#
fdc09e30 |
| 02-Jul-2022 |
David Carlier |
Fix GH-8907: Document forgotten API changes. binary safe string comparisons and recent socket option addition. Closes #8910.
|
#
63c7418b |
| 28-Jun-2022 |
Remi Collet |
[ci skip] NEWS and UPGRADING
|
#
526af6ea |
| 19-Jun-2022 |
Ayesh Karunaratne |
[ci skip] Add true type support to UPGRADING file Closes GH-8826.
|
#
5bb3e233 |
| 24-Apr-2022 |
tobil4sk |
Implement #77726: Allow null character in regex patterns In 8b3c1a3, this was disallowed to fix #55856, which was a security issue caused by the /e modifier. The fix that was made was th
Implement #77726: Allow null character in regex patterns In 8b3c1a3, this was disallowed to fix #55856, which was a security issue caused by the /e modifier. The fix that was made was the "Easier fix" as described in the original report. With this fix, pattern strings are no longer treated as null terminated, so null characters can be placed inside and matched against with regex patterns without security problems, so there is no longer a reason to give the error. Allowing this is consistent with the behaviour of many other languages, including JavaScript, and thanks to PCRE2[0], it does not require manually escaping null characters. Now that we can avoid the error here without the cost of escaping characters, there is really no need anymore to stray here from the conventional behaviour. Currently, null characters are still disallowed before the first delimiter and in the options section at the end of a regex string, but these error messages have been updated. [0] Since PCRE2, pattern strings no longer have to be null terminated, and raw null characters match as normal. Closes GH-8114.
show more ...
|
#
efc8f0eb |
| 17-Jun-2022 |
Arnaud Le Blanc |
Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951) Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi() zend_atol() and zend_atoi() don't just do number p
Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951) Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi() zend_atol() and zend_atoi() don't just do number parsing. They also check for a 'K', 'M', or 'G' at the end of the string, and multiply the parsed value out accordingly. Unfortunately, they ignore any other non-numerics between the numeric component and the last character in the string. This means that numbers such as the following are both valid and non-intuitive in their final output. * "123KMG" is interpreted as "123G" -> 132070244352 * "123G " is interpreted as "123 " -> 123 * "123GB" is interpreted as "123B" -> 123 * "123 I like tacos." is also interpreted as "123." -> 123 Currently, in php-src these functions are used only for parsing ini values. In this change we deprecate zend_atol(), zend_atoi(), and introduce a new function with the same behavior, but with the ability to report invalid inputs to the caller. The function's name also makes the behavior less unexpected: zend_ini_parse_quantity(). Co-authored-by: Sara Golemon <pollita@php.net>
show more ...
|
#
b9af4335 |
| 08-Jun-2022 |
Pierrick Charron |
Add new curl_upkeep() function
|
#
cec20f61 |
| 05-Jun-2022 |
Pierrick Charron |
Expose new constants from libcurl 7.62 to 7.80
|
#
d9f3ca70 |
| 07-Jun-2022 |
Rowan Tommins |
Add deprecation notices to utf8_encode and utf8_decode Implements initial stage of accepted RFC to remove them: https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode Tests
Add deprecation notices to utf8_encode and utf8_decode Implements initial stage of accepted RFC to remove them: https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode Tests relating to SOAP and htmlspecialchars seem to have been using this entirely unnecessarily, so have been fixed. Closes GH-8726.
show more ...
|
#
6b02cabc |
| 09-Jun-2022 |
David CARLIER |
Add `SO_SETFIB` FreeBSD socket option constant. Aims to set the route table. Closes #8742.
|
#
dbf1cafd |
| 09-Jun-2022 |
George Peter Banyard |
Remove internal usage of SplFileInfo::_bad_state_ex() method (#8318) * Use standard VM handling instead * Deprecate the method as it is now useless
|
#
d677cc13 |
| 06-Jun-2022 |
David Carlier |
Add `SO_BPF_EXTENSIONS` flag to socket. Returns the supported bpf extensions from the kernel. Linux only. Closes GH-8713.
|
#
80fda5ff |
| 07-Jun-2022 |
George Peter Banyard |
[skip ci] Update UPGRADING in regards to iterable compile time alias
|
#
6fe7ff95 |
| 03-Jun-2022 |
David Carlier |
Implements ancillary data on NetBSD. With the couple LOCAL_CREDS/SCM_CREDS, in this system we get all the infos needed (included the process id). Closes GH-8700.
|
#
f813520b |
| 02-Jun-2022 |
David CARLIER |
Implements socket ancillary data on FreeBSD. (#7708) using LOCAL_CREDS_PERSISTENT/SCM_CREDS2 instead so we also get the send process id.
|
#
2d1a320b |
| 30-May-2022 |
Kamil Tekiela |
UPGRADING for libmysql change
|
#
1d168a44 |
| 28-May-2022 |
Máté Kocsis |
Add upgrading entry for DatePeriod property changes [skip ci]
|
#
2920a266 |
| 22-Apr-2022 |
Calvin Buckley |
Quote when adding to connection string in (PDO_)ODBC Because the UID= and PWD= values are appended to the SQLDriverConnect case when credentials are passed, we have to append them to the
Quote when adding to connection string in (PDO_)ODBC Because the UID= and PWD= values are appended to the SQLDriverConnect case when credentials are passed, we have to append them to the string in case users are relying on this behaviour. However, they must be quoted, or the arguments will be invalid (or possibly more injected). This means users had to quote arguments or append credentials to the raw connection string themselves. It seems that ODBC quoting rules are consistent enough (and that Microsoft trusts them enough to encode into the .NET BCL) that we can actually check if the string is already quoted (in case a user is already quoting because of this not being fixed), and if not, apply the appropriate ODBC quoting rules. This is because the code exists in main/, and are shared between both ODBC extensions, so it doesn't make sense for it to only exist in one or the other. There may be a better spot for it. Closes GH-8307.
show more ...
|
#
059474a8 |
| 27-May-2022 |
Arnaud Le Blanc |
[ci skip] NEWS, UPGRADING
|
#
df77fee2 |
| 26-May-2022 |
Máté Kocsis |
Add upgrading entry for ext/tidy property changes [skip ci]
|
#
54de945b |
| 23-May-2022 |
Máté Kocsis |
Added a few missing punctuation marks in UPGRADING
|
#
7ec2950d |
| 23-May-2022 |
Máté Kocsis |
Add upgrading entry for readonly classes
|
#
016ac7c1 |
| 21-May-2022 |
David CARLIER |
[skip ci] UPGRADING note update, follow-up #8411 (#8598)
|
#
33fc9e5a |
| 13-May-2022 |
Christoph M. Becker |
Build ext/zip as shared library by default on Windows This allows users to use PECL/zip, which is well maintained and often brings new features which are not yet available in ext/zip, as
Build ext/zip as shared library by default on Windows This allows users to use PECL/zip, which is well maintained and often brings new features which are not yet available in ext/zip, as drop-in replacement for the official Windows php-src builds. Closes GH-8549.
show more ...
|
#
1f4830f2 |
| 15-May-2022 |
David Carlier |
Add TCP_NOTSENT_LOWAT socket option Can be used to limit the amount of unsent data per socket. Closes GH-8559.
|
#
10921525 |
| 15-May-2022 |
David Carlier |
Add CURLOPT_MAXFILESIZE_LARGE option Like other *LARGE options, it takes a 64 bit value. Closes GH-8557.
|