On Windows the built-in webserver doesn't prevent directory traversal when
backslashes are used as path component separators. Even though that is not a
security issue (the CLI webserver is meant for testing only), we fix that by
replacing backslashes in the path with slashes on Windows, because backslashes
may be valid characters for file names on other systems, but not on Windows.
* PHP-5.5:
Handle NULL strings in sapi_cli_server_register_variable().
Allow CLI server test scripts to specify the name of the router file.
Conflicts:
sapi/cli/tests/php_cli_server.inc
Add port range verification of listening port with -S option for the php cli.
This fixes inconsistent listening port due to unverified cast from long to short
with htons(3).
Add port range verification of listening port with -S option for the php cli.
This fixes inconsistent listening port due to unverified cast from long to short
with htons(3).
We had an infinite loop in sapi_cli_server_send_headers(): while iterating over
the linked list of headers, when an empty header was hit, continue would go to
the next iteration of the loop without updating h to be the next value in the
linked list. Updating it to always increment regardless of whether the header
is actually valid or not fixes the issue.
The timeout argument to select() is modified to reflect the time
remaining when the function returns on a non-timeout condition.
Passing a pointer to const data and casting away the const-ness is
asking for trouble, but for some reason, this trouble manifests
itself only on non-x86 architectures [whose implementation of select()
in glibc is different from the one supplied for x86]
Fix this by passing a stack copy of the timeout argument to select()
* PHP-5.5:
Updated NEWS
Removed UPGRADING note
Rewrote test using tcp instead of http:// stream
Implemented FR #65917 (getallheaders() is not supported by the built-in...)
* CLIGetAllHeadersBackport:
Removed UPGRADING note
Rewrote test using tcp instead of http:// stream
Implemented FR #65917 (getallheaders() is not supported by the built-in...)
* PHP-5.5:
This is CLI web server change. Added some common MIME types to the existing lookup list, pending a more thorough lookup solution, if anyone wants to do that. Ref http://news.php.net/php.internals/69990
- Implemented apache_request_headers() and getallheaders() alias in CLI server
- Implemented apache_response_headers() in CLI server using FastCGI code
Conflicts:
NEWS
UPGRADING
* PHP-5.5:
- Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding)
- BFN
Allow the ldap extension to be compiled with Oracle's LDAP implementation, if desired. Note the implementations differ so you will see different ldap behavior.
* slim-postdata:
slim post data
add NEWS entry; add simple test
more precise condition
make this work in vc11 too
Use int64_t and atoll() after discussion with johannes
ws
Patch for https://bugs.php.net/bug.php?id=44522 to allow uploading files above 2G.
* PHP-5.4:
Fix the spelling of the php_cli_server_http_response_status_code_pair typedef.
Change the search in get_status_string() to correctly handle unknown codes.
This previously used a buggy implementation of binary search that would loop
infinitely for unknown codes when searching in reason arrays of particular
sizes (such as the one we have at the moment). Since C provides bsearch(),
we'll just use that instead, since libc authors hopefully get this right.
There was also an additional bug that was masked by the first one: the design
was that an unknown code would result in get_status_string() returning NULL,
which would then result in a segfault in append_http_status_line(), since it
assumed that it would always receive a valid string pointer that could be
handed off to smart_str_appends_ex(). We'll now return a placeholder in that
case.
Fixes bug #65066 (Cli server not responsive when responding with 422 http
status code).
* PHP-5.4:
- fix x64 issues on windows with the various time types (overflow, signed and unsigned bits ops, etc.) causing crashes on start, error or log, must be done in win32/time.c for some of these functions too
