delta/php-git.git/ext/standard/tests/url, branch master git.php.net: repository/php-src.git Merge branch 'PHP-8.0' 2021-01-27T07:01:40+00:00 Stanislav Malyshev stas@php.net 2021-01-27T07:01:40+00:00 7eff4057dedeffee81b23f23d48c06a2082f9a06 * PHP-8.0: Alternative fix for bug 77423 
* PHP-8.0:
  Alternative fix for bug 77423
Merge branch 'PHP-7.4' into PHP-8.0 2021-01-27T06:55:16+00:00 Stanislav Malyshev stas@php.net 2021-01-27T06:55:16+00:00 effa287b35775de9a600dddfd01cad081fa5f28f * PHP-7.4: Alternative fix for bug 77423 
* PHP-7.4:
  Alternative fix for bug 77423
Merge branch 'PHP-7.3' into PHP-7.4 2021-01-27T06:55:10+00:00 Stanislav Malyshev stas@php.net 2021-01-27T06:55:10+00:00 fbf8c758fe31a19f35af839b97dc261a936c9b6e * PHP-7.3: Alternative fix for bug 77423 
* PHP-7.3:
  Alternative fix for bug 77423
Alternative fix for bug 77423 2021-01-27T06:54:58+00:00 Christoph M. Becker cmbecker69@gmx.de 2021-01-19T10:23:25+00:00 4a89e726bd4d0571991dc22a9a1ad4509e8fe347 That bug report originally was about `parse_url()` misbehaving, but the security aspect was actually only regarding `FILTER_VALIDATE_URL`. Since the changes to `parse_url_ex()` apparently affect userland code which is relying on the sloppy URL parsing[1], this alternative restores the old parsing behavior, but ensures that the userinfo is checked for correctness for `FILTER_VALIDATE_URL`. [1] <https://github.com/php/php-src/commit/5174de7cd33c3d4fa591c9c93859ff9989b07e8c#commitcomment-45967652> 
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.

[1] <https://github.com/php/php-src/commit/5174de7cd33c3d4fa591c9c93859ff9989b07e8c#commitcomment-45967652>
Skip bug77423 if filter extension is unavailable. 2021-01-17T15:44:45+00:00 Tyson Andre tysonandre775@hotmail.com 2021-01-17T15:44:45+00:00 81d20d003c3bf172069937c987fe3390c1daafe4 






Fix #77423: parse_url() will deliver a wrong host to user
2021-01-04T09:20:21+00:00

Christoph M. Becker
cmbecker69@gmx.de

2020-05-13T07:36:52+00:00

5174de7cd33c3d4fa591c9c93859ff9989b07e8c

To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.

For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.





To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.

For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.







Fix #77423: parse_url() will deliver a wrong host to user
2021-01-04T09:19:18+00:00

Christoph M. Becker
cmbecker69@gmx.de

2020-05-13T07:36:52+00:00

b132da7f9df39c1774997f21016c522b676a6ab0

To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.

For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.





To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.

For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.







Merge branch 'PHP-7.3' into PHP-7.4
2021-01-02T05:29:08+00:00

Stanislav Malyshev
stas@php.net

2021-01-02T05:07:15+00:00

434c2b1bdbed80f01f5bc6c817c9b87fef917919

* PHP-7.3:
  Fix #77423: parse_url() will deliver a wrong host to user





* PHP-7.3:
  Fix #77423: parse_url() will deliver a wrong host to user







Merge branch 'PHP-7.2' into PHP-7.3
2021-01-02T05:06:07+00:00

Stanislav Malyshev
stas@php.net

2021-01-02T05:06:07+00:00

128fca40376140c60b47a1c3750bb6435866838e

* PHP-7.2:
  Fix #77423: parse_url() will deliver a wrong host to user





* PHP-7.2:
  Fix #77423: parse_url() will deliver a wrong host to user







Fix #77423: parse_url() will deliver a wrong host to user
2021-01-02T04:08:01+00:00

Christoph M. Becker
cmbecker69@gmx.de

2020-05-13T07:36:52+00:00

2d3d72412a6734e19a38ed10f385227a6238e4a6

To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.

For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.





To avoid that `parse_url()` returns an erroneous host, which would be
valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which
is valid according to RFC 3986 is treated as such.

For consistency with the existing url parsing code, we use ctype
functions, although that is not necessarily correct.