The CURLOPT_NOPROXY option value is converted to a long before
being applied as a curl option. This causes the option to have
no effect. This patch changes this conversion to a string.
* PHP-5.5: (27 commits)
fix non-standard C
update NEWS
5.4.41 next
fix CVE num
update NEWS
Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode)
fix test
fix type in fix for #69085
fix memory leak & add test
Fix tests
fix CVE num
Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability)
Fix test
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
...
Conflicts:
ext/standard/http_fopen_wrapper.c
* PHP-5.4.40:
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
Fixed bug #69293
Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
Revert unintentional docblock change
It looks like commit dd8e59da8f
introduced an unintended docbloc change. I have reverted this
change in this commit.
Added test case.
Refactored the code to isolate the string handling. Fixed return values to use SUCCESS and FAILURE.
Removed unused error variable.
Indentation fix.
Removed the ugly goto.
Newer versions of libcurl prevent file:// location response headers by default,
which means that the open_basedir check is unnecessary — the fact
CURLOPT_REDIR_PROTOCOLS can't set CURLPROTO_FILE with open_basedir enabled
means that there's no possibility of breaching the open_basedir restriction,
and this allows HTTP redirects to be followed automatically.
Implements FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or
safe_mode).
