Adding a stack check here as I consider serialization to be a more
sensitive place where erroring out with an exception seems appropriate.
Closes GH-16159.
Unfortunately, old DOM allows attributes to be used as parent nodes.
Only text nodes and entities are allowed as children for these types of
nodes, because that's the constraint DOM and libxml give us.
Closes GH-16156.
The JSON encoder is recursive, and it's far from easy to make it
iterative. Add a cheap stack limit check to prevent a segfault.
This uses the PHP_JSON_ERROR_DEPTH error code that already talks about
the stack depth. Previously this was only used for the $depth argument.
Closes GH-16059.
These failures are caused by the fix for GHSA-p99j-rfp4-xqvq. Since
the two bug*.phpt tests don't need the "wsdl" query string, and don't
even need php-cgi, we just remove the `--GET--` section. The two
server*.phpt tests are harder to fix, since during evaluation of the
`--SKIPIF--` section, the soap extension can be loaded, but it may not
during evaluation of the `--FILE--` section. So for now, we skip these
tests on Windows altogether.
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Closes GH-16084.
On NixOS, the output of phpinfo() can get very large, causing us to run into the
backtracking limit. Lazy matching for .*/.+ can help reduce backtracking.
When the superglobals are eagerly initialized, but "S" is not contained
in `variables_order`, `TRACK_VARS_SERVER` is created as empty array
with refcount > 1. Since this hash table may later be modified, a flag
is set which allows such COW violations for assertions. However, when
`register_argc_argv` is on, the so far uninitialized hash table is
updated with `argv`, what causes the hash table to be initialized, what
drops the allow-COW-violations flag. The following update with `argc`
then triggers a refcount violation assertion.
Since we consider `HT_ALLOW_COW_VIOLATION` a hack, we do not want to
keep the flag during hash table initialization, so we initialize the
hash table right away after creation for this code path.
Closes GH-15930.
Apparently example.org now rejects POST requests, so we would need to
adjust the test expectation ("Method not allowed"). However, there is
no need for an online test; instead we're just using the CLI test
server. The serialization is a bit fiddly, but as long as there are
no quotes in `PHP_CLI_SERVER_ADDRESS` we're fine.
Closes GH-16063.
We check that the "attrib" and "modtype" keys are present in each array.
If not we throw a ValueError, in line with what other validation failure cases do.
Closes GH-16057
zend_array_dup_ht_iterators() loops over the hash table iterators and
can call zend_hash_iterator_add(). zend_hash_iterator_add() can resize
the array causing a crash in zend_array_dup_ht_iterators().
We solve this by refetching the iter pointer after an add happened.
Closes GH-16060.
