php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-05 07:02:33 +02:00
Code Issues Packages Projects Releases Wiki Activity
92,251 Commits 547 Branches 1,481 Tags
7da32cb56b877feb342bb2012ce845f9deff32bd
Commit Graph

9769 Commits

Author SHA1 Message Date
Nikita Popov
ab74d80247 Fix bug #70487 
Switch to * instead of + in zpp.
 2015-09-14 15:04:43 +02:00
Dmitry Stogov
c174e4cd73 Change array sorting implementation to avoid two level callbacks system. 
Simplify zval comparion API.
 2015-09-10 02:51:23 +03:00
Dmitry Stogov
2ea18cd431 Better array_compare improvement 2015-09-09 15:11:03 +03:00
Xinchen Hui
67d1a47887 Improved array_compare 2015-09-09 17:56:44 +08:00
Xinchen Hui
b00a315806 Unused var 2015-09-09 15:15:43 +08:00
Nikita Popov
7c8798834a Small cleanup in pack() implementation 2015-09-09 03:58:37 +02:00
Bob Weinand
c12917aa45 Merged RFC Random Functions Throwing Exceptions in PHP 7 
Squashes commits from PR #1397

commit cd5dcc8c9eb43603d908abcea69c9e18df0f2ed5
Author: SammyK <sammyk@sammykmedia.com>
Date:   Tue Sep 8 13:53:42 2015 -0500

    Add min max samezies

commit b719499218a4e84efecd4dc1d4235d16142c9793
Author: SammyK <sammyk@sammykmedia.com>
Date:   Wed Sep 2 07:00:25 2015 -0500

    Make random_bytes() throw Error when $length <= 0 and random_int() throw Error when $min > $max

commit 0cca557291c278716ec4b00b32fc2bdc1c1c8848
Author: SammyK <sammyk@sammykmedia.com>
Date:   Wed Sep 2 06:55:59 2015 -0500

    Make random_*() functions throw Error exception when random bytes cannot be obtained

commit 998c7f1e209123605b41139e8d9093075ce16bd6
Author: SammyK <sammyk@sammykmedia.com>
Date:   Wed Sep 2 06:41:20 2015 -0500

    Make random_*() functions throw TypeError when zend_parse_parameters fails

commit 99d305c18820ff55d82d952777cbcdf1cf0158be
Author: SammyK <sammyk@sammykmedia.com>
Date:   Mon Jul 6 19:50:47 2015 -0500

    Make exceptions less specific

commit b042dfab290713366741a663a420cf12bf802f39
Author: SammyK <sammyk@sammykmedia.com>
Date:   Mon Jul 6 17:20:13 2015 -0500

    Upgrade warnings to RuntimeExceptions
 2015-09-09 01:00:29 +02:00
Bob Weinand
3d05785054 Merge remote-tracking branch 'origin/PHP-5.6' 2015-09-04 16:35:15 +02:00
Niklas Keller
4b1dff6f43 Fix #70361: HTTP stream wrapper doesn't close keep-alive connections 2015-09-04 16:29:35 +02:00
Xinchen Hui
49ee37d870 Seems master is not affected 2015-09-02 23:15:57 -07:00
Xinchen Hui
6290344d96 Fixed test 2015-09-02 21:59:36 -07:00
Julien Pauli
60e2207c34 Merge branch 'PHP-5.6' 
* PHP-5.6:
  5.5.30 next
  More fixes for bug #70219

Conflicts:
	ext/pcre/php_pcre.c
	ext/session/session.c
 2015-09-02 17:51:02 +02:00
Stanislav Malyshev
9c35f87e9a Temporary add XFAILs, will fix soon 2015-09-02 01:23:40 -07:00
Stanislav Malyshev
9b1a224d4e Merge branch 'PHP-5.6' 
* PHP-5.6: (21 commits)
  fix unit tests
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  ...

Conflicts:
	ext/exif/exif.c
	ext/gmp/gmp.c
	ext/pcre/php_pcre.c
	ext/session/session.c
	ext/session/tests/session_decode_variation3.phpt
	ext/soap/soap.c
	ext/spl/spl_observer.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/xsl/xsltprocessor.c
 2015-09-02 00:37:20 -07:00
Stanislav Malyshev
a6c063d663 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  More fixes for bug #70219
 2015-09-01 12:51:48 -07:00
Stanislav Malyshev
c19d59c550 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/zip/php_zip.c
 2015-09-01 12:06:41 -07:00
Stanislav Malyshev
53d274beb0 Merge branch 'PHP-5.5' into PHP-5.5.29 
* PHP-5.5:
  Improve fix for #70172
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)

Conflicts:
	ext/pcre/php_pcre.c
 2015-09-01 11:43:27 -07:00
Stanislav Malyshev
33d3acaae7 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-09-01 11:42:19 -07:00
Stanislav Malyshev
7c31203935 Improve fix for #70172 2015-09-01 11:38:39 -07:00
Dmitry Stogov
bb4b50636c Fixed one more problem related to bug #70187 (Notice: unserialize(): Unexpected end of serialized data) 2015-09-01 10:39:00 +03:00
Stanislav Malyshev
6935058a98 Merge branch 'PHP-5.4.45' into PHP-5.5.29 
* PHP-5.4.45:
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
 2015-09-01 00:28:39 -07:00
Stanislav Malyshev
e8429400d4 Fix bug #70172 - Use After Free Vulnerability in unserialize() 2015-08-31 23:26:14 -07:00
Stanislav Malyshev
fc8eff897b More fixes for bug #70219 2015-08-28 21:50:21 -07:00
Anatol Belski
ebdd9cf6e8 fix test 2015-08-28 11:29:38 +02:00
Dmitry Stogov
1f0f768e3f Avoid duplication 2015-08-26 14:53:41 +03:00
Stanislav Malyshev
24dda816d0 Merge branch 'PHP-5.4.45' into PHP-5.5.29 
* PHP-5.4.45:
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  5.4.45 next

Conflicts:
	configure.in
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-08-25 23:08:49 -07:00
Dmitry Stogov
25f9e25526 Fixed bug #70187 (Notice: unserialize(): Unexpected end of serialized data) 2015-08-26 03:27:05 +03:00
Christoph M. Becker
405f8b5c91 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fix #67131: setcookie() conditional for empty values not met

Resolved conflicts:
	ext/standard/head.c
 2015-08-24 23:11:03 +02:00
Christoph M. Becker
fc203fa37e Fix #67131: setcookie() conditional for empty values not met 
PHP applies a workaround for old MSIE where setting an empty cookie value would
not delete the cookie. This workaround is only triggered if an empty string (or
a value that converts to an empty string) is actually given as $value parameter
of setcookie. If the $value parameter is omitted, an empty cookie value is
sent. This commit fixes the inconsistent behavior.
 2015-08-24 23:03:50 +02:00
Xinchen Hui
fd5e0dc3c6 Fixed bug #70342 (changing configuration with ignore_user_abort(true) isn't working) 2015-08-24 21:09:16 +08:00
Stanislav Malyshev
df4bf28f9f Fix bug #70219 (Use after free vulnerability in session deserializer) 2015-08-23 19:56:12 -07:00
Anatol Belski
24e78ec1d8 fix test 2015-08-23 17:27:51 +02:00
Anatol Belski
5786f86656 fix test 
backported from master
 2015-08-23 17:27:50 +02:00
Anatol Belski
e8f37fe3dc fix dir separator in test 2015-08-21 14:04:08 +02:00
Bob Weinand
4df77a6c58 Fixed bug #70295 (Segmentation fault with setrawcookie) 2015-08-19 01:33:19 +02:00
Dmitry Stogov
2d475eb943 Fixed tests on 32-bit systems 2015-08-17 12:54:33 +03:00
Tjerk Meesters
0bd7d7a369 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Updated NEWS for #70157
  Fixed #70157 parse_ini_string() segmentation fault with INI_SCANNER_TYPED
 2015-08-15 16:49:30 +08:00
Tjerk Meesters
0d7159d26d Fixed #70157 parse_ini_string() segmentation fault with INI_SCANNER_TYPED 2015-08-15 15:10:34 +08:00
Christoph M. Becker
c63b505573 Merge branch 'PHP-5.6' 
* PHP-5.6:
  fixed wrong params in proto
 2015-08-15 02:27:09 +02:00
Christoph M. Becker
a4e0539188 fixed wrong params in proto 2015-08-15 02:23:56 +02:00
Anatol Belski
38c19d43c1 fix array size calculation for range, related to bug #70239 2015-08-14 14:34:48 +02:00
Anatol Belski
86984d7ade add range() tests 2015-08-14 14:34:48 +02:00
Anatol Belski
01ee09f3f7 Fixed bug #70239 Creating a huge array doesn't result in exhausted, but segfault 2015-08-14 14:34:47 +02:00
Xinchen Hui
dc5c6ab774 Fixed bug #70250 (extract() turns array elements to references) 2015-08-13 13:30:25 +08:00
Xinchen Hui
adf0e49912 zend_hash_resize seems useless, use zend_hash_extend 2015-08-13 12:19:35 +08:00
Anatol Belski
cbcacbb2da improve condition 
read() == 0 is EOL
 2015-08-12 10:20:26 +02:00
Stanislav Malyshev
ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
 2015-08-04 15:29:13 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
 2015-08-04 14:10:57 -07:00
Stanislav Malyshev
4d2278143a Fix #69793 - limit what we accept when unserializing exception 2015-08-01 22:02:26 -07:00
Christoph M. Becker
cdabbd9542 test requires imagejpeg(); skip otherwise 2015-07-31 13:51:49 +02:00