This reverts commit 94e9d0a2ae.
This code needs to be mindful about modifications to the array
happening during callback execution. It was written in a way that
only accessed the reference, which is guaranteed not to move. The
changed implementation instead accesses the array slot, leading to
use-after-free.
Run ext/standard/tests/array/bug61967.phpt under valgrind to see
the issue.
PHP requires boolean typehints to be written "bool" and disallows
"boolean" as an alias. This changes the error messages to match
the actual type name and avoids confusing messages like "must be
of type boolean, boolean given".
This a followup to ce1d69a1f6, which
implements the same change for integer->int.
PHP requires integer typehints to be written "int" and does not
allow "integer" as an alias. This changes type error messages to
match the actual type name and avoids confusing messages like
"must be of the type integer, integer given".
run-tests.php enforces error_reporting=E_ALL (including E_STRICT),
setting this explicitly in not necessary. Conversely, after the
removal of some E_STRICT errors, explicitly excluding it is no
longer necessary in some places.
The test requires the session extension, which may not be available, in
which case the test would fail, which is expected anyway, but not for
the expected reasons.
This reverts commit c3717d9aec.
The final mitigation of the consequences with spectre should be
discussed more also with the regard to the happenings on the
developments. Right now a preliminary mitigation might be wrong or
suboptimal, thus reverting this.
The recently discovered security flaw Spectre requires a high resolution
timer. To the today's knowledge, PHP can't be used to create an attack for
this flaw. Still some concerns were raised, that there might be impact in
shared hosting environments. This patch adds a possibility to reduce the
timer resolution by an ini setting, thus giving administrators full
control. Especially, as the flaw was also demonstrated by an abuse of
the JS engine in a browser, Firefox reduced several time sources to 20us.
Any programming language, that doesn't compile to JIT, won't be able to
produce an attack vector for Meltdown and Spectre, at least by todays
knowledge. There are also other factors that say that the security
concern on the hrtime feature is to the big part not justified, still we
aim JIT in the future. Thus, adding a possibility to control the timer
resolution is a good and small enough tradeoff for safety and future.
convert_scalar_to_number() will now call cast_object() with an
_IS_NUMBER argument, in which case the cast handler should return
either an integer or floating point number, whichever is more
appropriate.
Previously convert_scalar_to_number() unconditionally converted
objects to integers instead.
Fixes bug #53033.
Fixes bug #54973.
Fixes bug #73108.
The slower I/O as a traditional bottleneck on Windows which is
the target of this patch. The recursive path resolution, while being
an allround solution, is expensive when it comes to the common case.
Files with proper ACLs set can be resolved in one go by usage of specific
API. Those are available since Vista, so actually can be called old. Those
simpler api is used for the cases where no CWD_EXPAND is requested. For
the cases where ACLs are improper, the existing solution based on
FindFirstFile still does good job also partially providing quirks. Cases
involing reparse tags and other non local filesystems are also partially
server by new APIs.
The approach uses both APIs - the quick one for the common case still
integrating realpath cache, and the existing one as a fallback. The tests
show the I/O load drop on the realpath resolution part due to less
system calls for the sub part resolution of paths. In most case it is
justified, as the sub parts were otherwise cached or unused as well. The
realpath() implementation in ioutil is also closer to the POSIX.
This effectively allows a UNIX like semantics for deleting files
with an open handle. Some OS related limitations still persist,
but the Windows 95 times can be considered as definitely over.
