The one error message indeed had a wrong namespace, and in general they
weren't very descriptive, this also makes them more descriptive.
Furthermore, two additional bugs were fixed:
- Persistent memory leak of `location`.
- UAF issues when printing the error message.
Closes GH-15830.
This code is modelled after how `http_fopen_wrapper.c` does things,
which apparently is just looping over the array and handling each string
the same way as if we passed a header string directly.
Also fixes a potential crash in `php_sdl.c` but without adding support
for header arrays there (yet) because the code is untested.
Closes GH-15817.
libxml2 2.13 has different formatting behaviour: it outputs `<faultcode/>`
instead of `<faultcode></faultcode>`, and similarly for `env:Value`.
Normalize the output.
Closes GH-15801.
HTTP/1.1 does not require a single whitespace after the colon, and
SoapServer does implement HTTP/1.1. The header value is already correctly
whitespace-trimmed, so no behaviour change happens w.r.t. header values.
Closes GH-15793.
Two issues:
1) We should not modify the object when we pass invalid values
2) We should reset the properties to their default value otherwise we
get a UAF.
Regressed in df219ccf9d
Closes GH-15248.
RFC 2617 and 7616 describe that for the "Authorization" header we should
not put the qop nor nc value inside quotes. This differs from the
WWW-Authenticate header, which may have been the source of the confusion
in the implementation. While the version with quotes seems to work fine
in some cases, clearly not all servers accept the non-standard form.
To fix the issue, simply removing the quotes of those two header fields
of the client request to be in line with the RFC suffices.
I refer further to example 3.5 in RFC 2617 and example 3.9.1 in
RFC 7616.
RFC 2617: https://datatracker.ietf.org/doc/html/rfc2617
RFC 7616: https://datatracker.ietf.org/doc/html/rfc7616
Closes GH-14328.
The do_request() function that calls this methods, assumes that a string is being returned from the method
otherwise it bails out.
However, the default implementation of SoapClient::__doRequest() indicates that it can return null when it
fails to set-up and execute the HTTP SOAP request, but this always results in a SoapFault exception being
thrown, and thus cannot happen in practice.
We need to investigate further if the return type should be changed from ?string to string or not.
There's a hash table that maps type names to class name, but names with
a leading backslash are not supported. The engine has logic to strip
away the leading backslash that we should replicate here.
It works by checking if we need to make an actual copy in case an
unexpected (e.g. invalid data or leading backslash) situations are
detected. Upon making a copy we normalize the data in the table.
Furthermore, previously the code assumed that the key was always valid
and that the structure was a non-packed hash table. This isn't
necessarily the case. The new code fixes this as well.
Closes GH-14398.
This adds an optional dependency on the session extension and adds the
necessary APIs to make the functionality work with lazy binding.
This can be tested by configuring PHP with `--enable-session=shared` and
`--enable-soap=shared` and running the test suite, in particular the
buggy behaviour can be observed by the existing test `server009.phpt`.
The naming of the userland functions is terrible and confused me.
gzdecode() is actually the function to decompress a gzip stream, and
gzuncompress() is the one to decompress a deflate stream...
See zlib.c to see the internal function -> type mapping.
The incorrect functions are being called to deal with incoming
compressed data.
gzip/x-gzip corresponds to gzuncompress(), while deflate corresponds to
gzinflate().
The existing code for gzip compression also plays with removing the
first 10 bytes (i.e. the gzip header) to pass it to the inflate
implementation but that doesn't always work properly due to trailer
data. Get rid of that entirely by using the correct functions.
Closes GH-14321.
These cause test failures when we migrate resources to objects. But anyway, hardcoding the object IDs and the number of properties is hardly ever useful, so it's fine to get rid of them.
Related to #14121
These cause test failures when we migrate resources to objects. But anyway, hardcoding the object IDs and the number of properties is hardly ever useful, so it's fine to get rid of them.
Related to #14121
Niels Dossche