php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-27 01:48:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
93,226 Commits 549 Branches 1,485 Tags
e585696a0b9d9eefefffa74249f751cfbe6e1222
Commit Graph

302 Commits

Author SHA1 Message Date
Yasuo Ohgaki 9f2240963f Add test for Bug #70133 (Extended SessionHandler::read is ignoring $session_id when calling parent) 2016-01-16 05:29:19 +09:00
Yasuo Ohgaki 34ff7bbeb1 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #69111 (Crash in SessionHandler::read()). Made session save handler abuse much harder than before.
 2016-01-15 16:24:22 +09:00
Yasuo Ohgaki bfb9307b2d Fixed bug #69111 (Crash in SessionHandler::read()). 
Made session save handler abuse much harder than before.
 2016-01-15 15:50:14 +09:00
Yasuo Ohgaki 132d919c85 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Improved fix for bug #68063 (Empty session IDs do still start sessions).
 2016-01-15 10:19:01 +09:00
Yasuo Ohgaki 8c37a086c7 Improved fix for bug #68063 (Empty session IDs do still start sessions). 2016-01-15 09:45:08 +09:00
Yasuo Ohgaki 224aaf94af Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed Bug #71038 session_start() returns TRUE on failure
 2016-01-12 19:52:54 +09:00
Yasuo Ohgaki a15e9ccba8 Fixed Bug #71038 session_start() returns TRUE on failure 2016-01-12 19:09:49 +09:00
Yasuo Ohgaki 707e1c4710 Fixed test 2015-12-16 09:35:45 +09:00
Yasuo Ohgaki 714f28d8e4 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #71122 Session GC may not remove obsolete session data
 2015-12-16 09:34:41 +09:00
Yasuo Ohgaki e8f1c29cc9 Fixed bug #71122 Session GC may not remove obsolete session data 2015-12-16 09:15:05 +09:00
Anatol Belski 56e7903131 fix path separator in test 2015-12-09 11:18:25 +01:00
Xinchen Hui e9fd8ad446 Fixed bug #70876 (Segmentation fault when regenerating session id with strict mode) 2015-11-07 07:30:31 -08:00
Xinchen Hui 148bb622fa Revert "Fixed bug #70876 Segmentation fault when regenerating session id with strict mode" 
This reverts commit 0bf3ebb4ba.
 2015-11-07 07:17:43 -08:00
Reeze Xia 0bf3ebb4ba Fixed bug #70876 Segmentation fault when regenerating session id with strict mode 
The comment *mod_data always be non-NULL is not true.
The same as this FIXME: https://github.com/php/php-src/blob/master/ext/session/mod_files.c#L676
 2015-11-07 21:46:21 +08:00
Anatol Belski bfd2637068 fix test 2015-09-29 13:04:06 +02:00
Matteo Beccati cc875d1a25 Skip session_regenerate_id_cookie.phpt when there's no cgi 2015-09-18 07:51:46 +02:00
Yasuo Ohgaki e341eb94cb Add test for #70516 session_regenerate_id() does not send session ID cookie 2015-09-17 05:36:47 +09:00
Yasuo Ohgaki ab0e347f26 Add more test cases 2015-09-08 18:44:23 +09:00
Yasuo Ohgaki f34b858ed0 Fix #70013: Reference to $_SESSION is lost after a call to session_regenerate_id() 2015-09-07 03:57:03 +09:00
Anatol Belski ebb6f5eae6 fix dir separators in test 2015-09-02 17:26:35 +02:00
Stanislav Malyshev 9b1a224d4e Merge branch 'PHP-5.6' 
* PHP-5.6: (21 commits)
  fix unit tests
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  ...

Conflicts:
	ext/exif/exif.c
	ext/gmp/gmp.c
	ext/pcre/php_pcre.c
	ext/session/session.c
	ext/session/tests/session_decode_variation3.phpt
	ext/soap/soap.c
	ext/spl/spl_observer.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/xsl/xsltprocessor.c
 2015-09-02 00:37:20 -07:00
Stanislav Malyshev c19d59c550 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/zip/php_zip.c
 2015-09-01 12:06:41 -07:00
Stanislav Malyshev 33d3acaae7 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-09-01 11:42:19 -07:00
Stanislav Malyshev df4bf28f9f Fix bug #70219 (Use after free vulnerability in session deserializer) 2015-08-23 19:56:12 -07:00
Anatol Belski 6065b29fe4 Reverted ad4533fdba 
The E_ERROR to E_RECOVERABLE_ERROR should be readded with the
proper tests.
 2015-07-21 11:18:36 +02:00
Yasuo Ohgaki ad4533fdba Change E_ERROR and some E_WARNING to E_RECOVERABLE_ERROR. 2015-07-21 12:59:23 +09:00
Aaron Piotrowski e97d5fab35 Update exception names in tests after formatting changes. 2015-05-17 17:31:43 -05:00
Nikita Popov 3ae995f03c Tweak uncaught exception message display 
This implements a reduced variant of #1226 with just the following
change:

-Fatal error: Uncaught exception 'EngineException' with message 'Call to private method foo::bar() from context ''' in %s:%d
+Fatal error: Uncaught EngineException: Call to private method foo::bar() from context '' in %s:%d

The '' wrapper around messages is very weird if the exception
message itself contains ''. Futhermore having the message wrapped
in '' doesn't work for the "and defined" suffix of
TypeExceptions.
 2015-05-17 18:47:06 +02:00
Nikita Popov c9f27ee422 Display EngineExceptions like ordinary exceptions 
TypeException stays as-is for now because it uses messages that are
incompatible with the way exception messages are displayed.

closure_038.phpt and a few others now show that we're generating
too many exceptions for compound operations on undefined properties
-- this needs to be fixed in a followup.
 2015-05-15 23:40:32 +02:00
Nikita Popov 8d00385871 Reclassify E_STRICT notices 
Per RFC https://wiki.php.net/rfc/reclassify_e_strict

While reviewing this, found that there are still three E_STRICTs
left in libraries - need to discuss those.
 2015-04-01 11:17:55 +02:00
Nikita Popov 6ef9216269 Finish PHP 4 constructor deprecation 2015-03-31 17:55:27 +02:00
Andrea Faulds db76b708cf Deprecate PHP 4 constructors 2015-03-31 17:55:27 +02:00
Anatol Belski b680ccb2b0 the test shouldn't fail when unlink failed 2015-03-13 17:33:47 +01:00
Dmitry Stogov 1c94ff0595 Implement engine exceptions 
RFC: https://wiki.php.net/rfc/engine_exceptions_for_php7

Pending changes regarding naming of BaseException and whether it
should be an interface.
 2015-03-09 14:01:32 +01:00
Anatol Belski 2895912756 fix dir separator in test 2015-02-11 15:10:48 +01:00
Yasuo Ohgaki 5afe554d32 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fixed bug #68063 Empty session IDs do still start sessions

Conflicts:
	ext/session/session.c
	ext/session/tests/bug61470.phpt
 2015-02-03 13:49:14 +09:00
Yasuo Ohgaki 2983ef3c48 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed bug #68063 Empty session IDs do still start sessions
 2015-02-03 13:41:31 +09:00
Yasuo Ohgaki 853ae39d6e Fixed bug #68063 Empty session IDs do still start sessions 2015-02-03 13:38:49 +09:00
Yasuo Ohgaki 665997bf16 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Bug #61470 is fixed only in master
 2015-02-03 12:26:25 +09:00
Yasuo Ohgaki 17beba686e Bug #61470 is fixed only in master 2015-02-03 12:26:01 +09:00
Yasuo Ohgaki e93042998a Fixed bug #61470 - session_regenerate_id() does not create session file. 
Made session_regenerate_id() raise error for wrong usage.
 2015-02-03 12:23:00 +09:00
Yasuo Ohgaki 92576c7c49 XFAIL broken test for now. 
Partially fixed test session.save_path difference.
 2015-02-03 03:05:03 +09:00
Yasuo Ohgaki c7eea5a79b Merge branch 'PHP-5.6' 
* PHP-5.6:
  Add test for bug #61470. It is already fixed.
 2015-02-02 18:41:25 +09:00
Yasuo Ohgaki 675a12bbcf Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Add test for bug #61470. It is already fixed.
 2015-02-02 18:39:48 +09:00
Yasuo Ohgaki fb803ff819 Add test for bug #61470. It is already fixed. 2015-02-02 18:39:07 +09:00
Yasuo Ohgaki f248df9003 Cleanup trans sid code. Behavior is unchanged. 
Fixed possible injections. Escape values usually internal safe values.
 2015-02-02 17:06:16 +09:00
Xinchen Hui 4da7e4de29 The argument must be not changed in session_start 2015-01-29 12:26:13 +08:00
Yasuo Ohgaki 7a97eaf25d Cleanup session id files after test 2015-01-29 10:31:39 +09:00
Yasuo Ohgaki f90f6108c8 Merge branch 'master' into master-rfc-session-lock4 
Conflicts:
	UPGRADING
 2015-01-29 09:55:36 +09:00
Xinchen Hui a0cf025134 Fixed #68868 (Segfault in clean_non_persistent_constants() in SugarCRM 6.5.20) 2015-01-28 17:12:23 +08:00