* PHP-5.4.45:
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
* PHP-5.4:
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix#69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
.gitignore
ext/date/php_date.c
ext/spl/spl_array.c
ext/spl/spl_observer.c
Currently when you use RecursiveDirectoryIterator with the
CURRENT_AS_PATHNAME flag PHP will throw an UnexpectedValueException with
message 'Objects returned by RecursiveIterator::getChildren() must implement
RecursiveIterator'.This happend because getChildren() will return the
current directory name instead of an Iterator (or subclass of) as required
by the RecursiveIterator interface.
This commit changes getChildren() to return annother
RecursiveDirectoryIterator but current() still returns the path name when
CURRENT_AS_PATHNAME is used. A PHPT test case (bug66405.phpt) that
reproduces the bug is included.
This fix was originally against the PHP-5.4 branch, but it was not merged
before 5.4 reached EOL. I am hoping to get it applied to 5.5, 5.6, and
master.
Three issues are addressed:
- RecursiveRegexIterator::accept() should accept non-empty arrays without
applying any regular expression and RegexIterator::accept() should not accept
an array.
- RegexIterator::accept() should not accept an atom that fails to match
anything, even when PREG_PATTERN_ORDER is used (which would return an array
of empty arrays).
- RecursiveRegexIterator::getChildren() should pass all constructor arguments
to its child iterator instead of just the regular expression.
