It looks like the config.w32 uses CHECK_HEADER_ADD_INCLUDE to add the include
path to libxml into the search path.
That doesn't happen in zend-test.
To add to the Windows trouble, libxml is statically linked in, ext/libxml can
only be built statically but ext/zend-test can be built both statically and
dynamically.
So the regression tests won't work in all possible configurations anyway on Windows.
All of this is no problem on Linux because it just uses dynamic linking
and pkg-config, without any magic.
Signed-off-by: Ben Ramsey <ramsey@php.net>
Fixes GHSA-3qrf-m4j2-pcrr.
To parse a document with libxml2, you first need to create a parsing context.
The parsing context contains parsing options (e.g. XML_NOENT to substitute
entities) that the application (in this case PHP) can set.
Unfortunately, libxml2 also supports providing default set options.
For example, if you call xmlSubstituteEntitiesDefault(1) then the XML_NOENT
option will be added to the parsing options every time you create a parsing
context **even if the application never requested XML_NOENT**.
Third party extensions can override these globals, in particular the
substitute entity global. This causes entity substitution to be
unexpectedly active.
Fix it by setting the parsing options to a sane known value.
For API calls that depend on global state we introduce
PHP_LIBXML_SANITIZE_GLOBALS() and PHP_LIBXML_RESTORE_GLOBALS().
For other APIs that work directly with a context we introduce
php_libxml_sanitize_parse_ctxt_options().
At one point this was changed from a bool to an int in libxml2, with
negative values meaning it is unspecified. Because it is cast to a bool
this therefore returned true instead of the expected false.
Closes GH-11793.
* PHP-8.2:
Fix empty argument cases for DOMParentNode methods
Fix DOMCharacterData::replaceWith() with itself
Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS()
Fix DOMEntity field getter bugs
* PHP-8.1:
Fix empty argument cases for DOMParentNode methods
Fix DOMCharacterData::replaceWith() with itself
Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS()
Fix DOMEntity field getter bugs
- publicId could crash PHP if none was provided
- notationName never worked
The fields of this classs were untested. This new test file changes that.
Closes GH-11779.
* PHP-8.2:
Fix GH-11630: proc_nice_basic.phpt only works at certain nice levels
Fix GH-11629: bug77020.phpt tries to send mail
Fix GH-11625: DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <></> depending on libxml2 version
* PHP-8.1:
Fix GH-11630: proc_nice_basic.phpt only works at certain nice levels
Fix GH-11629: bug77020.phpt tries to send mail
Fix GH-11625: DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <></> depending on libxml2 version
Depending on the libxml2 version, the behaviour is either to not
render the fragment correctly, or to wrap it inside <></>. Fix it by
unpacking fragments manually. This has the side effect that we need to
move the unlinking check in the replacement function to earlier because
the empty child list is now possible in non-error cases.
Also fixes a mistake in the linked list management.
Closes GH-11627.
Change the way lifetime works in ext/libxml and ext/dom
Previously, a node could be freed even when holding a userland reference
to it. This resulted in exceptions when trying to access that node after
it has been implicitly or explicitly removed. After this patch, a node
will only be freed when the last userland reference disappears.
Fixes GH-9628.
Closes GH-11576.
For the past 20 years this threw a "not yet implemented" exception. But
the function was actually there (albeit not documented) and could be called...
Closes GH-11333.
When you construct a DOM tree containing subtrees which are constructed
top-down, this won't remove the redundant namespaces. That's because the
following conditions hold:
1) The namespace are reused from the doc->oldNs list.
2) Therefore during reconciliation no nsDef field is set, so no redundant
namespaces are removed by our reconciliation code.
Furthermore, it would only be fixed up automatically if the tree wasn't
added in bottom-up way, or if it had been constructed bottom-up from the
start.
Fix it by setting a flag to remove redundant namespaces in the libxml2
reconciliation call.
Since removing redundant namespaces may have a performance cost, we only do
this after performing a simple check.
Closes GH-11528.
