archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
123521 commits 526 branches 1434 tags 864 MiB
Commit graph

478 commits

Author SHA1 Message Date
Niels Dossche
c283c3ab0b Sanitize libxml2 globals before parsing 
Fixes GHSA-3qrf-m4j2-pcrr.

To parse a document with libxml2, you first need to create a parsing context.
The parsing context contains parsing options (e.g. XML_NOENT to substitute
entities) that the application (in this case PHP) can set.
Unfortunately, libxml2 also supports providing default set options.
For example, if you call xmlSubstituteEntitiesDefault(1) then the XML_NOENT
option will be added to the parsing options every time you create a parsing
context **even if the application never requested XML_NOENT**.

Third party extensions can override these globals, in particular the
substitute entity global. This causes entity substitution to be
unexpectedly active.

Fix it by setting the parsing options to a sane known value.
For API calls that depend on global state we introduce
PHP_LIBXML_SANITIZE_GLOBALS() and PHP_LIBXML_RESTORE_GLOBALS().
For other APIs that work directly with a context we introduce
php_libxml_sanitize_parse_ctxt_options().
 2023-07-31 19:47:19 +01:00
Remi Collet
112527d677
Fix bug #81325 Segfault in zif_simplexml_import_dom 2021-08-03 12:06:36 +02:00
Stanislav Malyshev
eed03fce59
Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Revert "Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement"
 2021-04-26 21:02:09 -07:00
Stanislav Malyshev
2b3346208a
Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Revert "Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement"
 2021-04-26 21:02:03 -07:00
Stanislav Malyshev
1b88c85cd8
Revert "Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement" 
Sorry, this solution seems to have BC breaks, will need to look
for better one.

This reverts commit 9f7e8b777c.
 2021-04-26 21:01:25 -07:00
Stanislav Malyshev
6de2d54425
Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement
 2021-04-26 20:50:29 -07:00
Stanislav Malyshev
76637017ac
Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement
 2021-04-26 20:50:15 -07:00
Christoph M. Becker
9f7e8b777c
Fix #80852: Stack-overflow when json_encode()'ing SimpleXMLElement 
We ignore `XML_ENTITY_DECL` nodes when getting the hash of the
properties of a `SimpleXMLElement`.
 2021-04-26 20:43:45 -07:00
Máté Kocsis
cb84e5c332
Fix arginfo/ZPP mismatch for simplexml_import_dom 
Closes GH-6905
 2021-04-26 11:09:30 +02:00
Máté Kocsis
628db3f3b5
Fix UNKNOWN default values in various extensions 
Closes GH-6075
 2020-09-07 19:02:02 +02:00
Máté Kocsis
6c8fb123d2
Promote warnings to exceptions in ext/simplexml 
Closes GH-6011

Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
 2020-08-25 15:15:58 +02:00
Nikita Popov
f4e9d0e325 Don't return temporary from SXE write_property handler 
Return the original value. If we don't return the original value,
we need to own the zval, which we don't.

For clarity also switch things to work on a zend_string* value
instead of a zval*.
 2020-08-25 11:28:44 +02:00
Nikita Popov
afde6dcf5f Simplify change_node_zval implementation 
At this point, the value has already been converted into a string.
 2020-08-25 11:01:48 +02:00
Nikita Popov
8f61854108 Add a missing null check in simplexml 2020-08-13 16:46:08 +02:00
Nikita Popov
fc7bab3aee Throw on uninitialized SimpleXMLElement 
Elevate this warning into an Error, as usual. Add a few checks
in places that were missing them.
 2020-08-13 16:13:02 +02:00
Max Semenik
2b5de6f839
Remove proto comments from C files 
Closes GH-5758
 2020-07-06 21:13:34 +02:00
Nikita Popov
312201dce4 Add get_gc handle for object iterators 
Optional handler with the same semantics as the object handler.
 2020-07-01 15:17:22 +02:00
Nikita Popov
4730b06f1d Make SimpleXMLElement a RecursiveIterator 
Context: https://externals.io/message/108789

This essentially moves the functionality of SimpleXMLIterator into
SimpleXMLElement, and makes SimpleXMLIterator a no-op extension.

Ideally SimpleXMLElement would be an IteratorAggregate, whose
getIterator() method returns SimpleXMLIterator. However, because
SimpleXMLIterator extends SimpleXMLElement (and code depends on
this in non-trivial ways), this is not possible.

The only way to not keep SimpleXMLElement as a magic Traversable
(that implements neither Iterator nor IteratorAggregate) is to
move the SimpleXMLIterator functionality into it.

Closes GH-5234.
 2020-06-24 15:09:21 +02:00
Christoph M. Becker
3a0bdb720a Fix #63575: Root elements are not properly cloned 
Cloning of root elements has to preserve that property, so they require
some special treatment.
 2020-06-17 16:48:50 +02:00
Nikita Popov
15846ff115 Add ZVAL_OBJ_COPY macro 
For the common ZVAL_OBJ + GC_ADDREF pattern.
This mirrors the existing ZVAL_STR_COPY API.
 2020-06-17 16:36:56 +02:00
twosee
1b85e749c7 Fix warning of strict-prototypes 
Closes GH-5673.
 2020-06-07 10:36:50 +02:00
George Peter Banyard
f0794c7719 Fix [-Wundef] warning in SimpleXML extension 2020-05-20 16:29:52 +02:00
Christoph M. Becker
1d20443679 Merge branch 'PHP-7.4' 
* PHP-7.4:
  Fix #79528: Different object of the same xml between 7.4.5 and 7.4.4
 2020-05-01 12:42:09 +02:00
Christoph M. Becker
9b9252c667 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #79528: Different object of the same xml between 7.4.5 and 7.4.4
 2020-05-01 12:40:37 +02:00
Christoph M. Becker
54148fd686 Fix #79528: Different object of the same xml between 7.4.5 and 7.4.4 
Revert "Fix #61597: SXE properties may lack attributes and content"

This reverts commit 7c081db885.
 2020-05-01 12:37:39 +02:00
Máté Kocsis
4815be44db
Generate function entries from stubs 
Converts ext/pcntl, ext/simplexml, ext/snmp, ext/soap, ext/sqlite3.
Closes GH-5421
 2020-04-20 10:38:41 +02:00
Nikita Popov
6bf483a94a Clarify SimpleXML comparison logic 2020-03-31 12:48:57 +02:00
Nikita Popov
fb5bfcb75b Add a ZEND_UNCOMPARABLE value 
To explicitly indicate that objects are uncomparable. For now
this has no functional difference from the usual 1 return value,
but makes intent clearer.
 2020-03-31 12:36:48 +02:00
Máté Kocsis
01b266aac4
Improve error messages of various extensions 
Closes GH-5278
 2020-03-23 18:59:04 +01:00
Christoph M. Becker
208e348982 Merge branch 'PHP-7.4' 
* PHP-7.4:
  Fix #61597: SXE properties may lack attributes and content
 2020-03-12 10:57:14 +01:00
Christoph M. Becker
2b56735ea0 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #61597: SXE properties may lack attributes and content
 2020-03-12 10:56:13 +01:00
Christoph M. Becker
7c081db885 Fix #61597: SXE properties may lack attributes and content 
We must not treat a node as string if it has attributes, unless it is
an entity declaration which is always treated as string by simplexml.
 2020-03-12 10:52:28 +01:00
Nicolas Grekas
9e775db025 Define Stringable with __toString():string method 2020-03-02 15:25:32 +01:00
Máté Kocsis
01a50778d1
Use RETURN_THROWS() after zend_throw_exception() in most of the extensions 2020-01-02 10:56:18 +01:00
Máté Kocsis
345703724c
Use RETURN_THROWS() during ZPP in most of the extensions 
Except for some bigger ones: reflection, sodium, spl
 2019-12-31 11:46:11 +01:00
Christoph M. Becker
4008704f62 zend_parse_parameters_throw() is obsolete 
Since `zend_parse_parameters()` throws now, there is no reason to
explicitly call `zend_parse_parameters_throw()` anymore, and since both
have actually the same implementation, we redefine the latter as macro.
 2019-11-01 16:47:15 +01:00
Dmitry Stogov
b02b81299c Comparison cleanup: 
- introduce zend_compare() that returns -1,0,1 dirctly (without intermediate zval)
- remove compare_objects() object handler, and keep only compare() handler
 2019-10-07 17:57:49 +03:00
Joe Watkins
32b87f855e
Merge branch 'PHP-7.4' 
* PHP-7.4:
  Fixed #75245 Don't set content of elements with only whitespaces
 2019-10-02 08:17:45 +02:00
Erik Lundin
6462c19689
Fixed #75245 Don't set content of elements with only whitespaces 2019-10-02 08:17:04 +02:00
Gabriel Caruso
5d6e923d46
Remove mention of PHP major version in Copyright headers 
Closes GH-4732.
 2019-09-25 14:51:43 +02:00
Christoph M. Becker
de6b76805d Just return on throwing ZPP 2019-09-25 10:40:45 +02:00
Christoph M. Becker
2540c44dbe Add missing zend_parse_parameters_none() 2019-09-25 10:40:45 +02:00
Stephen Reay
b0d80e16e3 Add SimpleXML arginfo stubs 2019-09-25 10:34:21 +02:00
Nikita Popov
743d27631f Normalize SimpleXML::asXML() argument handling 
Remove odd manual checks in favor of a standard zpp call.
 2019-08-15 11:18:56 +02:00
twosee
63171d88f2 Add do...while(0) for RETURN_* and ZVAL_* APIs 
Closes GH-4255.
 2019-06-12 16:17:16 +02:00
Dmitry Stogov
e029cc4dd4 Merge branch 'PHP-7.4' 
* PHP-7.4:
  Cheaper checks for exceptions thrown from __toString()
 2019-06-06 02:23:17 +03:00
Dmitry Stogov
457392fa64 Cheaper checks for exceptions thrown from __toString() 2019-06-06 01:47:22 +03:00
Nikita Popov
7686b0b889 Merge branch 'PHP-7.4' 2019-06-05 14:53:50 +02:00
Nikita Popov
a31f46421d Allow exceptions in __toString() 
RFC: https://wiki.php.net/rfc/tostring_exceptions

And convert some object to string conversion related recoverable
fatal errors into Error exceptions.

Improve exception safety of internal code performing string
conversions.
 2019-06-05 14:25:07 +02:00
Christoph M. Becker
c89b788a8a Merge branch 'PHP-7.4' 
* PHP-7.4:
  SimpleXMLElement and ResourceBundle implement Countable
 2019-05-31 19:01:41 +02:00