php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-28 02:33:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
70,632 Commits 549 Branches 1,485 Tags
bb422cb60e69794b3ea9d7d47fcc8a976a385608
Commit Graph

6487 Commits

Author SHA1 Message Date
Anatol Belski c1aa9baf29 Fixed bug #67118 DateTime constructor crash with invalid data 2014-04-25 17:23:26 +02:00
Stanislav Malyshev a328803803 Revert "Fixed bug #64604" 
This reverts commit b05c088a3a.
Breaks parsing urls where query has : in it, like: /foo/bar?baz=goo:boo
 2014-04-24 23:50:45 -07:00
Danack ea4cee93c8 Allow valid multi-byte utf-8 characters to be allowed as file names in phar archives. 2014-04-20 17:19:20 -07:00
Julio Pintos 49341e992a Fix #66908: php-fpm reload leaks epoll_create() file descriptor 
This patch fixes descriptor leak which could lead to DoS once Max open files is reached
 2014-04-20 16:21:49 -07:00
Boro Sitnikovski a18cec1b86 Fix bug #65701: Do not use cache for file file copy 2014-04-20 15:22:44 -07:00
Anatol Belski 5328d42899 Fixed bug #67072 Echoing unserialized "SplFileObject" crash 
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
 2014-04-17 10:48:14 +02:00
Anatol Belski 5224614f23 Fixed bug #67081 DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset 2014-04-16 14:13:45 +02:00
Stanislav Malyshev 1d34d82231 5.4.29 is next 2014-04-15 16:51:38 -07:00
Chuan Ma a186312832 Fix #66942: openssl_seal() memory leak 
Fix #66952: memory leak in openssl_open()
 2014-04-14 13:24:14 -07:00
Stanislav Malyshev ad1b9eef98 Fix null byte in LDAP bindings 2014-04-14 10:44:53 -07:00
Stanislav Malyshev 40a9316dff Fix bug #66171: better handling of symlinks 2014-04-14 10:44:53 -07:00
Stanislav Malyshev b80243aece fix NEWS 2014-04-13 20:16:27 -07:00
Ingo Walz b05c088a3a Fixed bug #64604 2014-04-13 18:37:40 -07:00
Freek 5558d0db9b Fix #66562: Consistency bug where curl_multi_getcontent behaves different from curl_exec 
curl_exec returns an empty string when data is received from a domain that returns zero content. curl_multi_getcontent
returned null. Now it returns an empty string fixing the incosistency
 2014-04-13 18:12:17 -07:00
itxx00 636adf251c Fix bug #66482, replace wrong item name 'priority' with 'process.priority' in php-fpm.conf 2014-04-13 17:30:50 -07:00
Boro Sitnikovski 8c88b6e81c Fix bug #66721 
Add NULL check to php_date_parse_tzfile's retval
 2014-04-13 15:51:55 -07:00
Jeff Trawick 442264ffd6 fix apr_psprintf format string from e0df4e3dba 2014-04-13 15:36:43 -07:00
Gabor Buella 1010200da5 Fixed bug #67024 - getimagesize should recognize BMP files with negative height 2014-04-13 15:17:04 -07:00
Bob Weinand beda5093b4 Reverted to 5a0da281e5 
Discussion: http://news.php.net/php.cvs/76836
 2014-04-13 23:01:31 +02:00
Bob Weinand 2f3056fecc Updated NEWS 2014-04-13 19:32:51 +02:00
Ferenc Kovacs 9540ced221 fix typo 2014-04-10 07:05:07 +02:00
Anatol Belski a0beddf5e9 Fixed bug #66084 simplexml_load_string() mangles empty node name 2014-04-05 09:46:24 +02:00
Stanislav Malyshev 7e5de3a1ce cleanup NEWS 2014-04-03 15:54:00 -07:00
Michael Wallner d08b4dbf23 Fix Bug #66736 fpassthru broken 2014-04-03 10:40:06 +02:00
Michael Wallner 7ab5c593f7 Fix bug #66182 exit in stream filter produces segfault 
Unfortunately, a segv caused by exit cannot be tested reliably.
 2014-04-03 09:07:35 +02:00
Michael Wallner 1ec83d44a1 Fixed bug #61019 (Out of memory on command stream_get_contents) 2014-04-02 15:36:39 +02:00
Michael Wallner 91a9d24aa3 Fix bug #64330 
stream_socket_server() creates wrong Abstract Namespace UNIX sockets
 2014-04-02 11:09:26 +02:00
Anatol Belski f244513fc0 updated NEWS 2014-04-01 10:11:40 +02:00
Remi Collet fca331cae9 NEWS 2014-03-31 16:57:02 +02:00
Remi Collet 3616db6d38 NEWS 2014-03-25 11:00:47 +01:00
Anatol Belski 5efda763be updated NEWS 2014-03-24 10:28:21 +01:00
Stanislav Malyshev 9b88bc494e prep for 5.4.27 rc1 2014-03-18 23:19:09 -07:00
Remi Collet 87a87c6682 NEWS 2014-03-14 09:51:53 +01:00
Pierre Joye 28fa31d6e5 fix #66872, invalid argument crashes gmp_testbit 2014-03-10 12:07:58 +01:00
Remi Collet c2a9f73c99 NEWS 2014-03-04 20:35:56 +01:00
Tjerk Meesters 1533f98afd Updated news for #60602 2014-03-03 05:54:09 +08:00
Tjerk Meesters 362b70a32c Updated NEWS for #66535 2014-03-01 08:47:32 +08:00
Remi Collet 33d372a45f NEWS 2014-02-27 08:49:08 +01:00
Antony Dovgal 4d9c556b5d add news entry 2014-02-25 12:14:50 +04:00
Stanislav Malyshev ee4b3892f8 update news with CVE 2014-02-18 08:36:51 -08:00
Remi Collet 9f449df1e4 NEWS 2014-02-18 13:56:58 +01:00
Stanislav Malyshev c612440e0f 5.4.27 now 2014-02-17 21:19:25 -08:00
Stanislav Malyshev b79d2285df update NEWS 2014-02-17 21:16:48 -08:00
Julien Pauli b04159eed4 Updated NEWS for #65753 2014-02-17 11:05:34 +01:00
Yasuo Ohgaki f275fdcf00 Fixed possbile injections against pg_insert()/pg_delete()/pg_update()/pg_select() 2014-02-16 10:45:15 +09:00
Yasuo Ohgaki 7ce88b2d8a Update NEWS 2014-02-15 19:20:34 +09:00
Daniel Lowrey 5cc851e83e Update NEWS 2014-02-14 21:41:18 -07:00
Hannes Magnusson 1e0fdf0256 Fix year 2014-02-05 10:15:11 -08:00
Stanislav Malyshev 0742de587a Merge branch 'pull-request/571' into PHP-5.4 
* pull-request/571:
  Implement ldap_modify_batch.
 2014-01-25 21:59:57 -08:00
Stanislav Malyshev 1bc16fbfcd fix CVE ref for bug #66060 2014-01-21 13:26:56 -08:00