Commit graph

437 commits

Author SHA1 Message Date
Joe Watkins
0d768f74b6 Merge branch 'pull-request/2152' 2016-10-20 05:25:03 +01:00
Keith Smiley
31cbce341c soap #69137 - Fix SSL verify when using a proxy
Name verification was failing because the OpenSSL extension was picking
the proxy server's address when guessing which name to compare to the
SSL certificate. This scenario is already handled for stream wrappers
in http_fopen_wrapper.c. This patch applies the same fix to the SOAP
extension: when a proxy is used, set peer_name explicitly on the stream
context.
2016-10-03 14:02:34 -04:00
Anatol Belski
4685297f05 Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
  Revert "Fixed bug #73037 SoapServer reports Bad Request when gzipped"
2016-09-23 18:46:51 +02:00
Anatol Belski
075aa911ff Revert "Fixed bug #73037 SoapServer reports Bad Request when gzipped"
This reverts commit f9a699f6c3.
2016-09-23 18:45:03 +02:00
Anatol Belski
f9a699f6c3 Fixed bug #73037 SoapServer reports Bad Request when gzipped
(cherry picked from commit 410c68788a)
2016-09-23 18:06:12 +02:00
Anatol Belski
410c68788a Fixed bug #73037 SoapServer reports Bad Request when gzipped 2016-09-23 16:02:50 +02:00
Dmitry Stogov
adc95c5114 Fixed compilation warnings 2016-06-23 12:47:06 +03:00
Dmitry Stogov
1616038698 Added ZEND_ATTRIBUTE_FORMAT to some middind functions.
"%p" replaced by ZEND_LONG_FMT to avoid compilation warnings.
Fixed most incorrect use cases of format specifiers.
2016-06-21 16:00:37 +03:00
Dmitry Stogov
f0a2e8eb13 Removed "zend_fcall_info.function_table". It was assigned in many places, but is never used. 2016-04-27 13:46:38 +03:00
Nikita Popov
f57c0b3249 Merge branch 'PHP-7.0' 2016-03-03 16:50:47 +01:00
Nikita Popov
1ac152938c Move semicolon into TSRMLS_CACHE_EXTERN/DEFINE
Also re bug #71575.
2016-03-03 16:50:01 +01:00
Dmitry Stogov
c67c166f93 Removed zend_fcall_info.symbol_table 2016-03-02 17:50:55 +03:00
Anatol Belski
33cc42d8a5 port 4308c868f9 to 7.0 2016-01-14 18:38:30 +01:00
Anatol Belski
4308c868f9 Fixed bug #70979 crash with bad soap request
The error handler is overloaded with the SOAP one. However the SOAP
handler eventually wants to access some of its globals. This won't
work as long as the SOAP globals aren't initialized. The use case
is when an error is thrown before RINIT went through. As the call
order is arbitrary, the safest is to wait when all the modules
called their RINIT.
2016-01-14 17:42:28 +01:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
  Happy new year (Update copyright to 2016)
2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Xinchen Hui
5df6f9f20e Fixed bug #70993 (Array key references break argument processing) 2015-11-30 10:50:23 +08:00
Remi Collet
6680c2b22e Fixed bug #70940 Segfault in soep / type_to_string 2015-11-19 08:18:13 +01:00
Dmitry Stogov
5cccd6c5b6 Fixed memory leak and avoid reallocations 2015-09-24 01:19:15 +03:00
Stanislav Malyshev
9b1a224d4e Merge branch 'PHP-5.6'
* PHP-5.6: (21 commits)
  fix unit tests
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  ...

Conflicts:
	ext/exif/exif.c
	ext/gmp/gmp.c
	ext/pcre/php_pcre.c
	ext/session/session.c
	ext/session/tests/session_decode_variation3.phpt
	ext/soap/soap.c
	ext/spl/spl_observer.c
	ext/standard/var.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/xsl/xsltprocessor.c
2015-09-02 00:37:20 -07:00
Stanislav Malyshev
c19d59c550 Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  update NEWS
  add NEWS for fixes
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	ext/zip/php_zip.c
2015-09-01 12:06:41 -07:00
Stanislav Malyshev
33d3acaae7 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  Improve fix for #70172
  Fix bug #70312 - HAVAL gives wrong hashes in specific cases
  fix test
  add test
  Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
  Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
  Fix bug #70172 - Use After Free Vulnerability in unserialize()
  Fix bug #70388 - SOAP serialize_function_call() type confusion
  Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
  Improve fix for #70385
  Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
  Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  Add CVE IDs asigned (post release) to PHP 5.4.43
  Add CVE IDs asigned to #69085 (PHP 5.4.39)
  5.4.45 next

Conflicts:
	configure.in
	ext/pcre/php_pcre.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
2015-09-01 11:42:19 -07:00
Stanislav Malyshev
e201f01ac1 Fix bug #70388 - SOAP serialize_function_call() type confusion 2015-08-31 21:06:03 -07:00
Anatol Belski
150dead2d9 add range check to ext/soap 2015-08-26 16:39:54 +02:00
Aaron Piotrowski
fbcc823952 Remove E_EXCEPTION 2015-07-03 17:53:42 -05:00
Aaron Piotrowski
ed1b64877d Switch position of ce in exception ce variable names 2015-07-03 09:45:03 -05:00
Aaron Piotrowski
a812a74c2e Change zend_exception_get_default() to zend_exception_ce 2015-07-03 09:44:48 -05:00
Aaron Piotrowski
f9e9d3a437 Cleanup exception ce API
Removed recently added functions to get Error ce's and marked the old functions
fetching default_exception_ce and error_exception_ce as deprecated.
2015-07-03 09:44:30 -05:00
Dmitry Stogov
6daed13c8b Cleanup (removed dead code) 2015-07-01 22:18:40 +03:00
Dmitry Stogov
4a2e40bb86 Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes). 2015-06-30 04:05:24 +03:00
Rasmus Lerdorf
28d7bb97a1 Fix more proto comments 2015-06-23 17:46:20 -04:00
Aaron Piotrowski
26b35cab46 Make zend_get_exception_base static.
Soap extension can use other API functions.
2015-05-17 11:52:41 -05:00
Aaron Piotrowski
d042d08807 Remodel exceptions based on Throwable interface
Added Throwable interface that exceptions must
implement in order to be thrown. BaseException
was removed, EngineException renamed to
Error, and TypeException and ParseException
renamed to TypeError and ParseError. Exception
and Error no longer extend a common base
class, rather they both implement the Throwable
interface.
2015-05-16 15:30:59 -05:00
Dmitry Stogov
15a5f61cf4 Use fast method to check if first arguments should be passed by reference (not tested onbig endian). 2015-04-22 21:46:13 +03:00
Dmitry Stogov
3037665f04 Fixed use after free 2015-04-14 16:42:02 +03:00
Remi Collet
ff70b40dc9 fix type in fix for #69085 2015-04-13 14:41:39 +02:00
Remi Collet
dc0f2a5bad Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  fix type in fix for #69085
2015-04-13 14:40:43 +02:00
Remi Collet
c61ceef779 fix type in fix for #69085
(cherry picked from commit 085e9ddc26f37ce556b8fd787044746e726264b2)
2015-04-13 14:40:05 +02:00
Xinchen Hui
f23f7dfed0 Use new macros 2015-04-08 14:30:47 +08:00
Dmitry Stogov
685ab95add Convert fatal errors on improper access to static properties into EngineExceptions 2015-03-31 16:35:27 +03:00
Anatol Belski
663074b6b1 cleanup mod version macros and mod defs, round x 2015-03-23 21:30:22 +01:00
Dmitry Stogov
ca783218e7 Merge branch 'PHP-5.6'
* PHP-5.6:
  Fixed bug #69152

Conflicts:
	ext/soap/soap.c
2015-03-19 11:54:56 +03:00
Dmitry Stogov
0c3de98368 Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  Fixed bug #69152
2015-03-19 11:48:10 +03:00
Dmitry Stogov
9bdbc7490f Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  Fixed bug #69152
2015-03-19 11:42:49 +03:00
Dmitry Stogov
51856a76f8 Fixed bug #69152 2015-03-19 11:36:01 +03:00
Dmitry Stogov
8633685675 Use specialized macro for string zval creation 2015-03-12 16:53:51 +03:00
Dmitry Stogov
026b0adc50 Fixed memory leaks 2015-03-11 01:28:13 +03:00
Dmitry Stogov
1c94ff0595 Implement engine exceptions
RFC: https://wiki.php.net/rfc/engine_exceptions_for_php7

Pending changes regarding naming of BaseException and whether it
should be an interface.
2015-03-09 14:01:32 +01:00
Reeze Xia
6cb3b941df Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  Improve fix for bug 67741
  Added type checks
  Added type checks
2015-03-03 16:27:35 +08:00
Dmitry Stogov
143cc67282 Merge branch 'PHP-5.6'
* PHP-5.6:
  Added type checks
  Update NEWS

Conflicts:
	NEWS
	ext/soap/php_encoding.c
	ext/soap/soap.c
2015-03-03 10:56:11 +03:00