summaryrefslogtreecommitdiff
path: root/main/streams
Commit message (Collapse)AuthorAgeFilesLines
* Fix bug #77630 - safer rename() procedureStanislav Malyshev2019-03-041-17/+34
| | | | | | | In order to rename safer, we do the following: - set umask to 077 (unfortunately, not TS, so excluding ZTS) - chown() first, to set proper group before allowing group access - chmod() after, even if chown() fails
* Sync leading and final newlines in source code filesPeter Kokot2018-10-142-3/+0
| | | | | | | | | | | | | | | | | | | | | | This patch adds missing newlines, trims multiple redundant final newlines into a single one, and trims redundant leading newlines. According to POSIX, a line is a sequence of zero or more non-' <newline>' characters plus a terminating '<newline>' character. [1] Files should normally have at least one final newline character. C89 [2] and later standards [3] mention a final newline: "A source file that is not empty shall end in a new-line character, which shall not be immediately preceded by a backslash character." Although it is not mandatory for all files to have a final newline fixed, a more consistent and homogeneous approach brings less of commit differences issues and a better development experience in certain text editors and IDEs. [1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206 [2] https://port70.net/~nsz/c/c89/c89-draft.html#2.1.1.2 [3] https://port70.net/~nsz/c/c99/n1256.html#5.1.1.2
* year++Xinchen Hui2018-01-0218-18/+18
|
* Merge branch 'PHP-7.0' into PHP-7.1Sara Golemon2017-07-191-0/+5
|\ | | | | | | | | * PHP-7.0: Do not allow using traits/interfaces/abstract classes as stream wrappers
| * Do not allow using traits/interfaces/abstract classes as stream wrappersSara Golemon2017-07-191-0/+5
| | | | | | | | Fixes https://bugs.php.net/bug.php?id=74951
* | Merge branch 'PHP-7.0' into PHP-7.1Anatol Belski2017-04-271-18/+11
|\ \ | |/ | | | | | | | | * PHP-7.0: Revert "Detect invalid port in xp_socket parse ip address" Revert "Follow up patch regarding bug #74216, see bug #74429"
| * Revert "Detect invalid port in xp_socket parse ip address"Anatol Belski2017-04-271-18/+11
| | | | | | | | This reverts commit bab0b99f376dac9170ac81382a5ed526938d595a.
| * Revert "Follow up patch regarding bug #74216, see bug #74429"Anatol Belski2017-04-271-2/+2
| | | | | | | | This reverts commit cda7dcf4cacef3346f9dc2a4dc947e6a74769259.
* | Merge branch 'PHP-7.0' into PHP-7.1Anatol Belski2017-04-251-2/+2
|\ \ | |/ | | | | | | * PHP-7.0: Follow up patch regarding bug #74216, see bug #74429
| * Follow up patch regarding bug #74216, see bug #74429Sara Golemon2017-04-251-2/+2
| | | | | | | | | | | | | | | | | | While the case in bug #74429 is not documented and is only worky due to an implementation bug, the strength seems to breach some real world apps. Given this patch doesn't impact the initial security fix for bug #74216, it is reasonable to let the apps keep working. As mentioned in the ticket, this behavior is a subject to change in future versions and should not be abused.
* | Merge branch 'PHP-7.0' into PHP-7.1Anatol Belski2017-04-221-1/+6
|\ \ | |/ | | | | | | * PHP-7.0: #74337 pointer returned by php_stream_fopen_tmpfile not validated in memory.c
| * #74337 pointer returned by php_stream_fopen_tmpfile not validated in memory.cAnton Serbulov2017-04-221-1/+6
| |
* | Merge branch 'PHP-7.0' into PHP-7.1Xinchen Hui2017-04-101-3/+3
|\ \ | |/ | | | | | | * PHP-7.0: Fixed condition check
| * Fixed condition checkXinchen Hui2017-04-101-3/+3
| |
* | Merge branch 'PHP-7.0' into PHP-7.1Bob Weinand2017-03-141-0/+2
|\ \ | |/
| * Fix stream context changes leaking into copies of previous contextBob Weinand2017-03-141-0/+2
| |
* | Merge branch 'PHP-7.0' into PHP-7.1Sara Golemon2017-03-071-11/+18
|\ \ | |/ | | | | | | * PHP-7.0: Detect invalid port in xp_socket parse ip address
| * Detect invalid port in xp_socket parse ip addressSara Golemon2017-03-071-11/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For historical reasons, fsockopen() accepts the port and hostname separately: fsockopen('127.0.0.1', 80) However, with the introdcution of stream transports in PHP 4.3, it became possible to include the port in the hostname specifier: fsockopen('127.0.0.1:80') Or more formally: fsockopen('tcp://127.0.0.1:80') Confusing results when these two forms are combined, however. fsockopen('127.0.0.1:80', 443) results in fsockopen() attempting to connect to '127.0.0.1:80:443' which any reasonable stack would consider invalid. Unfortunately, PHP parses the address looking for the first colon (with special handling for IPv6, don't worry) and calls atoi() from there. atoi() in turn, simply stops parsing at the first non-numeric character and returns the value so far. The end result is that the explicitly supplied port is treated as ignored garbage, rather than producing an error. This diff replaces atoi() with strtol() and inspects the stop character. If additional "garbage" of any kind is found, it fails and returns an error.
* | Merge branch 'PHP-7.0' into PHP-7.1Anatol Belski2017-02-152-1/+5
|\ \ | |/ | | | | | | * PHP-7.0: Fixed bug #74090 stream_get_contents maxlength>-1 returns empty string
| * Fixed bug #74090 stream_get_contents maxlength>-1 returns empty stringAnatol Belski2017-02-152-1/+5
| |
* | Merge branch 'PHP-7.0' into PHP-7.1Xinchen Hui2017-02-121-1/+1
|\ \ | |/ | | | | | | * PHP-7.0: Fixed #73496 (Invalid memory access in zend_inline_hash_func)
| * Fixed #73496 (Invalid memory access in zend_inline_hash_func)Xinchen Hui2017-02-121-3/+3
| | | | | | | | no test script is added because it requre too much memory
* | Merge branch 'PHP-7.0' into PHP-7.1Sara Golemon2017-01-091-4/+4
|\ \ | |/ | | | | | | * PHP-7.0: Fix open_basedir check for glob:// opendir wrapper
| * Merge branch 'PHP-5.6' into PHP-7.0Sara Golemon2017-01-091-4/+4
| |\ | | | | | | | | | | | | * PHP-5.6: Fix open_basedir check for glob:// opendir wrapper
| | * Fix open_basedir check for glob:// opendir wrapperSara Golemon2017-01-091-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | php_check_open_basedir() expects a local filesystem path, but we're handing it a `glob://...` URI instead. Move the check to after the path trim so that we're checking a meaningful pathspec.
| | * Clear FG(user_stream_current_filename) when bailing outSara Golemon2016-10-111-6/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a userwrapper opener E_ERRORs then FG(user_stream_current_filename) would remain set until the next request and would not be pointing at unallocated memory. Catch the bailout, clear the variable, then continue bailing. Closes https://bugs.php.net/bug.php?id=73188
* | | Merge branch 'PHP-7.0' into PHP-7.1Anatol Belski2017-01-071-0/+6
|\ \ \ | |/ / | | | | | | | | | * PHP-7.0: add 'e' flag for fopen() to enable CLOEXEC
| * | add 'e' flag for fopen() to enable CLOEXECEvgeniy Makhrov2017-01-071-0/+6
| | |
| * | Update copyright headers to 2017Sammy Kaye Powers2017-01-0418-18/+18
| | |
| * | Clear FG(user_stream_current_filename) when bailing outSara Golemon2016-10-111-6/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a userwrapper opener E_ERRORs then FG(user_stream_current_filename) would remain set until the next request and would not be pointing at unallocated memory. Catch the bailout, clear the variable, then continue bailing. Closes https://bugs.php.net/bug.php?id=73188
* | | Update copyright headers to 2017Sammy Kaye Powers2017-01-0418-18/+18
| | |
* | | Clear FG(user_stream_current_filename) when bailing outSara Golemon2016-10-141-6/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a userwrapper opener E_ERRORs then FG(user_stream_current_filename) would remain set until the next request and would not be pointing at unallocated memory. Catch the bailout, clear the variable, then continue bailing. Closes https://bugs.php.net/bug.php?id=73188 (cherry picked from commit 9f86cdaf7fc44c0d97a35bc4d04622e3d3d53f4d)
* | | Merge branch 'PHP-7.0' into PHP-7.1Anatol Belski2016-10-061-1/+1
|\ \ \ | |/ / | | | | | | | | | * PHP-7.0: fix datatype
| * | fix datatypeAnatol Belski2016-10-061-1/+1
| | |
* | | Merge branch 'PHP-7.0' into PHP-7.1Anatol Belski2016-09-231-1/+1
|\ \ \ | |/ / | | | | | | | | | * PHP-7.0: Revert "Fixed bug #73037 SoapServer reports Bad Request when gzipped"
| * | Merge branch 'PHP-5.6' into PHP-7.0Anatol Belski2016-09-231-1/+1
| |\ \ | | |/ | | | | | | | | | * PHP-5.6: Revert "Fixed bug #73037 SoapServer reports Bad Request when gzipped"
| | * Revert "Fixed bug #73037 SoapServer reports Bad Request when gzipped"Anatol Belski2016-09-231-1/+1
| | | | | | | | | | | | This reverts commit f9a699f6c3aa7acea922242a0f14731f6b829742.
| | * Fixed bug #73037 SoapServer reports Bad Request when gzippedAnatol Belski2016-09-231-1/+1
| | | | | | | | | | | | (cherry picked from commit 410c68788ae4826807e8ced3f4a02e676142b22a)
| | * Fixed bug #72505 (readfile() mangles files larger than 2G)Xinchen Hui2016-09-161-1/+1
| | |
* | | Merge branch 'PHP-7.0' into PHP-7.1Anatol Belski2016-09-231-1/+1
|\ \ \ | |/ / | | | | | | | | | * PHP-7.0: Fixed bug #73037 SoapServer reports Bad Request when gzipped
| * | Fixed bug #73037 SoapServer reports Bad Request when gzippedAnatol Belski2016-09-231-1/+1
| | |
* | | Merge branch 'PHP-7.0' into PHP-7.1Xinchen Hui2016-08-171-0/+12
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-7.0: (48 commits) Update NEWs Unused label Fixed bug #72853 (stream_set_blocking doesn't work) fix test Bug #72663 - part 3 Bug #72663 - part 2 Bug #72663 - part 1 Update NEWS BLock test with memory leak fix tests Fix TSRM build Fix bug #72850 - integer overflow in uuencode Fixed bug #72849 - integer overflow in urlencode Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase Fix bug #72837 - integer overflow in bzdecompress caused heap corruption Fix bug #72836 - integer overflow in base64_decode caused heap corruption Fix for bug #72807 - do not produce strings with negative length Fix for bug #72790 and bug #72799 Fix bug #72730 - imagegammacorrect allows arbitrary write access ... Conflicts: ext/standard/var_unserializer.c
| * | Merge branch 'PHP-5.6' into PHP-7.0Xinchen Hui2016-08-171-0/+12
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | * PHP-5.6: Fixed bug #72853 (stream_set_blocking doesn't work) Conflicts: main/streams/plain_wrapper.c
| | * Fixed bug #72853 (stream_set_blocking doesn't work)Xinchen Hui2016-08-171-1/+13
| | | | | | | | | | | | Implemented PHP_STREAM_OPTION_META_DATA_API for plain_wrappers
* | | Fixed bug #72743 (Out-of-bound read in php_stream_filter_create)Xinchen Hui2016-08-041-2/+2
| | |
* | | Merge branch 'PHP-7.0' into PHP-7.1Pierrick Charron2016-07-271-5/+0
|\ \ \ | |/ /
| * | Merge branch 'PHP-5.6' into PHP-7.0Pierrick Charron2016-07-271-5/+0
| |\ \ | | |/ | | | | | | | | | Conflicts: main/streams/streams.c
| | * Fixed bug #72686 (zlib: url support is broken).Pierrick Charron2016-07-271-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | zlib: support is broken since a really long time. It never worked on versions >= PHP5.6 so we can just remove this dead code. Bug was introduced 2006-05-14 (Before 5.2.0)
* | | Require strict base64 in data URILauri Kenttä2016-07-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | As the tests already show, the data URI wrapper is supposed to fail for corrupt input, but for some reason, one case of invalid input is still allowed to pass?! Strict base64 makes a lot more sense here. Also, Chromium and Firefox fail on invalid base64, so it's a logical choice for PHP as well.
* | | Merge branch 'PHP-7.0'Xinchen Hui2016-06-281-1/+1
|\ \ \ | |/ / | | | | | | | | | * PHP-7.0: Fixed bug #72505 (readfile() mangles files larger than 2G)
View Lorry Controller Status