PHP 7.3: Make stream wrapper and windows drive checks locale-independent

- Avoid registering/detecting stream wrappers in locale-independent ways.
- Avoid locale dependence for Windows drive letter names in zend_virtual_cwd
- Make parse_url stop depending on locale
  Related to https://bugs.php.net/bug.php?id=52923
  iscntrl is locale-dependent which seems to corrupt certain bytes.
- Make FILTER_VALIDATE_HOSTNAME with flag FILTER_VALIDATE_DOMAIN locale-independent

Somewhat related to https://wiki.php.net/rfc/strtolower-ascii
but I don't think most of these should have been locale-dependent in the first
place - the code may not have considered locales

E.g. on Linux, `setlocale(LC_ALL, 'de_DE');`
(if the locale is installed and it succeeds)
will have some values for alpha/cntrl in the range 128-256 where the C locale
has no values.

To avoid this locale-dependence in older php versions,
applications can set `setlocale(LC_CTYPE, 'C')`.

Use `zend_bool` since the switch to `bool` was not made in 7.3

Author: TysonAndre

Zend/zend_compile.c

@@ -1849,7 +1849,7 @@ ZEND_API size_t zend_dirname(char *path, size_t len)
 	/* Note that on Win32 CWD is per drive (heritage from CP/M).
 	 * This means dirname("c:foo") maps to "c:." or "c:" - which means CWD on C: drive.
 	 */
-	if ((2 <= len) && isalpha((int)((unsigned char *)path)[0]) && (':' == path[1])) {
+	if ((2 <= len) && zend_isalpha_ascii((int)((unsigned char *)path)[0]) && (':' == path[1])) {
 		/* Skip over the drive spec (if any) so as not to change */
 		path += 2;
 		len_adjust += 2;

Zend/zend_operators.c

@@ -62,6 +62,47 @@ static const unsigned char tolower_map[256] = {
 
 #define zend_tolower_ascii(c) (tolower_map[(unsigned char)(c)])
 
+/* ctype's isalpha varies based on locale, which is not what we want for many use cases.
+ * This is what it'd be in the "C" locale. */
+ZEND_API const zend_bool zend_isalpha_map[256] = {
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
+1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,
+0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
+1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+};
+
+/* ctype's isalnum is isalpha + isdigit(0-9) */
+ZEND_API const zend_bool zend_isalnum_map[256] = {
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,
+0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
+1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,
+0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
+1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+};
+
 /**
  * Functions using locale lowercase:
  	 	zend_binary_strncasecmp_l

Zend/zend_operators.h

@@ -365,6 +365,13 @@ ZEND_API int ZEND_FASTCALL string_case_compare_function(zval *op1, zval *op2);
 ZEND_API int ZEND_FASTCALL string_locale_compare_function(zval *op1, zval *op2);
 #endif
 
+/* NOTE: The locale-independent alternatives to ctype(isalpha/isalnum) were added to fix bugs in php 7.3 patch releases, and should not be used externally until php 8.2 */
+ZEND_API extern const zend_bool zend_isalpha_map[256];
+ZEND_API extern const zend_bool zend_isalnum_map[256];
+
+#define zend_isalpha_ascii(c) (zend_isalpha_map[(unsigned char)(c)])
+#define zend_isalnum_ascii(c) (zend_isalnum_map[(unsigned char)(c)])
+
 ZEND_API void         ZEND_FASTCALL zend_str_tolower(char *str, size_t length);
 ZEND_API char*        ZEND_FASTCALL zend_str_tolower_copy(char *dest, const char *source, size_t length);
 ZEND_API char*        ZEND_FASTCALL zend_str_tolower_dup(const char *source, size_t length);

Zend/zend_virtual_cwd.h

@@ -69,7 +69,7 @@ typedef unsigned short mode_t;
 #define IS_UNC_PATH(path, len) \
 	(len >= 2 && IS_SLASH(path[0]) && IS_SLASH(path[1]))
 #define IS_ABSOLUTE_PATH(path, len) \
-	(len >= 2 && (/* is local */isalpha(path[0]) && path[1] == ':' || /* is UNC */IS_SLASH(path[0]) && IS_SLASH(path[1])))
+	(len >= 2 && (/* is local */zend_isalpha_ascii(path[0]) && path[1] == ':' || /* is UNC */IS_SLASH(path[0]) && IS_SLASH(path[1])))
 
 #else
 #ifdef HAVE_DIRENT_H

ext/filter/logical_filters.c

@@ -496,21 +496,21 @@ static int _php_filter_validate_domain(char * domain, int len, zend_long flags)
 	}
 
 	/* First char must be alphanumeric */
-	if(*s == '.' || (hostname && !isalnum((int)*(unsigned char *)s))) {
+	if(*s == '.' || (hostname && !zend_isalnum_ascii((int)*(unsigned char *)s))) {
 		return 0;
 	}
 
 	while (s < e) {
 		if (*s == '.') {
 			/* The first and the last character of a label must be alphanumeric */
-			if (*(s + 1) == '.' || (hostname && (!isalnum((int)*(unsigned char *)(s - 1)) || !isalnum((int)*(unsigned char *)(s + 1))))) {
+			if (*(s + 1) == '.' || (hostname && (!zend_isalnum_ascii((int)*(unsigned char *)(s - 1)) || !zend_isalnum_ascii((int)*(unsigned char *)(s + 1))))) {
 				return 0;
 			}
 
 			/* Reset label length counter */
 			i = 1;
 		} else {
-			if (i > 63 || (hostname && *s != '-' && !isalnum((int)*(unsigned char *)s))) {
+			if (i > 63 || (hostname && *s != '-' && !zend_isalnum_ascii((int)*(unsigned char *)s))) {
 				return 0;
 			}
 
@@ -537,7 +537,7 @@ static int is_userinfo_valid(zend_string *str)
 	const char *valid = "-._~!$&'()*+,;=:";
 	const char *p = ZSTR_VAL(str);
 	while (p - ZSTR_VAL(str) < ZSTR_LEN(str)) {
-		if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) {
+		if (zend_isalnum_ascii(*p) || strchr(valid, *p)) {
 			p++;
 		} else if (*p == '%' && p - ZSTR_VAL(str) <= ZSTR_LEN(str) - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) {
 			p += 3;

ext/filter/tests/filter_validate_domain_locale.phpt

@@ -0,0 +1,19 @@
+--TEST--
+FILTER_VALIDATE_DOMAIN FILTER_FLAG_HOSTNAME should not be locale dependent
+--EXTENSIONS--
+filter
+--SKIPIF--
+<?php  // try to activate a single-byte german locale
+if (!setlocale(LC_ALL, "de_DE")) {
+    print "skip Can't find german locale";
+}
+?>
+--FILE--
+<?php
+var_dump(filter_var('٪', FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME));
+setlocale(LC_ALL, "de_DE");
+var_dump(filter_var('٪', FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME));
+?>
+--EXPECT--
+bool(false)
+bool(false)

ext/standard/tests/streams/locale.phpt

@@ -0,0 +1,28 @@
+--TEST--
+Stream wrappers should not be locale dependent
+--SKIPIF--
+<?php  // try to activate a single-byte german locale
+if (!setlocale(LC_ALL, "de_DE")) {
+    print "skip Can't find german locale";
+}
+?>
+--INI--
+allow_url_fopen=1
+display_errors=stderr
+--FILE--
+<?php
+setlocale(LC_ALL, "de_DE");
+class testwrapper {
+}
+
+var_dump(ctype_alpha('٪'));  // \xd9 and \xaa are both alphabetical in the german locale
+var_dump(stream_wrapper_register("test٪", 'testwrapper', STREAM_IS_URL));
+
+echo 'stream_open: ';
+fopen("test٪://test", 'r');
+?>
+--EXPECTF--
+bool(true)
+Warning: stream_wrapper_register(): Invalid protocol scheme specified. Unable to register wrapper class testwrapper to test٪:// in %s on line 7
+bool(false)
+stream_open: Warning: fopen(test٪://test): Failed to open stream: No such file or directory in %s on line 10

ext/standard/tests/url/parse_url_locale.phpt

@@ -0,0 +1,21 @@
+--TEST--
+Bug #52923 (Locale settings affecting parse_url)
+--SKIPIF--
+<?php  // try to activate a german locale
+if (!setlocale(LC_ALL, "de_DE")) {
+    print "skip Can't find german locale";
+}
+?>
+--FILE--
+<?php
+echo http_build_query(parse_url("http\xfc://invalid"), true), "\n";
+// activate the german locale. With this bug fix, locale settings should no longer affect parse_url
+var_dump(setlocale(LC_CTYPE, "de_DE"));
+echo http_build_query(parse_url("http\xfc://invalid"), true), "\n";
+echo http_build_query(parse_url('http://mydomain.com/path/道')), "\n";
+?>
+--EXPECT--
+path=http%FC%3A%2F%2Finvalid
+string(5) "de_DE"
+path=http%FC%3A%2F%2Finvalid
+scheme=http&host=mydomain.com&path=%2Fpath%2F%E9%81%93

main/fopen_wrappers.c

@@ -484,7 +484,7 @@ PHPAPI zend_string *php_resolve_path(const char *filename, size_t filename_lengt
 	}
 
 	/* Don't resolve paths which contain protocol (except of file://) */
-	for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
+	for (p = filename; zend_isalnum_ascii((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
 	if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
 		wrapper = php_stream_locate_url_wrapper(filename, &actual_path, STREAM_OPEN_FOR_INCLUDE);
 		if (wrapper == &php_plain_files_wrapper) {
@@ -520,7 +520,7 @@ PHPAPI zend_string *php_resolve_path(const char *filename, size_t filename_lengt
 		/* Check for stream wrapper */
 		int is_stream_wrapper = 0;
 
-		for (p = ptr; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
+		for (p = ptr; zend_isalnum_ascii((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
 		if ((*p == ':') && (p - ptr > 1) && (p[1] == '/') && (p[2] == '/')) {
 			/* .:// or ..:// is not a stream wrapper */
 			if (p[-1] != '.' || p[-2] != '.' || p - 2 != ptr) {
@@ -586,7 +586,7 @@ PHPAPI zend_string *php_resolve_path(const char *filename, size_t filename_lengt
 			actual_path = trypath;
 
 			/* Check for stream wrapper */
-			for (p = trypath; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
+			for (p = trypath; zend_isalnum_ascii((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
 			if ((*p == ':') && (p - trypath > 1) && (p[1] == '/') && (p[2] == '/')) {
 				wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE);
 				if (!wrapper) {

main/streams/streams.c

@@ -1673,7 +1673,7 @@ static inline int php_stream_wrapper_scheme_validate(const char *protocol, unsig
 	unsigned int i;
 
 	for(i = 0; i < protocol_len; i++) {
-		if (!isalnum((int)protocol[i]) &&
+		if (!zend_isalnum_ascii((int)protocol[i]) &&
 			protocol[i] != '+' &&
 			protocol[i] != '-' &&
 			protocol[i] != '.') {
@@ -1753,7 +1753,7 @@ PHPAPI php_stream_wrapper *php_stream_locate_url_wrapper(const char *path, const
 		return (php_stream_wrapper*)((options & STREAM_LOCATE_WRAPPERS_ONLY) ? NULL : &php_plain_files_wrapper);
 	}
 
-	for (p = path; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++) {
+	for (p = path; zend_isalnum_ascii((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++) {
 		n++;
 	}
 

main/streams/transports.c

@@ -95,7 +95,7 @@ PHPAPI php_stream *_php_stream_xport_create(const char *name, size_t namelen, in
 		}
 	}
 
-	for (p = name; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++) {
+	for (p = name; zend_isalnum_ascii((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++) {
 		n++;
 	}