Fixes to GH-14078:
* Rename ZipArchive::openBuffer() to ::openString().
* For consistency with ::open(), return int|bool, don't throw an
exception on error. Provide error information via existing properties
and accessors.
* Fix memory leak when ::openString() is called but ::close() is not
called. Add test.
* Fix memory leak when a call to ::open() is followed by a call to
::openString(). Add test.
* Let libzip own the source, don't call zip_source_keep().
* Share buffer handling with ZipArchive::addFromString().
Elsewhere:
* If there is an error from zip_close() during a call to
ZipArchive::open(), emit a warning but proceed to open the archive,
don't return early. Add test.
* When buffers are saved by ZipArchive::addFromString(), release them
in ZipArchive::close() and ::open(), don't accumulate buffers until
the free_obj handler is called.
* Factor out buffer handling and reuse it in ZipArchive::openString()
Closes GH-21205.
Closes GH-14078.
Co-authored-by: Soner Sayakci <s.sayakci@shopware.com>
Co-authored-by: Ghaith Olabi <24876890+Gaitholabi@users.noreply.github.com>
The return type has been zip_int64_t since 2009, so we shouldn't
truncate to an int because the user may have requested a size that won't
fit in an int.
Closes GH-20509.
When type == 2, the zval is not initialized, so zval_ptr_dtor() on it
will crash.
Unfortunately couldn't test with property_exists() or Reflection because
they have fast paths that go through the property info, but fortunately
there are paths that don't implement a fast path (e.g. because it
doesn't make sense at that point), like with array_column().
So we use array_column() to trigger the crash.
Closes GH-20496.
- earlier return on invalid inputs from some ZipArchive methods.
- apply comp_flags type check for setCompressionName()/setCompressionIndex().
and throw exception for these
- add comp_flags check when passed as userland array option.
- adding a wrapper for zip_file_set_encryption workaround.
0.11 dates back from 2013 whereas 1.0.0 is from 2015.
Thus, simplifying the extension removing unlikely old api code usage.
centos 7 can always uses an alternative repository (e.g. remi's);
solaris 10 can access the 1.5.2 release via OpenCSW.
close GH-20355
during FCC conversion (79b9fe3) in the rare cases where the lib
fails to allocate the memory for these callbacks, we return false
directly.
close GH-20293
free_obj() for objects referenced in the main symbol table may be called only
once the executor has already shut down. php_zip_cancel_callback() may attempt
to invoke a user callback, which will terminate the process because user code is
not expected to be executed at this point. We solve this by calling the callback
in dtor_obj(), which is called earlier in the shutdown sequence.
dtor_obj() will actually attempt to call it again if the object was
reinitialized in the destructor, so we also avoid calling the callback when the
executor has shut down in the first place. This should never matter in practice.
Closes GH-19602
On successive usage, the password is copied as much but the older
address is never freed. Thus, we are hinting a password reset to address
it.
close GH-19936
The case of returning 0 is inconsistent in when it returns an empty
array, furthermore the caller already returns an empty array.
Because the caller overwrites the return value in these cases, it can
cause a memory leak.
This is easier to trigger on master in some cases as different code paths
are taken with the new bundled glob. On some platforms it is also
triggerable on 8.3.
Closes GH-19715.
* PHP-8.4:
Fix GH-18990, bug #81029, bug #47314: SOAP HTTP socket not closing on object destruction
Fix leak when path is too long in ZipArchive::extractTo()
curl: Remove incorrect string release on error
* PHP-8.3:
Fix GH-18990, bug #81029, bug #47314: SOAP HTTP socket not closing on object destruction
Fix leak when path is too long in ZipArchive::extractTo()
curl: Remove incorrect string release on error
* Move glob to main/ from win32/
In preparation to make the Win32 reimplementation the standard
cross-platform one. Currently, it doesn't do that and just passes
through the original glob implementation. We could consider also having
an option to use the standard glob for systems that have a sufficient
one.
* Enable building with win32 glob on non-windows
Kind of broken. We're namespacing the function and struct, but not yet
the GLOB_* defines. There are a lot of places callers check if i.e.
NOMATCH is defined that would likely become redundant.
Currently it also has php_glob and #defines glob php_glob (etc.) - I
suspect doing the opposite and changing the callers would make more
sense, just doing MVP to geet it to build (even if it fails tests).
* Massive first pass at conversion to internal glob
Have not tested yet. the big things are:
- Should be invisible to userland PHP code.
- A lot of :%s/GLOB_/PHP_GLOB_/g; the diff can be noisy as a result,
especially in comments.
- Prefixes everything with PHP_ to avoid conflicts with system glob in
case it gets included transitively.
- A lot of weird shared definitions that were sprawled out to other
headers are now included in php_glob.h.
- A lot of (but not yet all cases) of HAVE_GLOB are removed, since we
can always fall back to php_glob.
- Using the system glob is not wired up yet; it'll need more shim
ifdefs for each flag type than just glob_t/glob/globfree defs.
* Fix inclusion of GLOB_ONLYDIR
This is a GNU extension, but we don't need to implement it, as the GNU
implementation is flawed enough that callers have to manually filter it
anyways; just provide a stub definition for the constant.
We could consideer implementing this properly later. For now, fixes the
basic glob constant tests.
* Remove HAVE_GLOBs
We now always have a glob implementation that works. HAVE_GLOB should
only be used to check if we have a system implementation, for if we
decide to wrap the system implementation instead.
* We don't need to care about being POSIXly correct for internal glob
* Check for reallocarray
Ideally temporary until GH-17433.
* Forgot to move this file from win32/ to main/
* Check for issetugid (BSD function)
* Allow using the system glob with --enable-system-glob
* Style fix after removing ifdef
* Remove empty case for system glob
* PHP-8.4:
Fix IntlDateFormatter::parseToCalendar() reference type system breaks
datefmt_parse/datefmt_localtime references type system fixes
Fix GH-18438: Handling of empty data and errors in ZipArchive::addPattern
There is a ZPP arginfo violation because the empty return or error
return is not always properly handled.
And there is also a memory leak if creating the regular expression
instance fails.
Closes GH-18438.
Libzip already cleans up the previous callback, so when that means:
1. The callback zval being already copied over the previous one causes
libzip to clean up the new callback object. This is the root cause.
2. Our own code to clean the old callback is redundant.
Closes GH-18432.
