php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-29 03:32:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
126,089 Commits 547 Branches 1,481 Tags
e26abe631c5c7722db7c059aaa896bdfd3a9fdb2
Commit Graph

5617 Commits

Author SHA1 Message Date
Christoph M. Becker
f99c69fc2e Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Fix #81518: Header injection via default_mimetype / default_charset
 2021-10-14 12:23:43 +02:00
Christoph M. Becker
b7f3b67060 Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix #81518: Header injection via default_mimetype / default_charset
 2021-10-14 12:21:35 +02:00
Christoph M. Becker
365769366b Fix #81518: Header injection via default_mimetype / default_charset 
We forbid setting these INI options to values containing NUL bytes, CR
or LF.

Closes GH-7574.
 2021-10-14 12:16:19 +02:00
Joe Watkins
03e9bed5b5 Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Fix #81496: CLI server logs wrong request method
 2021-10-05 08:43:09 +02:00
Lauri Kenttä
cdcdb33080 Fix #81496: CLI server logs wrong request method 2021-10-05 08:42:38 +02:00
Nikita Popov
cd84480e54 Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Disable failing FPM test
 2021-10-04 23:31:40 +02:00
Nikita Popov
a00d933242 Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Disable failing FPM test
 2021-10-04 23:31:31 +02:00
Nikita Popov
4c01bd2ade Disable failing FPM test 
Test fails intermittently, e.g.:

https://dev.azure.com/phpazuredevops/PHP/_build/results?buildId=20597&view=ms.vss-test-web.build-test-results-tab&runId=475324&resultId=115501&paneView=debug

Possibly this is because the two requests end up being processed
in sequence and no second process is spawned.
 2021-10-04 23:30:14 +02:00
Jakub Zelenka
7dd87b2343 Merge branch 'PHP-8.0' into PHP-8.1 2021-10-04 21:56:06 +01:00
Jakub Zelenka
9ed95846a3 Merge branch 'PHP-7.4' into PHP-8.0 2021-10-04 21:55:21 +01:00
Jakub Zelenka
66a655fdf4 Add the actual test for FPM prod idle timeout test with 6s sleep 2021-10-04 21:54:32 +01:00
Jakub Zelenka
2cd69115d5 Merge branch 'PHP-7.4' into PHP-8.0 2021-10-04 21:53:34 +01:00
Jakub Zelenka
edfb347019 Add FPM prod idle timeout test with 6s sleep 2021-10-04 21:50:57 +01:00
Nikita Popov
0431bd3137 Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Revert "Add FPM prod idle timeout test"
  [ci skip] Fix missing NEWS
  [ci skip] Add missing NEWS
 2021-10-04 10:17:07 +02:00
Nikita Popov
987aee10a9 Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Revert "Add FPM prod idle timeout test"
 2021-10-04 10:16:53 +02:00
Nikita Popov
69514e6ffb Revert "Add FPM prod idle timeout test" 
This reverts commit 08f52b1643.

The newly added test fails.
 2021-10-04 10:16:20 +02:00
Jakub Zelenka
4ef6280b9a Fix conflicting pattern wrapping in FPM openmetrics test 2021-10-02 18:31:49 +01:00
Jakub Zelenka
390d4e94ed Merge branch 'PHP-8.0' into PHP-8.1 2021-10-02 18:29:25 +01:00
Jakub Zelenka
ca3f20209f Merge branch 'PHP-7.4' into PHP-8.0 2021-10-02 18:27:47 +01:00
Jakub Zelenka
08f52b1643 Add FPM prod idle timeout test 2021-10-02 18:26:18 +01:00
Nikita Popov
14f599ea7d Use zend_long for resource ID 
Currently, resource IDs are limited to 32-bits. As resource IDs
are not reused, this means that resource ID overflow for
long-running processes is very possible.

This patch switches resource IDs to use zend_long instead, which
means that on 64-bit systems, 64-bit resource IDs will be used.
This makes resource ID overflow practically impossible.

The tradeoff is an 8 byte increase in zend_resource size.

Closes GH-7436.
 2021-08-31 14:58:59 +02:00
Nikita Popov
0f926815ca Fix strict-prototypes warning 2021-08-30 10:43:21 +02:00
Nikita Popov
93a88a1d4c Limit internal function args during fuzzing 
Restrict the size of string arguments in the hope of avoiding some
very common timeouts with pcre. If this doesn't work, the functions
need to be disabled entirely.
 2021-08-26 15:08:23 +02:00
Nikita Popov
cae80ef552 Limit internal function calls in execute fuzzer 
Infinite recursion might occur purely through internal functions,
without reentering the executor.
 2021-08-26 14:42:45 +02:00
Christoph M. Becker
be2df43b08 Fix #78919: CLI server: insufficient cleanup if request startup fails 
We need to run the full `php_cli_server_request_shutdown()` in case of
failing `php_cli_server_request_startup()`.

Patch contributed by @cataphract.

Closes GH-7322.
 2021-08-17 12:41:06 +02:00
Joe Watkins
a2e051921a Fix bug #81280 refuse to allow unicode chars in prompts 2021-08-11 10:35:00 +02:00
Christoph M. Becker
4645a9d10f Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix #81305: Built-in Webserver Drops Requests With "Upgrade" Header
 2021-07-29 13:28:52 +02:00
Christoph M. Becker
92b1c17417 Merge branch 'PHP-8.0' 
* PHP-8.0:
  Fix #81305: Built-in Webserver Drops Requests With "Upgrade" Header
 2021-07-29 13:21:05 +02:00
Christoph M. Becker
3b461d93e1 Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix #81305: Built-in Webserver Drops Requests With "Upgrade" Header
 2021-07-29 13:19:04 +02:00
Christoph M. Becker
d1ccb5bd0c Fix #81305: Built-in Webserver Drops Requests With "Upgrade" Header 
While our HTTP parser supports upgrade requests, the code using it does
not.  Since upgrade requests are only valid for HTTP/1.1 and we neither
support any higher version, nor HTTPS yet, we do not exit early in case
of such requests, i.e. we ignore them, what is allowed by the specs.

We keep the supporting code in case we can meaningfully support upgrade
requests in the future.

Closes GH-7316.
 2021-07-29 13:16:15 +02:00
Jakub Zelenka
590af4678b Sync the FPM openmetrics status with php-fpm_exporter 2021-07-21 19:58:36 +01:00
Máté Kocsis
75a678a7e3 Declare tentative return types for Zend (#7251) 
Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
 2021-07-19 13:44:20 +02:00
Christoph M. Becker
be5fd30d54 Fix Windows debug builds 
`ZEND_ATOL` doesn't accept a size argument.
 2021-07-16 00:41:38 +02:00
Christoph M. Becker
1f9b044c80 Merge branch 'PHP-8.0' 
* PHP-8.0:
  Fix #80849: HTTP Status header truncation
 2021-07-15 19:16:21 +02:00
Christoph M. Becker
bb4dbbc150 Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix #80849: HTTP Status header truncation
 2021-07-15 19:13:58 +02:00
Christoph M. Becker
a054ef2aad Fix #80849: HTTP Status header truncation 
While truncating the contents of a header is okay, we must never omit
the trailing CRLF.

Closes GH-7238.
 2021-07-15 19:10:53 +02:00
Joe Watkins
60fbd6df95 replace phpdbg custom opcode dumper with O+ dump (#7227) 2021-07-13 15:32:14 +02:00
Christoph M. Becker
497858a043 Merge branch 'PHP-8.0' 
* PHP-8.0:
  exit_status is no longer a true global
 2021-07-12 23:40:16 +02:00
Christoph M. Becker
1631b96b4b exit_status is no longer a true global 2021-07-12 23:39:10 +02:00
Christoph M. Becker
057d2f2a00 Merge branch 'PHP-8.0' 
* PHP-8.0:
  Fix #73226: --r[fcez] always return zero exit code
 2021-07-12 23:14:15 +02:00
Christoph M. Becker
0c0ecf0470 Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix #73226: --r[fcez] always return zero exit code
 2021-07-12 23:12:19 +02:00
Christoph M. Becker
9db3eda2cb Fix #73226: --r[fcez] always return zero exit code 
This makes the behavior consistent with `--ri`, and is likely useful
for scripting.

Closes GH-7221.
 2021-07-12 23:09:28 +02:00
Nikita Popov
989205e95c Remove incorrect uses of zend_atoi() 
zend_atoi() parses integers with size suffixes (like "128M").
These just want to use a plain number, so use ZEND_ATOL instead.
 2021-07-12 16:56:00 +02:00
Nikita Popov
efbb2198d4 Return value from ZEND_ATOL 
Instead of assigning it as part of the macro itself, which makes
usage quite awkward.
 2021-07-12 16:51:24 +02:00
Nikita Popov
600dc57f24 Add ext/reflection to execute parser corpus 2021-07-04 12:31:14 +02:00
Christoph M. Becker
970a909caf Merge branch 'PHP-8.0' 
* PHP-8.0:
  Fix new test for PHP 8
 2021-06-30 16:50:28 +02:00
Christoph M. Becker
9b7b4c47d6 Fix new test for PHP 8 2021-06-30 16:48:31 +02:00
Christoph M. Becker
0189c8b740 Merge branch 'PHP-8.0' 
* PHP-8.0:
  Fix #73630: Built-in Weberver - overwrite $_SERVER['request_uri']
 2021-06-30 16:17:02 +02:00
Christoph M. Becker
70b0330e53 Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix #73630: Built-in Weberver - overwrite $_SERVER['request_uri']
 2021-06-30 16:15:50 +02:00
Christoph M. Becker
d7db5701a3 Fix #73630: Built-in Weberver - overwrite $_SERVER['request_uri'] 
The built-in Webserver's `on_path`, `on_query_string` and `on_url`
callbacks may be called multiple times from the parser; we must not
simply replace the old values, but need to concatenate the new values
instead.

This appears to be tricky for `on_path` due to the path normalization,
so we fail if the function is called again.

The built-in Webserver logs errors during request parsing to stderr,
but this is ignored by the php_cli_server framework, and apparently the
Webserver does not send a resonse at all in such cases (instead of an
4xx).  Thus we can only check that a request with an overly long path
fails.

Closes GH-7207.
 2021-06-30 16:13:08 +02:00