Fix bug GHSA-q6x7-frmf-grcw: password_verify can erroneously return true

Disallow null character in bcrypt password

Merge branch 'PHP-8.0'

* PHP-8.0:
Create persistent interned string for password algos

Create persistent interned string for password algos

These strings are returned to userland by password_algos(),
which violates thread-safety invariants. Create persistent
interned s

Create persistent interned string for password algos

These strings are returned to userland by password_algos(),
which violates thread-safety invariants. Create persistent
interned strings for them instead.

show more ...

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...

Merge branch 'PHP-8.0'

* PHP-8.0:
Don't return null from password_get_info()

Don't return null from password_get_info()

The get_info() handler should never fail, but even if it does,
we should still return a proper info array -- it doesn't make
sense that a c

Don't return null from password_get_info()

The get_info() handler should never fail, but even if it does,
we should still return a proper info array -- it doesn't make
sense that a completely incorrect hash returns an info array,
but a hash that is recognized but for which the options can't
be extracted would return null.

show more ...

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool is retained as an alias.

show more ...

Promote a few remaining errors in ext/standard

Closes GH-6110

Use ZPP instead of custom type checks

We can add these types as a native type declaration to stubs as a side-effect. Closes GH-6068

Drop various unused macros/APIs

Also convert_libmagic_pattern() to return a zend_string*

Closes GH-6029

Remove proto comments from C files

Closes GH-5758

Fix warning of strict-prototypes

Closes GH-5673.

Improve argument error messages in ext/standard

Closes GH-5198

Merge branch 'PHP-7.4'

Fix #78969 Make PASSWORD_DEFAULT match PASSWORD_BCRYPT instead of being null

It was an unintentional BC break.

Use RETURN_THROWS() when an exception is thrown

Closes GH-5036

Promote warnings to exceptions in password_*() functions

Don't accept objects for options in password_hash()

This was likely a mixup of zpp modifiers in the original implementation.
Per the RFC only arrays should be accepted here.

Remove mention of PHP major version in Copyright headers

Closes GH-4732.

Merge branch 'PHP-7.4'

* PHP-7.4:
improve libargon2/libsodium compatibility

improve libargon2/libsodium compatibility

Merge branch 'PHP-7.4'

* PHP-7.4:
Provide argon2i(d) password hashing from sodium when needed

Provide argon2i(d) password hashing from sodium when needed

Merge branch 'PHP-7.4'

* PHP-7.4:
Bugfix #78208 Needs rehash with an unknown algo should always return true.

Bugfix #78208 Needs rehash with an unknown algo should always return true.