[pull] master from php:master

ext/fileinfo/magicdata.patch

@@ -1,6 +1,73 @@
+diff -ur Magdir.orig/javascript Magdir/javascript
+--- Magdir.orig/javascript	2024-12-04 21:21:54.168928738 +0100
++++ Magdir/javascript	2024-12-04 21:21:56.652262003 +0100
+@@ -17,37 +17,38 @@
+ !:mime application/javascript
+
+ # JavaScript
+-# The strength is increased to beat the C++ & HTML rules
++# The strength is increased to beat the C++ but lose to HTML rules,
++# because javascript is embedded in hmtl files typically
+ 0	search	"use\x20strict"	JavaScript source
+-!:strength +30
++!:strength +20
+ !:mime	application/javascript
+ !:ext 	js
+ 0	search	'use\x20strict'	JavaScript source
+-!:strength +30
++!:strength +20
+ !:mime	application/javascript
+ !:ext 	js
+ 0	regex	module(\\.|\\[["'])exports.*=	JavaScript source
+-!:strength +30
++!:strength +20
+ !:mime	application/javascript
+ !:ext 	js
+ 0	regex	\^(const|var|let).*=.*require\\(	JavaScript source
+-!:strength +30
++!:strength +20
+ !:mime	application/javascript
+ !:ext 	js
+ 0	regex	\^export\x20(function|class|default|const|var|let|async)\x20	JavaScript source
+-!:strength +30
++!:strength +20
+ !:mime	application/javascript
+ !:ext 	js
+ 0	regex	\\((async\x20)?function[(\x20]	JavaScript source
+-!:strength +30
++!:strength +20
+ !:mime	application/javascript
+ !:ext 	js
+ 0	regex	\^(import|export).*\x20from\x20	JavaScript source
+-!:strength +30
++!:strength +20
+ !:mime	application/javascript
+ !:ext 	js
+ 0	regex	\^(import|export)\x20["']\\./	JavaScript source
+-!:strength +30
++!:strength +20
+ !:mime	application/javascript
+ !:ext 	js
+ 0	regex	\^require\\(["']	JavaScript source
+@@ -55,13 +56,13 @@
+ !:mime	application/javascript
+ !:ext 	js
+ 0	regex	typeof.*[!=]==	JavaScript source
+-!:strength +30
++!:strength +20
+ !:mime	application/javascript
+ !:ext 	js
+
+ # React Native minified JavaScript
+ 0	search/128	__BUNDLE_START_TIME__=	React Native minified JavaScript
+-!:strength +30
++!:strength +20
+ !:mime	application/javascript
+ !:ext	bundle/jsbundle
+
 diff -ur Magdir.orig/rpm Magdir/rpm
---- Magdir.orig/rpm	2021-02-23 01:49:24.000000000 +0100
-+++ Magdir/rpm	2021-04-05 19:40:55.080911893 +0200
+--- Magdir.orig/rpm	2024-12-04 21:21:54.175595405 +0100
++++ Magdir/rpm	2024-12-04 21:21:56.652262003 +0100
 @@ -29,6 +29,7 @@
  >>8	beshort		17		SuperH
  >>8	beshort		18		Xtensa
@@ -10,17 +77,17 @@ diff -ur Magdir.orig/rpm Magdir/rpm
  #delta RPM    Daniel Novotny ([email protected])
  0	string		drpm		Delta RPM
 diff -ur Magdir.orig/securitycerts Magdir/securitycerts
---- Magdir.orig/securitycerts	2021-02-23 01:49:24.000000000 +0100
-+++ Magdir/securitycerts	2021-04-05 19:40:55.080911893 +0200
+--- Magdir.orig/securitycerts	2024-12-04 21:21:54.175595405 +0100
++++ Magdir/securitycerts	2024-12-04 21:21:56.652262003 +0100
 @@ -4,3 +4,5 @@
  0	search/1		-----BEGIN\ CERTIFICATE------	RFC1421 Security Certificate text
  0	search/1		-----BEGIN\ NEW\ CERTIFICATE	RFC1421 Security Certificate Signing Request text
  0	belong	0xedfeedfe	Sun 'jks' Java Keystore File data
 +
 +0	string \0volume_key	volume_key escrow packet
-diff --git a/magic/Magdir/sgml b/magic/Magdir/sgml
---- Magdir.orig/sgml
-+++ Magdir/sgml
+diff -ur Magdir.orig/sgml Magdir/sgml
+--- Magdir.orig/sgml	2024-12-04 21:21:54.175595405 +0100
++++ Magdir/sgml	2024-12-04 21:21:56.652262003 +0100
 @@ -1,16 +1,17 @@
 
  #------------------------------------------------------------------------------
@@ -41,3 +108,106 @@ diff --git a/magic/Magdir/sgml b/magic/Magdir/sgml
 +0	string/bt	\<svg			SVG Scalable Vector Graphics image
  !:mime	image/svg+xml
  !:ext   svg
+
+@@ -53,11 +54,14 @@
+ # avoid misdetection as JavaScript
+ 0	string/cWt	\<!doctype\ html	HTML document text
+ !:mime	text/html
++!:strength + 30
+ 0	string/ct	\<html>	HTML document text
+ !:mime	text/html
++!:strength + 30
+ 0	string/ct	\<!--
+ >&0	search/4096/cWt	\<!doctype\ html	HTML document text
+ !:mime	text/html
++!:strength + 30
+ >&0	search/4096/ct	\<html>	HTML document text
+ !:mime	text/html
+
+@@ -65,69 +69,61 @@
+ # https://www.w3.org/TR/SVG/single-page.html
+ 0	search/4096/cWbt	\<!doctype\ svg	SVG XML document
+ !:mime  image/svg+xml
+-!:strength + 15
++!:strength + 30
+
+ 0	search/4096/cwt	\<head\>		HTML document text
+ !:mime	text/html
+-!:strength + 15
++!:strength + 30
+ 0	search/4096/cWt	\<head\ 		HTML document text
+ !:mime	text/html
+-!:strength + 15
++!:strength + 30
+ 0	search/4096/cwt	\<title\>		HTML document text
+ !:mime	text/html
+-!:strength + 15
++!:strength + 30
+ 0	search/4096/cWt	\<title\ 		HTML document text
+ !:mime	text/html
+-!:strength + 15
++!:strength + 30
+ 0	search/4096/cwt	\<html\>		HTML document text
+ !:mime	text/html
+-!:strength + 15
++!:strength + 30
+ 0	search/4096/cWt	\<html\ 		HTML document text
+ !:mime	text/html
+-!:strength + 15
++!:strength + 30
+ 0	search/4096/cwt	\<script\> 		HTML document text
+ !:mime	text/html
+-!:strength + 15
++!:strength + 30
+ 0	search/4096/cWt	\<script\ 		HTML document text
+ !:mime	text/html
+-!:strength + 15
++!:strength + 30
+ 0	search/4096/cwt	\<style\> 		HTML document text
+ !:mime	text/html
+-!:strength + 15
++!:strength + 30
+ 0	search/4096/cWt	\<style\  		HTML document text
+ !:mime	text/html
+-!:strength + 15
++!:strength + 30
+ 0	search/4096/cwt	\<table\>		HTML document text
+ !:mime	text/html
+-!:strength + 15
++!:strength + 30
+ 0	search/4096/cWt	\<table\ 		HTML document text
+ !:mime	text/html
+-!:strength + 15
++!:strength + 30
+
+ 0	search/4096/cwt	\<a\ href=		HTML document text
+ !:mime	text/html
+-!:strength + 15
++!:strength + 30
+
+ # Extensible markup language (XML), a subset of SGML
+ # from Marc Prud'hommeaux ([email protected])
+ 0	search/1/cwt	\<?xml			XML document text
+ !:mime	text/xml
+-!:strength + 15
+-0	string/t		\<?xml\ version\ "	XML
+-!:mime	text/xml
+-!:strength + 15
++!:strength + 30
+ 0	string/t		\<?xml\ version="	XML
+ !:mime	text/xml
+-!:strength + 15
+->15	string/t	>\0			%.3s document text
+->>23	search/1	\<xsl:stylesheet	(XSL stylesheet)
+->>24	search/1	\<xsl:stylesheet	(XSL stylesheet)
+-0	string/t	\<?xml\ version='	XML
+-!:mime	text/xml
+-!:strength + 15
++!:strength + 30
+ >15	string/t	>\0			%.3s document text
+ >>23	search/1	\<xsl:stylesheet	(XSL stylesheet)
+ >>24	search/1	\<xsl:stylesheet	(XSL stylesheet)
++
+ 0	search/1/wt	\<?XML			broken XML document text
+ !:mime	text/xml
+ !:strength - 10

ext/fileinfo/tests/gh17039.phpt

@@ -0,0 +1,20 @@
+--TEST--
+GH-17039 (PHP 8.4: Incorrect MIME content type)
+--EXTENSIONS--
+fileinfo
+--FILE--
+<?php
+
+class Foo
+{
+    public function bar()
+    {
+        $this->baz(function () {});
+    }
+}
+
+echo mime_content_type(__FILE__);
+
+?>
+--EXPECT--
+text/x-php

ext/standard/Makefile.frag.w32

@@ -7,3 +7,7 @@ ext\standard\url_scanner_ex.c: ext\standard\url_scanner_ex.re
 	$(RE2C) $(RE2C_FLAGS) -b -o ext/standard/url_scanner_ex.c ext/standard/url_scanner_ex.re
 
 $(BUILD_DIR)\ext\standard\basic_functions.obj: $(PHP_SRC_DIR)\Zend\zend_language_parser.h
+
+$(PHP_SRC_DIR)\ext\standard\tests\helpers\bad_cmd.exe: $(PHP_SRC_DIR)\ext\standard\tests\helpers\bad_cmd.c
+	cd $(PHP_SRC_DIR)\ext\standard\tests\helpers
+	$(PHP_CL) /nologo bad_cmd.c

ext/standard/http_fopen_wrapper.c

@@ -244,6 +244,18 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 
 	if (context && (tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "timeout")) != NULL) {
 		double d = zval_get_double(tmpzval);
+#ifndef PHP_WIN32
+		const double timeoutmax = (double) PHP_TIMEOUT_ULL_MAX / 1000000.0;
+#else
+		const double timeoutmax = (double) LONG_MAX / 1000000.0;
+#endif
+
+		if (d > timeoutmax) {
+			php_stream_wrapper_log_error(wrapper, options, "timeout must be lower than " ZEND_ULONG_FMT, (zend_ulong)timeoutmax);
+			zend_string_release(transport_string);
+			php_url_free(resource);
+			return NULL;
+		}
 #ifndef PHP_WIN32
 		timeout.tv_sec = (time_t) d;
 		timeout.tv_usec = (size_t) ((d - timeout.tv_sec) * 1000000);

ext/standard/proc_open.c

@@ -698,22 +698,77 @@ static void init_process_info(PROCESS_INFORMATION *pi)
 	memset(&pi, 0, sizeof(pi));
 }
 
+/* on success, returns length of *comspec, which then needs to be efree'd by caller */
+static size_t find_comspec_nt(wchar_t **comspec)
+{
+	zend_string *path = NULL;
+	wchar_t *pathw = NULL;
+	wchar_t *bufp = NULL;
+	DWORD buflen = MAX_PATH, len = 0;
+
+	path = php_getenv("PATH", 4);
+	if (path == NULL) {
+		goto out;
+	}
+	pathw = php_win32_cp_any_to_w(ZSTR_VAL(path));
+	if (pathw == NULL) {
+		goto out;
+	}
+	bufp = emalloc(buflen * sizeof(wchar_t));
+	do {
+		/* the first call to SearchPathW() fails if the buffer is too small,
+		 * what is unlikely but possible; to avoid an explicit second call to
+		 * SeachPathW() and the error handling, we're looping */
+		len = SearchPathW(pathw, L"cmd.exe", NULL, buflen, bufp, NULL);
+		if (len == 0) {
+			goto out;
+		}
+		if (len < buflen) {
+			break;
+		}
+		buflen = len;
+		bufp = erealloc(bufp, buflen * sizeof(wchar_t));
+	} while (1);
+	*comspec = bufp;
+
+out:
+	if (path != NULL) {
+		zend_string_release(path);
+	}
+	if (pathw != NULL) {
+		free(pathw);
+	}
+	if (bufp != NULL && bufp != *comspec) {
+		efree(bufp);
+	}
+	return len;
+}
+
 static zend_result convert_command_to_use_shell(wchar_t **cmdw, size_t cmdw_len)
 {
-	size_t len = sizeof(COMSPEC_NT) + sizeof(" /s /c ") + cmdw_len + 3;
+	wchar_t *comspec;
+	size_t len = find_comspec_nt(&comspec);
+	if (len == 0) {
+		php_error_docref(NULL, E_WARNING, "Command conversion failed");
+		return FAILURE;
+	}
+	len += sizeof(" /s /c ") + cmdw_len + 3;
 	wchar_t *cmdw_shell = (wchar_t *)malloc(len * sizeof(wchar_t));
 
 	if (cmdw_shell == NULL) {
+		efree(comspec);
 		php_error_docref(NULL, E_WARNING, "Command conversion failed");
 		return FAILURE;
 	}
 
-	if (_snwprintf(cmdw_shell, len, L"%hs /s /c \"%s\"", COMSPEC_NT, *cmdw) == -1) {
+	if (_snwprintf(cmdw_shell, len, L"%s /s /c \"%s\"", comspec, *cmdw) == -1) {
+		efree(comspec);
 		free(cmdw_shell);
 		php_error_docref(NULL, E_WARNING, "Command conversion failed");
 		return FAILURE;
 	}
 
+	efree(comspec);
 	free(*cmdw);
 	*cmdw = cmdw_shell;
 

ext/standard/tests/file/bug72035.phpt

@@ -21,7 +21,8 @@ $cmd = "$cgi -n -C $fl";
 
 /* Need to run CGI with the env reset. */
 $desc = array(0 => array("pipe", "r"));
-$proc = proc_open($cmd, $desc, $pipes, getcwd(), array());
+/* PATH is needed to find ASan DLLs (and maybe others) on Windows */
+$proc = proc_open($cmd, $desc, $pipes, getcwd(), array('PATH' => getenv('PATH')));
 if (is_resource($proc)) {
     echo stream_get_contents($pipes[0]);
 

ext/standard/tests/file/proc_open01.phpt

@@ -8,10 +8,11 @@ $php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 if ($php === false) {
     die("no php executable defined");
 }
+/* PATH is needed to find ASan DLLs (and maybe others) on Windows */
 $proc = proc_open(
     "$php -n",
     array(0 => array('pipe', 'r'), 1 => array('pipe', 'w')),
-    $pipes, getcwd(), array(), array()
+    $pipes, getcwd(), array('PATH' => getenv('PATH')), array()
 );
 if ($proc === false) {
     print "something went wrong.\n";

ext/standard/tests/general_functions/proc_open_array.phpt

@@ -44,7 +44,8 @@ fpassthru($pipes[1]);
 proc_close($proc);
 
 putenv('ENV_1=ENV_1');
-$env = ['ENV_2' => 'ENV_2'];
+/* PATH is needed to find ASan DLLs (and maybe others) on Windows */
+$env = ['ENV_2' => 'ENV_2', 'PATH' => getenv('PATH')];
 $cmd = [$php, '-n', '-r', 'var_dump(getenv("ENV_1"), getenv("ENV_2"));'];
 
 echo "\nEnvironment inheritance:\n";

ext/standard/tests/general_functions/proc_open_cmd.phpt

@@ -0,0 +1,28 @@
+--TEST--
+Harden against cmd.exe hijacking
+--SKIPIF--
+<?php
+if (PHP_OS_FAMILY !== "Windows") die("skip only for Windows");
+?>
+--FILE--
+<?php
+copy(__DIR__ . "/../helpers/bad_cmd.exe", "cmd.exe");
+$spec = [["pipe", "r"], ["pipe", "w"], ["pipe", "w"]];
+var_dump($proc = proc_open("@echo hello", $spec, $pipes, null));
+$read = [$pipes[1], $pipes[2]];
+$write = $except = null;
+if (($num = stream_select($read, $write, $except, 1000)) === false) {
+    echo "stream_select() failed\n";
+} elseif ($num > 0) {
+    foreach ($read as $stream) {
+        fpassthru($stream);
+    }
+}
+?>
+--EXPECTF--
+resource(%d) of type (process)
+hello
+--CLEAN--
+<?php
+@unlink("cmd.exe");
+?>