Xinchen Hui
d5914d19eb
Merge branch 'PHP-7.0'
2016-04-15 21:09:05 -07:00
Xinchen Hui
05d53dee7d
Fixed bug #71972 (Cyclic references causing session_start(): Failed to decode session object)
2016-04-15 21:08:51 -07:00
Yasuo Ohgaki
60b144134a
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Fixed Bug #71974 Trans sid will always be send, even if cookies are available
2016-04-07 10:26:32 +09:00
Yasuo Ohgaki
6467a4eb36
Fixed Bug #71974 Trans sid will always be send, even if cookies are available
2016-04-07 10:26:05 +09:00
Yasuo Ohgaki
01579ae0a6
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Fixed Bug #71683 Null pointer dereference in zend_hash_str_find_bucket
2016-03-12 08:33:04 +09:00
Yasuo Ohgaki
50fca7a02a
Fixed Bug #71683 Null pointer dereference in zend_hash_str_find_bucket
2016-03-12 08:15:47 +09:00
Nikita Popov
f57c0b3249
Merge branch 'PHP-7.0'
2016-03-03 16:50:47 +01:00
Nikita Popov
a4e56194d7
Fix intermixed SKIPIF and XFAIL sections in test
2016-03-03 16:38:05 +01:00
Anatol Belski
1df334b75c
revert test to the previous master state
2016-01-29 22:37:37 +01:00
Anatol Belski
620f4169a7
Merge branch 'PHP-7.0'
...
* PHP-7.0:
yet one revert
Revert "adjust test for 7.0"
Conflicts:
ext/session/tests/bug69111.phpt
2016-01-29 21:46:15 +01:00
Anatol Belski
b947aff98d
yet one revert
2016-01-29 21:43:14 +01:00
Anatol Belski
ac22f71477
Revert "adjust test for 7.0"
...
This reverts commit 7fdb019e66
.
2016-01-29 21:27:22 +01:00
Anatol Belski
58b2344759
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Revert "refix #69111 and one related test"
Revert "fix yet another leak"
add XFAIL
Revert "refix #69111 and one related test"
Revert "fix tests"
Revert "fix leak in 7.0"
add XFAIL
Revert "fix leak in 5.6"
Conflicts:
ext/session/tests/rfc1867_sid_invalid.phpt
2016-01-29 21:07:19 +01:00
Anatol Belski
d1d3c0832e
add XFAIL
2016-01-29 20:57:05 +01:00
Anatol Belski
ebcfe7618d
Revert "refix #69111 and one related test"
...
This reverts commit 80f7b01258
.
2016-01-29 20:50:14 +01:00
Anatol Belski
7f977c13dc
Revert "fix tests"
...
This reverts commit d964ccba40
.
2016-01-29 20:49:52 +01:00
Anatol Belski
80f7b01258
refix #69111 and one related test
...
It is the least evil as the test just reduces the fail path. 5.6 seems
still broken in this regard, a backport should follow if travis is happy.
2016-01-29 19:55:50 +01:00
Anatol Belski
6cc01882fb
Merge branch 'PHP-7.0'
...
* PHP-7.0:
fix tests
2016-01-29 16:33:19 +01:00
Anatol Belski
d964ccba40
fix tests
2016-01-29 16:32:27 +01:00
Anatol Belski
7fdb019e66
adjust test for 7.0
2016-01-29 12:29:41 +01:00
Anatol Belski
a068047f62
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
add test for bug #69111
2016-01-29 12:29:05 +01:00
Anatol Belski
4b0feeb8fa
add test for bug #69111
2016-01-29 12:27:35 +01:00
Anatol Belski
b858224b88
reset ext/session to the state of 7.0.2
2016-01-29 08:37:27 +01:00
Anatol Belski
ae6e139c77
reset the ext/session to the state of 5.6.17
2016-01-29 08:33:09 +01:00
Yasuo Ohgaki
691bade4be
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Add test for Bug #70133 (Extended SessionHandler::read is ignoring $session_id when calling parent)
2016-01-16 05:37:26 +09:00
Yasuo Ohgaki
9f2240963f
Add test for Bug #70133 (Extended SessionHandler::read is ignoring $session_id when calling parent)
2016-01-16 05:29:19 +09:00
Yasuo Ohgaki
5b18b2182d
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Fixed bug #69111 (Crash in SessionHandler::read()). Made session save handler abuse much harder than before.
2016-01-15 16:25:33 +09:00
Yasuo Ohgaki
34ff7bbeb1
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fixed bug #69111 (Crash in SessionHandler::read()). Made session save handler abuse much harder than before.
2016-01-15 16:24:22 +09:00
Yasuo Ohgaki
bfb9307b2d
Fixed bug #69111 (Crash in SessionHandler::read()).
...
Made session save handler abuse much harder than before.
2016-01-15 15:50:14 +09:00
Yasuo Ohgaki
07849e8006
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Improved fix for bug #68063 (Empty session IDs do still start sessions).
2016-01-15 10:19:29 +09:00
Yasuo Ohgaki
132d919c85
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Improved fix for bug #68063 (Empty session IDs do still start sessions).
2016-01-15 10:19:01 +09:00
Yasuo Ohgaki
8c37a086c7
Improved fix for bug #68063 (Empty session IDs do still start sessions).
2016-01-15 09:45:08 +09:00
Yasuo Ohgaki
c200e8e1a2
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Fixed Bug #71038 session_start() returns TRUE on failure
2016-01-12 19:53:14 +09:00
Yasuo Ohgaki
224aaf94af
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fixed Bug #71038 session_start() returns TRUE on failure
2016-01-12 19:52:54 +09:00
Yasuo Ohgaki
a15e9ccba8
Fixed Bug #71038 session_start() returns TRUE on failure
2016-01-12 19:09:49 +09:00
Yasuo Ohgaki
0cf7143441
Add session module test
2015-12-20 11:39:57 +09:00
Yasuo Ohgaki
707e1c4710
Fixed test
2015-12-16 09:35:45 +09:00
Yasuo Ohgaki
714f28d8e4
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fixed bug #71122 Session GC may not remove obsolete session data
2015-12-16 09:34:41 +09:00
Yasuo Ohgaki
e8f1c29cc9
Fixed bug #71122 Session GC may not remove obsolete session data
2015-12-16 09:15:05 +09:00
Anatol Belski
56e7903131
fix path separator in test
2015-12-09 11:18:25 +01:00
Xinchen Hui
e9fd8ad446
Fixed bug #70876 (Segmentation fault when regenerating session id with strict mode)
2015-11-07 07:30:31 -08:00
Xinchen Hui
148bb622fa
Revert "Fixed bug #70876 Segmentation fault when regenerating session id with strict mode"
...
This reverts commit 0bf3ebb4ba
.
2015-11-07 07:17:43 -08:00
Reeze Xia
0bf3ebb4ba
Fixed bug #70876 Segmentation fault when regenerating session id with strict mode
...
The comment *mod_data always be non-NULL is not true.
The same as this FIXME: https://github.com/php/php-src/blob/master/ext/session/mod_files.c#L676
2015-11-07 21:46:21 +08:00
Anatol Belski
bfd2637068
fix test
2015-09-29 13:04:06 +02:00
Matteo Beccati
cc875d1a25
Skip session_regenerate_id_cookie.phpt when there's no cgi
2015-09-18 07:51:46 +02:00
Yasuo Ohgaki
e341eb94cb
Add test for #70516 session_regenerate_id() does not send session ID cookie
2015-09-17 05:36:47 +09:00
Yasuo Ohgaki
ab0e347f26
Add more test cases
2015-09-08 18:44:23 +09:00
Yasuo Ohgaki
f34b858ed0
Fix #70013 : Reference to $_SESSION is lost after a call to session_regenerate_id()
2015-09-07 03:57:03 +09:00
Anatol Belski
ebb6f5eae6
fix dir separators in test
2015-09-02 17:26:35 +02:00
Stanislav Malyshev
9b1a224d4e
Merge branch 'PHP-5.6'
...
* PHP-5.6: (21 commits)
fix unit tests
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350 : ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
...
Conflicts:
ext/exif/exif.c
ext/gmp/gmp.c
ext/pcre/php_pcre.c
ext/session/session.c
ext/session/tests/session_decode_variation3.phpt
ext/soap/soap.c
ext/spl/spl_observer.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/xsl/xsltprocessor.c
2015-09-02 00:37:20 -07:00