get_browser() implements a lazy parse system for the browscap
INI configuration. There are two possible moments when a browscap
configuration can be loaded: during module startup or during request.
In case of module startup, the strings are persistent strings, while for
the request they are not.
The INI parser must therefore know whether to create persistent or
non-persistent strings. It does this by looking at
CG(ini_parser_unbuffered_errors). If that value is 1 it's persistent,
otherwise non-persistent. Note that this also controls how the errors
are reported: if it's 1 then the errors are sent to stderr, otherwise we
get E_WARNINGs.
Currently, a hardcoded value of 1 is always used for that CG value in
browscap_read_file(). This means we'll always create persistent strings
*and* we'll not report parse errors correctly as E_WARNINGs.
We fix both the crash and the lack of warnings by passing the value of
persistent instead of a hardcoded 1.
This is also in line with how other INI parsing code is called in
ext/standard: they also make sure that during request a value of 0 is
passed.
Closes GH-10883.
* PHP-8.2:
Re-add some CTE functions that were removed from being CTE by a mistake
Fix GH-8065: opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context
Fix GH-8646: Memory leak PHP FPM 8.1
Sets the UTF-8 valid flag if all parts are valid, or numeric (which are valid UTF-8 by definition).
* remove unuseful comments
* Imply UTF8 validity in implode function
* revert zend_string_dup change
The next generation of C compilers is going to enforce the C standard
more strictly:
https://wiki.gentoo.org/wiki/Modern_C_porting
One warning that will soon become an error is -Wstrict-prototypes.
This is relatively easy to catch in most code (it will fail to
compile), but inside of autoconf tests it can go unnoticed because
many feature-test compilations fail by design. For example,
$ export CFLAGS="$CFLAGS -Werror=strict-prototypes"
$ ./configure
...
checking if iconv supports errno... no
configure: error: iconv does not support errno
(this is on a system where iconv *does* support errno). If errno
support were optional, that test would have "silently" disabled
it. The underlying issue here, from config.log, is
conftest.c:211:5: error: function declaration isn't a prototype
[-Werror=strict-prototypes]
211 | int main() {
This commit goes through all of our autoconf tests, replacing main()
with main(void). Up to equivalent types and variable renamings, that's
one of the two valid signatures, and satisfies the compiler (gcc-12 in
this case).
Fixes GH-10751
warning: array subscript -65 is below array bounds of ‘const char[26]‘
[-Warray-bounds]
Errors like these sometimes only appear with optimizations when inlining/loop
unrolling.
Closes GH-10788
* resource is always non-NULL at this point because we check for NULL
right after its creation.
* resource->path is always set at this point because of the check right
above the code where it's used. It was also confusing to see "/" being
considered as a "default".
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
Co-authored-by: Michael Voříšek <mvorisek@mvorisek.cz>
pcre2_match() returns error codes < 0, but only the "no match" error
code was handled. Fix it by changing the check to >= 0.
Closes GH-10632
Signed-off-by: George Peter Banyard <girgias@php.net>
PHP’s implementation of crypt_blowfish differs from the upstream Openwall
version by adding a “PHP Hack”, which allows one to cut short the BCrypt salt
by including a `$` character within the characters that represent the salt.
Hashes that are affected by the “PHP Hack” may erroneously validate any
password as valid when used with `password_verify` and when comparing the
return value of `crypt()` against the input.
The PHP Hack exists since the first version of PHP’s own crypt_blowfish
implementation that was added in 1e820eca02.
No clear reason is given for the PHP Hack’s existence. This commit removes it,
because BCrypt hashes containing a `$` character in their salt are not valid
BCrypt hashes.
* Don't do toupper() redundantly in encoding the data for metaphone
All inputs for ENCODE() are already uppercase, so there's no need to
spend time uppercasing them again.
* Don't compute uppercase letter redundantly in checks
If it's a zero-terminator check, or an isalpha() check, there's no need
to convert it to uppercase first.
* Clean-up LookAhead helper
* Add some letter caching to metaphone to increase performance
We don't have to re-read letters, and re-uppercase them if we already
did it once. By caching these results, we gain performance.
Furthermore, we can avoid fetching and uppercasing in some conditions by
first checking what we already had: e.g. if a condition depends on both
Prev_Letter and After_Next_Letter, but we already have Prev_Letter
cached, we can place that first to avoid a fetch+toupper of the
"after next letter".
On short strings, there is no difference in performance. However, for
strings around 10,000 bytes long, the AVX2-accelerated function is
about 55% faster than the SSE2-accelerated one.
Niels Dossche