* Mark many functions as static
Multiple functions are missing the static qualifier.
* remove unused struct sigactions
struct sigaction act, old_term, old_quit, old_int;
all unused.
* optimizer: minXOR and maxXOR are unused
* Include the source location in Closure names
This change makes stack traces involving Closures, especially multiple
different Closures, much more useful, because it's more easily visible *which*
closure was called for a given stack frame.
The implementation is similar to that of anonymous classes which already
include the file name and line number within their generated classname.
* Update scripts/dev/bless_tests.php for closure naming
* Adjust existing tests for closure naming
* Adjust tests for closure naming that were not caught locally
* Drop the namespace from closure names
This is redundant with the included filename.
* Include filename and line number as separate keys in Closure debug info
* Fix test
* Fix test
* Include the surrounding class and function name in closure names
* Fix test
* Relax test expecations
* Fix tests after merge
* NEWS / UPGRADING
The reflection failure is because the XML extension is used to check the
module dependency information, but that extension can be configured to
not depend on ext/libxml, resulting in a different output. The solution
is to check another extension instead.
The test failures in ext/xml/tests are because of different behaviour
between libxml2 and Expat error handling. These are expected differences
and the solution is to split the tests.
Closes GH-13522.
This syncs the installed sapi and extension headers on *nix and Windows
systems by installing only what is intended outside of php-src.
- ext/gd: without gd_arginfo.h and gd_compat.h
- ext/hash: php_hash_joaat.h and php_hash_fnv.h added also on Windows
installation; xxhash/xxhash.h added on both installations as it is
included in php_hash_xxhash.h; Include path for xxhash.h changed to
relative so the php_hash_xxhash.h can be included outside of php-src;
Redundant include flags removed
- ext/iconv: without iconv_arginfo.h
- ext/mysqli: mysqli_mysqlnd.h was missing on Windows
- ext/phar: php_phar.h was missing on Windows
- ext/sodium: php_libsodium.h was missing on *nix
- ext/xml: without xml_arginfo.h
- sapi/cli: cli.h was missing on Windows
Closes GH-13210
Closes GH-13213
* Avoid passing NULL to xmlSwitchToEncoding
This otherwise switches to UTF-8 on libxml2 2.12.0
* Split tests for different error reporting behaviour in libxml2 2.12.0
* Avoid deprecation warnings for libxml2 2.12.0
We can't fully get rid of the parser globals as there are still APIs
that implicitly use them.
* Temporarily disable part of test for libxml 2.12.0 regression
See https://gitlab.gnome.org/GNOME/libxml2/-/issues/634
* Review fixes
* [ci skip] Update test description
This is _not_ exploitable right now because libxml guarantees right now
a maximum string length of 1M bytes. But if that limit were to ever
change this could overflow in the future leading to exploits.
Again, not exploitable right now, but just making it more future-proof.
To get proper errors and sensible behaviour, as the current behaviour is somewhat insane and part of it should be axed ASAP.
The behaviour is mostly intact with some minor BC breaks which are mentioned in UPGRADING.
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Fixes GHSA-3qrf-m4j2-pcrr.
To parse a document with libxml2, you first need to create a parsing context.
The parsing context contains parsing options (e.g. XML_NOENT to substitute
entities) that the application (in this case PHP) can set.
Unfortunately, libxml2 also supports providing default set options.
For example, if you call xmlSubstituteEntitiesDefault(1) then the XML_NOENT
option will be added to the parsing options every time you create a parsing
context **even if the application never requested XML_NOENT**.
Third party extensions can override these globals, in particular the
substitute entity global. This causes entity substitution to be
unexpectedly active.
Fix it by setting the parsing options to a sane known value.
For API calls that depend on global state we introduce
PHP_LIBXML_SANITIZE_GLOBALS() and PHP_LIBXML_RESTORE_GLOBALS().
For other APIs that work directly with a context we introduce
php_libxml_sanitize_parse_ctxt_options().
It's possible to categorise the failures into 2 categories:
- Changed error message. In this case we either duplicate the test and
modify the error message. Or if the change in error message is
small, we use the EXPECTF matchers to make the test compatible with both
old and new versions of libxml2.
- Missing warnings. This is caused by a change in libxml2 where the
parser started using SAX APIs internally [1]. In this case the
error_type passed to php_libxml_internal_error_handler() changed from
PHP_LIBXML_ERROR to PHP_LIBXML_CTX_WARNING because it internally
started to use the SAX handlers instead of the generic handlers.
However, for the SAX handlers the current input stack is empty, so
nothing is actually printed. I fixed this by falling back to a
regular warning without a filename & line number reference, which
mimicks the old behaviour. Furthermore, this change now also shows
an additional warning in a test which was previously hidden.
[1] https://gitlab.gnome.org/GNOME/libxml2/-/commit/9a82b94a94bd310db426edd453b0f38c6c8f69f5
Closes GH-11162.
This reverts commit 94ee4f9834.
The commit was a bit too late to be included in PHP 8.2 RC1. Given it's a massive ABI break, we decide to postpone the change to PHP 8.3.
Add a family of upper case conversion functions to zend_operators.c,
by analogy with the lower case functions.
Move the single-character conversion macros to the header so that they
can be used as a locale-independent replacement for tolower() and
toupper().
Factor out the ugly bits of the SSE2 case conversion so that the four
functions that use it are easy to read and processor-independent.
Use the new ASCII upper case functions in ext/xml, ext/pdo_dblib and as
an optimization for strtoupper() when the locale is "C".
David CARLIER