Besides the fact that this is only used for DOM_NODESET and thus makes
no sense of being on the iterator itself, it's also redundant now that
we have the index member.
Engine pitfall: the iter index is only updated by foreach opcodes, so
the existing code that used it as an index for the nodes w.r.t. the
start did not work properly. Fix it by using our own counter.
Closes GH-18004.
There's implicit truncation casts from zend_long to int which cause
issues because checks are done against the zend_longs. Since the
iterator infrastructure uses zend_longs, just convert everything to
zend_long.
Closes GH-15669.
This is an old bug, but this is pretty easy to fix.
It's basically applying the same fix as I did for e878b9f.
Reported by YuanchengJiang.
Closes GH-15143.
This introduces a new helper php_dom_create_nullable_object() that does
the NULL check and puts NULL in return_value. Otherwise it runs
php_dom_create_object(). This deduplicates a bit of code.
It's indeed possible this is NULL. When you create a new text-like node
in libxml and pass NULL as content, you do get NULL in the content field
instead of the empty string. You can hit this by creating DOMText or
DOMComment directly and not passing any argument. This could also be
created internally.
We refactor the code such that this detail is hidden and we add a test
to check that it correctly throws an exception.
This is a long standing bug: IDs aren't properly tracked causing either
outdated or plain incorrect results from getElementById.
This PR implements a pragmatic solution in which we still try to use the
ID lookup table to a degree, but only as a performance boost not as a
"single source of truth". Full details are explained in the
getElementById code.
Closes GH-14349.
Previously this returned `int`. Many functions actually take advantage
of the fact this returns exactly 0 or 1. For instance,
`main/streams/xp_socket.c` does:
sockopts |= STREAM_SOCKOP_IPV6_V6ONLY_ENABLED * zend_is_true(tmpzval);
And `Zend/zend_compile.c` does:
child = &ast->child[2 - zend_is_true(zend_ast_get_zval(ast->child[0]))];
I changed a few places trivially from `int` to `bool`, but there are
still many places such as the object handlers which return `int` that
should eventually be `bool`.
* PHP-8.3:
Fix crash when calling childNodes next() when iterator is exhausted
Fix references not handled correctly in C14N
Fix crashes when entity declaration is removed while still having entity references
* PHP-8.2:
Fix crash when calling childNodes next() when iterator is exhausted
Fix references not handled correctly in C14N
Fix crashes when entity declaration is removed while still having entity references
libxml doesn't do reference counting inside its node types. It's
possible to remove an entity declaration out of the document, but then
entity references will keep pointing to that stale declaration. This
will cause crashes.
One idea would be to check when a declaration is removed, to trigger a
hook that updates all references. However this means we have to keep
track of all references somehow, which would be a high-overhead
solution. The solution in this patch makes sure that the fields are
always updated before they are read.
Closes GH-14089.
The list is live, so upon cache invalidation we should rewalk the tree
to sync the index again with the node list. We keep the legacy behaviour
for the old DOM classes.
Closes GH-13934.
