The do_request() function that calls this methods, assumes that a string is being returned from the method
otherwise it bails out.
However, the default implementation of SoapClient::__doRequest() indicates that it can return null when it
fails to set-up and execute the HTTP SOAP request, but this always results in a SoapFault exception being
thrown, and thus cannot happen in practice.
We need to investigate further if the return type should be changed from ?string to string or not.
There's a hash table that maps type names to class name, but names with
a leading backslash are not supported. The engine has logic to strip
away the leading backslash that we should replicate here.
It works by checking if we need to make an actual copy in case an
unexpected (e.g. invalid data or leading backslash) situations are
detected. Upon making a copy we normalize the data in the table.
Furthermore, previously the code assumed that the key was always valid
and that the structure was a non-packed hash table. This isn't
necessarily the case. The new code fixes this as well.
Closes GH-14398.
This adds an optional dependency on the session extension and adds the
necessary APIs to make the functionality work with lazy binding.
This can be tested by configuring PHP with `--enable-session=shared` and
`--enable-soap=shared` and running the test suite, in particular the
buggy behaviour can be observed by the existing test `server009.phpt`.
The naming of the userland functions is terrible and confused me.
gzdecode() is actually the function to decompress a gzip stream, and
gzuncompress() is the one to decompress a deflate stream...
See zlib.c to see the internal function -> type mapping.
The incorrect functions are being called to deal with incoming
compressed data.
gzip/x-gzip corresponds to gzuncompress(), while deflate corresponds to
gzinflate().
The existing code for gzip compression also plays with removing the
first 10 bytes (i.e. the gzip header) to pass it to the inflate
implementation but that doesn't always work properly due to trailer
data. Get rid of that entirely by using the correct functions.
Closes GH-14321.
These cause test failures when we migrate resources to objects. But anyway, hardcoding the object IDs and the number of properties is hardly ever useful, so it's fine to get rid of them.
Related to #14121
These cause test failures when we migrate resources to objects. But anyway, hardcoding the object IDs and the number of properties is hardly ever useful, so it's fine to get rid of them.
Related to #14121
The problem is that in the testcase, the session is started before the
parent class is loaded. This causes an incomplete class in the session
storage. Then in the soap code the check
`Z_OBJCE_P(tmp_soap_p) == service->soap_class.ce` fails because it is
the incomplete class. It is a silent failure.
We cannot fix this easily. But we should let the user know something is
wrong, because it leaves them confused otherwise. So emit an error to
let them know and suggest a fix.
Closes GH-12540.
Setting the stream context via php_stream_context_to_zval() will
increase the reference count. So if the new context is created, then it
will end up with a reference count of 2 while it should be 1.
Credits to cmb for the analysis. I arrived at the same patch as he did.
Closes GH-12523.
There are two issues:
- UAF because the hashmap resized while being iterated over, yet the local
variables used internally in the macros are not updated.
- The hashmap being iterated over is modified: entries are deleted after
other entries have been added. This causes the deletion to fail sometimes
because indices of buckets have shifted.
Fix it by using a while loop iteration and HashPosition position tracker
instead.
Issue exists on PHP 8.1 too, but is much harder to trigger.
The test file reproduces the issue reliably on PHP 8.2 and up.
Closes GH-12409.
If you build soap as a shared object, then these tests fail on
non-Windows, or when the PHP install hasn't been make install-ed yet,
but is executed from the development directory.
Closes GH-11211.
When traversing the result array, we need to cater to `param_name`
possibly being `NULL`. Prior to PHP 7.0.0, this was implicitly done
because `param_name` was of type `char*`.
Closes GH-9739.
* Emit deprecation warnings when adding dynamic properties to classes during unserialization - this will become an Error in php 9.0.
(Adding dynamic properties in other contexts was already a deprecation warning - the use case of unserialization was overlooked)
* Throw an error when attempting to add a dynamic property to a `readonly` class when unserializing
* Add new serialization methods `__serialize`/`__unserialize` for SplFixedArray to avoid creating deprecated dynamic
properties that would then be added to the backing fixed-size array
* Don't add named dynamic/declared properties (e.g. $obj->foo) of SplFixedArray to the backing array when unserializing
* Update tests to declare properties or to expect the deprecation warning
* Add news entry
Co-authored-by: Tyson Andre <tysonandre775@hotmail.com>
Implements initial stage of accepted RFC to remove them:
https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode
Tests relating to SOAP and htmlspecialchars seem to have been
using this entirely unnecessarily, so have been fixed.
Closes GH-8726.
