Fix #51903: simplexml_load_file() doesn't use HTTP headers
The `encoding` attribute of the XML declaration is optional; it is good
practice to use external encoding information where available if it is
missing. Thus, we check for `charset` info of `Content-Type` headers,
and see whether the encoding is supported.
We cater to trailing parameters and quoted-strings, but not to escaped
backslashes and quotes in quoted-strings, since no known character
encoding contains these anyway.
Co-authored-by: Michael Wallner <mike@php.net>
Closes GH-6747.
Max Semenik [Thu, 25 Feb 2021 15:51:11 +0000 (18:51 +0300)]
Update mysqli tests to work with newer MySQL server
* @@session.old_passwords is present only in 5.6 and 5.7. Newer versions
already behave as if they have old_passwords=2.
* SET PASSWORD FOR ... = PASSWORD(...) syntax was removed in 8.0.
For all affected tests, versions that don't support newer SQL are
already explicitly excluded with version checks.
Nikita Popov [Thu, 4 Mar 2021 15:26:47 +0000 (16:26 +0100)]
Add mechanism to skip the skipif cache
If the SKIPIF section return nocache, don't cache the result. This
is used by tests that perform complex test set in conjunction with
skip checks, and need to be evaluated every time.
Dmitry Stogov [Thu, 4 Mar 2021 14:28:25 +0000 (17:28 +0300)]
Merge branch 'PHP-8.0'
* PHP-8.0:
Fix ASAN warning (Zend/zend_string.h:165:2: runtime error: null pointer passed as argument 2 of memcpy(), which is declared to never be null)
twosee [Thu, 4 Mar 2021 06:07:54 +0000 (14:07 +0800)]
Remove duplicated SSL_CTX_set_verify()
Duplicated with line 920.
Our minimal OpenSSL version is v1.0.1 (See https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/ssl/ssl_lib.c#L2039).
Removing it does not affect program behavior.
Closes GH-6751.
Fix #78719: http wrapper silently ignores long Location headers
When opening HTTP streams, and reading the headers, we currently
discard header lines longer than `HTTP_HEADER_BLOCK_SIZE` (1024 bytes).
While this is not generally forbidden by RFC 7230, section 3.2.5, it
is not generally allowed either, since that may change the "message
framing or response semantics".
We thus fix this by allowing arbitrarily long header lines.
Nikita Popov [Tue, 2 Mar 2021 09:58:35 +0000 (10:58 +0100)]
Fixed bug #80808
If the ZEROFILL flag is set for a field, do not convert it into
an integer (text protocol) or convert it explicitly into a padded
string (binary protocol).
Fix #80751: Comma in recipient name breaks email delivery
So far, `SendText()` simply separates potential email address lists at
any comma, disregarding that commas inside a quoted-string do not
delimit addresses. We fix that by introducing an own variant of
`strtok_r()` which caters to quoted-strings.
We also make `FormatEmailAddress()` aware of quoted strings.
We do not cater to email address comments, and potentially other quirks
of RFC 5322 email addresses, but catering to quoted-strings is supposed
to solve almost all practical use cases.
Tyson Andre [Fri, 26 Feb 2021 14:48:36 +0000 (09:48 -0500)]
Optimize serializing class names
Because of the memcpy, compilers can't infer that ZSTR_LEN (i.e. class_name->len)
did not change, so they copy it out of memory into a register for the last two
accesses.
php_var_serialize_string already does something similar.
Dmitry Stogov [Mon, 1 Mar 2021 10:43:22 +0000 (13:43 +0300)]
Change the order of properties used in foreach(), var_dump(), serialize(), comparison, etc. Now properties are ordered according to their layout in zend_object structure.
Nikita Popov [Mon, 18 May 2020 13:46:06 +0000 (15:46 +0200)]
Reference dynamic functions through dynamic_defs
Currently, dynamically declared functions and closures are inserted
into the function table under a runtime definition key, and then later
possibly renamed. When opcache is not used and a file containing a
closure is repeatedly included, this leads to a very large memory leak,
as the no longer needed closure declarations will never be freed
(https://bugs.php.net/bug.php?id=76982).
With this patch, dynamic functions are instead stored in a
dynamic_func_defs member on the op_array, which opcodes reference
by index. When the parent op_array is destroyed, the dynamic_func_defs
it contains are also destroyed (unless they are stilled used elsewhere,
e.g. because they have been bound, or are used by a live closure). This
resolves the fundamental part of the leak, though doesn't completely
fix it yet due to some arena allocations.
The main non-obvious change here is to static variable handling:
We can't destroy static_variables_ptr in destroy_op_array, as e.g.
that would clear the static variables in a dynamic function when
the op_array containing it is destroyed. Static variable destruction
is separated out for this reason (we already do static variable
destruction separately for normal functions, so we only need to
handle main scripts).
Dmitry Stogov [Fri, 26 Feb 2021 16:27:55 +0000 (19:27 +0300)]
Change the order of properties used for var_dump(), serialize(), comparison, etc.
Now properties are ordered according to their layout in zend_object structure.
Max Semenik [Thu, 25 Feb 2021 10:15:03 +0000 (13:15 +0300)]
run-tests: drop support for ancient Valgrind versions
Valgrind 3.3.0 was released in 2007, not even RHEL has crap older than
this. It could be argued that 3.8.0, released in 2012, could be a safe
cutoff too.
projects / php / log