clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-01 14:56:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
76,477 Commits 494 Branches 1,367 Tags 801 MiB
5d126245a3
Commit Graph

118 Commits

Author SHA1 Message Date
Stanislav Malyshev
9aa9014523 Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-14 10:43:13 -07:00
Stanislav Malyshev
342240fd7f Better fix for bug #67072 with more BC provisions 2014-06-21 21:30:34 -07:00
Lior Kaplan
6f3bcb0d6e Update copyright year for re2c generated files 2014-06-16 23:28:36 +03:00
Anatol Belski
20568e5028 Fixed regression introduced by patch for bug #67072 
This applies to 5.4 and 5.5 only as a legacy fix.
 2014-06-03 20:43:58 +02:00
Anatol Belski
c2acdbdd3d Improved the fix for bug #67072, thanks Nikita 2014-04-18 15:13:32 +02:00
Anatol Belski
5328d42899 Fixed bug #67072 Echoing unserialized "SplFileObject" crash 
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
 2014-04-17 10:48:14 +02:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Michael Wallner
1ac4d8f2c6 fix bug #65481 (shutdown segfault due to serialize) 2013-08-20 00:05:11 +02:00
Xinchen Hui
f52b2e6a65 Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail) 
about the __sleep one, since php_serialize_* are all void function,
so,,only check exception at the very begining
 2013-03-09 23:00:58 +08:00
Xinchen Hui
86c1a26169 Merge fix of #62836 to ?.re, and regenerate ?.c 2013-01-21 11:35:22 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Xinchen Hui
0b23da1c74 Fixed bug #62836 (Seg fault or broken object references on unserialize()) 2012-08-17 18:28:32 +08:00
Pierre Joye
ee772f60b1 - fix bug #60879, unserialize does not invoke __wakeup 2012-02-28 18:36:10 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
6781229e88 - Make valgrind happy with session_decode_error2.phpt 2011-11-09 23:50:01 +00:00
Gustavo André dos Santos Lopes
ecfa660a82 - Fixed #55798: serialize followed by unserialize with numeric object prop. 
gives integer prop.
 2011-09-28 14:47:42 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Kalle Sommer Nielsen
208aa1025d Improved performance of unserialize(), original patch by galaxy dot mipt at gmail dot com 2010-09-18 16:09:28 +00:00
Felipe Pena
9adda6199b - Updated generated file 2010-08-06 22:23:39 +00:00
Stanislav Malyshev
de8022e905 fix SplObjectStorage unserialization (CVE-2010-2225) 2010-06-29 00:58:31 +00:00
Pierre Joye
06e7d5e9cb - Fix #51424, crypt() function hangs after 3rd call 2010-06-15 09:26:22 +00:00
Michael Wallner
89e93723fb Added support for object references in recursive serialize() calls. FR #36424 2010-05-26 07:24:37 +00:00
Pierre Joye
95fcd75af2 - [doc] add stream_set_read_buffer, equivalent of stream_set_write_buffer for read operations. Fixing possible bad effects while reading devices. full context support is under work. 2010-04-12 08:25:50 +00:00
Pierre Joye
15a3c450b7 - those are in 5.3.2 now, merge to 5.3.2 section is coming 2010-02-11 21:17:13 +00:00
Sebastian Bergmann
9ba1e81665 sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php 2010-01-03 09:23:27 +00:00
Rasmus Lerdorf
5a2b41a627 Someone strap down Jani and give him a sedative please. 
This makes our toolchain work with the latest versions
of autoconf and avoids a lot of end-user grief.
 2009-11-25 01:30:06 +00:00
Rasmus Lerdorf
70c7e179de Fixed bug #44929 - Better handling of leading zeros 2009-04-08 18:10:46 +00:00
Felipe Pena
b117752f8b - MFH: Year++ 2009-03-17 23:07:40 +00:00
Matt Wilmas
927880b5cc MFH: Fixed bug #46882 (Serialize / Unserialize misbehaviour under OS with different bit numbers) 2009-03-17 22:04:10 +00:00
Marcus Boerger
7126de4912 - Next step in namespaces, using / as namespace separator. 2008-11-04 15:58:55 +00:00
Dmitry Stogov
78d28494ca Fixed bug #45706 (Unserialization of classes derived from ArrayIterator fails) 2008-08-29 14:59:20 +00:00
Matt Wilmas
88adc05748 Regenerate 2008-05-27 11:28:18 +00:00
Jani Taskinen
ee42eca5d8 - Generated with re2c 0.13.4 2008-04-08 12:17:04 +00:00
Felipe Pena
17c7463331 MFB: Fixed bug #43614 (incorrect processing of numerical string keys of array in arbitrary serialized data) 2008-03-19 03:05:35 +00:00
Dmitry Stogov
cb0991bb85 Fixed bug #42919 (Unserializing of namespaced class object fails) 2007-10-17 10:36:33 +00:00
Yiduo (David) Wang
4b4d634cb9 MFH: Added macros for managing zval refcounts and is_ref statuses 2007-10-07 05:22:07 +00:00
Nuno Lopes
e029a0ee59 fix a few compiler warnings (mostly use of unitialized values) 2007-09-29 11:18:42 +00:00
Jani Taskinen
c07aeab868 Touch generated file 2007-08-06 18:33:29 +00:00
Dmitry Stogov
fe9a826605 Proper fix for MOPB-29 2007-07-09 14:31:56 +00:00
Antony Dovgal
2c06cea75b MFH: fix compile warning 2007-03-27 09:29:10 +00:00
Nuno Lopes
88f48476f9 regenerate to fix gcov build. plus use re2c bitvectors 2007-03-23 20:28:40 +00:00
Stanislav Malyshev
0af75d6b1a fix MOPB-29 - unserialize modifier S does not calculate length correctly 
# reported by Stefan Esser
 2007-03-23 20:15:22 +00:00
Sebastian Bergmann
4223aa4d5e MFH: Bump year. 2007-01-01 09:36:18 +00:00
Andrei Zmievski
8f5310afad Support for 'S' format in unserialize() (forward compatibility with PHP 
6)
 2006-12-15 00:58:08 +00:00
foobar
5bd93221a8 bump year and license version 2006-01-01 12:51:34 +00:00
foobar
93d339bede touch with re2c 0.9.11 2005-12-18 20:01:22 +00:00
foobar
8c7f03c8a4 MFH: - Fix paths for --enable-gcov 2005-12-01 09:34:20 +00:00
foobar
27df981727 touch 2005-09-05 16:22:58 +00:00
foobar
23e671a51e - Bumber up year 2005-08-03 14:08:58 +00:00
foobar
a66eb331f0 - Regenerated with re2c 0.9.8 2005-06-28 23:16:49 +00:00