php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-24 16:38:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
bb16c2e90f8fe026adc8e633c77141d4498ed621
archived-php-src/ext/standard/tests/serialize
T
History
Tim Düsterhus f2e8c5da90 unserialize: Strictly check for :{ at object start (#10214) 
* unserialize: Strictly check for `:{` at object start

* unserialize: Update CVE tests

It's unlikely that the object syntax error contributed to the actual CVE. The
CVE is rather caused by the incorrect object serialization data of the `C`
format. Add a second string without such a syntax error to ensure that path is
still executed as well to ensure the CVE is absent.

* Fix test expectation in gmp/tests/bug74670.phpt

No changes to the input required, because the test actually is intended to
verify the behavior for a missing `}`, it's just that the report position changed.

* NEWS

* UPGRADING
2023-01-12 19:55:54 +01:00
..
__serialize_001.phpt
Implement new custom object serialization mechanism
2019-03-22 10:43:06 +01:00
__serialize_002.phpt
Fixed bug #77873
2019-04-09 17:27:02 +02:00
__serialize_003.phpt
Implement new custom object serialization mechanism
2019-03-22 10:43:06 +01:00
__serialize_004.phpt
Deprecate implicit dynamic properties
2021-11-26 14:10:11 +01:00
__serialize_005.phpt
Change the order of properties used for var_dump(), serialize(), comparison, etc.
2021-03-01 13:29:49 +03:00
__serialize_006.phpt
Fix leak on error in new serialization mechanism
2019-04-09 17:19:44 +02:00
__serialize_007.phpt
Fix use-after-free due to packed->mixed conversion with __unserialize()
2019-09-16 14:37:16 +02:00
001.phpt
Deprecate implicit dynamic properties
2021-11-26 14:10:11 +01:00
002.phpt
Clean DONE tags from tests
2019-11-07 21:31:47 +01:00
003.phpt
Use serialize_precision for var_dump()
2020-02-25 09:51:32 +01:00
004.phpt
005.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
006.phpt
Reindent phpt files
2020-02-03 22:52:20 +01:00
autoload_implements.inc
Reindent phpt files
2020-02-03 22:52:20 +01:00
autoload_interface.inc
Reindent phpt files
2020-02-03 22:52:20 +01:00
bug14293.phpt
Deprecate implicit dynamic properties
2021-11-26 14:10:11 +01:00
bug21957.phpt
Reindent phpt files
2020-02-03 22:52:20 +01:00
bug23298.phpt
Reindent phpt files
2020-02-03 22:52:20 +01:00
bug24063.phpt
Reindent phpt files
2020-02-03 22:52:20 +01:00
bug25378.phpt
Clean DONE tags from tests
2019-11-07 21:31:47 +01:00
bug26762.phpt
Run tidy
2020-09-18 14:28:32 +02:00
bug27469.phpt
bug28325.phpt
Reindent phpt files
2020-02-03 22:52:20 +01:00
bug30234.phpt
Run tidy
2020-09-18 14:28:32 +02:00
bug31402.phpt
Clean DONE tags from tests
2019-11-07 21:31:47 +01:00
bug31442.phpt
bug35895.phpt
Promote a few remaining errors in ext/standard
2020-09-15 14:26:16 +02:00
bug36424.phpt
Deprecate implicit dynamic properties
2021-11-26 14:10:11 +01:00
bug37947.phpt
Add many missing closing PHP tags to tests
2020-08-09 22:03:36 +02:00
bug42919.phpt
bug43614.phpt
bug45706.phpt
Add many missing closing PHP tags to tests
2020-08-09 22:03:36 +02:00
bug46882.phpt
bug49649_1.phpt
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
2022-08-30 07:46:32 -04:00
bug49649_2.phpt
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
2022-08-30 07:46:32 -04:00
bug49649.phpt
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
2022-08-30 07:46:32 -04:00
bug55798.phpt
Add many missing closing PHP tags to tests
2020-08-09 22:03:36 +02:00
bug62373.phpt
Trim trailing whitespace in *.phpt
2018-10-14 19:45:12 +02:00
bug62836_1.phpt
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
2022-08-30 07:46:32 -04:00
bug62836_2.phpt
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
2022-08-30 07:46:32 -04:00
bug64146.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
bug64354_1.phpt
Trim trailing whitespace in *.phpt
2018-10-14 19:45:12 +02:00
bug64354_2.phpt
Trim trailing whitespace in *.phpt
2018-10-14 19:45:12 +02:00
bug64354_3.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
bug65481.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
bug65806.phpt
Reindent phpt files
2020-02-03 22:52:20 +01:00
bug67072.phpt
Add ZEND_ACC_NOT_SERIALIZABLE flag
2021-07-19 15:59:11 +02:00
bug68044.phpt
Reindent phpt files
2020-02-03 22:52:20 +01:00
bug68545.phpt
Clean DONE tags from tests
2019-11-07 21:31:47 +01:00
bug68594.phpt
Reindent phpt files
2020-02-03 22:52:20 +01:00
bug68976.phpt
Reindent phpt files
2020-02-03 22:52:20 +01:00
bug69139.phpt
bug69152.phpt
Make Exception::$trace typed array property
2020-05-28 13:55:38 +02:00
bug69210.phpt
Skip non-existing properties returned by __sleep()
2020-04-22 16:41:04 +02:00
bug69425.phpt
Update related test in ext/standard
2022-04-29 11:25:55 +01:00
bug69793.phpt
Make some exception properties typed
2021-04-22 10:22:50 +02:00
bug70172_2.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
bug70172.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
bug70213.phpt
Reindent phpt files
2020-02-03 22:52:20 +01:00
bug70219_1.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
bug70219.phpt
Fix session + Serializable tests
2021-07-30 16:13:05 +02:00
bug70436.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
bug70513.phpt
Migrate SKIPIF -> EXTENSIONS (#7138)
2021-06-11 11:57:42 +02:00
bug70963.phpt
Make Exception::$trace typed array property
2020-05-28 13:55:38 +02:00
bug71311.phpt
Sync leading and final newlines in *.phpt sections
2018-10-15 04:33:09 +02:00
bug71313.phpt
bug71840.phpt
bug71940.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
bug71995.phpt
Promote a few remaining errors in ext/standard
2020-09-15 14:26:16 +02:00
bug72229.phpt
Trim trailing whitespace in *.phpt
2018-10-14 19:46:15 +02:00
bug72663_2.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
bug72663_3.phpt
Migrate SKIPIF -> EXTENSIONS (#7138)
2021-06-11 11:57:42 +02:00
bug72663.phpt
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
2022-08-30 07:46:32 -04:00
bug72731.phpt
Reindent phpt files
2020-02-03 22:52:20 +01:00
bug72785.phpt
bug73052.phpt
bug73154.phpt
bug73341.phpt
unserialize: Strictly check for :{ at object start (#10214)
2023-01-12 19:55:54 +01:00
bug73825.phpt
bug74101.phpt
Sanity-check array/object lengths during unserialization
2019-09-16 11:38:35 +02:00
bug74103.phpt
Merge branch 'PHP-7.0' into PHP-7.1
2017-09-12 18:18:44 +02:00
bug74111.phpt
unserialize: Strictly check for :{ at object start (#10214)
2023-01-12 19:55:54 +01:00
bug74300.phpt
Clean DONE tags from tests
2019-11-07 21:31:47 +01:00
bug74614.phpt
Fix test portability
2017-09-11 12:38:20 +02:00
bug75054.phpt
Fixed bug #74103 and bug #75054
2017-08-12 13:11:35 +02:00
bug76300.phpt
Change the order of properties used for var_dump(), serialize(), comparison, etc.
2021-03-01 13:29:49 +03:00
bug78438.phpt
Fix #78438: Corruption when __unserializing deeply nested structures
2019-08-23 11:41:06 +02:00
bug79526.phpt
Promote a few remaining errors in ext/standard
2020-09-15 14:26:16 +02:00
bug80411.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
bug81111.phpt
Add ZEND_ACC_NOT_SERIALIZABLE flag
2021-07-19 15:59:11 +02:00
bug81142.phpt
Fix bug #81142 by adding zend_string_init_existing_interned()
2021-08-12 11:57:50 +02:00
bug81163.phpt
Fix test
2021-06-18 18:09:27 +01:00
counting_of_references.phpt
incomplete_class_magic.phpt
Fix edge case serializing __PHP_Incomplete_Class properties.
2021-01-04 09:46:54 -05:00
incomplete_class.phpt
Promote incomplete class to modification to Error
2020-08-28 11:14:43 +02:00
invalid_signs_in_lengths.phpt
Add test for previous commit
2017-03-23 22:37:17 +01:00
max_depth.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
overwrite_untyped_ref.phpt
Fix removal of type source during unserialization
2020-12-04 12:56:05 +01:00
precision.phpt
Run tidy
2020-09-18 14:28:32 +02:00
ref_to_failed_serialize.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
serialization_arrays_001.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_arrays_002.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_arrays_003.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_arrays_004.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_arrays_005.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_error_002.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_miscTypes_001.phpt
Add %0 format to run-tests.php
2021-05-29 11:33:13 +02:00
serialization_objects_001.phpt
Add %0 format to run-tests.php
2021-05-29 11:33:13 +02:00
serialization_objects_002.phpt
Add %0 format to run-tests.php
2021-05-29 11:33:13 +02:00
serialization_objects_003.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_objects_004.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_objects_005.phpt
Deprecate implicit dynamic properties
2021-11-26 14:10:11 +01:00
serialization_objects_006.phpt
Promote incomplete class to modification to Error
2020-08-28 11:14:43 +02:00
serialization_objects_007.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_objects_008.phpt
Make zend_call_function() failure handling consistent
2021-09-01 16:09:23 +02:00
serialization_objects_009.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_objects_010.phpt
Include class name in Serializable deprecation message
2021-08-11 10:35:47 +02:00
serialization_objects_011.phpt
Change the order of properties used for var_dump(), serialize(), comparison, etc.
2021-03-01 13:29:49 +03:00
serialization_objects_012.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_objects_013.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_objects_014.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_objects_015.phpt
Reindent phpt files
2020-02-03 22:52:20 +01:00
serialization_objects_016.phpt
Fix infiniry recursion during serialize() of "tricky" object
2022-03-01 00:00:22 +03:00
serialization_objects_017.phpt
unserialize: Strictly check for :{ at object start (#10214)
2023-01-12 19:55:54 +01:00
serialization_objects_018.phpt
unserialize: Strictly check for :{ at object start (#10214)
2023-01-12 19:55:54 +01:00
serialization_objects_incomplete.phpt
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
2022-08-30 07:46:32 -04:00
serialization_precision_001.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_precision_002.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialization_resources_001.phpt
Remove unnecessary PHPDoc-alike blocks from tests
2020-06-24 13:13:44 +02:00
serialize_globals_var_refs.phpt
Fix ref ID handling when serializing $GLOBALS
2018-10-08 13:16:23 +02:00
sleep_deref.phpt
Deref names returned by __sleep()
2020-01-02 11:14:00 +01:00
sleep_mangled_name_clash.phpt
Promote a few remaining errors in ext/standard
2020-09-15 14:26:16 +02:00
sleep_undefined_declared_properties.phpt
Promote a few remaining errors in ext/standard
2020-09-15 14:26:16 +02:00
sleep_uninitialized_typed_prop.phpt
Fix bug #79447
2020-04-23 10:30:33 +02:00
splobjectstorage_negative_count.phpt
Fix skipif condition
2019-09-23 17:17:52 +02:00
SplObjectStorage_object_reference.phpt
Don't include object hash in SplObjectStorage debug dump
2021-05-18 17:20:20 +02:00
typed_property_ref_assignment_failure.phpt
Fix unserialization ref source management, again
2020-11-25 17:04:07 +01:00
typed_property_ref_overwrite2.phpt
Fix another typed resource issue in unserialization
2020-12-07 12:36:09 +01:00
typed_property_ref_overwrite.phpt
Fix another ref source management bug in unserialize
2020-11-30 14:23:54 +01:00
typed_property_refs.phpt
Fix unserialization ref source management, again
2020-11-25 17:04:07 +01:00
unserialize_abstract_class.phpt
Fix segfault when unserializing abstract class
2019-09-16 13:52:52 +02:00
unserialize_classes.phpt
Add many missing closing PHP tags to tests
2020-08-09 22:03:36 +02:00
unserialize_error_001.phpt
Promote a few remaining errors in ext/standard
2020-09-15 14:26:16 +02:00
unserialize_large.phpt
Sanity-check array/object lengths during unserialization
2019-09-16 11:38:35 +02:00
unserialize_leak.phpt
Fix leak in SplObjectStorage unserialization
2019-09-16 13:02:32 +02:00
unserialize_mem_leak.phpt
Reindent phpt files
2020-02-03 22:52:20 +01:00
unserialize_neg_iv_edge_cases.phpt
Skip test on 32-bit
2019-09-23 14:52:32 +02:00
unserialize_overwrite_undeclared_protected.phpt
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
2022-08-30 07:46:32 -04:00
unserialize_ref_to_overwritten_declared_prop.phpt
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
2022-08-30 07:46:32 -04:00
unserialize_subclasses.phpt
Add many missing closing PHP tags to tests
2020-08-09 22:03:36 +02:00
unserializeS.phpt
Add many missing closing PHP tags to tests
2020-08-09 22:03:36 +02:00