summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix #77423: parse_url() will deliver a wrong host to userPHP-7.2Christoph M. Becker2021-01-017-14/+59
| | | | | | | | | To avoid that `parse_url()` returns an erroneous host, which would be valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which is valid according to RFC 3986 is treated as such. For consistency with the existing url parsing code, we use ctype functions, although that is not necessarily correct.
* bump version to 7.2.35-devRemi Collet2020-09-303-5/+8
|
* [ci skip] typoRemi Collet2020-09-291-2/+2
|
* Update NEWS & UPGRADINGStanislav Malyshev2020-09-282-3/+15
|
* Do not decode cookie names anymoreStanislav Malyshev2020-09-264-6/+38
|
* Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)Stanislav Malyshev2020-09-264-22/+57
|
* bump version to 7.2.34-devRemi Collet2020-08-043-5/+8
|
* Update NEWSStanislav Malyshev2020-08-031-0/+7
|
* Fix #79877: getimagesize function silently truncates after a null byteChristoph M. Becker2020-08-022-0/+14
| | | | We have to check for NUL bytes if `getimagesize()` has been called.
* Fix #79797: Use of freed hash key in the phar_parse_zipfile functionChristoph M. Becker2020-08-023-1/+15
| | | | We must not use heap memory after we freed it.
* Prep for 7.2.33Sara Golemon2020-07-071-0/+3
|
* Prep NEWS for 7.2.32 releasePHP-7.2.32Sara Golemon2020-07-071-1/+4
|
* bump version to 7.2.32-devRemi Collet2020-05-123-5/+8
|
* Update NEWSStanislav Malyshev2020-05-111-0/+5
|
* Fix #78876: Long variables cause OOM and temp files are not cleanedChristoph M. Becker2020-05-111-3/+3
| | | | We use the proper type for size calculations, which is `size_t`.
* Fix #78875: Long filenames cause OOM and temp files are not cleanedChristoph M. Becker2020-05-111-2/+3
| | | | | | We must not cast `size_t` to `int` (unless the `size_t` value is guaranteed to be less than or equal to `INT_MAX`). In this case we can declare `array_len` as `size_t` in the first place.
* Update NEWS for 7.2.31Sara Golemon2020-04-141-0/+3
|
* Update CREDITS for PHP 7.2.30Sara Golemon2020-04-142-11/+11
|
* Update NEWS for PHP 7.2.30Sara Golemon2020-04-141-1/+1
|
* Fixed bug #79468dinosaur2020-04-143-0/+29
| | | | Close the stream filter resources when removing them from the stream.
* NEWSSara Golemon2020-04-141-0/+3
|
* Fix bug #79465 - use unsigneds as indexes.Stanislav Malyshev2020-04-131-2/+2
|
* Fix bug #79330 - make all execution modes consistent in rejecting \0Stanislav Malyshev2020-04-131-0/+9
|
* bump verison to 7.2.30-devRemi Collet2020-03-173-5/+8
|
* Fix NEWSChristoph M. Becker2020-03-171-5/+5
|
* [ci skip] Update NEWSStanislav Malyshev2020-03-151-0/+7
|
* Fix testStanislav Malyshev2020-03-151-1/+1
|
* Fix bug #79329 - get_headers should not accept \0Stanislav Malyshev2020-03-151-1/+1
|
* Fixed bug #79282Stanislav Malyshev2020-03-152-1/+21
|
* bump version to 7.2.29Remi Collet2020-02-183-5/+8
|
* Update NEWS [ci skip]Christoph M. Becker2020-02-171-0/+8
|
* Mark bug76348.phpt as online testNikita Popov2020-02-161-0/+1
|
* Fix bug #79082 - Files added to tar with Phar::buildFromIterator have ↵Stanislav Malyshev2020-02-164-0/+65
| | | | all-access permissions
* Fix bug #79221 - Null Pointer Dereference in PHP Session Upload ProgressStanislav Malyshev2020-02-152-4/+51
|
* Fix typo in recent bugfixChristoph M. Becker2020-02-142-2/+2
|
* Fix #77569: Write Acess Violation in DomImplementationChristoph M. Becker2020-02-133-1/+18
| | | | We must not assume that the zval IS_STRING.
* More checks for php_strip_tags_exStanislav Malyshev2020-01-221-2/+2
|
* next will be 7.2.28Remi Collet2020-01-223-5/+8
|
* Update NEWSStanislav Malyshev2020-01-201-0/+9
|
* Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)Stanislav Malyshev2020-01-202-5/+22
|
* Fix #79099: OOB read in php_strip_tags_exStanislav Malyshev2020-01-202-3/+35
|
* Fix #79091: heap use-after-free in session_create_id()Christoph M. Becker2020-01-202-0/+68
| | | | If the `new_id` is released, we must not use it again.
* fix release dateRemi Collet2019-12-181-1/+1
|
* [ci skip] Update NEWSStanislav Malyshev2019-12-161-0/+16
|
* Fix testStanislav Malyshev2019-12-161-1/+1
|
* Fix bug #78793Stanislav Malyshev2019-12-162-2/+15
|
* Fixed bug #78910Stanislav Malyshev2019-12-162-1/+19
|
* Fix #78878: Buffer underflow in bc_shift_addsubChristoph M. Becker2019-12-162-2/+15
| | | | | We must not rely on `isdigit()` to detect digits, since we only support decimal ASCII digits in the following processing.
* Fix testStanislav Malyshev2019-12-161-1/+1
|
* Fix #78862: link() silently truncates after a null byte on WindowsChristoph M. Becker2019-12-162-1/+18
| | | | | Since link() is supposed to accepts paths (i.e. strings without NUL bytes), we must not accept arbitrary strings.
View Lorry Controller Status