge branch 'PHP-7.2' into PHP-7.3

Fix leak in phar open