summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update NEWS for PHP 7.2.33PHP-7.2.33Remi Collet2020-08-041-1/+1
|
* Update NEWSStanislav Malyshev2020-08-031-0/+7
|
* Fix #79877: getimagesize function silently truncates after a null byteChristoph M. Becker2020-08-022-0/+14
| | | | We have to check for NUL bytes if `getimagesize()` has been called.
* Fix #79797: Use of freed hash key in the phar_parse_zipfile functionChristoph M. Becker2020-08-023-1/+15
| | | | We must not use heap memory after we freed it.
* Prep for 7.2.33Sara Golemon2020-07-071-0/+3
|
* Prep NEWS for 7.2.32 releasePHP-7.2.32Sara Golemon2020-07-071-1/+4
|
* bump version to 7.2.32-devRemi Collet2020-05-123-5/+8
|
* Update NEWSStanislav Malyshev2020-05-111-0/+5
|
* Fix #78876: Long variables cause OOM and temp files are not cleanedChristoph M. Becker2020-05-111-3/+3
| | | | We use the proper type for size calculations, which is `size_t`.
* Fix #78875: Long filenames cause OOM and temp files are not cleanedChristoph M. Becker2020-05-111-2/+3
| | | | | | We must not cast `size_t` to `int` (unless the `size_t` value is guaranteed to be less than or equal to `INT_MAX`). In this case we can declare `array_len` as `size_t` in the first place.
* Update NEWS for 7.2.31Sara Golemon2020-04-141-0/+3
|
* Update CREDITS for PHP 7.2.30Sara Golemon2020-04-142-11/+11
|
* Update NEWS for PHP 7.2.30Sara Golemon2020-04-141-1/+1
|
* Fixed bug #79468dinosaur2020-04-143-0/+29
| | | | Close the stream filter resources when removing them from the stream.
* NEWSSara Golemon2020-04-141-0/+3
|
* Fix bug #79465 - use unsigneds as indexes.Stanislav Malyshev2020-04-131-2/+2
|
* Fix bug #79330 - make all execution modes consistent in rejecting \0Stanislav Malyshev2020-04-131-0/+9
|
* bump verison to 7.2.30-devRemi Collet2020-03-173-5/+8
|
* Fix NEWSChristoph M. Becker2020-03-171-5/+5
|
* [ci skip] Update NEWSStanislav Malyshev2020-03-151-0/+7
|
* Fix testStanislav Malyshev2020-03-151-1/+1
|
* Fix bug #79329 - get_headers should not accept \0Stanislav Malyshev2020-03-151-1/+1
|
* Fixed bug #79282Stanislav Malyshev2020-03-152-1/+21
|
* bump version to 7.2.29Remi Collet2020-02-183-5/+8
|
* Update NEWS [ci skip]Christoph M. Becker2020-02-171-0/+8
|
* Mark bug76348.phpt as online testNikita Popov2020-02-161-0/+1
|
* Fix bug #79082 - Files added to tar with Phar::buildFromIterator have ↵Stanislav Malyshev2020-02-164-0/+65
| | | | all-access permissions
* Fix bug #79221 - Null Pointer Dereference in PHP Session Upload ProgressStanislav Malyshev2020-02-152-4/+51
|
* Fix typo in recent bugfixChristoph M. Becker2020-02-142-2/+2
|
* Fix #77569: Write Acess Violation in DomImplementationChristoph M. Becker2020-02-133-1/+18
| | | | We must not assume that the zval IS_STRING.
* More checks for php_strip_tags_exStanislav Malyshev2020-01-221-2/+2
|
* next will be 7.2.28Remi Collet2020-01-223-5/+8
|
* Update NEWSStanislav Malyshev2020-01-201-0/+9
|
* Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)Stanislav Malyshev2020-01-202-5/+22
|
* Fix #79099: OOB read in php_strip_tags_exStanislav Malyshev2020-01-202-3/+35
|
* Fix #79091: heap use-after-free in session_create_id()Christoph M. Becker2020-01-202-0/+68
| | | | If the `new_id` is released, we must not use it again.
* fix release dateRemi Collet2019-12-181-1/+1
|
* [ci skip] Update NEWSStanislav Malyshev2019-12-161-0/+16
|
* Fix testStanislav Malyshev2019-12-161-1/+1
|
* Fix bug #78793Stanislav Malyshev2019-12-162-2/+15
|
* Fixed bug #78910Stanislav Malyshev2019-12-162-1/+19
|
* Fix #78878: Buffer underflow in bc_shift_addsubChristoph M. Becker2019-12-162-2/+15
| | | | | We must not rely on `isdigit()` to detect digits, since we only support decimal ASCII digits in the following processing.
* Fix testStanislav Malyshev2019-12-161-1/+1
|
* Fix #78862: link() silently truncates after a null byte on WindowsChristoph M. Becker2019-12-162-1/+18
| | | | | Since link() is supposed to accepts paths (i.e. strings without NUL bytes), we must not accept arbitrary strings.
* Fix #78863: DirectoryIterator class silently truncates after a null byteChristoph M. Becker2019-12-162-2/+33
| | | | | | Since the constructor of DirectoryIterator and friends is supposed to accepts paths (i.e. strings without NUL bytes), we must not accept arbitrary strings.
* next is 7.2.27Remi Collet2019-12-033-5/+8
|
* Fix #78814: strip_tags allows / in tag name => whitelist bypassChristoph M. Becker2019-12-023-1/+11
| | | | | | | When normalizing tags to check whether they are contained in the set of allowable tags, we must not strip slashes, unless they come immediately after the opening `<`, or immediately before the closing `>`.
* Fix #78833: Integer overflow in pack causes out-of-bound accessChristoph M. Becker2019-12-023-1/+15
| | | | | We check for potential signed integer overflow, and bail out gracefully, in that case.
* Added environment LSAPI_CLEAN_SHUTDOWN to control clean shutdown. Update ↵George Wang2019-11-211-14/+26
| | | | SAPI version to LiteSpeed v7.6 .
* Fix #78849: GD build broken with -D SIGNED_COMPARE_SLOWChristoph M. Becker2019-11-212-1/+4
| | | | | | Apparently, this has not been tested for a long time, and might be a refactoring relict. Anyhow, we have to pass the context to `GIFNextPixel` as well.
View Lorry Controller Status