| #
63c7418b |
| 28-Jun-2022 |
Remi Collet |
[ci skip] NEWS and UPGRADING
|
| #
526af6ea |
| 19-Jun-2022 |
Ayesh Karunaratne |
[ci skip] Add true type support to UPGRADING file
Closes GH-8826.
|
| #
5bb3e233 |
| 24-Apr-2022 |
tobil4sk |
Implement #77726: Allow null character in regex patterns
In 8b3c1a3, this was disallowed to fix #55856, which was a security
issue caused by the /e modifier. The fix that was made was th
Implement #77726: Allow null character in regex patterns
In 8b3c1a3, this was disallowed to fix #55856, which was a security
issue caused by the /e modifier. The fix that was made was the
"Easier fix" as described in the original report.
With this fix, pattern strings are no longer treated as null terminated,
so null characters can be placed inside and matched against with regex
patterns without security problems, so there is no longer a reason to
give the error. Allowing this is consistent with the behaviour of many
other languages, including JavaScript, and thanks to PCRE2[0], it does
not require manually escaping null characters. Now that we can avoid the
error here without the cost of escaping characters, there is really no
need anymore to stray here from the conventional behaviour.
Currently, null characters are still disallowed before the first
delimiter and in the options section at the end of a regex string, but
these error messages have been updated.
[0] Since PCRE2, pattern strings no longer have to be null terminated,
and raw null characters match as normal.
Closes GH-8114.
show more ...
|
| #
efc8f0eb |
| 17-Jun-2022 |
Arnaud Le Blanc |
Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951)
Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi()
zend_atol() and zend_atoi() don't just do number p
Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951)
Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi()
zend_atol() and zend_atoi() don't just do number parsing.
They also check for a 'K', 'M', or 'G' at the end of the string,
and multiply the parsed value out accordingly.
Unfortunately, they ignore any other non-numerics between the
numeric component and the last character in the string.
This means that numbers such as the following are both valid
and non-intuitive in their final output.
* "123KMG" is interpreted as "123G" -> 132070244352
* "123G " is interpreted as "123 " -> 123
* "123GB" is interpreted as "123B" -> 123
* "123 I like tacos." is also interpreted as "123." -> 123
Currently, in php-src these functions are used only for parsing ini values.
In this change we deprecate zend_atol(), zend_atoi(), and introduce a new
function with the same behavior, but with the ability to report invalid inputs
to the caller. The function's name also makes the behavior less unexpected:
zend_ini_parse_quantity().
Co-authored-by: Sara Golemon <pollita@php.net>
show more ...
|
| #
b9af4335 |
| 08-Jun-2022 |
Pierrick Charron |
Add new curl_upkeep() function
|
| #
cec20f61 |
| 05-Jun-2022 |
Pierrick Charron |
Expose new constants from libcurl 7.62 to 7.80
|
| #
d9f3ca70 |
| 07-Jun-2022 |
Rowan Tommins |
Add deprecation notices to utf8_encode and utf8_decode
Implements initial stage of accepted RFC to remove them:
https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode
Tests
Add deprecation notices to utf8_encode and utf8_decode
Implements initial stage of accepted RFC to remove them:
https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode
Tests relating to SOAP and htmlspecialchars seem to have been
using this entirely unnecessarily, so have been fixed.
Closes GH-8726.
show more ...
|
| #
6b02cabc |
| 09-Jun-2022 |
David CARLIER |
Add `SO_SETFIB` FreeBSD socket option constant.
Aims to set the route table.
Closes #8742.
|
| #
dbf1cafd |
| 09-Jun-2022 |
George Peter Banyard |
Remove internal usage of SplFileInfo::_bad_state_ex() method (#8318)
* Use standard VM handling instead
* Deprecate the method as it is now useless
|
| #
d677cc13 |
| 06-Jun-2022 |
David Carlier |
Add `SO_BPF_EXTENSIONS` flag to socket.
Returns the supported bpf extensions from the kernel. Linux only.
Closes GH-8713.
|
| #
80fda5ff |
| 07-Jun-2022 |
George Peter Banyard |
[skip ci] Update UPGRADING in regards to iterable compile time alias
|
| #
6fe7ff95 |
| 03-Jun-2022 |
David Carlier |
Implements ancillary data on NetBSD.
With the couple LOCAL_CREDS/SCM_CREDS, in this system we get all the
infos needed (included the process id).
Closes GH-8700.
|
| #
f813520b |
| 02-Jun-2022 |
David CARLIER |
Implements socket ancillary data on FreeBSD. (#7708)
using LOCAL_CREDS_PERSISTENT/SCM_CREDS2 instead so we also get the send process id.
|
| #
2d1a320b |
| 30-May-2022 |
Kamil Tekiela |
UPGRADING for libmysql change
|
| #
1d168a44 |
| 28-May-2022 |
Máté Kocsis |
Add upgrading entry for DatePeriod property changes
[skip ci]
|
| #
2920a266 |
| 22-Apr-2022 |
Calvin Buckley |
Quote when adding to connection string in (PDO_)ODBC
Because the UID= and PWD= values are appended to the SQLDriverConnect
case when credentials are passed, we have to append them to the
Quote when adding to connection string in (PDO_)ODBC
Because the UID= and PWD= values are appended to the SQLDriverConnect
case when credentials are passed, we have to append them to the string
in case users are relying on this behaviour. However, they must be
quoted, or the arguments will be invalid (or possibly more injected).
This means users had to quote arguments or append credentials to the raw
connection string themselves.
It seems that ODBC quoting rules are consistent enough (and that
Microsoft trusts them enough to encode into the .NET BCL) that we can
actually check if the string is already quoted (in case a user is
already quoting because of this not being fixed), and if not, apply the
appropriate ODBC quoting rules.
This is because the code exists in main/, and are shared between
both ODBC extensions, so it doesn't make sense for it to only exist
in one or the other. There may be a better spot for it.
Closes GH-8307.
show more ...
|
| #
059474a8 |
| 27-May-2022 |
Arnaud Le Blanc |
[ci skip] NEWS, UPGRADING
|
| #
df77fee2 |
| 26-May-2022 |
Máté Kocsis |
Add upgrading entry for ext/tidy property changes
[skip ci]
|
| #
54de945b |
| 23-May-2022 |
Máté Kocsis |
Added a few missing punctuation marks in UPGRADING
|
| #
7ec2950d |
| 23-May-2022 |
Máté Kocsis |
Add upgrading entry for readonly classes
|
| #
016ac7c1 |
| 21-May-2022 |
David CARLIER |
[skip ci] UPGRADING note update, follow-up #8411 (#8598)
|
| #
33fc9e5a |
| 13-May-2022 |
Christoph M. Becker |
Build ext/zip as shared library by default on Windows
This allows users to use PECL/zip, which is well maintained and often
brings new features which are not yet available in ext/zip, as
Build ext/zip as shared library by default on Windows
This allows users to use PECL/zip, which is well maintained and often
brings new features which are not yet available in ext/zip, as drop-in
replacement for the official Windows php-src builds.
Closes GH-8549.
show more ...
|
| #
1f4830f2 |
| 15-May-2022 |
David Carlier |
Add TCP_NOTSENT_LOWAT socket option
Can be used to limit the amount of unsent data per socket.
Closes GH-8559.
|
| #
10921525 |
| 15-May-2022 |
David Carlier |
Add CURLOPT_MAXFILESIZE_LARGE option
Like other *LARGE options, it takes a 64 bit value.
Closes GH-8557.
|
| #
8b991b4a |
| 13-May-2022 |
Máté Kocsis |
Add static return type for DateTime*::createFrom*() when possible
Fix GH-8544
|
