When making the relative path, we must not stop on a `:\` sequence in
the middle of the filename. This is only significant on Windows as it
may indicate an absolute filename, but this is already checked at the
beginning of the function.
Note that the bug and this patch affects all systems. However, on
Windows the file is no longer extracted at all, since Windows NTSF does
not allow filenames containing colons.
Closes GH-7528.
We need to cater to references, when traversing the files to extract.
While we're at it, we move the `zval_file` declaration into a narrower
scope.
Closes GH-6959.
This is already supported by non Windows builds for libzip >= 1.3.1,
and since we're using at least libzip 1.4.0 on Windows, we should
support it there as well.
This causes a warning on GCC 9 and is unnecessary to boot: We
only use "cwd" for the open_basedir check, so we can just as well
pass in the original string.
`remove_path` points to the given string, so we must not modify it.
Instead we use a duplicate, if we need the modification.
We may want to switch to `zend_string`s in master.
The php_stream_read() and php_stream_write() functions now return
an ssize_t value, with negative results indicating failure. Functions
like fread() and fwrite() will return false in that case.
As a special case, EWOULDBLOCK and EAGAIN on non-blocking streams
should not be regarded as error conditions, and be reported as
successful zero-length reads/writes instead. The handling of EINTR
remains unclear and is internally inconsistent (e.g. some code-paths
will automatically retry on EINTR, while some won't).
I'm landing this now to make sure the stream wrapper ops API changes
make it into 7.4 -- however, if the user-facing changes turn out to
be problematic we have the option of clamping negative returns to
zero in php_stream_read() and php_stream_write() to restore the
old behavior in a relatively non-intrusive manner.
For two reasons: First, it's generally cheaper to match a regex than
perform a stat (especially on Windows). Second, it will not fail on
concurrent modification of a directory in parts that are not matched
by the pattern, such as the spurious failure in ext/zip/tests/bug72660.phpt.
RFC: https://wiki.php.net/rfc/tostring_exceptions
And convert some object to string conversion related recoverable
fatal errors into Error exceptions.
Improve exception safety of internal code performing string
conversions.
Normalization include:
- Use dnl for everything that can be ommitted when configure is built in
favor of the shell comment character # which is visible in the output.
- Line length normalized to 80 columns
- Dots for most of the one line sentences
- Macro definitions include similar pattern header comments now
