1
0
mirror of https://github.com/php/php-src.git synced 2026-04-22 15:38:49 +02:00
Commit Graph

1359 Commits

Author SHA1 Message Date
George Peter Banyard 0d0c9acafb Fix param name order for Phar::copy() 2021-09-08 12:31:09 +01:00
Stanislav Malyshev ffcf5ba4ae Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix test
2021-08-23 23:43:58 -07:00
Stanislav Malyshev c1f427b506 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix test
2021-08-23 23:43:51 -07:00
Stanislav Malyshev b815645aac Fix test 2021-08-23 23:43:32 -07:00
Stanislav Malyshev 33e4174d1c Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Update NEWS
  Fix #81211: Symlinks are followed when creating PHAR archive
2021-08-23 23:30:34 -07:00
Stanislav Malyshev 40db8947e2 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Update NEWS
  Fix #81211: Symlinks are followed when creating PHAR archive
2021-08-23 23:29:01 -07:00
Christoph M. Becker 2ff853aa11 Fix #81211: Symlinks are followed when creating PHAR archive
It is insufficient to check whether the `base` is contained in `fname`;
we also need to ensure that `fname` is properly separated.  And of
course, `fname` has to start with `base`.
2021-08-23 23:25:16 -07:00
Nikita Popov 9726bc6977 Duplicate possibly persistent string in phar metadata clone 2021-07-20 16:24:00 +02:00
Máté Kocsis 9bba9f68df Fix a few ext/phar return types 2021-05-27 16:31:18 +02:00
Máté Kocsis 2d47447d66 Add a few missing RETURN_THROWS();
Only PharFileInfo::compress() really needs it though.
2021-05-27 16:31:18 +02:00
Christoph M. Becker cb262cd974 Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix #80960: opendir() warning wrong info when failed on Windows
2021-04-19 16:17:01 +02:00
Christoph M. Becker ea3c992bff Fix #80960: opendir() warning wrong info when failed on Windows
Firstly, we must not forget to set appropriate error codes for "manual"
checks in `virtual_file_ex()`.

Secondly, we must not call `php_error_docref2()` for warnings regarding
unary functions; thus, we introduce `php_win32_docref1_from_error()`.

Closes GH-6872.
2021-04-19 16:12:22 +02:00
Dmitry Stogov 187ba4353a Fix ASAN warning (Zend/zend_string.h:165:2: runtime error: null pointer passed as argument 2 of memcpy(), which is declared to never be null) 2021-03-04 17:27:26 +03:00
Nikita Popov 44192ce80b Make Phar $fileNotFoundScript nullable
While "" is already treated the same way as absence, null is the
logically correct default here. Making this one argument non-nullable
is particularly pecular when considering that the preceding $alias
and $index arguments are both nullable.
2021-02-09 12:55:33 +01:00
Christoph M. Becker f4332a36b4 Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix #53467: Phar cannot compress large archives
2021-02-03 11:24:36 +01:00
Christoph M. Becker 1bb2a4f91c Fix #53467: Phar cannot compress large archives
When Phars are flushed, a new temporary file is created for each entry
which should be compressed, and the `compressed_filesize` is retrieved.
Afterwards, the Phar manifest is written, and only after that the files
are copied to the actual Phar.  So for each such entry there is an open
temp file, what easily exceeds the limit.

Therefore, we use a single temporary file for all entries, and store
the start offset in the otherwise unused `header_offset` member.  We
ensure that the `cfp` members are properly set to NULL even if flushing
fails, to avoid use after free scenarios.

This solution is based on a suggestion by @lserni[1].

Closes GH-6643.

[1] <https://github.com/box-project/box2/issues/80#issuecomment-77147371>
2021-02-03 11:22:37 +01:00
Nikita Popov f1cf553437 Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Update year to 2021
2021-02-02 16:46:52 +01:00
Peter Kokot 8c04944b66 Update year to 2021
Closes GH-6636.
2021-02-02 16:46:16 +01:00
Christoph M. Becker 01a348617f Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix #70091: Phar does not mark UTF-8 filenames in ZIP archives
2021-01-26 19:15:37 +01:00
Christoph M. Becker 6a0b889f57 Fix #70091: Phar does not mark UTF-8 filenames in ZIP archives
The default encoding of filenames in a ZIP archive is IBM Code Page
437.  Phar, however, only supports UTF-8 filenames.  Therefore we have
to mark filenames as being stored in UTF-8 by setting the general
purpose bit 11 (the language encoding flag).

The effect of not setting this bit for non ASCII filenames can be seen
in popular tools like 7-Zip and UnZip, but not when extracting the
archives via ext/phar (which is agnostic to the filename encoding), or
via ext/zip (which guesses the encoding).  Thus we add a somewhat
brittle low-level test case.

Closes GH-6630.
2021-01-26 19:14:25 +01:00
Christoph M. Becker 2e580da28e Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix #75850: Unclear error message wrt. __halt_compiler() w/o semicolon
2021-01-25 18:49:22 +01:00
Christoph M. Becker 61ed904cec Fix #75850: Unclear error message wrt. __halt_compiler() w/o semicolon
We add the failure reason to the error message.

Closes GH-6638.
2021-01-25 18:47:15 +01:00
Christoph M. Becker 02933f923e Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Add missing SKIPIF clause for recently introduced test case
2021-01-21 17:28:41 +01:00
Christoph M. Becker edb389730d Add missing SKIPIF clause for recently introduced test case 2021-01-21 17:27:09 +01:00
Christoph M. Becker 0ad78817a3 Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Add missing SKIPIF clauses to new test cases
2021-01-20 11:04:48 +01:00
Christoph M. Becker 4c1b3e3036 Add missing SKIPIF clauses to new test cases 2021-01-20 11:02:52 +01:00
Christoph M. Becker cfae999f1b Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix #69279: Compressed ZIP Phar extractTo() creates garbage files
2021-01-19 10:30:28 +01:00
Christoph M. Becker 68f5289e9e Fix #69279: Compressed ZIP Phar extractTo() creates garbage files
When extracting compressed files from an uncompressed Phar, we must not
use the direct file pointer, but rather get an uncompressed file
pointer.

We also add a test to show that deflated and stored entries are
properly extracted.

This also fixes #79912, which appears to be a duplicate of #69279.

Co-authored-by: Anna Filina <afilina@gmail.com>

Closes GH-6599.
2021-01-19 10:28:54 +01:00
Nikita Popov 48e2e5324e Fix parameter name of PharData::getMetadata()
The name should be the same as for Phar::getMetadata().
2021-01-18 14:09:00 +01:00
Dylan K. Taylor 0aad77418d Fix stub for Phar::setStub()
This fixes multiple issues:
 * The first parameter may be resource|string.
 * It's an overloaded signature. The second parameter cannot be
   passed if the first one is a string. Use UNKNOWN default
   value for that reason.
 * Make parameter names in PharData::setStub() match those in
   Phar.

Closes GH-6596.
2021-01-18 12:59:18 +01:00
Christoph M. Becker 90081c5391 Add missing SKIPIF clause for require_hash.phpt 2021-01-06 11:00:10 +01:00
Christoph M. Becker 66a74f2f4a Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix #77565: Incorrect locator detection in ZIP-based phars
2021-01-05 23:46:05 +01:00
Christoph M. Becker d1b1c04398 Fix #77565: Incorrect locator detection in ZIP-based phars
We must not assume that the first end of central dir signature in a ZIP
archive actually designates the end of central directory record, since
the data in the archive may contain arbitrary byte patterns.  Thus, we
better search from the end of the data, what is also slightly more
efficient.

There is, however, no way to detect the end of central directory
signature by searching from the end of the ZIP archive with absolute
certainty, since the signature could be part of the trailing comment.
To mitigate, we check that the comment length fits to the found
position, but that might still not be the correct position in rare
cases.

Closes GH-6507.
2021-01-05 23:40:24 +01:00
Christoph M. Becker b7689db7ab Prevent double-free of Phar ZIP stream
We must not alias the closed stream to `phar_archive_data.fp`, and use
PHAR_ZIP_FAIL() for consistency with the rest of this function.

Closes GH-6578.
2021-01-05 14:31:43 +01:00
Christoph M. Becker afc69e46b8 Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix memory leak in Phar::webPhar() on Windows
2021-01-05 14:25:44 +01:00
Christoph M. Becker 5c963731e2 Fix memory leak in Phar::webPhar() on Windows
Closes GH-6574.
2021-01-05 14:21:35 +01:00
Christoph M. Becker 9f96b2bdc8 Fix #76929: zip-based phar does not respect phar.require_hash
Based on the patch provided by david at bamsoftware.

Closes GH-6517.
2021-01-04 17:48:45 +01:00
Christoph M. Becker c2fbab392c Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix #77322: PharData::addEmptyDir('/') Possible integer overflow
2020-12-15 11:46:28 +01:00
Christoph M. Becker a53d67ceac Fix #77322: PharData::addEmptyDir('/') Possible integer overflow
`phar_path_check()` already strips a leading slash, so we must not
attempt to strip the trailing slash from an now empty directory name.

Closes GH-6508.
2020-12-15 11:44:53 +01:00
Christoph M. Becker b52db133df Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix #75102: `PharData` says invalid checksum for valid tar
2020-12-04 13:04:33 +01:00
Christoph M. Becker 8588ae7215 Fix #75102: PharData says invalid checksum for valid tar
Apparently, there are broken tarballs out there which are actually in
ustar format, but did not write the `ustar` marker.  Since popular tar
tools like GNU tar and 7zip have no issues dealing with such tarballs,
Phar should also be more resilient.

Thus, when the first checksum check of a tarball in (presumed) in old-
style format fails, we check whether the checksum would be suitable for
ustar format; if so, we treat the tarball as being in ustar format.

Closes GH-6479.
2020-12-04 13:02:29 +01:00
Christoph M. Becker 83cf4aa13a Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix #73809: Phar Zip parse crash - mmap fail
2020-12-01 17:00:27 +01:00
Christoph M. Becker c283f53b24 Fix #73809: Phar Zip parse crash - mmap fail
Phar signatures practically are of limited size; for the MD5 and SHA
hashes the size is fixed (at most 64 bytes for SHA512); for OpenSSL
public keys there is no size limit in theory, but "64 KiB ought to be
good enough for anybody".  So we check for that limit, to avoid fatal
errors due to out of memory conditions.

Since it is neither possible to have the signature compressed in the
ZIP archive, nor is it possible to manually add a signature via Phar,
we use ZipArchive to create a suitable archive for the test on the fly.

Closes GH-6474.
2020-12-01 16:58:19 +01:00
Nikita Popov e065d97e94 Sync zpp in phar interceptors
This should match the zpp of the intercepted functions...
2020-10-14 16:58:07 +02:00
Nikita Popov 82d46e353b Update ext/phar parameter names
Closes GH-6307.
2020-10-13 10:20:45 +02:00
Nikita Popov ad7e231e81 Make compression_type nullable in a few more places
Missed that this was also used elsewhere...
2020-10-08 17:05:38 +02:00
Nikita Popov 9719d6cade Make Phar $format and $compression arguments nullable
Rather than using Greg's birthday, use null to indicate that the
existing format/compression should be retained. For the format
simply using zero would be sufficient, but as the documentation
explicitly says that NULL is allowed here, we may as well make
that the truth.
2020-10-08 13:12:22 +02:00
Nikita Popov 68195bd481 Update ext/spl parameter names
Closes GH-6284.
2020-10-07 12:26:46 +02:00
Nikita Popov 79484b4f8a Update ext/sockets parameter names
Also change $max_length to $length in a number of filesystem APIs,
where our usage was inconsistent.

Closes GH-6276.
2020-10-06 12:12:43 +02:00
Nikita Popov 25f1c405ff Update ext/standard parameter names
Closes GH-6214.
2020-09-29 16:49:46 +02:00