summaryrefslogtreecommitdiff
path: root/ext/standard/var.c
Commit message (Collapse)AuthorAgeFilesLines
* year++Xinchen Hui2018-01-021-1/+1
|
* Avoid useless dereferences and separations during paramter passing.Dmitry Stogov2017-06-191-2/+2
|
* Fix __sleep() returning undefined declared propertiesNikita Popov2017-03-121-35/+43
|
* Clean up __sleep() related codeNikita Popov2017-03-121-130/+104
|
* Merge branch 'PHP-7.1'Nikita Popov2017-01-161-1/+7
|\
| * Make unserialize() ref unwrapping compatible with 7.0Nikita Popov2017-01-161-1/+7
| | | | | | | | Also fix output difference in merged test (unrelated).
| * Update copyright headers to 2017Sammy Kaye Powers2017-01-041-1/+1
| |
| * Merge branch 'PHP-7.0' into PHP-7.1Nikita Popov2017-01-011-6/+10
| |\
| | * Fixed bug #73154Nikita Popov2017-01-011-6/+10
| | | | | | | | | | | | | | | The object that is being serialized may be destroyed during the execution of __sleep(), so operate on a copy instead.
* | | Update copyright headers to 2017Sammy Kaye Powers2017-01-021-1/+1
| | |
* | | Fixed bug #73154Nikita Popov2017-01-011-6/+10
| | | | | | | | | | | | | | | The object that is being serialized may be destroyed during the execution of __sleep(), so operate on a copy instead.
* | | Use new param API in standardSara Golemon2016-12-301-21/+27
|/ /
* | Merge branch 'PHP-7.0' into PHP-7.1Nikita Popov2016-11-051-10/+5
|\ \ | |/
| * Complete the fix of bug #70172 for PHP 7Nikita Popov2016-11-051-5/+5
| |
* | Followup for bug #72785Nikita Popov2016-09-061-16/+17
| | | | | | | | | | Fix incorrect handling of nesting ... need to reset to the old value afterwards.
* | Fix bug #72785 - allowed_classes only applies to outermost unserialize()Stanislav Malyshev2016-09-051-1/+8
| |
* | Hide (un)serialize data from ABINikita Popov2016-08-151-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | The (UN)SERIALIZE_INIT/DESTROY macros now go through non-inlined functions, so any changes to them will apply to extensions without rebuilds. Additionally, the (un)serialize_data structures are now no longer exported. This means that we are allowed to change these structures in patch releases without breaking the ABI.
* | Use one place to define max length of doubleJakub Zelenka2016-06-261-13/+2
| | | | | | | | Introduce new constant PHP_DOUBLE_MAX_LENGTH for that purpose
* | Add decimal point in double serializationJakub Zelenka2016-06-261-9/+4
| |
* | Avoid magic number. NUM_BUF_SIZE may be in header. Suggestions are appreciatedYasuo Ohgaki2016-06-261-3/+14
| |
* | Simply use ndigit for flag for zend_dtoa modeYasuo Ohgaki2016-06-261-10/+2
| |
* | Initial patch for 0 mode float conversion. The magic number is better to be ↵Yasuo Ohgaki2016-06-261-13/+21
| | | | | | | | improved. Any suggestion where to define it?
* | Added ZEND_ATTRIBUTE_FORMAT to some middind functions.Dmitry Stogov2016-06-211-1/+1
| | | | | | | | | | "%p" replaced by ZEND_LONG_FMT to avoid compilation warnings. Fixed most incorrect use cases of format specifiers.
* | Merge branch 'PHP-7.0'Xinchen Hui2016-05-171-1/+1
|\ \ | |/ | | | | | | * PHP-7.0: Let's only read-only here
| * Let's only read-only hereXinchen Hui2016-05-171-1/+1
| |
* | Merge branch 'PHP-7.0'Xinchen Hui2016-05-171-0/+4
|\ \ | |/ | | | | | | * PHP-7.0: Fixed bug #72229 (Wrong reference when serialize/unserialize an object)
| * Fixed bug #72229 (Wrong reference when serialize/unserialize an object)Xinchen Hui2016-05-171-0/+4
| |
* | Remove IS_VAR_RET_REF flagNikita Popov2016-04-151-0/+5
|/ | | | | | | Instead decide whether a function returned by reference or by value by checking whether the return value has REFERENCE type. This means that functions returning by reference must always return a reference and functions returning by value must not return a reference.
* Fixed bug #71995 (Returning the same var twice from __sleep() produces ↵Xinchen Hui2016-04-091-20/+46
| | | | broken serialized data)
* Improved fix for #71940Xinchen Hui2016-04-071-2/+6
|
* object->ce should not be NULLXinchen Hui2016-03-101-1/+1
|
* Format string fixesNikita Popov2016-02-141-4/+5
| | | | | Conflicts: ext/pgsql/pgsql.c
* Fix bug #71314Andrea Faulds2016-01-081-1/+3
|
* Merge branch 'PHP-5.6' into PHP-7.0Lior Kaplan2016-01-011-1/+1
|\ | | | | | | | | * PHP-5.6: Happy new year (Update copyright to 2016)
| * Happy new year (Update copyright to 2016)Lior Kaplan2016-01-011-1/+1
| |
* | Fix bug #66179Andrea Faulds2015-12-181-0/+7
| | | | | | | | | | This also fixes ext/standard/tests/general_functions/var_export-locale.phpt to actually run the floating-point section.
* | Improved fix for bug (count on symbol table)Xinchen Hui2015-11-231-55/+8
| |
* | Fixed bug #70730 (Incorrect ArrayObject serialization if unset is called in ↵Xinchen Hui2015-10-171-15/+15
| | | | | | | | | | | | | | serialize()) It's possible to fixed this in SPL side, but it will be ugly, and we should make serialize more robust, so I prefer fix it in serialize side.
* | Unused varXinchen Hui2015-09-091-2/+1
| |
* | Merge branch 'PHP-5.6'Stanislav Malyshev2015-09-021-0/+1
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: (21 commits) fix unit tests update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) ... Conflicts: ext/exif/exif.c ext/gmp/gmp.c ext/pcre/php_pcre.c ext/session/session.c ext/session/tests/session_decode_variation3.phpt ext/soap/soap.c ext/spl/spl_observer.c ext/standard/var.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/xsl/xsltprocessor.c
| * Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2015-09-011-4/+20
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: update NEWS add NEWS for fixes Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/zip/php_zip.c
| | * Merge branch 'PHP-5.4' into PHP-5.5Stanislav Malyshev2015-09-011-4/+20
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.4: Improve fix for #70172 Fix bug #70312 - HAVAL gives wrong hashes in specific cases fix test add test Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage Fix bug #70172 - Use After Free Vulnerability in unserialize() Fix bug #70388 - SOAP serialize_function_call() type confusion Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories Improve fix for #70385 Fix bug #70345 (Multiple vulnerabilities related to PCRE functions) Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes) Fix bug #70219 (Use after free vulnerability in session deserializer) Fix for bug #69782 Add CVE IDs asigned (post release) to PHP 5.4.43 Add CVE IDs asigned to #69085 (PHP 5.4.39) 5.4.45 next Conflicts: configure.in ext/pcre/php_pcre.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re main/php_version.h
| | | * Improve fix for #70172Stanislav Malyshev2015-09-011-1/+2
| | | |
| | | * Fix bug #70172 - Use After Free Vulnerability in unserialize()Stanislav Malyshev2015-08-311-4/+19
| | | |
| | | * Bump yearXinchen Hui2014-01-031-1/+1
| | | |
| | * | Bump yearXinchen Hui2015-01-151-1/+1
| | | |
| | * | Bump yearXinchen Hui2014-01-031-1/+1
| | | |
| * | | Renamed test case to match with reported bugJuan Basso2015-03-221-1/+1
| | | |
| * | | Fixed serialization of non string values on __sleepJuan Basso2015-03-221-4/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Returning just N; (null) on the __sleep makes the number of fields/values be incomplete and corrupting the generated value from serialize, making impossible to unserialize it. Conflicts: ext/standard/var.c
* | | | Fixed one more problem related to bug #70187 (Notice: unserialize(): ↵Dmitry Stogov2015-09-011-15/+42
| | | | | | | | | | | | | | | | Unexpected end of serialized data)
View Lorry Controller Status