| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
| |
* PHP-7.1:
Fix bug #77967 - Bypassing open_basedir restrictions via file uris
|
| |
|
|
|
| |
* PHP-7.1:
Fix bug #77988 - heap-buffer-overflow on php_jpg_get16
|
| | |
|
| |
|
|
|
|
|
| |
* PHP-7.1:
Update NEWS
Fix bug #78069 - Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow
Fix #77973: Uninitialized read in gdImageCreateFromXbm
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
stderr is supposed to be redirected to NUL (which is roughly equivalent
to /dev/null on POSIX), but actually was redirected to a file.
|
| | |
|
| |
|
|
|
|
|
|
| |
If a PHP file contains an invalid hex literal such as `0x_10`, the expected error
is `Parse error: syntax error, unexpected 'x_10' (T_STRING) in %s on line %d`.
This already worked correctly on Linux, but on Windows prior to this patch a different
error was produced: `Parse error: Invalid numeric literal in %s on line %d`.
|
| |
|
|
|
| |
These files are tracked with CRLF line endings in Git and can be
converted to LF. Neither are parts of tests or code itself.
|
| | |
|
| |
|
|
|
| |
These EOL types are part of different environments and not part of the
tests themselves.
|
| |
|
|
|
| |
Since opcache.enable defaults to 1 anyway, this change is only
cosmetic.
|
| | |
|
| |
|
|
|
|
|
| |
Since PHP strings are binary safe (i.e. they may contain NUL bytes), we
must not assume that strlen()/wcslen() actually return the length of
the string. Only if the given in_len is zero, it is safe to assert
this.
|
| | |
|
| |
|
|
|
| |
This test may fail on Windows due to the file cache fallback. We
ensure that this will not happen.
|
| |
|
|
|
|
|
|
|
| |
Several tests use `/tmp` in the `--INI--` section, but this is not
portable. We therefore introduce the `{TMP}` placeholder which
evaluates to the system's temporary directory using
`sys_get_temp_dir()`.
We also remove the doubtful `strpos()` optimization.
|
| |
|
|
|
| |
We can't assume that the method we're checking against is part of
the parent class...
|
| |
|
|
| |
The php.net is redirected to https so use nginx.org
|
| | |
|
| |\
| |
| |
| |
| | |
* PHP-7.1:
Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG
|
| | |
| |
| |
| |
| |
| | |
I do not completely understand what is going on there, but I am pretty
sure dir_entry <= offset_base if not a normal situation, so we better not
to rely on such dir_entry.
|
| |\ \
| |/
| |
| |
| | |
* PHP-7.1:
Fix #77821: Potential heap corruption in TSendMail()
|
| | |
| |
| |
| |
| |
| |
| |
| | |
`zend_string_tolower()` returns a copy (not a duplicate) of the given
string, if it is already in lower case. In this case we must not not
`zend_string_free()` both strings. The cleanest solution is to call
` zend_string_release()` on both strings, which properly handles the
refcount.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Firstly, we must not call `gdImageSetAntiAliased()` (which sets the
color to anti-alias), but rather modify the `gdImage.AA` flag.
Furthermore, we have to actually use the supplied boolean value.
We also make sure that we don't attempt to enable anti-aliasing for
palette images.
|
| | | |
|
| | |
| |
| |
| |
| | |
Make sure that we proper distinguish between empty string key and
no key during SDL serialization.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These tests are obviously meant to test successful and failing uri:
DSNs, but did not pass proper file:// URIs, so actually ended up
testing for invalid data source URIs twice. We fix this, and adjust
the expectations accordingly.
We also unfork the -win32 variant, since both test cases are almost
identical, and the expected error message may be either one.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
MySQL/MariaDB version strings may have suffixes which may contain dots;
for instance, Debian stretch has 5.5.5-10.1.37-MariaDB-0+deb9u1 or
such. Therefore, we make the version extraction more liberal, and only
require that there are at least three parts separated by dot, and
ignore additional parts.
We also fix an erroneous test expectation, which would be triggered on
CI now, right away. This patch has been provided by petk@.
|
| | | |
|
| | |
| |
| |
| |
| | |
- Correct the behaviour of casting spl files to strings
- Add a test for Bug 77024
|
| | |
| |
| |
| |
| |
| | |
All pdo_mysql tests are skipped on AppVeyor because "No such host is
known". We change the DSN to use semicolons instead of spaces to fix
that.
|
| | |
| |
| |
| |
| |
| | |
When actually fetching the data, bigint (unsigned) column values are
returned as integers on LLP64 architectures, so their pdo_type has to
be PDO::PARAM_INT accordingly.
|
| | |
| |
| |
| | |
Of course, we should expect a comma, not a period.
|
| | |
| |
| |
| | |
This time so that it works for all Windows 10 versions (hopefully).
|
| | | |
|
| | |
| |
| |
| |
| | |
Since tcp_socket/ssl streams are not representable, we suppress the
redirect to fix the test case.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
alias for now.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This embeds the PHP logo image in the FPM status HTML page instead of
using remote location. The phpinfo() output also uses such approach
and browser compatibility looks decent [1].
1: https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs
|
| | | |
|
| | | |
|
