summaryrefslogtreecommitdiff
path: root/ext/soap
Commit message (Collapse)AuthorAgeFilesLines
* Fixed incorrect usage of HASH_OF() macro. Replaced HASH_OF() with more ↵Dmitry Stogov2015-09-241-1/+1
| | | | appropriate Z_ARRVAL_P() or Z_OBJPROP_P().
* Cleanup: avoid reallocationsDmitry Stogov2015-09-241-23/+20
|
* Fixed memory leak and avoid reallocationsDmitry Stogov2015-09-243-85/+96
|
* Merge branch 'PHP-5.6'Stanislav Malyshev2015-09-022-4/+28
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: (21 commits) fix unit tests update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) ... Conflicts: ext/exif/exif.c ext/gmp/gmp.c ext/pcre/php_pcre.c ext/session/session.c ext/session/tests/session_decode_variation3.phpt ext/soap/soap.c ext/spl/spl_observer.c ext/standard/var.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/xsl/xsltprocessor.c
| * Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2015-09-012-44/+69
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/zip/php_zip.c
| | * Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-09-012-44/+69
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4: Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: configure.in ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re main/php_version.h
| | | * Fix bug #70388 - SOAP serialize_function_call() type confusionStanislav Malyshev2015-08-312-44/+69
| | | |
* | | | add range check to ext/soapAnatol Belski2015-08-261-0/+5
| | | |
* | | | Fixed bug #70211 (php 7 ZEND_HASH_IF_FULL_DO_RESIZE use after free)Xinchen Hui2015-08-101-0/+24
| | | |
* | | | fix datatypeAnatol Belski2015-08-071-1/+1
| | | |
* | | | Merge branch 'PHP-5.6'Stanislav Malyshev2015-08-041-3/+4
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: update NEWS fix test update NEWS Fix bug #70019 - limit extracted files to given directory Do not do convert_to_* on unserialize, it messes up references Fix #69793 - limit what we accept when unserializing exception Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList) Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject ignore signatures for packages too Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage Fixed bug #69892 Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes Improved fix for Bug #69441 Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items) Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref) Fix bug #70081: check types for SOAP variables Conflicts: Zend/zend_exceptions.c ext/date/php_date.c ext/openssl/openssl.c ext/phar/phar_internal.h ext/soap/php_http.c ext/spl/spl_array.c ext/spl/spl_dllist.c ext/spl/spl_observer.c ext/standard/tests/serialize/bug69152.phpt sapi/cli/tests/005.phpt
| * | | Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2015-08-041-10/+13
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: update NEWS fix test update NEWS Fix bug #70019 - limit extracted files to given directory Do not do convert_to_* on unserialize, it messes up references Fix #69793 - limit what we accept when unserializing exception Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList) Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject ignore signatures for packages too Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage Fixed bug #69892 Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes Improved fix for Bug #69441 Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items) Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref) Fix bug #70081: check types for SOAP variables Conflicts: ext/soap/php_http.c ext/spl/spl_observer.c
| | * | Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-08-041-10/+13
| | |\ \ | | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4: Fix bug #70019 - limit extracted files to given directory Do not do convert_to_* on unserialize, it messes up references Fix #69793 - limit what we accept when unserializing exception Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList) Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject ignore signatures for packages too Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage Fixed bug #69892 Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes Improved fix for Bug #69441 Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items) Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref) Fix bug #70081: check types for SOAP variables Conflicts: .gitignore ext/date/php_date.c ext/spl/spl_array.c ext/spl/spl_observer.c
| | | * Fix bug #70081: check types for SOAP variablesStanislav Malyshev2015-07-261-10/+13
| | | |
| | | * fix type in fix for #69085Remi Collet2015-04-131-3/+3
| | | |
| | | * Fixed bug #69293Dmitry Stogov2015-03-271-1/+1
| | | |
* | | | switch to the unified globals accessor where appropriateAnatol Belski2015-07-291-6/+2
| | | |
* | | | online testXinchen Hui2015-07-281-0/+1
| | | |
* | | | Fixed bug #70079 (Segmentation fault after more than 100 SoapClient calls)Xinchen Hui2015-07-161-0/+2
| | | |
* | | | Fixed Bug #70032 (make_http_soap_request calls ↵Xinchen Hui2015-07-091-1/+1
| | | | | | | | | | | | | | | | zend_hash_get_current_key_ex(,,,NULL))
* | | | Remove E_EXCEPTIONAaron Piotrowski2015-07-031-1/+1
| | | |
* | | | Switch position of ce in exception ce variable namesAaron Piotrowski2015-07-031-6/+6
| | | |
* | | | Change zend_exception_get_default() to zend_exception_ceAaron Piotrowski2015-07-031-2/+2
| | | |
* | | | Cleanup exception ce APIAaron Piotrowski2015-07-031-4/+4
| | | | | | | | | | | | | | | | | | | | Removed recently added functions to get Error ce's and marked the old functions fetching default_exception_ce and error_exception_ce as deprecated.
* | | | Cleanup (removed dead code)Dmitry Stogov2015-07-013-17/+0
| | | |
* | | | Use ZSTR_ API to access zend_string elements (this is just renaming without ↵Dmitry Stogov2015-06-306-125/+125
| | | | | | | | | | | | | | | | semantick changes).
* | | | Merge branch 'PHP-5.6'Christoph M. Becker2015-06-261-0/+27
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | * PHP-5.6: slightly revised bug69462.phpt Test for bug #69462
| * | | slightly revised bug69462.phptChristoph M. Becker2015-06-261-1/+2
| | | |
| * | | Test for bug #69462Tomasz Sawicki2015-06-261-0/+26
| | | | | | | | | | | | | | | | | | | | Test scenario for already fixed bug #69462 with segmentation fault when SoapVar XML node name was null.
| * | | Merge branch 'PHP-5.5' into PHP-5.6Remi Collet2015-04-131-3/+3
| |\ \ \ | | |/ / | | | | | | | | | | | | * PHP-5.5: fix type in fix for #69085
| | * | fix type in fix for #69085Remi Collet2015-04-131-3/+3
| | | | | | | | | | | | | | | | (cherry picked from commit 085e9ddc26f37ce556b8fd787044746e726264b2)
| * | | Merge branch 'PHP-5.5' into PHP-5.6Xinchen Hui2015-03-251-1/+1
| |\ \ \ | | |/ /
| | * | Bug #69293 NEW segfault when using SoapClient::__setSoapHeader (bisected, ↵Xinchen Hui2015-03-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | regression) This was a typo introduced in c8eaca013a3922e8383def6158ece2b63f6ec483
* | | | Fix more proto commentsRasmus Lerdorf2015-06-231-1/+1
| | | |
* | | | Remove these old references to the DSP files we don't use anymoreKalle Sommer Nielsen2015-06-221-1/+0
| | | |
* | | | Merge branch 'master' into throwable-interfaceAaron Piotrowski2015-06-141-12/+7
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | # Conflicts: # Zend/zend_language_scanner.c # Zend/zend_language_scanner.l # ext/simplexml/tests/SimpleXMLElement_xpath.phpt
| * | | | Make convert_to_* safe with rc>1Nikita Popov2015-06-111-12/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This only involves switching zval_dtor to zval_ptr_dtor for arrays and making the convert_to_object for arrays a bit more generic. All the other changes outside zend_operators.c just make use of this new ability (use COPY instead of DUP). What's still missing: Proper references handling. I've seen many convert_to* calls that will break when a reference is used. Also fixes bug #69788.
* | | | | Make zend_get_exception_base static.Aaron Piotrowski2015-05-171-2/+2
| | | | | | | | | | | | | | | | | | | | Soap extension can use other API functions.
* | | | | Remodel exceptions based on Throwable interfaceAaron Piotrowski2015-05-161-4/+4
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added Throwable interface that exceptions must implement in order to be thrown. BaseException was removed, EngineException renamed to Error, and TypeException and ParseException renamed to TypeError and ParseError. Exception and Error no longer extend a common base class, rather they both implement the Throwable interface.
* | | | improve searchability for libxml2 headersAnatol Belski2015-05-101-1/+5
| | | | | | | | | | | | | | | | and bring the configs inline with the current libxml2 build
* | | | fix timezone usage in soap for vc14Anatol Belski2015-05-101-1/+1
| | | |
* | | | Clean up some type conversionsNikita Popov2015-04-271-9/+3
| | | | | | | | | | | | | | | | | | | | While at it also fix some type checks in iconv and drop dead and unported code in standard/filters.
* | | | Use fast method to check if first arguments should be passed by reference ↵Dmitry Stogov2015-04-221-0/+1
| | | | | | | | | | | | | | | | (not tested onbig endian).
* | | | Fixed use after freeDmitry Stogov2015-04-141-0/+1
| | | |
* | | | Use new macrosXinchen Hui2015-04-081-1/+1
| | | |
* | | | Finish PHP 4 constructor deprecationNikita Popov2015-03-315-7/+7
| | | |
* | | | Deprecate PHP 4 constructorsAndrea Faulds2015-03-3148-98/+98
| | | |
* | | | Convert fatal errors on improper access to static properties into ↵Dmitry Stogov2015-03-311-1/+12
| | | | | | | | | | | | | | | | EngineExceptions
* | | | Removed unused functionsDmitry Stogov2015-03-241-1/+1
| | | |
* | | | cleanup mod version macros and mod defs, round xAnatol Belski2015-03-232-4/+2
| | | |
View Lorry Controller Status