Apparently example.org now rejects POST requests, so we would need to
adjust the test expectation ("Method not allowed"). However, there is
no need for an online test; instead we're just using the CLI test
server. The serialization is a bit fiddly, but as long as there are
no quotes in `PHP_CLI_SERVER_ADDRESS` we're fine.
Closes GH-16063.
When decoding multibyte data in EXIF tags, the mbstring extension needs
to be enabled. In Autotools this is now synced with ZEND_MOD_OPTIONAL
in the C code, and on Windows it is now also optional.
The required dependency on mbstring extension was removed via
755c2cd0d8 which made the mbstring
extension optional dependency.
We check that the "attrib" and "modtype" keys are present in each array.
If not we throw a ValueError, in line with what other validation failure cases do.
Closes GH-16057
zend_array_dup_ht_iterators() loops over the hash table iterators and
can call zend_hash_iterator_add(). zend_hash_iterator_add() can resize
the array causing a crash in zend_array_dup_ht_iterators().
We solve this by refetching the iter pointer after an add happened.
Closes GH-16060.
The frameless function handlers do not update the op variables when
handling the result is undefined. In this case this causes propagating
an UNDEF value into a temporary, which results in an extra undefined
variable warning for a temporary in this case.
The original issue also reports a crash in some cases, which is also
fixed by this patch.
Closes GH-16012.
regressing commit: 654b787ee1
This was called if JIT was enabled or not. If not enabled, it'll result
in an undeclared function warning and maybe a bad time in the linker.
Gate the meat of this PHP-side function on if JIT is enabled (but keep
it existing so PHP userland code works with or without JIT, OFC).
Internally accessible via zend_jit_blacklist_function / externally via opcache_jit_blacklist.
The functionality currently only affects tracing JIT, but may be extended to other JIT modes in future.
Note that this is not actually security related[1], but still a
reasonable sanity check.
"If a function be advertised to return an error code in the event of
difficulties, thou shalt check for that code, yea, even though the
checks triple the size of thy code and produce aches in thy typing
fingers, for if thou thinkest it cannot happen to me, the gods shall
surely punish thee for thy arrogance." – Henry Spencer
[1] <https://github.com/libgd/libgd/issues/697#issuecomment-2369613187>
libcurl ref: [`CURLINFO_POSTTRANSFER_TIME_T`](https://curl.se/libcurl/c/CURLINFO_POSTTRANSFER_TIME_T.html)
`CURLINFO_POSTTRANSFER_TIME_T` is a libcurl info option that returns
the time it took to "post" the transfer. Available since libcurl 8.10.0
This value is also exposed as `posttransfer_time_us` in the
`curl_getinfo()` return value when the `$option` parameter is not
passed.
PQclosePrepared allows the statement's name to be reused thus allowing
cache solutions to work properly ; whereas, for now, the `DEALLOCATE
<statement>` query is used which free entirely the statement's resources.
close GH-13316
We need to avoid signed integer overflows which are undefined behavior.
We catch that, and set `offset` to `ZEND_LONG_MAX` (which is also the
largest value of `zend_off_t` on all platforms). Of course, that seek
may fail, but even if it succeeds, the stream is no longer readable,
but that matches the current behavior for offsets near `ZEND_LONG_MAX`.
Closes GH-15989.
This adds support for `CURLOPT_DEBUGFUNCTION`[^1] Curl option to set a
custom callback that gets called with debug information during the
lifetime of a Curl request.
The callback gets called with the `CurlHandle` object, an integer
containing the type of the debug message, and a string containing the
debug message. The callback may get called multiple times with the
same message type during a request.
PHP already uses `CURLOPT_DEBUGFUNCTION` functionality to internally
to expose a Curl option named `CURLINFO_HEADER_OUT`.
However,`CURLINFO_HEADER_OUT` is not a "real" Curl option supported
by libcurl. Back in 2006, `CURLINFO_HEADER_OUT` was added[^2] as
a Curl option by using the debug-callback feature. Git history does
not run that back to show why `CURLINFO_HEADER_OUT` was added as a
Curl option, and why the other debug types (such as
`CURLINFO_HEADER_IN` were not added as Curl options, but this seems
to be a historical artifact when we added features without trying
to be close to libcurl options.
This approach has a few issues:
1. `CURLINFO_HEADER_OUT` is not an actual Curl option supported by
upstream libcurl.
2. All of the Curl options have `CURLOPT_` prefix, and `CURLINFO_HEADER_OUT`
is the only Curl "option" that uses the `CURLINFO` prefix. This exception
is, however, noted[^3] in docs.
3. When `CURLINFO_HEADER_OUT` is set, the `CURLOPT_VERBOSE` is also implicitly
set. This was reported[^4] to bugs.php.net, but the bug is marked as wontfix.
This commit adds support for `CURLOPT_DEBUGFUNCTION`. It extends the existing
`curl_debug` callback to store the header-in information if it encounters
a debug message with `CURLINFO_HEADER_OUT`. In all cases, if a callable
is set, it gets called.
`CURLOPT_DEBUGFUNCTION` intends to replace `CURLINFO_HEADER_OUT` Curl
option as a versatile alternative that can also be used to extract
other debug information such as SSL data, text information messages,
incoming headers, as well as headers sent out (which `CURLINFO_HEADER_OUT`
makes available).
The callables are allowed to throw exceptions, but the return values are
ignored.
`CURLOPT_DEBUGFUNCTION` requires `CURLOPT_VERBOSE` enabled, and setting
`CURLOPT_DEBUGFUNCTION` does _not_ implicitly enable `CURLOPT_VERBOSE`.
If the `CURLOPT_DEBUGFUNCTION` option is set, setting `CURLINFO_HEADER_OUT`
throws a `ValueError` exception. Setting `CURLOPT_DEBUGFUNCTION` _after_
enabling `CURLINFO_HEADER_OUT` is allowed. Technically, it is possible
for both functionality (calling user-provided callback _and_ storing
header-out data) is possible, setting `CURLINFO_HEADER_OUT` is not
allowed to encourage the use of `CURLOPT_DEBUGFUNCTION` function.
This commit also adds the rest of the `CURLINFO_` constants used as
the `type` integer value in `CURLOPT_DEBUGFUNCTION` callback.
---
[^1]: [cur.se - CURLOPT_DEBUGFUNCTION](https://curl.se/libcurl/c/CURLOPT_DEBUGFUNCTION.html)
[^2]: [`5f25d80`](5f25d80d10)
[^3]: [curl_setopt doc mentioning `CURLINFO_` prefix is intentional](https://www.php.net/manual/en/function.curl-setopt.php#:~:text=prefix%20is%20intentional)
[^4]: [bugs.php.net - `CURLOPT_VERBOSE` does not work with `CURLINFO_HEADER_OUT`](https://bugs.php.net/bug.php?id=65348)
