summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update CREDITS for PHP 7.2.27PHP-7.2.27Remi Collet2020-01-222-11/+11
|
* Update NEWS for PHP 7.2.27Remi Collet2020-01-221-1/+1
|
* Update NEWSStanislav Malyshev2020-01-201-0/+9
|
* Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)Stanislav Malyshev2020-01-202-5/+22
|
* Fix #79099: OOB read in php_strip_tags_exStanislav Malyshev2020-01-202-3/+35
|
* Fix #79091: heap use-after-free in session_create_id()Christoph M. Becker2020-01-202-0/+68
| | | | If the `new_id` is released, we must not use it again.
* fix release dateRemi Collet2019-12-181-1/+1
|
* [ci skip] Update NEWSStanislav Malyshev2019-12-161-0/+16
|
* Fix testStanislav Malyshev2019-12-161-1/+1
|
* Fix bug #78793Stanislav Malyshev2019-12-162-2/+15
|
* Fixed bug #78910Stanislav Malyshev2019-12-162-1/+19
|
* Fix #78878: Buffer underflow in bc_shift_addsubChristoph M. Becker2019-12-162-2/+15
| | | | | We must not rely on `isdigit()` to detect digits, since we only support decimal ASCII digits in the following processing.
* Fix testStanislav Malyshev2019-12-161-1/+1
|
* Fix #78862: link() silently truncates after a null byte on WindowsChristoph M. Becker2019-12-162-1/+18
| | | | | Since link() is supposed to accepts paths (i.e. strings without NUL bytes), we must not accept arbitrary strings.
* Fix #78863: DirectoryIterator class silently truncates after a null byteChristoph M. Becker2019-12-162-2/+33
| | | | | | Since the constructor of DirectoryIterator and friends is supposed to accepts paths (i.e. strings without NUL bytes), we must not accept arbitrary strings.
* next is 7.2.27Remi Collet2019-12-033-5/+8
|
* Fix #78814: strip_tags allows / in tag name => whitelist bypassChristoph M. Becker2019-12-023-1/+11
| | | | | | | When normalizing tags to check whether they are contained in the set of allowable tags, we must not strip slashes, unless they come immediately after the opening `<`, or immediately before the closing `>`.
* Fix #78833: Integer overflow in pack causes out-of-bound accessChristoph M. Becker2019-12-023-1/+15
| | | | | We check for potential signed integer overflow, and bail out gracefully, in that case.
* Added environment LSAPI_CLEAN_SHUTDOWN to control clean shutdown. Update ↵George Wang2019-11-211-14/+26
| | | | SAPI version to LiteSpeed v7.6 .
* Fix #78849: GD build broken with -D SIGNED_COMPARE_SLOWChristoph M. Becker2019-11-212-1/+4
| | | | | | Apparently, this has not been tested for a long time, and might be a refactoring relict. Anyhow, we have to pass the context to `GIFNextPixel` as well.
* Update NEWSChristoph M. Becker2019-11-181-0/+4
|
* Fix $x = (bool)$x; for undefined with opcacheTyson Andre2019-11-183-8/+58
| | | | | | | | | | | | | | And `$x = !$x` Noticed while working on GH-4912 The included test would not emit undefined variable errors in php 8.0 with opcache enabled. The command used: ``` php -d zend_extension=opcache.so --no-php-ini -d error_reporting=E_ALL \ -d opcache.file_cache= -d opcache.enable_cli=1 test.php ```
* Fix bug #78804 - Segmentation fault in Locale::filterMatchesStanislav Malyshev2019-11-113-4/+20
|
* Remove outdated comments in testNikita Popov2019-11-071-3/+3
|
* Fixed bug #78759Nikita Popov2019-11-073-4/+21
| | | | Handle INDIRECT values in array.
* Bump for 7.2.26-devSara Golemon2019-11-053-5/+8
|
* Fixed bug #78775Nikita Popov2019-11-053-0/+40
| | | | | | Clear the OpenSSL error queue before performing SSL stream operations. As we don't control all code that could possibly be using OpenSSL, we can't rely on the error queue being empty.
* Fix test cases for libxml2 2.9.10Christoph M. Becker2019-10-312-4/+4
| | | | | Since the error reporting has been slightly changed, we have to adapt the two affected test cases.
* Add missing refcount incrementNikita Popov2019-10-301-0/+1
|
* Fixed bug #78689Nikita Popov2019-10-293-1/+23
|
* Merge branch 'PHP-7.1' into PHP-7.2Stanislav Malyshev2019-10-282-4/+4
|\ | | | | | | | | | | | | * PHP-7.1: Fix libmagic buffer overflow issue (CVE-2019-18218) bump version set versions for release
| * Fix libmagic buffer overflow issue (CVE-2019-18218)Stanislav Malyshev2019-10-272-4/+4
| | | | | | | | Ported from https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
| * bump versionJoe Watkins2019-10-223-6/+10
| |
| * set versions for releasephp-7.1.33Joe Watkins2019-10-223-3/+3
| |
* | Fix #78751: Serialising DatePeriod converts DateTimeImmutableChristoph M. Becker2019-10-283-6/+23
| | | | | | | | | | | | When getting the properties of a DatePeriod instance we have to retain the proper classes, and when restoring a DatePeriod instance we have to cater to DateTimeImmutable instances as well.
* | Fix bug #78752Nikita Popov2019-10-283-8/+38
| | | | | | | | | | | | | | | | | | NULL out the execute_data before destroying it, otherwise GC may trigger while the execute_data is partially destroyed, resulting in double-frees. The handling of call stack unfreezing is a bit awkward because it's a ZEND_API function, so we can't change the signature.
* | Fixed bug #78747Nikita Popov2019-10-254-13/+42
| |
* | Use ICU's CXXFLAGS when using pkg-configRyan Schmidt2019-10-231-1/+2
| | | | | | | | This mirrors how ICU's CXXFLAGS are already used when using icu-config.
* | Add "-pthread" to EXTRA_LDFLAGS_PROGRAM as wellNikita Popov2019-10-231-0/+2
| | | | | | | | | | This is a backport of c518932c0326a938f0fd0254f2adb03b1cddfbca from the PHP 7.4 branch.
* | add NEWS entryRemi Collet2019-10-221-0/+4
| |
* | Merge branch 'PHP-7.1' into PHP-7.2Stanislav Malyshev2019-10-213-4/+72
|\ \ | |/ | | | | | | | | | | * PHP-7.1: Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043) bump versions after release set versions for release
| * Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)Jakub Zelenka2019-10-204-5/+75
| |
| * bump versions after releaseJoe Watkins2019-08-283-6/+10
| |
| * set versions for releasephp-7.1.32Joe Watkins2019-08-283-4/+12
| |
* | Fix bug #78697: inaccurate error messageFabien Villepinte2019-10-214-31/+49
| |
* | Fix #78694: Appending to a variant array causes segfaultChristoph M. Becker2019-10-193-0/+27
| | | | | | | | | | | | `write_dimension` object handlers have to be able to handle `NULL` `offset`s; for now we simply throw an exception instead of following the `NULL` pointer.
* | Fix #70153 \DateInterval incorrectly unserializedm.yakunin2019-10-186-4/+35
| | | | | | | | | | Added a separate macro for reading 'days' property, so that bool(false) is correctly converted to the proper internal representation.
* | Fix checksum calculation for opcacheMitch Hagstrand2019-10-144-11/+18
| |
* | Fix #78665: Multicasting may leak memoryChristoph M. Becker2019-10-122-0/+9
| |
* | Fix leak in phar openNikita Popov2019-10-102-7/+8
| |
View Lorry Controller Status