Again, check_property_access() does not correctly work for properties
that look like mangled private propert names (but aren't). Fix this
by only checking visibility for INDIRECT properties.
foreach currently still unmangles property names, even if they don't
correspond to declared properties. HHVM does not do this (and I think
this is correct.) As this is done consistently, leaving it alone
for now.
* PHP-7.1:
Fixed bug #73337 (try/catch not working with two exceptions inside a same operation)
Revert "Fix bug #47890#73215 uniqid() should use better random source"
Revert "Fix bug #47890#73215 uniqid() should use better random source"
Update NEWS
* PHP-7.0:
Fixed bug #73337 (try/catch not working with two exceptions inside a same operation)
Revert "Fix bug #47890#73215 uniqid() should use better random source"
Update NEWS
* PHP-7.0:
followup with #73276 merge
fix test
Fix bug #73276 - crash in openssl_random_pseudo_bytes function
Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()
Fix for #73240 - Write out of bounds at number_format
avoid strlen
Bug #73218: add mitigation for ICU int overflow
Add more locale length checks, due to ICU bugs.
Fix bug #73150: missing NULL check in dom_document_save_html
Clear FG(user_stream_current_filename) when bailing out
set versions and release date
sync NEWS
Revert "Fixed bug #73067 (__debugInfo crashes when throwing an exception)"
Fix for #73240 - Write out of bounds at number_format
Fix bug #73257 and bug #73258 - SplObjectStorage unserialize allows use of non-object as key
set versions
Fix bug #73091 - Unserializing DateInterval object may lead to __toString invocation
* PHP-7.0.12:
set versions and release date
sync NEWS
Revert "Fixed bug #73067 (__debugInfo crashes when throwing an exception)"
Fix for #73240 - Write out of bounds at number_format
Fix bug #73257 and bug #73258 - SplObjectStorage unserialize allows use of non-object as key
set versions
Fix bug #73091 - Unserializing DateInterval object may lead to __toString invocation
This a partial backport of 8754b19. It
a) fixes the class/function/constant import table confusion in the
namespaced case, and
b) restricts conflict checks to a single file based on a filename
pointer comparison.
It does not fix the issues with filename reuse (e.g. due to eval)
and late-bound classes. This part of the change requires globals
changes.
This fixes the following issues:
* "use function" and "use const" inside namespaced code were checking
for conflicts against class imports. Now they always check against
the correct symbol type.
* Symbol conflicts are now always checked within a single file only.
Previously class uses inside namespaced code were checked globally.
This behavior is illegal because symbols from other files are not
visible if opcache is used, resulting in behavioral discrepancies.
Additionally this made the presence/absence of symbol errors dependent
on autoloading order, which is volatile.
* The "single file" restriction is now enforced by collecting defined
symbols inside a separate hash table. Previously it was enforced
(for the non-namespaced case) by comparing the filename of the
symbol declaration. However this is inaccurate if the same filename
is used multiple times, such as may happen if eval() is used.
* Additionally the previous approach relies on symbols being registered
at compile-time, which is not the case for late-bound classes, which
makes the behavior dependent on class declaration order, as well as
opcache (which may cause delayed early-binding).
* Lastly, conflicts are now consistently checked for conditionally
defined symbols. Previously only declaration-after-use conflicts were
checked in this case. Now use-after-declaration conflicts are
detected as well.
