php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-22 15:38:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
94,086 Commits 549 Branches 1,485 Tags
a17e4187e7ffdceaa33d9abc99d4d6fe3364bfc3
Commit Graph

775 Commits

Author SHA1 Message Date
Xinchen Hui 7648f20de3 Fixed bug #72051 (The reference in CallbackFilterIterator doesn't work as expected) 2016-04-19 10:59:10 +08:00
Stanislav Malyshev 28a6ed9f9a Fix bug #71735: Double-free in SplDoublyLinkedList::offsetSet 2016-03-20 22:29:08 -07:00
Nikita Popov f3309173f9 Fixed bug #62059 2016-03-20 18:17:44 +01:00
Nikita Popov 12f2665df8 Merge branch 'PHP-5.6' into PHP-7.0 
Conflicts:
	ext/spl/spl_observer.c
 2016-03-20 17:48:06 +01:00
Nikita Popov cc3cdd0057 Fixed bug #67582 2016-03-20 17:46:12 +01:00
Nikita Popov 8023204d21 Fixed bug #52339 
Autoloader 101: Don't throw if you fail. PHP will throw for you.
 2016-03-18 20:28:58 +01:00
Nikita Popov a2522efa9f Add extra ArrayObject::sort() test 2016-03-18 19:59:08 +01:00
Nikita Popov 094c808374 Fix bug #71838 2016-03-18 19:58:52 +01:00
Xinchen Hui b8f0cb063f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed test script
 2016-03-17 15:23:53 +08:00
Xinchen Hui ead7632cf9 Fixed test script 2016-03-17 15:23:44 +08:00
Nikita Popov fd561505f4 Fix construction of AO with overloaded object error 
a) Fix uses of zend_string in error message
b) Don't assign the overloaded object as the backing storage, that
   sort of defeats the point. Instead leave the previous value.
 2016-02-24 22:34:50 +01:00
Nikita Popov 0aa7163816 Fix AO object properties separation 2016-02-24 22:34:50 +01:00
Nikita Popov 079f2f7eb3 Forbid exchangeArray() during sorting 
Previously this would leak.
 2016-02-24 22:34:50 +01:00
Nikita Popov eb885e9d6e Fix leak on assignment to illegal AO offset 2016-02-24 17:39:16 +01:00
Nikita Popov ea02f57656 Don't use ht applyCount for AO sorting protection 
Instead use the AOs own applyCount that just got freed up. Using the
apply count of the HashTable has various side effects, e.g. preventing
the ArrayObject from being dumped.
 2016-02-24 17:18:07 +01:00
Nikita Popov 3f5c80e8c2 Don't recurse into USE_OTHER checking STD_PROP_LIST 
If STD_PROP_LIST is explicitly disabled in the constructor, it
should really be disabled.
 2016-02-22 13:04:19 +01:00
Nikita Popov fd6ac61064 Fix ArrayObject clone for certain USE_OTHER cases 
We can't simply use HASH_OF, need to use the usual hash table
getter.
 2016-02-22 12:35:00 +01:00
Nikita Popov 0bd64b50b8 Fixed bug #71617 2016-02-21 13:00:37 +01:00
Xinchen Hui 825b7f895a Update NEWS & Fixed test 2015-12-23 08:13:13 -08:00
Xinchen Hui 8692a99551 Merge branch 'PHP-5.6' into PHP-7.0 2015-12-23 08:11:09 -08:00
Xinchen Hui 620ccc9b1a Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading) 2015-12-23 08:10:59 -08:00
Xinchen Hui e21cb2daea Fixed bug #71202 (Autoload function registered by another not activated immediately) 2015-12-23 07:48:00 -08:00
Nikita Popov a3e1952700 Fixed bug #71153 2015-12-17 20:59:57 +01:00
Xinchen Hui 311eb2b11e Missed one place 2015-12-04 06:51:16 -08:00
Xinchen Hui 7ac24aa661 Fixed bug #71028 (Undefined index with ArrayIterator) 2015-12-04 06:45:26 -08:00
Xinchen Hui 9397f52724 Fixed Bug #70967 (Weird error handling for __toString when Error is thrown) 2015-11-28 23:38:19 -08:00
Xinchen Hui f8bf1f33a5 Fixed bug #70959 (ArrayObject unserialize does not restore protected fields) 2015-11-23 07:08:47 -08:00
Xinchen Hui 27aef97f65 Fixed bug #70868 (PCRE JIT and pattern reuse segfault) 2015-11-06 11:37:17 +08:00
Reeze Xia 435565a54f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Make test for bug #70852 to cover all cases
  Fixed bug #70852 Segfault getting NULL offset of an ArrayObject.
 2015-11-05 14:28:49 +08:00
Reeze Xia 1c0622a472 Make test for bug #70852 to cover all cases 2015-11-05 14:09:24 +08:00
Reeze Xia 51218b3b9d Fixed bug #70852 Segfault getting NULL offset of an ArrayObject. 2015-11-05 13:46:03 +08:00
Xinchen Hui e4ac4e75b5 Fixed bug #70853 (SplFixedArray throws exception when using ref variable as index) 2015-11-04 06:44:29 -08:00
Stanislav Malyshev 26e5429f72 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #64172
  Bug #70561: Fix DirectoryIterator to throw OutOfBoundsException

Conflicts:
	ext/pdo/pdo_dbh.c
 2015-10-18 17:20:00 -07:00
Stanislav Malyshev 0b35e0c5a1 Merge branch 'pull-request/1535' into PHP-5.6 
* pull-request/1535:
  Bug #70561: Fix DirectoryIterator to throw OutOfBoundsException
 2015-10-18 17:17:55 -07:00
Xinchen Hui e2d6090043 Fixed bug #70730 (Incorrect ArrayObject serialization if unset is called in serialize()) 
It's possible to fixed this in SPL side, but it will be ugly, and we
should make serialize more robust, so I prefer fix it in serialize side.
 2015-10-17 05:28:49 -07:00
Dmitry Stogov f509706318 Make necessary separation (it might be possible to fix this in a better way, but this will requre some refactoring) 2015-09-25 10:59:27 +03:00
Dmitry Stogov 415000ed93 Fixed bug #70573 (Cloning SplPriorityQueue leads to memory leaks) 2015-09-24 16:42:59 +03:00
Bishop Bettini 368d3ff0d9 Bug #70561: Fix DirectoryIterator to throw OutOfBoundsException 
-------------------------------------------------------------------------------
DirectoryIterator implements SeekableIterator, which "should throw an
OutOfBoundsException if the position is not seekable". As is, seek just returns
and one must call valid(). This approach is different than most (all?) other
SeekableIterator implementations and leads to developer confusion. See the
bug report for a specific example.
 2015-09-23 11:14:52 -04:00
Stanislav Malyshev 9b1a224d4e Merge branch 'PHP-5.6' 
* PHP-5.6: (21 commits)
  fix unit tests
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  ...

Conflicts:
	ext/exif/exif.c
	ext/gmp/gmp.c
	ext/pcre/php_pcre.c
	ext/session/session.c
	ext/session/tests/session_decode_variation3.phpt
	ext/soap/soap.c
	ext/spl/spl_observer.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/xsl/xsltprocessor.c
 2015-09-02 00:37:20 -07:00
Stanislav Malyshev c19d59c550 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/zip/php_zip.c
 2015-09-01 12:06:41 -07:00
Stanislav Malyshev 33d3acaae7 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-09-01 11:42:19 -07:00
Stanislav Malyshev c8f07ad477 add test 2015-09-01 00:26:12 -07:00
Stanislav Malyshev 259057b2a4 Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList 2015-09-01 00:20:45 -07:00
Stanislav Malyshev f06a069c46 Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage 2015-09-01 00:14:15 -07:00
Anatol Belski aa23bc6d1d fix dir separator 2015-08-21 14:08:33 +02:00
Anatol Belski 9e69ef4ce2 fix dir separator in test 2015-08-21 14:05:58 +02:00
Christoph M. Becker 361fb5baaa Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fix #70303: Incorrect constructor reflection for ArrayObject
 2015-08-19 16:33:40 +02:00
Christoph M. Becker 484b92919b Fix #70303: Incorrect constructor reflection for ArrayObject 
The first parameter of ArrayObject::__construct() is optional. Reflection
should reflect this.
 2015-08-19 16:23:16 +02:00
Xinchen Hui b584b51398 Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start) 2015-08-19 18:41:28 +08:00
Stanislav Malyshev ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
 2015-08-04 15:29:13 -07:00