This was previously implicitly public due to the use of dynamic
properties. Make this internal state private.
If someone complains, we can consider relaxing this to protected
or public on a case-by-case basis.
Currently, _digest is used both to request that digest auth be
used (_digest == null) and to later store the _digest parameters.
This relies on the ability to distinguish between _digest being
null and it being not set, which is not present with declared
properties. (Well, technically it is, we could just leave it
uninitialized, but that would be non-idiomatic.)
Resolve this by splitting into separate _use_digest and _digest
properties.
Error exceptions should generally not be converted into domain-
specific exception types. They indicate programming errors that
should not be handled locally.
The IS_UNSERIALIZED check here does not work if the string is
interned (serialized with file_cache_only=0) but unserialization
happens with file_cache_only=1. In this case the unserializde
string will be in the str area after mem, which is not included
in the script size, and which is also not accessible at this
point without threading through more information. Work around
the problem by checking for the serialized representation instead.
Some GCC versions don't like zend_try in loop. Avoid the issue
by pulling it out of the loop, we don't particularly care about
skipping further warnings if a bailout occurs, just that it
does not interrupt shutdown.
Closes GH-7380.
The putenv value is stored in environ. If for some reason we
fail to restore it on shutdown, make sure that we fail gracefully
by using a system allocated value, rather than a ZMM allocated one.
This is an additional mitigation for bug #81316 style issues if
all else fails.
This is a non-intrusive, minimal fix for bug #81316, which prevents
a bailout during imap RSHUTDOWN and prevents the basic shutdown
handler from being skipped.
I wasn't able to make the issue reproduce in a small test.
The shutdown refactoring has moved the destruction of constants
earlier, so also move the halt compiler offset backup earlier.
This fixes phar tests under --preload.
preloading currently reimplements parts of shutdown_executor(),
so it's easy for that code to go out of sync.
Extract this into an zend_shutdown_executor_values() API function
and use it as part of the preloading pre-shutdown.
Just like during normal shutdown, we should set EG(active)=0
during the partial preloading shutdown, to make sure that no
user code can run.
We need to slightly tweak inheritance class loading to still
pick the right code path.
Switch default cipher for openssl_pkcs7_encrypt() and
openssl_cms_encrypt() from RC2-40 to AES-128-CBC.
The RC2-40 cipher is considered insecure and is not loaded by
default in OpenSSL 3, which means that these functions will
always fail with default arguments.
As the used algorithm is embedded in the result (which makes this
different from the openssl_encrypt() case) changing the default
algorithm should be safe.
Closes GH-7357.
As of PHP 8.0.0, these functions are supposed to return int, so we
cannot return `false`. Since calling the parser recursively is a
programmer error, we throw an `Error` in this case.
Cf. <https://github.com/php/php-src/pull/7363>.
The fix for bug #73151[1] cured the symptoms, but not the root cause,
namely xmlParse() must not be called recursively. Since that bugfix
also messed up the error handling, we basically revert it (but also
simplify the return), and then prevent calling the parser recursively.
[1] <https://github.com/php/php-src/pull/2166/commits/f2a8a8c068995a5d780882c556cedd53bce3827d>
Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
Closes GH-7363.
Nikita Popov