From 388c21e7646d5336ca734d1a98cc1d64736a327f Mon Sep 17 00:00:00 2001 From: Gabriel Caruso Date: Fri, 26 Oct 2018 00:09:50 -0300 Subject: [PATCH 1/5] Add is_iterable to opcache Optimizer --- ext/opcache/Optimizer/zend_func_info.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ext/opcache/Optimizer/zend_func_info.c b/ext/opcache/Optimizer/zend_func_info.c index f89e8c79468..8e590b95e95 100644 --- a/ext/opcache/Optimizer/zend_func_info.c +++ b/ext/opcache/Optimizer/zend_func_info.c @@ -606,6 +606,7 @@ static const func_info_t func_infos[] = { F0("is_scalar", MAY_BE_NULL | MAY_BE_FALSE | MAY_BE_TRUE), F0("is_callable", MAY_BE_NULL | MAY_BE_FALSE | MAY_BE_TRUE), F0("is_countable", MAY_BE_NULL | MAY_BE_FALSE | MAY_BE_TRUE), + F0("is_iterable", MAY_BE_NULL | MAY_BE_FALSE | MAY_BE_TRUE), F0("pclose", MAY_BE_FALSE | MAY_BE_LONG), F1("popen", MAY_BE_NULL | MAY_BE_FALSE | MAY_BE_RESOURCE), F0("readfile", MAY_BE_FALSE | MAY_BE_LONG), From 0d6490598dc2ab09ebd5cc28c4da6eb4eb11f98d Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Sat, 27 Oct 2018 16:17:09 +0200 Subject: [PATCH 2/5] Add TIDY_TAG_* constants supported by libtidy 5 Cf. . --- NEWS | 3 +++ UPGRADING | 30 ++++++++++++++++++++++++++++++ ext/tidy/tidy.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+) diff --git a/NEWS b/NEWS index 3e5b23c4d2e..12a6eb7fb9c 100644 --- a/NEWS +++ b/NEWS @@ -38,4 +38,7 @@ PHP NEWS . Fixed bug #76737 (Unserialized reflection objects are broken, they shouldn't be serializable). (Nikita) +- Tidy: + . Added TIDY_TAG_* constants for HTML5 elements. (cmb) + <<< NOTE: Insert NEWS from last stable release here prior to actual release! >>> diff --git a/UPGRADING b/UPGRADING index caebb748ea2..55c20452eab 100644 --- a/UPGRADING +++ b/UPGRADING @@ -122,6 +122,36 @@ PHP 7.4 UPGRADE NOTES 10. New Global Constants ======================================== +- Tidy: + . TIDY_TAG_ARTICLE + . TIDY_TAG_ASIDE + . TIDY_TAG_AUDIO + . TIDY_TAG_BDI + . TIDY_TAG_CANVAS + . TIDY_TAG_COMMAND + . TIDY_TAG_DATALIST + . TIDY_TAG_DETAILS + . TIDY_TAG_DIALOG + . TIDY_TAG_FIGCAPTION + . TIDY_TAG_FIGURE + . TIDY_TAG_FOOTER + . TIDY_TAG_HEADER + . TIDY_TAG_HGROUP + . TIDY_TAG_MAIN + . TIDY_TAG_MARK + . TIDY_TAG_MENUITEM + . TIDY_TAG_METER + . TIDY_TAG_NAV + . TIDY_TAG_OUTPUT + . TIDY_TAG_PROGRESS + . TIDY_TAG_SECTION + . TIDY_TAG_SOURCE + . TIDY_TAG_SUMMARY + . TIDY_TAG_TEMPLATE + . TIDY_TAG_TIME + . TIDY_TAG_TRACK + . TIDY_TAG_VIDEO + ======================================== 11. Changes to INI File Handling ======================================== diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c index 0fde23cb11b..9cb63a0d4d3 100644 --- a/ext/tidy/tidy.c +++ b/ext/tidy/tidy.c @@ -2021,6 +2021,36 @@ static void _php_tidy_register_tags(INIT_FUNC_ARGS) TIDY_TAG_CONST(VAR); TIDY_TAG_CONST(WBR); TIDY_TAG_CONST(XMP); +# if HAVE_TIDYBUFFIO_H + TIDY_TAG_CONST(ARTICLE); + TIDY_TAG_CONST(ASIDE); + TIDY_TAG_CONST(AUDIO); + TIDY_TAG_CONST(BDI); + TIDY_TAG_CONST(CANVAS); + TIDY_TAG_CONST(COMMAND); + TIDY_TAG_CONST(DATALIST); + TIDY_TAG_CONST(DETAILS); + TIDY_TAG_CONST(DIALOG); + TIDY_TAG_CONST(FIGCAPTION); + TIDY_TAG_CONST(FIGURE); + TIDY_TAG_CONST(FOOTER); + TIDY_TAG_CONST(HEADER); + TIDY_TAG_CONST(HGROUP); + TIDY_TAG_CONST(MAIN); + TIDY_TAG_CONST(MARK); + TIDY_TAG_CONST(MENUITEM); + TIDY_TAG_CONST(METER); + TIDY_TAG_CONST(NAV); + TIDY_TAG_CONST(OUTPUT); + TIDY_TAG_CONST(PROGRESS); + TIDY_TAG_CONST(SECTION); + TIDY_TAG_CONST(SOURCE); + TIDY_TAG_CONST(SUMMARY); + TIDY_TAG_CONST(TEMPLATE); + TIDY_TAG_CONST(TIME); + TIDY_TAG_CONST(TRACK); + TIDY_TAG_CONST(VIDEO); +# endif } #endif From 829b0df77b20392115d75fb82c56ad94edc1e423 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Sat, 27 Oct 2018 17:30:13 +0200 Subject: [PATCH 3/5] Fix #71592: External entity processing never fails If the callback set via `xml_set_external_entity_ref_handler()` returns a falsy value, parsing is supposed to stop and the error number set to `XML_ERROR_EXTERNAL_ENTITY_HANDLING`. This is already correctly done by the libexpat binding, but the libxml2 binding ignores the return value. We fix this by calling `xmlStopParser()` which is available as of libxml 2.1.0[1] (PHP-7.1 requires at least libxml 2.6.11 anyway), and setting the desired `errNo` ourselves. [1] --- NEWS | 3 +++ UPGRADING | 5 +++++ ext/xml/compat.c | 5 ++++- ext/xml/tests/bug71592.phpt | 30 ++++++++++++++++++++++++++++++ 4 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 ext/xml/tests/bug71592.phpt diff --git a/NEWS b/NEWS index aa12469b6aa..b0ce0d795c4 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,9 @@ PHP NEWS . Fixed bug #50675 (SoapClient can't handle object references correctly). (Cameron Porter) +- XML: + . Fixed bug 71592 (External entity processing never fails). (cmb) + 25 Oct 2018, PHP 7.3.0RC4 - Core: diff --git a/UPGRADING b/UPGRADING index 369e194cb0d..d1d9d0629c2 100644 --- a/UPGRADING +++ b/UPGRADING @@ -482,6 +482,11 @@ PCRE: supported transparently. Since tidyp offers no API to get the release date, tidy_get_release() and tidy::getRelease() return 'unknown' in this case. + XML: + . The return value of the `xml_set_external_entity_ref_handler()` callback is + now also heeded if the extension has been built against libxml. Formerly, + the return value has been ignored, and parsing did never stop. + Zip: . Building against the bundled libzip is discouraged, but still possible by adding `--without-libzip` to the configuration. diff --git a/ext/xml/compat.c b/ext/xml/compat.c index 2018dfa126a..450bb1b52cc 100644 --- a/ext/xml/compat.c +++ b/ext/xml/compat.c @@ -359,7 +359,10 @@ _external_entity_ref_handler(void *user, const xmlChar *names, int type, const x return; } - parser->h_external_entity_ref(parser, names, (XML_Char *) "", sys_id, pub_id); + if (!parser->h_external_entity_ref(parser, names, (XML_Char *) "", sys_id, pub_id)) { + xmlStopParser(parser->parser); + parser->parser->errNo = XML_ERROR_EXTERNAL_ENTITY_HANDLING; + }; } static xmlEntityPtr diff --git a/ext/xml/tests/bug71592.phpt b/ext/xml/tests/bug71592.phpt new file mode 100644 index 00000000000..28a316a28ee --- /dev/null +++ b/ext/xml/tests/bug71592.phpt @@ -0,0 +1,30 @@ +--TEST-- +Bug #71592 (External entity processing never fails) +--SKIPIF-- + +--FILE-- + + +]> + +

&pic;

+

+ +XML; + +$parser = xml_parser_create_ns('UTF-8'); +xml_set_external_entity_ref_handler($parser, function () { + return false; +}); +xml_parse($parser, $xml); +var_dump(xml_get_error_code($parser)); +?> +===DONE=== +--EXPECT-- +int(21) +===DONE=== From eca3b9629f262c7a8a62cbdffc4f137c8ddde464 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Sun, 28 Oct 2018 12:48:07 +0100 Subject: [PATCH 4/5] [ci skip] Update UPGRADING PR #3317[1] is relevant for the migration guide, so we add a respective note in UPGRADING. [1] --- UPGRADING | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/UPGRADING b/UPGRADING index d1d9d0629c2..8df033036a6 100644 --- a/UPGRADING +++ b/UPGRADING @@ -466,6 +466,11 @@ JSON: . Support for ODBCRouter has been removed. . Support for Birdstep has been removed. + OpenSSL: + . The min_proto_version and max_proto_version ssl stream options as well as + related constants for possible TLS protocol values have been added. + See . + PCRE: . The PCRE extension has been upgraded to PCRE2, which may cause minor behavioral changes (for instance, character ranges in classes are now more From 359f19edc9b200dd94a3d30dc14bd4a22903d80c Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Mon, 29 Oct 2018 13:11:41 +0300 Subject: [PATCH 5/5] Optimize substr() edge-case conditions --- ext/standard/string.c | 89 ++++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 44 deletions(-) diff --git a/ext/standard/string.c b/ext/standard/string.c index 2f20d62a748..b28ad050d7b 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -2415,52 +2415,53 @@ PHP_FUNCTION(substr) Z_PARAM_LONG(l) ZEND_PARSE_PARAMETERS_END(); - if (argc > 2) { - if ((l < 0 && (size_t)(-l) > ZSTR_LEN(str))) { - RETURN_FALSE; - } else if (l > (zend_long)ZSTR_LEN(str)) { - l = ZSTR_LEN(str); + if (f > (zend_long)ZSTR_LEN(str)) { + RETURN_FALSE; + } else if (f < 0) { + /* if "from" position is negative, count start position from the end + * of the string + */ + if ((size_t)-f > ZSTR_LEN(str)) { + f = 0; + } else { + f = (zend_long)ZSTR_LEN(str) + f; + } + if (argc > 2) { + if (l < 0) { + /* if "length" position is negative, set it to the length + * needed to stop that many chars from the end of the string + */ + if ((size_t)(-l) > ZSTR_LEN(str) - (size_t)f) { + if ((size_t)(-l) > ZSTR_LEN(str)) { + RETURN_FALSE; + } else { + l = 0; + } + } else { + l = (zend_long)ZSTR_LEN(str) - f + l; + } + } else if ((size_t)l > ZSTR_LEN(str) - (size_t)f) { + goto truncate_len; + } + } else { + goto truncate_len; + } + } else if (argc > 2) { + if (l < 0) { + /* if "length" position is negative, set it to the length + * needed to stop that many chars from the end of the string + */ + if ((size_t)(-l) > ZSTR_LEN(str) - (size_t)f) { + RETURN_FALSE; + } else { + l = (zend_long)ZSTR_LEN(str) - f + l; + } + } else if ((size_t)l > ZSTR_LEN(str) - (size_t)f) { + goto truncate_len; } } else { - l = ZSTR_LEN(str); - } - - if (f > (zend_long)ZSTR_LEN(str)) { - RETURN_FALSE; - } else if (f < 0 && (size_t)-f > ZSTR_LEN(str)) { - f = 0; - } - - if (l < 0 && (l + (zend_long)ZSTR_LEN(str) - f) < 0) { - RETURN_FALSE; - } - - /* if "from" position is negative, count start position from the end - * of the string - */ - if (f < 0) { - f = (zend_long)ZSTR_LEN(str) + f; - if (f < 0) { - f = 0; - } - } - - /* if "length" position is negative, set it to the length - * needed to stop that many chars from the end of the string - */ - if (l < 0) { - l = ((zend_long)ZSTR_LEN(str) - f) + l; - if (l < 0) { - l = 0; - } - } - - if (f > (zend_long)ZSTR_LEN(str)) { - RETURN_FALSE; - } - - if ((size_t)l > ZSTR_LEN(str) - (size_t)f) { - l = ZSTR_LEN(str) - f; +truncate_len: + l = (zend_long)ZSTR_LEN(str) - f; } if (l == 0) {