Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update CREDITS for PHP 7.2.29PHP-7.2.29 | Remi Collet | 2020-03-17 | 2 | -11/+11 |
| | |||||
* | Update NEWS for PHP 7.2.29 | Remi Collet | 2020-03-17 | 1 | -1/+1 |
| | |||||
* | [ci skip] Update NEWS | Stanislav Malyshev | 2020-03-15 | 1 | -0/+7 |
| | |||||
* | Fix test | Stanislav Malyshev | 2020-03-15 | 1 | -1/+1 |
| | |||||
* | Fix bug #79329 - get_headers should not accept \0 | Stanislav Malyshev | 2020-03-15 | 1 | -1/+1 |
| | |||||
* | Fixed bug #79282 | Stanislav Malyshev | 2020-03-15 | 2 | -1/+21 |
| | |||||
* | bump version to 7.2.29 | Remi Collet | 2020-02-18 | 3 | -5/+8 |
| | |||||
* | Update NEWS [ci skip] | Christoph M. Becker | 2020-02-17 | 1 | -0/+8 |
| | |||||
* | Mark bug76348.phpt as online test | Nikita Popov | 2020-02-16 | 1 | -0/+1 |
| | |||||
* | Fix bug #79082 - Files added to tar with Phar::buildFromIterator have ↵ | Stanislav Malyshev | 2020-02-16 | 4 | -0/+65 |
| | | | | all-access permissions | ||||
* | Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress | Stanislav Malyshev | 2020-02-15 | 2 | -4/+51 |
| | |||||
* | Fix typo in recent bugfix | Christoph M. Becker | 2020-02-14 | 2 | -2/+2 |
| | |||||
* | Fix #77569: Write Acess Violation in DomImplementation | Christoph M. Becker | 2020-02-13 | 3 | -1/+18 |
| | | | | We must not assume that the zval IS_STRING. | ||||
* | More checks for php_strip_tags_ex | Stanislav Malyshev | 2020-01-22 | 1 | -2/+2 |
| | |||||
* | next will be 7.2.28 | Remi Collet | 2020-01-22 | 3 | -5/+8 |
| | |||||
* | Update NEWS | Stanislav Malyshev | 2020-01-20 | 1 | -0/+9 |
| | |||||
* | Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`) | Stanislav Malyshev | 2020-01-20 | 2 | -5/+22 |
| | |||||
* | Fix #79099: OOB read in php_strip_tags_ex | Stanislav Malyshev | 2020-01-20 | 2 | -3/+35 |
| | |||||
* | Fix #79091: heap use-after-free in session_create_id() | Christoph M. Becker | 2020-01-20 | 2 | -0/+68 |
| | | | | If the `new_id` is released, we must not use it again. | ||||
* | fix release date | Remi Collet | 2019-12-18 | 1 | -1/+1 |
| | |||||
* | [ci skip] Update NEWS | Stanislav Malyshev | 2019-12-16 | 1 | -0/+16 |
| | |||||
* | Fix test | Stanislav Malyshev | 2019-12-16 | 1 | -1/+1 |
| | |||||
* | Fix bug #78793 | Stanislav Malyshev | 2019-12-16 | 2 | -2/+15 |
| | |||||
* | Fixed bug #78910 | Stanislav Malyshev | 2019-12-16 | 2 | -1/+19 |
| | |||||
* | Fix #78878: Buffer underflow in bc_shift_addsub | Christoph M. Becker | 2019-12-16 | 2 | -2/+15 |
| | | | | | We must not rely on `isdigit()` to detect digits, since we only support decimal ASCII digits in the following processing. | ||||
* | Fix test | Stanislav Malyshev | 2019-12-16 | 1 | -1/+1 |
| | |||||
* | Fix #78862: link() silently truncates after a null byte on Windows | Christoph M. Becker | 2019-12-16 | 2 | -1/+18 |
| | | | | | Since link() is supposed to accepts paths (i.e. strings without NUL bytes), we must not accept arbitrary strings. | ||||
* | Fix #78863: DirectoryIterator class silently truncates after a null byte | Christoph M. Becker | 2019-12-16 | 2 | -2/+33 |
| | | | | | | Since the constructor of DirectoryIterator and friends is supposed to accepts paths (i.e. strings without NUL bytes), we must not accept arbitrary strings. | ||||
* | next is 7.2.27 | Remi Collet | 2019-12-03 | 3 | -5/+8 |
| | |||||
* | Fix #78814: strip_tags allows / in tag name => whitelist bypass | Christoph M. Becker | 2019-12-02 | 3 | -1/+11 |
| | | | | | | | When normalizing tags to check whether they are contained in the set of allowable tags, we must not strip slashes, unless they come immediately after the opening `<`, or immediately before the closing `>`. | ||||
* | Fix #78833: Integer overflow in pack causes out-of-bound access | Christoph M. Becker | 2019-12-02 | 3 | -1/+15 |
| | | | | | We check for potential signed integer overflow, and bail out gracefully, in that case. | ||||
* | Added environment LSAPI_CLEAN_SHUTDOWN to control clean shutdown. Update ↵ | George Wang | 2019-11-21 | 1 | -14/+26 |
| | | | | SAPI version to LiteSpeed v7.6 . | ||||
* | Fix #78849: GD build broken with -D SIGNED_COMPARE_SLOW | Christoph M. Becker | 2019-11-21 | 2 | -1/+4 |
| | | | | | | Apparently, this has not been tested for a long time, and might be a refactoring relict. Anyhow, we have to pass the context to `GIFNextPixel` as well. | ||||
* | Update NEWS | Christoph M. Becker | 2019-11-18 | 1 | -0/+4 |
| | |||||
* | Fix $x = (bool)$x; for undefined with opcache | Tyson Andre | 2019-11-18 | 3 | -8/+58 |
| | | | | | | | | | | | | | | And `$x = !$x` Noticed while working on GH-4912 The included test would not emit undefined variable errors in php 8.0 with opcache enabled. The command used: ``` php -d zend_extension=opcache.so --no-php-ini -d error_reporting=E_ALL \ -d opcache.file_cache= -d opcache.enable_cli=1 test.php ``` | ||||
* | Fix bug #78804 - Segmentation fault in Locale::filterMatches | Stanislav Malyshev | 2019-11-11 | 3 | -4/+20 |
| | |||||
* | Remove outdated comments in test | Nikita Popov | 2019-11-07 | 1 | -3/+3 |
| | |||||
* | Fixed bug #78759 | Nikita Popov | 2019-11-07 | 3 | -4/+21 |
| | | | | Handle INDIRECT values in array. | ||||
* | Bump for 7.2.26-dev | Sara Golemon | 2019-11-05 | 3 | -5/+8 |
| | |||||
* | Fixed bug #78775 | Nikita Popov | 2019-11-05 | 3 | -0/+40 |
| | | | | | | Clear the OpenSSL error queue before performing SSL stream operations. As we don't control all code that could possibly be using OpenSSL, we can't rely on the error queue being empty. | ||||
* | Fix test cases for libxml2 2.9.10 | Christoph M. Becker | 2019-10-31 | 2 | -4/+4 |
| | | | | | Since the error reporting has been slightly changed, we have to adapt the two affected test cases. | ||||
* | Add missing refcount increment | Nikita Popov | 2019-10-30 | 1 | -0/+1 |
| | |||||
* | Fixed bug #78689 | Nikita Popov | 2019-10-29 | 3 | -1/+23 |
| | |||||
* | Merge branch 'PHP-7.1' into PHP-7.2 | Stanislav Malyshev | 2019-10-28 | 2 | -4/+4 |
|\ | | | | | | | | | | | | | * PHP-7.1: Fix libmagic buffer overflow issue (CVE-2019-18218) bump version set versions for release | ||||
| * | Fix libmagic buffer overflow issue (CVE-2019-18218) | Stanislav Malyshev | 2019-10-27 | 2 | -4/+4 |
| | | | | | | | | Ported from https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 | ||||
| * | bump version | Joe Watkins | 2019-10-22 | 3 | -6/+10 |
| | | |||||
| * | set versions for releasephp-7.1.33 | Joe Watkins | 2019-10-22 | 3 | -3/+3 |
| | | |||||
* | | Fix #78751: Serialising DatePeriod converts DateTimeImmutable | Christoph M. Becker | 2019-10-28 | 3 | -6/+23 |
| | | | | | | | | | | | | When getting the properties of a DatePeriod instance we have to retain the proper classes, and when restoring a DatePeriod instance we have to cater to DateTimeImmutable instances as well. | ||||
* | | Fix bug #78752 | Nikita Popov | 2019-10-28 | 3 | -8/+38 |
| | | | | | | | | | | | | | | | | | | NULL out the execute_data before destroying it, otherwise GC may trigger while the execute_data is partially destroyed, resulting in double-frees. The handling of call stack unfreezing is a bit awkward because it's a ZEND_API function, so we can't change the signature. | ||||
* | | Fixed bug #78747 | Nikita Popov | 2019-10-25 | 4 | -13/+42 |
| | |