Timm Friebe
bdb0cee222
Initial implementation
2014-04-19 14:01:16 +02:00
Anatol Belski
0cdc57b3cf
Merge branch 'PHP-5.6'
...
* PHP-5.6:
updated libs versions
2014-04-18 16:09:02 +02:00
Anatol Belski
1bca3ecacc
updated libs versions
2014-04-18 16:08:42 +02:00
Anatol Belski
2bb7f3adfc
Merge branch 'PHP-5.6'
...
* PHP-5.6:
added some notes about the win build system
2014-04-18 16:05:11 +02:00
Anatol Belski
620d7207ef
added some notes about the win build system
2014-04-18 16:04:15 +02:00
Anatol Belski
5745a513c7
Merge branch 'PHP-5.6'
...
* PHP-5.6:
UPGRADING note about bug #67072
UPGRADING note about bug #67072
UPGRADING note about bug #67072
2014-04-18 15:55:12 +02:00
Anatol Belski
b93d040dc5
UPGRADING note about bug #67072
2014-04-18 15:54:49 +02:00
Anatol Belski
f09f7f22d8
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
UPGRADING note about bug #67072
UPGRADING note about bug #67072
2014-04-18 15:54:17 +02:00
Anatol Belski
3586d14b61
UPGRADING note about bug #67072
2014-04-18 15:50:15 +02:00
Anatol Belski
fae4f64865
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
UPGRADING note about bug #67072
2014-04-18 15:44:18 +02:00
Anatol Belski
53c68811ba
UPGRADING note about bug #67072
2014-04-18 15:43:05 +02:00
Anatol Belski
f5f1abdc29
Merge branch 'PHP-5.6'
...
* PHP-5.6:
refixed the test related to bug #67072
Improved the fix for bug #67072 , thanks Nikita
2014-04-18 15:17:39 +02:00
Anatol Belski
cfd20c90a5
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
refixed the test related to bug #67072
Improved the fix for bug #67072 , thanks Nikita
2014-04-18 15:17:12 +02:00
Anatol Belski
d963cf94a5
refixed the test related to bug #67072
2014-04-18 15:16:09 +02:00
Anatol Belski
7c400dc867
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Improved the fix for bug #67072 , thanks Nikita
2014-04-18 15:14:42 +02:00
Anatol Belski
c2acdbdd3d
Improved the fix for bug #67072 , thanks Nikita
2014-04-18 15:13:32 +02:00
Stanislav Malyshev
c2b20c467f
Merge branch 'pull-request/646'
...
* pull-request/646:
Fixed test case for 5328d42
2014-04-17 17:37:17 -07:00
Stanislav Malyshev
3405d799f8
Merge branch 'PHP-5.6'
...
* PHP-5.6:
Fixed test case for 5328d42
2014-04-17 17:37:05 -07:00
Stanislav Malyshev
ce4c78dd07
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Fixed test case for 5328d42
2014-04-17 17:36:26 -07:00
Tjerk Meesters
5e988a888a
Fixed test case for 5328d42
2014-04-17 17:36:03 -07:00
Tjerk Meesters
bb565de5cc
Fixed test case for 5328d42
2014-04-18 08:29:32 +08:00
Bob Weinand
1bc0dbba7b
Merge branch 'PHP-5.6'
2014-04-17 17:37:31 +02:00
Bob Weinand
c02003e6b8
Merge branch 'PHP-5.5' into PHP-5.6
2014-04-17 17:23:05 +02:00
Bob Weinand
0ec122b804
Merge branch 'PHP-5.4' into PHP-5.5
2014-04-17 17:21:21 +02:00
Levi Morrison
6e1e98d7b8
These links to ~helly don't work anymore.
2014-04-17 17:20:24 +02:00
Levi Morrison
0193895bb4
These links to ~helly don't work anymore.
2014-04-17 08:46:38 -06:00
Anatol Belski
a381cc3c40
Merge branch 'PHP-5.6'
...
* PHP-5.6:
updated NEWS
updated NEWS
Fixed bug #67072 Echoing unserialized "SplFileObject" crash
2014-04-17 11:08:45 +02:00
Anatol Belski
00bef4b1c7
updated NEWS
2014-04-17 11:08:27 +02:00
Anatol Belski
f9a1eab435
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
updated NEWS
Fixed bug #67072 Echoing unserialized "SplFileObject" crash
2014-04-17 11:07:22 +02:00
Anatol Belski
de6f297e7c
updated NEWS
2014-04-17 11:06:55 +02:00
Anatol Belski
dc407c2402
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Fixed bug #67072 Echoing unserialized "SplFileObject" crash
Conflicts:
ext/standard/var_unserializer.c
2014-04-17 11:05:21 +02:00
Anatol Belski
5328d42899
Fixed bug #67072 Echoing unserialized "SplFileObject" crash
...
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.
This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
2014-04-17 10:48:14 +02:00
Anatol Belski
7d9e161fa7
Merge branch 'PHP-5.6'
...
* PHP-5.6:
updated UPGRADING
updated UPGRADING
2014-04-16 20:49:35 +02:00
Anatol Belski
542a7aceb1
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
updated UPGRADING
2014-04-16 20:49:21 +02:00
Anatol Belski
05dac1d0a5
updated UPGRADING
2014-04-16 20:48:31 +02:00
Anatol Belski
ba03830241
updated UPGRADING
2014-04-16 20:47:17 +02:00
Anatol Belski
3456b73656
Merge branch 'PHP-5.6'
...
* PHP-5.6:
correct the bug #67081 fix
2014-04-16 15:08:46 +02:00
Anatol Belski
9d39177943
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
correct the bug #67081 fix
2014-04-16 15:08:34 +02:00
Anatol Belski
947b20bc67
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
correct the bug #67081 fix
2014-04-16 15:08:08 +02:00
Anatol Belski
7a5f1663c6
correct the bug #67081 fix
2014-04-16 15:06:57 +02:00
Anatol Belski
8a985edfb2
Merge branch 'PHP-5.6'
...
* PHP-5.6:
updated NEWS
updated NEWS
Fixed bug #67081 DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset
2014-04-16 14:16:56 +02:00
Anatol Belski
e74a03fa43
updated NEWS
2014-04-16 14:16:36 +02:00
Anatol Belski
801d312507
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
updated NEWS
Fixed bug #67081 DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset
2014-04-16 14:15:52 +02:00
Anatol Belski
228a3537d3
updated NEWS
2014-04-16 14:15:26 +02:00
Anatol Belski
444690eca8
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Fixed bug #67081 DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset
2014-04-16 14:14:52 +02:00
Anatol Belski
5224614f23
Fixed bug #67081 DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset
2014-04-16 14:13:45 +02:00
Anatol Belski
0ffdcfe756
Merge branch 'PHP-5.6'
...
* PHP-5.6:
updated NEWS
Fixed bug #67079 Missing MIME types for XML/XSL files
2014-04-16 09:50:24 +02:00
Anatol Belski
d0e10dbde0
updated NEWS
2014-04-16 09:49:48 +02:00
Anatol Belski
b4c238c8cf
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Fixed bug #67079 Missing MIME types for XML/XSL files
2014-04-16 09:48:31 +02:00
Anatol Belski
9eb726b3ab
Fixed bug #67079 Missing MIME types for XML/XSL files
2014-04-16 09:47:49 +02:00