Commit graph

176 commits

Author SHA1 Message Date
Christoph M. Becker
e72165bb86 Fix #73203: passing additional_parameters causes mail to fail
We make sure that there's no unsigned underflow, which happened for `y==0`.
2016-09-30 11:38:09 +02:00
Anatol Belski
b837f205ca Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  add error check to sysconf call
  Going for 5.5.33 now

Conflicts:
	configure.in
	main/php_version.h
2016-02-02 14:22:31 +01:00
Anatol Belski
377d353c9f add error check to sysconf call 2016-02-02 14:19:10 +01:00
Stanislav Malyshev
309ead112f Merge branch 'PHP-5.5.32' into PHP-5.6.18
* PHP-5.5.32:
  Fixed bug #71488: Stack overflow when decompressing tar archives
  update NEWS
  add missing headers for SIZE_MAX
  backport the escapeshell* functions hardening branch
  add tests
  Fix bug #71459 - Integer overflow in iptcembed()
  Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
  Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
  Fix bug #71335: Type Confusion in WDDX Packet Deserialization
  Fix bug #71354 - remove UMR when size is 0
2016-02-01 18:32:31 -08:00
Anatol Belski
f4d7bbf4ac backport the escapeshell* functions hardening branch 2016-01-28 13:45:43 +01:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Xinchen Hui
c75d245e82 Revert "Fixed invalid read"
I must be confused while switching from master to 5.6

This reverts commit 94957a7091.
2015-07-08 22:34:27 +08:00
Xinchen Hui
94957a7091 Fixed invalid read 2015-07-08 19:19:37 +08:00
Christoph M. Becker
8da8dc04b6 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  updated NEWS
  Fixed bug #69768 (escapeshell*() doesn't cater to !)
  bump API version to 6.8
2015-06-24 00:23:39 +02:00
Christoph M. Becker
a621781fdb Fixed bug #69768 (escapeshell*() doesn't cater to !)
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and so ! should
be escaped like %.
2015-06-24 00:15:55 +02:00
Stanislav Malyshev
4e2fb47092 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  Fix bug #69646	OS command injection vulnerability in escapeshellarg
  Fix #69719 - more checks for nulls in paths
  fix test description
  Fixed Buf #68812 Unchecked return value.

Conflicts:
	ext/dom/document.c
	ext/gd/gd.c
2015-06-09 15:31:27 -07:00
Stanislav Malyshev
8036758491 Fix bug #69646 OS command injection vulnerability in escapeshellarg 2015-06-09 10:52:38 -07:00
Yasuo Ohgaki
3ea76a768c Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  Add NULL byte protection to exec, system and passthru
2015-02-14 05:26:54 +09:00
Yasuo Ohgaki
a8722f5330 Add NULL byte protection to exec, system and passthru 2015-02-14 05:25:04 +09:00
Xinchen Hui
73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Xinchen Hui
47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Rui Hirokawa
882dca647a MFH: fixed a mistake on reverting my previous patch. 2012-04-09 23:49:18 +09:00
Rui Hirokawa
b28231165a fixed a mistake on reverting my previous patch:
http://git.php.net/?p=php-src.git;a=commitdiff;h=50b2e02c045b61f99e8c72d54e6bec055aee98e4
2012-04-09 23:32:41 +09:00
Felipe Pena
8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Rui Hirokawa
50b2e02c04 revert changes to fix bug #60116. 2011-11-11 14:58:32 +00:00
Rui Hirokawa
40a951ccad revert changes to fix bug #60116. 2011-11-11 14:52:56 +00:00
Rui Hirokawa
db5d9c0b66 MFH: fixed bug #60116 (escapeshellcmd() cannot escape the characters which cause shell command injection). 2011-11-10 14:19:06 +00:00
Rui Hirokawa
71ee976a2d added a test script for bug60116 and fixed behabior of ESCAPE_CMD_END. 2011-10-30 05:57:26 +00:00
Rui Hirokawa
f17a215493 fixed bug #60116 escapeshellcmd() cannot escape the dangerous quotes. 2011-10-23 13:49:54 +00:00
Pierre Joye
9805e1674a - remove magic quotes support, functions are kept (see the NEWS entry for the details) for BC reasons but do not allow to set enable MQ 2011-07-22 11:25:30 +00:00
Pierre Joye
cc1c7af037 - remove magic quotes support, functions are kept (see the NEWS entry for the details) for BC reasons but do not allow to set enable MQ 2011-07-22 11:25:30 +00:00
Rasmus Lerdorf
a5eeecb13f Suppress a dozen unused return value warnings in places where the return
value is really not useful to us.
2011-05-16 17:22:41 +00:00
Rasmus Lerdorf
575ea1ef0b Suppress a dozen unused return value warnings in places where the return
value is really not useful to us.
2011-05-16 17:22:41 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Pierrick Charron
19ff5b7916 Remove unused variables 2010-06-01 17:13:50 +00:00
Michael Wallner
11d24c1593 * implement new output API, fixing some bugs and implementing some feature
requests--let's see what I can dig out of the bugtracker for NEWS--
  and while crossing the road:
   * implemented new zlib API
   * fixed up ext/tidy (what was "s&" in zend_parse_parameters() supposed to do?)

Thanks to Jani and Felipe for pioneering.
2010-05-31 10:29:43 +00:00
Pierrick Charron
91ee07814e Remove unused variables 2010-04-27 00:09:55 +00:00
Kalle Sommer Nielsen
dd8e59da8f Removed safe_mode
* Removed ini options, safe_mode*
 * Removed --enable-safe-mode --with-exec-dir configure options on Unix
 * Updated extensions, SAPI's and core
 * php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore
2010-04-26 23:53:30 +00:00
Jani Taskinen
af49e58f51 - Reverted r296062 and r296065 2010-03-12 10:28:59 +00:00
Jani Taskinen
06f072cb5e MFH: Improved / fixed output buffering (Michael Wallner) 2010-03-11 10:24:29 +00:00
Ilia Alshanetsky
6254378830 Fixed bug #50732 (exec() adds single byte twice to $output array). 2010-01-13 13:44:58 +00:00
Sebastian Bergmann
9ba1e81665 sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php 2010-01-03 09:23:27 +00:00
Ilia Alshanetsky
31729738c7 Fixed bug #49847 (exec() fails to return data inside 2nd parameter, given output lines >4095 bytes). 2009-10-14 01:32:07 +00:00
Pierre Joye
ea81bfcf7a - MFB: #45997, safe_mode bypass with exec/sytem/passthru (windows only) 2009-04-30 15:25:37 +00:00
Ilia Alshanetsky
bd7f4375a3 Fixed bug #47937 (system() calls sapi_flush() regardless of output
buffering)
2009-04-19 14:59:52 +00:00
Sebastian Bergmann
08659c2dcd MFH: Bump copyright year, 3 of 3. 2008-12-31 11:15:49 +00:00
Felipe Pena
c0c9fb9def - Revert 2008-10-16 13:00:27 +00:00
Alexey Zakhlestin
e06765b9c5 Fixed compilation warnings: tsrm_ls is not used here (anymore?) 2008-10-16 11:59:37 +00:00
Pierre Joye
61c4fee6b0 - [DOC] MFH: improve fix for #43261 for % and " 2008-08-17 15:23:45 +00:00
Scott MacVicar
8d3bfaa01f Fix windows build error. 2008-07-22 21:53:53 +00:00
Scott MacVicar
d8d69652dd MFH: Add test for escapeshellcmd and restore previous behaviour with stripping % on Windows. 2008-07-22 16:21:16 +00:00