archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-17 14:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
131218 commits 526 branches 1434 tags 869 MiB
Commit graph

948 commits

Author SHA1 Message Date
Yasuo Ohgaki
31ae802736 Fix uninitialized read in rfc1867 handler reported by valgrind. Only in PHP 5.6. 
This commit fixes initialized read, but calling php_session_initialize() directly
is problematic because configuration could be invalid. Invalid config may result
in segfault. This will be addressed later.
 2016-01-15 15:18:00 +09:00
Yasuo Ohgaki
132d919c85 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Improved fix for bug #68063 (Empty session IDs do still start sessions).
 2016-01-15 10:19:01 +09:00
Yasuo Ohgaki
8c37a086c7 Improved fix for bug #68063 (Empty session IDs do still start sessions). 2016-01-15 09:45:08 +09:00
Yasuo Ohgaki
63c77ee4b1 Use php_session_abort() 2016-01-12 20:39:33 +09:00
Yasuo Ohgaki
224aaf94af Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed Bug #71038 session_start() returns TRUE on failure
 2016-01-12 19:52:54 +09:00
Yasuo Ohgaki
a15e9ccba8 Fixed Bug #71038 session_start() returns TRUE on failure 2016-01-12 19:09:49 +09:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Happy new year (Update copyright to 2016)
 2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Yasuo Ohgaki
57be57ac94 Fix ZTS build 2015-12-16 11:10:39 +09:00
Yasuo Ohgaki
714f28d8e4 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #71122 Session GC may not remove obsolete session data
 2015-12-16 09:34:41 +09:00
Yasuo Ohgaki
e8f1c29cc9 Fixed bug #71122 Session GC may not remove obsolete session data 2015-12-16 09:15:05 +09:00
Yasuo Ohgaki
8161230505 Fixed Bug #71122 Session GC may not remove obsolete session data 2015-12-15 10:27:28 +09:00
Yasuo Ohgaki
1e042ae4a7 Fix merge conflict 2015-12-15 10:30:16 +09:00
Yasuo Ohgaki
a03786f773 Use distinguishable error messages. 2015-11-13 21:25:10 +09:00
Xinchen Hui
e9fd8ad446 Fixed bug #70876 (Segmentation fault when regenerating session id with strict mode) 2015-11-07 07:30:31 -08:00
Remi Collet
286b157a5f fix regressio introduce in 22e23e7cb8 2015-09-16 14:32:05 +02:00
Xinchen Hui
066c05e51f Suppressed warning about this function is not used 2015-09-15 08:54:14 -07:00
Yasuo Ohgaki
3bf9bd5e92 Fix typo in comment. 2015-09-08 18:52:31 +09:00
Yasuo Ohgaki
f4c9deb452 Add URL rewrite issue note. 2015-09-08 18:50:40 +09:00
Yasuo Ohgaki
aa352a34fd Make sure closing save handler. 2015-09-07 04:55:08 +09:00
Yasuo Ohgaki
f34b858ed0 Fix #70013: Reference to $_SESSION is lost after a call to session_regenerate_id() 2015-09-07 03:57:03 +09:00
Anatol Belski
2d72a17ab9 use correct api 2015-09-02 17:25:00 +02:00
Anatol Belski
45a72785b5 fix leak 2015-09-02 17:20:24 +02:00
Stanislav Malyshev
6640aded24 fix memory leak 2015-09-02 01:21:47 -07:00
Stanislav Malyshev
9b1a224d4e Merge branch 'PHP-5.6' 
* PHP-5.6: (21 commits)
  fix unit tests
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  ...

Conflicts:
	ext/exif/exif.c
	ext/gmp/gmp.c
	ext/pcre/php_pcre.c
	ext/session/session.c
	ext/session/tests/session_decode_variation3.phpt
	ext/soap/soap.c
	ext/spl/spl_observer.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/xsl/xsltprocessor.c
 2015-09-02 00:37:20 -07:00
Stanislav Malyshev
a6c063d663 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  More fixes for bug #70219
 2015-09-01 12:51:48 -07:00
Stanislav Malyshev
c19d59c550 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/zip/php_zip.c
 2015-09-01 12:06:41 -07:00
Stanislav Malyshev
33d3acaae7 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-09-01 11:42:19 -07:00
Stanislav Malyshev
fc8eff897b More fixes for bug #70219 2015-08-28 21:50:21 -07:00
Stanislav Malyshev
24dda816d0 Merge branch 'PHP-5.4.45' into PHP-5.5.29 
* PHP-5.4.45:
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  5.4.45 next

Conflicts:
	configure.in
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-08-25 23:08:49 -07:00
Stanislav Malyshev
df4bf28f9f Fix bug #70219 (Use after free vulnerability in session deserializer) 2015-08-23 19:56:12 -07:00
Anatol Belski
6065b29fe4 Reverted ad4533fdba 
The E_ERROR to E_RECOVERABLE_ERROR should be readded with the
proper tests.
 2015-07-21 11:18:36 +02:00
Yasuo Ohgaki
ad4533fdba Change E_ERROR and some E_WARNING to E_RECOVERABLE_ERROR. 2015-07-21 12:59:23 +09:00
Aaron Piotrowski
7ec1e17464 Update memory freeing and other issues, revert some changes 2015-07-05 23:25:53 -05:00
Aaron Piotrowski
907476f34c Convert E_ERROR to thrown Error in extensions 2015-07-05 12:16:57 -05:00
Dmitry Stogov
4a2e40bb86 Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes). 2015-06-30 04:05:24 +03:00
Dmitry Stogov
4bd22cf1c1 Improved zend_string API (Francois Laupretre) 
Squashed commit of the following:

commit d96eab8d79
Author: Francois Laupretre <francois@tekwire.net>
Date:   Fri Jun 26 01:23:31 2015 +0200

    Use the new 'ZSTR' macros in the rest of the code.

    Does not change anything to the generated code (thanks to compat macros) but cleaner.

commit b352643910
Author: Francois Laupretre <francois@tekwire.net>
Date:   Thu Jun 25 13:45:06 2015 +0200

    Improve zend_string API

    Add missing methods
 2015-06-29 16:44:54 +03:00
Bob Weinand
b477aa1fad Fix bug #69952 (Dereferencing issue in session_start()) 2015-06-28 16:30:58 +02:00
Dmitry Stogov
1c754f0b71 Get rid of more ZVAL_ZVAL() macros 2015-06-12 13:33:14 +03:00
Josef Šimánek
413d23f6f0 Remove MSIE 5-specific Cache-Control fields. 
reverts 04daa55
 2015-05-12 09:53:17 +02:00
Anatol Belski
512429ffc5 fix datatype mismatches 2015-03-24 22:02:33 +01:00
Anatol Belski
3066851dab fix datatype mismatches 2015-03-24 22:02:29 +01:00
Anatol Belski
663074b6b1 cleanup mod version macros and mod defs, round x 2015-03-23 21:30:22 +01:00
Julien Pauli
4d3a3811a9 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fix flaws in session module

Conflicts:
	ext/session/session.c
 2015-03-16 16:11:02 +01:00
Julien Pauli
2a50877428 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix flaws in session module
 2015-03-16 16:01:12 +01:00
Julien Pauli
4dba99c226 Fix flaws in session module 2015-03-16 16:00:46 +01:00
Dmitry Stogov
8633685675 Use specialized macro for string zval creation 2015-03-12 16:53:51 +03:00
Reeze Xia
609f05fc19 ZTS cleanup 2015-03-08 19:25:55 +08:00
Anatol Belski
af3ca74501 made ZEND_TSRMLS_CACHE_* macros look like function calls 
which also comply with the current semantics for such macros
 2015-02-16 17:19:32 +01:00
Dmitry Stogov
e10e151e9b Merged zend_array and HashTable into the single data structure. 
Now each HashTable is also zend_array, so it's refcounted and may be a subject for Copy on Write
zend_array_dup() was changed to allocate and return HashTable, instead of taking preallocated HashTable as argument.
 2015-02-13 22:20:39 +03:00