Implement More Appropriate Date/Time Exceptions RFC

Allow comments between intersection types and by-ref params

Fixes GH-10083
Closes GH-10125

Fix lineno for all constant expressions

Fixes GH-8821
Closes GH-8855

sockets updlite protocol support, with checksum coverage settings.

Close GH-10468

Fix GH-10259 ReflectionClass::getStaticProperties doesn't need null return type (#10418)

random netbsd 10 update finally supporting getrandom syscall properly.

Close GH-10327.

password: Use `php_random_bytes_throw` in `php_password_make_salt` (#10393)

The CSPRNG failing should be rare nowadays, but it *might* happen and without
this patch it's hard for the use

password: Use `php_random_bytes_throw` in `php_password_make_salt` (#10393)

The CSPRNG failing should be rare nowadays, but it *might* happen and without
this patch it's hard for the user to find out why the salt generation failed:
The error message is not actionable.

This patch will automatically set the CSPRNG exception to the `$previous`
exception of the ValueError that is thrown, allowing the developer to determine
the cause of the salt generation failure.

Before:

Fatal error: Uncaught ValueError: Unable to generate salt in php-src/test3.php:3
Stack trace:
#0 php-src/test3.php(3): password_hash(Object(SensitiveParameterValue), '2y')
#1 {main}
thrown in php-src/test3.php on line 3

After:

Fatal error: Uncaught Random\RandomException: Cannot open /dev/urandom: No such file or directory in php-src/test3.php:3
Stack trace:
#0 php-src/test3.php(3): password_hash(Object(SensitiveParameterValue), '2y')
#1 {main}

Next ValueError: Unable to generate salt in php-src/test3.php:3
Stack trace:
#0 php-src/test3.php(3): password_hash(Object(SensitiveParameterValue), '2y')
#1 {main}
thrown in php-src/test3.php on line 3

show more ...

strtok warns in case the string to split was not set.

Close GH-10016.

sockets add AF_DIVERT constant.

Allow to bind a socket to a divert port without being concerned
by its address. for ipfw filter purpose (SO_USER_COOKIE constant).
FreeBSD only.

sockets add AF_DIVERT constant.

Allow to bind a socket to a divert port without being concerned
by its address. for ipfw filter purpose (SO_USER_COOKIE constant).
FreeBSD only.

Close GH-10415.

show more ...

Remove duplicated length check in exif and
remove always false condition from exif

The latter condition will never trigger because otherwise the do-while loop
wouldn't have exited.

Remove duplicated length check in exif and
remove always false condition from exif

The latter condition will never trigger because otherwise the do-while loop
wouldn't have exited.

Close GH-10402

show more ...

Fix GH-10292 make the default value of the first parame of srand() and mt_srand() nullable (#10380)

Co-authored-by: Tim Düsterhus <timwolla@googlemail.com>

Fix bug 69168: DomNode::getNodePath() returns invalid path

Upon freeing libxslt's context, every document which is not the *main*
document will be freed by libxslt. If a node of a docume

Fix bug 69168: DomNode::getNodePath() returns invalid path

Upon freeing libxslt's context, every document which is not the *main*
document will be freed by libxslt. If a node of a document which is not
the main document gets returned to userland, we'd free the node twice:
- first by the cleanup of the xslt context
- and then by our own refcounting mechanism.
This was reported in bug 49634, and was fixed by always copying the
node (and later re-fixed in bug 70078).
The original fix is not entirely correct unfortunately because of the
following two main reasons:
- modifications to the node will only modify the copy, and not the original
- accesses to the parent, path, ... will not work

This patch fixes it properly by only copying the node if it origins from
a document other than the main document.

Co-authored-by: juha.ikavalko@agentit.fi

Closes GH-10318.

show more ...

mb_detect_encoding is more accurate on strings with UTF-8/16 BOM

Thanks to the GitHub user 'titanz35' for pointing out that the new
implementation of mb_detect_encoding had poor detectio

mb_detect_encoding is more accurate on strings with UTF-8/16 BOM

Thanks to the GitHub user 'titanz35' for pointing out that the new
implementation of mb_detect_encoding had poor detection accuracy on
UTF-8 and UTF-16 strings with a byte-order mark.

show more ...

[ci skip] NEWS

socket DF flag on UDP socket via IP_MTU_DISCOVER on Linux and IP_DONTFRAGMENT on FreeBSD for path MTU discovery purpose.

idea proposal via ml :
https://marc.info/?l=php-internals&m=16732

socket DF flag on UDP socket via IP_MTU_DISCOVER on Linux and IP_DONTFRAGMENT on FreeBSD for path MTU discovery purpose.

idea proposal via ml :
https://marc.info/?l=php-internals&m=167329288509393&w=2

Close GH-10282

show more ...

posix adding posix_fpathconf.

follow-up on GH-10238 but with the file descriptor flavor.

Close GH-10253

Implement Unicode conditional casing rules for Greek letter sigma

The capital Greek letter sigma (Σ) should be lowercased as σ except
when it appears at the end of a word; in that case,

Implement Unicode conditional casing rules for Greek letter sigma

The capital Greek letter sigma (Σ) should be lowercased as σ except
when it appears at the end of a word; in that case, it should be
lowercased as the special form ς.

This rule is included in the Unicode data file SpecialCasing.txt.
The condition for applying the rule is called "Final_Sigma" and is
defined in Unicode technical report 21. The rule is:

• For the special casing form to apply, the capital letter sigma must
be preceded by 0 or more "case-ignorable" characters, preceded by
at least 1 "cased" character.
• Further, capital sigma must NOT be followed by 0 or more
case-ignorable characters and then at least 1 cased character.

"Case-ignorable" characters include certain punctuation marks, like
the apostrophe, as well as various accent marks. There are actually
close to 500 different case-ignorable characters, including accent marks
from Cyrillic, Hebrew, Armenian, Arabic, Syriac, Bengali, Gujarati,
Telugu, Tibetan, and many other alphabets. This category also includes
zero-width spaces, codepoints which indicate RTL/LTR text direction,
certain musical symbols, etc.

Since the rule involves scanning over "0 or more" of such
case-ignorable characters, it may be necessary to scan arbitrarily far
to the left and right of capital sigma to determine whether the special
lowercase form should be used or not. However, since we are trying to
be both memory-efficient and CPU-efficient, this implementation limits
how far to the left we will scan. Generally, we scan up to 63 characters
to the left looking for a "cased" character, but not more.

When scanning to the right, we go up to the end of the string if
necessary, even if it means scanning over thousands of characters.

Anyways, it is almost impossible to imagine that natural text will
include "words" with more than 63 successive apostrophes (for example)
followed by a capital sigma.

Closes GH-8096.

show more ...

posix adding posix_pathconf.

to get configuration variables from a directory/file.
Closes GH-10238.

Close GH-10217: Use strlen() for determining the class_name length

Closes GH-10231.

Implement mb_detect_encoding using fast text conversion filters

Regarding the optional 3rd `strict` argument to mb_detect_encoding,
the documentation states:

Controls the beha

Implement mb_detect_encoding using fast text conversion filters

Regarding the optional 3rd `strict` argument to mb_detect_encoding,
the documentation states:

Controls the behaviour when string is not valid in any of the listed encodings.
If strict is set to false, the closest matching encoding will be returned;
if strict is set to true, false will be returned.

(Ref: https://www.php.net/manual/en/function.mb-detect-encoding.php)

Because of bugs in the implementation, mb_detect_encoding did not always
behave according to this description when `strict` was false.
For example:

<?php
echo var_export(mb_detect_encoding("\xc0\x00", "UTF-8", false));
// Before this commit, prints: false
// After this commit, prints: 'UTF-8'

Because `strict` is false in the above example, mb_detect_encoding
should return the 'closest matching encoding', which is UTF-8, since
that is the only candidate encoding. (Incidentally, this example shows
that using mb_detect_encoding with a single candidate encoding in
non-strict mode is useless.)

The new implementation fixes this bug. It also fixes another problem
with the old implementation as regards non-strict detection mode:

The old implementation would stop processing of the input string using
a particular candidate encoding as soon as it saw an error in that
encoding, even in non-strict mode. This means that it could not really
detect the 'closest matching encoding'; rather, what it would return
in non-strict mode was 'the encoding in which the first decoding error
is furthest from the beginning of the input string'.

In non-strict mode, the new implementation continues trying to process
the input string to its end even after seeing an error. This makes it
possible to determine in which candidate encoding the string has the
smallest number of errors, i.e. the 'closest matching encoding'.

Rejecting candidate encodings as soon as it saw an error gave the old
implementation a marked performance advantage in non-strict mode;
however, the new implementation still beats it in most cases. Here are
a few sample microbenchmark results:

UTF-8, ~100 codepoints, strict mode
Old: 0.080s (100,000 calls)
New: 0.026s (" " )

UTF-8, ~100 codepoints, non-strict mode
Old: 0.079s (100,000 calls)
New: 0.033s (" " )

UTF-8, ~10000 codepoints, strict mode
Old: 6.708s (60,000 calls)
New: 1.383s (" " )

UTF-8, ~10000 codepoints, non-strict mode
Old: 6.705s (60,000 calls)
New: 3.044s (" " )

Notice that the old implementation had almost identical performance
between strict and non-strict mode, while the new suffers a significant
performance penalty for non-strict detection. This is the cost of
implementing the behavior specified in the documentation.

A couple more sample results:

SJIS, ~10000 codepoints, strict mode
Old: 4.563s
New: 1.084s

SJIS, ~10000 codepoints, non-strict mode
Old: 4.569s
New: 2.863s

This is the only case I found where the new implementation loses:

UTF-16LE, ~10000 codepoints, non-strict mode
Old: 1.514s
New: 2.813s

The reason is because the test strings happened to be invalid right from
the first few bytes for all the candidate encodings except for UTF-16LE;
so the old implementation would immediately reject all those encodings
and only process the entire string in UTF-16LE.

I believe mb_detect_encoding could be made much faster if we identified
good criteria for when to reject candidate encodings before reaching
the end of the input string.

show more ...

Improve mb_detect_encoding's recognition of Turkish text

Add 4 codepoints commonly used to write Turkish text to our table
of 'commonly used' Unicode codepoints. These are:

• U+

Improve mb_detect_encoding's recognition of Turkish text

Add 4 codepoints commonly used to write Turkish text to our table
of 'commonly used' Unicode codepoints. These are:

• U+011F LATIN SMALL LETTER G WITH BREVE
• U+0130 LATIN CAPITAL LETTER I WITH DOT ABOVE
• U+0131 LATIN SMALL LETTER DOTLESS I
• U+015F LATIN SMALL LETTER S WITH CEDILLA

show more ...

sockets adding TCP_QUICKACK constant.

having tigher control on ACK delays, difference is the setting
is `volatile` as it can be turned off by the kernel if not set
explicitally set

sockets adding TCP_QUICKACK constant.

having tigher control on ACK delays, difference is the setting
is `volatile` as it can be turned off by the kernel if not set
explicitally set otherwise on the socket.

Closes GH-10145.

show more ...

[ci skip] Remove duplicated NEWS entry

Add Randomizer::nextFloat() and Randomizer::getFloat() (#9679)

* random: Add Randomizer::nextFloat()

* random: Check that doubles are IEEE-754 in Randomizer::nextFloat()

*

Add Randomizer::nextFloat() and Randomizer::getFloat() (#9679)

* random: Add Randomizer::nextFloat()

* random: Check that doubles are IEEE-754 in Randomizer::nextFloat()

* random: Add Randomizer::nextFloat() tests

* random: Add Randomizer::getFloat() implementing the y-section algorithm

The algorithm is published in:

Drawing Random Floating-Point Numbers from an Interval. Frédéric
Goualard, ACM Trans. Model. Comput. Simul., 32:3, 2022.
https://doi.org/10.1145/3503512

* random: Implement getFloat_gamma() optimization

see https://github.com/php/php-src/pull/9679/files#r994668327

* random: Add Random\IntervalBoundary

* random: Split the implementation of γ-section into its own file

* random: Add tests for Randomizer::getFloat()

* random: Fix γ-section for 32-bit systems

* random: Replace check for __STDC_IEC_559__ by compile-time check for DBL_MANT_DIG

* random: Drop nextFloat_spacing.phpt

* random: Optimize Randomizer::getFloat() implementation

* random: Reject non-finite parameters in Randomizer::getFloat()

* random: Add NEWS/UPGRADING for Randomizer’s float functionality

show more ...

[ci skip] Fix typo in `unserialize()` function name in NEWS

see dd8de1e726a41fdbca6cbd4348ae63a74830a888