| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
* PHP-5.5:
Fixed bug #70002 TS issues with temporary dir handling
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* PHP-5.5:
update NEWS
fix test
update NEWS
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
ext/soap/php_http.c
ext/spl/spl_observer.c
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| | |
* pull-request/1425:
revised bug53156.phpt
Fix #53156: imagerectangle problem with point ordering
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Contrary to imagefilledrectangle(), imagerectangle() has the documented
limitation that the given points have to be the upper left and the lower right
corner, respectively. However, libgd already caters to upper right / lower left
pairs, and not catering to the other two combinations seems to be an oversight.
|
| | |
|
|/
|
|
|
|
|
| |
The stack overflow is caused by the recursive algorithm in combination with a
very large negative coordinate passed to gdImageFillToBorder(). As there is
already a clipping for large positive coordinates to the width and height of
the image, it seems to be consequent to clip to zero also.
|
| |
|
| |
|
|
|
|
|
| |
libgd internally uses ARGB format, so we have to decode to ARGB instead of
RGBA.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
The code in the bundled libgd uses libvpx and writes the riff manually. The
code generates the correct even size, but neglects the padding. It's possible
older versions of libwebp would decode this, but libwebp 0.4.0 does not.
Let's apply the patch supplied by one of the WebP developers.
|
| |
|
|
|
|
|
|
| |
When there is already an APP13 marker segment in the file, iptcembed() doesn't
skip the first byte (0xFF) of this segment, what leads to unnecessary and
potentially invalid duplication of this byte. This patch fixes this issue.
|
| |
|
|
|
|
| |
by-ref assignment to an overloaded object
|
| |
|
|
|
|
|
|
| |
As of PHP 5.3.0 the php_pspell.dll is not delivered anymore with the Windows
binaries, and according to bug #47464 that's highly unlike to change. So it's
appropriate to remove the respective extension entry from php.ini.
|
| |
|
|
|
|
|
|
|
|
|
| |
Contrary to the external libgd, the bundled libgd doesn't use optimized
rotation algorithms for negative square angles. We fix that now.
There are other improvements in gdImageRotateInterpolated() in the external
libgd. I'll leave them out for now, in the hope that we'll be able to rejoin
the two libraries rather soon.
|
| |
|
|
|
|
|
| |
A temporary image (tmp_im) is created with gdImageTrueColor() and freed with
gdFree() instead of gdImageDestroy(). Let's fix that.
|
| |
|
|
|
|
|
|
|
|
| |
imagescale(..., IMG_BICUBIC) is not supposed to work with palette images, so we
fix that by converting to true color if necessary. Basically the same fix has
already been applied to the external libgd[1].
[1] <https://github.com/libgd/libgd/commit/723ea520bed3b5854df87393c687323d3930edf3>
|
| |
|
|
|
|
|
|
|
|
| |
To avoid drawing the corner pixels twice, gdImageRectangle() draws the vertical
lines 2 points shorter than the actual side of the rectangle. However, this
causes "whiskers" for rectangles with height 0. This patch fixes this issue and
at the same time optimizes the algorithm by drawing only a single line for zero
height and zero width rectangles.
|
| |
|
|
|
|
| |
A simple one-off error: imagecrop)() copied only width-1 and height-1 pixels.
|
| |
|
|
|
|
|
|
| |
Actually, this is not really a bug fix, but rather a simplification and
optimization in the same vein as has been done with the external libgd, but
going a small step further and joining both for loops.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
The file parameter of the XBM image ZPP is not properly taken into account. If
it is NULL that would result in a segfault, because gdImageXbmCtx() is not
prepared to take a NULL file_name. If it is not NULL the XBM data would be
written to STDOUT, because the stream is not initialized. This patch fixes both
issues.
|
| |
|
|
|
|
|
| |
Despite being documented, the array returned by gd_info() doesn't have a 'WebP
Support' key. This patch adds it.
|
| |
|
| |
|
| |
|
| |
|