summaryrefslogtreecommitdiff
path: root/ext
Commit message (Collapse)AuthorAgeFilesLines
* Fixed bug #76459 windows linkinfo lacks openbasedir checkAnatol Belski2018-07-161-0/+11
|
* Merge branch 'PHP-5.6' into PHP-7.0Anatol Belski2018-04-241-2/+4
|\ | | | | | | | | * PHP-5.6: Fix test portability
| * Fix test portabilityAnatol Belski2018-04-241-2/+4
| |
* | Merge branch 'PHP-5.6' into PHP-7.0Stanislav Malyshev2018-04-2321-18/+101
|\ \ | |/ | | | | | | | | | | | | | | | | | | * PHP-5.6: Fix tsrm_ls Fix #76129 - remove more potential unfiltered outputs for phar Fix test Fix bug #76248 - Malicious LDAP-Server Response causes Crash Fix bug #76249 - fail on invalid sequences Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value Fix bug #75981: prevent reading beyond buffer start
| * Fix tsrm_lsStanislav Malyshev2018-04-231-1/+1
| |
| * Merge remote-tracking branch 'security/bug76249' into PHP-5.6Stanislav Malyshev2018-04-232-0/+21
| |\ | | | | | | | | | | | | | | | * security/bug76249: Fix test Fix bug #76249 - fail on invalid sequences
| | * Fix testStanislav Malyshev2018-04-221-2/+4
| | |
| | * Fix bug #76249 - fail on invalid sequencesStanislav Malyshev2018-04-222-0/+19
| | |
| * | Merge remote-tracking branch 'security/bug76248' into PHP-5.6Stanislav Malyshev2018-04-232-1/+45
| |\ \ | | | | | | | | | | | | | | | | * security/bug76248: Fix bug #76248 - Malicious LDAP-Server Response causes Crash
| | * | Fix bug #76248 - Malicious LDAP-Server Response causes CrashStanislav Malyshev2018-04-222-1/+45
| | |/
| * | Fix #76129 - remove more potential unfiltered outputs for pharStanislav Malyshev2018-04-2313-16/+14
| | |
| * | Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_valueChristoph M. Becker2018-04-224-1/+21
| | | | | | | | | | | | | | | | | | The MakerNote is not necessarily null-terminated, so we must not use `strlen()` to avoid OOB reads. Instead `php_strnlen()` is the proper way to handle this.
| * | Fix bug #75981: prevent reading beyond buffer startStanislav Malyshev2018-02-202-2/+34
| | |
* | | Merge branch 'PHP-5.6' into PHP-7.0Stanislav Malyshev2018-02-262-2/+34
|\ \ \ | | |/ | |/| | | | | | | * PHP-5.6: Fix bug #75981: prevent reading beyond buffer start
| * | Fix bug #75981: prevent reading beyond buffer startStanislav Malyshev2018-02-262-2/+34
| |/
* | Merge branch 'PHP-5.6' into PHP-7.0Stanislav Malyshev2018-01-0117-50/+65
|\ \ | |/ | | | | | | | | | | * PHP-5.6: Update NEWS Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx Fix bug #74782: remove file name from output to avoid XSS
| * Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtxChristoph M. Becker2018-01-013-5/+20
| | | | | | | | | | | | | | Due to a signedness confusion in `GetCode_` a corrupt GIF file can trigger an infinite loop. Furthermore we make sure that a GIF without any palette entries is treated as invalid *after* open palette entries have been removed.
| * Fix bug #74782: remove file name from output to avoid XSSStanislav Malyshev2018-01-0114-45/+45
| |
| * Backport and apply upstream patch for CVE-2017-14107Anatol Belski2017-10-271-1/+6
| |
* | Fixed bug #75579 (Interned strings buffer overflow may cause crash)Dmitry Stogov2017-12-221-2/+30
| | | | | | | | (cherry picked from commit 37bf8bdc1494abb2ce5cac40e0be80e23682f851)
* | Define floorf if system doesn't have it (follow up for 22c48761)Lior Kaplan2017-11-291-0/+10
| | | | | | | | floorf is checked in config.m4
* | Fixed bug #64938 libxml_disable_entity_loader setting is shared between ↵Remi Collet2017-11-281-1/+0
| | | | | | | | requests (FPM)
* | Fix bug #75409Scott2017-11-221-9/+3
| |
* | Fixed #75539 and #74183 - preg_last_error not returning error code after errorNester2017-11-213-0/+36
| |
* | Better fix bug #75540 Segfault with libzip 1.3.1Remi Collet2017-11-201-2/+3
| | | | | | | | | | - only 1.3.1 is affected - fix use after free
* | fix bug #75540 Segfault with libzip 1.3.1Remi Collet2017-11-201-0/+3
| |
* | Fixed bug #75535Nikita Popov2017-11-172-2/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | The sizeof()s for Content-Length and Transfer-Encoding were missing the trailing ":". Apart from being generally wrong, this no longer verified that the header actually contains a colon, leading to the null http_header_value being used. Additionally, in the interest of being defensive, also make sure that http_header_value is non-null by setting it to the end of the header line (effectively an empty string) if there is no colon. If the following conditions are correct, this value is not going to be used though.
* | Fixed ext/date tests due to changes in Olson databaseDerick Rethans2017-11-076-89/+66
| |
* | Fix ext/soap/tests/bug69137.phptNikita Popov2017-11-021-2/+5
| | | | | | | | Switch to example.org. Also mark it as an online test.
* | Sync and fix tests for ICU 60.1 compatAnatol Belski2017-11-022-7/+11
| |
* | Add missing ICU version checkAnatol Belski2017-10-301-0/+2
| |
* | Prevent leaking x509 and csr resources if it is not requestedJakub Zelenka2017-10-301-3/+6
| | | | | | | | | | | | | | | | All functions using php_openssl_x509_from_zval or php_openssl_csr_from_zval with makeresource equal to 0 do not deref the resource which means there is a leak till the end of the request. This can cause issues for long running apps. It is a generic solution for bug #75363 which also covers other functions.
* | Extend and speed up pkey export testsJakub Zelenka2017-10-302-10/+4
| |
* | Rewrite openssl_csr_get_subject test to improve coverageJakub Zelenka2017-10-301-11/+47
| |
* | Add openssl_csr_get_public_key testJakub Zelenka2017-10-301-0/+44
| |
* | Extend openssl_pkcs7_* tests to cover resource certJakub Zelenka2017-10-303-0/+8
| |
* | Fix cleaning tmp output file in openssl_csr_export_to_file testJakub Zelenka2017-10-301-0/+1
| |
* | openssl: add basic openssl_csr_export_to_file testsJelle van der Waa2017-10-301-0/+82
| | | | | | | | Add a basic test for openssl_csr_export_to_file.
* | Extend openssl_csr_sign test to cover cert resourceJakub Zelenka2017-10-301-0/+2
| |
* | Set different invalid path in openssl_pkcs12_export so it is more unlikely ↵Jakub Zelenka2017-10-301-1/+1
| | | | | | | | to exist
* | Extend openssl_x509_parse to cover cert resourceJakub Zelenka2017-10-301-1/+4
| |
* | Rename and test resource cert in openssl_x509_checkpurpose testJakub Zelenka2017-10-301-1/+2
| |
* | Extend openssl_x509_check_private_key to test resource certJakub Zelenka2017-10-301-1/+1
| |
* | Extend openssl_x509_fingerprint test to cover resource cert with sha1Jakub Zelenka2017-10-301-0/+7
| |
* | Fix bug #75464 Wrong reflection on SoapClient::__setSoapHeadersFabien Villepinte2017-10-301-1/+1
| |
* | Fix bug #75453 Incorrect reflection on ibase_connect and ibase_pconnectFabien Villepinte2017-10-301-4/+4
| |
* | Fix bug #75434 Wrong reflection for mysqli_fetch_all functionFabien Villepinte2017-10-283-3/+34
| |
* | Fix bug #75307 Wrong reflection for openssl_open functionFabien Villepinte2017-10-272-4/+23
| |
* | Skip test on PostgreSQL 10Anatol Belski2017-10-271-1/+1
| | | | | | | | The 42P18 error is not produced by the server anymore.
* | Fix test compat for PostgreSQL 10Anatol Belski2017-10-271-1/+1
| |
View Lorry Controller Status