b51f82f260
Follow 308 Permanent Redirect responses.
...
Fixes bug #67430 (http:// wrapper doesn't follow 308 redirects).
2014-06-12 18:12:53 -07:00
fe67674809
Add 308 and 426 to the HTTP response code map in the CLI server.
...
Implements FR #67429 (CLI server is missing some new HTTP response codes).
2014-06-12 17:54:29 -07:00
1b9cbab9a7
Keep 308-399 HTTP response codes when header('Location:') is called.
...
Fixes bug #67428 (header('Location: foo') will override a 308-399 response
code).
2014-06-12 17:35:05 -07:00
5f2a30e111
NEWS entry for "Fix potential segfault in dns_get_record()"
2014-06-11 14:24:13 -07:00
317bcb96d0
Fix bug #66127 (Segmentation fault with ArrayObject unset)
2014-06-10 23:17:30 -07:00
979eed5c6b
5.4.31 next
2014-06-10 23:03:40 -07:00
6256b79a35
NEWS
2014-06-10 14:35:14 +02:00
da5d40bae6
NEWS
2014-06-10 14:23:31 +02:00
2b33a41162
NEWS
2014-06-10 14:16:00 +02:00
d02aa44090
NEWS
2014-06-10 14:04:27 +02:00
949cab09f2
NEWS
2014-06-10 10:31:17 +02:00
62857998c5
Fixed bug #67399 (putenv with empty variable may lead to crash)
2014-06-08 23:09:09 -07:00
9b5d56fd61
add news
2014-06-08 19:44:27 -07:00
e43270cb2a
fix order
2014-06-08 19:03:50 -07:00
e030efa4f6
Fix bug 666222
...
This also adds some smaller, isolated tests related to bug 66622.
Conflicts:
Zend/zend_vm_def.h
Zend/zend_vm_execute.h
2014-06-08 18:59:23 -07:00
76a7fd893b
Added support for parsing ssl certificates using GeneralizedTime format.
...
fix bug #65698
fix bug #66636
2014-06-08 14:17:58 -07:00
811f35d0ed
NEWS
2014-06-06 14:17:54 +02:00
3f47368738
NEWS
2014-06-05 13:45:25 +02:00
e06c4f7fe5
update NEWS
2014-06-04 01:09:37 -07:00
0817a2c767
(re)add cve number in NEWS, from 5.4.29
2014-06-03 11:28:07 +02:00
21986f98db
NEWS
2014-06-03 11:08:46 +02:00
38be99b739
Fixed bug #67359 (Segfault in recursiveDirectoryIterator)
2014-06-01 19:41:01 +08:00
b5d9983ff4
Check for zero-length keys in spl_array_skip_protected and don't skip them.
...
Fixes bug #67360 (Missing element after ArrayObject::getIterator).
2014-05-29 17:49:32 +00:00
76b06780d5
update NEWS
2014-05-27 11:28:53 -07:00
4005f06df6
Fix bug #67328 (fileinfo: numerous file_printf calls resulting in performance degradation)
...
Upstream patch: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d
2014-05-26 18:01:17 -07:00
57225f09ed
Fix bug #67327 : fileinfo: CDF infinite loop in nelements DoS
...
Upstream fix: https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0
2014-05-26 17:45:14 -07:00
fdb2709dd2
Add microseconds to the serialised form of DateTime objects.
...
Fixes bug #67308 (Serialize of DateTime truncates fractions of second).
2014-05-21 14:55:52 -05:00
b1c944dfd2
5.4.30 next
2014-05-13 22:20:15 -07:00
ffd74a0a29
update NEWS
2014-05-13 17:07:35 -07:00
3e9cb6a4a5
Fix bug #67250 (iptcparse out-of-bounds read)
2014-05-11 19:09:19 -07:00
2b475eebbe
Fix bug #67247 spl_fixedarray_resize integer overflow
2014-05-11 17:54:27 -07:00
14dd6c2d54
fix news
2014-05-11 17:43:28 -07:00
62b2eb666d
Updated NEWS
2014-05-11 15:13:40 +02:00
f7cb87f333
Fix author name on the #63228 patch.
2014-05-02 10:23:09 -07:00
1c13ad7c0e
add missing NEWS entry to the correct release where it was added
2014-05-01 10:50:08 +02:00
35ceea928b
Fix bug #67060 : use default mode of 660
2014-04-29 09:14:11 -07:00
2d625b5f81
Fixed bug #66431 Special Character via COM Interface (CP_UTF8)
2014-04-29 13:40:44 +02:00
c1aa9baf29
Fixed bug #67118 DateTime constructor crash with invalid data
2014-04-25 17:23:26 +02:00
a328803803
Revert "Fixed bug #64604 "
...
This reverts commit b05c088a3a
2014-04-24 23:50:45 -07:00
ea4cee93c8
Allow valid multi-byte utf-8 characters to be allowed as file names in phar archives.
2014-04-20 17:19:20 -07:00
49341e992a
Fix #66908 : php-fpm reload leaks epoll_create() file descriptor
...
This patch fixes descriptor leak which could lead to DoS once Max open files is reached
2014-04-20 16:21:49 -07:00
a18cec1b86
Fix bug #65701 : Do not use cache for file file copy
2014-04-20 15:22:44 -07:00
5328d42899
Fixed bug #67072 Echoing unserialized "SplFileObject" crash
...
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.
This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
2014-04-17 10:48:14 +02:00
5224614f23
Fixed bug #67081 DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset
2014-04-16 14:13:45 +02:00
1d34d82231
5.4.29 is next
2014-04-15 16:51:38 -07:00
a186312832
Fix #66942 : openssl_seal() memory leak
...
Fix #66952 : memory leak in openssl_open()
2014-04-14 13:24:14 -07:00
ad1b9eef98
Fix null byte in LDAP bindings
2014-04-14 10:44:53 -07:00
40a9316dff
Fix bug #66171 : better handling of symlinks
2014-04-14 10:44:53 -07:00
b80243aece
fix NEWS
2014-04-13 20:16:27 -07:00
b05c088a3a
Fixed bug #64604
2014-04-13 18:37:40 -07:00
Adam Harvey