Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update NEWS for PHP 7.2.24PHP-7.2.24 | Remi Collet | 2019-10-22 | 1 | -1/+1 |
| | |||||
* | add NEWS entry for CVE-2019-11043 | Remi Collet | 2019-10-22 | 1 | -2/+4 |
| | |||||
* | Merge branch 'PHP-7.1' into PHP-7.2 | Stanislav Malyshev | 2019-10-22 | 3 | -4/+72 |
| | | | | | | | * PHP-7.1: Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043) bump versions after release set versions for release | ||||
* | Update NEWS for 7.2.24 | Remi Collet | 2019-10-08 | 1 | -0/+3 |
| | |||||
* | Update CREDITS for PHP 7.2.24RC1 | Remi Collet | 2019-10-08 | 2 | -11/+11 |
| | |||||
* | Update NEWS for PHP 7.2.24RC1 | Remi Collet | 2019-10-08 | 1 | -1/+1 |
| | |||||
* | Fix #78641: addGlob can modify given remove_path value | Christoph M. Becker | 2019-10-08 | 3 | -2/+37 |
| | | | | | | | `remove_path` points to the given string, so we must not modify it. Instead we use a duplicate, if we need the modification. We may want to switch to `zend_string`s in master. | ||||
* | Check for object_init_ex() failure in user filter factory | Nikita Popov | 2019-10-07 | 2 | -3/+25 |
| | |||||
* | Set session.gc_probability=0 in bug78624.phpt | Nikita Popov | 2019-10-07 | 1 | -0/+1 |
| | | | | | We only want to test manually triggered session GC. Avoid spurious output due to automatic GC. | ||||
* | Fix #78623: Regression caused by "SP call yields additional empty result set" | Christoph M. Becker | 2019-10-07 | 5 | -2/+12 |
| | | | | This reverts commit 41a4379cb45419a376043ca5f8c5a2bca82cea7c. | ||||
* | Split intl tests for ICU 65 | Christoph M. Becker | 2019-10-04 | 4 | -0/+1559 |
| | |||||
* | Fix #78620: Out of memory error | Christoph M. Becker | 2019-10-04 | 4 | -2/+28 |
| | | | | | The integer addition in `ZEND_MM_ALIGNED_SIZE_EX` can overflow, what we have to catch early. | ||||
* | fix #78624: session_gc return value for user defined session handlers | Brent Shaffer | 2019-10-04 | 4 | -7/+85 |
| | |||||
* | Fix bug #76809 (SSL settings aren't respected when persistent connection is ↵ | Fábio Souto | 2019-10-03 | 2 | -4/+57 |
| | | | | reused) | ||||
* | Fix #76859 stream_get_line skips data if used with data-generating filter | Konstantin Kopachev | 2019-10-03 | 5 | -6/+38 |
| | | | | | | | | | stream_get-line repeatedly calls php_stream_fill_read_buffer until enough data is accumulated in buffer. However, when stream contains filters attached to it, then each call to fill buffer essentially resets buffer read/write pointers and new data is written over old. This causes stream_get_line to skip parts of data from stream This patch fixes such behavior, so fill buffer call will append. | ||||
* | Revert "Fix #78620: Out of memory error" | Christoph M. Becker | 2019-10-02 | 2 | -6/+0 |
| | | | | | | This reverts commit 8ce04df7e0108a10f7b782a28204e9384ab1129c. Cf. <https://github.com/php/php-src/pull/4766#discussion_r330658679>. | ||||
* | Fix #78620: Out of memory error | Christoph M. Becker | 2019-10-02 | 2 | -0/+6 |
| | | | | | If the integer addition in `ZEND_MM_ALIGNED_SIZE_EX` overflows, the macro evaluates to `0`, what we should catch early. | ||||
* | Fix segfault with __COMPILER_HALT_OFFSET__ and trailing {} | Nikita Popov | 2019-10-02 | 2 | -0/+11 |
| | | | | Fixes OSS-Fuzz #17895. | ||||
* | Fixed test that "fails" from time to time | Dmitry Stogov | 2019-10-02 | 1 | -1/+1 |
| | |||||
* | Fixed test that "fails" from time to time | Dmitry Stogov | 2019-10-02 | 1 | -1/+1 |
| | |||||
* | Add missing skip keyword in tests | Fabien Villepinte | 2019-10-01 | 6 | -6/+6 |
| | |||||
* | Fixed bug #78612 | Nikita Popov | 2019-09-30 | 3 | -0/+21 |
| | |||||
* | Fix #78609: mb_check_encoding() no longer supports stringable objects | Christoph M. Becker | 2019-09-30 | 3 | -20/+30 |
| | | | | We apply type juggling for other types than array. | ||||
* | Fix build for libzip < 0.11.2 | Christoph M. Becker | 2019-09-29 | 1 | -0/+2 |
| | | | | | We must not define method entries, if the actual method definitions or the arginfo structures are not defined. | ||||
* | Fix SKIPIF in ext/mysqli | Fabien Villepinte | 2019-09-27 | 11 | -20/+20 |
| | |||||
* | Fix skipif.inc | Christoph M. Becker | 2019-09-27 | 1 | -1/+1 |
| | |||||
* | Fix memory leak with ** on array operands | Nikita Popov | 2019-09-26 | 2 | -0/+26 |
| | |||||
* | Fix null-pointer deref in if stmt printing | Nikita Popov | 2019-09-26 | 2 | -1/+5 |
| | | | | Fixes OSS-Fuzz #17721. | ||||
* | Fix hash key length in umsg_parse_format() | Jinesh Patel | 2019-09-25 | 1 | -3/+3 |
| | | | | | Fix array length passed to zend_hash_str_find_ptr() casting from UChar array to char array requires mul by sizeof(UChar). | ||||
* | Fix NEWS entry | Christoph M. Becker | 2019-09-23 | 1 | -4/+4 |
| | | | | Cf. <https://bugs.php.net/78590>. | ||||
* | Fix skipif condition | Nikita Popov | 2019-09-23 | 1 | -1/+1 |
| | |||||
* | Skip test on 32-bit | Nikita Popov | 2019-09-23 | 1 | -0/+2 |
| | |||||
* | Fix signed integer overflow in SplObjectStorage unserialization | Nikita Popov | 2019-09-23 | 2 | -0/+18 |
| | | | | | | | | If count is ZEND_LONG_MIN the count-- loop underflows. This is ultimately harmless, but results in a ubsan warning. Fix this by adding a sanity check that the count isn't negative, because that doesn't make sense... | ||||
* | Fix test to be skipped if dom is not available | Christoph M. Becker | 2019-09-22 | 1 | -0/+1 |
| | |||||
* | Fix leak of temporary buffer during exif tag reading | Nikita Popov | 2019-09-22 | 3 | -0/+12 |
| | |||||
* | Fix multiple leaks in exif_read_data() | Nikita Popov | 2019-09-21 | 3 | -5/+15 |
| | | | | | | | This fixes two leaks related to duplicate tags, as well as a leak of zero-length FMT_(S)BYTE with non-null value. This can show up for MAKERNOTE values where the original length is non-zero, but the first character is a null byte. | ||||
* | Fix length of key passed to zend_hash_str_find_ptr | Jinesh Patel | 2019-09-21 | 1 | -2/+2 |
| | |||||
* | Fix #78579: mb_decode_numericentity: args number inconsistency | Christoph M. Becker | 2019-09-21 | 2 | -0/+5 |
| | | | | | | | | | mb_decode_numericentity() accepts a fourth optional parameter, which is unused, however. Since this parameter doesn't do any harm, and to avoid the small BC break, we're keeping this parameter for PHP 7, but adjust the arginfo. For PHP 8, we will remove this parameter. | ||||
* | Fix out-of-bounds read in exif tag reading | Nikita Popov | 2019-09-19 | 4 | -0/+37 |
| | | | | | | | This issue was recently introduced in c739023a50876e2a90588f915803b0140a95638e, when the restriction that components>0 has been relaxed. We now need to make sure that any tags that expect at least one component check that this is the case. | ||||
* | Fix iterable return type optimization | Nikita Popov | 2019-09-19 | 2 | -1/+19 |
| | |||||
* | Fix exif leak on duplicate copyright tags | Nikita Popov | 2019-09-19 | 3 | -0/+16 |
| | |||||
* | Fix typo | CJDennis | 2019-09-19 | 1 | -1/+1 |
| | | | | `sizeof("data")-1` and `sizeof("date")-1` are both 4, so no change in behaviour | ||||
* | Increase timeout in test | Nikita Popov | 2019-09-17 | 1 | -3/+5 |
| | |||||
* | Fix #76342: file_get_contents waits twice specified timeout | fancyweb | 2019-09-17 | 4 | -8/+76 |
| | |||||
* | Add tilde to allowed status/ping path | Drakano | 2019-09-17 | 1 | -4/+4 |
| | | | | | | | Because of user specific webdirs it should be possible to set a status/ping path like "/~username/status". Closes GH-4698. | ||||
* | Fix opcache return type for get_headers in zend_func_info | Tyson Andre | 2019-09-17 | 1 | -1/+1 |
| | | | | | | | | | | https://www.php.net/manual/en/function.get-headers.php#refsect1-function.get-headers-examples shows that it will return string keys when the second argument is non-zero. I've verified that this is the case. This bug was there since the initial commit in c88ffa9a567. Closes GH-4702. | ||||
* | Fixed bug #78545 | Nikita Popov | 2019-09-16 | 1 | -2/+2 |
| | | | | By using an explicit (double) cast. | ||||
* | Fix leak in SplObjectStorage unserialization | Nikita Popov | 2019-09-16 | 2 | -0/+18 |
| | | | | | The result of php_var_unserialize always needs to be destroyed, even if the call failed. | ||||
* | Stick with zend_long for ABI compatibility | Christoph M. Becker | 2019-09-15 | 1 | -1/+1 |
| | | | | Cf. <https://github.com/php/php-src/pull/4700#issuecomment-531515689>. | ||||
* | Fix #78535: auto_detect_line_endings value not parsed as bool | bugreportuser | 2019-09-14 | 5 | -2/+58 |
| |