delta/php-git.git/sapi/cli, branch php-5.6.16 git.php.net: repository/php-src.git Add test XFAIL for bug #70470 2015-09-11T05:45:18+00:00 Xinchen Hui laruence@gmail.com 2015-09-11T05:45:18+00:00 37d814b84cff3678a2e1d56ea9d3ba3c35082e13 






Fix #68291: 404 on urls with '+'
2015-09-05T12:34:08+00:00

Christoph M. Becker
cmbecker69@gmx.de

2015-09-05T11:52:41+00:00

fd94c92171eb4f25a792b38c7754bdd76933ec04

URI paths have to be treated according to RFC 3986 by the CLI web server, not
as application/x-www-form-urlencoded.





URI paths have to be treated according to RFC 3986 by the CLI web server, not
as application/x-www-form-urlencoded.







Fix #70264: CLI server directory traversal
2015-08-14T15:05:31+00:00

Christoph M. Becker
cmb@php.net

2015-08-14T14:56:40+00:00

9c805a6cb31596c41609512bdd8a9a76c9ce9b15

On Windows the built-in webserver doesn't prevent directory traversal when
backslashes are used as path component separators. Even though that is not a
security issue (the CLI webserver is meant for testing only), we fix that by
replacing backslashes in the path with slashes on Windows, because backslashes
may be valid characters for file names on other systems, but not on Windows.





On Windows the built-in webserver doesn't prevent directory traversal when
backslashes are used as path component separators. Even though that is not a
security issue (the CLI webserver is meant for testing only), we fix that by
replacing backslashes in the path with slashes on Windows, because backslashes
may be valid characters for file names on other systems, but not on Windows.







Fix #66606: Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE
2015-08-09T00:37:16+00:00

wusuopu
admin@longchangjin.cn

2014-11-03T06:52:16+00:00

72976e2497f963b7f203443f9881d52e0ff97962

The patch will store Content-Type header value in both HTTP_CONTENT_TYPE field and CONTENT_TYPE field.





The patch will store Content-Type header value in both HTTP_CONTENT_TYPE field and CONTENT_TYPE field.







added tests for bug #66606
2015-08-09T00:36:58+00:00

Christoph M. Becker
cmb@php.net

2015-08-09T00:36:58+00:00

1b4a80332c78045ac4a24208951f96fbd700825f












Merge branch 'PHP-5.5' into PHP-5.6
2015-08-04T23:45:55+00:00

Stanislav Malyshev
stas@php.net

2015-08-04T23:45:55+00:00

54187fa4b953d9d908a844d802cfe20472776ff5

* PHP-5.5:
  fix test





* PHP-5.5:
  fix test







Merge branch 'PHP-5.4' into PHP-5.5
2015-08-04T23:45:32+00:00

Stanislav Malyshev
stas@php.net

2015-08-04T23:45:32+00:00

2425f88afd487181e4b2a86e9008b98a03dfb663

* PHP-5.4:
  fix test





* PHP-5.4:
  fix test







fix test
2015-08-04T23:45:20+00:00

Stanislav Malyshev
stas@php.net

2015-08-04T23:45:20+00:00

da5321013c4dbac0faac12f78b28f662a91b4bc1












Merge branch 'PHP-5.5' into PHP-5.6
2015-08-04T22:29:13+00:00

Stanislav Malyshev
stas@php.net

2015-08-04T22:29:13+00:00

ed709d5aa01375beb7e0b408c4027bbb9cfb52b6

* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c





* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c







Merge branch 'PHP-5.4' into PHP-5.5
2015-08-04T21:46:30+00:00

Stanislav Malyshev
stas@php.net

2015-08-04T21:46:30+00:00

742c54aecfc4cbc3c0cfccbe4eee1d50946f44d8

* PHP-5.4:
  fix test
  update NEWS





* PHP-5.4:
  fix test
  update NEWS