a5a15965da
Fix #78863 : DirectoryIterator class silently truncates after a null byte
...
Since the constructor of DirectoryIterator and friends is supposed to
accepts paths (i.e. strings without NUL bytes), we must not accept
arbitrary strings.
2019-12-16 00:02:57 -08:00
d2cfb63f02
next is 7.2.27
2019-12-03 11:25:37 +01:00
600f1f898f
Fix #78814 : strip_tags allows / in tag name => whitelist bypass
...
When normalizing tags to check whether they are contained in the set
of allowable tags, we must not strip slashes, unless they come
immediately after the opening `<`, or immediately before the closing
`>`.
2019-12-02 11:37:25 +01:00
db420cb6a1
Fix #78833 : Integer overflow in pack causes out-of-bound access
...
We check for potential signed integer overflow, and bail out
gracefully, in that case.
2019-12-02 11:18:19 +01:00
c7141412ce
Added environment LSAPI_CLEAN_SHUTDOWN to control clean shutdown. Update SAPI version to LiteSpeed v7.6 .
2019-11-21 17:57:50 -05:00
9b92c1d154
Fix #78849 : GD build broken with -D SIGNED_COMPARE_SLOW
...
Apparently, this has not been tested for a long time, and might be a
refactoring relict. Anyhow, we have to pass the context to
`GIFNextPixel` as well.
2019-11-21 09:59:26 +01:00
f6eac76b65
Update NEWS
2019-11-18 12:46:43 +01:00
a2c41c0ea6
Fix $x = (bool)$x; for undefined with opcache
...
And `$x = !$x`
Noticed while working on GH-4912
The included test would not emit undefined variable errors in php 8.0
with opcache enabled. The command used:
```
php -d zend_extension=opcache.so --no-php-ini -d error_reporting=E_ALL \
-d opcache.file_cache= -d opcache.enable_cli=1 test.php
```
2019-11-18 11:24:03 +03:00
2c9926f156
Fix bug #78804 - Segmentation fault in Locale::filterMatches
2019-11-11 22:32:35 -08:00
ee243bc471
Remove outdated comments in test
2019-11-07 14:06:23 +01:00
5fa6dcd972
Fixed bug #78759
...
Handle INDIRECT values in array.
2019-11-07 11:15:29 +01:00
d317e16e89
Bump for 7.2.26-dev
2019-11-05 10:57:29 -05:00
4f984a2fdb
Fixed bug #78775
...
Clear the OpenSSL error queue before performing SSL stream operations.
As we don't control all code that could possibly be using OpenSSL,
we can't rely on the error queue being empty.
2019-11-05 12:13:46 +01:00
e29922f054
Fix test cases for libxml2 2.9.10
...
Since the error reporting has been slightly changed, we have to adapt
the two affected test cases.
2019-10-31 16:07:34 +01:00
5f6eaf355c
Add missing refcount increment
2019-10-30 09:22:20 +01:00
f9895b4bf5
Fixed bug #78689
2019-10-29 15:06:16 +01:00
2bdb13a1f7
Merge branch 'PHP-7.1' into PHP-7.2
...
* PHP-7.1:
Fix libmagic buffer overflow issue (CVE-2019-18218)
bump version
set versions for release
2019-10-28 20:47:30 -07:00
89c327f884
Fix #78751 : Serialising DatePeriod converts DateTimeImmutable
...
When getting the properties of a DatePeriod instance we have to retain
the proper classes, and when restoring a DatePeriod instance we have to
cater to DateTimeImmutable instances as well.
2019-10-28 13:07:28 +01:00
16c4910876
Fix bug #78752
...
NULL out the execute_data before destroying it, otherwise GC may
trigger while the execute_data is partially destroyed, resulting
in double-frees.
The handling of call stack unfreezing is a bit awkward because it's
a ZEND_API function, so we can't change the signature.
2019-10-28 10:27:32 +01:00
469820048d
Fix libmagic buffer overflow issue (CVE-2019-18218)
...
Ported from https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
2019-10-27 16:30:38 -07:00
5249993814
Fixed bug #78747
2019-10-25 12:47:18 +02:00
8daf96cef3
Use ICU's CXXFLAGS when using pkg-config
...
This mirrors how ICU's CXXFLAGS are already used when using icu-config.
2019-10-23 11:17:37 +02:00
fa89c41f37
Add "-pthread" to EXTRA_LDFLAGS_PROGRAM as well
...
This is a backport of c518932c03
2019-10-23 11:06:51 +02:00
52f049879a
bump version
2019-10-22 18:58:39 +02:00
326cd05dae
set versions for release
2019-10-22 18:56:55 +02:00
2213bd36fd
add NEWS entry
2019-10-22 09:37:35 +02:00
4b5cdda0c7
Merge branch 'PHP-7.1' into PHP-7.2
...
* PHP-7.1:
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
bump versions after release
set versions for release
2019-10-21 13:17:09 -07:00
bea2ff88c9
Fix bug #78697 : inaccurate error message
2019-10-21 09:22:09 +02:00
ab061f95ca
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
2019-10-20 22:50:04 -07:00
45a7723267
Fix #78694 : Appending to a variant array causes segfault
...
`write_dimension` object handlers have to be able to handle `NULL`
`offset`s; for now we simply throw an exception instead of following
the `NULL` pointer.
2019-10-19 11:47:00 +02:00
d2cde0bfd3
Fix #70153 \DateInterval incorrectly unserialized
...
Added a separate macro for reading 'days' property, so that bool(false)
is correctly converted to the proper internal representation.
2019-10-18 15:31:14 +02:00
e2a6bf482f
Fix checksum calculation for opcache
2019-10-14 16:46:42 +02:00
900bdcbd03
Fix #78665 : Multicasting may leak memory
2019-10-12 14:43:43 +02:00
46561dab6a
Fix leak in phar open
2019-10-10 16:14:21 +02:00
96c84b7bc1
Fix leak on static method call on non-existent class
2019-10-10 11:40:49 +02:00
daf1fc6e31
Avoid float to int cast UB in exif
2019-10-09 17:33:29 +02:00
3164186d53
Fix #78656 : Parse errors classified as highest log-level
2019-10-09 17:27:32 +02:00
d6ca174d5b
Remove redundant components < 0 check
...
components is an unsigned number, it cannot be smaller than zero.
2019-10-09 14:57:24 +02:00
a8f60ac9dd
Add pcre_get_compiled_regex_cache_ex() with local_aware flag
...
A new function `pcre_get_compiled_regex_cache_ex()` is introduced,
which allows to compile regexp pattern using the "C" locale instead
of a current locale.
This will be needed to replace setlocale() usage in fileinfo,
which is not thread-safe.
2019-10-08 16:11:55 +02:00
46894580b0
Add missing SKIPIFs in exif tests
2019-10-08 14:11:32 +02:00
195c2008e8
Fix #78642 : Wrong libiconv version displayed
...
The high byte of `_libiconv_version` specifies the major version; the
low byte the minor version.
2019-10-08 12:09:11 +02:00
05d6878b3b
next is 7.2.25
2019-10-08 11:36:10 +02:00
fd3118ffb0
Fix #78641 : addGlob can modify given remove_path value
...
`remove_path` points to the given string, so we must not modify it.
Instead we use a duplicate, if we need the modification.
We may want to switch to `zend_string`s in master.
2019-10-08 09:45:05 +02:00
19e6abebc7
Check for object_init_ex() failure in user filter factory
2019-10-07 17:52:29 +02:00
7d19668f60
Set session.gc_probability=0 in bug78624.phpt
...
We only want to test manually triggered session GC.
Avoid spurious output due to automatic GC.
2019-10-07 16:43:19 +02:00
114c03b9a6
Fix #78623 : Regression caused by "SP call yields additional empty result set"
...
This reverts commit 41a4379cb4
2019-10-07 09:15:51 +02:00
545412a6cd
Split intl tests for ICU 65
2019-10-04 13:53:22 +02:00
abaf9a76dc
Fix #78620 : Out of memory error
...
The integer addition in `ZEND_MM_ALIGNED_SIZE_EX` can overflow, what we
have to catch early.
2019-10-04 09:08:01 +02:00
a6d219630c
fix #78624 : session_gc return value for user defined session handlers
2019-10-04 06:12:02 +02:00
9a2b42a5c1
Fix bug #76809 (SSL settings aren't respected when persistent connection is reused)
2019-10-03 06:56:21 +02:00
Christoph M. Becker