Yasuo Ohgaki
aff4c7d826
Add tests
2016-08-31 21:03:10 +09:00
Yasuo Ohgaki
7ee9f81c54
Merge RFC https://wiki.php.net/rfc/session-create-id
2016-08-31 20:34:20 +09:00
Yasuo Ohgaki
f5cd6e5710
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fixed bug #72940 SID always return "name=ID", even if session cookie exist
2016-08-30 15:58:55 +09:00
Yasuo Ohgaki
b5f2f6fbd8
Fixed bug #72940 SID always return "name=ID", even if session cookie exist
2016-08-30 15:58:25 +09:00
Yasuo Ohgaki
1cf179e415
Implement RFC Add session_gc() https://wiki.php.net/rfc/session-gc
2016-08-29 05:57:37 +09:00
Yasuo Ohgaki
7d703a0060
Adjust test so that it passes on more restrictive filesystems
2016-08-22 17:01:07 +09:00
Xinchen Hui
1eb4851fa2
Remove leftover of previous change
2016-08-18 15:44:33 +08:00
Xinchen Hui
a3740dadec
Remove outdate checks
2016-08-18 15:37:15 +08:00
Xinchen Hui
ce6ad9bdd9
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0: (48 commits)
Update NEWs
Unused label
Fixed bug #72853 (stream_set_blocking doesn't work)
fix test
Bug #72663 - part 3
Bug #72663 - part 2
Bug #72663 - part 1
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
...
Conflicts:
ext/standard/var_unserializer.c
2016-08-17 17:14:30 +08:00
Xinchen Hui
b172f43caa
Unused label
2016-08-17 16:56:20 +08:00
Stanislav Malyshev
ed9d916c28
fix test
2016-08-17 01:12:33 -07:00
Nikita Popov
e0f9fbdfa6
Bug #72663 - part 3
...
When using the php_serialize session serialization handler, do
not use the result of the unserialization if it failed.
2016-08-17 01:01:03 -07:00
Stanislav Malyshev
0d13325b66
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6: (24 commits)
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
Fix bug#72697 - select_colors write out-of-bounds
Fixed bug #72627 : Memory Leakage In exif_process_IFD_in_TIFF
Fix bug #72750 : wddx_deserialize null dereference
Fix bug #72771 : ftps:// opendir wrapper is vulnerable to protocol downgrade attack
Improve fix for #72663
Fix bug #70436 : Use After Free Vulnerability in unserialize()
Fix bug #72749 : wddx_deserialize allows illegal memory access
...
Conflicts:
Zend/zend_API.h
ext/bz2/bz2.c
ext/curl/interface.c
ext/ereg/ereg.c
ext/exif/exif.c
ext/gd/gd.c
ext/gd/tests/imagetruecolortopalette_error3.phpt
ext/gd/tests/imagetruecolortopalette_error4.phpt
ext/session/session.c
ext/snmp/snmp.c
ext/standard/base64.c
ext/standard/ftp_fopen_wrapper.c
ext/standard/quot_print.c
ext/standard/url.c
ext/standard/uuencode.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/wddx/tests/bug72790.phpt
ext/wddx/tests/bug72799.phpt
ext/wddx/wddx.c
sapi/cli/generate_mime_type_map.php
2016-08-17 00:43:33 -07:00
Stanislav Malyshev
8763c6090d
Fix bug #72681 - consume data even if we're not storing them
2016-08-16 22:54:42 -07:00
Yasuo Ohgaki
3467526a65
Merge RFC: Session ID without hashing
...
https://wiki.php.net/rfc/session-id-without-hashing
2016-08-12 12:31:02 +09:00
Yasuo Ohgaki
a53a6b3fb4
Fix URL rewriter issues
2016-08-11 08:31:48 +09:00
Nikita Popov
42e995e0d3
Merge branch 'PHP-7.0' into PHP-7.1
2016-07-24 00:08:18 +02:00
Nikita Popov
2194690625
Ensure session GC is not run during variation6.phpt
...
The implemented gc() handler simply deletes all sessions, including
the current one. This may cause a subsequent unlink() warning.
Avoid this by preventing GC from running.
2016-07-24 00:07:54 +02:00
Anatol Belski
b238211732
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
fix test
2016-07-23 21:04:52 +02:00
Anatol Belski
958fa34c16
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix test
2016-07-23 21:03:45 +02:00
Anatol Belski
80fee637f4
fix test
2016-07-23 20:55:39 +02:00
Stanislav Malyshev
70d6ce3368
Merge branch 'PHP-7.0'
...
* PHP-7.0: (27 commits)
fix #72519 , possible OOB using imagegif
fix #72512 , invalid read or write for palette image when invalid transparent index is used
Apparently some envs miss SIZE_MAX
Fix tests
Fix bug #72618 : NULL Pointer Dereference in exif_process_user_comment
Partial fix for bug #72613 - do not allow reading past error read
Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
Fix bug #72606 : heap-buffer-overflow (write) simplestring_addn simplestring.c
Fix for bug #72558 , Integer overflow error within _gdContributionsAlloc()
Fix bug #72603 : Out of bound read in exif_process_IFD_in_MAKERNOTE
update NEWS
Fixed bug #72570 Segmentation fault when binding parameters on a query without placeholders
Fix bug #72562 - destroy var_hash properly
Fix bug #72551 and bug #72552 - check before converting size_t->int
Fix bug #72541 - size_t overflow lead to heap corruption
Fix bug #72533 (locale_accept_from_http out-of-bounds access)
Fix fir bug #72520
Fix for bug #72513
Fix for bug #72513
CS fix and comments with bug ID
...
Conflicts:
ext/standard/basic_functions.c
2016-07-19 01:44:14 -07:00
Stanislav Malyshev
b00f8f2a5b
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix #72519 , possible OOB using imagegif
fix #72512 , invalid read or write for palette image when invalid transparent index is used
Apparently some envs miss SIZE_MAX
Fix tests
Fix bug #72618 : NULL Pointer Dereference in exif_process_user_comment
Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
Fix bug #72606 : heap-buffer-overflow (write) simplestring_addn simplestring.c
Fix for bug #72558 , Integer overflow error within _gdContributionsAlloc()
Fix bug #72603 : Out of bound read in exif_process_IFD_in_MAKERNOTE
Fix bug #72562 - destroy var_hash properly
Fix bug #72533 (locale_accept_from_http out-of-bounds access)
Fix fir bug #72520
Fix for bug #72513
Fix for bug #72513
CS fix and comments with bug ID
Fix for HTTP_PROXY issue.
5.6.24RC1
add tests for bug #72512
Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
Fixed bug #72479 - same as #72434
Conflicts:
Zend/zend_virtual_cwd.c
ext/bz2/bz2.c
ext/exif/exif.c
ext/session/session.c
ext/snmp/snmp.c
ext/standard/basic_functions.c
main/SAPI.c
main/php_variables.c
2016-07-19 01:39:28 -07:00
Stanislav Malyshev
4d0565b5ba
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
fix #72519 , possible OOB using imagegif
fix #72512 , invalid read or write for palette image when invalid transparent index is used
Apparently some envs miss SIZE_MAX
Fix tests
Fix bug #72618 : NULL Pointer Dereference in exif_process_user_comment
Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
Fix bug #72606 : heap-buffer-overflow (write) simplestring_addn simplestring.c
Fix for bug #72558 , Integer overflow error within _gdContributionsAlloc()
Fix bug #72603 : Out of bound read in exif_process_IFD_in_MAKERNOTE
Fix bug #72562 - destroy var_hash properly
Fix bug #72533 (locale_accept_from_http out-of-bounds access)
Fix fir bug #72520
Fix for bug #72513
CS fix and comments with bug ID
Fix for HTTP_PROXY issue.
add tests for bug #72512
Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
Fixed bug #72479 - same as #72434
Conflicts:
ext/bz2/bz2.c
main/SAPI.c
main/php_variables.c
2016-07-19 00:53:08 -07:00
Stanislav Malyshev
3798eb6fd5
Fix bug #72562 - destroy var_hash properly
2016-07-12 23:27:45 -07:00
Aaron Piotrowski
24237027bc
Merge branch 'throw-error-in-extensions'
2016-07-05 02:08:39 -05:00
Xinchen Hui
72ec312f23
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow)
2016-07-03 09:30:48 +08:00
Xinchen Hui
6744737577
Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow)
2016-07-03 09:30:33 +08:00
Dmitry Stogov
323b2733f6
Fixed compilation warnings
2016-06-22 00:40:50 +03:00
Dmitry Stogov
ccf4ae95bd
Restored signed format specifier
2016-06-21 20:12:04 +03:00
Dmitry Stogov
a0df06fc4b
Revert "sync tests with the latest format fixes"
...
This reverts commit ef7116d55b
.
2016-06-21 20:10:44 +03:00
Anatol Belski
ef7116d55b
sync tests with the latest format fixes
2016-06-21 19:06:28 +02:00
Dmitry Stogov
1616038698
Added ZEND_ATTRIBUTE_FORMAT to some middind functions.
...
"%p" replaced by ZEND_LONG_FMT to avoid compilation warnings.
Fixed most incorrect use cases of format specifiers.
2016-06-21 16:00:37 +03:00
Aaron Piotrowski
7d53864574
E_RECOVERABLE_ERROR -> thrown Error
2016-06-14 13:18:43 -05:00
Aaron Piotrowski
771e5cc247
Replace zend_ce_error with NULL and replace more E_ERROR with thrown Error
2016-06-13 09:02:17 -05:00
Aaron Piotrowski
e3c681aa5c
Merge branch 'master' into throw-error-in-extensions
2016-06-10 22:02:23 -05:00
Christoph M. Becker
74c06a64f0
Merge branch 'PHP-7.0'
2016-06-09 15:45:54 +02:00
Christoph M. Becker
07a793810f
Merge branch 'PHP-5.6' into PHP-7.0
2016-06-09 15:35:28 +02:00
Raphaël Tournoy
1dfdae6de4
fix typo
2016-06-03 17:18:14 +02:00
Xinchen Hui
d5914d19eb
Merge branch 'PHP-7.0'
2016-04-15 21:09:05 -07:00
Xinchen Hui
05d53dee7d
Fixed bug #71972 (Cyclic references causing session_start(): Failed to decode session object)
2016-04-15 21:08:51 -07:00
Yasuo Ohgaki
dc9ae10bc4
Remove debug code
2016-04-07 17:13:05 +09:00
Yasuo Ohgaki
60b144134a
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Fixed Bug #71974 Trans sid will always be send, even if cookies are available
2016-04-07 10:26:32 +09:00
Yasuo Ohgaki
6467a4eb36
Fixed Bug #71974 Trans sid will always be send, even if cookies are available
2016-04-07 10:26:05 +09:00
Yasuo Ohgaki
01579ae0a6
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Fixed Bug #71683 Null pointer dereference in zend_hash_str_find_bucket
2016-03-12 08:33:04 +09:00
Yasuo Ohgaki
50fca7a02a
Fixed Bug #71683 Null pointer dereference in zend_hash_str_find_bucket
2016-03-12 08:15:47 +09:00
Xinchen Hui
4c388004d4
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Fixed bug #71754 (Regression in PHP7.0: trivial script segfaults php-cgi)
Bug #71756 (Call-by-reference widens scope to uninvolved functions when used in switch)
tsrm_win32_get_path_sid_key might returns NULL (Partially fix bug #71752 )
2016-03-10 15:03:25 +08:00
Xinchen Hui
98c625a31c
Fixed bug #71754 (Regression in PHP7.0: trivial script segfaults php-cgi)
2016-03-10 15:02:10 +08:00
Nikita Popov
f57c0b3249
Merge branch 'PHP-7.0'
2016-03-03 16:50:47 +01:00
Nikita Popov
1ac152938c
Move semicolon into TSRMLS_CACHE_EXTERN/DEFINE
...
Also re bug #71575 .
2016-03-03 16:50:01 +01:00
Nikita Popov
a4e56194d7
Fix intermixed SKIPIF and XFAIL sections in test
2016-03-03 16:38:05 +01:00
Rouven Weßling
a61029b155
Replace usage of php_int32 and php_uint32 with int32_t and uint32_t
2016-02-04 11:57:41 +01:00
Antony Dovgal
6f81e95c33
check length first, prevent out-of-bounds read
2016-02-03 14:49:16 +03:00
Antony Dovgal
64e8cfadf5
check length first, prevent out-of-bounds read
2016-02-03 14:48:38 +03:00
Anatol Belski
1df334b75c
revert test to the previous master state
2016-01-29 22:37:37 +01:00
Anatol Belski
620f4169a7
Merge branch 'PHP-7.0'
...
* PHP-7.0:
yet one revert
Revert "adjust test for 7.0"
Conflicts:
ext/session/tests/bug69111.phpt
2016-01-29 21:46:15 +01:00
Anatol Belski
b947aff98d
yet one revert
2016-01-29 21:43:14 +01:00
Anatol Belski
ac22f71477
Revert "adjust test for 7.0"
...
This reverts commit 7fdb019e66
.
2016-01-29 21:27:22 +01:00
Anatol Belski
58b2344759
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Revert "refix #69111 and one related test"
Revert "fix yet another leak"
add XFAIL
Revert "refix #69111 and one related test"
Revert "fix tests"
Revert "fix leak in 7.0"
add XFAIL
Revert "fix leak in 5.6"
Conflicts:
ext/session/tests/rfc1867_sid_invalid.phpt
2016-01-29 21:07:19 +01:00
Anatol Belski
6891e6abdf
Revert "refix #69111 and one related test"
...
This reverts commit 80f7b01258
.
Conflicts:
ext/session/mod_files.c
2016-01-29 20:59:58 +01:00
Anatol Belski
3d90531d1e
Revert "fix yet another leak"
...
This reverts commit 39084ccc68
.
2016-01-29 20:58:00 +01:00
Anatol Belski
d1d3c0832e
add XFAIL
2016-01-29 20:57:05 +01:00
Anatol Belski
ebcfe7618d
Revert "refix #69111 and one related test"
...
This reverts commit 80f7b01258
.
2016-01-29 20:50:14 +01:00
Anatol Belski
7f977c13dc
Revert "fix tests"
...
This reverts commit d964ccba40
.
2016-01-29 20:49:52 +01:00
Anatol Belski
57d9797b6f
Revert "fix leak in 7.0"
...
This reverts commit ee49df011c
.
2016-01-29 20:46:47 +01:00
Anatol Belski
b7dadfae87
add XFAIL
2016-01-29 20:36:11 +01:00
Anatol Belski
40b9f52c2c
Revert "fix leak in 5.6"
...
This reverts commit fa548e5ca9
.
2016-01-29 20:33:39 +01:00
Anatol Belski
1a9402c6ec
Merge branch 'PHP-7.0'
...
* PHP-7.0:
refix #69111 and one related test
Conflicts:
ext/session/tests/rfc1867_sid_invalid.phpt
2016-01-29 19:59:26 +01:00
Anatol Belski
80f7b01258
refix #69111 and one related test
...
It is the least evil as the test just reduces the fail path. 5.6 seems
still broken in this regard, a backport should follow if travis is happy.
2016-01-29 19:55:50 +01:00
Anatol Belski
6cc01882fb
Merge branch 'PHP-7.0'
...
* PHP-7.0:
fix tests
2016-01-29 16:33:19 +01:00
Anatol Belski
d964ccba40
fix tests
2016-01-29 16:32:27 +01:00
Anatol Belski
f1dc4a4e10
Merge branch 'PHP-7.0'
...
* PHP-7.0:
fix yet another leak
2016-01-29 16:04:13 +01:00
Anatol Belski
39084ccc68
fix yet another leak
2016-01-29 16:03:33 +01:00
Anatol Belski
15ba618a69
Merge branch 'PHP-7.0'
...
* PHP-7.0:
fix wrong gc sequence
2016-01-29 15:19:40 +01:00
Anatol Belski
d2c752d7e9
fix wrong gc sequence
2016-01-29 15:18:59 +01:00
Anatol Belski
55fd320b31
Merge branch 'PHP-7.0'
...
* PHP-7.0:
fix leak in 7.0
2016-01-29 14:48:36 +01:00
Anatol Belski
ee49df011c
fix leak in 7.0
2016-01-29 14:48:05 +01:00
Anatol Belski
fa548e5ca9
fix leak in 5.6
2016-01-29 13:56:11 +01:00
Anatol Belski
d9eea2c209
revert the API string as well
2016-01-29 12:52:41 +01:00
Anatol Belski
7fdb019e66
adjust test for 7.0
2016-01-29 12:29:41 +01:00
Anatol Belski
a068047f62
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
add test for bug #69111
2016-01-29 12:29:05 +01:00
Anatol Belski
4b0feeb8fa
add test for bug #69111
2016-01-29 12:27:35 +01:00
Anatol Belski
25108babdb
refix bug #69111 , crash in 5.6 only
2016-01-29 11:24:19 +01:00
Anatol Belski
b858224b88
reset ext/session to the state of 7.0.2
2016-01-29 08:37:27 +01:00
Anatol Belski
ae6e139c77
reset the ext/session to the state of 5.6.17
2016-01-29 08:33:09 +01:00
Yasuo Ohgaki
99101ba310
Update error message. Missed to include in previous commit 46d4a37105
2016-01-28 15:06:55 +09:00
Mikko
46d4a37105
Session regenerate id seems to malfunction with 3rd party session handlers
...
Fixed bug #71472 session_regenerate_id malfunctions with certain session handlers
2016-01-28 13:30:10 +09:00
Yasuo Ohgaki
2dce532a90
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Use SUCCESS/FAILURE
2016-01-18 13:35:43 +09:00
Yasuo Ohgaki
d7fc3be99e
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Use SUCCESS/FAILURE
2016-01-18 13:35:01 +09:00
Yasuo Ohgaki
ee1dd4949a
Use SUCCESS/FAILURE
2016-01-18 13:33:47 +09:00
Yasuo Ohgaki
05e87fa418
Fixed bug #71070 Custom session handler write method returns false, warning message misleading
...
This is commited to master only.
If you have better error message suggestion, feel free to improve it.
2016-01-18 12:03:41 +09:00
Yasuo Ohgaki
1277846228
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Fixed bug #71394 (session_regenerate_id() must close opened session on errors)
2016-01-17 17:12:49 +09:00
Yasuo Ohgaki
3b2d98a625
Fixed bug #71394 (session_regenerate_id() must close opened session on errors)
2016-01-17 17:11:47 +09:00
Yasuo Ohgaki
00eaaca18a
Remove unnecessary warning by warning reorder.
2016-01-17 17:08:44 +09:00
Yasuo Ohgaki
82a0c47712
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Remove unnecessary warning by warning reorder.
2016-01-17 16:21:48 +09:00
Yasuo Ohgaki
dbba4418d8
Remove unnecessary warning by warning reorder.
2016-01-17 16:21:01 +09:00
Yasuo Ohgaki
691bade4be
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Add test for Bug #70133 (Extended SessionHandler::read is ignoring $session_id when calling parent)
2016-01-16 05:37:26 +09:00
Yasuo Ohgaki
9f2240963f
Add test for Bug #70133 (Extended SessionHandler::read is ignoring $session_id when calling parent)
2016-01-16 05:29:19 +09:00
Anatol Belski
e514492c3b
Merge branch 'PHP-7.0'
...
* PHP-7.0:
PS(id) is zend_string *, use appropriate API
Update NEWS
2016-01-15 15:48:24 +01:00
Anatol Belski
93db2dac48
PS(id) is zend_string *, use appropriate API
2016-01-15 15:47:09 +01:00