clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-23 10:57:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
81,112 Commits 491 Branches 1,363 Tags 844 MiB
08241ee3f3
Commit Graph

108 Commits

Author SHA1 Message Date
Anatol Belski
6cf5ac7567 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fix dir separators in test
 2014-12-05 07:08:35 +01:00
Anatol Belski
c65143d571 fix dir separators in test 2014-12-05 07:07:58 +01:00
Stanislav Malyshev
88eb7ea47d Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-14 10:44:57 -07:00
Stanislav Malyshev
9aa9014523 Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-14 10:43:13 -07:00
Stanislav Malyshev
78c3ca105b remove bug67072_2 test for 5.6+ since we'd have cleaner solution 2014-06-24 11:24:07 -07:00
Stanislav Malyshev
cfe06eb2b1 Better fix for bug #67072 with more BC provisions 2014-06-24 10:30:03 -07:00
Stanislav Malyshev
342240fd7f Better fix for bug #67072 with more BC provisions 2014-06-21 21:30:34 -07:00
Ferenc Kovacs
c38ab260fe Revert "Add optional second arg to unserialize()" 
This reverts commit cfd1045822.
 2014-06-11 14:43:09 +02:00
Anatol Belski
20568e5028 Fixed regression introduced by patch for bug #67072 
This applies to 5.4 and 5.5 only as a legacy fix.
 2014-06-03 20:43:58 +02:00
Anatol Belski
cfd20c90a5 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  refixed the test related to bug #67072
  Improved the fix for bug #67072, thanks Nikita
 2014-04-18 15:17:12 +02:00
Anatol Belski
c2acdbdd3d Improved the fix for bug #67072, thanks Nikita 2014-04-18 15:13:32 +02:00
Anatol Belski
f9a1eab435 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  updated NEWS
  Fixed bug #67072 Echoing unserialized "SplFileObject" crash
 2014-04-17 11:07:22 +02:00
Anatol Belski
5328d42899 Fixed bug #67072 Echoing unserialized "SplFileObject" crash 
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
 2014-04-17 10:48:14 +02:00
Anatol Belski
696d286911 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fixed test
  And here is the real fix for #66124
  Fix for Bug #66124 (mysqli under mysqlnd loses precision when bind_param with 'i')
 2013-11-21 21:29:35 +01:00
Anatol Belski
345032946c fixed test 2013-11-21 21:24:47 +01:00
Yasuo Ohgaki
bf91f101a6 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  added a test to cover distinction between boolean return value of unserialize function and deserializing serialized boolean
 2013-11-20 07:25:04 +09:00
Yasuo Ohgaki
0d558afc05 Fix WS in serialization_error_002.phpt 2013-11-20 07:17:53 +09:00
Aaron Hamid
050dd59c63 added a test to cover distinction between boolean return value of unserialize function and deserializing serialized boolean 2013-11-20 07:14:53 +09:00
Michael Wallner
f72ed22749 Merge branch 'PHP-5.5' 
* PHP-5.5:
  fix bug #64146 (serialize incorrectly saving objects when they are cloned)
 2013-10-04 16:17:46 +02:00
Michael Wallner
8973390541 fix bug #64146 (serialize incorrectly saving objects when they are 
cloned)
 2013-10-04 16:16:15 +02:00
Michael Wallner
39022ba227 Merge branch 'PHP-5.5' 
* PHP-5.5:
  such a weird hack probably helps in finding regressions in the future
 2013-10-04 16:12:41 +02:00
Michael Wallner
e8ae795529 such a weird hack probably helps in finding regressions in the future 2013-10-04 16:11:49 +02:00
Michael Wallner
73cd2e0ab1 Merge branch 'PHP-5.5' 
* PHP-5.5:
  fix bug #65481 (shutdown segfault due to serialize)
 2013-08-20 00:09:26 +02:00
Michael Wallner
1ac4d8f2c6 fix bug #65481 (shutdown segfault due to serialize) 2013-08-20 00:05:11 +02:00
Sara Golemon
cfd1045822 Add optional second arg to unserialize() 
Returns the number of bytes consumed by reference for
streaming unserialization.

Actual unserialization behavior is not modified at all.

The need for this came up while trying to parse SplDoublyLinkedList's
serialization format which uses a non-standard stream of serialized values.
 2013-05-16 15:18:35 -07:00
Xinchen Hui
f52b2e6a65 Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail) 
about the __sleep one, since php_serialize_* are all void function,
so,,only check exception at the very begining
 2013-03-09 23:00:58 +08:00
Xinchen Hui
e081c55fb5 Merge branch 'PHP-5.3' into PHP-5.4 2012-10-10 10:31:31 +08:00
Xinchen Hui
610c7fbe7b Remove executable permission on phpt 2012-10-10 10:27:49 +08:00
Xinchen Hui
60a280936e Merge branch 'PHP-5.3' into PHP-5.4 2012-10-02 00:30:49 +08:00
Xinchen Hui
af0c22537a Add test for #35895 2012-10-02 00:27:35 +08:00
Xinchen Hui
0b23da1c74 Fixed bug #62836 (Seg fault or broken object references on unserialize()) 2012-08-17 18:28:32 +08:00
Moriyoshi Koizumi
91e1df704e Fix bug #62373 (serialize() generates wrong reference to the object) 2012-06-25 19:14:19 +09:00
Moriyoshi Koizumi
e427182279 Fix bug #62373 (serialize() generates wrong reference to the object) 2012-06-25 19:13:23 +09:00
Ferenc Kovacs
c18a8bfe63 duh, I didn't wanted to commit that modification 2011-10-23 20:14:26 +00:00
Ferenc Kovacs
a7a5776be7 fix test, it was fixed for trunk and 5.4 in r314005 2011-10-22 22:57:55 +00:00
Gustavo André dos Santos Lopes
d3fdacb99f - Fixed #55798: serialize followed by unserialize with numeric object prop. 
gives integer prop.
 2011-09-28 14:47:42 +00:00
Gustavo André dos Santos Lopes
ecfa660a82 - Fixed #55798: serialize followed by unserialize with numeric object prop. 
gives integer prop.
 2011-09-28 14:47:42 +00:00
Stanislav Malyshev
1c83f5e04c fix tests 2011-08-01 03:42:02 +00:00
Ilia Alshanetsky
aa2ec7517e Fixed test 2011-06-28 23:47:05 +00:00
Ilia Alshanetsky
b9ffb87960 Fixed test 2011-06-28 23:47:05 +00:00
Ilia Alshanetsky
80f46ca2c5 Fixed test to account for smaller default floating point # precision 2011-06-08 02:03:14 +00:00
Ilia Alshanetsky
9277da7d9d Fixed test to account for smaller default floating point # precision 2011-06-08 02:03:14 +00:00
Ferenc Kovacs
23cab07e4f adding the serialize_precision=100 for the tests, credits to Mats Lindh for reporting it 2011-05-16 23:31:14 +00:00
Ferenc Kovacs
6b593349cb adding the serialize_precision=100 for the tests, credits to Mats Lindh for reporting it 2011-05-16 23:31:14 +00:00
Ferenc Kovacs
a944f7a663 reverting 311103,311105-311109, will commit them to all three branches 2011-05-16 23:22:17 +00:00
Ferenc Kovacs
c4e6beebb3 adding the serialize_precision=100 for the tests, credits to Mats Lindh for reporting it 2011-05-16 19:49:59 +00:00
Gustavo André dos Santos Lopes
6dfee4f877 - Changed default serialize_precision from 100 to 17, as discussed in internals. 2011-02-08 21:40:51 +00:00
Gustavo André dos Santos Lopes
257b994fdc - Changed default serialize_precision from 100 to 17, as discussed in internals. 2011-02-08 21:40:51 +00:00
Michael Wallner
89e93723fb Added support for object references in recursive serialize() calls. FR #36424 2010-05-26 07:24:37 +00:00
Felipe Pena
a90c801c2f - Fixed tests 2010-04-03 15:42:42 +00:00