php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-16 12:31:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
70,681 Commits 547 Branches 1,483 Tags
21986f98dbdc4e4dc556bb5f006d8fc8bbaebbe2
Commit Graph

29695 Commits

Author SHA1 Message Date
Remi Collet
4fcb9a9d1b Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary check 
Upstream fix 6d209c1c48.patch
Only revelant part applied
 2014-06-03 11:05:00 +02:00
Xinchen Hui
38be99b739 Fixed bug #67359 (Segfault in recursiveDirectoryIterator) 2014-06-01 19:41:01 +08:00
Adam Harvey
b5d9983ff4 Check for zero-length keys in spl_array_skip_protected and don't skip them. 
Fixes bug #67360 (Missing element after ArrayObject::getIterator).
 2014-05-29 17:49:32 +00:00
Anatol Belski
d2765e4b8c updated libmagic.patch for 5.4+ 2014-05-27 22:36:12 +02:00
Stanislav Malyshev
091b7642c2 Fix bug #67249: printf out-of-bounds read 2014-05-27 11:28:22 -07:00
Anatol Belski
d184f07b3c backport this piece from 5.6, related to the #66307 fix 2014-05-26 18:05:13 -07:00
Anatol Belski
15ee33eb21 Fixed bug #66307 Fileinfo crashes with powerpoint files 2014-05-26 18:04:27 -07:00
Stanislav Malyshev
4005f06df6 Fix bug #67328 (fileinfo: numerous file_printf calls resulting in performance degradation) 
Upstream patch: b8acc83781
 2014-05-26 18:01:17 -07:00
Stanislav Malyshev
57225f09ed Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS 
Upstream fix: f97486ef5d
 2014-05-26 17:45:14 -07:00
Adam Harvey
319611ffbd Fix broken test caused by fdb2709. 2014-05-23 15:07:19 +00:00
Adam Harvey
fdb2709dd2 Add microseconds to the serialised form of DateTime objects. 
Fixes bug #67308 (Serialize of DateTime truncates fractions of second).
 2014-05-21 14:55:52 -05:00
Matteo Beccati
00a22d4d06 Improved test for bug #62479 2014-05-21 18:58:14 +02:00
Stanislav Malyshev
dc92e81922 Merge branch 'bug67251' into PHP-5.4 
* bug67251:
  Fix bug #67251 - date_parse_from_format out-of-bounds read

Conflicts:
	ext/date/lib/parse_date.c
 2014-05-13 16:52:45 -07:00
Stanislav Malyshev
0094fd0969 Merge branch 'bug67252' into PHP-5.4 
* bug67252:
  fix bug #67253: timelib_meridian_with_check out-of-bounds read
  Fix bug #67252: convert_uudecode out-of-bounds read
 2014-05-13 16:47:27 -07:00
Stanislav Malyshev
9103c9eb4f Merge branch 'bug67250' into PHP-5.4 
* bug67250:
  Fix bug #67250 (iptcparse out-of-bounds read)
 2014-05-13 16:43:10 -07:00
Derick Rethans
3e276d6728 - Updated to version 2014.3 (2014c) 2014-05-13 16:36:58 +01:00
Stanislav Malyshev
6ef8e0f088 fix test - output can be chunked 2014-05-12 10:54:16 -07:00
Stanislav Malyshev
466b8aa444 fix bug #67253: timelib_meridian_with_check out-of-bounds read 2014-05-11 21:09:11 -07:00
Stanislav Malyshev
1e2818b143 Fix bug #67252: convert_uudecode out-of-bounds read 2014-05-11 20:29:27 -07:00
Stanislav Malyshev
0a80849250 Fix bug #67251 - date_parse_from_format out-of-bounds read 2014-05-11 19:34:21 -07:00
Stanislav Malyshev
3e9cb6a4a5 Fix bug #67250 (iptcparse out-of-bounds read) 2014-05-11 19:09:19 -07:00
Stanislav Malyshev
2b475eebbe Fix bug #67247 spl_fixedarray_resize integer overflow 2014-05-11 17:54:27 -07:00
Felipe Pena
fb3b8de98d - Fixed off-by-one in phar_build (patch by crrodriguez at opensuse dot org) 2014-05-11 09:45:17 -03:00
Felipe Pena
c575ab0c88 - Move checking 2014-05-10 11:55:42 -03:00
Felipe Pena
345f6d90d5 - Fixed missing NULL check in SimpleXMLElement::xpath() 2014-05-10 11:53:40 -03:00
Felipe Pena
5bd443a452 - Fixed missing NULL check 2014-05-10 11:39:08 -03:00
Stanislav Malyshev
4392339c3e oops, 5.4 and 5.5 use malloc in TSRM 2014-05-08 01:59:39 -07:00
Stanislav Malyshev
0cc18fdfba Fix memory leak in TSRM 2014-05-08 01:00:34 -07:00
Dmitry Stogov
8517001b25 Fixed test (it requires ext/hash) 2014-05-07 00:52:49 +02:00
Dmitry Stogov
f880013c4d Fixed tests (they might fail from time to time because of session GC) 2014-05-07 00:37:56 +02:00
Adam Harvey
941c39bd06 Use the right path for the suggested PHP invocation in ext_skel. 
Fixes bug #67160 (ext_skel outputs incorrect information).
 2014-05-01 11:22:20 -07:00
Anatol Belski
2d625b5f81 Fixed bug #66431 Special Character via COM Interface (CP_UTF8) 2014-04-29 13:40:44 +02:00
Popa Adrian Marius
bb422cb60e Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  Cleanup ZEND_MODULE_API_NO => 20050922
 2014-04-28 12:13:11 +03:00
Popa Adrian Marius
dbcd6304bb Cleanup ZEND_MODULE_API_NO => 20050922 2014-04-28 12:12:52 +03:00
Anatol Belski
d3dcd61623 fixed test 2014-04-25 17:39:53 +02:00
Anatol Belski
c1aa9baf29 Fixed bug #67118 DateTime constructor crash with invalid data 2014-04-25 17:23:26 +02:00
Stanislav Malyshev
03c703b8bd add a test case previously broken by a bad fix 2014-04-24 23:58:38 -07:00
Stanislav Malyshev
a328803803 Revert "Fixed bug #64604" 
This reverts commit b05c088a3a.
Breaks parsing urls where query has : in it, like: /foo/bar?baz=goo:boo
 2014-04-24 23:50:45 -07:00
Jakub Zelenka
61499bf282 Fix accepting ill-formed UTF-8 characters 
Conflicts:
	ext/phar/phar_path_check.c
 2014-04-22 16:55:58 -07:00
Danack
ea4cee93c8 Allow valid multi-byte utf-8 characters to be allowed as file names in phar archives. 2014-04-20 17:19:20 -07:00
Rouven Weßling
68283c9f4a Fix a compiler warning in php_rand.h 2014-04-20 16:35:36 -07:00
Boro Sitnikovski
a18cec1b86 Fix bug #65701: Do not use cache for file file copy 2014-04-20 15:22:44 -07:00
Anatol Belski
c2acdbdd3d Improved the fix for bug #67072, thanks Nikita 2014-04-18 15:13:32 +02:00
Levi Morrison
6e1e98d7b8 These links to ~helly don't work anymore. 2014-04-17 17:20:24 +02:00
Anatol Belski
5328d42899 Fixed bug #67072 Echoing unserialized "SplFileObject" crash 
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
 2014-04-17 10:48:14 +02:00
Anatol Belski
7a5f1663c6 correct the bug #67081 fix 2014-04-16 15:06:57 +02:00
Anatol Belski
5224614f23 Fixed bug #67081 DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset 2014-04-16 14:13:45 +02:00
Stanislav Malyshev
eea75e7146 Fix test - on CI somebody could create a process in the meantime 2014-04-14 15:44:23 -07:00
Anatol Belski
24b72e7a27 fix windows build 2014-04-14 23:29:38 +02:00
Chuan Ma
a186312832 Fix #66942: openssl_seal() memory leak 
Fix #66952: memory leak in openssl_open()
 2014-04-14 13:24:14 -07:00