archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 15:08:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
81192 commits 526 branches 1434 tags 877 MiB
Commit graph

139 commits

Author SHA1 Message Date
Dmitry Stogov
f9927a6c97 Merge mainstream 'master' branch into refactoring 
During merge I had to revert:
	Nikita's patch for php_splice() (it probably needs to be applyed again)
	Bob Weinand's patches related to constant expression handling (we need to review them carefully)
	I also reverted all our attempts to support sapi/phpdbg (we didn't test it anyway)

Conflicts:
	Zend/zend.h
	Zend/zend_API.c
	Zend/zend_ast.c
	Zend/zend_compile.c
	Zend/zend_compile.h
	Zend/zend_constants.c
	Zend/zend_exceptions.c
	Zend/zend_execute.c
	Zend/zend_execute.h
	Zend/zend_execute_API.c
	Zend/zend_hash.c
	Zend/zend_highlight.c
	Zend/zend_language_parser.y
	Zend/zend_language_scanner.c
	Zend/zend_language_scanner_defs.h
	Zend/zend_variables.c
	Zend/zend_vm_def.h
	Zend/zend_vm_execute.h
	ext/date/php_date.c
	ext/dom/documenttype.c
	ext/hash/hash.c
	ext/iconv/iconv.c
	ext/mbstring/tests/zend_multibyte-10.phpt
	ext/mbstring/tests/zend_multibyte-11.phpt
	ext/mbstring/tests/zend_multibyte-12.phpt
	ext/mysql/php_mysql.c
	ext/mysqli/mysqli.c
	ext/mysqlnd/mysqlnd_reverse_api.c
	ext/mysqlnd/php_mysqlnd.c
	ext/opcache/ZendAccelerator.c
	ext/opcache/zend_accelerator_util_funcs.c
	ext/opcache/zend_persist.c
	ext/opcache/zend_persist_calc.c
	ext/pcre/php_pcre.c
	ext/pdo/pdo_dbh.c
	ext/pdo/pdo_stmt.c
	ext/pdo_pgsql/pgsql_driver.c
	ext/pgsql/pgsql.c
	ext/reflection/php_reflection.c
	ext/session/session.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
	ext/standard/array.c
	ext/standard/basic_functions.c
	ext/standard/html.c
	ext/standard/mail.c
	ext/standard/php_array.h
	ext/standard/proc_open.c
	ext/standard/streamsfuncs.c
	ext/standard/user_filters.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_variables.c
	sapi/phpdbg/phpdbg.c
	sapi/phpdbg/phpdbg_bp.c
	sapi/phpdbg/phpdbg_frame.c
	sapi/phpdbg/phpdbg_help.c
	sapi/phpdbg/phpdbg_list.c
	sapi/phpdbg/phpdbg_print.c
	sapi/phpdbg/phpdbg_prompt.c
 2014-04-26 00:32:51 +04:00
Anatol Belski
c2acdbdd3d Improved the fix for bug #67072, thanks Nikita 2014-04-18 15:13:32 +02:00
Anatol Belski
5328d42899 Fixed bug #67072 Echoing unserialized "SplFileObject" crash 
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
 2014-04-17 10:48:14 +02:00
Dmitry Stogov
6bfedfd22e Fixed unserialize() 2014-04-10 18:08:11 +04:00
Dmitry Stogov
0ae14f3a1d Fixed access to uninitialized data 2014-04-10 10:38:40 +04:00
Dmitry Stogov
6ee5e813ab var_push_dtor_no_addref() is useles (var_push_dtor() doesn't work properly as well) 2014-04-10 01:49:26 +04:00
Dmitry Stogov
c6cba55454 Use ZVAL_DEREF() macro 2014-03-27 13:39:09 +04:00
Dmitry Stogov
887189ca31 Refactored IS_INDIRECT usage for CV and object properties to support HashTable resizing 2014-03-26 18:07:31 +04:00
Dmitry Stogov
62c448ab8b Fixed serialize/unserialize problems 2014-03-17 17:23:27 +04:00
Xinchen Hui
24540362b0 Re-fixed unserialize 2014-02-26 15:51:53 +08:00
Xinchen Hui
b7052ef16d Revert "Fixed unserialize implementation (it's complicated, this issue took me 4 hours :<, need some review)" 
This reverts commit 80a178015d.
 2014-02-26 13:33:55 +08:00
Xinchen Hui
80a178015d Fixed unserialize implementation (it's complicated, this issue took me 4 hours :<, need some review) 2014-02-26 12:51:23 +08:00
Xinchen Hui
7f527d8047 Fixed reference handling in serialize/unserialize 2014-02-26 11:08:13 +08:00
Xinchen Hui
595741f6ec Fixed test fail in ext/standard/tests/serialize/bug64354_1.php 2014-02-25 17:58:01 +08:00
Xinchen Hui
dc2d758c93 Fixed segfaults 2014-02-25 16:54:26 +08:00
Dmitry Stogov
398256e5fe Use better data structures (incomplete) 2014-02-14 13:40:11 +04:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Michael Wallner
9d2cdacf4a Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  fix bug #65481 (shutdown segfault due to serialize)

Conflicts:
	ext/standard/var_unserializer.c
 2013-08-20 00:08:55 +02:00
Michael Wallner
1ac4d8f2c6 fix bug #65481 (shutdown segfault due to serialize) 2013-08-20 00:05:11 +02:00
Xinchen Hui
1be745ce1b Merge branch 'PHP-5.4' into PHP-5.5 
Conflicts:
	ext/standard/var_unserializer.c
 2013-03-09 23:10:48 +08:00
Xinchen Hui
f52b2e6a65 Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail) 
about the __sleep one, since php_serialize_* are all void function,
so,,only check exception at the very begining
 2013-03-09 23:00:58 +08:00
Xinchen Hui
85fae636d0 Merge branch 'PHP-5.4' into PHP-5.5 
Conflicts:
	ext/standard/var_unserializer.c
 2013-01-21 11:42:16 +08:00
Xinchen Hui
86c1a26169 Merge fix of #62836 to ?.re, and regenerate ?.c 2013-01-21 11:35:22 +08:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Sebastian Bergmann
eab14993fe Invoke re2c with --no-generation-date to prevent unintentional / unnecessary changes in generated files. 2012-12-06 09:28:35 +01:00
Xinchen Hui
3d93c88811 Merge branch 'PHP-5.4' 2012-08-17 18:30:03 +08:00
Xinchen Hui
0b23da1c74 Fixed bug #62836 (Seg fault or broken object references on unserialize()) 2012-08-17 18:28:32 +08:00
Pierre Joye
f44bf55558 - fix bug #60879, unserialize does not invoke __wakeup 2012-02-28 18:36:10 +00:00
Pierre Joye
ee772f60b1 - fix bug #60879, unserialize does not invoke __wakeup 2012-02-28 18:36:10 +00:00
Felipe Pena
8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
9da6f6a374 - Make valgrind happy with session_decode_error2.phpt 2011-11-09 23:50:01 +00:00
Felipe Pena
6781229e88 - Make valgrind happy with session_decode_error2.phpt 2011-11-09 23:50:01 +00:00
Gustavo André dos Santos Lopes
ecfa660a82 - Fixed #55798: serialize followed by unserialize with numeric object prop. 
gives integer prop.
 2011-09-28 14:47:42 +00:00
Gustavo André dos Santos Lopes
4eb080226b - Fixed #55798: serialize followed by unserialize with numeric object prop. 
gives integer prop.
 2011-09-28 14:47:42 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Kalle Sommer Nielsen
208aa1025d Improved performance of unserialize(), original patch by galaxy dot mipt at gmail dot com 2010-09-18 16:09:28 +00:00
Felipe Pena
9adda6199b - Updated generated file 2010-08-06 22:23:39 +00:00
Stanislav Malyshev
de8022e905 fix SplObjectStorage unserialization (CVE-2010-2225) 2010-06-29 00:58:31 +00:00
Pierre Joye
06e7d5e9cb - Fix #51424, crypt() function hangs after 3rd call 2010-06-15 09:26:22 +00:00
Michael Wallner
89e93723fb Added support for object references in recursive serialize() calls. FR #36424 2010-05-26 07:24:37 +00:00
Pierre Joye
95fcd75af2 - [doc] add stream_set_read_buffer, equivalent of stream_set_write_buffer for read operations. Fixing possible bad effects while reading devices. full context support is under work. 2010-04-12 08:25:50 +00:00
Pierre Joye
15a3c450b7 - those are in 5.3.2 now, merge to 5.3.2 section is coming 2010-02-11 21:17:13 +00:00
Sebastian Bergmann
9ba1e81665 sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php 2010-01-03 09:23:27 +00:00
Rasmus Lerdorf
5a2b41a627 Someone strap down Jani and give him a sedative please. 
This makes our toolchain work with the latest versions
of autoconf and avoids a lot of end-user grief.
 2009-11-25 01:30:06 +00:00
Rasmus Lerdorf
70c7e179de Fixed bug #44929 - Better handling of leading zeros 2009-04-08 18:10:46 +00:00
Felipe Pena
b117752f8b - MFH: Year++ 2009-03-17 23:07:40 +00:00
Matt Wilmas
927880b5cc MFH: Fixed bug #46882 (Serialize / Unserialize misbehaviour under OS with different bit numbers) 2009-03-17 22:04:10 +00:00