Nikita Popov [Wed, 10 Feb 2021 11:18:42 +0000 (12:18 +0100)]
Make finfo_open() $magic_database nullable
Empty string was interpreted as a special value here, which indicates
that the default magic database should be used. It makes more sense
to use null for this purpose.
The documentation also explicitly mentions that null can be used.
Nikita Popov [Wed, 10 Feb 2021 11:00:20 +0000 (12:00 +0100)]
Don't pass null action to __doRequest
The parameter is not nullable, so it will be interpreted as
an empty string anyway.
The entire code here is pretty confusing though, and probably
deserves a second loop. The HTTP code only send SOAPAction/action
if soapaction is non-NULL -- but it always is, because it is
accepted through a non-nullable string parameter.
Regarding the SOAPAction header, it appears that always sending
it is actually a requirement of the standard:
> An HTTP client MUST use this header field when issuing a SOAP
> HTTP Request.
Although it does make a distinction between absence of value and
an empty string:
> The header field value of empty string ("") means that the intent
> of the SOAP message is provided by the HTTP Request-URI. No value
> means that there is no indication of the intent of the message.
The empty string interpretation appears to be the desired one.
However, for the action MIME tag the SOAP 1.2 Part 2 specification
says that
> The media type specifies an optional action parameter, which can
> be used to optimize dispatch or routing, among other things.
but also
> The SOAP Action feature defines a single property, which is
> described in Table 14. The value of this property MUST be an
> absolute URI[RFC 3986] and MUST NOT be empty.
which would indicate that we should not be sending an empty
action here.
As I'm not familiar with SOAP and this is long-standing behavior,
I'm just leaving this alone for now...
Nikita Popov [Wed, 10 Feb 2021 09:50:42 +0000 (10:50 +0100)]
Accept null $location in SoapClient::__setLocation()
Currently an empty string is used to unset the location. Once
again, it makes more sense to use a null value for this purpose
(though the special behavior of empty strings is retained).
The code comment above the function also explicitly indicates
that null should be accepted, and the function does return null
rather than an empty string for the old location value (if it
is missing).
Nikita Popov [Wed, 10 Feb 2021 09:36:32 +0000 (10:36 +0100)]
Make SoapVar arguments nullable
$typeName, $typeNamespace, $nodeName and $nodeNamespace all
special-case the empty string and don't set the property entirely
in that case. It makes more sense to use null to indicate absence
here (though of course the empty string behavior is retained).
Nikita Popov [Tue, 9 Feb 2021 14:15:20 +0000 (15:15 +0100)]
Make imagegd $file parameter nullable
It is explicitly documented to be nullable, and this matches other
functions like imagepng. It is also documented to accept a stream,
which it currently does not...
Nikita Popov [Tue, 9 Feb 2021 11:55:33 +0000 (12:55 +0100)]
Make Phar $fileNotFoundScript nullable
While "" is already treated the same way as absence, null is the
logically correct default here. Making this one argument non-nullable
is particularly pecular when considering that the preceding $alias
and $index arguments are both nullable.
Nikita Popov [Tue, 9 Feb 2021 11:28:28 +0000 (12:28 +0100)]
Make createDocument() $namespace nullable
According to the DOM specification, this argument should be
nullable. It's also supposed to be a required argument, but
not changing that at this point.
Fix #80706: mail(): Headers after Bcc headers may be ignored
We need to handle the case where a CRLF after a Bcc header is not the
beginning of a folding marker, because in that case the Bcc header was
not the last "thing".
Fix #74779: x() and y() truncating floats to integers
We must not use the locale dependent `atof()`, but instead use the
(hopefully) locale independent `zend_strtod()`, when converting string
representations of floating point numbers which are sent by the server.
Nikita Popov [Thu, 4 Feb 2021 14:18:45 +0000 (15:18 +0100)]
Fix CLI server worker support
If we create separate listening sockets in each worker using
SO_REUSEADDR, then an incoming connection may be load-balanced
to a process that is already busy, either due to a long-running
request, or because it is a recursive request (in which case we
would deadlock).
Instead, only create one listening socket, and only create worker
forks afterwards. This way the incoming request will be served
by one of the workers that is currently listening for an incoming
connection.
When Phars are flushed, a new temporary file is created for each entry
which should be compressed, and the `compressed_filesize` is retrieved.
Afterwards, the Phar manifest is written, and only after that the files
are copied to the actual Phar. So for each such entry there is an open
temp file, what easily exceeds the limit.
Therefore, we use a single temporary file for all entries, and store
the start offset in the otherwise unused `header_offset` member. We
ensure that the `cfp` members are properly set to NULL even if flushing
fails, to avoid use after free scenarios.
This solution is based on a suggestion by @lserni[1].
Nikita Popov [Tue, 2 Feb 2021 09:05:35 +0000 (10:05 +0100)]
Fix persistent leak on load_wsdl_ex failure
Move the load_wsdl_ex call into the zend_try that destroys the
docs hash table. The wsdl will be inserted into docs early on,
and will thus be released on subsequent bailout.
We remove the arbitrary restriction to `INT_MAX`; it is superfluous on
32bit systems where `ZEND_LONG_MAX == INT_MAX` anyway, and not useful
on 64bit systems, where larger files should be readable, if the
`memory_limit` is large enough.
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.
Fix #70091: Phar does not mark UTF-8 filenames in ZIP archives
The default encoding of filenames in a ZIP archive is IBM Code Page
437. Phar, however, only supports UTF-8 filenames. Therefore we have
to mark filenames as being stored in UTF-8 by setting the general
purpose bit 11 (the language encoding flag).
The effect of not setting this bit for non ASCII filenames can be seen
in popular tools like 7-Zip and UnZip, but not when extracting the
archives via ext/phar (which is agnostic to the filename encoding), or
via ext/zip (which guesses the encoding). Thus we add a somewhat
brittle low-level test case.
Nikita Popov [Tue, 26 Jan 2021 14:15:18 +0000 (15:15 +0100)]
Fix VAR return type verification
We should also set retval_ref when de-indirecting. Otherwise the
retval_ref != retval_ptr comparison below may incorrect assume
that we're returning a reference.
I don't have a reliable reproducer for this issue, but it sometimes
appears in certain configurations in arrow_functions/007.phpt in
conjunction with other changes.
Fix #53251: bindtextdomain with null dir doesn't return old value
Apparently, users expect `bindtextdomain` and `bind_textdomain_codeset`
with `null` as second argument to work like their C counterparts,
namely to return the previously set value. Thus, we support that.