1
0
mirror of https://github.com/php/php-src.git synced 2026-04-26 01:18:19 +02:00
Commit Graph

14905 Commits

Author SHA1 Message Date
Christoph M. Becker 1675d32261 Fix printf style issues in Windows specific code (GH-17452)
A couple of calls pass strings as formats (`-Wformat-security`), and
some others mix up types (`-Wformat`).
2025-01-13 11:50:05 +01:00
Jakub Zelenka 5ba299be18 Merge branch 'PHP-8.4' 2025-01-06 12:21:20 +01:00
Jakub Zelenka 35c03c165e Merge branch 'PHP-8.3' into PHP-8.4 2025-01-06 12:20:50 +01:00
Jakub Zelenka 5b72f12c56 Rewrite http gh16810 test to not be online
Closes GH-17314
2025-01-06 12:20:13 +01:00
Jakub Zelenka 3606701f48 Merge branch 'PHP-8.2' into PHP-8.3 2025-01-06 12:19:36 +01:00
Jakub Zelenka 5be673d29e Merge branch 'PHP-8.1' into PHP-8.2 2025-01-06 12:18:54 +01:00
Jakub Zelenka 9e1b58274e Test stream_context_tcp_nodelay_server on Windows
Closes GH-17308
2025-01-05 14:44:22 +01:00
Niels Dossche ac8b7b8aaf Fix wrong comment and use cheaper destruction macro (#17359) 2025-01-04 17:18:53 +01:00
Niels Dossche 309e66d984 Use zend_new_pair() for hrtime() (#17328)
This is a specialised optimized helper to return a pair.
2025-01-03 12:28:14 +01:00
Christoph M. Becker dfdba3cfe4 Merge branch 'PHP-8.4'
* PHP-8.4:
  gh15937.phpt does not need to be an online test
2025-01-01 20:08:57 +01:00
Christoph M. Becker 862ed7ebe5 Merge branch 'PHP-8.3' into PHP-8.4
* PHP-8.3:
  gh15937.phpt does not need to be an online test
2025-01-01 20:08:04 +01:00
Christoph M. Becker 9999a5b4de Merge branch 'PHP-8.2' into PHP-8.3
* PHP-8.2:
  gh15937.phpt does not need to be an online test
2025-01-01 20:07:34 +01:00
Christoph M. Becker 919f1984d5 gh15937.phpt does not need to be an online test
We convert the test to use the CLI test server to not require online
availability.

As of PHP 8.3, the test is supposed to fail, because the timeout is too
large.  Since exactly this scenario is already tested by gh16810.phpt,
we drop the test for PHP-8.3 and up.

Closes GH-17315.
2025-01-01 20:06:23 +01:00
Jakub Zelenka b072206313 Merge branch 'PHP-8.4' 2024-12-31 15:25:17 +01:00
Jakub Zelenka d2977b026f Merge branch 'PHP-8.3' into PHP-8.4 2024-12-31 15:20:06 +01:00
Jakub Zelenka 19e2e4d5af Port stream bug51056 and gh11418 tests to use ephemeral ports 2024-12-31 15:18:50 +01:00
Jakub Zelenka e0dabe326f Merge branch 'PHP-8.2' into PHP-8.3 2024-12-31 15:05:18 +01:00
Jakub Zelenka 44a9154e75 Merge branch 'PHP-8.1' into PHP-8.2 2024-12-31 14:39:59 +01:00
Jakub Zelenka b8731767d8 Fix GH-16955: Use empheral ports for OpenSSL server client tests
And refactor some client server tests.

Closes GH-17180
2024-12-31 14:25:19 +01:00
divinity76 47e440019c improve range array overflow error message (#16510)
Improve range array overflow error message

Added info about "how much it exceeded" and the maximum allowable array size.

Makes debugging easier when encountering this specific issue.
2024-12-30 18:53:16 +01:00
Niels Dossche ecb90c1db7 Remove incorrect RC1 annotation for get_include_path() (#17301)
This annotation is wrong since GH-17294.
2024-12-30 14:38:30 +01:00
Gina Peter Banyard 6ab38b52d3 ext/standard: Refactor tick and shutdown functions
Remove usage of FCI and store the parameters and count of it directly on the relevant structures
This reduces the size of the structs by ~50
2024-12-29 23:41:06 +00:00
Gina Peter Banyard 51884edb6b ext/standard: Add trampoline tests for tick and shutdown functions 2024-12-29 23:41:06 +00:00
Gina Peter Banyard 72ff9077a5 ext/standard: Let is_numeric_str parse the int value for us in getopt() 2024-12-29 18:36:11 +00:00
Gina Peter Banyard f3655100b8 ext/standard: Reuse computed strlen() value in getopt() 2024-12-29 18:36:11 +00:00
Gina Peter Banyard a718110ae0 ext/standard: Use zend_string in ini_get_all() 2024-12-29 18:36:11 +00:00
Gina Peter Banyard a1cb516817 ext/standard: Use zend_string in move_uploaded_file()
Also check that the initial path does not contain null bytes
2024-12-29 18:36:11 +00:00
Gina Peter Banyard 1e3498ea01 ext/standard: Use zend_string in is_uploaded_file() 2024-12-29 18:36:11 +00:00
Gina Peter Banyard 1c129c723d ext/standard: Use zend_string in get_include_path() 2024-12-29 18:36:11 +00:00
Gina Peter Banyard 63f6251812 ext/standard: Use zend_string_equals_literal API (#17292)
Instead of a custom one only available in this file
2024-12-29 10:54:17 +00:00
Christoph M. Becker 2021a58aec Reintroduce proc_open_multiplex.phpt (GH-17192)
The main intent of the test was to show the changed behavior on
Windows; previously, `stream_select()` would return immediately there,
reporting all pipes as ready; now, it only returns if at least one pipe
is actually ready.

The original test case was overspecified; of course, we cannot assume
that the pipes are ready one after the other; depending on the concrete
`select(2)` implementation and the system scheduler, minor differences
are to be expected.

Thus we relax the test expectations, and now require that not all pipes
are reported ready after a single `stream_select()` call, and that the
output contains all strings.  We also ensure that `stream_select()`
doesn't fail (for whatever reason).  And in case of the test
expectations not being met, we also output some diagnostics (most
notably the output that has already been read).
2024-12-25 17:41:31 +01:00
Arnaud Le Blanc 420365d922 Merge branch 'PHP-8.4'
* PHP-8.4:
  Add observer temporary to dl'ed functions
2024-12-20 18:52:43 +01:00
Arnaud Le Blanc 32148e9b10 Merge branch 'PHP-8.3' into PHP-8.4
* PHP-8.3:
  Add observer temporary to dl'ed functions
2024-12-20 18:50:16 +01:00
Arnaud Le Blanc 9e7932b292 Merge branch 'PHP-8.2' into PHP-8.3
* PHP-8.2:
  Add observer temporary to dl'ed functions
2024-12-20 18:46:55 +01:00
Arnaud Le Blanc 6f579934f0 Add observer temporary to dl'ed functions
When observer is enabled, we normally add an extra temporary to all
functions, to store the previously observed frame. However, this is done in
zend_observer_post_startup() so it doesn't happen to dl'ed() functions.

One possible fix would be to move that from zend_observer_post_startup()
to zend_register_functions(), but this would be too early: Observer may
not be enabled when zend_register_functions() is called, and may still be
enabled later.

However, when zend_register_functions() is called at run-time (during dl()),
we know definitively whether observer is enabled.

Here I update zend_register_functions() to add a temporary to dl'ed()
functions when observer is enabled.

Fixes: GH-17211
Closes: GH-17220
2024-12-20 18:45:34 +01:00
Christoph M. Becker 4dc055506c Merge branch 'PHP-8.4'
* PHP-8.4:
  Fix GH-17067: glob:// wrapper doesn't cater to CWD for ZTS builds
2024-12-18 13:04:41 +01:00
Christoph M. Becker a8ffabfc91 Merge branch 'PHP-8.3' into PHP-8.4
* PHP-8.3:
  Fix GH-17067: glob:// wrapper doesn't cater to CWD for ZTS builds
2024-12-18 13:04:10 +01:00
Christoph M. Becker 53b69ba8cf Fix GH-17067: glob:// wrapper doesn't cater to CWD for ZTS builds
`glob(3)` doesn't know the virtual CWD of PHP, so we need to pass an
absolute path for ZTS builds.  In lack of a reusable routine, we copy
the code from `glob()` and adapt as needed.

Closes GH-17074.
2024-12-18 13:02:48 +01:00
Christoph M. Becker 91b7f12cf1 Drop newly added flaky test for now
The test expectations are overly specific, and may not be met.  For
now, we're dropping the test case.
2024-12-17 11:29:41 +01:00
Christoph M. Becker 6972612e1e Improve fix for GH-16889
The original patch[1] cared only about pipe handles in the rset, but
would be problematic if there are other handles (e.g. files in the
rset, or pipes/files in the other sets), because `php_select()` would
return immediately, reporting all non read-pipe handles as ready, but
possibly never reporting read-pipe handles.

We fix this by applying different logic for the case where only pipe
handles are supplied in the rset, but no handles in the wset or eset.
In this case `php_select()` only returns when actually one of the
handles is ready, or when the timeout expires.  To avoid busy looping
in this case, we sleep for a short amount of time.  This matches POSIX
behavior.

In all other cases, `php_select()` behaves as before (i.e. prior to the
original fix), that is it returns immediately, reporting all handles as
ready.

We also add a test case that demonstrates multiplexing the output of a
couple of child processes.

See also the discussion on <https://github.com/php/php-src/pull/16917>.

[1] <https://github.com/php/php-src/commit/b614b4a69ae7bab13c39af2f4a01dea846dfa307>

Closes GH-17174.
2024-12-16 23:25:38 +01:00
Christoph M. Becker 1fd4771e59 Merge branch 'PHP-8.4'
* PHP-8.4:
  Don't run proc_open_cmd.phpt in parallel with other tests
2024-12-15 12:11:24 +01:00
Christoph M. Becker fd25b79412 Merge branch 'PHP-8.3' into PHP-8.4
* PHP-8.3:
  Don't run proc_open_cmd.phpt in parallel with other tests
2024-12-15 12:10:47 +01:00
Christoph M. Becker aafa6ea386 Don't run proc_open_cmd.phpt in parallel with other tests
This test puts a fake cmd.exe in the CWD and removes it only after the
test has finished.  We need to avoid that other tests are running while
that fake cmd.exe is there, because they may use it instead of the
proper cmd.exe.

We also unlink the fake cmd.exe as soon as possible, regardless of the
test result.

Fixes GH-17098.
Closes GH-17090.
2024-12-15 12:09:42 +01:00
Christoph M. Becker 300811f1e2 Remove support for unsupported MSVC versions (GH-17128)
As of PHP 8.4.0, MSVC >= 1920 (aka. Visual Studio 2019 RTW 16.0) is
required anyway[1], so we can clean up a bit.

[1] <https://github.com/php/php-src/commit/b3d6414b87cfebf503b5064a78ea1c5120ed638f>
2024-12-12 19:50:14 +01:00
David Carlier ba432c7a47 Merge branch 'PHP-8.4' 2024-12-08 20:30:57 +00:00
David Carlier fc3ac345d7 Merge branch 'PHP-8.3' into PHP-8.4 2024-12-08 20:30:16 +00:00
David Carlier 301b8e24c1 Fix GH-16809: fopen HTTP wrapper timeout stream context option overflow.
close GH-16810
2024-12-08 20:29:57 +00:00
Christoph M. Becker 3ee522a31d Merge branch 'PHP-8.4'
* PHP-8.4:
  Harden proc_open() against cmd.exe hijacking
2024-12-08 19:10:39 +01:00
Christoph M. Becker e8bb0a8ba0 Merge branch 'PHP-8.3' into PHP-8.4
* PHP-8.3:
  Harden proc_open() against cmd.exe hijacking
2024-12-08 19:10:12 +01:00
Christoph M. Becker 5cbdd5f6de Harden proc_open() against cmd.exe hijacking
As is, whenever `proc_open()` needs to invoke the shell, cmd.exe is
looked up in the usual executable search path.  That implies that any
cmd.exe which is placed in the current working directory (which is not
necessarily what is reported by `getcwd()` for ZTS builds), will be
used.  This is a known attack vector, and Microsoft recommends to
always use the fully qualified path to cmd.exe.

To prevent any cmd.exe in the current working directory to be used, but
to still allow users to use a drop in replacement for cmd.exe, we
search only the `PATH` for cmd.exe (and pass the fully qualified path
to `CreateProcessW`), instead of relying on automatic executable search
by passing the base name only.

To be able to easily test this, we provide a minimalist C file which
will be build as test_helper, and used by the new test case.

[1] <https://msrc.microsoft.com/blog/2014/04/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file/>

Closes GH-17043.
2024-12-08 19:08:02 +01:00