php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-18 21:41:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
70,758 Commits 547 Branches 1,483 Tags
48df4464eae716dfe42403c94989ecd3104f21c5
Commit Graph

7495 Commits

Author SHA1 Message Date
Stanislav Malyshev
3488cf6fd8 Merge branch 'PHP-5.4.30' into PHP-5.4 
* PHP-5.4.30:
  5.4.30
  Better fix for bug #67072 with more BC provisions
  Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability
  update CVE
  Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
  Fix bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1))
  Fix bug #67349: Locale::parseLocale Double Free
  add CVEs
  Fix potential segfault in dns_get_record()
  Fix bug #66127 (Segmentation fault with ArrayObject unset)
  5.4.30 rc1

Conflicts:
	configure.in
	main/php_version.h
 2014-06-24 10:23:36 -07:00
Stanislav Malyshev
6d97b4b2b3 Better fix for bug #67072 with more BC provisions 2014-06-23 22:16:25 -07:00
Stanislav Malyshev
fb0128af2a Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability 2014-06-23 00:22:59 -07:00
Stanislav Malyshev
c42d5cf5de Better fix for bug #67072 with more BC provisions 2014-06-21 21:29:11 -07:00
Lior Kaplan
6f3bcb0d6e Update copyright year for re2c generated files 2014-06-16 23:28:36 +03:00
Lior Kaplan
e667d23178 Update copyright year for re2c files as well 2014-06-16 23:26:50 +03:00
Sara Golemon
21525d0413 Fix potential segfault in dns_get_record() 
If the remote sends us a packet with a malformed TXT record,
we could end up trying to over-consume the packet and wander
off into overruns.
 2014-06-15 01:04:24 -07:00
Adam Harvey
b51f82f260 Follow 308 Permanent Redirect responses. 
Fixes bug #67430 (http:// wrapper doesn't follow 308 redirects).
 2014-06-12 18:12:53 -07:00
Adam Harvey
1b9cbab9a7 Keep 308-399 HTTP response codes when header('Location:') is called. 
Fixes bug #67428 (header('Location: foo') will override a 308-399 response
code).
 2014-06-12 17:35:05 -07:00
Sara Golemon
4f73394fdd Fix potential segfault in dns_get_record() 
If the remote sends us a packet with a malformed TXT record,
we could end up trying to over-consume the packet and wander
off into overruns.
 2014-06-11 13:37:04 -07:00
Stanislav Malyshev
62857998c5 Fixed bug #67399 (putenv with empty variable may lead to crash) 2014-06-08 23:09:09 -07:00
Anatol Belski
20568e5028 Fixed regression introduced by patch for bug #67072 
This applies to 5.4 and 5.5 only as a legacy fix.
 2014-06-03 20:43:58 +02:00
Stanislav Malyshev
091b7642c2 Fix bug #67249: printf out-of-bounds read 2014-05-27 11:28:22 -07:00
Stanislav Malyshev
0094fd0969 Merge branch 'bug67252' into PHP-5.4 
* bug67252:
  fix bug #67253: timelib_meridian_with_check out-of-bounds read
  Fix bug #67252: convert_uudecode out-of-bounds read
 2014-05-13 16:47:27 -07:00
Stanislav Malyshev
9103c9eb4f Merge branch 'bug67250' into PHP-5.4 
* bug67250:
  Fix bug #67250 (iptcparse out-of-bounds read)
 2014-05-13 16:43:10 -07:00
Stanislav Malyshev
1e2818b143 Fix bug #67252: convert_uudecode out-of-bounds read 2014-05-11 20:29:27 -07:00
Stanislav Malyshev
3e9cb6a4a5 Fix bug #67250 (iptcparse out-of-bounds read) 2014-05-11 19:09:19 -07:00
Stanislav Malyshev
03c703b8bd add a test case previously broken by a bad fix 2014-04-24 23:58:38 -07:00
Stanislav Malyshev
a328803803 Revert "Fixed bug #64604" 
This reverts commit b05c088a3a.
Breaks parsing urls where query has : in it, like: /foo/bar?baz=goo:boo
 2014-04-24 23:50:45 -07:00
Rouven Weßling
68283c9f4a Fix a compiler warning in php_rand.h 2014-04-20 16:35:36 -07:00
Boro Sitnikovski
a18cec1b86 Fix bug #65701: Do not use cache for file file copy 2014-04-20 15:22:44 -07:00
Anatol Belski
c2acdbdd3d Improved the fix for bug #67072, thanks Nikita 2014-04-18 15:13:32 +02:00
Anatol Belski
5328d42899 Fixed bug #67072 Echoing unserialized "SplFileObject" crash 
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
 2014-04-17 10:48:14 +02:00
Ingo Walz
b05c088a3a Fixed bug #64604 2014-04-13 18:37:40 -07:00
Stanislav Malyshev
3a2660b302 Fix windows build 2014-04-13 17:02:21 -07:00
Gabor Buella
1010200da5 Fixed bug #67024 - getimagesize should recognize BMP files with negative height 2014-04-13 15:17:04 -07:00
Bob Weinand
beda5093b4 Reverted to 5a0da281e5 
Discussion: http://news.php.net/php.cvs/76836
 2014-04-13 23:01:31 +02:00
Bob Weinand
f07e37c96d Forgot title in phpt for bug #67064 2014-04-13 19:34:17 +02:00
Bob Weinand
1a4a9eede5 Fix bug #67064 in a BC safe way 
You can use an optional parameter now when implementing the Countable interface
to get the $mode passed to count().
 2014-04-13 19:24:12 +02:00
Ferenc Kovacs
2c8aeda6dc abstract namespace for unix sockets is a linux only feature 2014-04-09 19:01:01 +02:00
Michael Wallner
7ab5c593f7 Fix bug #66182 exit in stream filter produces segfault 
Unfortunately, a segv caused by exit cannot be tested reliably.
 2014-04-03 09:07:35 +02:00
Michael Wallner
1ec83d44a1 Fixed bug #61019 (Out of memory on command stream_get_contents) 2014-04-02 15:36:39 +02:00
Michael Wallner
91a9d24aa3 Fix bug #64330 
stream_socket_server() creates wrong Abstract Namespace UNIX sockets
 2014-04-02 11:09:26 +02:00
Mateusz Kocielski
497b918e62 Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  Fixed off-by-one in php_url_parse_ex

Conflicts:
	ext/standard/url.c
 2014-03-18 08:54:57 +01:00
Mateusz Kocielski
46566b78c9 Fixed off-by-one in php_url_parse_ex 
Change order of condition, previously pointer could be derefrenced before
bound check was done.
 2014-03-18 08:48:41 +01:00
Dmitry Panin
e2fc6b52f0 Fix HTML entity table generation 2014-03-06 23:10:31 +01:00
Tjerk Meesters
e73c05b75e proc_open(): separate environment values that aren't strings 
Added a test case
 2014-03-03 05:49:52 +08:00
Tjerk Meesters
eca13f7909 Fixed test case title 2014-02-28 22:27:32 +08:00
Tjerk Meesters
79b3c2a744 [bug 66535] X-PHP-Originating-Script adds newline if no custom headers are given 
A newline is added to the mail headers when mail.add_x_header is used and no other headers are passed to mail().

The scenario in which custom headers are used was already fixed in #48620, back in 2009.
 2014-02-28 22:22:07 +08:00
Veres Lajos
35101e9ef4 a few typofixes 2014-02-14 14:51:10 +02:00
Stanislav Malyshev
d5560faaa3 drop precision since trigonometric functions are non-portable 
See: http://stackoverflow.com/questions/21212326/floating-point-arithmetic-and-reproducibility
 2014-01-26 15:51:17 -08:00
Will Fitch
5b906ce6eb Fix bug #66509: copy() arginfo incorrect since 5.4 
Since 5.4, the ZEND_BEGIN_ARG_INFO_EX was replaced
by non _EX, causing Reflection to assume the
$context parameter is required.
 2014-01-18 11:25:53 -05:00
Anatol Belski
1c586d4070 one more extension for the basename test 2014-01-05 19:19:54 +01:00
Anatol Belski
3f7f72adb2 improved the fix for bug #66395 
- fixed the traverse vulnerability in case like c:d:file.txt
- ensure paths containing NTFS streams are still worky
 2014-01-05 19:05:04 +01:00
Anatol Belski
46f60fae22 Fixed bug #66395 basename function doesn't remove drive letter 2014-01-03 22:25:58 +01:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Dmitry Stogov
edbefd1d5c Fixed tests 2013-12-02 11:53:35 +04:00
Anatol Belski
345032946c fixed test 2013-11-21 21:24:47 +01:00
Yasuo Ohgaki
0d558afc05 Fix WS in serialization_error_002.phpt 2013-11-20 07:17:53 +09:00
Aaron Hamid
050dd59c63 added a test to cover distinction between boolean return value of unserialize function and deserializing serialized boolean 2013-11-20 07:14:53 +09:00