#
922371f3 |
| 18-Jul-2022 |
Jakub Zelenka |
Do not send X-Powered-By if headers sent (#9039) Co-authored-by: Eric Norris <erictnorris@gmail.com>
|
#
ffdf25a2 |
| 06-Jan-2022 |
Mikhail Galanin |
Add "error_log_mode" setting
|
#
77e954af |
| 05-Jul-2022 |
Christoph M. Becker |
Fix GH-8923: error_log on Windows can hold the file write lock On Windows, closing a file which is locked may not immediately remove the lock. The `LockFileEx()` documentation states:
Fix GH-8923: error_log on Windows can hold the file write lock On Windows, closing a file which is locked may not immediately remove the lock. The `LockFileEx()` documentation states: | Therefore, it is recommended that your process explicitly unlock all | files it has locked when it terminates. We comply, and also use the macro `LOCK_EX` instead of the magic number `2`. Closes GH-8925.
show more ...
|
#
93a44f8c |
| 15-Jun-2022 |
Heiko Weber |
Fix potential use after free in php_binary_init() Closes GH-8791.
|
#
efc8f0eb |
| 17-Jun-2022 |
Arnaud Le Blanc |
Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951) Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi() zend_atol() and zend_atoi() don't just do number p
Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951) Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi() zend_atol() and zend_atoi() don't just do number parsing. They also check for a 'K', 'M', or 'G' at the end of the string, and multiply the parsed value out accordingly. Unfortunately, they ignore any other non-numerics between the numeric component and the last character in the string. This means that numbers such as the following are both valid and non-intuitive in their final output. * "123KMG" is interpreted as "123G" -> 132070244352 * "123G " is interpreted as "123 " -> 123 * "123GB" is interpreted as "123B" -> 123 * "123 I like tacos." is also interpreted as "123." -> 123 Currently, in php-src these functions are used only for parsing ini values. In this change we deprecate zend_atol(), zend_atoi(), and introduce a new function with the same behavior, but with the ability to report invalid inputs to the caller. The function's name also makes the behavior less unexpected: zend_ini_parse_quantity(). Co-authored-by: Sara Golemon <pollita@php.net>
show more ...
|
#
5ba6ecd5 |
| 24-May-2022 |
George Peter Banyard |
Minor refactoring of main/main.c and TSRM (#8608)
|
#
265c88b9 |
| 22-May-2022 |
George Peter Banyard |
Don't initialise pointers to zend_stat_t
|
#
2ecd46f4 |
| 22-May-2022 |
George Peter Banyard |
Initialise zend_stat_t to fix MSAN build
|
#
f07a08df |
| 06-May-2022 |
Arnaud Le Blanc |
Fix unregistering ini entries of dynamically loaded extension (#8435) Fixes GH-8185
|
#
b5db594f |
| 27-Apr-2022 |
George Peter Banyard |
Refacto php_module_startup() (#8303) It only ever uses at most 1 additional modules
|
#
1bd9890b |
| 06-Apr-2022 |
Christoph M. Becker |
Fix GH-8310: Registry settings are no longer recognized `zend_file_handle->filename` is a `zend_string*` pointer now, so we must not cast to `char*` but rather pass the underlying `char*
Fix GH-8310: Registry settings are no longer recognized `zend_file_handle->filename` is a `zend_string*` pointer now, so we must not cast to `char*` but rather pass the underlying `char*`. Closes GH-8313.
show more ...
|
#
e6cf5831 |
| 12-Feb-2022 |
Bob Weinand |
Fix GH-8082: Prevent leaking memory on observed transient run_time_caches This is achieved by tracking the observers on the run_time_cache (with a fixed amount of slots, 2 for each observer)
Fix GH-8082: Prevent leaking memory on observed transient run_time_caches This is achieved by tracking the observers on the run_time_cache (with a fixed amount of slots, 2 for each observer). That way round, if the run_time_cache is freed all associated observer data is as well. This approach has been chosen, as to avoid any ABI or API breakage. Future versions may for example choose to provide a hookable API for run_time_cache freeing or similar.
show more ...
|
#
26e42446 |
| 09-Nov-2021 |
Nikita Popov |
Fix bug #81598: Use C.UTF-8 as LC_CTYPE locale by default Unfortunately, libedit is locale based and does not accept UTF-8 input when the C locale is used. This patch switches the defaul
Fix bug #81598: Use C.UTF-8 as LC_CTYPE locale by default Unfortunately, libedit is locale based and does not accept UTF-8 input when the C locale is used. This patch switches the default locale to C.UTF-8 instead (if it is available). This makes libedit work and I believe it shouldn't affect behavior of single-byte locale-dependent functions that PHP otherwise uses. Closes GH-7635.
show more ...
|
#
4c171ed5 |
| 04-Nov-2021 |
Nikita Popov |
Fix bug #81591: ignore_repeated_errors broken We should suppress the error if the message is the same, not if it's different. Apparently we had no test coverage for these options.
|
#
36576936 |
| 12-Oct-2021 |
Christoph M. Becker |
Fix #81518: Header injection via default_mimetype / default_charset We forbid setting these INI options to values containing NUL bytes, CR or LF. Closes GH-7574.
|
#
c96be7b8 |
| 24-Sep-2021 |
Tim Starling |
Use ASCII lower case for misc case folding Use ASCII case conversion instead of locale-dependent case conversion in the following places: * grapheme_stripos() and grapheme_strri
Use ASCII lower case for misc case folding Use ASCII case conversion instead of locale-dependent case conversion in the following places: * grapheme_stripos() and grapheme_strripos() in the "fast" path * ldap_get_entries() * oci_pconnect() for case folding of parameters when constructing a key into the connection or session pool * SoapClient: case folding of function names * get_meta_tags(): case conversion of property names * http stream wrapper: header names * phpinfo(): anchor names * php_verror(): docref URLs * rfc1867.c: Content-Type boundary parameter name * streams.c: stream protocol names Using locale-dependent case folding for these cases is either unnecessary or actively incorrect. These functions could have misbehaved when used with certain locales (e.g. Turkish). Closes GH-7511.
show more ...
|
#
1da5df80 |
| 21-Jul-2021 |
Nikita Popov |
Don't enable rc_debug mode if module startup fails
|
#
efbb2198 |
| 12-Jul-2021 |
Nikita Popov |
Return value from ZEND_ATOL Instead of assigning it as part of the macro itself, which makes usage quite awkward.
|
#
98a21d1d |
| 12-Feb-2021 |
Calvin Buckley |
Fix bug #80728: Don't reset the timeout on ini deactivate When the time limit for a script is changed, when the script ends, its INI value will be reset. This calls the event handler for
Fix bug #80728: Don't reset the timeout on ini deactivate When the time limit for a script is changed, when the script ends, its INI value will be reset. This calls the event handler for the timeout change, which will unset then reset the timeout. However, this is done even if the script is done executing, and say, the CGI or CLI web server process is idle. This is probably incorrect, but isn't a problem on most platforms, because PHP uses a timer that only ticks when the process is active (that is, executing code). Since when it's idle, it's blocking on listen/read, it won't tick because nothing executes. However, on platforms where only the real-time timer is supported, (Cygwin/PASE) it ticks regardless of if PHP is even executing. This means that the idle processes are subject to timeouts from the INI reset on script end. This makes it so the timer is never set if the state is deactivating. Testing with the CLI web server indicates the timer no longer spuriously activates under PASE. Closes GH-6683.
show more ...
|
#
aff36587 |
| 29-Jun-2021 |
Patrick Allaert |
Fixed some spaces used instead of tabs
|
#
d8165c25 |
| 08-Jun-2021 |
Nikita Popov |
Fixed bug #81104 When the memory limit is restored during shutdown, we may still be using a lot of memory. Ignore the failure at that point and set it again after the MM is shut down
Fixed bug #81104 When the memory limit is restored during shutdown, we may still be using a lot of memory. Ignore the failure at that point and set it again after the MM is shut down, at which point memory usage should be at its lowest point.
show more ...
|
#
e9b00515 |
| 31-May-2021 |
Nikita Popov |
Fix output buffer discard on memory limit Move this code directly into the error handler, and check the heap->overflow flag. Discarding output here allows us to print the normal memo
Fix output buffer discard on memory limit Move this code directly into the error handler, and check the heap->overflow flag. Discarding output here allows us to print the normal memory limit message to standard output. Otherwise nothing would be printed unless a different log medium was used, which makes for a suboptimal debugging experience.
show more ...
|
#
1aafed5e |
| 31-May-2021 |
Nikita Popov |
Remove zend_set_memory_limit_ex() API This was added temporarily for the PHP-8.0 branch to avoid an ABI break.
|
#
1b3b5c94 |
| 30-May-2021 |
Peter van Dommelen |
Fixed bug #81070 When the memory limit is reduced using an `ini_set("memory_limit", ..)` below the currently allocated memory, the out-of-memory check overflowed. Instead of implemen
Fixed bug #81070 When the memory limit is reduced using an `ini_set("memory_limit", ..)` below the currently allocated memory, the out-of-memory check overflowed. Instead of implementing additional checks during allocation, `zend_set_memory_limit()` now validates the new memory limit. When below the current memory usage the ini_set call will fail and throw a warning. This is part of GH-7040.
show more ...
|
#
c40231af |
| 12-May-2021 |
George Peter Banyard |
Mark various functions with void arguments. This fixes a bunch of [-Wstrict-prototypes] warning, because in C func() and func(void) have different semantics.
|