On Windows the built-in webserver doesn't prevent directory traversal when
backslashes are used as path component separators. Even though that is not a
security issue (the CLI webserver is meant for testing only), we fix that by
replacing backslashes in the path with slashes on Windows, because backslashes
may be valid characters for file names on other systems, but not on Windows.
* PHP-5.5:
update NEWS
fix test
update NEWS
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix#69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
ext/soap/php_http.c
ext/spl/spl_observer.c
* PHP-5.5:
Handle NULL strings in sapi_cli_server_register_variable().
Allow CLI server test scripts to specify the name of the router file.
Conflicts:
sapi/cli/tests/php_cli_server.inc
We had an infinite loop in sapi_cli_server_send_headers(): while iterating over
the linked list of headers, when an empty header was hit, continue would go to
the next iteration of the loop without updating h to be the next value in the
linked list. Updating it to always increment regardless of whether the header
is actually valid or not fixes the issue.
* PHP-5.5:
Updated NEWS
Removed UPGRADING note
Rewrote test using tcp instead of http:// stream
Implemented FR #65917 (getallheaders() is not supported by the built-in...)
- Implemented apache_request_headers() and getallheaders() alias in CLI server
- Implemented apache_response_headers() in CLI server using FastCGI code
Conflicts:
NEWS
UPGRADING
* PHP-5.4:
Fix the spelling of the php_cli_server_http_response_status_code_pair typedef.
Change the search in get_status_string() to correctly handle unknown codes.
This previously used a buggy implementation of binary search that would loop
infinitely for unknown codes when searching in reason arrays of particular
sizes (such as the one we have at the moment). Since C provides bsearch(),
we'll just use that instead, since libc authors hopefully get this right.
There was also an additional bug that was masked by the first one: the design
was that an unknown code would result in get_status_string() returning NULL,
which would then result in a segfault in append_http_status_line(), since it
assumed that it would always receive a valid string pointer that could be
handed off to smart_str_appends_ex(). We'll now return a placeholder in that
case.
Fixes bug #65066 (Cli server not responsive when responding with 422 http
status code).
