php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-21 23:18:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
106,438 Commits 549 Branches 1,484 Tags
6b8ffdbdeb167b6eae68f9beb934268fac90fa83
Commit Graph

837 Commits

Author SHA1 Message Date
Stanislav Malyshev d76f7c6c63 Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress 2020-02-15 20:52:19 -08:00
Christoph M. Becker f79c774274 Fix #79091: heap use-after-free in session_create_id() 
If the `new_id` is released, we must not use it again.
 2020-01-20 21:43:42 -08:00
Christoph M. Becker d20053a556 Fix #77911: Wrong warning for session.sid_bits_per_character 2019-04-17 17:23:23 +02:00
Xinchen Hui 7a7ec01a49 year++ 2018-01-02 12:55:14 +08:00
Anatol Belski 9ff4801159 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fixed bug #74833, SID constant created with wrong module number
 2017-07-26 13:21:20 +02:00
Anatol Belski eaf5c7cdd4 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug #74833, SID constant created with wrong module number
 2017-07-26 13:20:48 +02:00
Anatol Belski bd00fe81cc Fixed bug #74833, SID constant created with wrong module number 2017-07-26 13:19:41 +02:00
Sergei Morozov 9b9184a45a Fixed bug #74941 - Session fails to start after having headers sent 2017-07-20 07:52:02 +01:00
Sergei Morozov 5b12b46a19 Fixed bug #74936 - session_*() functions trigger a warning in read mode when the session is active 2017-07-18 22:25:22 +02:00
Yasuo Ohgaki a2d766503a Fixed bug #74514 5 session functions incorrectly warn when calling in read-only/getter mode 2017-07-01 03:32:54 +09:00
Nikita Popov 035a27cbc6 Only compute callback name in error cases 
Mostly the callback name is only used to report an error. Try to
avoid calculating it if no error occurred.
 2017-06-25 18:45:59 +02:00
Xinchen Hui 8f2d3539f2 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Fixed tests when using cumstom php.ini(session.save_handler)
  Fix Bug #74541 Wrong reflection on session_start()
 2017-05-09 11:15:32 +08:00
Xinchen Hui 05c90e5994 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed tests when using cumstom php.ini(session.save_handler)
  Fix Bug #74541 Wrong reflection on session_start()
 2017-05-09 11:14:40 +08:00
Fabien Villepinte b39c70b4a7 Fix Bug #74541 Wrong reflection on session_start() 2017-05-08 22:42:09 +02:00
Nikita Popov 7cba31535c Separate array in session upload progress 2017-01-23 17:19:12 +00:00
Joe Watkins 71a42477ca Merge branch 'PHP-7.1' 
* PHP-7.1:
  Update comment, incorrect since 224aaf94
 2017-01-19 10:49:09 +00:00
SjonHortensius 631861e1fa Update comment, incorrect since 224aaf94 
In 224aaf94; the warning was enabled; making the comment above incorrect. I've updated the comment to reflect the current code
 2017-01-19 10:48:54 +00:00
Sammy Kaye Powers dac6c639bb Update copyright headers to 2017 2017-01-04 11:23:42 -06:00
Sammy Kaye Powers 478f119ab9 Update copyright headers to 2017 2017-01-04 11:14:55 -06:00
Sammy Kaye Powers 9e29f841ce Update copyright headers to 2017 2017-01-02 09:30:12 -06:00
dreamszhu e10425fe8b Add PHPAPI php_session_flush and php_session_destroy 2017-01-01 07:30:22 +08:00
Anatol Belski f8aa57ab2f fix uninitialized value 2016-12-27 23:43:49 +01:00
Graham Campbell 22f3695fe1 Fixed typo in "session_module_name" 2016-12-27 22:01:19 +01:00
Yasuo Ohgaki a93a51c3bf Fix bug #73100 - Improve bug fix. Forbid to set 'user' save handler other than set_save_handler(). 2016-12-22 16:04:28 +09:00
Yasuo Ohgaki bf5c502e3d Remove "register_globals" support codes from php/php_binary serializers. 
As a result, users may use PS_UNDEF_MAKER(=!) char for session variable name.
 2016-12-21 08:07:14 +09:00
Yasuo Ohgaki 7f196e321f Fix bug #71038 - session_start() returns true even when it failed 
PR #2167
 2016-11-17 11:09:07 +09:00
Yasuo Ohgaki 3d6e922367 Refactor and cleanup implementation. 2016-11-16 05:08:29 +00:00
Yasuo Ohgaki 7b29c3fba6 Revert "Fix Bug #73461" 
This reverts commit 0383de1467.
 2016-11-16 05:08:29 +00:00
Yasuo Ohgaki 6230c2bad0 Fix Bug #73461 
This patch disables any invalid save handler calls.
 2016-11-16 05:08:28 +00:00
Yasuo Ohgaki 70afe4c494 Simply return FALSE from session_gc(). Error could be annoying because internal save handlers may return -1 when GC cannot be performed for reasons 2016-10-18 06:53:13 +09:00
Nikita Popov 28edc971e7 Merge branch 'PHP-7.0' into PHP-7.1 2016-10-10 12:21:15 +02:00
Nikita Popov c91f652ddb Fixed bug #73273 
As well as a few other $_SESSION separation issues.
 2016-10-10 12:20:44 +02:00
Yasuo Ohgaki a4a2f66e75 Revert "Revert "Implement RFC Add session_gc() https://wiki.php.net/rfc/session-gc"" 
This reverts commit 355c7e7d1c.
 2016-09-01 10:12:26 +09:00
Yasuo Ohgaki b36ae7467e Revert "Revert "Merge RFC https://wiki.php.net/rfc/session-create-id"" 
This reverts commit 663f1c8fb0.
 2016-09-01 10:12:23 +09:00
Yasuo Ohgaki 90352bb4a2 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix bug #72940 properly. Reduce needless branches
 2016-09-01 07:47:27 +09:00
Yasuo Ohgaki cc797d4fc3 Fix bug #72940 properly. Reduce needless branches 2016-09-01 07:47:13 +09:00
Yasuo Ohgaki 355c7e7d1c Revert "Implement RFC Add session_gc() https://wiki.php.net/rfc/session-gc" 
This reverts commit 1cf179e415.
 2016-09-01 05:54:55 +09:00
Yasuo Ohgaki 663f1c8fb0 Revert "Merge RFC https://wiki.php.net/rfc/session-create-id" 
This reverts commit 7ee9f81c54.
 2016-09-01 05:54:30 +09:00
Yasuo Ohgaki 7ee9f81c54 Merge RFC https://wiki.php.net/rfc/session-create-id 2016-08-31 20:34:20 +09:00
Yasuo Ohgaki f5cd6e5710 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug #72940 SID always return "name=ID", even if session cookie exist
 2016-08-30 15:58:55 +09:00
Yasuo Ohgaki b5f2f6fbd8 Fixed bug #72940 SID always return "name=ID", even if session cookie exist 2016-08-30 15:58:25 +09:00
Yasuo Ohgaki 1cf179e415 Implement RFC Add session_gc() https://wiki.php.net/rfc/session-gc 2016-08-29 05:57:37 +09:00
Xinchen Hui 1eb4851fa2 Remove leftover of previous change 2016-08-18 15:44:33 +08:00
Xinchen Hui a3740dadec Remove outdate checks 2016-08-18 15:37:15 +08:00
Xinchen Hui ce6ad9bdd9 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0: (48 commits)
  Update NEWs
  Unused label
  Fixed bug #72853 (stream_set_blocking doesn't work)
  fix test
  Bug #72663 - part 3
  Bug #72663 - part 2
  Bug #72663 - part 1
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  ...

Conflicts:
	ext/standard/var_unserializer.c
 2016-08-17 17:14:30 +08:00
Xinchen Hui b172f43caa Unused label 2016-08-17 16:56:20 +08:00
Nikita Popov e0f9fbdfa6 Bug #72663 - part 3 
When using the php_serialize session serialization handler, do
not use the result of the unserialization if it failed.
 2016-08-17 01:01:03 -07:00
Stanislav Malyshev 0d13325b66 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6: (24 commits)
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  Fix bug#72697 - select_colors write out-of-bounds
  Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
  Fix bug #72750: wddx_deserialize null dereference
  Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
  Improve fix for #72663
  Fix bug #70436: Use After Free Vulnerability in unserialize()
  Fix bug #72749: wddx_deserialize allows illegal memory access
  ...

Conflicts:
	Zend/zend_API.h
	ext/bz2/bz2.c
	ext/curl/interface.c
	ext/ereg/ereg.c
	ext/exif/exif.c
	ext/gd/gd.c
	ext/gd/tests/imagetruecolortopalette_error3.phpt
	ext/gd/tests/imagetruecolortopalette_error4.phpt
	ext/session/session.c
	ext/snmp/snmp.c
	ext/standard/base64.c
	ext/standard/ftp_fopen_wrapper.c
	ext/standard/quot_print.c
	ext/standard/url.c
	ext/standard/uuencode.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/wddx/tests/bug72790.phpt
	ext/wddx/tests/bug72799.phpt
	ext/wddx/wddx.c
	sapi/cli/generate_mime_type_map.php
 2016-08-17 00:43:33 -07:00
Stanislav Malyshev 8763c6090d Fix bug #72681 - consume data even if we're not storing them 2016-08-16 22:54:42 -07:00
Yasuo Ohgaki 3467526a65 Merge RFC: Session ID without hashing 
https://wiki.php.net/rfc/session-id-without-hashing
 2016-08-12 12:31:02 +09:00