| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
(cherry picked from commit 448c9be157f4147e121f1a2a524536c75c9c6059)
|
|
|
|
| |
(cherry picked from commit ed9d916c28b042d276a28998f92eb7e6cc56025a)
|
|
|
|
|
|
|
| |
When using the php_serialize session serialization handler, do
not use the result of the unserialization if it failed.
(cherry picked from commit e0f9fbdfa61012101de7f4a8653ca5538c404a71)
|
|
|
|
|
|
|
|
| |
If a (nested) unserialize() call fails, we remove all the values
that were inserted into var_hash during that call. This prevents
their use in other unserializations in the same context.
(cherry picked from commit 61f2f5a0f760157f9c9d32d7d3df2be47a73e74d)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't call __destruct() on an unserialized object that has a
__wakeup() method if either
a) unserialization of its properties fails or
b) the __wakeup() call fails (e.g. by throwing).
This basically treats __wakeup() as a form of constructor and
aligns us with the usual behavior that if the constructor call
fails the destructor should not be called.
The security aspect here is that people use __wakeup() to prevent
unserialization of objects with dangerous __destruct() methods,
but this is ineffective if __destruct() can still be called while
__wakeup() was skipped.
(cherry picked from commit 2135fdef9b588a34f8805b2bbf10704e36163d5a)
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit 659a21dc20f0b64dafd8cb16573059d3b45cce6b)
Conflicts:
ext/wddx/wddx.c
(cherry picked from commit e3829b88694460a2e5af10ad5eee9966fa55e589)
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit 620b01337cc39f856ca68c34c35e154f5f0682fc)
Conflicts:
ext/exif/exif.c
(cherry picked from commit 24fb60ffe9d23a6af27d96b74a85f6a237bbd14a)
|
|
|
|
| |
(cherry picked from commit d926a48fd27942d15190a6defdcb05b1e07c9701)
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit b6f13a5ef9d6280cf984826a5de012a32c396cd4)
Conflicts:
ext/gd/gd.c
(cherry picked from commit 28022c9b1fd937436ab67bb3d61f652c108baf96)
|
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit c3f6d6da100c6451a540680504de4105b8bed83c)
Conflicts:
ext/snmp/snmp.c
main/php_version.h
(cherry picked from commit b735a4419c1e796520b395a2aa0b6943d9157b73)
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit 047fe0ed03093a496691d376fcf51a7e2f1d04b0)
Conflicts:
ext/gd/gd.c
(cherry picked from commit e70069a62fb7252252cad9506fac5baf4ac11d21)
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit 6930a1d12c47aa1d2675837852910d177b0ceb11)
Conflicts:
ext/wddx/wddx.c
(cherry picked from commit f1486f0fd63e888028e625a5ae02f10cc729c4c7)
|
|
|
|
|
|
|
|
|
|
|
| |
attack
(cherry picked from commit f9c2edb4dbc01a817989b70ca7726f177bb1a103)
Conflicts:
ext/standard/ftp_fopen_wrapper.c
(cherry picked from commit e5b0952be2d7c93bdf491d99f50a14df46c30cd2)
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit a14fdb9746262549bbbb96abb87338bacd147e1b)
Conflicts:
ext/wddx/wddx.c
(cherry picked from commit 0c8a2a2cd1056b7dc403eacb5d2c0eec6ce47c6f)
|
|
|
|
|
|
|
| |
Conflicts:
ext/bz2/bz2.c
(cherry picked from commit 67d0fe39ee554563476ecae13c626580ae1a6612)
|
|
|
|
| |
(cherry picked from commit 4f6a97f5321ef617b98a1f79aac1ad447d13b2b4)
|
|
|
|
| |
(cherry picked from commit c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911)
|
|
|
|
| |
(cherry picked from commit 72dbb7f416160f490c4e9987040989a10ad431c7)
|
| |
|
|
|
|
|
|
| |
without specifying a sequence"
This reverts commit 12628e9a46b91a0aa92fd0619cdd545c409d25a6.
|
|
|
|
| |
This reverts commit 266c62070f7e8e98106cd7b28a86aafc3e537c5b.
|
|
|
|
| |
(cherry picked from commit 9667ee4f72c7dafce993b71104a52beb7c3aff15)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
signature (Remi).
Before this patch, exif_process_IFD_in_MAKERNOTE() would return false, then causing the rest of the EXIF parsing to be interrupted. This is a regression from earlier which was most likely a part of a security fix for MAKERNOTE.
The new behavior is to instead of stopping to parse, to continue so we can still fetch data like thumbnail and GPS, thrus allowing yet unsupported formats to parse. If EXIF's debugging mode is enabled, a notice will display in case we do not match against a valid MAKERNOTE signature.
This should temporarily fix bug #72682 (exif_read_data() fails to read all data for some images) until I get around to debug it further.
(cherry picked from commit aabcb5481d9e717df77192dab2894468b9fc63b4)
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 2fba6468374a15efc82aaac8cbfc600b29c5404f.
PCRE-8.39 throws weird valgrind backtraces on some systems, see
http://news.php.net/php.cvs/93494 . Those could be false positives
due to some changes in JIT, still i couldn't 100% ensure this.
Thus, better we continue to ship 8.38 bundled for now, and apply
patches, if needed.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 14d674442ef86ad4e862228a1ff5ecd322ae7759.
I misread the discussion on the bug -- this is not the correct
fix. However the other proposed fix does not work either, so just
reverting for now.
|
|\ \
| |/ |
|
| | |
|
|\ \
| |/
| |
| |
| | |
Conflicts:
ext/wddx/wddx.c
|
| | |
|
| |
| |
| |
| | |
Forgot to amend the merge fixes...
|
|\ \
| |/ |
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| | |
Closes bug #72710
(cherry picked from commit 0fb7eb6723bcc6fd98053911543e801edb5ab763)
|
| |
| |
| |
| | |
As usual, if the reference has rc=1 it really isn't a reference.
|
| | |
|
|\ \
| |/
| |
| |
| | |
# Resolved conflicts:
# ext/calendar/calendar.c
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Julian days < 347998 denote invalid Jewish calendar dates, so
cal_from_jd($jd, CAL_JEWISH) and jdmonthname($jd, CAL_MONTH_JEWISH) should
actually fail. For BC we don't yet let them though, but we fix the OOB read
that happens in this case, and we also adjust cal_from_jd()'s return value
to have empty strings for "abbrevdayname" and "dayname" instead of "Sun"/
"Sunday" and NULL for "dow" instead of 0, which doesn't make any sense.
|
|\ \
| |/ |
|
| | |
|