archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
128010 commits 526 branches 1434 tags 865 MiB
Commit graph

703 commits

Author SHA1 Message Date
Stanislav Malyshev
99f1d904a0 Merge branch 'PHP-7.2' 
* PHP-7.2:
  Fix tsrm_ls
  Fix #76129 - remove more potential unfiltered outputs for phar
  Fix test
  Fix bug #76248 - Malicious LDAP-Server Response causes Crash
  Fix bug #76249 - fail on invalid sequences
  Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  Fix bug #75981: prevent reading beyond buffer start
 2018-04-23 22:04:22 -07:00
Stanislav Malyshev
4c06d929c0 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fix tsrm_ls
  Fix #76129 - remove more potential unfiltered outputs for phar
  Fix test
  Fix bug #76248 - Malicious LDAP-Server Response causes Crash
  Fix bug #76249 - fail on invalid sequences
  Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  Fix bug #75981: prevent reading beyond buffer start
 2018-04-23 22:03:33 -07:00
Stanislav Malyshev
95ee9efa57 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix tsrm_ls
  Fix #76129 - remove more potential unfiltered outputs for phar
  Fix test
  Fix bug #76248 - Malicious LDAP-Server Response causes Crash
  Fix bug #76249 - fail on invalid sequences
  Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  Fix bug #75981: prevent reading beyond buffer start
 2018-04-23 22:00:24 -07:00
Stanislav Malyshev
5a18d7a0df Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix tsrm_ls
  Fix #76129 - remove more potential unfiltered outputs for phar
  Fix test
  Fix bug #76248 - Malicious LDAP-Server Response causes Crash
  Fix bug #76249 - fail on invalid sequences
  Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  Fix bug #75981: prevent reading beyond buffer start
 2018-04-23 21:59:57 -07:00
Stanislav Malyshev
6e64aba47f Fix #76129 - remove more potential unfiltered outputs for phar 2018-04-23 13:43:43 -07:00
Anatol Belski
2e5ac355b9 Move to unsigned types in phar 
Preventing integer overflows in principle, which allows to avoid additional
range checks. The phar format is based on 32-bit lengths, so the storage
sizes was kept same.
 2018-04-18 20:15:05 +02:00
Gabriel Caruso
701437a948
Remove return types from some magic method in protos 
__construct, __destruct, __wakeup does not have return types defined.
 2018-03-09 12:04:46 +01:00
Joe
c8e844be35
Merge branch 'PHP-7.2' 
* PHP-7.2:
  Fixed bug #65414
 2018-02-08 10:34:38 +01:00
Bishop Bettini
d806d0315f
Fixed bug #65414 2018-02-08 10:32:08 +01:00
Bishop Bettini
4765ba7dc3
Fixed bug #65414 2018-02-08 10:29:56 +01:00
Nikita Popov
4a7dacb5ee Don't loop over indexes in Phar::extractTo() 
Instead use a more idiomatic foreach loop. The behavior is not
strictly the same, but I see no reason why this specific case
should enforce continuously indexed integer keys.

Also handle references in the array while at it.
 2018-01-28 22:05:44 +01:00
Nikita Popov
d79a0bf748 Merge branch 'PHP-7.2' 2018-01-28 21:53:38 +01:00
Bishop Bettini
fa586cee3e Fixed bug #54289 
If a directory is passed to Phar::extractTo(), loop over all
entries and extract all files with the given prefix.
 2018-01-28 21:51:25 +01:00
Dmitry Stogov
9cbb521094 Access HashTable.u.flags through HT_FLAGS() macro. 2018-01-22 13:36:15 +03:00
Xinchen Hui
a6519d0514 year++ 2018-01-02 12:57:58 +08:00
Xinchen Hui
7a7ec01a49 year++ 2018-01-02 12:55:14 +08:00
Xinchen Hui
ccd4716ec7 year++ 2018-01-02 12:53:31 +08:00
Dmitry Stogov
b864e6b58c Move constants into read-only data segment 2017-12-15 01:55:00 +03:00
Dmitry Stogov
9e709e2fa0 Move constants into read-only data segment 2017-12-14 18:43:44 +03:00
Nikita Popov
95e9cc2871 Backport some printf() fixes to 7.2 2017-11-16 21:26:33 +01:00
Nikita Popov
26f8fc833b Enable and fix printf() format warnings 
Add _unchecked() variants of zend_spprintf and zend_strpprintf for
cases where we specifically want to disable these checks, such as
use of %H.
 2017-11-16 21:15:36 +01:00
Kalle Sommer Nielsen
cf1d42e001 Kill compiler warnings in ext/phar 2017-08-24 02:31:52 +02:00
Anatol Belski
827284ec36 fix up porting mistakes 2017-07-27 23:38:04 +02:00
Anatol Belski
49d9b3013f Move cwd_state and path related routines to size_t 
Having `int` there is no real profit in the size or speed, while unsigned
improves security and overall integration. ZPP supplied strings can
be then accepted directly and structs can be still handled with smaller
unsigned types for size reasons, which is safe. Yet some related places
are to go.

basic move tsrm_realpath_r to size_t

fix conditions and sync with affected places

touch ocurrences of php_sys_readlink usage

follow up on phar path handling

remove duplicated check

move zend_resolve_path and related pieces to size_t

touch yet resolve path related places

remove cast

missing pieces

missing piece

yet cleanups for php_sys_readlink for ssize_t

fix wrong return
 2017-07-27 20:11:21 +02:00
Joe Watkins
2a64f548da
Merge branch 'PHP-7.1' 
* PHP-7.1:
  Fix Bug #74386Phar::__construct(): wrong number of parameters by reflection
 2017-05-29 08:32:23 +01:00
Fabien Villepinte
d6922ef8e3
Fix Bug #74386Phar::__construct(): wrong number of parameters by reflection 2017-05-29 08:31:47 +01:00
Fabien Villepinte
2dee44c74c
Fix Bug #74386 Phar::__construct(): wrong number of parameters by reflection 2017-05-29 08:29:30 +01:00
Dmitry Stogov
27e7aea412 "Countable" interface is moved from SPL to Core 2017-05-25 12:47:43 +03:00
Anatol Belski
627f870161 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Fixed bug #51918 Phar::webPhar() does not handle requests sent through PUT and DELETE method
 2017-05-02 14:47:08 +02:00
Anatol Belski
64adba3b3f Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug #51918 Phar::webPhar() does not handle requests sent through PUT and DELETE method
 2017-05-02 14:46:15 +02:00
Christian Weiske
c0c0871911 Fixed bug #51918 Phar::webPhar() does not handle requests sent through PUT and DELETE method 
phar: Support DELETE, HEAD and PUT HTTP methods in Phar::webPhar

Up to now only GET and POST requests could be handled with Phar::webPhar(),
which is insufficient for today's REST APIs.
This patch expands the list of supported HTTP methods.
 2017-05-02 14:44:47 +02:00
Mitch Hagstrand
a9fdf3d6b4
Fix for Bug 74196: PharData->decompress() does not correctly support dot names 
1. Fixed phar_rename_archive to no longer remove everything after a "." in the filename
2. Removed unused "zend_bool compress" parameter
3. Added Test
4. Fixed tests that had a work around for this problem
 2017-04-10 06:43:26 +01:00
Joe Watkins
b0f9dba2d9
Merge branch 'PHP-7.1' 
* PHP-7.1:
  Fix of Bug #74383: Wrong reflection on Phar::running
 2017-04-10 06:33:42 +01:00
Joe Watkins
9fe4d2d9cb
Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix of Bug #74383: Wrong reflection on Phar::running
 2017-04-10 06:32:40 +01:00
Mitch Hagstrand
d9a05807d2
Fix of Bug #74383: Wrong reflection on Phar::running 2017-04-10 06:32:15 +01:00
Mitch Hagstrand
775afd5e2d
Fix of Bug #74383: Wrong reflection on Phar::running 2017-04-10 06:24:57 +01:00
Sammy Kaye Powers
dac6c639bb Update copyright headers to 2017 2017-01-04 11:23:42 -06:00
Sammy Kaye Powers
478f119ab9 Update copyright headers to 2017 2017-01-04 11:14:55 -06:00
Sammy Kaye Powers
9e29f841ce Update copyright headers to 2017 2017-01-02 09:30:12 -06:00
Anatol Belski
758af77e9d Path handling related refactorings 
Primarily related to the path handling datatypes, to avoid unnecessary
casts, where possible. Also some rework to avoid code dup. Probably
more places are to go, even not path related, primarily to have less
casts and unsigned integers where possible. That way, we've not only
less warnings and casts, but are also safer with regard to the
integer overflows. OFC it's not a panacea, but still significantly
reduces the vulnerability potential.
 2016-12-22 14:56:47 +01:00
Anatol Belski
b204b3abd1 further normalizations, uint vs uint32_t 
fix merge mistake

yet one more replacement run
 2016-11-26 17:29:01 +01:00
Stanislav Malyshev
b1ff0c5270 Fix more size_t/int implicit conversions 
Now the conversions are explicit and do checks. Not sure it's
the best way but at least we can see them now in the open.
 2016-11-25 18:58:06 -08:00
Stanislav Malyshev
fe994fd9a4 Fix int/size_t confusion in isValidPharFilename (bug #73580) 2016-11-25 18:57:18 -08:00
Stanislav Malyshev
f9a80a0a29 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix more size_t/int implicit conversions
 2016-11-25 15:32:59 -08:00
Stanislav Malyshev
8be94d46f8 Fix more size_t/int implicit conversions 
Now the conversions are explicit and do checks. Not sure it's
the best way but at least we can see them now in the open.
 2016-11-25 15:31:50 -08:00
Stanislav Malyshev
bcc913fa8b Fix int/size_t confusion in isValidPharFilename (bug #73580) 2016-11-25 15:31:50 -08:00
Stanislav Malyshev
7010547c4e Fix more size_t/int implicit conversions 
Now the conversions are explicit and do checks. Not sure it's
the best way but at least we can see them now in the open.
 2016-11-25 15:30:20 -08:00
Stanislav Malyshev
2cc3df3252 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix int/size_t confusion in isValidPharFilename (bug #73580)
 2016-11-25 13:43:59 -08:00
Stanislav Malyshev
cb6bcaa61f Fix int/size_t confusion in isValidPharFilename (bug #73580) 2016-11-25 13:42:35 -08:00
Anatol Belski
0b5faa4461 fix leak 2016-09-02 20:20:37 +02:00