clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-26 20:37:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
85,413 Commits 494 Branches 1,367 Tags 881 MiB
f58edcd996
Commit Graph

154 Commits

Author SHA1 Message Date
Stanislav Malyshev
3eb679b952 Fixed bug #68044: Integer overflow in unserialize() (32-bits only) 2014-10-14 10:51:24 -07:00
Johannes Schlüter
d0cb715373 s/PHP 5/PHP 7/ 2014-09-19 18:33:14 +02:00
Dmitry Stogov
bccc653185 Avoid double IS_INTERNED() check 2014-09-19 17:32:50 +04:00
Nikita Popov
6cceb54c09 Fix a number of format issues 2014-09-03 15:57:28 +02:00
Anatol Belski
28b7a03318 master renamings phase 5 2014-08-25 21:20:44 +02:00
Anatol Belski
c3e3c98ec6 master renames phase 1 2014-08-25 19:24:55 +02:00
Anatol Belski
70de6180d5 fixes to %pd format usage 2014-08-24 02:35:34 +02:00
Anatol Belski
41115d3d9d regenerated parser files 2014-08-17 21:05:20 +02:00
Anatol Belski
5bb25776a0 further fixes on core 2014-08-16 15:34:04 +02:00
Anatol Belski
cb25136f4e fix macros in the 5 basic extensions 2014-08-16 11:37:14 +02:00
Dmitry Stogov
73fe418637 Avoid reallocation 2014-08-13 23:30:07 +04:00
Dmitry Stogov
b108267f2c Merge branch 'master' into phpng 
* master: (41 commits)
  Update copyright year to 2014
  Update copyright year to 2014
  Update copyright year to 2014
  Update copyright year to 2014
  Update copyright year to 2014
  Update copyright year to 2014
  Update copyright year to 2014
  NEWS
  Fix Request #67453 Allow to unserialize empty data.
  Update copyright year to 2014
  Update copyright year for re2c generated files
  Update copyright year to 2014
  Update copyright year for re2c files as well
  Fix patch for bug #67436
  fix failed test
  Fix test on modern distro where old unsecure algo are disabled in openssl config. Testing recent algo should be enough to check this function.
  Added tests for bug 67436
  Fixed wrong XFAIL test - already fixed
  Fix typo in Bug #67406 NEWS entry
  Fix typo in Bug #67406 NEWS entry
  ...

Conflicts:
	Zend/zend_compile.c
	ext/session/session.c
	ext/standard/array.c
	ext/standard/http_fopen_wrapper.c
	tests/classes/bug63462.phpt
 2014-06-18 17:50:27 +04:00
Lior Kaplan
11b18347d8 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Update copyright year for re2c generated files
  Update copyright year to 2014
  Update copyright year for re2c files as well
 2014-06-16 23:32:10 +03:00
Lior Kaplan
6f3bcb0d6e Update copyright year for re2c generated files 2014-06-16 23:28:36 +03:00
Anatol Belski
20568e5028 Fixed regression introduced by patch for bug #67072 
This applies to 5.4 and 5.5 only as a legacy fix.
 2014-06-03 20:43:58 +02:00
Dmitry Stogov
f9927a6c97 Merge mainstream 'master' branch into refactoring 
During merge I had to revert:
	Nikita's patch for php_splice() (it probably needs to be applyed again)
	Bob Weinand's patches related to constant expression handling (we need to review them carefully)
	I also reverted all our attempts to support sapi/phpdbg (we didn't test it anyway)

Conflicts:
	Zend/zend.h
	Zend/zend_API.c
	Zend/zend_ast.c
	Zend/zend_compile.c
	Zend/zend_compile.h
	Zend/zend_constants.c
	Zend/zend_exceptions.c
	Zend/zend_execute.c
	Zend/zend_execute.h
	Zend/zend_execute_API.c
	Zend/zend_hash.c
	Zend/zend_highlight.c
	Zend/zend_language_parser.y
	Zend/zend_language_scanner.c
	Zend/zend_language_scanner_defs.h
	Zend/zend_variables.c
	Zend/zend_vm_def.h
	Zend/zend_vm_execute.h
	ext/date/php_date.c
	ext/dom/documenttype.c
	ext/hash/hash.c
	ext/iconv/iconv.c
	ext/mbstring/tests/zend_multibyte-10.phpt
	ext/mbstring/tests/zend_multibyte-11.phpt
	ext/mbstring/tests/zend_multibyte-12.phpt
	ext/mysql/php_mysql.c
	ext/mysqli/mysqli.c
	ext/mysqlnd/mysqlnd_reverse_api.c
	ext/mysqlnd/php_mysqlnd.c
	ext/opcache/ZendAccelerator.c
	ext/opcache/zend_accelerator_util_funcs.c
	ext/opcache/zend_persist.c
	ext/opcache/zend_persist_calc.c
	ext/pcre/php_pcre.c
	ext/pdo/pdo_dbh.c
	ext/pdo/pdo_stmt.c
	ext/pdo_pgsql/pgsql_driver.c
	ext/pgsql/pgsql.c
	ext/reflection/php_reflection.c
	ext/session/session.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
	ext/standard/array.c
	ext/standard/basic_functions.c
	ext/standard/html.c
	ext/standard/mail.c
	ext/standard/php_array.h
	ext/standard/proc_open.c
	ext/standard/streamsfuncs.c
	ext/standard/user_filters.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_variables.c
	sapi/phpdbg/phpdbg.c
	sapi/phpdbg/phpdbg_bp.c
	sapi/phpdbg/phpdbg_frame.c
	sapi/phpdbg/phpdbg_help.c
	sapi/phpdbg/phpdbg_list.c
	sapi/phpdbg/phpdbg_print.c
	sapi/phpdbg/phpdbg_prompt.c
 2014-04-26 00:32:51 +04:00
Anatol Belski
c2acdbdd3d Improved the fix for bug #67072, thanks Nikita 2014-04-18 15:13:32 +02:00
Anatol Belski
5328d42899 Fixed bug #67072 Echoing unserialized "SplFileObject" crash 
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
 2014-04-17 10:48:14 +02:00
Dmitry Stogov
6bfedfd22e Fixed unserialize() 2014-04-10 18:08:11 +04:00
Dmitry Stogov
0ae14f3a1d Fixed access to uninitialized data 2014-04-10 10:38:40 +04:00
Dmitry Stogov
6ee5e813ab var_push_dtor_no_addref() is useles (var_push_dtor() doesn't work properly as well) 2014-04-10 01:49:26 +04:00
Dmitry Stogov
c6cba55454 Use ZVAL_DEREF() macro 2014-03-27 13:39:09 +04:00
Dmitry Stogov
887189ca31 Refactored IS_INDIRECT usage for CV and object properties to support HashTable resizing 2014-03-26 18:07:31 +04:00
Dmitry Stogov
62c448ab8b Fixed serialize/unserialize problems 2014-03-17 17:23:27 +04:00
Xinchen Hui
24540362b0 Re-fixed unserialize 2014-02-26 15:51:53 +08:00
Xinchen Hui
b7052ef16d Revert "Fixed unserialize implementation (it's complicated, this issue took me 4 hours :<, need some review)" 
This reverts commit 80a178015d.
 2014-02-26 13:33:55 +08:00
Xinchen Hui
80a178015d Fixed unserialize implementation (it's complicated, this issue took me 4 hours :<, need some review) 2014-02-26 12:51:23 +08:00
Xinchen Hui
7f527d8047 Fixed reference handling in serialize/unserialize 2014-02-26 11:08:13 +08:00
Xinchen Hui
595741f6ec Fixed test fail in ext/standard/tests/serialize/bug64354_1.php 2014-02-25 17:58:01 +08:00
Xinchen Hui
dc2d758c93 Fixed segfaults 2014-02-25 16:54:26 +08:00
Dmitry Stogov
398256e5fe Use better data structures (incomplete) 2014-02-14 13:40:11 +04:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Michael Wallner
9d2cdacf4a Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  fix bug #65481 (shutdown segfault due to serialize)

Conflicts:
	ext/standard/var_unserializer.c
 2013-08-20 00:08:55 +02:00
Michael Wallner
1ac4d8f2c6 fix bug #65481 (shutdown segfault due to serialize) 2013-08-20 00:05:11 +02:00
Xinchen Hui
1be745ce1b Merge branch 'PHP-5.4' into PHP-5.5 
Conflicts:
	ext/standard/var_unserializer.c
 2013-03-09 23:10:48 +08:00
Xinchen Hui
f52b2e6a65 Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail) 
about the __sleep one, since php_serialize_* are all void function,
so,,only check exception at the very begining
 2013-03-09 23:00:58 +08:00
Xinchen Hui
85fae636d0 Merge branch 'PHP-5.4' into PHP-5.5 
Conflicts:
	ext/standard/var_unserializer.c
 2013-01-21 11:42:16 +08:00
Xinchen Hui
86c1a26169 Merge fix of #62836 to ?.re, and regenerate ?.c 2013-01-21 11:35:22 +08:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Sebastian Bergmann
eab14993fe Invoke re2c with --no-generation-date to prevent unintentional / unnecessary changes in generated files. 2012-12-06 09:28:35 +01:00
Xinchen Hui
3d93c88811 Merge branch 'PHP-5.4' 2012-08-17 18:30:03 +08:00
Xinchen Hui
0b23da1c74 Fixed bug #62836 (Seg fault or broken object references on unserialize()) 2012-08-17 18:28:32 +08:00
Pierre Joye
f44bf55558 - fix bug #60879, unserialize does not invoke __wakeup 2012-02-28 18:36:10 +00:00
Pierre Joye
ee772f60b1 - fix bug #60879, unserialize does not invoke __wakeup 2012-02-28 18:36:10 +00:00
Felipe Pena
8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
9da6f6a374 - Make valgrind happy with session_decode_error2.phpt 2011-11-09 23:50:01 +00:00
Felipe Pena
6781229e88 - Make valgrind happy with session_decode_error2.phpt 2011-11-09 23:50:01 +00:00