archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-17 14:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
122692 commits 526 branches 1434 tags 869 MiB
Commit graph

261 commits

Author SHA1 Message Date
Anatol Belski
2c691f06b5 reapply the sysconf error check patch 2016-02-02 14:26:58 +01:00
Anatol Belski
b837f205ca Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  add error check to sysconf call
  Going for 5.5.33 now

Conflicts:
	configure.in
	main/php_version.h
 2016-02-02 14:22:31 +01:00
Anatol Belski
377d353c9f add error check to sysconf call 2016-02-02 14:19:10 +01:00
Stanislav Malyshev
309ead112f Merge branch 'PHP-5.5.32' into PHP-5.6.18 
* PHP-5.5.32:
  Fixed bug #71488: Stack overflow when decompressing tar archives
  update NEWS
  add missing headers for SIZE_MAX
  backport the escapeshell* functions hardening branch
  add tests
  Fix bug #71459 - Integer overflow in iptcembed()
  Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
  Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
  Fix bug #71335: Type Confusion in WDDX Packet Deserialization
  Fix bug #71354 - remove UMR when size is 0
 2016-02-01 18:32:31 -08:00
Anatol Belski
f4d7bbf4ac backport the escapeshell* functions hardening branch 2016-01-28 13:45:43 +01:00
Anatol Belski
a9048d101f extend _SC_ARG_MAX usage onto platforms where it's available 2016-01-28 12:06:33 +01:00
Anatol Belski
c527549e89 Fixed bug #71039 exec functions ignore length but look for NULL termination 2016-01-12 14:57:22 +01:00
Anatol Belski
22a5ccab72 Follow up on bug #71270 
Using the max allowed command line length for an underlying OS.
 2016-01-12 14:41:44 +01:00
libnex
2871c70efa Patch for Heap Buffer Overflow in EscapeShell 
Proposed patch for bug #71270
 2016-01-06 07:49:21 +01:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Happy new year (Update copyright to 2016)
 2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Xinchen Hui
c75d245e82 Revert "Fixed invalid read" 
I must be confused while switching from master to 5.6

This reverts commit 94957a7091.
 2015-07-08 22:34:27 +08:00
Xinchen Hui
da333bfbd8 Fixed bug #70018 (exec does not strip all whitespace) 
Merge branch 'PHP-5.6'

Conflicts:
	ext/standard/exec.c
 2015-07-08 19:30:58 +08:00
Xinchen Hui
94957a7091 Fixed invalid read 2015-07-08 19:19:37 +08:00
Dmitry Stogov
4a2e40bb86 Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes). 2015-06-30 04:05:24 +03:00
Christoph M. Becker
00adcbd3e9 Merge branch 'PHP-5.6' 
* PHP-5.6:
  updated NEWS
  Fixed bug #69768 (escapeshell*() doesn't cater to !)
  bump API version to 6.8
 2015-06-24 00:47:18 +02:00
Christoph M. Becker
8da8dc04b6 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  updated NEWS
  Fixed bug #69768 (escapeshell*() doesn't cater to !)
  bump API version to 6.8
 2015-06-24 00:23:39 +02:00
Christoph M. Becker
a621781fdb Fixed bug #69768 (escapeshell*() doesn't cater to !) 
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and so ! should
be escaped like %.
 2015-06-24 00:15:55 +02:00
Stanislav Malyshev
563462fbf8 Fixed bug #69646 (OS command injection vulnerability in escapeshellarg) 2015-06-09 21:37:17 -07:00
Stanislav Malyshev
4e2fb47092 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #69646	OS command injection vulnerability in escapeshellarg
  Fix #69719 - more checks for nulls in paths
  fix test description
  Fixed Buf #68812 Unchecked return value.

Conflicts:
	ext/dom/document.c
	ext/gd/gd.c
 2015-06-09 15:31:27 -07:00
Stanislav Malyshev
8036758491 Fix bug #69646 OS command injection vulnerability in escapeshellarg 2015-06-09 10:52:38 -07:00
Dmitry Stogov
d146d15003 Optimize zend_string_realloc() add more specialized versions zend_string_extend() and zend_string_truncate() 2015-03-20 02:02:42 +03:00
Yasuo Ohgaki
7d0e3c01e6 Added NULL byte protection to exec, system and passthru. 2015-02-14 05:37:56 +09:00
Yasuo Ohgaki
096fb06dab Merge branch 'PHP-5.6' 
* PHP-5.6:
  Add NULL byte protection to exec, system and passthru
 2015-02-14 05:28:32 +09:00
Yasuo Ohgaki
3ea76a768c Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Add NULL byte protection to exec, system and passthru
 2015-02-14 05:26:54 +09:00
Yasuo Ohgaki
a8722f5330 Add NULL byte protection to exec, system and passthru 2015-02-14 05:25:04 +09:00
Xinchen Hui
fc33f52d8c bump year 2015-01-15 23:27:30 +08:00
Xinchen Hui
73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Stanislav Malyshev
b7a7b1a624 trailing whitespace removal 2015-01-10 15:07:38 -08:00
Anatol Belski
bdeb220f48 first shot remove TSRMLS_* things 2014-12-13 23:06:14 +01:00
Veres Lajos
4b9535341a typo fixes - https://github.com/vlajos/misspell_fixer 2014-11-19 20:23:00 +00:00
Anatol Belski
82c2e3f201 fix build 
ifdef this var declaration to avoid the vs warning
 2014-11-14 22:19:41 +01:00
Anatol Belski
dbddbcc950 remove unused var 2014-11-14 17:39:40 +01:00
Anatol Belski
0565a29e4d fix datatype mismatches 2014-10-22 20:46:33 +02:00
Johannes Schlüter
d0cb715373 s/PHP 5/PHP 7/ 2014-09-19 18:33:14 +02:00
Anatol Belski
bf96ee95ce 's' works with size_t round 4 2014-08-27 20:49:37 +02:00
Anatol Belski
3234480827 first show to make 's' work with size_t 2014-08-27 20:49:31 +02:00
Xinchen Hui
a3fd5b6954 Unused variable 2014-08-26 11:50:42 +08:00
Anatol Belski
c3e3c98ec6 master renames phase 1 2014-08-25 19:24:55 +02:00
Anatol Belski
745a71be33 yet more fixes to zpp 2014-08-20 14:46:14 +02:00
Anatol Belski
cb25136f4e fix macros in the 5 basic extensions 2014-08-16 11:37:14 +02:00
Dmitry Stogov
c1965f58d4 Use reference counting instead of zval duplication 2014-06-05 16:04:11 +04:00
Dmitry Stogov
050d7e38ad Cleanup (1-st round) 2014-04-15 15:40:40 +04:00
Dmitry Stogov
f0989e332f Fixed char*/zend_string* inconsistency 2014-03-07 18:23:57 +04:00
Xinchen Hui
e3de898d98 Paramter are references 2014-03-03 23:14:57 +08:00
Xinchen Hui
70ddc853fd Refactor php_escape_shell_* to return zend_string 2014-03-03 17:33:40 +08:00
Dmitry Stogov
fe5c1cc48f Fixed crach because of dereferencing of NULL pointer 2014-02-25 16:25:45 +04:00
Xinchen Hui
5adeaa147d Refactoring php_stream_copy_to_mem to return zend_string 2014-02-24 18:12:30 +08:00
Dmitry Stogov
40e053e7f3 Use better data structures (incomplete) 2014-02-13 17:54:23 +04:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00