From 188df632a74ccbb65fbea4a6b9f4cf5c5672b665 Mon Sep 17 00:00:00 2001 From: Greg Beaver Date: Fri, 24 Jul 2009 15:42:17 +0000 Subject: [PATCH] fix signature generation/validation for zip archives by phar extension, fix a few edge cases where memory was leaked on error conditions by missing efree() git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@284707 c90b9560-bf6c-de11-be94-00142212c4b1 --- reference/phar/Phar/getSignature.xml | 11 ++++++----- reference/phar/Phar/getSupportedSignatures.xml | 3 ++- reference/phar/Phar/setSignatureAlgorithm.xml | 7 +++---- reference/phar/fileformat.xml | 2 +- 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/reference/phar/Phar/getSignature.xml b/reference/phar/Phar/getSignature.xml index 8dd85f5995..9b716961cc 100644 --- a/reference/phar/Phar/getSignature.xml +++ b/reference/phar/Phar/getSignature.xml @@ -3,7 +3,7 @@ Phar::getSignature - Return MD5/SHA1/SHA256/SHA512 signature of a Phar archive + Return MD5/SHA1/SHA256/SHA512/OpenSSL signature of a Phar archive &reftitle.description; @@ -25,11 +25,12 @@ &reftitle.returnvalues; - Array with the opened archive's signature in "hash" key and "md5", "sha1", - "sha256", or "sha512" - in "hash_type". This signature is a hash calculated on the + Array with the opened archive's signature in hash key and MD5, + SHA-1, + SHA-256, SHA-512, or OpenSSL + in hash_type. This signature is a hash calculated on the entire phar's contents, and may be used to verify the integrity of the archive. - A valid signature is absolutely required of all phar-based phars if the + A valid signature is absolutely required of all executable phar archives if the phar.require_hash INI variable is set to true. diff --git a/reference/phar/Phar/getSupportedSignatures.xml b/reference/phar/Phar/getSupportedSignatures.xml index 43f2003c90..2b9c681857 100644 --- a/reference/phar/Phar/getSupportedSignatures.xml +++ b/reference/phar/Phar/getSupportedSignatures.xml @@ -27,7 +27,8 @@ &reftitle.returnvalues; - Returns an array containing any of "MD5", "SHA-1", "SHA-256", "SHA-512". + Returns an array containing any of MD5, SHA-1, + SHA-256, SHA-512, or OpenSSL. diff --git a/reference/phar/Phar/setSignatureAlgorithm.xml b/reference/phar/Phar/setSignatureAlgorithm.xml index 2d4b78636f..51378b10be 100644 --- a/reference/phar/Phar/setSignatureAlgorithm.xml +++ b/reference/phar/Phar/setSignatureAlgorithm.xml @@ -22,8 +22,8 @@ Phar::SHA512, or Phar::OPENSSL. - Note that all phar-based and tar-based phar archives have a signature created - automatically, SHA1 by default. data tar-based archives + Note that all executable phar archives have a signature created + automatically, SHA1 by default. data tar- or zip-based archives (archives created with the PharData class) must have their signature created and set explicitly via Phar::setSignatureAlgorithm. @@ -81,8 +81,7 @@ $p->setSignatureAlgorithm(Phar::OPENSSL, $pkey); &reftitle.errors; Throws UnexpectedValueException for many errors, - BadMethodCallException if called for a zip-based phar - archive, and a PharException + and a PharException if any problems occur flushing changes to disk. diff --git a/reference/phar/fileformat.xml b/reference/phar/fileformat.xml index 2cce0fb8b7..7307b84425 100644 --- a/reference/phar/fileformat.xml +++ b/reference/phar/fileformat.xml @@ -114,7 +114,7 @@ __HALT_COMPILER(); Whole-archive signature validation Yes Yes - No + Yes (PHP 5.3.1+) Web-specific application support