php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-26 17:38:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
93,712 Commits 549 Branches 1,485 Tags
56f1106162cdca2cdebfd9321545cc448da32d21
Commit Graph

289 Commits

Author SHA1 Message Date
Reeze Xia 0bf3ebb4ba Fixed bug #70876 Segmentation fault when regenerating session id with strict mode 
The comment *mod_data always be non-NULL is not true.
The same as this FIXME: https://github.com/php/php-src/blob/master/ext/session/mod_files.c#L676
 2015-11-07 21:46:21 +08:00
Anatol Belski bfd2637068 fix test 2015-09-29 13:04:06 +02:00
Matteo Beccati cc875d1a25 Skip session_regenerate_id_cookie.phpt when there's no cgi 2015-09-18 07:51:46 +02:00
Yasuo Ohgaki e341eb94cb Add test for #70516 session_regenerate_id() does not send session ID cookie 2015-09-17 05:36:47 +09:00
Yasuo Ohgaki ab0e347f26 Add more test cases 2015-09-08 18:44:23 +09:00
Yasuo Ohgaki f34b858ed0 Fix #70013: Reference to $_SESSION is lost after a call to session_regenerate_id() 2015-09-07 03:57:03 +09:00
Anatol Belski ebb6f5eae6 fix dir separators in test 2015-09-02 17:26:35 +02:00
Stanislav Malyshev 9b1a224d4e Merge branch 'PHP-5.6' 
* PHP-5.6: (21 commits)
  fix unit tests
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  ...

Conflicts:
	ext/exif/exif.c
	ext/gmp/gmp.c
	ext/pcre/php_pcre.c
	ext/session/session.c
	ext/session/tests/session_decode_variation3.phpt
	ext/soap/soap.c
	ext/spl/spl_observer.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/xsl/xsltprocessor.c
 2015-09-02 00:37:20 -07:00
Stanislav Malyshev c19d59c550 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/zip/php_zip.c
 2015-09-01 12:06:41 -07:00
Stanislav Malyshev 33d3acaae7 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-09-01 11:42:19 -07:00
Stanislav Malyshev df4bf28f9f Fix bug #70219 (Use after free vulnerability in session deserializer) 2015-08-23 19:56:12 -07:00
Anatol Belski 6065b29fe4 Reverted ad4533fdba 
The E_ERROR to E_RECOVERABLE_ERROR should be readded with the
proper tests.
 2015-07-21 11:18:36 +02:00
Yasuo Ohgaki ad4533fdba Change E_ERROR and some E_WARNING to E_RECOVERABLE_ERROR. 2015-07-21 12:59:23 +09:00
Aaron Piotrowski e97d5fab35 Update exception names in tests after formatting changes. 2015-05-17 17:31:43 -05:00
Nikita Popov 3ae995f03c Tweak uncaught exception message display 
This implements a reduced variant of #1226 with just the following
change:

-Fatal error: Uncaught exception 'EngineException' with message 'Call to private method foo::bar() from context ''' in %s:%d
+Fatal error: Uncaught EngineException: Call to private method foo::bar() from context '' in %s:%d

The '' wrapper around messages is very weird if the exception
message itself contains ''. Futhermore having the message wrapped
in '' doesn't work for the "and defined" suffix of
TypeExceptions.
 2015-05-17 18:47:06 +02:00
Nikita Popov c9f27ee422 Display EngineExceptions like ordinary exceptions 
TypeException stays as-is for now because it uses messages that are
incompatible with the way exception messages are displayed.

closure_038.phpt and a few others now show that we're generating
too many exceptions for compound operations on undefined properties
-- this needs to be fixed in a followup.
 2015-05-15 23:40:32 +02:00
Nikita Popov 8d00385871 Reclassify E_STRICT notices 
Per RFC https://wiki.php.net/rfc/reclassify_e_strict

While reviewing this, found that there are still three E_STRICTs
left in libraries - need to discuss those.
 2015-04-01 11:17:55 +02:00
Nikita Popov 6ef9216269 Finish PHP 4 constructor deprecation 2015-03-31 17:55:27 +02:00
Andrea Faulds db76b708cf Deprecate PHP 4 constructors 2015-03-31 17:55:27 +02:00
Anatol Belski b680ccb2b0 the test shouldn't fail when unlink failed 2015-03-13 17:33:47 +01:00
Dmitry Stogov 1c94ff0595 Implement engine exceptions 
RFC: https://wiki.php.net/rfc/engine_exceptions_for_php7

Pending changes regarding naming of BaseException and whether it
should be an interface.
 2015-03-09 14:01:32 +01:00
Anatol Belski 2895912756 fix dir separator in test 2015-02-11 15:10:48 +01:00
Yasuo Ohgaki 5afe554d32 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fixed bug #68063 Empty session IDs do still start sessions

Conflicts:
	ext/session/session.c
	ext/session/tests/bug61470.phpt
 2015-02-03 13:49:14 +09:00
Yasuo Ohgaki 2983ef3c48 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed bug #68063 Empty session IDs do still start sessions
 2015-02-03 13:41:31 +09:00
Yasuo Ohgaki 853ae39d6e Fixed bug #68063 Empty session IDs do still start sessions 2015-02-03 13:38:49 +09:00
Yasuo Ohgaki 665997bf16 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Bug #61470 is fixed only in master
 2015-02-03 12:26:25 +09:00
Yasuo Ohgaki 17beba686e Bug #61470 is fixed only in master 2015-02-03 12:26:01 +09:00
Yasuo Ohgaki e93042998a Fixed bug #61470 - session_regenerate_id() does not create session file. 
Made session_regenerate_id() raise error for wrong usage.
 2015-02-03 12:23:00 +09:00
Yasuo Ohgaki 92576c7c49 XFAIL broken test for now. 
Partially fixed test session.save_path difference.
 2015-02-03 03:05:03 +09:00
Yasuo Ohgaki c7eea5a79b Merge branch 'PHP-5.6' 
* PHP-5.6:
  Add test for bug #61470. It is already fixed.
 2015-02-02 18:41:25 +09:00
Yasuo Ohgaki 675a12bbcf Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Add test for bug #61470. It is already fixed.
 2015-02-02 18:39:48 +09:00
Yasuo Ohgaki fb803ff819 Add test for bug #61470. It is already fixed. 2015-02-02 18:39:07 +09:00
Yasuo Ohgaki f248df9003 Cleanup trans sid code. Behavior is unchanged. 
Fixed possible injections. Escape values usually internal safe values.
 2015-02-02 17:06:16 +09:00
Xinchen Hui 4da7e4de29 The argument must be not changed in session_start 2015-01-29 12:26:13 +08:00
Yasuo Ohgaki 7a97eaf25d Cleanup session id files after test 2015-01-29 10:31:39 +09:00
Yasuo Ohgaki f90f6108c8 Merge branch 'master' into master-rfc-session-lock4 
Conflicts:
	UPGRADING
 2015-01-29 09:55:36 +09:00
Xinchen Hui a0cf025134 Fixed #68868 (Segfault in clean_non_persistent_constants() in SugarCRM 6.5.20) 2015-01-28 17:12:23 +08:00
Yasuo Ohgaki 4d747b1356 Forgot to apply important peace of patch 2015-01-28 14:22:22 +09:00
Yasuo Ohgaki 0c9bfa96b2 Make session_decode return FALSE when it fails. 
Fix a test.
Use proper types.
 2015-01-25 15:26:00 +09:00
Yasuo Ohgaki e6c8640a2a WIP - test passes 2015-01-22 13:34:58 +09:00
Yasuo Ohgaki 6b8328de74 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fixed bug #68331 - This was partial patch for https://wiki.php.net/rfc/session-lock-ini
  Fixed 2 tests that expects bool retrun value from save handler.

Conflicts:
	ext/session/session.c
 2014-11-06 13:49:43 +09:00
Yasuo Ohgaki 4dd3fbfcd2 Fixed bug #68331 - This was partial patch for https://wiki.php.net/rfc/session-lock-ini 2014-11-06 13:06:29 +09:00
Adam Harvey d91717f458 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fix bug #67972 (SessionHandler Invalid memory read create_sid()).
  Update LSAPI to 6.7, added support for 'filter_input'. Fixed a crash in CLI mode.
  5.5.18 now
 2014-09-08 19:31:58 +00:00
Adam Harvey 0cbfdc9df5 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix bug #67972 (SessionHandler Invalid memory read create_sid()).
  Update LSAPI to 6.7, added support for 'filter_input'. Fixed a crash in CLI mode.
  5.5.18 now

Conflicts:
	configure.in
	main/php_version.h
 2014-09-08 19:28:15 +00:00
Adam Harvey bc44eb6172 Fix bug #67972 (SessionHandler Invalid memory read create_sid()). 
SessionHandler::create_sid() didn't check if PS(default_mod) was initialised
before attempting to call its create_sid() handler.
 2014-09-08 19:25:14 +00:00
Tjerk Meesters 86674b5837 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fixed #67694: Regression in session_regenerate_id()

Conflicts:
	ext/session/session.c
 2014-08-23 09:21:36 +08:00
Tjerk Meesters ce9bdae33f Fixed #67694: Regression in session_regenerate_id() 2014-08-23 09:18:02 +08:00
Anatol Belski 4b337a898b fix directory separator in test 2014-08-20 21:27:39 +02:00
Dmitry Stogov f2a2fccece Merge branch 'master' into phpng 
* master:
  fix nmake snap when ext name is different in target dll
  force atoll macro usage on windows
  Enable $ replacement in exif, ldap, pdo_pgsql and tidy
  See bug #67635
  NEWS
  NEWS
  improve previous, add message during configure
  Fixed bug #67635 php links to systemd libraries without using pkg-config
  Improve fix for #66608
  Fixed segfault with empty break
  New added opcodes don't need to be resloved
  Update NEWS
  Update NEWS
  Update NEWS
  Fixed bug #66827 Session raises E_NOTICE when session name variable is array
  implemented copy libs of core exts in phpize mode
  fix copy the ext dll into the prefix path in phpize mode
  fix default prefix in phpize mode
  fix file with zero size usage in phpize mode

Conflicts:
	Zend/zend_opcode.c
	Zend/zend_vm_def.h
	Zend/zend_vm_execute.h
	ext/session/session.c
 2014-07-22 15:42:17 +04:00
Xinchen Hui 9bef96d96e Merge branch 'PHP-5.5' into PHP-5.6 2014-07-19 13:12:36 +08:00