[pull] master from php:master#1099
Merged
Merged
Conversation
GH-17976 sanitized user_agent where the HTTP wrapper emits headers and left the SOAP client alone, so a value carrying CRLF still injects request headers through all three of its sources: the SoapClient user_agent option, the http.user_agent stream context option, and the ini setting. Resolve the three to one zend_string and emit it through the same truncate-and-warn check the HTTP wrapper applies. Closes GH-22771
escapeString() used sqlite3_mprintf("%q"), which stops at the first C NUL.
PHP strings are length-aware and may embed NULs, so values such as "a\0b"
were silently truncated to "a" when interpolated into SQL. Prepared binds
pass an explicit length and are unaffected.
ext/pdo_sqlite rejected the same inputs for PDO::quote in 0a10f6d
(GH-13952), on 8.5 and up. That check consults the connection's error mode;
escapeString() is static and has no connection, so it throws instead.
Closes GH-22774
odbc_sqlconnect() stripped a trailing semicolon by writing a NUL into the Z_PARAM_STRING buffer, which is a zend_string. Shared variables, interned literals, and const values used as the DSN were permanently altered (strlen unchanged, last byte became NUL). Compute the base length instead and pass it to spprintf with %.*s, matching the non-mutating approach used when assembling UID/PWD into the connect string. Closes GH-22776
* PHP-8.4: ext/odbc: do not mutate the caller's DSN string
* PHP-8.5: ext/odbc: do not mutate the caller's DSN string
This is a follow-up commit to 3882f55 where all malformed error message in the socket extension in 8.5 has been fixed. This fixed a specific one appears only in the master branch.
Assert and take advantage of that size is always 1. This is also documented in [the curl docs](https://curl.se/libcurl/c/CURLOPT_READFUNCTION.html). So there is no need to multiply with size, so this can be removed. I started this to see whether size * nmemb can overflow. This makes it clear that it cannot.
And instead let the normal docref error handling code handle arguments
As it now only has a single usage
…or() It's always NULL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )