| #
922371f3 |
| 18-Jul-2022 |
Jakub Zelenka |
Do not send X-Powered-By if headers sent (#9039)
Co-authored-by: Eric Norris <erictnorris@gmail.com>
|
| #
ffdf25a2 |
| 06-Jan-2022 |
Mikhail Galanin |
Add "error_log_mode" setting
|
| #
77e954af |
| 05-Jul-2022 |
Christoph M. Becker |
Fix GH-8923: error_log on Windows can hold the file write lock
On Windows, closing a file which is locked may not immediately remove
the lock. The `LockFileEx()` documentation states:
Fix GH-8923: error_log on Windows can hold the file write lock
On Windows, closing a file which is locked may not immediately remove
the lock. The `LockFileEx()` documentation states:
| Therefore, it is recommended that your process explicitly unlock all
| files it has locked when it terminates.
We comply, and also use the macro `LOCK_EX` instead of the magic number
`2`.
Closes GH-8925.
show more ...
|
| #
93a44f8c |
| 15-Jun-2022 |
Heiko Weber |
Fix potential use after free in php_binary_init()
Closes GH-8791.
|
| #
efc8f0eb |
| 17-Jun-2022 |
Arnaud Le Blanc |
Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951)
Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi()
zend_atol() and zend_atoi() don't just do number p
Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951)
Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi()
zend_atol() and zend_atoi() don't just do number parsing.
They also check for a 'K', 'M', or 'G' at the end of the string,
and multiply the parsed value out accordingly.
Unfortunately, they ignore any other non-numerics between the
numeric component and the last character in the string.
This means that numbers such as the following are both valid
and non-intuitive in their final output.
* "123KMG" is interpreted as "123G" -> 132070244352
* "123G " is interpreted as "123 " -> 123
* "123GB" is interpreted as "123B" -> 123
* "123 I like tacos." is also interpreted as "123." -> 123
Currently, in php-src these functions are used only for parsing ini values.
In this change we deprecate zend_atol(), zend_atoi(), and introduce a new
function with the same behavior, but with the ability to report invalid inputs
to the caller. The function's name also makes the behavior less unexpected:
zend_ini_parse_quantity().
Co-authored-by: Sara Golemon <pollita@php.net>
show more ...
|
| #
5ba6ecd5 |
| 24-May-2022 |
George Peter Banyard |
Minor refactoring of main/main.c and TSRM (#8608)
|
| #
265c88b9 |
| 22-May-2022 |
George Peter Banyard |
Don't initialise pointers to zend_stat_t
|
| #
2ecd46f4 |
| 22-May-2022 |
George Peter Banyard |
Initialise zend_stat_t to fix MSAN build
|
| #
f07a08df |
| 06-May-2022 |
Arnaud Le Blanc |
Fix unregistering ini entries of dynamically loaded extension (#8435)
Fixes GH-8185
|
| #
b5db594f |
| 27-Apr-2022 |
George Peter Banyard |
Refacto php_module_startup() (#8303)
It only ever uses at most 1 additional modules
|
| #
1bd9890b |
| 06-Apr-2022 |
Christoph M. Becker |
Fix GH-8310: Registry settings are no longer recognized
`zend_file_handle->filename` is a `zend_string*` pointer now, so we
must not cast to `char*` but rather pass the underlying `char*
Fix GH-8310: Registry settings are no longer recognized
`zend_file_handle->filename` is a `zend_string*` pointer now, so we
must not cast to `char*` but rather pass the underlying `char*`.
Closes GH-8313.
show more ...
|
| #
e6cf5831 |
| 12-Feb-2022 |
Bob Weinand |
Fix GH-8082: Prevent leaking memory on observed transient run_time_caches
This is achieved by tracking the observers on the run_time_cache (with a fixed amount of slots, 2 for each observer)
Fix GH-8082: Prevent leaking memory on observed transient run_time_caches
This is achieved by tracking the observers on the run_time_cache (with a fixed amount of slots, 2 for each observer).
That way round, if the run_time_cache is freed all associated observer data is as well.
This approach has been chosen, as to avoid any ABI or API breakage.
Future versions may for example choose to provide a hookable API for run_time_cache freeing or similar.
show more ...
|
| #
26e42446 |
| 09-Nov-2021 |
Nikita Popov |
Fix bug #81598: Use C.UTF-8 as LC_CTYPE locale by default
Unfortunately, libedit is locale based and does not accept UTF-8
input when the C locale is used. This patch switches the defaul
Fix bug #81598: Use C.UTF-8 as LC_CTYPE locale by default
Unfortunately, libedit is locale based and does not accept UTF-8
input when the C locale is used. This patch switches the default
locale to C.UTF-8 instead (if it is available). This makes libedit
work and I believe it shouldn't affect behavior of single-byte
locale-dependent functions that PHP otherwise uses.
Closes GH-7635.
show more ...
|
| #
4c171ed5 |
| 04-Nov-2021 |
Nikita Popov |
Fix bug #81591: ignore_repeated_errors broken
We should suppress the error if the message is the same, not if
it's different. Apparently we had no test coverage for these
options.
|
| #
36576936 |
| 12-Oct-2021 |
Christoph M. Becker |
Fix #81518: Header injection via default_mimetype / default_charset
We forbid setting these INI options to values containing NUL bytes, CR
or LF.
Closes GH-7574.
|
| #
c96be7b8 |
| 24-Sep-2021 |
Tim Starling |
Use ASCII lower case for misc case folding
Use ASCII case conversion instead of locale-dependent case conversion in
the following places:
* grapheme_stripos() and grapheme_strri
Use ASCII lower case for misc case folding
Use ASCII case conversion instead of locale-dependent case conversion in
the following places:
* grapheme_stripos() and grapheme_strripos() in the "fast" path
* ldap_get_entries()
* oci_pconnect() for case folding of parameters when constructing a key
into the connection or session pool
* SoapClient: case folding of function names
* get_meta_tags(): case conversion of property names
* http stream wrapper: header names
* phpinfo(): anchor names
* php_verror(): docref URLs
* rfc1867.c: Content-Type boundary parameter name
* streams.c: stream protocol names
Using locale-dependent case folding for these cases is either
unnecessary or actively incorrect. These functions could have
misbehaved when used with certain locales (e.g. Turkish).
Closes GH-7511.
show more ...
|
| #
1da5df80 |
| 21-Jul-2021 |
Nikita Popov |
Don't enable rc_debug mode if module startup fails
|
| #
efbb2198 |
| 12-Jul-2021 |
Nikita Popov |
Return value from ZEND_ATOL
Instead of assigning it as part of the macro itself, which makes
usage quite awkward.
|
| #
98a21d1d |
| 12-Feb-2021 |
Calvin Buckley |
Fix bug #80728: Don't reset the timeout on ini deactivate
When the time limit for a script is changed, when the script ends,
its INI value will be reset. This calls the event handler for
Fix bug #80728: Don't reset the timeout on ini deactivate
When the time limit for a script is changed, when the script ends,
its INI value will be reset. This calls the event handler for the
timeout change, which will unset then reset the timeout. However,
this is done even if the script is done executing, and say, the CGI
or CLI web server process is idle.
This is probably incorrect, but isn't a problem on most platforms,
because PHP uses a timer that only ticks when the process is active
(that is, executing code). Since when it's idle, it's blocking on
listen/read, it won't tick because nothing executes. However, on
platforms where only the real-time timer is supported, (Cygwin/PASE)
it ticks regardless of if PHP is even executing. This means that the
idle processes are subject to timeouts from the INI reset on script
end.
This makes it so the timer is never set if the state is deactivating.
Testing with the CLI web server indicates the timer no longer
spuriously activates under PASE.
Closes GH-6683.
show more ...
|
| #
aff36587 |
| 29-Jun-2021 |
Patrick Allaert |
Fixed some spaces used instead of tabs
|
| #
d8165c25 |
| 08-Jun-2021 |
Nikita Popov |
Fixed bug #81104
When the memory limit is restored during shutdown, we may still
be using a lot of memory. Ignore the failure at that point and
set it again after the MM is shut down
Fixed bug #81104
When the memory limit is restored during shutdown, we may still
be using a lot of memory. Ignore the failure at that point and
set it again after the MM is shut down, at which point memory
usage should be at its lowest point.
show more ...
|
| #
e9b00515 |
| 31-May-2021 |
Nikita Popov |
Fix output buffer discard on memory limit
Move this code directly into the error handler, and check the
heap->overflow flag. Discarding output here allows us to print
the normal memo
Fix output buffer discard on memory limit
Move this code directly into the error handler, and check the
heap->overflow flag. Discarding output here allows us to print
the normal memory limit message to standard output. Otherwise
nothing would be printed unless a different log medium was used,
which makes for a suboptimal debugging experience.
show more ...
|
| #
1aafed5e |
| 31-May-2021 |
Nikita Popov |
Remove zend_set_memory_limit_ex() API
This was added temporarily for the PHP-8.0 branch to avoid an
ABI break.
|
| #
1b3b5c94 |
| 30-May-2021 |
Peter van Dommelen |
Fixed bug #81070
When the memory limit is reduced using an `ini_set("memory_limit", ..)`
below the currently allocated memory, the out-of-memory check overflowed.
Instead of implemen
Fixed bug #81070
When the memory limit is reduced using an `ini_set("memory_limit", ..)`
below the currently allocated memory, the out-of-memory check overflowed.
Instead of implementing additional checks during allocation,
`zend_set_memory_limit()` now validates the new memory limit. When
below the current memory usage the ini_set call will fail and throw
a warning.
This is part of GH-7040.
show more ...
|
| #
c40231af |
| 12-May-2021 |
George Peter Banyard |
Mark various functions with void arguments.
This fixes a bunch of [-Wstrict-prototypes] warning,
because in C func() and func(void) have different semantics.
|
