archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 06:58:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
128116 commits 526 branches 1434 tags 873 MiB
Commit graph

929 commits

Author SHA1 Message Date
Sergei Morozov
5b12b46a19 Fixed bug #74936 - session_*() functions trigger a warning in read mode when the session is active 2017-07-18 22:25:22 +02:00
Yasuo Ohgaki
a2d766503a Fixed bug #74514 5 session functions incorrectly warn when calling in read-only/getter mode 2017-07-01 03:32:54 +09:00
Nikita Popov
035a27cbc6 Only compute callback name in error cases 
Mostly the callback name is only used to report an error. Try to
avoid calculating it if no error occurred.
 2017-06-25 18:45:59 +02:00
Xinchen Hui
8f2d3539f2 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Fixed tests when using cumstom php.ini(session.save_handler)
  Fix Bug #74541 Wrong reflection on session_start()
 2017-05-09 11:15:32 +08:00
Xinchen Hui
05c90e5994 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed tests when using cumstom php.ini(session.save_handler)
  Fix Bug #74541 Wrong reflection on session_start()
 2017-05-09 11:14:40 +08:00
Fabien Villepinte
b39c70b4a7 Fix Bug #74541 Wrong reflection on session_start() 2017-05-08 22:42:09 +02:00
Nikita Popov
7cba31535c
Separate array in session upload progress 2017-01-23 17:19:12 +00:00
Joe Watkins
71a42477ca
Merge branch 'PHP-7.1' 
* PHP-7.1:
  Update comment, incorrect since 224aaf94
 2017-01-19 10:49:09 +00:00
SjonHortensius
631861e1fa
Update comment, incorrect since 224aaf94 
In 224aaf94; the warning was enabled; making the comment above incorrect. I've updated the comment to reflect the current code
 2017-01-19 10:48:54 +00:00
Sammy Kaye Powers
dac6c639bb Update copyright headers to 2017 2017-01-04 11:23:42 -06:00
Sammy Kaye Powers
478f119ab9 Update copyright headers to 2017 2017-01-04 11:14:55 -06:00
Sammy Kaye Powers
9e29f841ce Update copyright headers to 2017 2017-01-02 09:30:12 -06:00
dreamszhu
e10425fe8b Add PHPAPI php_session_flush and php_session_destroy 2017-01-01 07:30:22 +08:00
Anatol Belski
f8aa57ab2f fix uninitialized value 2016-12-27 23:43:49 +01:00
Graham Campbell
22f3695fe1 Fixed typo in "session_module_name" 2016-12-27 22:01:19 +01:00
Yasuo Ohgaki
a93a51c3bf Fix bug #73100 - Improve bug fix. Forbid to set 'user' save handler other than set_save_handler(). 2016-12-22 16:04:28 +09:00
Yasuo Ohgaki
bf5c502e3d Remove "register_globals" support codes from php/php_binary serializers. 
As a result, users may use PS_UNDEF_MAKER(=!) char for session variable name.
 2016-12-21 08:07:14 +09:00
Yasuo Ohgaki
7f196e321f Fix bug #71038 - session_start() returns true even when it failed 
PR #2167
 2016-11-17 11:09:07 +09:00
Yasuo Ohgaki
3d6e922367 Refactor and cleanup implementation. 2016-11-16 05:08:29 +00:00
Yasuo Ohgaki
7b29c3fba6 Revert "Fix Bug #73461" 
This reverts commit 0383de1467.
 2016-11-16 05:08:29 +00:00
Yasuo Ohgaki
6230c2bad0 Fix Bug #73461 
This patch disables any invalid save handler calls.
 2016-11-16 05:08:28 +00:00
Yasuo Ohgaki
70afe4c494 Simply return FALSE from session_gc(). Error could be annoying because internal save handlers may return -1 when GC cannot be performed for reasons 2016-10-18 06:53:13 +09:00
Nikita Popov
28edc971e7 Merge branch 'PHP-7.0' into PHP-7.1 2016-10-10 12:21:15 +02:00
Nikita Popov
c91f652ddb Fixed bug #73273 
As well as a few other $_SESSION separation issues.
 2016-10-10 12:20:44 +02:00
Yasuo Ohgaki
a4a2f66e75 Revert "Revert "Implement RFC Add session_gc() https://wiki.php.net/rfc/session-gc"" 
This reverts commit 355c7e7d1c.
 2016-09-01 10:12:26 +09:00
Yasuo Ohgaki
b36ae7467e Revert "Revert "Merge RFC https://wiki.php.net/rfc/session-create-id"" 
This reverts commit 663f1c8fb0.
 2016-09-01 10:12:23 +09:00
Yasuo Ohgaki
90352bb4a2 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix bug #72940 properly. Reduce needless branches
 2016-09-01 07:47:27 +09:00
Yasuo Ohgaki
cc797d4fc3 Fix bug #72940 properly. Reduce needless branches 2016-09-01 07:47:13 +09:00
Yasuo Ohgaki
355c7e7d1c Revert "Implement RFC Add session_gc() https://wiki.php.net/rfc/session-gc" 
This reverts commit 1cf179e415.
 2016-09-01 05:54:55 +09:00
Yasuo Ohgaki
663f1c8fb0 Revert "Merge RFC https://wiki.php.net/rfc/session-create-id" 
This reverts commit 7ee9f81c54.
 2016-09-01 05:54:30 +09:00
Yasuo Ohgaki
7ee9f81c54 Merge RFC https://wiki.php.net/rfc/session-create-id 2016-08-31 20:34:20 +09:00
Yasuo Ohgaki
f5cd6e5710 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug #72940 SID always return "name=ID", even if session cookie exist
 2016-08-30 15:58:55 +09:00
Yasuo Ohgaki
b5f2f6fbd8 Fixed bug #72940 SID always return "name=ID", even if session cookie exist 2016-08-30 15:58:25 +09:00
Yasuo Ohgaki
1cf179e415 Implement RFC Add session_gc() https://wiki.php.net/rfc/session-gc 2016-08-29 05:57:37 +09:00
Xinchen Hui
1eb4851fa2 Remove leftover of previous change 2016-08-18 15:44:33 +08:00
Xinchen Hui
a3740dadec Remove outdate checks 2016-08-18 15:37:15 +08:00
Xinchen Hui
ce6ad9bdd9 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0: (48 commits)
  Update NEWs
  Unused label
  Fixed bug #72853 (stream_set_blocking doesn't work)
  fix test
  Bug #72663 - part 3
  Bug #72663 - part 2
  Bug #72663 - part 1
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  ...

Conflicts:
	ext/standard/var_unserializer.c
 2016-08-17 17:14:30 +08:00
Xinchen Hui
b172f43caa Unused label 2016-08-17 16:56:20 +08:00
Nikita Popov
e0f9fbdfa6 Bug #72663 - part 3 
When using the php_serialize session serialization handler, do
not use the result of the unserialization if it failed.
 2016-08-17 01:01:03 -07:00
Stanislav Malyshev
0d13325b66 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6: (24 commits)
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  Fix bug#72697 - select_colors write out-of-bounds
  Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
  Fix bug #72750: wddx_deserialize null dereference
  Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
  Improve fix for #72663
  Fix bug #70436: Use After Free Vulnerability in unserialize()
  Fix bug #72749: wddx_deserialize allows illegal memory access
  ...

Conflicts:
	Zend/zend_API.h
	ext/bz2/bz2.c
	ext/curl/interface.c
	ext/ereg/ereg.c
	ext/exif/exif.c
	ext/gd/gd.c
	ext/gd/tests/imagetruecolortopalette_error3.phpt
	ext/gd/tests/imagetruecolortopalette_error4.phpt
	ext/session/session.c
	ext/snmp/snmp.c
	ext/standard/base64.c
	ext/standard/ftp_fopen_wrapper.c
	ext/standard/quot_print.c
	ext/standard/url.c
	ext/standard/uuencode.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/wddx/tests/bug72790.phpt
	ext/wddx/tests/bug72799.phpt
	ext/wddx/wddx.c
	sapi/cli/generate_mime_type_map.php
 2016-08-17 00:43:33 -07:00
Stanislav Malyshev
8763c6090d Fix bug #72681 - consume data even if we're not storing them 2016-08-16 22:54:42 -07:00
Yasuo Ohgaki
3467526a65 Merge RFC: Session ID without hashing 
https://wiki.php.net/rfc/session-id-without-hashing
 2016-08-12 12:31:02 +09:00
Yasuo Ohgaki
a53a6b3fb4 Fix URL rewriter issues 2016-08-11 08:31:48 +09:00
Stanislav Malyshev
70d6ce3368 Merge branch 'PHP-7.0' 
* PHP-7.0: (27 commits)
  fix #72519, possible OOB using imagegif
  fix #72512, invalid read or write for palette image when invalid transparent index is used
  Apparently some envs miss SIZE_MAX
  Fix tests
  Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
  Partial fix for bug #72613 - do not allow reading past error read
  Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
  Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
  Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
  Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
  update NEWS
  Fixed bug #72570 Segmentation fault when binding parameters on a query without placeholders
  Fix bug #72562 - destroy var_hash properly
  Fix bug #72551 and bug #72552 - check before converting size_t->int
  Fix bug #72541 - size_t overflow lead to heap corruption
  Fix bug #72533 (locale_accept_from_http out-of-bounds access)
  Fix fir bug #72520
  Fix for bug #72513
  Fix for bug #72513
  CS fix and comments with bug ID
  ...

Conflicts:
	ext/standard/basic_functions.c
 2016-07-19 01:44:14 -07:00
Stanislav Malyshev
b00f8f2a5b Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  fix #72519, possible OOB using imagegif
  fix #72512, invalid read or write for palette image when invalid transparent index is used
  Apparently some envs miss SIZE_MAX
  Fix tests
  Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
  Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
  Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
  Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
  Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
  Fix bug #72562 - destroy var_hash properly
  Fix bug #72533 (locale_accept_from_http out-of-bounds access)
  Fix fir bug #72520
  Fix for bug #72513
  Fix for bug #72513
  CS fix and comments with bug ID
  Fix for HTTP_PROXY issue.
  5.6.24RC1
  add tests for bug #72512
  Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
  Fixed bug #72479 - same as #72434

Conflicts:
	Zend/zend_virtual_cwd.c
	ext/bz2/bz2.c
	ext/exif/exif.c
	ext/session/session.c
	ext/snmp/snmp.c
	ext/standard/basic_functions.c
	main/SAPI.c
	main/php_variables.c
 2016-07-19 01:39:28 -07:00
Stanislav Malyshev
4d0565b5ba Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fix #72519, possible OOB using imagegif
  fix #72512, invalid read or write for palette image when invalid transparent index is used
  Apparently some envs miss SIZE_MAX
  Fix tests
  Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
  Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
  Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
  Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
  Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
  Fix bug #72562 - destroy var_hash properly
  Fix bug #72533 (locale_accept_from_http out-of-bounds access)
  Fix fir bug #72520
  Fix for bug #72513
  CS fix and comments with bug ID
  Fix for HTTP_PROXY issue.
  add tests for bug #72512
  Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
  Fixed bug #72479 - same as #72434

Conflicts:
	ext/bz2/bz2.c
	main/SAPI.c
	main/php_variables.c
 2016-07-19 00:53:08 -07:00
Stanislav Malyshev
3798eb6fd5 Fix bug #72562 - destroy var_hash properly 2016-07-12 23:27:45 -07:00
Aaron Piotrowski
24237027bc Merge branch 'throw-error-in-extensions' 2016-07-05 02:08:39 -05:00
Dmitry Stogov
323b2733f6 Fixed compilation warnings 2016-06-22 00:40:50 +03:00
Aaron Piotrowski
7d53864574 E_RECOVERABLE_ERROR -> thrown Error 2016-06-14 13:18:43 -05:00