Skip to content

[pull] master from php:master#1099

Merged
pull[bot] merged 10 commits into
turkdevops:masterfrom
php:master
Jul 17, 2026
Merged

[pull] master from php:master#1099
pull[bot] merged 10 commits into
turkdevops:masterfrom
php:master

Conversation

@pull

@pull pull Bot commented Jul 17, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

iliaal and others added 10 commits July 17, 2026 07:08
GH-17976 sanitized user_agent where the HTTP wrapper emits headers and left
the SOAP client alone, so a value carrying CRLF still injects request headers
through all three of its sources: the SoapClient user_agent option, the
http.user_agent stream context option, and the ini setting. Resolve the three
to one zend_string and emit it through the same truncate-and-warn check the
HTTP wrapper applies.

Closes GH-22771
escapeString() used sqlite3_mprintf("%q"), which stops at the first C NUL.
PHP strings are length-aware and may embed NULs, so values such as "a\0b"
were silently truncated to "a" when interpolated into SQL. Prepared binds
pass an explicit length and are unaffected.

ext/pdo_sqlite rejected the same inputs for PDO::quote in 0a10f6d
(GH-13952), on 8.5 and up. That check consults the connection's error mode;
escapeString() is static and has no connection, so it throws instead.

Closes GH-22774
odbc_sqlconnect() stripped a trailing semicolon by writing a NUL into
the Z_PARAM_STRING buffer, which is a zend_string. Shared variables,
interned literals, and const values used as the DSN were permanently
altered (strlen unchanged, last byte became NUL). Compute the base
length instead and pass it to spprintf with %.*s, matching the
non-mutating approach used when assembling UID/PWD into the connect
string.

Closes GH-22776
* PHP-8.4:
  ext/odbc: do not mutate the caller's DSN string
* PHP-8.5:
  ext/odbc: do not mutate the caller's DSN string
This is a follow-up commit to 3882f55 where all
malformed error message in the socket extension
in 8.5 has been fixed. This fixed a specific one appears
only in the master branch.
Assert and take advantage of that size is always 1. This is also documented in [the curl docs](https://curl.se/libcurl/c/CURLOPT_READFUNCTION.html). So there is no need to multiply with size, so this can be removed.

I started this to see whether size * nmemb can overflow. This makes it clear that it cannot.
And instead let the normal docref error handling code handle arguments
@pull pull Bot locked and limited conversation to collaborators Jul 17, 2026
@pull pull Bot added the ⤵️ pull label Jul 17, 2026
@pull
pull Bot merged commit dec19ed into turkdevops:master Jul 17, 2026
0 of 2 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants