| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| | |
* PHP-7.1:
Reduce var scope
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-7.1:
Fix stack use after scope
|
| | |
|
| | |
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| |
| | |
Don't generate an E_ERROR if we've already thrown an exception.
This interacts badly with error_get_last() checks.
|
|\ \
| |/
| |
| |
| | |
* PHP-7.1:
Fix bug #75464 Wrong reflection on SoapClient::__setSoapHeaders
|
| |\
| | |
| | |
| | |
| | | |
* PHP-7.0:
Fix bug #75464 Wrong reflection on SoapClient::__setSoapHeaders
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
Resetting the IAP on a shared array violates COW. I'm replacing this
with code to look up indexes 0 and 1, even though this is not
strictly the same.
|
| | |
| | |
| | |
| | |
| | | |
Previously this was defined in zend.c and php.h and also handled
in another way in soap.c.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
Tthe core should be normalized now, no uints anymore
|
|/ /
| |
| |
| |
| |
| | |
fix merge mistake
yet one more replacement run
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| | |
Remove any previous default headers and replace with the specified
ones, as documented, and as is the case when a single header is
passed.
|
|\ \
| |/
| |
| |
| | |
* PHP-7.0:
Don't update proprties inplace.
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Name verification was failing because the OpenSSL extension was picking
the proxy server's address when guessing which name to compare to the
SSL certificate. This scenario is already handled for stream wrappers
in http_fopen_wrapper.c. This patch applies the same fix to the SOAP
extension: when a proxy is used, set peer_name explicitly on the stream
context.
|
|\ \
| |/
| |
| |
| | |
* PHP-7.0:
Revert "Fixed bug #73037 SoapServer reports Bad Request when gzipped"
|
| |\
| | |
| | |
| | |
| | | |
* PHP-5.6:
Revert "Fixed bug #73037 SoapServer reports Bad Request when gzipped"
|
| | |
| | |
| | |
| | | |
This reverts commit f9a699f6c3aa7acea922242a0f14731f6b829742.
|
| | |
| | |
| | |
| | | |
(cherry picked from commit 410c68788ae4826807e8ced3f4a02e676142b22a)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The error handler is overloaded with the SOAP one. However the SOAP
handler eventually wants to access some of its globals. This won't
work as long as the SOAP globals aren't initialized. The use case
is when an error is thrown before RINIT went through. As the call
order is arbitrary, the safest is to wait when all the modules
called their RINIT.
|
|\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Fixed bug #73037 SoapServer reports Bad Request when gzipped
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
"%p" replaced by ZEND_LONG_FMT to avoid compilation warnings.
Fixed most incorrect use cases of format specifiers.
|
| | |
| | |
| | |
| | | |
but is never used.
|
|\ \ \
| |/ / |
|
| | |
| | |
| | |
| | | |
Also re bug #71575.
|
|/ / |
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-5.6:
Happy new year (Update copyright to 2016)
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* PHP-5.6: (21 commits)
fix unit tests
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
...
Conflicts:
ext/exif/exif.c
ext/gmp/gmp.c
ext/pcre/php_pcre.c
ext/session/session.c
ext/session/tests/session_decode_variation3.phpt
ext/soap/soap.c
ext/spl/spl_observer.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/xsl/xsltprocessor.c
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.5:
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/zip/php_zip.c
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.4:
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
5.4.45 next
Conflicts:
configure.in
ext/pcre/php_pcre.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_version.h
|
| | | | |
|
| | | | |
|
| |\ \ \
| | |/ /
| | | |
| | | |
| | | | |
* PHP-5.5:
fix type in fix for #69085
|