#
c1c14c8a |
| 18-Jun-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GHSA-94p6-54jq-9mwp Apache only generates REDIRECT_STATUS, so explicitly check for that if the server name is Apache, don't allow other variable names. Furthermore, redirect.so a
Fix GHSA-94p6-54jq-9mwp Apache only generates REDIRECT_STATUS, so explicitly check for that if the server name is Apache, don't allow other variable names. Furthermore, redirect.so and Netscape no longer exist, so remove those entries as we can't check their server name anymore. We now also check for the configuration override *first* such that it always take precedence. This would allow for a mitigation path if something like this happens in the future.
show more ...
|
#
4b9cd27f |
| 14-Jun-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GHSA-p99j-rfp4-xqvq It's no use trying to work around whatever the operating system and Apache do because we'll be fighting that until eternity. Change the skip_getopt condition
Fix GHSA-p99j-rfp4-xqvq It's no use trying to work around whatever the operating system and Apache do because we'll be fighting that until eternity. Change the skip_getopt condition such that when we're running in CGI or FastCGI mode we always skip the argument parsing. This is a BC break, but this seems to be the only way to get rid of this class of issues.
show more ...
|
#
93826731 |
| 17-May-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GHSA-3qgc-jrrr-25jv The original code is error-prone due to the "best fit mapping" that happens with the argument parsing but not with the query string. When we get a non-ASCII c
Fix GHSA-3qgc-jrrr-25jv The original code is error-prone due to the "best fit mapping" that happens with the argument parsing but not with the query string. When we get a non-ASCII character, try to remap it and see if it becomes a hyphen. An alternative approach is to create a custom main `wmain` receiving wide-character variations that does the ANSI transformation with the best-fit mapping, but that's more error-prone and could cause unexpected breakage. Another alternative was just don't doing this check altogether and always check for `cgi || fastcgi` instead, but that breaks real-world use-cases.
show more ...
|
#
74843947 |
| 20-Apr-2024 |
David Carlier |
sapi/cgi: fix buffer limit on windows. MSDN recommends dropping the deprecated `read` in favor of `_read`. Also, the buffer size limit is INT_MAX. Close GH-14022
|
#
f16b34f1 |
| 26-Feb-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Implement GH-10024: support linting multiple files at once using php -l This is supported in both the CLI and CGI modes. For CLI this required little changes. For CGI, the trick
Implement GH-10024: support linting multiple files at once using php -l This is supported in both the CLI and CGI modes. For CLI this required little changes. For CGI, the tricky part was that the options parsing happens inside the loop. This means that options passed after the -l flag were previously simply ignored. As we now re-enter the loop we would parse the options again, and if they are handled but don't set the script name, then CGI will think you want to read from standard in. To keep the same "don't parse options" behaviour I simply wrapped the options handling inside an if. Closes GH-10024. Closes GH-10710.
show more ...
|
#
24cc4020 |
| 15-Apr-2023 |
Ilija Tovilo |
Benchmarking mean (#11085) * Use 50 runs and calculate mean * Don't validate timestamps * Don't profile PHP startup and shutdown in cgi with valgrind
|
#
c8955c07 |
| 16-Jan-2023 |
Christoph M. Becker |
Revert GH-10220 Cf. <https://github.com/php/php-src/pull/10220#issuecomment-1383739816>. This reverts commit ecc880f491d66081298a16634629f149459706a9. This reverts commit 588a07
Revert GH-10220 Cf. <https://github.com/php/php-src/pull/10220#issuecomment-1383739816>. This reverts commit ecc880f491d66081298a16634629f149459706a9. This reverts commit 588a07f7371ee2b5fac17de147926780e427fae6. This reverts commit f377e15751d3aa48b69cd9bcc366ede7803d511f. This reverts commit b4ba16fe189b109144aff669e11d81365160104b. This reverts commit 694ec1deea36e366b28b6349a52be49824e1a1a8. This reverts commit 6b34de8eba9f66882ae16e6073af28783670ac53. This reverts commit aa1cd02a4367834026ea2205ea13a2f904455aa1. This reverts commit 308fd311ea6fcf3094b448df7f2b264f08e4fe4f. This reverts commit 16203b53e1822a37b6ba6f2ab198bb435d05fdad. This reverts commit 738fb5ca5412f5e833a7fab82b11519e635a3357. This reverts commit 9fdbefacd3c382d731aa175b7bdc002ec9cb2b30. This reverts commit cd4a7c1d90562ebb5f89caf94d00d579631b9fbe. This reverts commit 928685eba2b2f0ded90e7f78fd806ea164002f6e. This reverts commit 01e5ffc85cd4357fd7b5b7ceefa29f2d10ca26b7.
show more ...
|
#
6b34de8e |
| 04-Jan-2023 |
Max Kellermann |
sapi/*: add missing includes
|
Revision tags: php-8.2.0RC1, php-8.1.10, php-8.0.23, php-8.0.23RC1, php-8.1.10RC1, php-8.2.0beta3 |
|
#
bd3cd6a4 |
| 04-Aug-2022 |
Michael Voříšek |
Fix unstable sapi test, fix GH-9140 (#9184)
|
Revision tags: php-8.2.0beta2, php-8.1.9, php-8.0.22, php-8.1.9RC1, php-8.2.0beta1, php-8.0.22RC1, php-8.0.21, php-8.1.8, php-8.2.0alpha3, php-8.1.8RC1, php-8.2.0alpha2, php-8.0.21RC1, php-8.0.20, php-8.1.7, php-8.2.0alpha1, php-7.4.30, php-8.1.7RC1, php-8.0.20RC1 |
|
#
5ba6ecd5 |
| 24-May-2022 |
George Peter Banyard |
Minor refactoring of main/main.c and TSRM (#8608)
|
#
2ecd46f4 |
| 22-May-2022 |
George Peter Banyard |
Initialise zend_stat_t to fix MSAN build
|
Revision tags: php-8.1.6, php-8.0.19 |
|
#
b5db594f |
| 27-Apr-2022 |
George Peter Banyard |
Refacto php_module_startup() (#8303) It only ever uses at most 1 additional modules
|
Revision tags: php-8.1.6RC1, php-8.0.19RC1, php-8.0.18, php-8.1.5, php-7.4.29, php-8.1.5RC1, php-8.0.18RC1 |
|
#
d87ba95a |
| 22-Mar-2022 |
Max Kellermann |
sapi/*: move duplicate "--define" code to library
|
Revision tags: php-8.1.4, php-8.0.17, php-8.1.4RC1, php-8.0.17RC1, php-8.1.3, php-8.0.16, php-7.4.28, php-8.1.3RC1, php-8.0.16RC1, php-8.1.2, php-8.0.15 |
|
#
796511f3 |
| 09-Jan-2022 |
Christoph M. Becker |
Fix php-cgi name in usage info Cf. <https://github.com/php/doc-en/issues/1312#issuecomment-1008214821>. Closes GH-7916.
|
Revision tags: php-8.1.2RC1, php-8.0.15RC1, php-8.0.14, php-8.1.1, php-7.4.27, php-8.1.1RC1, php-8.0.14RC1, php-7.4.27RC1, php-8.1.0, php-8.0.13, php-7.4.26, php-7.3.33, php-8.1.0RC6 |
|
#
90b7bde6 |
| 03-Nov-2021 |
Dmitry Stogov |
Use more compact representation for packed arrays. - for packed arrays we store just an array of zvals without keys. - the elements of packed array are accessible throuf as ht->arPacked[
Use more compact representation for packed arrays. - for packed arrays we store just an array of zvals without keys. - the elements of packed array are accessible throuf as ht->arPacked[i] instead of ht->arData[i] - in addition to general ZEND_HASH_FOREACH_* macros, we introduced similar familied for packed (ZEND_HASH_PACKED_FORECH_*) and real hashes (ZEND_HASH_MAP_FOREACH_*) - introduced an additional family of macros to access elements of array (packed or real hashes) ZEND_ARRAY_ELEMET_SIZE, ZEND_ARRAY_ELEMET_EX, ZEND_ARRAY_ELEMET, ZEND_ARRAY_NEXT_ELEMENT, ZEND_ARRAY_PREV_ELEMENT - zend_hash_minmax() prototype was changed to compare only values Because of smaller data set, this patch may show performance improvement on some apps and benchmarks that use packed arrays. (~1% on PHP-Parser) TODO: - sapi/phpdbg needs special support for packed arrays (WATCH_ON_BUCKET). - zend_hash_sort_ex() may require converting packed arrays to hash.
show more ...
|
Revision tags: php-7.4.26RC1, php-8.0.13RC1, php-8.1.0RC5, php-7.3.32, php-7.4.25, php-8.0.12, php-8.1.0RC4, php-8.0.12RC1, php-7.4.25RC1, php-8.1.0RC3, php-8.0.11, php-7.4.24, php-7.3.31, php-8.1.0RC2, php-7.4.24RC1, php-8.0.11RC1, php-8.1.0RC1, php-7.4.23, php-8.0.10, php-7.3.30, php-8.1.0beta3, php-8.0.10RC1, php-7.4.23RC1, php-8.1.0beta2, php-8.0.9, php-7.4.22, php-8.1.0beta1 |
|
#
a054ef2a |
| 15-Jul-2021 |
Christoph M. Becker |
Fix #80849: HTTP Status header truncation While truncating the contents of a header is okay, we must never omit the trailing CRLF. Closes GH-7238.
|
Revision tags: php-7.4.22RC1, php-8.0.9RC1, php-8.1.0alpha3, php-7.4.21, php-7.3.29 |
|
#
aff36587 |
| 29-Jun-2021 |
Patrick Allaert |
Fixed some spaces used instead of tabs
|
Revision tags: php-8.0.8, php-8.1.0alpha2, php-7.4.21RC1, php-8.0.8RC1, php-8.1.0alpha1, php-8.0.7, php-7.4.20, php-8.0.7RC1, php-7.4.20RC1 |
|
#
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945) 1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https. 2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945) 1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https. 2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier". 3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted. 4. fixed indentation in some files before |
show more ...
|
Revision tags: php-8.0.6, php-7.4.19, php-7.4.18, php-7.3.28, php-8.0.5, php-8.0.5RC1, php-7.4.18RC1 |
|
#
462da6e0 |
| 31-Mar-2021 |
Josh Soref |
Fix spelling and grammar mistakes This PR corrects misspellings identified by the check-spelling action. The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465
Fix spelling and grammar mistakes This PR corrects misspellings identified by the check-spelling action. The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465 The action reports that the changes in this PR would make it happy: jsoref@602417c Closes GH-6822.
show more ...
|
#
4ce5d2ea |
| 09-Apr-2021 |
Nikita Popov |
Add known strings for jit autoglobals We always create interned strings for all autoglobals anyway, so we might as well add known strings to make them more widely usable.
|
#
c732ab40 |
| 16-Mar-2021 |
Dmitry Stogov |
Change Zend Stream API to use zend_string* instead of char*. This allows to eliminate re-calculation of string lenght and hash value. See the detailed list of changes in UPGRADING.INTERN
Change Zend Stream API to use zend_string* instead of char*. This allows to eliminate re-calculation of string lenght and hash value. See the detailed list of changes in UPGRADING.INTERNALS.
show more ...
|
Revision tags: php-8.0.4RC1, php-7.4.17RC1, php-8.0.3, php-7.4.16, php-8.0.3RC1, php-7.4.16RC1, php-8.0.2, php-7.4.15, php-7.3.27, php-8.0.2RC1, php-7.4.15RC2, php-7.4.15RC1 |
|
#
3e01f5af |
| 15-Jan-2021 |
Nikita Popov |
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool is retained as an alias.
show more ...
|
Revision tags: php-8.0.1, php-7.4.14, php-7.3.26, php-7.4.14RC1, php-8.0.1RC1, php-7.3.26RC1, php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24 |
|
#
c97da0f8 |
| 19-Oct-2020 |
Nikita Popov |
Revert "Fix bug #64865: Use CONTEXT_DOCUMENT_ROOT for scanning dir tree" This reverts commit 98bfad738ad2734dfba5733323f7ba733daf3ec3. This doesn't work well in some setups, see bug
Revert "Fix bug #64865: Use CONTEXT_DOCUMENT_ROOT for scanning dir tree" This reverts commit 98bfad738ad2734dfba5733323f7ba733daf3ec3. This doesn't work well in some setups, see bug #80113 and GH-5051. Reverting this for now.
show more ...
|
Revision tags: php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23, php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1, php-8.0.0beta3, php-7.4.10, php-7.3.22, php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1, php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21, php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1, php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20, php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1, php-7.4.7, php-7.3.19, php-7.4.7RC1, php-7.3.19RC1, php-7.4.6, php-7.2.31, php-7.4.6RC1, php-7.3.18RC1, php-7.2.30, php-7.4.5, php-7.3.17, php-7.4.5RC1, php-7.3.17RC1 |
|
#
f3285940 |
| 25-Mar-2020 |
Máté Kocsis |
Add stubs for SAPIs Closes GH-5295.
|
#
2b5de6f8 |
| 01-Jul-2020 |
Max Semenik |
Remove proto comments from C files Closes GH-5758
|