From 1bf0f3ec9088d34383c564d6306901ae6dc94cb5 Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Wed, 4 Jan 2023 19:06:28 +0100
Subject: [PATCH] Fix the CI for PHP8.2

---
 .../deny_writable_execution.phpt              | 10 ++--------
 .../deny_writable_execution_simulation.phpt   | 20 +++++++------------
 .../dump_deny_writable_execution.phpt         | 10 ++--------
 .../disabled_function_echo.phpt               |  1 -
 .../disabled_function_echo_2.phpt             |  1 -
 .../disabled_function_echo_local_var.phpt     |  1 -
 .../disabled_function_print.phpt              |  3 +--
 src/tests/xxe/disable_xxe_dom_disabled.phpt   |  9 +++------
 src/tests/xxe/disable_xxe_simplexml.phpt      |  9 +++------
 src/tests/xxe/disable_xxe_simplexml_oop.phpt  |  9 +++------
 src/tests/xxe/disable_xxe_xml_parse.phpt      | 13 +++++-------
 11 files changed, 26 insertions(+), 60 deletions(-)

diff --git a/src/tests/deny_writable/deny_writable_execution.phpt b/src/tests/deny_writable/deny_writable_execution.phpt
index a6294797..383ffa57 100644
--- a/src/tests/deny_writable/deny_writable_execution.phpt
+++ b/src/tests/deny_writable/deny_writable_execution.phpt
@@ -21,6 +21,8 @@ sp.configuration_file={PWD}/config/config_disable_writable.ini
 $dir = __DIR__;
 
 // just in case
+@chmod("$dir/non_writable_file.txt", 0777);
+@chmod("$dir/writable_file.txt", 0777);
 @unlink("$dir/non_writable_file.txt");
 @unlink("$dir/writable_file.txt");
 
@@ -31,13 +33,5 @@ chmod("$dir/writable_file.txt", 0777);
 include "$dir/non_writable_file.txt";
 include "$dir/writable_file.txt";
 ?>
---CLEAN--
-<?php
-$dir = __DIR__;
-chmod("$dir/non_writable_file.txt", 0777);
-chmod("$dir/writable_file.txt", 0777);
-unlink("$dir/non_writable_file.txt");
-unlink("$dir/writable_file.txt");
-?>
 --EXPECTF--
 Fatal error: [snuffleupagus][0.0.0.0][readonly_exec][drop] Attempted execution of a writable file (%a/deny_writable_execution.php) in %a/deny_writable_execution.php on line 2
diff --git a/src/tests/deny_writable/deny_writable_execution_simulation.phpt b/src/tests/deny_writable/deny_writable_execution_simulation.phpt
index d4e48018..39dab32f 100644
--- a/src/tests/deny_writable/deny_writable_execution_simulation.phpt
+++ b/src/tests/deny_writable/deny_writable_execution_simulation.phpt
@@ -22,6 +22,8 @@ sp.configuration_file={PWD}/config/config_disable_writable_simulation.ini
 $dir = __DIR__;
 
 // just in case
+@chmod("$dir/non_writable_file.txt", 0777);
+@chmod("$dir/writable_file.txt", 0777);
 @unlink("$dir/non_writable_file.txt");
 @unlink("$dir/writable_file.txt");
 
@@ -32,23 +34,15 @@ chmod("$dir/non_writable_file.txt", 0400);
 include "$dir/writable_file.txt";
 include "$dir/non_writable_file.txt";
 ?>
---CLEAN--
-<?php
-$dir = __DIR__;
-chmod("$dir/non_writable_file.txt", 0777);
-chmod("$dir/writable_file.txt", 0777);
-unlink("$dir/non_writable_file.txt");
-unlink("$dir/writable_file.txt");
-?>
 --EXPECTF--
-Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/deny_writable_execution_simulation.php) in %a/deny_writable_execution_simulation.php on line 2
+Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/deny_writable_execution_simulation.php) in %a/deny_writable_execution_simulation.php on line %d
 
-Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt) in %a/deny_writable_execution_simulation.php on line 12
+Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt) in %a/deny_writable_execution_simulation.php on line %d
 
-Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt) in %a/writable_file.txt on line 1
+Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt) in %a/writable_file.txt on line %d
 Code execution within a writable file.
 
-Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %s/tests/deny_writable/deny_writable_execution_simulation.php on line 13
+Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %s/tests/deny_writable/deny_writable_execution_simulation.php on line %d
 
-Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %src/tests/deny_writable/non_writable_file.txt on line 1
+Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %src/tests/deny_writable/non_writable_file.txt on line %d
 Code execution within a non-writable file.
diff --git a/src/tests/deny_writable/dump_deny_writable_execution.phpt b/src/tests/deny_writable/dump_deny_writable_execution.phpt
index c6dd6cd8..2e6bca51 100644
--- a/src/tests/deny_writable/dump_deny_writable_execution.phpt
+++ b/src/tests/deny_writable/dump_deny_writable_execution.phpt
@@ -32,6 +32,8 @@ foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
 $dir = __DIR__;
 
 // just in case
+@chmod("$dir/non_writable_file.txt", 0777);
+@chmod("$dir/writable_file.txt", 0777);
 @unlink("$dir/non_writable_file.txt");
 @unlink("$dir/writable_file.txt");
 
@@ -57,11 +59,3 @@ if ($res[2] != "GET:get_a='data_get_a_readonly' get_b='data_get_b_readonly' \n")
 --EXPECTF--
 %a
 WIN
---CLEAN--
-<?php
-$dir = __DIR__;
-chmod("$dir/non_writable_file.txt", 0777);
-chmod("$dir/writable_file.txt", 0777);
-unlink("$dir/non_writable_file.txt");
-unlink("$dir/writable_file.txt");
-?>
diff --git a/src/tests/disable_function/disabled_function_echo.phpt b/src/tests/disable_function/disabled_function_echo.phpt
index 12aaff48..b1da0dca 100644
--- a/src/tests/disable_function/disabled_function_echo.phpt
+++ b/src/tests/disable_function/disabled_function_echo.phpt
@@ -13,7 +13,6 @@ echo "qwe";
 test("rty");
 test("oops");
 ?>
---CLEAN--
 --EXPECTF--
 qwerty
 Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'echo' in %a/disabled_function_echo.php on line 3
diff --git a/src/tests/disable_function/disabled_function_echo_2.phpt b/src/tests/disable_function/disabled_function_echo_2.phpt
index 82a2fa1d..c1d98170 100644
--- a/src/tests/disable_function/disabled_function_echo_2.phpt
+++ b/src/tests/disable_function/disabled_function_echo_2.phpt
@@ -9,7 +9,6 @@ sp.configuration_file={PWD}/config/disabled_function_echo.ini
 echo "qwe";
 echo "1", "oops";
 ?>
---CLEAN--
 --EXPECTF--
 qwe1
 Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'echo' in %a/disabled_function_echo_2.php on line 3
diff --git a/src/tests/disable_function/disabled_function_echo_local_var.phpt b/src/tests/disable_function/disabled_function_echo_local_var.phpt
index ee1be1fb..52d1f481 100644
--- a/src/tests/disable_function/disabled_function_echo_local_var.phpt
+++ b/src/tests/disable_function/disabled_function_echo_local_var.phpt
@@ -14,7 +14,6 @@ test();
 $abc = 123;
 test();
 ?>
---CLEAN--
 --EXPECTF--
 3
 
diff --git a/src/tests/disable_function/disabled_function_print.phpt b/src/tests/disable_function/disabled_function_print.phpt
index ec1b04f8..96008546 100644
--- a/src/tests/disable_function/disabled_function_print.phpt
+++ b/src/tests/disable_function/disabled_function_print.phpt
@@ -13,7 +13,6 @@ print "qwe";
 test("rty");
 test("oops");
 ?>
---CLEAN--
 --EXPECTF--
 qwerty
-Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'echo' in %a/disabled_function_print.php on line 3
\ No newline at end of file
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'echo' in %a/disabled_function_print.php on line 3
diff --git a/src/tests/xxe/disable_xxe_dom_disabled.phpt b/src/tests/xxe/disable_xxe_dom_disabled.phpt
index 4a888edb..20399ecf 100644
--- a/src/tests/xxe/disable_xxe_dom_disabled.phpt
+++ b/src/tests/xxe/disable_xxe_dom_disabled.phpt
@@ -10,6 +10,9 @@ dom
 --FILE--
 <?php 
 $dir = __DIR__;
+@unlink($dir . "/content.xml");
+@unlink($dir . "/content.txt");
+
 $content = '<content>WARNING, external entity loaded!</content>';
 file_put_contents($dir . '/content.txt', $content);
 
@@ -52,9 +55,3 @@ libxml_disable_entity to false: WARNING, external entity loaded!
 
 Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %s/tests/xxe/disable_xxe_dom_disabled.php on line %d
 without xxe: foo
---CLEAN--
-<?php
-$dir = __DIR__;
-unlink($dir . "/content.xml");
-unlink($dir . "/content.txt");
-?>
diff --git a/src/tests/xxe/disable_xxe_simplexml.phpt b/src/tests/xxe/disable_xxe_simplexml.phpt
index 95601563..8a4f0333 100644
--- a/src/tests/xxe/disable_xxe_simplexml.phpt
+++ b/src/tests/xxe/disable_xxe_simplexml.phpt
@@ -11,6 +11,9 @@ simplexml
 --FILE--
 <?php 
 $dir = __DIR__;
+@unlink($dir . "/content.xml");
+@unlink($dir . "/content.txt");
+
 $content = 'WARNING, external entity loaded!';
 file_put_contents('content.txt', $content);
 
@@ -44,9 +47,3 @@ printf("without xxe: %s", $doc->testing);
 libxml_disable_entity to true: 
 libxml_disable_entity to false: 
 without xxe: foo
---CLEAN--
-<?php
-$dir = __DIR__;
-unlink($dir . "/content.xml");
-unlink($dir . "/content.txt");
-?>
diff --git a/src/tests/xxe/disable_xxe_simplexml_oop.phpt b/src/tests/xxe/disable_xxe_simplexml_oop.phpt
index 1b2c4cac..c28c3649 100644
--- a/src/tests/xxe/disable_xxe_simplexml_oop.phpt
+++ b/src/tests/xxe/disable_xxe_simplexml_oop.phpt
@@ -11,6 +11,9 @@ simplexml
 --FILE--
 <?php 
 $dir = __DIR__;
+@unlink($dir . "/content.xml");
+@unlink($dir . "/content.txt");
+
 $content = 'WARNING, external entity loaded!';
 file_put_contents('content.txt', $content);
 
@@ -44,9 +47,3 @@ printf("without xxe: %s", $doc->testing);
 libxml_disable_entity to true: 
 libxml_disable_entity to false: 
 without xxe: foo
---CLEAN--
-<?php
-$dir = __DIR__;
-unlink($dir . "/content.xml");
-unlink($dir . "/content.txt");
-?>
diff --git a/src/tests/xxe/disable_xxe_xml_parse.phpt b/src/tests/xxe/disable_xxe_xml_parse.phpt
index bc7e338b..4a8292d7 100644
--- a/src/tests/xxe/disable_xxe_xml_parse.phpt
+++ b/src/tests/xxe/disable_xxe_xml_parse.phpt
@@ -16,6 +16,9 @@ sp.configuration_file={PWD}/config/disable_xxe.ini
 --FILE--
 <?php 
 $dir = __DIR__;
+@unlink($dir . "/content.xml");
+@unlink($dir . "/content.txt");
+
 $content = 'WARNING, external entity loaded!';
 file_put_contents('content.txt', $content);
 
@@ -71,7 +74,7 @@ $doc = xml_parse($parser, $xml, true);
 xml_parser_free($parser);
 
 --EXPECTF--
-Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line 41
+Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line %d
 string(4) "TEST"
 
 array(0) {
@@ -83,7 +86,7 @@ array(0) {
 string(7) "TESTING"
 string(4) "TEST"
 
-Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line 46
+Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line %d
 string(4) "TEST"
 
 array(0) {
@@ -104,9 +107,3 @@ array(0) {
 }
 textfoostring(7) "TESTING"
 string(4) "TEST"
---CLEAN--
-<?php
-$dir = __DIR__;
-unlink($dir . "/content.xml");
-unlink($dir . "/content.txt");
-?>
From 709d850429d0d62b148bc235745c830c2f7a55be Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Sun, 25 Jun 2023 14:25:46 +0200
Subject: [PATCH] Remove ZEND_HOT

---
 src/sp_execute.c     | 2 +-
 src/sp_pcre_compat.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/sp_execute.c b/src/sp_execute.c
index 6e80b6df..f105b7f9 100644
--- a/src/sp_execute.c
+++ b/src/sp_execute.c
@@ -89,7 +89,7 @@ inline static void is_builtin_matching(
   should_disable_ht(EG(current_execute_data), function_name, param_value, param_name, SPCFG(disabled_functions_reg).disabled_functions, ht);
 }
 
-static void ZEND_HOT is_in_eval_and_whitelisted(zend_execute_data const* const execute_data) {
+static void is_in_eval_and_whitelisted(zend_execute_data const* const execute_data) {
   sp_config_eval const* const config_eval = &(SPCFG(eval));
 
   if (EXPECTED(0 == SPG(in_eval))) {
diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c
index 81c51fdc..3658692e 100644
--- a/src/sp_pcre_compat.c
+++ b/src/sp_pcre_compat.c
@@ -23,7 +23,7 @@ sp_pcre* sp_pcre_compile(const char* const pattern) {
   return ret;
 }
 
-bool ZEND_HOT sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, size_t len) {
+bool sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, size_t len) {
   int ret = 0;
 
   assert(NULL != regexp);
From 78668b6ef599f700ba939017dc805485452f5319 Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Sun, 25 Jun 2023 14:56:43 +0200
Subject: [PATCH] Fix an unserialize-related warning

This should fix `Warning: unserialize(): Extra data starting at offset 8 of 72 bytes in unserialize.php on line 4`.
On the flip side, it's not longer possible in PHP8.3 and above, when using
Snuffleupagus, to have other extensions hooking unserialize().
---
 src/sp_unserialize.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
index 641d9899..ab0d9edb 100644
--- a/src/sp_unserialize.c
+++ b/src/sp_unserialize.c
@@ -50,8 +50,6 @@ static zend_string *sp_do_hash_hmac_sha256(char* restrict data, size_t data_len,
   return hex_digest;
 }
 
-// ------------------
-
 PHP_FUNCTION(sp_serialize) {
   zif_handler orig_handler;
 
@@ -130,11 +128,16 @@ PHP_FUNCTION(sp_unserialize) {
     }
   } else { status = 1; }
 
-  zif_handler orig_handler;
+  zif_handler orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize"));
   if (0 == status) {
-    if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) {
+#if PHP_VERSION_ID >= 80300
+      // PHP8.3 gives a warning about trailing data in unserialize strings.
+      php_unserialize_with_options(return_value, buf, buf_len - 64, opts, "unserialize");
+#else
+    if ((orig_handler)) {
       orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
     }
+#endif
   } else {
     const sp_config_unserialize *config_unserialize = &(SPCFG(unserialize));
     if (config_unserialize->dump) {
@@ -143,9 +146,14 @@ PHP_FUNCTION(sp_unserialize) {
     }
     if (true == config_unserialize->simulation) {
       sp_log_simulation("unserialize", "Invalid HMAC for %s", serialized_str);
-      if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) {
+#if PHP_VERSION_ID >= 80300
+      // PHP8.3 gives a warning about trailing data in unserialize strings.
+      php_unserialize_with_options(return_value, buf, buf_len - 64, opts, "unserialize");
+#else
+      if ((orig_handler)) {
         orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
       }
+#endif
     } else {
       sp_log_drop("unserialize", "Invalid HMAC for %s", serialized_str);
     }