php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-21 15:08:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
110,727 Commits 547 Branches 1,483 Tags
5f4e034e570176cf63aaa29d2d476ddff2d0580b
Commit Graph

625 Commits

Author SHA1 Message Date
Christoph M. Becker 2ff853aa11 Fix #81211: Symlinks are followed when creating PHAR archive 
It is insufficient to check whether the `base` is contained in `fname`;
we also need to ensure that `fname` is properly separated.  And of
course, `fname` has to start with `base`.
 2021-08-23 23:25:16 -07:00
Christoph M. Becker 7df594b943 Fix # 79171: heap-buffer-overflow in phar_extract_file 
We must not access memory outside of the allocated buffer.
 2020-02-17 00:20:04 -08:00
Stanislav Malyshev 6facfa59a5 Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions 2020-02-17 00:19:30 -08:00
Christoph M. Becker 136f51f1e1 Fix #76584: PharFileInfo::decompress not working 
We actually have to decompress, when told to do so.
 2020-01-28 10:31:36 +01:00
Stanislav Malyshev d69894734d Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix #77919: Potential UAF in Phar RSHUTDOWN
  Update NEWS
  Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment)
  Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
 2019-07-29 13:20:44 -07:00
Stanislav Malyshev 284fb08fdc Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fix #77919: Potential UAF in Phar RSHUTDOWN
  Update NEWS
  Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment)
  Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
 2019-07-29 13:19:16 -07:00
Christoph M. Becker cd1101e8c8 Fix #77919: Potential UAF in Phar RSHUTDOWN 
We have to properly clean up in case phar_flush() is failing.

We also make the expectation of the respective test case less liberal
to avoid missing such bugs in the future.
 2019-07-29 13:18:27 -07:00
Stanislav Malyshev e614b12712 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
 2018-12-01 21:48:44 -08:00
Stanislav Malyshev c5869fd1c8 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
 2018-12-01 21:48:40 -08:00
Stanislav Malyshev 09885f78c6 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
 2018-12-01 21:48:35 -08:00
Stanislav Malyshev cea277048d Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #77022 - use file mode or umask for new files
 2018-12-01 21:48:27 -08:00
Stanislav Malyshev cc84d893c7 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix bug #77022 - use file mode or umask for new files
 2018-12-01 21:47:49 -08:00
Stanislav Malyshev 8136d130b6 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fix bug #77022 - use file mode or umask for new files
 2018-12-01 21:47:44 -08:00
Stanislav Malyshev 1aec05defd Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix bug #77022 - use file mode or umask for new files
 2018-12-01 21:47:37 -08:00
Stanislav Malyshev 67f3615102 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #77022 - use file mode or umask for new files
 2018-12-01 21:08:38 -08:00
Stanislav Malyshev 69f5e7992b Fix bug #77022 - use file mode or umask for new files 2018-12-01 21:06:45 -08:00
Peter Kokot 8d3f8ca12a Remove unused Git attributes ident 
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.

In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.

This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
 2018-07-25 00:53:25 +02:00
Dmitry Stogov 43d5a3665d It's safer to use zval_ptr_dtor() for iterator keys. 2018-07-05 16:56:52 +03:00
Dmitry Stogov 3780b027dd Use zval_ptr_dtor() instead of zval_dtor() in internal functions that destroy new created object (This is safer and produces less code) 2018-07-05 14:25:17 +03:00
Dmitry Stogov 4a475a4976 Replace legacy zval_dtor() by zval_ptr_dtor_nogc() or even more specialized destructors. 
zval_dtor() doesn't make a lot of sense in PHP-7.* and it's used incorrectly in some places.
Its occurances should be replaced by zval_ptr_dtor() or zval_ptr_dtor_nogc(), or even more specialized destructors.
 2018-07-04 19:22:24 +03:00
David Carlier 80bb649ad1 phar module, unsignedness check changes. 
while at it, correcting seemingly subtle bug when checking
extension validity.
 2018-06-18 14:08:50 +00:00
Dmitry Stogov 5eb1f92f31 Use zend_string_release_ex() instread of zend_string_release() in places, where we sure about string persistence. 2018-05-28 16:27:12 +03:00
Stanislav Malyshev 99f1d904a0 Merge branch 'PHP-7.2' 
* PHP-7.2:
  Fix tsrm_ls
  Fix #76129 - remove more potential unfiltered outputs for phar
  Fix test
  Fix bug #76248 - Malicious LDAP-Server Response causes Crash
  Fix bug #76249 - fail on invalid sequences
  Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  Fix bug #75981: prevent reading beyond buffer start
 2018-04-23 22:04:22 -07:00
Stanislav Malyshev 4c06d929c0 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fix tsrm_ls
  Fix #76129 - remove more potential unfiltered outputs for phar
  Fix test
  Fix bug #76248 - Malicious LDAP-Server Response causes Crash
  Fix bug #76249 - fail on invalid sequences
  Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  Fix bug #75981: prevent reading beyond buffer start
 2018-04-23 22:03:33 -07:00
Stanislav Malyshev 95ee9efa57 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix tsrm_ls
  Fix #76129 - remove more potential unfiltered outputs for phar
  Fix test
  Fix bug #76248 - Malicious LDAP-Server Response causes Crash
  Fix bug #76249 - fail on invalid sequences
  Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  Fix bug #75981: prevent reading beyond buffer start
 2018-04-23 22:00:24 -07:00
Stanislav Malyshev 5a18d7a0df Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix tsrm_ls
  Fix #76129 - remove more potential unfiltered outputs for phar
  Fix test
  Fix bug #76248 - Malicious LDAP-Server Response causes Crash
  Fix bug #76249 - fail on invalid sequences
  Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  Fix bug #75981: prevent reading beyond buffer start
 2018-04-23 21:59:57 -07:00
Stanislav Malyshev 6e64aba47f Fix #76129 - remove more potential unfiltered outputs for phar 2018-04-23 13:43:43 -07:00
Anatol Belski 2e5ac355b9 Move to unsigned types in phar 
Preventing integer overflows in principle, which allows to avoid additional
range checks. The phar format is based on 32-bit lengths, so the storage
sizes was kept same.
 2018-04-18 20:15:05 +02:00
Gabriel Caruso 701437a948 Remove return types from some magic method in protos 
__construct, __destruct, __wakeup does not have return types defined.
 2018-03-09 12:04:46 +01:00
Joe c8e844be35 Merge branch 'PHP-7.2' 
* PHP-7.2:
  Fixed bug #65414
 2018-02-08 10:34:38 +01:00
Bishop Bettini d806d0315f Fixed bug #65414 2018-02-08 10:32:08 +01:00
Bishop Bettini 4765ba7dc3 Fixed bug #65414 2018-02-08 10:29:56 +01:00
Nikita Popov 4a7dacb5ee Don't loop over indexes in Phar::extractTo() 
Instead use a more idiomatic foreach loop. The behavior is not
strictly the same, but I see no reason why this specific case
should enforce continuously indexed integer keys.

Also handle references in the array while at it.
 2018-01-28 22:05:44 +01:00
Nikita Popov d79a0bf748 Merge branch 'PHP-7.2' 2018-01-28 21:53:38 +01:00
Bishop Bettini fa586cee3e Fixed bug #54289 
If a directory is passed to Phar::extractTo(), loop over all
entries and extract all files with the given prefix.
 2018-01-28 21:51:25 +01:00
Dmitry Stogov 9cbb521094 Access HashTable.u.flags through HT_FLAGS() macro. 2018-01-22 13:36:15 +03:00
Xinchen Hui a6519d0514 year++ 2018-01-02 12:57:58 +08:00
Xinchen Hui 7a7ec01a49 year++ 2018-01-02 12:55:14 +08:00
Xinchen Hui ccd4716ec7 year++ 2018-01-02 12:53:31 +08:00
Dmitry Stogov b864e6b58c Move constants into read-only data segment 2017-12-15 01:55:00 +03:00
Dmitry Stogov 9e709e2fa0 Move constants into read-only data segment 2017-12-14 18:43:44 +03:00
Nikita Popov 95e9cc2871 Backport some printf() fixes to 7.2 2017-11-16 21:26:33 +01:00
Nikita Popov 26f8fc833b Enable and fix printf() format warnings 
Add _unchecked() variants of zend_spprintf and zend_strpprintf for
cases where we specifically want to disable these checks, such as
use of %H.
 2017-11-16 21:15:36 +01:00
Kalle Sommer Nielsen cf1d42e001 Kill compiler warnings in ext/phar 2017-08-24 02:31:52 +02:00
Anatol Belski 827284ec36 fix up porting mistakes 2017-07-27 23:38:04 +02:00
Anatol Belski 49d9b3013f Move cwd_state and path related routines to size_t 
Having `int` there is no real profit in the size or speed, while unsigned
improves security and overall integration. ZPP supplied strings can
be then accepted directly and structs can be still handled with smaller
unsigned types for size reasons, which is safe. Yet some related places
are to go.

basic move tsrm_realpath_r to size_t

fix conditions and sync with affected places

touch ocurrences of php_sys_readlink usage

follow up on phar path handling

remove duplicated check

move zend_resolve_path and related pieces to size_t

touch yet resolve path related places

remove cast

missing pieces

missing piece

yet cleanups for php_sys_readlink for ssize_t

fix wrong return
 2017-07-27 20:11:21 +02:00
Joe Watkins 2a64f548da Merge branch 'PHP-7.1' 
* PHP-7.1:
  Fix Bug #74386Phar::__construct(): wrong number of parameters by reflection
 2017-05-29 08:32:23 +01:00
Fabien Villepinte d6922ef8e3 Fix Bug #74386Phar::__construct(): wrong number of parameters by reflection 2017-05-29 08:31:47 +01:00
Fabien Villepinte 2dee44c74c Fix Bug #74386 Phar::__construct(): wrong number of parameters by reflection 2017-05-29 08:29:30 +01:00
Dmitry Stogov 27e7aea412 "Countable" interface is moved from SPL to Core 2017-05-25 12:47:43 +03:00