archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-20 09:24:05 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
110438 commits 526 branches 1434 tags 881 MiB
Commit graph

443 commits

Author SHA1 Message Date
Xinchen Hui
148bb622fa Revert "Fixed bug #70876 Segmentation fault when regenerating session id with strict mode" 
This reverts commit 0bf3ebb4ba.
 2015-11-07 07:17:43 -08:00
Reeze Xia
0bf3ebb4ba Fixed bug #70876 Segmentation fault when regenerating session id with strict mode 
The comment *mod_data always be non-NULL is not true.
The same as this FIXME: https://github.com/php/php-src/blob/master/ext/session/mod_files.c#L676
 2015-11-07 21:46:21 +08:00
Anatol Belski
bfd2637068 fix test 2015-09-29 13:04:06 +02:00
Matteo Beccati
cc875d1a25 Skip session_regenerate_id_cookie.phpt when there's no cgi 2015-09-18 07:51:46 +02:00
Yasuo Ohgaki
e341eb94cb Add test for #70516 session_regenerate_id() does not send session ID cookie 2015-09-17 05:36:47 +09:00
Yasuo Ohgaki
ab0e347f26 Add more test cases 2015-09-08 18:44:23 +09:00
Yasuo Ohgaki
f34b858ed0 Fix #70013: Reference to $_SESSION is lost after a call to session_regenerate_id() 2015-09-07 03:57:03 +09:00
Anatol Belski
ebb6f5eae6 fix dir separators in test 2015-09-02 17:26:35 +02:00
Stanislav Malyshev
9b1a224d4e Merge branch 'PHP-5.6' 
* PHP-5.6: (21 commits)
  fix unit tests
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  ...

Conflicts:
	ext/exif/exif.c
	ext/gmp/gmp.c
	ext/pcre/php_pcre.c
	ext/session/session.c
	ext/session/tests/session_decode_variation3.phpt
	ext/soap/soap.c
	ext/spl/spl_observer.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/xsl/xsltprocessor.c
 2015-09-02 00:37:20 -07:00
Stanislav Malyshev
c19d59c550 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/zip/php_zip.c
 2015-09-01 12:06:41 -07:00
Stanislav Malyshev
33d3acaae7 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-09-01 11:42:19 -07:00
Stanislav Malyshev
24dda816d0 Merge branch 'PHP-5.4.45' into PHP-5.5.29 
* PHP-5.4.45:
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  5.4.45 next

Conflicts:
	configure.in
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-08-25 23:08:49 -07:00
Stanislav Malyshev
df4bf28f9f Fix bug #70219 (Use after free vulnerability in session deserializer) 2015-08-23 19:56:12 -07:00
Anatol Belski
6065b29fe4 Reverted ad4533fdba 
The E_ERROR to E_RECOVERABLE_ERROR should be readded with the
proper tests.
 2015-07-21 11:18:36 +02:00
Yasuo Ohgaki
ad4533fdba Change E_ERROR and some E_WARNING to E_RECOVERABLE_ERROR. 2015-07-21 12:59:23 +09:00
Aaron Piotrowski
7ec1e17464 Update memory freeing and other issues, revert some changes 2015-07-05 23:25:53 -05:00
Aaron Piotrowski
907476f34c Convert E_ERROR to thrown Error in extensions 2015-07-05 12:16:57 -05:00
Aaron Piotrowski
e97d5fab35 Update exception names in tests after formatting changes. 2015-05-17 17:31:43 -05:00
Nikita Popov
3ae995f03c Tweak uncaught exception message display 
This implements a reduced variant of #1226 with just the following
change:

-Fatal error: Uncaught exception 'EngineException' with message 'Call to private method foo::bar() from context ''' in %s:%d
+Fatal error: Uncaught EngineException: Call to private method foo::bar() from context '' in %s:%d

The '' wrapper around messages is very weird if the exception
message itself contains ''. Futhermore having the message wrapped
in '' doesn't work for the "and defined" suffix of
TypeExceptions.
 2015-05-17 18:47:06 +02:00
Nikita Popov
c9f27ee422 Display EngineExceptions like ordinary exceptions 
TypeException stays as-is for now because it uses messages that are
incompatible with the way exception messages are displayed.

closure_038.phpt and a few others now show that we're generating
too many exceptions for compound operations on undefined properties
-- this needs to be fixed in a followup.
 2015-05-15 23:40:32 +02:00
Nikita Popov
8d00385871 Reclassify E_STRICT notices 
Per RFC https://wiki.php.net/rfc/reclassify_e_strict

While reviewing this, found that there are still three E_STRICTs
left in libraries - need to discuss those.
 2015-04-01 11:17:55 +02:00
Nikita Popov
6ef9216269 Finish PHP 4 constructor deprecation 2015-03-31 17:55:27 +02:00
Andrea Faulds
db76b708cf Deprecate PHP 4 constructors 2015-03-31 17:55:27 +02:00
Anatol Belski
b680ccb2b0 the test shouldn't fail when unlink failed 2015-03-13 17:33:47 +01:00
Dmitry Stogov
1c94ff0595 Implement engine exceptions 
RFC: https://wiki.php.net/rfc/engine_exceptions_for_php7

Pending changes regarding naming of BaseException and whether it
should be an interface.
 2015-03-09 14:01:32 +01:00
Anatol Belski
2895912756 fix dir separator in test 2015-02-11 15:10:48 +01:00
Yasuo Ohgaki
5afe554d32 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fixed bug #68063 Empty session IDs do still start sessions

Conflicts:
	ext/session/session.c
	ext/session/tests/bug61470.phpt
 2015-02-03 13:49:14 +09:00
Yasuo Ohgaki
2983ef3c48 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed bug #68063 Empty session IDs do still start sessions
 2015-02-03 13:41:31 +09:00
Yasuo Ohgaki
853ae39d6e Fixed bug #68063 Empty session IDs do still start sessions 2015-02-03 13:38:49 +09:00
Yasuo Ohgaki
665997bf16 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Bug #61470 is fixed only in master
 2015-02-03 12:26:25 +09:00
Yasuo Ohgaki
17beba686e Bug #61470 is fixed only in master 2015-02-03 12:26:01 +09:00
Yasuo Ohgaki
e93042998a Fixed bug #61470 - session_regenerate_id() does not create session file. 
Made session_regenerate_id() raise error for wrong usage.
 2015-02-03 12:23:00 +09:00
Yasuo Ohgaki
92576c7c49 XFAIL broken test for now. 
Partially fixed test session.save_path difference.
 2015-02-03 03:05:03 +09:00
Yasuo Ohgaki
c7eea5a79b Merge branch 'PHP-5.6' 
* PHP-5.6:
  Add test for bug #61470. It is already fixed.
 2015-02-02 18:41:25 +09:00
Yasuo Ohgaki
675a12bbcf Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Add test for bug #61470. It is already fixed.
 2015-02-02 18:39:48 +09:00
Yasuo Ohgaki
fb803ff819 Add test for bug #61470. It is already fixed. 2015-02-02 18:39:07 +09:00
Yasuo Ohgaki
f248df9003 Cleanup trans sid code. Behavior is unchanged. 
Fixed possible injections. Escape values usually internal safe values.
 2015-02-02 17:06:16 +09:00
Xinchen Hui
4da7e4de29 The argument must be not changed in session_start 2015-01-29 12:26:13 +08:00
Yasuo Ohgaki
7a97eaf25d Cleanup session id files after test 2015-01-29 10:31:39 +09:00
Yasuo Ohgaki
f90f6108c8 Merge branch 'master' into master-rfc-session-lock4 
Conflicts:
	UPGRADING
 2015-01-29 09:55:36 +09:00
Xinchen Hui
a0cf025134 Fixed #68868 (Segfault in clean_non_persistent_constants() in SugarCRM 6.5.20) 2015-01-28 17:12:23 +08:00
Yasuo Ohgaki
4d747b1356 Forgot to apply important peace of patch 2015-01-28 14:22:22 +09:00
Yasuo Ohgaki
0c9bfa96b2 Make session_decode return FALSE when it fails. 
Fix a test.
Use proper types.
 2015-01-25 15:26:00 +09:00
Yasuo Ohgaki
e6c8640a2a WIP - test passes 2015-01-22 13:34:58 +09:00
Yasuo Ohgaki
6b8328de74 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fixed bug #68331 - This was partial patch for https://wiki.php.net/rfc/session-lock-ini
  Fixed 2 tests that expects bool retrun value from save handler.

Conflicts:
	ext/session/session.c
 2014-11-06 13:49:43 +09:00
Yasuo Ohgaki
4dd3fbfcd2 Fixed bug #68331 - This was partial patch for https://wiki.php.net/rfc/session-lock-ini 2014-11-06 13:06:29 +09:00
Adam Harvey
d91717f458 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fix bug #67972 (SessionHandler Invalid memory read create_sid()).
  Update LSAPI to 6.7, added support for 'filter_input'. Fixed a crash in CLI mode.
  5.5.18 now
 2014-09-08 19:31:58 +00:00
Adam Harvey
0cbfdc9df5 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix bug #67972 (SessionHandler Invalid memory read create_sid()).
  Update LSAPI to 6.7, added support for 'filter_input'. Fixed a crash in CLI mode.
  5.5.18 now

Conflicts:
	configure.in
	main/php_version.h
 2014-09-08 19:28:15 +00:00
Adam Harvey
bc44eb6172 Fix bug #67972 (SessionHandler Invalid memory read create_sid()). 
SessionHandler::create_sid() didn't check if PS(default_mod) was initialised
before attempting to call its create_sid() handler.
 2014-09-08 19:25:14 +00:00
Tjerk Meesters
86674b5837 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fixed #67694: Regression in session_regenerate_id()

Conflicts:
	ext/session/session.c
 2014-08-23 09:21:36 +08:00