php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-24 16:38:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
71,040 Commits 549 Branches 1,485 Tags
45facd15fb1be704ee1ae374fa306dad8450edbd
Commit Graph

2390 Commits

Author SHA1 Message Date
Stanislav Malyshev 45facd15fb fix memory leak & add test 2015-04-12 22:38:34 -07:00
Stanislav Malyshev 1defbb25ed Fix test 2015-04-12 00:56:02 -07:00
Stanislav Malyshev a894a8155f More fixes for bug #69152 2015-04-11 16:53:22 -07:00
Stanislav Malyshev 8b14d3052f add test for bug #68976 2015-03-17 17:03:46 -07:00
Stanislav Malyshev 9ba4db5e5d fix tests 2015-03-17 12:55:35 -07:00
Yasuo Ohgaki a8722f5330 Add NULL byte protection to exec, system and passthru 2015-02-14 05:25:04 +09:00
Stanislav Malyshev f001c63073 Update header handling to RFC 7230 2015-02-05 20:08:12 -08:00
Stanislav Malyshev b30a6d6018 Use better constant since MAXHOSTNAMELEN may mean shorter name 2015-01-31 21:46:56 -08:00
Stanislav Malyshev 0f9c708229 Add mitigation for CVE-2015-0235 (bug #68925) 2015-01-31 19:08:13 -08:00
Stanislav Malyshev b585a3aed7 Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize()) 2015-01-01 16:19:05 -08:00
Stanislav Malyshev 630f9c33c2 Fix bug #68594 - Use after free vulnerability in unserialize() 2014-12-16 10:15:17 -08:00
Anatol Belski 0323f66fa2 move the test to the right place 2014-12-11 10:39:47 -08:00
Leigh 7e870c596d Bug fixes in light of failing bcrypt tests 
Conflicts:
	ext/standard/crypt.c
 2014-11-30 21:06:39 -08:00
Leigh 2d9d10fbbf Add tests from 1.3. Add missing tests. 
3 of the missing tests fail. // TODO
 2014-11-30 21:05:40 -08:00
Stanislav Malyshev 56754a7f9e Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-13 23:14:25 -07:00
Veres Lajos 3f42f2f5d1 typofixes 2014-08-17 15:44:02 +03:00
Stanislav Malyshev eab42649ab fix test 2014-08-14 17:07:28 -07:00
Anatol Belski b7cd099ae0 split the glob() test to test different basedir 2014-08-14 17:04:51 -07:00
Anatol Belski ad492ca932 fixed glob() edge case on windows, ref bug #47358 2014-08-14 16:58:16 -07:00
Pierre Joye 481c4715d4 - fix bug #47358, glob returns error, should be empty array() 
Conflicts:
	ext/standard/dir.c
 2014-08-14 16:56:22 -07:00
Tjerk Meesters da3add26cf Fixed bug #67693 - incorrect push to the empty array 2014-07-30 18:15:14 +08:00
Tjerk Meesters 4fc0d46ae7 Fix for bug #34407 - ucwords and title case 
Added support for ranges like trim() has
 2014-07-12 10:44:11 +08:00
Nikita Popov 18989420b6 Add test for bug #67151 2014-07-02 22:39:54 +02:00
Stanislav Malyshev 3488cf6fd8 Merge branch 'PHP-5.4.30' into PHP-5.4 
* PHP-5.4.30:
  5.4.30
  Better fix for bug #67072 with more BC provisions
  Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability
  update CVE
  Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
  Fix bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1))
  Fix bug #67349: Locale::parseLocale Double Free
  add CVEs
  Fix potential segfault in dns_get_record()
  Fix bug #66127 (Segmentation fault with ArrayObject unset)
  5.4.30 rc1

Conflicts:
	configure.in
	main/php_version.h
 2014-06-24 10:23:36 -07:00
Stanislav Malyshev 6d97b4b2b3 Better fix for bug #67072 with more BC provisions 2014-06-23 22:16:25 -07:00
Stanislav Malyshev fb0128af2a Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability 2014-06-23 00:22:59 -07:00
Stanislav Malyshev c42d5cf5de Better fix for bug #67072 with more BC provisions 2014-06-21 21:29:11 -07:00
Adam Harvey b51f82f260 Follow 308 Permanent Redirect responses. 
Fixes bug #67430 (http:// wrapper doesn't follow 308 redirects).
 2014-06-12 18:12:53 -07:00
Adam Harvey 1b9cbab9a7 Keep 308-399 HTTP response codes when header('Location:') is called. 
Fixes bug #67428 (header('Location: foo') will override a 308-399 response
code).
 2014-06-12 17:35:05 -07:00
Stanislav Malyshev 62857998c5 Fixed bug #67399 (putenv with empty variable may lead to crash) 2014-06-08 23:09:09 -07:00
Anatol Belski 20568e5028 Fixed regression introduced by patch for bug #67072 
This applies to 5.4 and 5.5 only as a legacy fix.
 2014-06-03 20:43:58 +02:00
Stanislav Malyshev 091b7642c2 Fix bug #67249: printf out-of-bounds read 2014-05-27 11:28:22 -07:00
Stanislav Malyshev 0094fd0969 Merge branch 'bug67252' into PHP-5.4 
* bug67252:
  fix bug #67253: timelib_meridian_with_check out-of-bounds read
  Fix bug #67252: convert_uudecode out-of-bounds read
 2014-05-13 16:47:27 -07:00
Stanislav Malyshev 1e2818b143 Fix bug #67252: convert_uudecode out-of-bounds read 2014-05-11 20:29:27 -07:00
Stanislav Malyshev 3e9cb6a4a5 Fix bug #67250 (iptcparse out-of-bounds read) 2014-05-11 19:09:19 -07:00
Stanislav Malyshev 03c703b8bd add a test case previously broken by a bad fix 2014-04-24 23:58:38 -07:00
Stanislav Malyshev a328803803 Revert "Fixed bug #64604" 
This reverts commit b05c088a3a.
Breaks parsing urls where query has : in it, like: /foo/bar?baz=goo:boo
 2014-04-24 23:50:45 -07:00
Boro Sitnikovski a18cec1b86 Fix bug #65701: Do not use cache for file file copy 2014-04-20 15:22:44 -07:00
Anatol Belski c2acdbdd3d Improved the fix for bug #67072, thanks Nikita 2014-04-18 15:13:32 +02:00
Anatol Belski 5328d42899 Fixed bug #67072 Echoing unserialized "SplFileObject" crash 
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
 2014-04-17 10:48:14 +02:00
Ingo Walz b05c088a3a Fixed bug #64604 2014-04-13 18:37:40 -07:00
Gabor Buella 1010200da5 Fixed bug #67024 - getimagesize should recognize BMP files with negative height 2014-04-13 15:17:04 -07:00
Bob Weinand beda5093b4 Reverted to 5a0da281e5 
Discussion: http://news.php.net/php.cvs/76836
 2014-04-13 23:01:31 +02:00
Bob Weinand f07e37c96d Forgot title in phpt for bug #67064 2014-04-13 19:34:17 +02:00
Bob Weinand 1a4a9eede5 Fix bug #67064 in a BC safe way 
You can use an optional parameter now when implementing the Countable interface
to get the $mode passed to count().
 2014-04-13 19:24:12 +02:00
Ferenc Kovacs 2c8aeda6dc abstract namespace for unix sockets is a linux only feature 2014-04-09 19:01:01 +02:00
Michael Wallner 1ec83d44a1 Fixed bug #61019 (Out of memory on command stream_get_contents) 2014-04-02 15:36:39 +02:00
Michael Wallner 91a9d24aa3 Fix bug #64330 
stream_socket_server() creates wrong Abstract Namespace UNIX sockets
 2014-04-02 11:09:26 +02:00
Dmitry Panin e2fc6b52f0 Fix HTML entity table generation 2014-03-06 23:10:31 +01:00
Tjerk Meesters e73c05b75e proc_open(): separate environment values that aren't strings 
Added a test case
 2014-03-03 05:49:52 +08:00