php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-30 12:13:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
82,787 Commits 547 Branches 1,481 Tags
9a31d70845f64fa010b88ade23410fb400a7dbed
Commit Graph

227 Commits

Author SHA1 Message Date
Reeze Xia
51218b3b9d Fixed bug #70852 Segfault getting NULL offset of an ArrayObject. 2015-11-05 13:46:03 +08:00
Xinchen Hui
925412ee1c Do not edit the zval cause it might be in shared memory 2015-10-03 19:50:38 -07:00
Christoph M. Becker
484b92919b Fix #70303: Incorrect constructor reflection for ArrayObject 
The first parameter of ArrayObject::__construct() is optional. Reflection
should reflect this.
 2015-08-19 16:23:16 +02:00
Stanislav Malyshev
ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
 2015-08-04 15:29:13 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
 2015-08-04 14:10:57 -07:00
Stanislav Malyshev
7381b6accc Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject 2015-08-01 22:01:40 -07:00
Stanislav Malyshev
b7fa67742c Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items) 2015-07-26 17:25:25 -07:00
Xinchen Hui
0579e8278d bump year 2015-01-15 23:26:37 +08:00
Xinchen Hui
73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Xinchen Hui
51c38a0997 Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting) 2014-07-24 22:54:14 -07:00
Xinchen Hui
f48f311533 Merge branch 'PHP-5.5' into PHP-5.6 2014-07-02 17:58:11 +08:00
Xinchen Hui
22882a9d89 Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting) 2014-07-02 17:57:42 +08:00
Stanislav Malyshev
b03993dde9 Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion 2014-06-24 10:29:26 -07:00
Stanislav Malyshev
e2ed4874b5 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  5.4.30
  Better fix for bug #67072 with more BC provisions
  Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability
  update CVE
  Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
  Fix bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1))
  Fix bug #67349: Locale::parseLocale Double Free
  add CVEs
  Fix potential segfault in dns_get_record()
  Fix bug #66127 (Segmentation fault with ArrayObject unset)
  5.4.30 rc1

Conflicts:
	ext/intl/locale/locale_methods.c
 2014-06-24 10:25:09 -07:00
Stanislav Malyshev
88223c5245 Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion 2014-06-21 19:46:16 -07:00
Remi Collet
ea466a316f Fix Request #67453 Allow to unserialize empty data. 
SplDoublyLinkedList, SplObjectStorage and ArrayObject have empty
constructor (no arg), so it make sense to allow to unserialize empty
data.

This allow the hack (used in various place, including PHPUnit) to
instanciate class without call to constructor to work.
 2014-06-17 09:38:54 +02:00
Stanislav Malyshev
2b04d68972 Fix bug #66127 (Segmentation fault with ArrayObject unset) 2014-06-10 23:24:11 -07:00
Stanislav Malyshev
2ed66ed21c Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix bug #66127 (Segmentation fault with ArrayObject unset)
  5.4.31 next
 2014-06-10 23:20:07 -07:00
Stanislav Malyshev
f11bba4929 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #66127 (Segmentation fault with ArrayObject unset)
  5.4.31 next

Conflicts:
	configure.in
	main/php_version.h
 2014-06-10 23:19:21 -07:00
Stanislav Malyshev
317bcb96d0 Fix bug #66127 (Segmentation fault with ArrayObject unset) 2014-06-10 23:17:30 -07:00
Adam Harvey
b8042acdde Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Check for zero-length keys in spl_array_skip_protected and don't skip them.
  added CVEs in NEWS
 2014-05-29 17:56:32 +00:00
Adam Harvey
43e3a83d51 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Check for zero-length keys in spl_array_skip_protected and don't skip them.
 2014-05-29 17:53:28 +00:00
Adam Harvey
b5d9983ff4 Check for zero-length keys in spl_array_skip_protected and don't skip them. 
Fixes bug #67360 (Missing element after ArrayObject::getIterator).
 2014-05-29 17:49:32 +00:00
Tjerk Meesters
d4295eb26a Prevent recursion in ZF2 Parameters class 2014-05-16 16:49:47 +08:00
Tjerk Meesters
5dee3c11fe Call offsetGet() when called with isset() on ArrayObject derivatives 2014-03-25 18:15:18 +08:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui
47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Christopher Jones
39612afc72 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/dba/libinifile/inifile.c
 2013-08-14 20:43:25 -07:00
Christopher Jones
9ad97cd489 Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings. 2013-08-14 20:36:50 -07:00
Xinchen Hui
9126909c08 Merge branch 'PHP-5.4' into PHP-5.5 2013-07-25 22:44:19 +08:00
Xinchen Hui
9909c4d4c4 Fixed bug #65328 (Segfault when getting SplStack object Value) 2013-07-25 22:43:41 +08:00
Felipe Pena
f5bf90ef34 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  - Fixed bug #62672 (Error on serialize of ArrayObject) patch by: lior dot k at zend dot com
  - BFN
 2013-06-25 21:18:34 -03:00
Felipe Pena
04db57066d - Fixed bug #62672 (Error on serialize of ArrayObject) patch by: lior dot k at zend dot com 2013-06-25 21:18:09 -03:00
Nikita Popov
28634bf603 Forgot to remove some now unused variables 2013-03-12 17:39:20 +01:00
Nikita Popov
fcc6611de9 Add support for non-scalar Iterator keys in foreach 
RFC: https://wiki.php.net/rfc/foreach-non-scalar-keys
 2013-03-12 17:27:31 +01:00
Stanislav Malyshev
207d0ee08a Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Bug #52861: unset fails with ArrayObject and deep arrays
 2013-02-26 22:13:01 -08:00
Stanislav Malyshev
7c08232509 Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  Bug #52861: unset fails with ArrayObject and deep arrays
 2013-02-26 22:12:36 -08:00
Mike Willbanks
61099f8585 Bug #52861: unset fails with ArrayObject and deep arrays 
When checking to make into a reference write, readwrite are checked but not unset
 2013-02-26 22:11:52 -08:00
Stanislav Malyshev
0c6d903ce7 fix bug #49348 - issue notice on get_property_ptr_ptr when used for read 2013-02-18 20:56:02 -08:00
Nikita Popov
f540e086e2 Fixed bug #64106: Segfault on SplFixedArray[][x] = y when extended 2013-01-30 20:40:02 +01:00
Nikita Popov
bb4d11b405 Merge branch 'PHP-5.3' into PHP-5.4 2013-01-30 20:25:59 +01:00
Nikita Popov
321f4f18e5 Fixed bug #64106: Segfault on SplFixedArray[][x] = y when extended 2013-01-30 20:23:39 +01:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Xinchen Hui
a2045ff332 Happy New Year~ 2013-01-01 16:02:16 +08:00
Xinchen Hui
6284ef112e Fixed bug #63236 (Executable permission on various source files) 2012-10-09 13:28:31 +08:00
Xinchen Hui
e4a8fa6a15 Merge branch 'PHP-5.3' into PHP-5.4 2012-10-09 13:29:51 +08:00
Xinchen Hui
f3108b5f81 Remove extra blank in notice message, should act as same as vm 2012-09-01 14:37:45 +08:00
Xinchen Hui
863e7e0acb Merge branch 'PHP-5.3' into PHP-5.4 
Conflicts:
	ext/spl/spl_array.c
 2012-09-01 14:27:09 +08:00