Fix GH-16292: Segmentation fault in ext/xmlreader/php_xmlreader.c:1282

3 issues:
1) RETURN_NULL() was used via the macro NODE_GET_OBJ(), but the function
returns false on failure

Fix GH-16292: Segmentation fault in ext/xmlreader/php_xmlreader.c:1282

3 issues:
1) RETURN_NULL() was used via the macro NODE_GET_OBJ(), but the function
returns false on failure and cannot return null according to its
stub.
2) The struct layout of the different implementors of libxml only
guarantees overlap between the node pointer and the document
reference, so accessing the std zend_object may not work.
3) DOC_GET_OBJ() wasn't using ZSTR_VAL().

Closes GH-16307.

show more ...

Fix GH-14183: XMLReader::open() can't be overridden

We should only return the override if the internal static method is matched.

Closes GH-14194.

Merge branch 'PHP-8.2' into PHP-8.3

* PHP-8.2:
[ci skip] NEWS
Fix null pointer dereferences in case of allocation failure

Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
[ci skip] NEWS
Fix null pointer dereferences in case of allocation failure

Fix null pointer dereferences in case of allocation failure

Closes GH-12506.

Merge branch 'PHP-8.2'

Merge branch 'PHP-8.1' into PHP-8.2

Merge branch 'PHP-8.0' into PHP-8.1

Sanitize libxml2 globals before parsing

Fixes GHSA-3qrf-m4j2-pcrr.

To parse a document with libxml2, you first need to create a parsing context.
The parsing context contains par

Sanitize libxml2 globals before parsing

Fixes GHSA-3qrf-m4j2-pcrr.

To parse a document with libxml2, you first need to create a parsing context.
The parsing context contains parsing options (e.g. XML_NOENT to substitute
entities) that the application (in this case PHP) can set.
Unfortunately, libxml2 also supports providing default set options.
For example, if you call xmlSubstituteEntitiesDefault(1) then the XML_NOENT
option will be added to the parsing options every time you create a parsing
context **even if the application never requested XML_NOENT**.

Third party extensions can override these globals, in particular the
substitute entity global. This causes entity substitution to be
unexpectedly active.

Fix it by setting the parsing options to a sane known value.
For API calls that depend on global state we introduce
PHP_LIBXML_SANITIZE_GLOBALS() and PHP_LIBXML_RESTORE_GLOBALS().
For other APIs that work directly with a context we introduce
php_libxml_sanitize_parse_ctxt_options().

show more ...

Merge branch 'PHP-8.2'

Fix GH-11548 (Argument corruption when calling XMLReader::open or XMLReader::XML non-statically with observer active)

Merge branch 'PHP-8.2'

Merge branch 'PHP-8.1' into PHP-8.2

Merge branch 'PHP-8.0' into PHP-8.1

Fix array overrun when appending slash to paths

Fix it by extending the array sizes by one character. As the input is
limited to the maximum path length, there will always be place to ap

Fix array overrun when appending slash to paths

Fix it by extending the array sizes by one character. As the input is
limited to the maximum path length, there will always be place to append
the slash. As the php_check_specific_open_basedir() simply uses the
strings to compare against each other, no new failures related to too
long paths are introduced.
We'll let the DOM and XML case handle a potentially too long path in the
library code.

show more ...

Revert "Port all internally used classes to use default_object_handlers"

This reverts commit 94ee4f9834743ca74f6c9653863273277ce6c61a.

The commit was a bit too late to be included i

Revert "Port all internally used classes to use default_object_handlers"

This reverts commit 94ee4f9834743ca74f6c9653863273277ce6c61a.

The commit was a bit too late to be included in PHP 8.2 RC1. Given it's a massive ABI break, we decide to postpone the change to PHP 8.3.

show more ...

Port all internally used classes to use default_object_handlers

Signed-off-by: Bob Weinand <bobwei9@hotmail.com>

Declare ext/xmlreader constants in stubs (#9133)

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Fix bug #81521

Fix bug #81521

The current error message is incorrect -- the problem here is not
that the property is invalid, but that these methods are unusable
prior to loading data, same as read

Fix bug #81521

The current error message is incorrect -- the problem here is not
that the property is invalid, but that these methods are unusable
prior to loading data, same as read().

show more ...

Fixed some spaces used instead of tabs

Remove explicit assignments of zend_objects_destroy_object

This is the default handler, no need to set it explicitly. This
makes it easier to see which objects really have a custom dtor_

Remove explicit assignments of zend_objects_destroy_object

This is the default handler, no need to set it explicitly. This
makes it easier to see which objects really have a custom dtor_obj.

show more ...

Convert check into assertion in ext/xmlreader

$this is requires to be instanceof self for quite a while now,
so make this an assertion.

Remove some unnecessary null pointer checks in ext/xmlreader

intern cannot be NULL.

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...