sj-i [Sun, 20 Dec 2020 06:57:54 +0000 (15:57 +0900)]
Fixed bug #42560
Check open_basedir after the fallback to the system's temporary
directory in tempnam().
In order to preserve the current behavior of upload_tmp_dir
(do not check explicitly specified dir, but check fallback),
new flags are added to check open_basedir for explicit dir
and for fallback.
Dylan K. Taylor [Mon, 11 Jan 2021 22:39:14 +0000 (22:39 +0000)]
Keep JIT region executable under ZTS
When one thread tries to compile a script, another thread may
already be executing JITed code. In this case we can't make the
memory non-executable.
This violates the W^X principle, but doesn't seem to be avoidable
for ZTS builds for now. The same problem does not exist for NTS,
as it's a different process executing there, which has it's own
memory protection mapping.
Nikita Popov [Tue, 19 Jan 2021 08:59:26 +0000 (09:59 +0100)]
Disable opcache optimizations during some observer tests
Opcache inlines functions that only return a constant. Disable
optimizations to prevent differences in tests where such functions
are used (or rewrite the test to not depend on it).
sj-i [Mon, 18 Jan 2021 17:02:09 +0000 (02:02 +0900)]
Delete an outdated comment for read_property and read_dimension. [ci skip]
The comment is outdated as of PHP7.
For example, in the current code, zend_assign_op_overloaded_property() expects the refcount of the returned value from read_property to be greater than 0 when the returned value is a refcounted, to call zval_ptr_dtor() later.
History:
- The same description was originally written in a commit in 2004 alongside the write side. https://github.com/php/php-src/commit/c8c0e979826b677de5f786920289056242ea5c54
- One requested to put the description in somewhere. https://externals.io/message/7789
- Then it was added as a comment in zend_object_handler.h . https://github.com/php/php-src/commit/7d3215d33321173c58db4d86b7398e16c5c55d13
- At the time the comment was written, there were at least three places where the code actually set the reference count to 0 in read_properties.
- https://github.com/php/php-src/blob/7d3215d33321173c58db4d86b7398e16c5c55d13/ext/dom/php_dom.c#L229
- https://github.com/php/php-src/blob/7d3215d33321173c58db4d86b7398e16c5c55d13/ext/mysqli/mysqli.c#L190
- https://github.com/php/php-src/blob/7d3215d33321173c58db4d86b7398e16c5c55d13/ext/simplexml/simplexml.c#L245
- All three of the above were removed during the development of PHP 7.
- https://github.com/php/php-src/commit/2f0a758fbbf39ff8684d167f86c708cc361db782
- https://github.com/php/php-src/commit/2402d6cbbc5e04362b23b183f9129a8db230bcce
- https://github.com/php/php-src/commit/a975c7e0fe95a94c119eb1c8e519b2357aa50dcc
- In the current code, even when they generate and return a refcounted value, its refcount would be 1.
Nikita Popov [Mon, 18 Jan 2021 15:14:31 +0000 (16:14 +0100)]
gen_stub: Also verify implementation-alias
This makes --verify also check @implementation-alias. Failures are
ignored using @no-verify instead. Some mistakes have been made that
would have been caught by this...
Nikita Popov [Mon, 18 Jan 2021 13:39:51 +0000 (14:39 +0100)]
Merge branch 'PHP-8.0'
* PHP-8.0:
Sync datefmt_get_calendar_object signature
Sync intlcal_create_instance() and IntlCalendar::createInstance()
Sync date_diff and DateTime::diff return type
Nikita Popov [Mon, 18 Jan 2021 13:35:44 +0000 (14:35 +0100)]
Sync intlcal_create_instance() and IntlCalendar::createInstance()
Remove the explicit mention of IntlGregorianCalendar in the latter.
It is a subclass of IntlCalendar, and as such covered if only
IntlCalendar is used as the return type.
Dylan K. Taylor [Tue, 12 Jan 2021 01:49:38 +0000 (01:49 +0000)]
Fix stub for Phar::setStub()
This fixes multiple issues:
* The first parameter may be resource|string.
* It's an overloaded signature. The second parameter cannot be
passed if the first one is a string. Use UNKNOWN default
value for that reason.
* Make parameter names in PharData::setStub() match those in
Phar.
Fix #80595: Resetting POSTFIELDS to empty array breaks request
This is mainly to work around https://github.com/curl/curl/issues/6455,
but not building the mime structure for empty hashtables is a general
performance optimization, so we do not restrict it to affected cURL
versions (7.56.0 to 7.75.0).
The minor change to bug79033.phpt is unexpected, but should not matter
in practice.
From libcurl version 7.62.0 and later, it supports DNS-over-HTTPS with
[`CURLOPT_DOH_URL`](https://curl.se/libcurl/c/CURLOPT_DOH_URL.html) option.
This adds integration with the `CURLOPT_DOH_URL` option if libcurl version
is >= 7.62.0 (0x073E00).
For reference, Ubuntu 20.04+ `libcurl4-openssl-dev`-based PHP builds use Curl 7.68.
Alex Dowad [Sun, 18 Oct 2020 17:31:58 +0000 (19:31 +0200)]
Remove useless constant MBFL_ENCTYPE_MBCS
This flag indicated that an encoding was 'multi-byte'; it can use a variable
number of bytes to encode each character. As it turns out, we don't actually
need to check this flag anywhere, so it's better to remove it.
Alex Dowad [Sat, 17 Oct 2020 19:29:47 +0000 (21:29 +0200)]
Remove useless mbstring encoding 'JIS-ms'
MicroSoft invented three encodings very similar to ISO-2022-JP/JIS7/JIS8, called
CP50220, CP50221, and CP50222. All three are supported by mbstring.
Since these encodings are very similar, some code can be shared. Actually,
conversion of CP50220/1/2 to Unicode is exactly the same operation; it's when
converting from Unicode to CP50220/1/2 that some small differences arise in how
certain katakana are handled.
The most important common code was a function called `mbfl_filt_wchar_jis_ms`.
The `jis_ms` part doubtless refers to the fact that these encodings are modified
versions of 'JIS' invented by 'MS'. mbstring also went a step further and exported
'JIS-ms' to userland as a separate encoding from CP50220/1/2. If users requested
'JIS-ms' conversion, they got something like CP50220/1/2, minus their special
ways of handling half-width katakana when converting from Unicode.
But... that 'encoding' is not something which actually exists in the world outside
of mbstring. CP50220/1/2 do exist in MicroSoft software, but not 'JIS-ms'.
For a text encoding conversion library, inventing new variant encodings and
implementing them is not very productive. Our interest is in handling text
encodings which real people actually use for... you know, storing actual text
and things like that.
Alex Dowad [Wed, 7 Oct 2020 20:54:39 +0000 (22:54 +0200)]
Remove useless mbstring encoding 'CP50220-raw'
CP50220 is a variant of ISO-2022-JP invented by MicroSoft, which handles some
Unicode characters which are not representable in ISO-2022-JP by converting
them to similar characters which are representable.
What, then, is CP50220-raw? An Internet search turns up absolutely nothing.
Reference works which I consulted don't say anything about it. Other text
conversion libraries don't support it.
From looking at the code: It's just the same as CP50220, but it accepts
unmapped JIS X 0208 characters passed through from other Japanese encodings
and silently encodes them using the usual ISO-2022-JP escape sequence and
representation for JIS X 0208 characters.
It's hard to see how this could be useful. OK, let me come out and say it:
it's _not_ useful. We can confidently jettison this (mis)feature.
Nikita Popov [Fri, 15 Jan 2021 16:07:51 +0000 (17:07 +0100)]
Limit unserialization element count more aggressively
This is slightly more aggressive about rejecting obviously incorrect
element counts. Previously the number of elements was allowed to
match the number of characters. Now it is the number of characters
divided by two (this can actually be increased further to at least 4).
This doesn't really matter in the grand scheme of things (as it
just cuts maximum memory usage by half), but should fix
oss-fuzz #29356.
Nikita Popov [Tue, 12 Jan 2021 09:26:17 +0000 (10:26 +0100)]
Print "interned" instead of fake refcount in debug_zval_dump()
debug_zval_dump() currently prints refcount 1 for interned strings
and arrays, which does not really reflect the truth. These values
are not refcounted, so the refcount is misleading. Instead print
an "interned" tag.
Nikita Popov [Thu, 14 Jan 2021 15:24:29 +0000 (16:24 +0100)]
Build PDO OCI and OCI8 on azure
The extensions are build as shared to only check that they compile,
without running tests. The OCI8 extension does not properly SKIPIF
no database is available.
It should be noted that if we do want to also test these, then
(apart from running a database) it will also be necessary to configure
with LIBS="-Wl,--disable-new-dtags" in order to force the use of RPATH
instead of RUNPATH, the latter of which does not affect dlopened
libraries. Using LD_LIBRARY_PATH does not mesh well with our test
suite.
Nikita Popov [Fri, 15 Jan 2021 09:42:11 +0000 (10:42 +0100)]
Remove the convert_to_long_base function
This function is unused in php-src, and has somewhat dubious
semantics, especially since we switched convert_to_long to not
use strtol for the base 10 case.
If you want to convert strings from a different base, use
ZEND_STRTOL directly.
Alex Dowad [Sun, 11 Oct 2020 14:24:18 +0000 (16:24 +0200)]
CP5022{0,1,2}: convert Unicode codepoints in 'user' area (0xE000-E757) correctly
Unicode has a range of 'private' codepoints which individual applications can
use for their own purposes. When they were inventing CP932, MicroSoft mapped
these 'private' or 'user' codepoints to ten new rows added to the JIS X 0208
character table. (JIS X 0208 is based on a 94x94 table; MS used rows 95-114
for private characters.)
`mbfl_filt_conv_wchar_jis_ms` converted these private codepoints to rows 85-94
rather than 95-114. The code included a link to a document on the OpenGroup
web site, dating back to 1996 [1], which proposed mapping private codepoints to
these rows. However, that is not consistent with what mbstring does when
converting CP5022x to Unicode.
There seems to be a dearth of information on CP5022x on the web. However, I
did find one (Japanese-language) page on CP50221, which states that it maps
kuten codes 0x7F21-0x927E to the 'private' Unicode codepoints [2].
As a side note, using rows higher than 95 does seem to defeat one purpose of
using an ISO-2022-JP variant: ISO-2022-JP was specifically designed to be
"7-bit clean", but once you go beyond row 95, the ku codes are 0x80 and up,
so 8 bits are needed.
Alex Dowad [Sun, 11 Oct 2020 12:50:20 +0000 (14:50 +0200)]
CP5022{0,1,2}: convert characters in ku 0x2D (13th row) correctly
Essentially, CP5022{0,1,2} are to CP932 as ISO-2022-JP is to Shift-JIS.
As Shift-JIS and ISO-2022-JP both encode characters from the JIS X 0208 charset,
CP932 and CP5022x both encode characters from JIS X 0208 _plus_ extra characters
added as MicroSoft vendor extensions.
Among the added characters are a number of symbols which MS put in the 13th row
of the 94x94 character table. (In JIS X 0208, that row is empty.)
mbfilter_cp50220x.c had an `if` clause which was intended to handle the
conversion of characters in that 13th row, but it was dead code, as the previous
clause was always true in those cases. The solution is to reverse the order of
those two clauses (just as they already appeared in mbfilter_cp932.c).
Alex Dowad [Thu, 8 Oct 2020 20:34:29 +0000 (22:34 +0200)]
Stricter handling of erroneous input when converting CP5022{0,1,2} text encoding
Don't allow escape sequences to start in the middle of a multibyte character.
Also, don't silently pass through illegal bytes which appear where the 2nd
byte of a multibyte character should be.
Alex Dowad [Mon, 14 Sep 2020 19:07:03 +0000 (21:07 +0200)]
JIS7/JIS8 encoding: handle invalid 2nd byte for Kanji correctly
Previously, in ISO-2022-JP/JIS7/JIS8, if an escape sequence (starting with 0x1B)
appeared where the 2nd byte of a multibyte character should have been, mbstring
would forget all about the truncated multibyte character and happily accept the
escape sequence. However, such sequences are not legal and should be flagged as
errors.
Also, any other illegal bytes appearing where the 2nd byte of a multibyte
character was expected were just passed through quietly to the output. Fix that.
Also add a test suite for both ISO-2022-JP and JIS7/JIS8. (These are extremely
similar encodings; JIS7 and JIS8 are variants of ISO-2022-JP. mbstring's 'JIS'
is actually a combination of JIS7 _and_ JIS8, since the extensions which each
one adds to ISO-2022-JP are disjoint.)
Alex Dowad [Mon, 4 Jan 2021 20:03:21 +0000 (22:03 +0200)]
JIS7/JIS8 encoding: use JISX0201 for U+203E (overline)
In other legacy Japanese encodings like Shift-JIS, we are now using a specific
JISX 0208 character for the Unicode overline (U+203E). Previously, the single
byte 0x7E was used, but an ASCII 0x7E does not represent an overline, so this
was changed.
However, JIS7/JIS8 can represent characters in the JISX 0201 character set as
well. That character set also includes an overline character, which takes less
bytes to encode than the corresponding JISX 0208 character, so we'll use it.
This is what mbstring had been doing for a long time; but it changed as a
side effect of the recent changes to how U+203E is encoded in Shift-JIS, etc.
So change it back.
Alex Dowad [Sat, 19 Sep 2020 14:26:04 +0000 (16:26 +0200)]
Add comment explaining why ISO-2022-JP-2004, etc strings end with ESC ( B
These encodings have multiple modes which can be selected via escape sequences.
The default starting mode is ASCII. If a string _ends_ in a different mode, we
emit a 'redundant' escape sequence to switch back to ASCII.
If the resulting string is never concatenated with other strings, that extra
escape sequence serves no purpose. But if the resulting string is concatenated
with other strings of the same encoding, it ensures that the resulting string
will be valid.
Alex Dowad [Wed, 13 Jan 2021 19:28:50 +0000 (21:28 +0200)]
ISO-2022-JP-2004 conversion: represent backslash and tilde as ASCII
This issue dates back to some commits I merged recently, which made encodings
like Shift-JIS-2004 use appropriate JIS X 0208 characters to represent
backslashes and tildes, rather than single-byte characters which are used in
those encodings with a different meaning (for example, in these encodings,
0x5C is used for a halfwidth Yen sign, rather than a backslash).
There was an unintended side effect: ISO-2022-JP-2004 was also made to
represent backslashes and tildes using JIS X 0208 characters. However,
ISO-2022-JP explicitly includes ASCII as one of its selectable character sets,
and ISO-2022-JP-2004 is just an extension of ISO-2022-JP. So when converting
text to ISO-2022-JP-2004, we can convert Unicode backslashes and tildes to ASCII
rather than using the corresponding JIS X 0208 characters.
Nikita Popov [Thu, 14 Jan 2021 11:13:34 +0000 (12:13 +0100)]
Remove zend_locale_sprintf_double()
This function is unused, and also not particularly useful now that
PHP no longer prints doubles in a locale-sensitive way unless
someone really goes out of their way to force it.
Nikita Popov [Thu, 14 Jan 2021 11:06:07 +0000 (12:06 +0100)]
Make convert_to_*_ex simple aliases of convert_to_*
Historically, the _ex variants separated the zval first, if a
conversion was necessary. This distinction no longer makes sense
since PHP 7.
The only difference that was still left is that _ex checked whether
the type is the same first, but the usage of these macros did not
actually distinguish on whether such an inlined check is valuable
or not in a given context.
Also drop the unused convert_to_explicit_type macros.
Nikita Popov [Thu, 14 Jan 2021 10:58:08 +0000 (11:58 +0100)]
Remove Z_PARAM separate params where they don't make sense
Separation can only possibly make sense for array parameters
(or something that can contain arrays, like zval parameters). It
never makes sense to separate a bool.
The deref parameters are also of dubious utility, but leaving them
for now.
sj-i [Wed, 13 Jan 2021 21:33:22 +0000 (06:33 +0900)]
Fix outdated comment about refcounting in array.c [ci skip]
Originally the reference count was incremented in here.
PHP7 removed the refcounting.
https://github.com/php/php-src/commit/aa8ecbedcb94e9e22e8fd7ffd539377e747153f7#diff-9c1967d7282ea72ecea9d5dae0dab7349a34d48cc7a10ca38ff49a616f628e40L1954
sj-i [Tue, 12 Jan 2021 05:06:52 +0000 (14:06 +0900)]
Fix #51758: delete an outdated comment from zend_object_handler.h [ci skip]
The same description was originally written in a commit in 2004 which fixes a bug in the pre-released simplexml.
https://github.com/php/php-src/commit/c8c0e979826b677de5f786920289056242ea5c54
One requested to put the description in somewhere.
https://externals.io/message/7789
At the time of the comment written, the refcount of RHS was simply incremented before calling the write handler in the process of ZEND_ASSIGN_OBJ.
https://github.com/php/php-src/blob/c8c0e979826b677de5f786920289056242ea5c54/Zend/zend_execute.c#L407
The refcount of a zval may be 0 or 1 if the write handler is called from zend_API in that era.
https://github.com/php/php-src/blob/c8c0e979826b677de5f786920289056242ea5c54/Zend/zend_API.c#L1058-L1170
It seems that the original intent of this prescription was preventing unintended modification to the RHS and values which share the memory location with the RHS in assignments.
In the first place, it is not usual trying to change the RHS in a write handler, IMHO. I don't think the description makes sense in the current situation about handling of refcount, so I simply delete the whole sentences.
Because write_dimension has no return value, the mentioning about the return value is moved to the comment for write_property only.
projects / php / log