| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| | |
* PHP-7.2:
Add support for getting SKIP_TAGSTART and SKIP_WHITE options
|
| | |\
| | |
| | |
| | |
| | | |
* PHP-7.1:
Add support for getting SKIP_TAGSTART and SKIP_WHITE options
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When `XML_OPTION_SKIP_TAGSTART` and `XML_OPTION_SKIP_WHITE` had been
introduced[1], it had been overlooked to also support them for
`xml_parser_get_option()`. We catch up on that.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=b57dc275950b228f2399990471c4f22b7d154c6c>
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.2:
Fix #30875: xml_parse_into_struct() does not resolve entities
|
| | |\ \
| | |/
| | |
| | |
| | | |
* PHP-7.1:
Fix #30875: xml_parse_into_struct() does not resolve entities
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Setting up an empty default handler is not only useless, but actually
harmful, since internal entity-references are not resolved anymore.
From the libexpat docs[1]:
| Setting the handler with this call has the side effect of
| turning off expansion of references to internally defined general
| entities. Instead these references are passed to the default
| handler.
[1] <https://www.xml.com/pub/1999/09/expat/reference.html#setdefhandler>
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.
In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.
This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
|
| | | |
| | |
| | |
| | | |
where we sure about string persistence.
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Gabriel Caruso <carusogabriel34@gmail.com>
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ / |
|
| | | |
|
| |\ \
| |/
| |
| |
| | |
* PHP-7.1:
remove TSRMLS_*
|
| | |\
| | |
| | |
| | |
| | | |
* PHP-7.0:
remove TSRMLS_*
|
| | | | |
|
| |/ / |
|
| |\ \
| |/ |
|
| | |\ |
|
| | | | |
|
| |\ \ \
| |/ / |
|
| | |\ \
| | |/ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The issue is caused by an integer overflow when the `long` passed as
XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffset` which is
declared as `int`. We can simply work around this issue, by clipping
resulting negative values to 0 (and raising a notice in this case), because
the reasonable range for this value is certainly catered to by positive
`int`s.
However, there still remains the issue that `xml_parser::toffset` is later
added to `char *`s, which can cause OOB reads, so we make sure that the
upper bound never exceeds the strlen(). We eschew optimizing `SKIP_TAGSTART`
wrt. to the potentially duplicate strlen() call, because that code path is
unexpected anyway.
|
| | | | |
|
| |\ \ \
| |/ / |
|
| | |\ \
| | |/ |
|
| | | |
| | |
| | |
| | |
| | | |
We better make sure that the ZVALs we're accessing as arrays are indeed
arrays.
|
| | | | |
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.6:
Fix memory leak
Fix bug #72099: xml_parse_into_struct segmentation fault
5.5.36 now
Fix bug #72094 - Out of bounds heap read access in exif header processing
Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition
Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset
Fix for bug #71912 (libgd: signedness vulnerability)
Typo in NEWS
|
| | | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.5:
Fix memory leak
Fix bug #72099: xml_parse_into_struct segmentation fault
5.5.36 now
Fix bug #72094 - Out of bounds heap read access in exif header processing
Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition
Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset
Fix for bug #71912 (libgd: signedness vulnerability)
Typo in NEWS
Conflicts:
configure.in
main/php_version.h
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
but is never used.
|
| |\ \ \ \
| |/ / / |
|
| | | | |
| | | |
| | | |
| | | | |
Also re bug #71575.
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-7.0: (25 commits)
Update NEWS
update NEWS
fix test file
Fix version
update NEWS
Update NEWS
Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request()
Fix bug #71637: Multiple Heap Overflow due to integer overflows
extend check for add_flag
Fixed another segfault with file_cache_only now
set version
fix nmake clean in phpize mode
Fixed segfault with file_cache_only
Fixed possible crash at PCRE on MSHUTDOWN
Fixed more synchronisation issues during SHM reload
Set proper type flags (REFCOUNTED and COPYABLE) according to interned or regular string
sync with improvements in NEWS
Fixed process synchronisation problem, that may cause crashes after opcache restart
Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request()
Fix bug #71637: Multiple Heap Overflow due to integer overflows
...
|
