Fix null pointer dereferences in case of allocation failure

Closes GH-12506.

Sanitize libxml2 globals before parsing

Fixes GHSA-3qrf-m4j2-pcrr.

To parse a document with libxml2, you first need to create a parsing context.
The parsing context contains par

Sanitize libxml2 globals before parsing

Fixes GHSA-3qrf-m4j2-pcrr.

To parse a document with libxml2, you first need to create a parsing context.
The parsing context contains parsing options (e.g. XML_NOENT to substitute
entities) that the application (in this case PHP) can set.
Unfortunately, libxml2 also supports providing default set options.
For example, if you call xmlSubstituteEntitiesDefault(1) then the XML_NOENT
option will be added to the parsing options every time you create a parsing
context **even if the application never requested XML_NOENT**.

Third party extensions can override these globals, in particular the
substitute entity global. This causes entity substitution to be
unexpectedly active.

Fix it by setting the parsing options to a sane known value.
For API calls that depend on global state we introduce
PHP_LIBXML_SANITIZE_GLOBALS() and PHP_LIBXML_RESTORE_GLOBALS().
For other APIs that work directly with a context we introduce
php_libxml_sanitize_parse_ctxt_options().

show more ...

Fix array overrun when appending slash to paths

Fix it by extending the array sizes by one character. As the input is
limited to the maximum path length, there will always be place to ap

Fix array overrun when appending slash to paths

Fix it by extending the array sizes by one character. As the input is
limited to the maximum path length, there will always be place to append
the slash. As the php_check_specific_open_basedir() simply uses the
strings to compare against each other, no new failures related to too
long paths are introduced.
We'll let the DOM and XML case handle a potentially too long path in the
library code.

show more ...

Fix bug #81521

The current error message is incorrect -- the problem here is not
that the property is invalid, but that these methods are unusable
prior to loading data, same as read

Fix bug #81521

The current error message is incorrect -- the problem here is not
that the property is invalid, but that these methods are unusable
prior to loading data, same as read().

show more ...

Fixed some spaces used instead of tabs

Remove explicit assignments of zend_objects_destroy_object

This is the default handler, no need to set it explicitly. This
makes it easier to see which objects really have a custom dtor_

Remove explicit assignments of zend_objects_destroy_object

This is the default handler, no need to set it explicitly. This
makes it easier to see which objects really have a custom dtor_obj.

show more ...

Convert check into assertion in ext/xmlreader

$this is requires to be instanceof self for quite a while now,
so make this an assertion.

Remove some unnecessary null pointer checks in ext/xmlreader

intern cannot be NULL.

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...

Fix #73246: XMLReader: encoding length not checked

libxml2 expects the passed encoding to be NUL terminated, so we reject
strings with NUL bytes right away.

Closes GH-6899.

Clarify types in XmlReader property handling

Make it clearer that the specified type is really the only type
that can be returned.

Generate class entries from stubs for com, standard, xmlreader, xmlwriter, xsl, zip, Zend

Closes GH-6706

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool is retained as an alias.

show more ...

Throw from XmlReader::expand() if DOM extension missing

Otherwise it is hard to uphold the arginfo contract for this
function -- we cannot simply mirror the zpp call, as the class
en

Throw from XmlReader::expand() if DOM extension missing

Otherwise it is hard to uphold the arginfo contract for this
function -- we cannot simply mirror the zpp call, as the class
entry it is based on does not exist.

show more ...

Promote warnings to exceptions in ext/xmlreader

Closes GH-6021

Remove proto comments from C files

Closes GH-5758

Fix [-Wundef] warning in XMLReader extension

Fix UNKNOWN default values in ext/xml

Generate function entries from stubs for a couple of extensions

Migrates ext/standard, ext/tidy, ext/tokenizer,
ext/xml, ext/xml_reader, and ext/xml_writer. Closes GH-5381.

Use RETURN_THROWS() during ZPP in most of the extensions

Except for some bigger ones: reflection, sodium, spl

Allow to call XMLReader::open() and ::XML() statically

The implementation of `XMLReader::open()` and `XMLReader::XML()` still
supports calling the methods statically and non-statically.

Allow to call XMLReader::open() and ::XML() statically

The implementation of `XMLReader::open()` and `XMLReader::XML()` still
supports calling the methods statically and non-statically. However,
as of PHP 8.0.0, calling these methods statically is not allowed,
because they are not declared as static methods. Since we consider it
to be cleaner to call these methods statically, but had deprecated to
call them statically, we properly support both variants.

We implement support for static and non-static calls by overloading, so
that non-static calls have access to the `$this` pointer.

show more ...

Remove mention of PHP major version in Copyright headers

Closes GH-4732.

Add ext/xmlreader stubs

Add missing zend_parse_paramters_none()

Cheaper checks for exceptions thrown from __toString()