| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allows overriding the HTTP header using the HTTP context:
$client = new SoapClient('http://url.wsdl&v=latest', [
'stream_context' => stream_context_create([
'http' => [
'content_type' => 'foobarX',
],
]),
]);
This is a backport of c55af3c65ac116bbd935bd3d695869d88056c49c
to the PHP 7.2 branch.
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Name verification was failing because the OpenSSL extension was picking
the proxy server's address when guessing which name to compare to the
SSL certificate. This scenario is already handled for stream wrappers
in http_fopen_wrapper.c. This patch applies the same fix to the SOAP
extension: when a proxy is used, set peer_name explicitly on the stream
context.
|
| | | |
|
| | | |
|
| |/
|
|
|
| |
"%p" replaced by ZEND_LONG_FMT to avoid compilation warnings.
Fixed most incorrect use cases of format specifiers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
These are either in debug code (fix them), commented out (drop
them) or in dead compatibility macros (drop them).
One usage was in php_stream_get_from_zval(), which we have not used
since at least PHP 5.2 and, judging from the fact that nobody
complained about it causing compile errors in PHP 7, nobody else
uses it either, so drop it.
There are still remaining uses in mysqli embedded and odbc birdstep.
These probably need to be dropped outright.
|
| | |
|
| |\
| |
| |
| |
| | |
* PHP-5.6:
Happy new year (Update copyright to 2016)
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* PHP-5.6:
update NEWS
fix test
update NEWS
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
Zend/zend_exceptions.c
ext/date/php_date.c
ext/openssl/openssl.c
ext/phar/phar_internal.h
ext/soap/php_http.c
ext/spl/spl_array.c
ext/spl/spl_dllist.c
ext/spl/spl_observer.c
ext/standard/tests/serialize/bug69152.phpt
sapi/cli/tests/005.phpt
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.5:
update NEWS
fix test
update NEWS
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
ext/soap/php_http.c
ext/spl/spl_observer.c
|
| | | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.4:
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
.gitignore
ext/date/php_date.c
ext/spl/spl_array.c
ext/spl/spl_observer.c
|
| | | | | |
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.5:
Improve fix for bug 67741
Added type checks
Added type checks
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
zend_hash_get_current_key_ex(,,,NULL))
|
| | | | |
| | | |
| | | |
| | | | |
semantick changes).
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* PHP-5.6:
Added type checks
Fixed bug #67741 (auto_prepend_file messes up __LINE__)
Check variable type before its usage as IS_ARRAY.
Fixed a bug that header value is not terminated by '\0' when accessed through getenv().
Conflicts:
ext/soap/php_encoding.c
ext/soap/php_http.c
ext/soap/soap.c
|
| | |\ \ \ \
| | |/ / /
| |/| / /
| | |/ /
| | | |
| | | |
| | | |
| | | | |
* PHP-5.5:
Added type checks
Fixed bug #67741 (auto_prepend_file messes up __LINE__)
Check variable type before its usage as IS_ARRAY.
Fixed a bug that header value is not terminated by '\0' when accessed through getenv().
|
| | | |\ \
| | | |/
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.4:
Added type checks
Conflicts:
ext/soap/soap.c
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
* pull-request/341: (23 commits)
typofixes
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
this fixes a regression from 6c2a8068207a02b3d7ae7416a9967dad0a81e61f.
smart_str_appendl is expecting the length as the length of the string,
but key_length is the byte length of the key, including the 0
terminator.
As such, the cookie name appeneded to the header would now also include
the 0 terminator of the key name which then would be sent to the server.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
It's used only rarely and I'm running out of append names...
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
By making get_http_headers() return the zend_string* directly.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
