rpms/php
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c9s
php/php-cve-2026-7258.patch
Remi Collet e6ee411f95 Fix CVEs up to 8.2.31: 
- Fix XSS within status endpoint  CVE-2026-6735
- Fix Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()  CVE-2026-7259
- Fix Stale SOAP_GLOBAL(ref_map) pointer with Apache Map  CVE-2026-6722
- Fix Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION  CVE-2026-7261
- Fix Broken Apache map value NULL check  CVE-2026-7262
- Fix Signed integer overflow of char array offset  CVE-2026-7568
- Fix Consistently pass unsigned char to ctype.h functions  CVE-2026-7258

Resolves: RHEL-181025
2026-06-05 15:11:53 +02:00

1722 lines
62 KiB
Diff
Raw Permalink Blame History

From 30de2f8492a06ebcf1659307f1f049e2799c7f21 Mon Sep 17 00:00:00 2001
From: Ilija Tovilo <ilija.tovilo@me.com>
Date: Sun, 3 May 2026 20:03:18 +0200
Subject: [PATCH 09/10] GHSA-m8rr-4c36-8gq4: Consistently pass unsigned char to
ctype.h functions
Fixes GHSA-m8rr-4c36-8gq4
Fixes CVE-2026-7258
(cherry picked from commit a38418777f65780d9d622197677e90567690fc07)
(cherry picked from commit 07e5a9263314fd9a2a4479661353704e00dd8d0c)
---
Zend/zend_compile.c | 2 +-
Zend/zend_operators.c | 8 ++++----
Zend/zend_virtual_cwd.c | 10 +++++-----
Zend/zend_virtual_cwd.h | 2 +-
ext/com_dotnet/com_extension.c | 4 ++--
ext/date/lib/parse_date.c | 10 +++++-----
ext/date/lib/parse_date.re | 10 +++++-----
ext/date/lib/parse_iso_intervals.c | 4 ++--
ext/date/lib/parse_iso_intervals.re | 4 ++--
ext/date/lib/timelib.c | 2 +-
ext/filter/logical_filters.c | 10 +++++-----
ext/ftp/ftp.c | 10 +++++-----
ext/gd/libgd/gd_xbm.c | 2 +-
ext/imap/php_imap.c | 2 +-
ext/intl/locale/locale_methods.c | 2 +-
ext/mbstring/mbstring.c | 4 ++--
ext/mbstring/php_mbregex.c | 2 +-
ext/pcre/php_pcre.c | 4 ++--
ext/pdo/pdo.c | 2 +-
ext/pdo/pdo_sql_parser.re | 2 +-
ext/pdo/pdo_stmt.c | 2 +-
ext/standard/dl.c | 2 +-
ext/standard/exec.c | 2 +-
ext/standard/file.c | 2 +-
ext/standard/filters.c | 2 +-
ext/standard/formatted_print.c | 8 ++++----
ext/standard/ftp_fopen_wrapper.c | 12 ++++++------
ext/standard/html.c | 4 ++--
ext/standard/math.c | 6 +++---
ext/standard/metaphone.c | 18 ++++++++---------
ext/standard/quot_print.c | 8 ++++----
ext/standard/scanf.c | 10 +++++-----
ext/standard/soundex.c | 2 +-
ext/standard/string.c | 14 +++++++-------
ext/standard/strnatcmp.c | 30 ++++++++++++++---------------
ext/standard/type.c | 2 +-
ext/standard/url.c | 20 +++++++++----------
ext/standard/url_scanner_ex.re | 6 +++---
ext/standard/versioning.c | 16 +++++++--------
main/SAPI.c | 6 +++---
main/fopen_wrappers.c | 6 +++---
main/php_ini.c | 2 +-
main/php_variables.c | 4 ++--
main/rfc1867.c | 12 ++++++------
main/snprintf.c | 14 +++++++-------
main/spprintf.c | 14 +++++++-------
main/streams/streams.c | 4 ++--
main/streams/transports.c | 2 +-
sapi/cli/php_cli_server.c | 2 +-
sapi/fpm/fpm/fpm_conf.c | 4 ++--
sapi/litespeed/lsapi_main.c | 4 ++--
sapi/litespeed/lsapilib.c | 6 +++---
sapi/phpdbg/phpdbg_cmd.c | 4 ++--
sapi/phpdbg/phpdbg_prompt.c | 2 +-
sapi/phpdbg/phpdbg_utils.c | 10 +++++-----
win32/sendmail.c | 6 +++---
56 files changed, 182 insertions(+), 182 deletions(-)
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index 2a04c49b55..c82fb2f9c8 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -1942,7 +1942,7 @@ ZEND_API size_t zend_dirname(char *path, size_t len)
/* Note that on Win32 CWD is per drive (heritage from CP/M).
* This means dirname("c:foo") maps to "c:." or "c:" - which means CWD on C: drive.
*/
- if ((2 <= len) && isalpha((int)((unsigned char *)path)[0]) && (':' == path[1])) {
+ if ((2 <= len) && isalpha((unsigned char)path[0]) && (':' == path[1])) {
/* Skip over the drive spec (if any) so as not to change */
path += 2;
len_adjust += 2;
diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c
index 272d5ede97..b89de168fe 100644
--- a/Zend/zend_operators.c
+++ b/Zend/zend_operators.c
@@ -2774,8 +2774,8 @@ ZEND_API int ZEND_FASTCALL zend_binary_strcasecmp_l(const char *s1, size_t len1,
len = MIN(len1, len2);
while (len--) {
- c1 = zend_tolower((int)*(unsigned char *)s1++);
- c2 = zend_tolower((int)*(unsigned char *)s2++);
+ c1 = zend_tolower((unsigned char)*(s1++));
+ c2 = zend_tolower((unsigned char)*(s2++));
if (c1 != c2) {
return c1 - c2;
}
@@ -2795,8 +2795,8 @@ ZEND_API int ZEND_FASTCALL zend_binary_strncasecmp_l(const char *s1, size_t len1
}
len = MIN(length, MIN(len1, len2));
while (len--) {
- c1 = zend_tolower((int)*(unsigned char *)s1++);
- c2 = zend_tolower((int)*(unsigned char *)s2++);
+ c1 = zend_tolower((unsigned char)*(s1++));
+ c2 = zend_tolower((unsigned char)*(s2++));
if (c1 != c2) {
return c1 - c2;
}
diff --git a/Zend/zend_virtual_cwd.c b/Zend/zend_virtual_cwd.c
index 6503a81a14..7c77be0d23 100644
--- a/Zend/zend_virtual_cwd.c
+++ b/Zend/zend_virtual_cwd.c
@@ -195,7 +195,7 @@ void virtual_cwd_main_cwd_init(uint8_t reinit) /* {{{ */
main_cwd_state.cwd_length = strlen(cwd);
#ifdef ZEND_WIN32
if (main_cwd_state.cwd_length >= 2 && cwd[1] == ':') {
- cwd[0] = toupper(cwd[0]);
+ cwd[0] = toupper((unsigned char)cwd[0]);
}
#endif
main_cwd_state.cwd = strdup(cwd);
@@ -273,7 +273,7 @@ CWD_API char *virtual_getcwd_ex(size_t *length) /* {{{ */
*length = state->cwd_length+1;
retval = (char *) emalloc(*length+1);
memcpy(retval, state->cwd, *length);
- retval[0] = toupper(retval[0]);
+ retval[0] = toupper((unsigned char)retval[0]);
retval[*length-1] = DEFAULT_SLASH;
retval[*length] = '\0';
return retval;
@@ -1114,7 +1114,7 @@ CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func
if (resolved_path[start] == 0) {
goto verify;
}
- resolved_path[start] = toupper(resolved_path[start]);
+ resolved_path[start] = toupper((unsigned char)resolved_path[start]);
start++;
}
resolved_path[start++] = DEFAULT_SLASH;
@@ -1122,13 +1122,13 @@ CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func
if (resolved_path[start] == 0) {
goto verify;
}
- resolved_path[start] = toupper(resolved_path[start]);
+ resolved_path[start] = toupper((unsigned char)resolved_path[start]);
start++;
}
resolved_path[start++] = DEFAULT_SLASH;
} else if (IS_ABSOLUTE_PATH(resolved_path, path_length)) {
/* skip DRIVE name */
- resolved_path[0] = toupper(resolved_path[0]);
+ resolved_path[0] = toupper((unsigned char)resolved_path[0]);
resolved_path[2] = DEFAULT_SLASH;
start = 3;
}
diff --git a/Zend/zend_virtual_cwd.h b/Zend/zend_virtual_cwd.h
index dfaa95932c..d5a16bd9dc 100644
--- a/Zend/zend_virtual_cwd.h
+++ b/Zend/zend_virtual_cwd.h
@@ -82,7 +82,7 @@ typedef unsigned short mode_t;
#define IS_UNC_PATH(path, len) \
(len >= 2 && IS_SLASH(path[0]) && IS_SLASH(path[1]))
#define IS_ABSOLUTE_PATH(path, len) \
- (len >= 2 && (/* is local */isalpha(path[0]) && path[1] == ':' || /* is UNC */IS_SLASH(path[0]) && IS_SLASH(path[1])))
+ (len >= 2 && (/* is local */isalpha((unsigned char)(path)[0]) && path[1] == ':' || /* is UNC */IS_SLASH(path[0]) && IS_SLASH(path[1])))
#else
#ifdef HAVE_DIRENT_H
diff --git a/ext/com_dotnet/com_extension.c b/ext/com_dotnet/com_extension.c
index 5e2c1f69de..eb37768d65 100644
--- a/ext/com_dotnet/com_extension.c
+++ b/ext/com_dotnet/com_extension.c
@@ -104,11 +104,11 @@ static PHP_INI_MH(OnTypeLibFileUpdate)
}
/* Remove leading/training white spaces on search_string */
- while (isspace(*typelib_name)) {/* Ends on '\0' in worst case */
+ while (isspace((unsigned char)*typelib_name)) {/* Ends on '\0' in worst case */
typelib_name ++;
}
ptr = typelib_name + strlen(typelib_name) - 1;
- while ((ptr != typelib_name) && isspace(*ptr)) {
+ while ((ptr != typelib_name) && isspace((unsigned char)*ptr)) {
*ptr = '\0';
ptr--;
}
diff --git a/ext/date/lib/parse_date.c b/ext/date/lib/parse_date.c
index 73017de95f..3e7eeed190 100644
--- a/ext/date/lib/parse_date.c
+++ b/ext/date/lib/parse_date.c
@@ -480,7 +480,7 @@ static timelib_sll timelib_get_nr(const char **ptr, int max_length)
static void timelib_skip_day_suffix(const char **ptr)
{
- if (isspace(**ptr)) {
+ if (isspace((unsigned char)**ptr)) {
return;
}
if (!timelib_strncasecmp(*ptr, "nd", 2) || !timelib_strncasecmp(*ptr, "rd", 2) ||!timelib_strncasecmp(*ptr, "st", 2) || !timelib_strncasecmp(*ptr, "th", 2)) {
@@ -759,7 +759,7 @@ static timelib_long timelib_parse_tz_cor(const char **ptr, int *tz_not_found)
*tz_not_found = 1;
- while (isdigit(**ptr) || **ptr == ':') {
+ while (isdigit((unsigned char)**ptr) || **ptr == ':') {
++*ptr;
}
end = *ptr;
@@ -808,7 +808,7 @@ static timelib_long timelib_parse_tz_minutes(const char **ptr, timelib_time *t)
}
++*ptr;
- while (isdigit(**ptr)) {
+ while (isdigit((unsigned char)**ptr)) {
++*ptr;
}
@@ -25107,10 +25107,10 @@ timelib_time *timelib_strtotime(const char *s, size_t len, timelib_error_contain
in.errors->error_messages = NULL;
if (len > 0) {
- while (isspace(*s) && s < e) {
+ while (isspace((unsigned char)*s) && s < e) {
s++;
}
- while (isspace(*e) && e > s) {
+ while (isspace((unsigned char)*e) && e > s) {
e--;
}
}
diff --git a/ext/date/lib/parse_date.re b/ext/date/lib/parse_date.re
index 7987928ea6..98e5115a13 100644
--- a/ext/date/lib/parse_date.re
+++ b/ext/date/lib/parse_date.re
@@ -478,7 +478,7 @@ static timelib_sll timelib_get_nr(const char **ptr, int max_length)
static void timelib_skip_day_suffix(const char **ptr)
{
- if (isspace(**ptr)) {
+ if (isspace((unsigned char)**ptr)) {
return;
}
if (!timelib_strncasecmp(*ptr, "nd", 2) || !timelib_strncasecmp(*ptr, "rd", 2) ||!timelib_strncasecmp(*ptr, "st", 2) || !timelib_strncasecmp(*ptr, "th", 2)) {
@@ -757,7 +757,7 @@ static timelib_long timelib_parse_tz_cor(const char **ptr, int *tz_not_found)
*tz_not_found = 1;
- while (isdigit(**ptr) || **ptr == ':') {
+ while (isdigit((unsigned char)**ptr) || **ptr == ':') {
++*ptr;
}
end = *ptr;
@@ -806,7 +806,7 @@ static timelib_long timelib_parse_tz_minutes(const char **ptr, timelib_time *t)
}
++*ptr;
- while (isdigit(**ptr)) {
+ while (isdigit((unsigned char)**ptr)) {
++*ptr;
}
@@ -1877,10 +1877,10 @@ timelib_time *timelib_strtotime(const char *s, size_t len, timelib_error_contain
in.errors->error_messages = NULL;
if (len > 0) {
- while (isspace(*s) && s < e) {
+ while (isspace((unsigned char)*s) && s < e) {
s++;
}
- while (isspace(*e) && e > s) {
+ while (isspace((unsigned char)*e) && e > s) {
e--;
}
}
diff --git a/ext/date/lib/parse_iso_intervals.c b/ext/date/lib/parse_iso_intervals.c
index e95eda22e8..1aee989a2c 100644
--- a/ext/date/lib/parse_iso_intervals.c
+++ b/ext/date/lib/parse_iso_intervals.c
@@ -948,10 +948,10 @@ void timelib_strtointerval(const char *s, size_t len,
in.errors->error_messages = NULL;
if (len > 0) {
- while (isspace(*s) && s < e) {
+ while (isspace((unsigned char)*s) && s < e) {
s++;
}
- while (isspace(*e) && e > s) {
+ while (isspace((unsigned char)*e) && e > s) {
e--;
}
}
diff --git a/ext/date/lib/parse_iso_intervals.re b/ext/date/lib/parse_iso_intervals.re
index bd4015a323..c1fba7c132 100644
--- a/ext/date/lib/parse_iso_intervals.re
+++ b/ext/date/lib/parse_iso_intervals.re
@@ -343,10 +343,10 @@ void timelib_strtointerval(const char *s, size_t len,
in.errors->error_messages = NULL;
if (len > 0) {
- while (isspace(*s) && s < e) {
+ while (isspace((unsigned char)*s) && s < e) {
s++;
}
- while (isspace(*e) && e > s) {
+ while (isspace((unsigned char)*e) && e > s) {
e--;
}
}
diff --git a/ext/date/lib/timelib.c b/ext/date/lib/timelib.c
index 38f9f8b0f3..dbcaedfb82 100644
--- a/ext/date/lib/timelib.c
+++ b/ext/date/lib/timelib.c
@@ -124,7 +124,7 @@ void timelib_time_tz_abbr_update(timelib_time* tm, const char* tz_abbr)
TIMELIB_TIME_FREE(tm->tz_abbr);
tm->tz_abbr = timelib_strdup(tz_abbr);
for (i = 0; i < tz_abbr_len; i++) {
- tm->tz_abbr[i] = toupper(tz_abbr[i]);
+ tm->tz_abbr[i] = toupper((unsigned char)tz_abbr[i]);
}
}
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
index 300c6e2809..d3341f34db 100644
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -520,21 +520,21 @@ static int _php_filter_validate_domain(char * domain, size_t len, zend_long flag
}
/* First char must be alphanumeric */
- if(*s == '.' || (hostname && !isalnum((int)*(unsigned char *)s))) {
+ if(*s == '.' || (hostname && !isalnum((unsigned char)*s))) {
return 0;
}
while (s < e) {
if (*s == '.') {
/* The first and the last character of a label must be alphanumeric */
- if (*(s + 1) == '.' || (hostname && (!isalnum((int)*(unsigned char *)(s - 1)) || !isalnum((int)*(unsigned char *)(s + 1))))) {
+ if (*(s + 1) == '.' || (hostname && (!isalnum((unsigned char)s[-1]) || !isalnum((unsigned char)s[1])))) {
return 0;
}
/* Reset label length counter */
i = 1;
} else {
- if (i > 63 || (hostname && *s != '-' && !isalnum((int)*(unsigned char *)s))) {
+ if (i > 63 || (hostname && *s != '-' && !isalnum((unsigned char)*s))) {
return 0;
}
@@ -561,9 +561,9 @@ static int is_userinfo_valid(zend_string *str)
const char *valid = "-._~!$&'()*+,;=:";
const char *p = ZSTR_VAL(str);
while (p - ZSTR_VAL(str) < ZSTR_LEN(str)) {
- if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) {
+ if (isalpha((unsigned char)*p) || isdigit((unsigned char)*p) || strchr(valid, *p)) {
p++;
- } else if (*p == '%' && p - ZSTR_VAL(str) <= ZSTR_LEN(str) - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) {
+ } else if (*p == '%' && p - ZSTR_VAL(str) <= ZSTR_LEN(str) - 3 && isdigit((unsigned char)p[1]) && isxdigit((unsigned char)p[2])) {
p += 3;
} else {
return 0;
diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c
index 9f82ebcf95..6c1bbf0c1c 100644
--- a/ext/ftp/ftp.c
+++ b/ext/ftp/ftp.c
@@ -499,7 +499,7 @@ ftp_raw(ftpbuf_t *ftp, const char *cmd, const size_t cmd_len, zval *return_value
array_init(return_value);
while (ftp_readline(ftp)) {
add_next_index_string(return_value, ftp->inbuf);
- if (isdigit(ftp->inbuf[0]) && isdigit(ftp->inbuf[1]) && isdigit(ftp->inbuf[2]) && ftp->inbuf[3] == ' ') {
+ if (isdigit((unsigned char)ftp->inbuf[0]) && isdigit((unsigned char)ftp->inbuf[1]) && isdigit((unsigned char)ftp->inbuf[2]) && ftp->inbuf[3] == ' ') {
return;
}
}
@@ -841,7 +841,7 @@ ftp_pasv(ftpbuf_t *ftp, int pasv)
return 0;
}
/* parse out the IP and port */
- for (ptr = ftp->inbuf; *ptr && !isdigit(*ptr); ptr++);
+ for (ptr = ftp->inbuf; *ptr && !isdigit((unsigned char)*ptr); ptr++);
n = sscanf(ptr, "%lu,%lu,%lu,%lu,%lu,%lu", &b[0], &b[1], &b[2], &b[3], &b[4], &b[5]);
if (n != 6) {
return 0;
@@ -1147,7 +1147,7 @@ ftp_mdtm(ftpbuf_t *ftp, const char *path, const size_t path_len)
return -1;
}
/* parse out the timestamp */
- for (ptr = ftp->inbuf; *ptr && !isdigit(*ptr); ptr++);
+ for (ptr = ftp->inbuf; *ptr && !isdigit((unsigned char)*ptr); ptr++);
n = sscanf(ptr, "%4u%2u%2u%2u%2u%2u", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec);
if (n != 6) {
return -1;
@@ -1345,13 +1345,13 @@ ftp_getresp(ftpbuf_t *ftp)
}
/* Break out when the end-tag is found */
- if (isdigit(ftp->inbuf[0]) && isdigit(ftp->inbuf[1]) && isdigit(ftp->inbuf[2]) && ftp->inbuf[3] == ' ') {
+ if (isdigit((unsigned char)ftp->inbuf[0]) && isdigit((unsigned char)ftp->inbuf[1]) && isdigit((unsigned char)ftp->inbuf[2]) && ftp->inbuf[3] == ' ') {
break;
}
}
/* translate the tag */
- if (!isdigit(ftp->inbuf[0]) || !isdigit(ftp->inbuf[1]) || !isdigit(ftp->inbuf[2])) {
+ if (!isdigit((unsigned char)ftp->inbuf[0]) || !isdigit((unsigned char)ftp->inbuf[1]) || !isdigit((unsigned char)ftp->inbuf[2])) {
return 0;
}
diff --git a/ext/gd/libgd/gd_xbm.c b/ext/gd/libgd/gd_xbm.c
index 0be7c2352b..cf67437292 100644
--- a/ext/gd/libgd/gd_xbm.c
+++ b/ext/gd/libgd/gd_xbm.c
@@ -191,7 +191,7 @@ void gdImageXbmCtx(gdImagePtr image, char* file_name, int fg, gdIOCtx * out)
} else {
for (i=0; i<l; i++) {
/* only in C-locale isalnum() would work */
- if (!isupper(name[i]) && !islower(name[i]) && !isdigit(name[i])) {
+ if (!isupper((unsigned char)name[i]) && !islower((unsigned char)name[i]) && !isdigit((unsigned char)name[i])) {
name[i] = '_';
}
}
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 3d2330a090..c206dc040c 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -2330,7 +2330,7 @@ PHP_FUNCTION(imap_utf8)
#define SPECIAL(c) ((c) <= 0x1f || (c) >= 0x7f)
/* validate a modified-base64 character */
-#define B64CHAR(c) (isalnum(c) || (c) == '+' || (c) == ',')
+#define B64CHAR(c) (isalnum((unsigned char)(c)) || (c) == '+' || (c) == ',')
/* map the low 64 bits of `n' to the modified-base64 characters */
#define B64(n) ("ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
diff --git a/ext/intl/locale/locale_methods.c b/ext/intl/locale/locale_methods.c
index e064c20fe0..c5fe1baa05 100644
--- a/ext/intl/locale/locale_methods.c
+++ b/ext/intl/locale/locale_methods.c
@@ -1136,7 +1136,7 @@ static int strToMatch(const char* str ,char *retstr)
if( *str == '-' ){
*retstr = '_';
} else {
- *retstr = tolower(*str);
+ *retstr = tolower((unsigned char)*str);
}
str++;
retstr++;
diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
index 4a4088aed3..2a3610459b 100644
--- a/ext/mbstring/mbstring.c
+++ b/ext/mbstring/mbstring.c
@@ -632,7 +632,7 @@ static char *php_mb_rfc1867_getword(const zend_encoding *encoding, char **line,
static char *php_mb_rfc1867_getword_conf(const zend_encoding *encoding, char *str) /* {{{ */
{
- while (*str && isspace(*(unsigned char *)str)) {
+ while (*str && isspace((unsigned char)*str)) {
++str;
}
@@ -648,7 +648,7 @@ static char *php_mb_rfc1867_getword_conf(const zend_encoding *encoding, char *st
} else {
char *strend = str;
- while (*strend && !isspace(*(unsigned char *)strend)) {
+ while (*strend && !isspace((unsigned char)*strend)) {
++strend;
}
return php_mb_rfc1867_substring_conf(encoding, str, strend - str, 0);
diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c
index f0216b2a2d..a5d5fe796d 100644
--- a/ext/mbstring/php_mbregex.c
+++ b/ext/mbstring/php_mbregex.c
@@ -784,7 +784,7 @@ static inline void mb_regex_substitute(
continue;
}
if (name_end[0] == delim) break;
- if (maybe_num && !isdigit(name_end[0])) maybe_num = 0;
+ if (maybe_num && !isdigit((unsigned char)name_end[0])) maybe_num = 0;
name_end++;
}
p = name_end + 1;
diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c
index d9b9d94c6f..ef64a87a33 100644
--- a/ext/pcre/php_pcre.c
+++ b/ext/pcre/php_pcre.c
@@ -648,7 +648,7 @@ PHPAPI pcre_cache_entry* pcre_get_compiled_regex_cache_ex(zend_string *regex, in
/* Parse through the leading whitespace, and display a warning if we
get to the end without encountering a delimiter. */
- while (isspace((int)*(unsigned char *)p)) p++;
+ while (isspace((unsigned char)*p)) p++;
if (*p == 0) {
if (key != regex) {
zend_string_release_ex(key, 0);
@@ -662,7 +662,7 @@ PHPAPI pcre_cache_entry* pcre_get_compiled_regex_cache_ex(zend_string *regex, in
/* Get the delimiter and display a warning if it is alphanumeric
or a backslash. */
delimiter = *p++;
- if (isalnum((int)*(unsigned char *)&delimiter) || delimiter == '\\') {
+ if (isalnum((unsigned char)delimiter) || delimiter == '\\') {
if (key != regex) {
zend_string_release_ex(key, 0);
}
diff --git a/ext/pdo/pdo.c b/ext/pdo/pdo.c
index a66596ee54..e84ea7a6ff 100644
--- a/ext/pdo/pdo.c
+++ b/ext/pdo/pdo.c
@@ -237,7 +237,7 @@ PDO_API int php_pdo_parse_data_source(const char *data_source, zend_ulong data_s
}
}
- while (i < data_source_len && isspace(data_source[i])) {
+ while (i < data_source_len && isspace((unsigned char)data_source[i])) {
i++;
}
diff --git a/ext/pdo/pdo_sql_parser.re b/ext/pdo/pdo_sql_parser.re
index 04a4118fc4..35dce4e121 100644
--- a/ext/pdo/pdo_sql_parser.re
+++ b/ext/pdo/pdo_sql_parser.re
@@ -110,7 +110,7 @@ PDO_API int pdo_parse_params(pdo_stmt_t *stmt, const char *inquery, size_t inque
if (t == PDO_PARSER_BIND) {
ptrdiff_t len = s.cur - s.tok;
- if ((inquery < (s.cur - len)) && isalnum(*(s.cur - len - 1))) {
+ if ((inquery < (s.cur - len)) && isalnum((unsigned char)s.cur[-len - 1])) {
continue;
}
query_type |= PDO_PLACEHOLDER_NAMED;
diff --git a/ext/pdo/pdo_stmt.c b/ext/pdo/pdo_stmt.c
index e88a374656..2466f4436f 100644
--- a/ext/pdo/pdo_stmt.c
+++ b/ext/pdo/pdo_stmt.c
@@ -148,7 +148,7 @@ int pdo_stmt_describe_columns(pdo_stmt_t *stmt) /* {{{ */
stmt->columns[col].name = zend_string_separate(orig_name, 0);
char *s = ZSTR_VAL(stmt->columns[col].name);
while (*s != '\0') {
- *s = toupper(*s);
+ *s = toupper((unsigned char)*s);
s++;
}
break;
diff --git a/ext/standard/dl.c b/ext/standard/dl.c
index 82784f04be..4200c15120 100644
--- a/ext/standard/dl.c
+++ b/ext/standard/dl.c
@@ -81,7 +81,7 @@ PHPAPI void *php_load_shlib(const char *path, char **errp)
size_t i = strlen(err);
(*errp)=estrdup(err);
php_win32_error_msg_free(err);
- while (i > 0 && isspace((*errp)[i-1])) { (*errp)[i-1] = '\0'; i--; }
+ while (i > 0 && isspace((unsigned char)(*errp)[i-1])) { (*errp)[i-1] = '\0'; i--; }
} else {
(*errp) = estrdup("<No message>");
}
diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 00f5d5f9ff..6ddc5ce3cb 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -83,7 +83,7 @@ PHP_MINIT_FUNCTION(exec)
static size_t strip_trailing_whitespace(char *buf, size_t bufl) {
size_t l = bufl;
- while (l-- > 0 && isspace(((unsigned char *)buf)[l]));
+ while (l-- > 0 && isspace((unsigned char)buf[l]));
if (l != (bufl - 1)) {
bufl = l + 1;
buf[bufl] = '\0';
diff --git a/ext/standard/file.c b/ext/standard/file.c
index adca64eecb..6f052974f2 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -2039,7 +2039,7 @@ PHPAPI void php_fgetcsv(php_stream *stream, char delimiter, char enclosure, int
inc_len = (bptr < limit ? (*bptr == '\0' ? 1 : php_mblen(bptr, limit - bptr)): 0);
if (inc_len == 1) {
char *tmp = bptr;
- while ((*tmp != delimiter) && isspace((int)*(unsigned char *)tmp)) {
+ while ((*tmp != delimiter) && isspace((unsigned char)*tmp)) {
tmp++;
}
if (*tmp == enclosure) {
diff --git a/ext/standard/filters.c b/ext/standard/filters.c
index ff0bda0cbc..62092bc40c 100644
--- a/ext/standard/filters.c
+++ b/ext/standard/filters.c
@@ -958,7 +958,7 @@ static php_conv_err_t php_conv_qprint_decode_convert(php_conv_qprint_decode *ins
goto out;
}
- if (!isxdigit((int) *ps)) {
+ if (!isxdigit(*ps)) {
err = PHP_CONV_ERR_INVALID_SEQ;
goto out;
}
diff --git a/ext/standard/formatted_print.c b/ext/standard/formatted_print.c
index 8ed60c0055..8f866e774d 100644
--- a/ext/standard/formatted_print.c
+++ b/ext/standard/formatted_print.c
@@ -378,7 +378,7 @@ php_sprintf_getnumber(char **buffer, size_t *len)
int php_sprintf_get_argnum(char **format, size_t *format_len) {
char *temppos = *format;
- while (isdigit((int) *temppos)) temppos++;
+ while (isdigit((unsigned char)*temppos)) temppos++;
if (*temppos != '$') {
return ARG_NUM_NEXT;
}
@@ -466,7 +466,7 @@ php_formatted_print(char *format, size_t format_len, zval *args, int argc, int n
PRINTF_DEBUG(("sprintf: first looking at '%c', inpos=%d\n",
*format, format - Z_STRVAL_P(z_format)));
- if (isalpha((int)*format)) {
+ if (isalpha((unsigned char)*format)) {
width = precision = 0;
argnum = ARG_NUM_NEXT;
} else {
@@ -535,7 +535,7 @@ php_formatted_print(char *format, size_t format_len, zval *args, int argc, int n
}
width = Z_LVAL_P(tmp);
adjusting |= ADJ_WIDTH;
- } else if (isdigit((int)*format)) {
+ } else if (isdigit((unsigned char)*format)) {
PRINTF_DEBUG(("sprintf: getting width\n"));
if ((width = php_sprintf_getnumber(&format, &format_len)) < 0) {
zend_value_error("Width must be greater than zero and less than %d", INT_MAX);
@@ -580,7 +580,7 @@ php_formatted_print(char *format, size_t format_len, zval *args, int argc, int n
precision = Z_LVAL_P(tmp);
adjusting |= ADJ_PRECISION;
expprec = 1;
- } else if (isdigit((int)*format)) {
+ } else if (isdigit((unsigned char)*format)) {
if ((precision = php_sprintf_getnumber(&format, &format_len)) < 0) {
zend_value_error("Precision must be greater than zero and less than %d", INT_MAX);
goto fail;
diff --git a/ext/standard/ftp_fopen_wrapper.c b/ext/standard/ftp_fopen_wrapper.c
index 4dd38c4cba..fbd631762d 100644
--- a/ext/standard/ftp_fopen_wrapper.c
+++ b/ext/standard/ftp_fopen_wrapper.c
@@ -78,8 +78,8 @@ static inline int get_ftp_result(php_stream *stream, char *buffer, size_t buffer
{
buffer[0] = '\0'; /* in case read fails to read anything */
while (php_stream_gets(stream, buffer, buffer_size-1) &&
- !(isdigit((int) buffer[0]) && isdigit((int) buffer[1]) &&
- isdigit((int) buffer[2]) && buffer[3] == ' '));
+ !(isdigit((unsigned char)buffer[0]) && isdigit((unsigned char)buffer[1]) &&
+ isdigit((unsigned char)buffer[2]) && buffer[3] == ' '));
return strtol(buffer, NULL, 10);
}
/* }}} */
@@ -228,7 +228,7 @@ static php_stream *php_ftp_fopen_connect(php_stream_wrapper *wrapper, const char
#define PHP_FTP_CNTRL_CHK(val, val_len, err_msg) { \
unsigned char *s = (unsigned char *) val, *e = (unsigned char *) s + val_len; \
while (s < e) { \
- if (iscntrl(*s)) { \
+ if (iscntrl((unsigned char)*s)) { \
php_stream_wrapper_log_error(wrapper, options, err_msg, val); \
goto connect_errexit; \
} \
@@ -339,14 +339,14 @@ static unsigned short php_fopen_do_pasv(php_stream *stream, char *ip, size_t ip_
/* parse pasv command (129, 80, 95, 25, 13, 221) */
tpath = tmp_line;
/* skip over the "227 Some message " part */
- for (tpath += 4; *tpath && !isdigit((int) *tpath); tpath++);
+ for (tpath += 4; *tpath && !isdigit((unsigned char)*tpath); tpath++);
if (!*tpath) {
return 0;
}
/* skip over the host ip, to get the port */
hoststart = tpath;
for (i = 0; i < 4; i++) {
- for (; isdigit((int) *tpath); tpath++);
+ for (; isdigit((unsigned char)*tpath); tpath++);
if (*tpath != ',') {
return 0;
}
@@ -826,7 +826,7 @@ static int php_stream_ftp_url_stat(php_stream_wrapper *wrapper, const char *url,
struct tm tm, tmbuf, *gmt;
time_t stamp;
- while ((size_t)(p - tmp_line) < sizeof(tmp_line) && !isdigit(*p)) {
+ while ((size_t)(p - tmp_line) < sizeof(tmp_line) && !isdigit((unsigned char)*p)) {
p++;
}
diff --git a/ext/standard/html.c b/ext/standard/html.c
index c949e058c1..8eaf6165ad 100644
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -682,8 +682,8 @@ static inline int process_numeric_entity(const char **buf, unsigned *code_point)
/* strtol allows whitespace and other stuff in the beginning
* we're not interested */
- if ((hexadecimal && !isxdigit(**buf)) ||
- (!hexadecimal && !isdigit(**buf))) {
+ if ((hexadecimal && !isxdigit((unsigned char)**buf)) ||
+ (!hexadecimal && !isdigit((unsigned char)**buf))) {
return FAILURE;
}
diff --git a/ext/standard/math.c b/ext/standard/math.c
index c10dea9a38..fefe9237e0 100644
--- a/ext/standard/math.c
+++ b/ext/standard/math.c
@@ -731,9 +731,9 @@ PHPAPI void _php_math_basetozval(zend_string *str, int base, zval *ret)
e = s + ZSTR_LEN(str);
/* Skip leading whitespace */
- while (s < e && isspace(*s)) s++;
+ while (s < e && isspace((unsigned char)*s)) s++;
/* Skip trailing whitespace */
- while (s < e && isspace(*(e-1))) e--;
+ while (s < e && isspace((unsigned char)e[-1])) e--;
if (e - s >= 2) {
if (base == 16 && s[0] == '0' && (s[1] == 'x' || s[1] == 'X')) s += 2;
@@ -1035,7 +1035,7 @@ PHPAPI zend_string *_php_math_number_format_ex(double d, int dec, const char *de
tmpbuf = strpprintf(0, "%.*F", dec, d);
if (tmpbuf == NULL) {
return NULL;
- } else if (!isdigit((int)ZSTR_VAL(tmpbuf)[0])) {
+ } else if (!isdigit((unsigned char)ZSTR_VAL(tmpbuf)[0])) {
return tmpbuf;
}
diff --git a/ext/standard/metaphone.c b/ext/standard/metaphone.c
index 5b76fac52e..7112173b82 100644
--- a/ext/standard/metaphone.c
+++ b/ext/standard/metaphone.c
@@ -78,7 +78,7 @@ static const char _codes[26] =
};
-#define ENCODE(c) (isalpha(c) ? _codes[((toupper(c)) - 'A')] : 0)
+#define ENCODE(c) (isalpha((unsigned char)(c)) ? _codes[((toupper((unsigned char)(c))) - 'A')] : 0)
#define isvowel(c) (ENCODE(c) & 1) /* AEIOU */
@@ -102,17 +102,17 @@ static const char _codes[26] =
* accesssing the array directly... */
/* Look at the next letter in the word */
-#define Next_Letter (toupper(word[w_idx+1]))
+#define Next_Letter (toupper((unsigned char)word[w_idx+1]))
/* Look at the current letter in the word */
-#define Curr_Letter (toupper(word[w_idx]))
+#define Curr_Letter (toupper((unsigned char)word[w_idx]))
/* Go N letters back. */
-#define Look_Back_Letter(n) (w_idx >= n ? toupper(word[w_idx-n]) : '\0')
+#define Look_Back_Letter(n) (w_idx >= n ? toupper((unsigned char)word[w_idx-n]) : '\0')
/* Previous letter. I dunno, should this return null on failure? */
#define Prev_Letter (Look_Back_Letter(1))
/* Look two letters down. It makes sure you don't walk off the string. */
-#define After_Next_Letter (Next_Letter != '\0' ? toupper(word[w_idx+2]) \
+#define After_Next_Letter (Next_Letter != '\0' ? toupper((unsigned char)word[w_idx+2]) \
: '\0')
-#define Look_Ahead_Letter(n) (toupper(Lookahead((char *) word+w_idx, n)))
+#define Look_Ahead_Letter(n) (toupper((unsigned char)Lookahead((char *) word+w_idx, n)))
/* Allows us to safely look ahead an arbitrary # of letters */
@@ -156,7 +156,7 @@ static char Lookahead(char *word, size_t how_far)
#define Phone_Len (p_idx)
/* Note is a letter is a 'break' in the word */
-#define Isbreak(c) (!isalpha(c))
+#define Isbreak(c) (!isalpha((unsigned char)(c)))
/* {{{ metaphone */
static void metaphone(unsigned char *word, size_t word_len, zend_long max_phonemes, zend_string **phoned_word, int traditional)
@@ -179,7 +179,7 @@ static void metaphone(unsigned char *word, size_t word_len, zend_long max_phonem
/*-- The first phoneme has to be processed specially. --*/
/* Find our first letter */
- for (; !isalpha(Curr_Letter); w_idx++) {
+ for (; !isalpha((unsigned char)Curr_Letter); w_idx++) {
/* On the off chance we were given nothing but crap... */
if (Curr_Letter == '\0') {
End_Phoned_Word();
@@ -263,7 +263,7 @@ static void metaphone(unsigned char *word, size_t word_len, zend_long max_phonem
*/
/* Ignore non-alphas */
- if (!isalpha(Curr_Letter))
+ if (!isalpha((unsigned char)Curr_Letter))
continue;
/* Drop duplicates, except CC */
diff --git a/ext/standard/quot_print.c b/ext/standard/quot_print.c
index 6e8594d398..eaa73452e5 100644
--- a/ext/standard/quot_print.c
+++ b/ext/standard/quot_print.c
@@ -216,11 +216,11 @@ PHP_FUNCTION(quoted_printable_decode)
switch (str_in[i]) {
case '=':
if (str_in[i + 1] && str_in[i + 2] &&
- isxdigit((int) str_in[i + 1]) &&
- isxdigit((int) str_in[i + 2]))
+ isxdigit((unsigned char)str_in[i + 1]) &&
+ isxdigit((unsigned char)str_in[i + 2]))
{
- ZSTR_VAL(str_out)[j++] = (php_hex2int((int) str_in[i + 1]) << 4)
- + php_hex2int((int) str_in[i + 2]);
+ ZSTR_VAL(str_out)[j++] = (php_hex2int((unsigned char)str_in[i + 1]) << 4)
+ + php_hex2int((unsigned char)str_in[i + 2]);
i += 3;
} else /* check for soft line break according to RFC 2045*/ {
k = 1;
diff --git a/ext/standard/scanf.c b/ext/standard/scanf.c
index 9f6986ab16..db476bd389 100644
--- a/ext/standard/scanf.c
+++ b/ext/standard/scanf.c
@@ -343,7 +343,7 @@ PHPAPI int ValidateFormat(char *format, int numVars, int *totalSubs)
goto xpgCheckDone;
}
- if ( isdigit( (int)*ch ) ) {
+ if ( isdigit( (unsigned char)*ch ) ) {
/*
* Check for an XPG3-style %n$ specification. Note: there
* must not be a mixture of XPG3 specs and non-XPG3 specs
@@ -654,9 +654,9 @@ PHPAPI int php_sscanf_internal( char *string, char *format,
/*
* If we see whitespace in the format, skip whitespace in the string.
*/
- if ( isspace( (int)*ch ) ) {
+ if ( isspace( (unsigned char)*ch ) ) {
sch = *string;
- while ( isspace( (int)sch ) ) {
+ while ( isspace( (unsigned char)sch ) ) {
if (*string == '\0') {
goto done;
}
@@ -807,7 +807,7 @@ literal:
if (!(flags & SCAN_NOSKIP)) {
while (*string != '\0') {
sch = *string;
- if (! isspace((int)sch) ) {
+ if (! isspace((unsigned char)sch) ) {
break;
}
string++;
@@ -833,7 +833,7 @@ literal:
end = string;
while (*end != '\0') {
sch = *end;
- if ( isspace( (int)sch ) ) {
+ if ( isspace( (unsigned char)sch ) ) {
break;
}
end++;
diff --git a/ext/standard/soundex.c b/ext/standard/soundex.c
index db57c1ef69..a37519d7ea 100644
--- a/ext/standard/soundex.c
+++ b/ext/standard/soundex.c
@@ -67,7 +67,7 @@ PHP_FUNCTION(soundex)
/* BUG: should also map here accented letters used in non */
/* English words or names (also found in English text!): */
/* esstsett, thorn, n-tilde, c-cedilla, s-caron, ... */
- code = toupper((int)(unsigned char)str[i]);
+ code = toupper((unsigned char)str[i]);
if (code >= 'A' && code <= 'Z') {
if (_small == 0) {
/* remember first valid char */
diff --git a/ext/standard/string.c b/ext/standard/string.c
index 269a0ad2b1..7dfeb02566 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3471,9 +3471,9 @@ PHPAPI void php_stripcslashes(zend_string *str)
case 'f': *target++='\f'; nlen--; break;
case '\\': *target++='\\'; nlen--; break;
case 'x':
- if (source+1 < end && isxdigit((int)(*(source+1)))) {
+ if (source+1 < end && isxdigit((unsigned char)source[1])) {
numtmp[0] = *++source;
- if (source+1 < end && isxdigit((int)(*(source+1)))) {
+ if (source+1 < end && isxdigit((unsigned char)source[1])) {
numtmp[1] = *++source;
numtmp[2] = '\0';
nlen-=3;
@@ -4319,7 +4319,7 @@ PHP_FUNCTION(hebrev)
do {
if (block_type == _HEB_BLOCK_TYPE_HEB) {
- while ((isheb((int)*(tmp+1)) || _isblank((int)*(tmp+1)) || ispunct((int)*(tmp+1)) || (int)*(tmp+1)=='\n' ) && block_end<str_len-1) {
+ while ((isheb((int)*(tmp+1)) || _isblank((int)*(tmp+1)) || ispunct((unsigned char)tmp[1]) || (int)*(tmp+1)=='\n' ) && block_end<str_len-1) {
tmp++;
block_end++;
block_length++;
@@ -4369,7 +4369,7 @@ PHP_FUNCTION(hebrev)
block_end++;
block_length++;
}
- while ((_isblank((int)*tmp) || ispunct((int)*tmp)) && *tmp!='/' && *tmp!='-' && block_end > block_start) {
+ while ((_isblank((int)*tmp) || ispunct((unsigned char)*tmp)) && *tmp!='/' && *tmp!='-' && block_end > block_start) {
tmp--;
block_end--;
}
@@ -4751,7 +4751,7 @@ int php_tag_find(char *tag, size_t len, const char *set) {
done =1;
break;
default:
- if (!isspace((int)c)) {
+ if (!isspace((unsigned char)c)) {
if (state == 0) {
state=1;
}
@@ -4841,7 +4841,7 @@ state_0:
if (in_q) {
break;
}
- if (isspace(*(p + 1)) && !allow_tag_spaces) {
+ if (isspace((unsigned char)p[1]) && !allow_tag_spaces) {
*(rp++) = c;
break;
}
@@ -4888,7 +4888,7 @@ state_1:
if (in_q) {
break;
}
- if (isspace(*(p + 1)) && !allow_tag_spaces) {
+ if (isspace((unsigned char)p[1]) && !allow_tag_spaces) {
goto reg_char_1;
}
depth++;
diff --git a/ext/standard/strnatcmp.c b/ext/standard/strnatcmp.c
index 3cdba2adf2..2160db40f4 100644
--- a/ext/standard/strnatcmp.c
+++ b/ext/standard/strnatcmp.c
@@ -40,12 +40,12 @@ compare_right(char const **a, char const *aend, char const **b, char const *bend
both numbers to know that they have the same magnitude, so we
remember it in BIAS. */
for(;; (*a)++, (*b)++) {
- if ((*a == aend || !isdigit((int)(unsigned char)**a)) &&
- (*b == bend || !isdigit((int)(unsigned char)**b)))
+ if ((*a == aend || !isdigit((unsigned char)**a)) &&
+ (*b == bend || !isdigit((unsigned char)**b)))
return bias;
- else if (*a == aend || !isdigit((int)(unsigned char)**a))
+ else if (*a == aend || !isdigit((unsigned char)**a))
return -1;
- else if (*b == bend || !isdigit((int)(unsigned char)**b))
+ else if (*b == bend || !isdigit((unsigned char)**b))
return +1;
else if (**a < **b) {
if (!bias)
@@ -67,12 +67,12 @@ compare_left(char const **a, char const *aend, char const **b, char const *bend)
/* Compare two left-aligned numbers: the first to have a
different value wins. */
for(;; (*a)++, (*b)++) {
- if ((*a == aend || !isdigit((int)(unsigned char)**a)) &&
- (*b == bend || !isdigit((int)(unsigned char)**b)))
+ if ((*a == aend || !isdigit((unsigned char)**a)) &&
+ (*b == bend || !isdigit((unsigned char)**b)))
return 0;
- else if (*a == aend || !isdigit((int)(unsigned char)**a))
+ else if (*a == aend || !isdigit((unsigned char)**a))
return -1;
- else if (*b == bend || !isdigit((int)(unsigned char)**b))
+ else if (*b == bend || !isdigit((unsigned char)**b))
return +1;
else if (**a < **b)
return -1;
@@ -104,27 +104,27 @@ PHPAPI int strnatcmp_ex(char const *a, size_t a_len, char const *b, size_t b_len
ca = *ap; cb = *bp;
/* skip over leading zeros */
- while (leading && ca == '0' && (ap+1 < aend) && isdigit((int)(unsigned char)*(ap+1))) {
+ while (leading && ca == '0' && (ap+1 < aend) && isdigit((unsigned char)ap[1])) {
ca = *++ap;
}
- while (leading && cb == '0' && (bp+1 < bend) && isdigit((int)(unsigned char)*(bp+1))) {
+ while (leading && cb == '0' && (bp+1 < bend) && isdigit((unsigned char)bp[1])) {
cb = *++bp;
}
leading = 0;
/* Skip consecutive whitespace */
- while (isspace((int)(unsigned char)ca)) {
+ while (isspace(ca)) {
ca = *++ap;
}
- while (isspace((int)(unsigned char)cb)) {
+ while (isspace(cb)) {
cb = *++bp;
}
/* process run of digits */
- if (isdigit((int)(unsigned char)ca) && isdigit((int)(unsigned char)cb)) {
+ if (isdigit(ca) && isdigit(cb)) {
fractional = (ca == '0' || cb == '0');
if (fractional)
@@ -148,8 +148,8 @@ PHPAPI int strnatcmp_ex(char const *a, size_t a_len, char const *b, size_t b_len
}
if (fold_case) {
- ca = toupper((int)(unsigned char)ca);
- cb = toupper((int)(unsigned char)cb);
+ ca = toupper(ca);
+ cb = toupper(cb);
}
if (ca < cb)
diff --git a/ext/standard/type.c b/ext/standard/type.c
index 5a8b2a0b9d..2b47ab2d6a 100644
--- a/ext/standard/type.c
+++ b/ext/standard/type.c
@@ -161,7 +161,7 @@ PHP_FUNCTION(intval)
char *strval = Z_STRVAL_P(num);
size_t strlen = Z_STRLEN_P(num);
- while (isspace(*strval) && strlen) {
+ while (isspace((unsigned char)*strval) && strlen) {
strval++;
strlen--;
}
diff --git a/ext/standard/url.c b/ext/standard/url.c
index a33091a86b..e94b6b2926 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -117,7 +117,7 @@ PHPAPI php_url *php_url_parse_ex2(char const *str, size_t length, zend_bool *has
p = s;
while (p < e) {
/* scheme = 1*[ lowalpha | digit | "+" | "-" | "." ] */
- if (!isalpha(*p) && !isdigit(*p) && *p != '+' && *p != '.' && *p != '-') {
+ if (!isalpha((unsigned char)*p) && !isdigit((unsigned char)*p) && *p != '+' && *p != '.' && *p != '-') {
if (e + 1 < ue && e < binary_strcspn(s, ue, "?#")) {
goto parse_port;
} else if (s + 1 < ue && *s == '/' && *(s + 1) == '/') { /* relative-scheme URL */
@@ -146,7 +146,7 @@ PHPAPI php_url *php_url_parse_ex2(char const *str, size_t length, zend_bool *has
* correctly parse things like a.com:80
*/
p = e + 1;
- while (p < ue && isdigit(*p)) {
+ while (p < ue && isdigit((unsigned char)*p)) {
p++;
}
@@ -186,7 +186,7 @@ PHPAPI php_url *php_url_parse_ex2(char const *str, size_t length, zend_bool *has
p = e + 1;
pp = p;
- while (pp < ue && pp - p < 6 && isdigit(*pp)) {
+ while (pp < ue && pp - p < 6 && isdigit((unsigned char)*pp)) {
pp++;
}
@@ -429,12 +429,12 @@ static int php_htoi(char *s)
int value;
int c;
- c = ((unsigned char *)s)[0];
+ c = (unsigned char)s[0];
if (isupper(c))
c = tolower(c);
value = (c >= '0' && c <= '9' ? c - '0' : c - 'a' + 10) * 16;
- c = ((unsigned char *)s)[1];
+ c = (unsigned char)s[1];
if (isupper(c))
c = tolower(c);
value += c >= '0' && c <= '9' ? c - '0' : c - 'a' + 10;
@@ -601,8 +601,8 @@ PHPAPI size_t php_url_decode(char *str, size_t len)
if (*data == '+') {
*dest = ' ';
}
- else if (*data == '%' && len >= 2 && isxdigit((int) *(data + 1))
- && isxdigit((int) *(data + 2))) {
+ else if (*data == '%' && len >= 2 && isxdigit((unsigned char)data[1])
+ && isxdigit((unsigned char)data[2])) {
*dest = (char) php_htoi(data + 1);
data += 2;
len -= 2;
@@ -660,8 +660,8 @@ PHPAPI size_t php_raw_url_decode(char *str, size_t len)
char *data = str;
while (len--) {
- if (*data == '%' && len >= 2 && isxdigit((int) *(data + 1))
- && isxdigit((int) *(data + 2))) {
+ if (*data == '%' && len >= 2 && isxdigit((unsigned char)data[1])
+ && isxdigit((unsigned char)data[2])) {
*dest = (char) php_htoi(data + 1);
data += 2;
len -= 2;
@@ -722,7 +722,7 @@ no_name_header:
c = *p;
*p = '\0';
s = p + 1;
- while (isspace((int)*(unsigned char *)s)) {
+ while (isspace((unsigned char)*s)) {
s++;
}
diff --git a/ext/standard/url_scanner_ex.re b/ext/standard/url_scanner_ex.re
index bef17733e2..2e14026c2f 100644
--- a/ext/standard/url_scanner_ex.re
+++ b/ext/standard/url_scanner_ex.re
@@ -85,7 +85,7 @@ static int php_ini_on_update_tags(zend_ini_entry *entry, zend_string *new_value,
*val++ = '\0';
for (q = key; *q; q++) {
- *q = tolower(*q);
+ *q = tolower((unsigned char)*q);
}
keylen = q - key;
str = zend_string_init(key, keylen, 1);
@@ -134,7 +134,7 @@ static int php_ini_on_update_hosts(zend_ini_entry *entry, zend_string *new_value
char *q;
for (q = key; *q; q++) {
- *q = tolower(*q);
+ *q = tolower((unsigned char)*q);
}
keylen = q - key;
if (keylen > 0) {
@@ -454,7 +454,7 @@ static inline void handle_tag(STD_PARA)
}
smart_str_appendl(&ctx->tag, start, YYCURSOR - start);
for (i = 0; i < ZSTR_LEN(ctx->tag.s); i++)
- ZSTR_VAL(ctx->tag.s)[i] = tolower((int)(unsigned char)ZSTR_VAL(ctx->tag.s)[i]);
+ ZSTR_VAL(ctx->tag.s)[i] = tolower((unsigned char)ZSTR_VAL(ctx->tag.s)[i]);
/* intentionally using str_find here, in case the hash value is set, but the string val is changed later */
if ((ctx->lookup_data = zend_hash_str_find_ptr(ctx->tags, ZSTR_VAL(ctx->tag.s), ZSTR_LEN(ctx->tag.s))) != NULL) {
ok = 1;
diff --git a/ext/standard/versioning.c b/ext/standard/versioning.c
index dbdae6ecf7..607d5ae185 100644
--- a/ext/standard/versioning.c
+++ b/ext/standard/versioning.c
@@ -45,8 +45,8 @@ php_canonicalize_version(const char *version)
* s/([^\d\.])([^\D\.])/$1.$2/g;
* s/([^\D\.])([^\d\.])/$1.$2/g;
*/
-#define isdig(x) (isdigit(x)&&(x)!='.')
-#define isndig(x) (!isdigit(x)&&(x)!='.')
+#define isdig(x) (isdigit((unsigned char)(x))&&(x)!='.')
+#define isndig(x) (!isdigit((unsigned char)(x))&&(x)!='.')
#define isspecialver(x) ((x)=='-'||(x)=='_'||(x)=='+')
lq = *(q - 1);
@@ -59,7 +59,7 @@ php_canonicalize_version(const char *version)
*q++ = '.';
}
*q++ = *p;
- } else if (!isalnum(*p)) {
+ } else if (!isalnum((unsigned char)*p)) {
if (lq != '.') {
*q++ = '.';
}
@@ -152,17 +152,17 @@ php_version_compare(const char *orig_ver1, const char *orig_ver2)
if ((n2 = strchr(p2, '.')) != NULL) {
*n2 = '\0';
}
- if (isdigit(*p1) && isdigit(*p2)) {
+ if (isdigit((unsigned char)*p1) && isdigit((unsigned char)*p2)) {
/* compare element numerically */
l1 = strtol(p1, NULL, 10);
l2 = strtol(p2, NULL, 10);
compare = ZEND_NORMALIZE_BOOL(l1 - l2);
- } else if (!isdigit(*p1) && !isdigit(*p2)) {
+ } else if (!isdigit((unsigned char)*p1) && !isdigit((unsigned char)*p2)) {
/* compare element names */
compare = compare_special_version_forms(p1, p2);
} else {
/* mix of names and numbers */
- if (isdigit(*p1)) {
+ if (isdigit((unsigned char)*p1)) {
compare = compare_special_version_forms("#N#", p2);
} else {
compare = compare_special_version_forms(p1, "#N#");
@@ -180,13 +180,13 @@ php_version_compare(const char *orig_ver1, const char *orig_ver2)
}
if (compare == 0) {
if (n1 != NULL) {
- if (isdigit(*p1)) {
+ if (isdigit((unsigned char)*p1)) {
compare = 1;
} else {
compare = php_version_compare(p1, "#N#");
}
} else if (n2 != NULL) {
- if (isdigit(*p2)) {
+ if (isdigit((unsigned char)*p2)) {
compare = -1;
} else {
compare = php_version_compare("#N#", p2);
diff --git a/main/SAPI.c b/main/SAPI.c
index eea417cedc..26c48dadaf 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -189,7 +189,7 @@ static void sapi_read_post_data(void)
*p = 0;
break;
default:
- *p = tolower(*p);
+ *p = tolower((unsigned char)*p);
break;
}
}
@@ -706,10 +706,10 @@ SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg)
}
/* cut off trailing spaces, linefeeds and carriage-returns */
- if (header_line_len && isspace(header_line[header_line_len-1])) {
+ if (header_line_len && isspace((unsigned char)header_line[header_line_len - 1])) {
do {
header_line_len--;
- } while(header_line_len && isspace(header_line[header_line_len-1]));
+ } while(header_line_len && isspace((unsigned char)header_line[header_line_len - 1]));
header_line[header_line_len]='\0';
}
diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index 5e4a619c8f..686479c46e 100644
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -481,7 +481,7 @@ PHPAPI zend_string *php_resolve_path(const char *filename, size_t filename_lengt
}
/* Don't resolve paths which contain protocol (except of file://) */
- for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
+ for (p = filename; isalnum((unsigned char)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
wrapper = php_stream_locate_url_wrapper(filename, &actual_path, STREAM_OPEN_FOR_INCLUDE);
if (wrapper == &php_plain_files_wrapper) {
@@ -517,7 +517,7 @@ PHPAPI zend_string *php_resolve_path(const char *filename, size_t filename_lengt
/* Check for stream wrapper */
int is_stream_wrapper = 0;
- for (p = ptr; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
+ for (p = ptr; isalnum((unsigned char)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
if ((*p == ':') && (p - ptr > 1) && (p[1] == '/') && (p[2] == '/')) {
/* .:// or ..:// is not a stream wrapper */
if (p[-1] != '.' || p[-2] != '.' || p - 2 != ptr) {
@@ -586,7 +586,7 @@ PHPAPI zend_string *php_resolve_path(const char *filename, size_t filename_lengt
actual_path = trypath;
/* Check for stream wrapper */
- for (p = trypath; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
+ for (p = trypath; isalnum((unsigned char)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
if ((*p == ':') && (p - trypath > 1) && (p[1] == '/') && (p[2] == '/')) {
wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE);
if (!wrapper) {
diff --git a/main/php_ini.c b/main/php_ini.c
index 52e3a20ebf..aca0aa6537 100644
--- a/main/php_ini.c
+++ b/main/php_ini.c
@@ -40,7 +40,7 @@
char *tmp = path; \
while (*tmp) { \
if (*tmp == '\\') *tmp = '/'; \
- else *tmp = tolower(*tmp); \
+ else *tmp = tolower((unsigned char)*tmp); \
tmp++; \
} \
}
diff --git a/main/php_variables.c b/main/php_variables.c
index dc888bdfc6..1e3aaf1441 100644
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -185,7 +185,7 @@ PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *trac
ip++;
index_s = ip;
- if (isspace(*ip)) {
+ if (isspace((unsigned char)*ip)) {
ip++;
}
if (*ip==']') {
@@ -508,7 +508,7 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
if (arg == PARSE_COOKIE) {
/* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */
- while (isspace(*var)) {
+ while (isspace((unsigned char)*var)) {
var++;
}
if (var == val || *var == '\0') {
diff --git a/main/rfc1867.c b/main/rfc1867.c
index eafe6a67d2..c3e53c9212 100644
--- a/main/rfc1867.c
+++ b/main/rfc1867.c
@@ -414,7 +414,7 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header)
}
/* space in the beginning means same header */
- if (!isspace(line[0])) {
+ if (!isspace((unsigned char)line[0])) {
value = strchr(line, ':');
}
@@ -430,7 +430,7 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header)
}
*value = '\0';
- do { value++; } while (isspace(*value));
+ do { value++; } while (isspace((unsigned char)*value));
key = estrdup(line);
smart_string_appends(&buf_value, value);
@@ -527,7 +527,7 @@ static char *substring_conf(char *start, int len, char quote)
static char *php_ap_getword_conf(const zend_encoding *encoding, char *str)
{
- while (*str && isspace(*str)) {
+ while (*str && isspace((unsigned char)*str)) {
++str;
}
@@ -543,7 +543,7 @@ static char *php_ap_getword_conf(const zend_encoding *encoding, char *str)
} else {
char *strend = str;
- while (*strend && !isspace(*strend)) {
+ while (*strend && !isspace((unsigned char)*strend)) {
++strend;
}
return substring_conf(str, strend - str, 0);
@@ -810,7 +810,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
goto fileupload_done;
}
- while (isspace(*cd)) {
+ while (isspace((unsigned char)*cd)) {
++cd;
}
@@ -818,7 +818,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
{
char *key = NULL, *word = pair;
- while (isspace(*cd)) {
+ while (isspace((unsigned char)*cd)) {
++cd;
}
diff --git a/main/snprintf.c b/main/snprintf.c
index 581cac1d3b..cb696a9ef3 100644
--- a/main/snprintf.c
+++ b/main/snprintf.c
@@ -386,7 +386,7 @@ PHPAPI char * php_conv_fp(register char format, register double num,
/*
* Check for Infinity and NaN
*/
- if (isalpha((int)*p)) {
+ if (isalpha((unsigned char)*p)) {
*len = strlen(p);
memcpy(buf, p, *len + 1);
*is_negative = FALSE;
@@ -533,11 +533,11 @@ typedef struct buf_area buffy;
#define NUM( c ) ( c - '0' )
#define STR_TO_DEC( str, num ) \
- num = NUM( *str++ ) ; \
- while ( isdigit((int)*str ) ) \
+ num = NUM( *(str)++ ) ; \
+ while ( isdigit((unsigned char)*(str) ) ) \
{ \
num *= 10 ; \
- num += NUM( *str++ ) ; \
+ num += NUM( *(str)++ ) ; \
}
/*
@@ -641,7 +641,7 @@ static int format_converter(register buffy * odp, const char *fmt, va_list ap) /
/*
* Try to avoid checking for flags, width or precision
*/
- if (isascii((int)*fmt) && !islower((int)*fmt)) {
+ if (isascii((unsigned char)*fmt) && !islower((unsigned char)*fmt)) {
/*
* Recognize flags: -, #, BLANK, +
*/
@@ -663,7 +663,7 @@ static int format_converter(register buffy * odp, const char *fmt, va_list ap) /
/*
* Check if a width was specified
*/
- if (isdigit((int)*fmt)) {
+ if (isdigit((unsigned char)*fmt)) {
STR_TO_DEC(fmt, min_width);
adjust_width = YES;
} else if (*fmt == '*') {
@@ -683,7 +683,7 @@ static int format_converter(register buffy * odp, const char *fmt, va_list ap) /
if (*fmt == '.') {
adjust_precision = YES;
fmt++;
- if (isdigit((int)*fmt)) {
+ if (isdigit((unsigned char)*fmt)) {
STR_TO_DEC(fmt, precision);
} else if (*fmt == '*') {
precision = va_arg(ap, int);
diff --git a/main/spprintf.c b/main/spprintf.c
index 768a27470c..1925cf9f85 100644
--- a/main/spprintf.c
+++ b/main/spprintf.c
@@ -148,12 +148,12 @@
#define NUM(c) (c - '0')
#define STR_TO_DEC(str, num) do { \
- num = NUM(*str++); \
- while (isdigit((int)*str)) { \
+ num = NUM(*(str)++); \
+ while (isdigit((unsigned char)*(str))) {\
num *= 10; \
- num += NUM(*str++); \
+ num += NUM(*(str)++); \
if (num >= INT_MAX / 10) { \
- while (isdigit((int)*str++)); \
+ while (isdigit((unsigned char)*(str)++)); \
break; \
} \
} \
@@ -242,7 +242,7 @@ static void xbuf_format_converter(void *xbuf, zend_bool is_char, const char *fmt
/*
* Try to avoid checking for flags, width or precision
*/
- if (isascii((int)*fmt) && !islower((int)*fmt)) {
+ if (isascii((unsigned char)*fmt) && !islower((unsigned char)*fmt)) {
/*
* Recognize flags: -, #, BLANK, +
*/
@@ -264,7 +264,7 @@ static void xbuf_format_converter(void *xbuf, zend_bool is_char, const char *fmt
/*
* Check if a width was specified
*/
- if (isdigit((int)*fmt)) {
+ if (isdigit((unsigned char)*fmt)) {
STR_TO_DEC(fmt, min_width);
adjust_width = YES;
} else if (*fmt == '*') {
@@ -284,7 +284,7 @@ static void xbuf_format_converter(void *xbuf, zend_bool is_char, const char *fmt
if (*fmt == '.') {
adjust_precision = YES;
fmt++;
- if (isdigit((int)*fmt)) {
+ if (isdigit((unsigned char)*fmt)) {
STR_TO_DEC(fmt, precision);
} else if (*fmt == '*') {
precision = va_arg(ap, int);
diff --git a/main/streams/streams.c b/main/streams/streams.c
index 62a4359f32..8821c8a87c 100644
--- a/main/streams/streams.c
+++ b/main/streams/streams.c
@@ -1725,7 +1725,7 @@ static inline int php_stream_wrapper_scheme_validate(const char *protocol, unsig
unsigned int i;
for(i = 0; i < protocol_len; i++) {
- if (!isalnum((int)protocol[i]) &&
+ if (!isalnum((unsigned char)protocol[i]) &&
protocol[i] != '+' &&
protocol[i] != '-' &&
protocol[i] != '.') {
@@ -1805,7 +1805,7 @@ PHPAPI php_stream_wrapper *php_stream_locate_url_wrapper(const char *path, const
return (php_stream_wrapper*)((options & STREAM_LOCATE_WRAPPERS_ONLY) ? NULL : &php_plain_files_wrapper);
}
- for (p = path; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++) {
+ for (p = path; isalnum((unsigned char)*p) || *p == '+' || *p == '-' || *p == '.'; p++) {
n++;
}
diff --git a/main/streams/transports.c b/main/streams/transports.c
index 2e17969b97..87f6b415cc 100644
--- a/main/streams/transports.c
+++ b/main/streams/transports.c
@@ -94,7 +94,7 @@ PHPAPI php_stream *_php_stream_xport_create(const char *name, size_t namelen, in
}
}
- for (p = name; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++) {
+ for (p = name; isalnum((unsigned char)*p) || *p == '+' || *p == '-' || *p == '.'; p++) {
n++;
}
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
index 5104318a63..6c121ea434 100644
--- a/sapi/cli/php_cli_server.c
+++ b/sapi/cli/php_cli_server.c
@@ -618,7 +618,7 @@ static int sapi_cli_server_register_entry_cb(char **entry, int num_args, va_list
if (key[i] == '-') {
key[i] = '_';
} else {
- key[i] = toupper(key[i]);
+ key[i] = toupper((unsigned char)key[i]);
}
}
spprintf(&real_key, 0, "%s_%s", "HTTP", key);
diff --git a/sapi/fpm/fpm/fpm_conf.c b/sapi/fpm/fpm/fpm_conf.c
index 8adc4aca90..bcd04242c7 100644
--- a/sapi/fpm/fpm/fpm_conf.c
+++ b/sapi/fpm/fpm/fpm_conf.c
@@ -924,7 +924,7 @@ static int fpm_conf_process_all_pools(void)
}
for (i = 0; i < strlen(status); i++) {
- if (!isalnum(status[i]) && status[i] != '/' && status[i] != '-' && status[i] != '_' && status[i] != '.' && status[i] != '~') {
+ if (!isalnum((unsigned char)status[i]) && status[i] != '/' && status[i] != '-' && status[i] != '_' && status[i] != '.' && status[i] != '~') {
zlog(ZLOG_ERROR, "[pool %s] the status path '%s' must contain only the following characters '[alphanum]/_-.~'", wp->config->name, status);
return -1;
}
@@ -947,7 +947,7 @@ static int fpm_conf_process_all_pools(void)
}
for (i = 0; i < strlen(ping); i++) {
- if (!isalnum(ping[i]) && ping[i] != '/' && ping[i] != '-' && ping[i] != '_' && ping[i] != '.' && ping[i] != '~') {
+ if (!isalnum((unsigned char)ping[i]) && ping[i] != '/' && ping[i] != '-' && ping[i] != '_' && ping[i] != '.' && ping[i] != '~') {
zlog(ZLOG_ERROR, "[pool %s] the ping path '%s' must contain only the following characters '[alphanum]/_-.~'", wp->config->name, ping);
return -1;
}
diff --git a/sapi/litespeed/lsapi_main.c b/sapi/litespeed/lsapi_main.c
index d82e82556e..a41e35f44e 100644
--- a/sapi/litespeed/lsapi_main.c
+++ b/sapi/litespeed/lsapi_main.c
@@ -1707,12 +1707,12 @@ PHP_FUNCTION(litespeed_response_headers)
len = p - h->header;
if (p && len > 0 && len < LSAPI_RESP_HTTP_HEADER_MAX) {
memmove( headerBuf, h->header, len );
- while( len > 0 && (isspace( headerBuf[len-1])) ) {
+ while( len > 0 && (isspace((unsigned char)headerBuf[len - 1])) ) {
--len;
}
headerBuf[len] = 0;
if ( len ) {
- while( isspace(*++p));
+ while(isspace((unsigned char)*++p));
add_assoc_string_ex(return_value, headerBuf, len, p);
}
}
diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c
index 3cce4911e1..ec5be48474 100644
--- a/sapi/litespeed/lsapilib.c
+++ b/sapi/litespeed/lsapilib.c
@@ -2198,7 +2198,7 @@ static char * GetHeaderVar( LSAPI_Request * pReq, const char * name )
while(( pKey < pKeyEnd )&&( *p ))
{
- char ch = toupper( *pKey );
+ char ch = toupper( (unsigned char)*pKey );
if ((ch != *p )||(( *p == '_' )&&( ch != '-')))
break;
++p; ++pKey;
@@ -2382,7 +2382,7 @@ int LSAPI_ForeachHeader_r( LSAPI_Request * pReq,
if ( ch == '-' )
*p++ = '_';
else
- *p++ = toupper( ch );
+ *p++ = toupper( (unsigned char)ch );
}
*p = 0;
keyLen += 5;
@@ -2627,7 +2627,7 @@ int LSAPI_ParseSockAddr( const char * pBind, struct sockaddr * pAddr )
if ( !pBind )
return -1;
- while( isspace( *pBind ) )
+ while(isspace( (unsigned char)*pBind ) )
++pBind;
strncpy(achAddr, pBind, 255);
diff --git a/sapi/phpdbg/phpdbg_cmd.c b/sapi/phpdbg/phpdbg_cmd.c
index 757d48e739..20809f80d8 100644
--- a/sapi/phpdbg/phpdbg_cmd.c
+++ b/sapi/phpdbg/phpdbg_cmd.c
@@ -777,9 +777,9 @@ PHPDBG_API char *phpdbg_read_input(const char *buffered) /* {{{ */
}
}
- if (buffer && isspace(*buffer)) {
+ if (buffer && isspace((unsigned char)*buffer)) {
char *trimmed = buffer;
- while (isspace(*trimmed))
+ while (isspace((unsigned char)*trimmed))
trimmed++;
trimmed = estrdup(trimmed);
diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c
index adb31d1e3c..a2a8c22724 100644
--- a/sapi/phpdbg/phpdbg_prompt.c
+++ b/sapi/phpdbg/phpdbg_prompt.c
@@ -218,7 +218,7 @@ static void phpdbg_line_init(char *cmd, struct phpdbg_init_state *state) {
state->line++;
- while (cmd_len > 0L && isspace(cmd[cmd_len-1])) {
+ while (cmd_len > 0L && isspace((unsigned char)cmd[cmd_len-1])) {
cmd_len--;
}
diff --git a/sapi/phpdbg/phpdbg_utils.c b/sapi/phpdbg/phpdbg_utils.c
index 56fb654909..565d51397b 100644
--- a/sapi/phpdbg/phpdbg_utils.c
+++ b/sapi/phpdbg/phpdbg_utils.c
@@ -83,10 +83,10 @@ PHPDBG_API int phpdbg_is_numeric(const char *str) /* {{{ */
return 0;
for (; *str; str++) {
- if (isspace(*str) || *str == '-') {
+ if (isspace((unsigned char)*str) || *str == '-') {
continue;
}
- return isdigit(*str);
+ return isdigit((unsigned char)*str);
}
return 0;
} /* }}} */
@@ -97,7 +97,7 @@ PHPDBG_API int phpdbg_is_empty(const char *str) /* {{{ */
return 1;
for (; *str; str++) {
- if (isspace(*str)) {
+ if (isspace((unsigned char)*str)) {
continue;
}
return 0;
@@ -200,12 +200,12 @@ PHPDBG_API char *phpdbg_trim(const char *str, size_t len, size_t *new_len) /* {{
const char *p = str;
char *new = NULL;
- while (p && isspace(*p)) {
+ while (p && isspace((unsigned char)*p)) {
++p;
--len;
}
- while (*p && isspace(*(p + len -1))) {
+ while (*p && isspace((unsigned char)p[len - 1])) {
--len;
}
diff --git a/win32/sendmail.c b/win32/sendmail.c
index 83b2b97112..e0ded648e1 100644
--- a/win32/sendmail.c
+++ b/win32/sendmail.c
@@ -57,7 +57,7 @@
efree(response); \
} \
}
-#define SMTP_SKIP_SPACE(str) { while (isspace(*str)) { str++; } }
+#define SMTP_SKIP_SPACE(str) { while (isspace((unsigned char)*(str))) { (str)++; } }
char seps[] = " ,\t\n";
@@ -725,7 +725,7 @@ static int PostHeader(char *RPath, const char *Subject, const char *mailTo, char
headers_lc_len = strlen(headers_lc);
for (i = 0; i < headers_lc_len; i++) {
- headers_lc[i] = tolower(headers_lc[i]);
+ headers_lc[i] = tolower((unsigned char)headers_lc[i]);
}
}
@@ -853,7 +853,7 @@ return 0;
/* Resolve the servers IP */
/*
- if (!isdigit(PW32G(mail_host)[0])||!gethostbyname(PW32G(mail_host)))
+ if (!isdigit((unsigned char)PW32G(mail_host)[0])||!gethostbyname(PW32G(mail_host)))
{
return (FAILED_TO_RESOLVE_HOST);
}
--
2.54.0
From 1cbf0c27044bd54fb77de8a6bf993a7ab53892a4 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 7 May 2026 09:01:35 +0200
Subject: [PATCH 10/10] NEWS from 8.2.31
(cherry picked from commit 7dff10e9a31d469fcd436e10b06f8b2bf2758a68)
---
NEWS | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/NEWS b/NEWS
index ee3b272dfc..eb31a08afd 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,35 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+Backported from 8.2.31
+
+- FPM:
+ . Fixed GHSA-7qg2-v9fj-4mwv (XSS within status endpoint). (CVE-2026-6735)
+ (Jakub Zelenka)
+
+- MBString:
+ . Fixed GHSA-wm6j-2649-pv75 (Null pointer dereference in
+ php_mb_check_encoding() via mb_ereg_search_init()). (CVE-2026-7259)
+ (vi3tL0u1s)
+
+- PDO_Firebird:
+ . Fixed GHSA-w476-322c-wpvm (SQL injection via NUL bytes in quoted strings).
+ (CVE-2025-14179) (SakiTakamachi)
+
+- SOAP:
+ . Fixed GHSA-85c2-q967-79q5 (Stale SOAP_GLOBAL(ref_map) pointer with Apache
+ Map). (CVE-2026-6722) (ilutov)
+ . Fixed GHSA-m33r-qmcv-p97q (Use-after-free after header parsing failure with
+ SOAP_PERSISTENCE_SESSION). (CVE-2026-7261) (ilutov)
+ . Fixed GHSA-hmxp-6pc4-f3vv (Broken Apache map value NULL check).
+ (CVE-2026-7262) (ilutov)
+
+- Standard:
+ . Fixed GHSA-96wq-48vp-hh57 (Signed integer overflow of char array offset).
+ (CVE-2026-7568) (TimWolla)
+ . Fixed GHSA-m8rr-4c36-8gq4 (Consistently pass unsigned char to ctype.h
+ functions). (CVE-2026-7258) (ilutov)
+
Backported from 8.1.34
- Standard:
--
2.54.0
Reference in New Issue View Git Blame Copy Permalink