Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix #77423: parse_url() will deliver a wrong host to userPHP-7.2 | Christoph M. Becker | 2021-01-01 | 7 | -14/+59 |
| | | | | | | | | | To avoid that `parse_url()` returns an erroneous host, which would be valid for `FILTER_VALIDATE_URL`, we make sure that only userinfo which is valid according to RFC 3986 is treated as such. For consistency with the existing url parsing code, we use ctype functions, although that is not necessarily correct. | ||||
* | bump version to 7.2.35-dev | Remi Collet | 2020-09-30 | 3 | -5/+8 |
| | |||||
* | [ci skip] typo | Remi Collet | 2020-09-29 | 1 | -2/+2 |
| | |||||
* | Update NEWS & UPGRADING | Stanislav Malyshev | 2020-09-28 | 2 | -3/+15 |
| | |||||
* | Do not decode cookie names anymore | Stanislav Malyshev | 2020-09-26 | 4 | -6/+38 |
| | |||||
* | Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV) | Stanislav Malyshev | 2020-09-26 | 4 | -22/+57 |
| | |||||
* | bump version to 7.2.34-dev | Remi Collet | 2020-08-04 | 3 | -5/+8 |
| | |||||
* | Update NEWS | Stanislav Malyshev | 2020-08-03 | 1 | -0/+7 |
| | |||||
* | Fix #79877: getimagesize function silently truncates after a null byte | Christoph M. Becker | 2020-08-02 | 2 | -0/+14 |
| | | | | We have to check for NUL bytes if `getimagesize()` has been called. | ||||
* | Fix #79797: Use of freed hash key in the phar_parse_zipfile function | Christoph M. Becker | 2020-08-02 | 3 | -1/+15 |
| | | | | We must not use heap memory after we freed it. | ||||
* | Prep for 7.2.33 | Sara Golemon | 2020-07-07 | 1 | -0/+3 |
| | |||||
* | Prep NEWS for 7.2.32 releasePHP-7.2.32 | Sara Golemon | 2020-07-07 | 1 | -1/+4 |
| | |||||
* | bump version to 7.2.32-dev | Remi Collet | 2020-05-12 | 3 | -5/+8 |
| | |||||
* | Update NEWS | Stanislav Malyshev | 2020-05-11 | 1 | -0/+5 |
| | |||||
* | Fix #78876: Long variables cause OOM and temp files are not cleaned | Christoph M. Becker | 2020-05-11 | 1 | -3/+3 |
| | | | | We use the proper type for size calculations, which is `size_t`. | ||||
* | Fix #78875: Long filenames cause OOM and temp files are not cleaned | Christoph M. Becker | 2020-05-11 | 1 | -2/+3 |
| | | | | | | We must not cast `size_t` to `int` (unless the `size_t` value is guaranteed to be less than or equal to `INT_MAX`). In this case we can declare `array_len` as `size_t` in the first place. | ||||
* | Update NEWS for 7.2.31 | Sara Golemon | 2020-04-14 | 1 | -0/+3 |
| | |||||
* | Update CREDITS for PHP 7.2.30 | Sara Golemon | 2020-04-14 | 2 | -11/+11 |
| | |||||
* | Update NEWS for PHP 7.2.30 | Sara Golemon | 2020-04-14 | 1 | -1/+1 |
| | |||||
* | Fixed bug #79468 | dinosaur | 2020-04-14 | 3 | -0/+29 |
| | | | | Close the stream filter resources when removing them from the stream. | ||||
* | NEWS | Sara Golemon | 2020-04-14 | 1 | -0/+3 |
| | |||||
* | Fix bug #79465 - use unsigneds as indexes. | Stanislav Malyshev | 2020-04-13 | 1 | -2/+2 |
| | |||||
* | Fix bug #79330 - make all execution modes consistent in rejecting \0 | Stanislav Malyshev | 2020-04-13 | 1 | -0/+9 |
| | |||||
* | bump verison to 7.2.30-dev | Remi Collet | 2020-03-17 | 3 | -5/+8 |
| | |||||
* | Fix NEWS | Christoph M. Becker | 2020-03-17 | 1 | -5/+5 |
| | |||||
* | [ci skip] Update NEWS | Stanislav Malyshev | 2020-03-15 | 1 | -0/+7 |
| | |||||
* | Fix test | Stanislav Malyshev | 2020-03-15 | 1 | -1/+1 |
| | |||||
* | Fix bug #79329 - get_headers should not accept \0 | Stanislav Malyshev | 2020-03-15 | 1 | -1/+1 |
| | |||||
* | Fixed bug #79282 | Stanislav Malyshev | 2020-03-15 | 2 | -1/+21 |
| | |||||
* | bump version to 7.2.29 | Remi Collet | 2020-02-18 | 3 | -5/+8 |
| | |||||
* | Update NEWS [ci skip] | Christoph M. Becker | 2020-02-17 | 1 | -0/+8 |
| | |||||
* | Mark bug76348.phpt as online test | Nikita Popov | 2020-02-16 | 1 | -0/+1 |
| | |||||
* | Fix bug #79082 - Files added to tar with Phar::buildFromIterator have ↵ | Stanislav Malyshev | 2020-02-16 | 4 | -0/+65 |
| | | | | all-access permissions | ||||
* | Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress | Stanislav Malyshev | 2020-02-15 | 2 | -4/+51 |
| | |||||
* | Fix typo in recent bugfix | Christoph M. Becker | 2020-02-14 | 2 | -2/+2 |
| | |||||
* | Fix #77569: Write Acess Violation in DomImplementation | Christoph M. Becker | 2020-02-13 | 3 | -1/+18 |
| | | | | We must not assume that the zval IS_STRING. | ||||
* | More checks for php_strip_tags_ex | Stanislav Malyshev | 2020-01-22 | 1 | -2/+2 |
| | |||||
* | next will be 7.2.28 | Remi Collet | 2020-01-22 | 3 | -5/+8 |
| | |||||
* | Update NEWS | Stanislav Malyshev | 2020-01-20 | 1 | -0/+9 |
| | |||||
* | Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`) | Stanislav Malyshev | 2020-01-20 | 2 | -5/+22 |
| | |||||
* | Fix #79099: OOB read in php_strip_tags_ex | Stanislav Malyshev | 2020-01-20 | 2 | -3/+35 |
| | |||||
* | Fix #79091: heap use-after-free in session_create_id() | Christoph M. Becker | 2020-01-20 | 2 | -0/+68 |
| | | | | If the `new_id` is released, we must not use it again. | ||||
* | fix release date | Remi Collet | 2019-12-18 | 1 | -1/+1 |
| | |||||
* | [ci skip] Update NEWS | Stanislav Malyshev | 2019-12-16 | 1 | -0/+16 |
| | |||||
* | Fix test | Stanislav Malyshev | 2019-12-16 | 1 | -1/+1 |
| | |||||
* | Fix bug #78793 | Stanislav Malyshev | 2019-12-16 | 2 | -2/+15 |
| | |||||
* | Fixed bug #78910 | Stanislav Malyshev | 2019-12-16 | 2 | -1/+19 |
| | |||||
* | Fix #78878: Buffer underflow in bc_shift_addsub | Christoph M. Becker | 2019-12-16 | 2 | -2/+15 |
| | | | | | We must not rely on `isdigit()` to detect digits, since we only support decimal ASCII digits in the following processing. | ||||
* | Fix test | Stanislav Malyshev | 2019-12-16 | 1 | -1/+1 |
| | |||||
* | Fix #78862: link() silently truncates after a null byte on Windows | Christoph M. Becker | 2019-12-16 | 2 | -1/+18 |
| | | | | | Since link() is supposed to accepts paths (i.e. strings without NUL bytes), we must not accept arbitrary strings. |