Fix GH-15023: Memory leak in Zend/zend_ini.c

Closes GH-15024.

Fix GH-15020: Memory leak in Zend/Optimizer/escape_analysis.c

Closes GH-15022.

RFC: Add the RoundingMode enum (#14833)

see https://wiki.php.net/rfc/correctly_name_the_rounding_mode_and_make_it_an_enum

Co-authored-by: Saki Takamachi <saki@php.net>
Co-author

RFC: Add the RoundingMode enum (#14833)

see https://wiki.php.net/rfc/correctly_name_the_rounding_mode_and_make_it_an_enum

Co-authored-by: Saki Takamachi <saki@php.net>
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>

show more ...

Fix trampoline leak in xpath callables

Closes GH-15009.

ext/curl: curl_error using curl_easy_strerror if CURLOPT_ERRORBUFFER

did not fill the error buffer.

close GH-14984

ext/pdo_firebird: Added getApiVersion() and removed from getAttribute (#15004)

Fix bug #55639: Digest autentication dont work

RFC 2617 and 7616 describe that for the "Authorization" header we should
not put the qop nor nc value inside quotes. This differs from the

Fix bug #55639: Digest autentication dont work

RFC 2617 and 7616 describe that for the "Authorization" header we should
not put the qop nor nc value inside quotes. This differs from the
WWW-Authenticate header, which may have been the source of the confusion
in the implementation. While the version with quotes seems to work fine
in some cases, clearly not all servers accept the non-standard form.
To fix the issue, simply removing the quotes of those two header fields
of the client request to be in line with the RFC suffices.

I refer further to example 3.5 in RFC 2617 and example 3.9.1 in
RFC 7616.

RFC 2617: https://datatracker.ietf.org/doc/html/rfc2617
RFC 7616: https://datatracker.ietf.org/doc/html/rfc7616

Closes GH-14328.

show more ...

ext/pdo_firebird: Added Pdo\Firebird::ATTR_API_VERSION (#14916)

closes #14916

Drop support for OpenSSL < 1.1.0 on Windows

PR #13498 bumped the required OpenSSL version to 1.1.1, but apparently
only for non Windows system. We catch up somewhat by dropping support

Drop support for OpenSSL < 1.1.0 on Windows

PR #13498 bumped the required OpenSSL version to 1.1.1, but apparently
only for non Windows system. We catch up somewhat by dropping support
for OpenSSL < 1.1.0 on Windows; besides completely removing detection
of old OpenSSL versions in `SETUP_OPENSSL`, we also ensure that all
bundled extension using this function do no longer accept OpenSSL <
1.1.0, to avoid to still be able to build these extensions with older
`phpize` scripts.

We do not cater to `--phar-native-ssl` yet; that might better be
addressed by #14578.

Closes GH-14973.

show more ...

Fix comments between -> and keyword

Comments should not fall out of ST_LOOKING_FOR_PROPERTY.

Fixes GH-14961
Closes GH-14976

Fix xmlreader extension phpize build

When building ext/xmlreader with phpize, also ext/dom/dom_ce.h needs to
be installed by dom extension as it is used in
the ext/xmlreader/php_xmlr

Fix xmlreader extension phpize build

When building ext/xmlreader with phpize, also ext/dom/dom_ce.h needs to
be installed by dom extension as it is used in
the ext/xmlreader/php_xmlreader.c.

cd ext/xmlreader
phpize
./configure
make

Closes GH-14978

show more ...

[ci skip] Fix NEWS

Fix references in request_parse_body() options array

Otherwise we get funny messages like
"Invalid string value in $options argument".

Closes GH-14977.

Build/Windows: Update the Windows icon as svg and build derivatives from it

Co-Authored-By: Nurudin Imsirovic <realnurudinimsirovic@gmail.com>

Closes GH-14964.

Fix use-after-free in property coercion with __toString()

This was only partially fixed in PHP-8.3. Backports and fixes the case for both
initialized and uninitialized property writes.

Fix use-after-free in property coercion with __toString()

This was only partially fixed in PHP-8.3. Backports and fixes the case for both
initialized and uninitialized property writes.

Fixes GH-14969
Closes GH-14971

show more ...

[ci skip] NEWS for return type change in ext/standard

See 673b4e890c0357c436eef8cb2fa0502ad5868d07

Support templated content

The template element in HTML 5 is special in the sense that it does not
add its contents into the DOM tree, but instead keeps them in a separate
shadow DOM

Support templated content

The template element in HTML 5 is special in the sense that it does not
add its contents into the DOM tree, but instead keeps them in a separate
shadow DOM document fragment. Interacting with the DOM tree cannot touch
the elements in the document fragment.

Closes GH-14906.

show more ...

[skip ci] Fix NEWS entry

[skip ci] Add property hooks entry to NEWS

[skip ci] Fix duplicate core header in NEWS

Restore Warning instead of Fatal Error in gd_webp.c

According to the docs (https://www.php.net/manual/en/function.imagecreatefromwebp.php and https://www.php.net/manual/en/function.imagewebp

Restore Warning instead of Fatal Error in gd_webp.c

According to the docs (https://www.php.net/manual/en/function.imagecreatefromwebp.php and https://www.php.net/manual/en/function.imagewebp.php), `false` should be returned on errors (similar to other functions of the `gd` extension), but actually all errors result in a `Fatal Error`. It doesn't look normal when trying to read an empty file or a file in the wrong format causes the program to stop. The problem seems to be related to a mega-patch that replaced `zend_error` with `zend_error_noreturn` almost everywhere. My patch fixes this behavior by switching from `zend_error_noerror` to `gd_error` (i.e. to `E_WARNING` level). All necessary memory cleanup is already in the code (as it was before the "zend_error_noreturn" patch).

Close GH-13774

show more ...

Fix GH-14873: PHP 8.4 min function fails on typed integer

The problem is that this line in the VM: `ZVAL_NULL(result);` changes the type
of arg1 as well, because after the DFA pass the r

Fix GH-14873: PHP 8.4 min function fails on typed integer

The problem is that this line in the VM: `ZVAL_NULL(result);` changes the type
of arg1 as well, because after the DFA pass the result and input both use
CV0($result).
We should not contract assignments with CVs in frameless calls with
arguments.
An older attempt is found at GH-14876 that tried to modify the VM/JIT.

Closes GH-14903.

show more ...

Fix GH-14930: Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3

Revert "Reserve less file space if possible in a directory entry"
This reverts commit 00c1e7

Fix GH-14930: Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3

Revert "Reserve less file space if possible in a directory entry"
This reverts commit 00c1e7bf0f1c7244589ce8756f0367497cf1ce15.

Closes GH-14933.

show more ...

Fix GH-14888: README.REDIST.BINS refers to non-existing LICENSE [ci skip]

The LICENSE file of libmagic had been inadvertently removed when the
lib had been upgraded to 5.43. So we add t

Fix GH-14888: README.REDIST.BINS refers to non-existing LICENSE [ci skip]

The LICENSE file of libmagic had been inadvertently removed when the
lib had been upgraded to 5.43. So we add the file `COPYING` from that
release[1], and rename it to `LICENSE`.

[1] <https://github.com/file/file/releases/tag/FILE5_43>

Closes GH-14917.

show more ...

ext/gd/tests/gh10614.phpt: skip if no PNG support

This test uses imagecreatefrompng(), which won't be there if libgd was
built without PNG support.

Closes GH-14905.