Apache only generates REDIRECT_STATUS, so explicitly check for that
if the server name is Apache, don't allow other variable names.
Furthermore, redirect.so and Netscape no longer exist, so
remove those entries as we can't check their server name anymore.
We now also check for the configuration override *first* such that it
always take precedence. This would allow for a mitigation path if
something like this happens in the future.
It's no use trying to work around whatever the operating system and Apache
do because we'll be fighting that until eternity.
Change the skip_getopt condition such that when we're running in
CGI or FastCGI mode we always skip the argument parsing.
This is a BC break, but this seems to be the only way to get rid of this
class of issues.
multipart/form-data boundaries larger than the read buffer result in erroneous
parsing, which violates data integrity.
Limit boundary size, as allowed by RFC 1521:
Encapsulation boundaries [...] must be no longer than 70 characters, not
counting the two leading hyphens.
We correctly parse payloads with boundaries of length up to
FILLUNIT-strlen("\r\n--") bytes, so allow this for BC.
This code is modelled after how `http_fopen_wrapper.c` does things,
which apparently is just looping over the array and handling each string
the same way as if we passed a header string directly.
Also fixes a potential crash in `php_sdl.c` but without adding support
for header arrays there (yet) because the code is untested.
Closes GH-15817.
libxml2 2.13 has different formatting behaviour: it outputs `<faultcode/>`
instead of `<faultcode></faultcode>`, and similarly for `env:Value`.
Normalize the output.
Closes GH-15801.
column_long and index_long might not be set, but are still used as arguments.
They are not actually used if column_str is set, but it's better to initialize
them anyway, if only to make MemorySanitizer happy.
Show the correct parameter names and numbers - the errors are caused by the
second parameter being empty or having null bytes, not the first.
close GH-15755
We're reasonably sure that appending the NUL is not an OOB write, since
the memory stream implementation uses `zend_string` APIs instead of
fiddling with the buffer.
We don't add a regression test because that would require to set up
something in the zend_test extension, and regressions are supposed
to be caught by external consumers of this API, such as mailparse.
Closes GH-15648.
Transliteration works differently across the iconv implementations and
the system. When using GNU libiconv the output in this test is:
string(16) "Zlutouck'y kun\n"
(like on Windows). On glibc's built-in iconv output is:
string(15) "Zlutoucky kun\n"
confusion might come from the previous argument type.
PHP expects ms so we check it fits integer boundaries before the cast.
raising a warning at least for stable branches.
close GH-15548
Autoconf assigns the current suitable shell to SHELL variable. This
notably fixes cases on Solaris 10 when using C shell or KornShell where
genif.sh: syntax error at line 35 occurs due to using the `sh` command.
Since the mysqlnd result set is arena allocated, we must not simply
free it, but rather call the appropriate `free_result` method.
Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
