Merge branch 'PHP-5.6'

* PHP-5.6:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	Zend/zend_exceptions.c
	ext/date/php_date.c
	ext/openssl/openssl.c
	ext/phar/phar_internal.h
	ext/soap/php_http.c
	ext/spl/spl_array.c
	ext/spl/spl_dllist.c
	ext/spl/spl_observer.c
	ext/standard/tests/serialize/bug69152.phpt
	sapi/cli/tests/005.phpt

1 files changed, 4 insertions, 3 deletions

diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
index 60dd9dd3ae..61573eb77e 100644
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@@ -815,10 +815,11 @@ try_again:
 				zend_hash_internal_pointer_reset(Z_ARRVAL_P(cookies));
 				smart_str_append_const(&soap_headers, "Cookie: ");
 				for (i = 0; i < n; i++) {
+					ulong numindx;
+					int res = zend_hash_get_current_key(Z_ARRVAL_P(cookies), &key, &numindx);
 					data = zend_hash_get_current_data(Z_ARRVAL_P(cookies));
-					zend_hash_get_current_key(Z_ARRVAL_P(cookies), &key, NULL);
-
-					if (Z_TYPE_P(data) == IS_ARRAY) {
+					
+					if (res == HASH_KEY_IS_STRING && Z_TYPE_P(data) == IS_ARRAY) {
 					  zval *value;
 
 						if ((value = zend_hash_index_find(Z_ARRVAL_P(data), 0)) != NULL &&