summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix # 79171: heap-buffer-overflow in phar_extract_filephp-7.3.15PHP-7.3.15Christoph M. Becker2020-02-182-1/+3
| | | | | | We must not access memory outside of the allocated buffer. (cherry picked from commit 7df594b9437aa4f127581e4c88da99e7c41a9b14)
* Fix bug #79221 - Null Pointer Dereference in PHP Session Upload ProgressStanislav Malyshev2020-02-183-4/+55
| | | | (cherry picked from commit 409965fe1cfa013abd377a5b567e2d19aac163e8)
* Fix bug #79082 - Files added to tar with Phar::buildFromIterator have ↵Stanislav Malyshev2020-02-185-0/+67
| | | | | | all-access permissions (cherry picked from commit 6facfa59a5273a7084fabe13f215bb17215218c4)
* Bump versionChristoph M. Becker2020-02-184-5/+5
|
* Bump versionphp-7.3.15RC1Christoph M. Becker2020-02-044-5/+5
|
* Fix #78090: bug45161.phpt takes forever to finishChristoph M. Becker2020-02-043-12/+13
| | | | | | Not all systems support the discard protocol (TCP port 9), and since there is no particular reason to use it, we switch to using actual server testing.
* Fix #79191: Error in SoapClient ctor disables DOMDocument::save()Christoph M. Becker2020-02-036-21/+77
| | | | | | | | | | | | | | The culprit is the too restrictive fix for bug #71536, which prevents `php_libxml_streams_IO_write()` from properly executing when unclean shutdown is flagged. A *more* suitable solution is to move the `xmlwriter_free_resource_ptr()` call from the `free_obj` handler to an added `dtor_obj` handler, to avoid to write to a closed stream in case of late object freeing. This makes the `EG(active)` guard superfluous. We also fix bug79029.phpt which has to use different variables for the three parts to actually check the original shutdown issue. Thanks to bwoebi and daverandom for helping to investigate this issue.
* Relax test expectationChristoph M. Becker2020-02-031-2/+2
| | | | | | | Since we're dealing with floating point numbers, precision issues may hit us, and actually it's not necessary to check for the exact number anyway, because it is not exact in the first place. Therefore, we relax the test expectations.
* Fix #79212: NumberFormatter::format() may detect wrong typeChristoph M. Becker2020-02-033-15/+36
| | | | | | | | | | | We have to convert to number *before* detecting the type, to cater to internal objects implementing `cast_object`. We also get rid of the fallback behavior of using `FORMAT_TYPE_INT32`, because that can no longer happen; after `convert_scalar_to_number_ex` the type is either `IS_LONG` or `IS_DOUBLE`. We cater explicitly to the `IS_ARRAY` case what also avoids triggering a type confusion when `::TYPE_INT64` is passed as `$type`.
* Fix bug #76047Nikita Popov2020-01-315-12/+81
| | | | | | | | | Unlink the current stack frame before freeing CVs or extra args. This means it will no longer show up in back traces that are generated during CV destruction. We already did this prior to destructing the object/closure, presumably for the same reason.
* Fix #70078: XSL callbacks with nodes as parameter leak memoryChristoph M. Becker2020-01-303-1/+55
| | | | | | | | | The fix for bug #49634 solved a double-free by copying the node with `xmlDocCopyNodeList()`, but the copied node is later freed by calling `xmlFreeNode()` instead of `xmlFreeNodeList()`, thus leaking memory. However, there is no need to treat the node as node list, i.e. to copy also the node's siblings; just creating a recursive copy of the node with `xmlDocCopyNode()` is sufficient, while that also avoids the leak.
* Fix leak in DateTimeImmutable::modify()Nikita Popov2020-01-302-0/+13
|
* Add SKIPIF to test requiring mbregexNikita Popov2020-01-301-0/+2
|
* Fix mb_ord() crash if internal encoding not supportedNikita Popov2020-01-292-4/+9
| | | | | enc_name can be NULL here. Take the name from the mbfl_encoding instead.
* Reset MBREX(search_re) in RSHUTDOWNNikita Popov2020-01-291-0/+1
| | | | | | | | | | | | | | This is going to cause a segfault if reused in the next request. To illustrate the issue, run these two scripts in sequence with the built-in server: // script1.php mb_ereg_search_init('foobar'); mb_ereg_search('foo'); // script2.php var_dump(mb_ereg_search_init("foobar")); var_dump(mb_ereg_search_pos());
* Fix use of mb_ereg_search_getregs() after invalid patternNikita Popov2020-01-292-3/+22
| | | | | This segfaulted because we assumed that if there are matches, there must be a regular expression as well.
* Fix #76584: PharFileInfo::decompress not workingChristoph M. Becker2020-01-283-5/+56
| | | | We actually have to decompress, when told to do so.
* Fix bug #78323: Code 0 is returned on invalid optionsIvan Mikheykin2020-01-2711-5/+177
| | | | | Set CLI exit code to 1 when invalid parameters are passed, and print error to stderr.
* Add CURLOPT CURLOPT_HTTP09_ALLOWED available since 7.64.0Florian Smeets2020-01-261-0/+7
|
* Fixed bug #79080 [ci skip]George Peter Banyard2020-01-252-26/+12
| | | | | Rewrote session.gc_probability and session.gc_divisor INI setting description to be more succint.
* Make test independent of online XSD schemaChristoph M. Becker2020-01-242-1/+642
| | | | | | The test still needs to access <http://www.w3.org/2009/01/xml.xsd>, but at least we no longer depend on <http://x-road.eu/xsd/x-road.xsd>, which may be moved again.
* Yet another check for php_strip_tags_ex()Christoph M. Becker2020-01-241-1/+1
|
* Fix bug76348.phptNikita Popov2020-01-232-4/+5
| | | | | | | | Adjust for URL change in XSD file and mark as online test. Is it possible for use to store http://x-road.eu/xsd/xroad.xsd locally instead? Do relative file system paths work here? I'm not familiar with this.
* Fixed bug #78902liudaixiao2020-01-233-4/+12
|
* Add unit test for bug #78902Léopold Jacquot2020-01-231-0/+30
|
* Fixed bug #79151Nikita Popov2020-01-233-0/+33
| | | | | | Make sure we also NULL out next/prev of the removed element on pop/shift. This only matter is that element is still being referenced by an iterator.
* Merge branch 'PHP-7.2' into PHP-7.3Stanislav Malyshev2020-01-221-1/+1
|\ | | | | | | | | * PHP-7.2: More checks for php_strip_tags_ex
| * More checks for php_strip_tags_exStanislav Malyshev2020-01-221-2/+2
| |
* | Don't leak encoding_strChristoph M. Becker2020-01-221-0/+1
| |
* | Fix #79154: mb_convert_encoding() can modify $from_encodingChristoph M. Becker2020-01-223-5/+41
| | | | | | | | We must not modify arrays passed by value.
* | Merge branch 'PHP-7.2' into PHP-7.3Remi Collet2020-01-220-0/+0
|\ \ | |/ | | | | | | * PHP-7.2: next will be 7.2.28
| * next will be 7.2.28Remi Collet2020-01-223-5/+8
| |
* | Fix #79145: openssl memory leakChristoph M. Becker2020-01-213-2/+29
| | | | | | | | | | | | We must increase the refcount of `return_value` only if `cert` is a resource; this is already done in `php_openssl_evp_from_zval()`, though.
* | Fix #79146: cscript can fail to run on some systemsDeus Kane2020-01-217-6/+7
| | | | | | | | | | | | | | | | | | In the buildconf and configure batch files, Windows' cscript utility was being run without the /e:jscript flag. This works on systems that have not had the default .js file association changed, but if .js has been re-associated to (say) an IDE, the batch files fail with the error message: Input Error: There is no script engine for file extension ".js".
* | Update NEWS wrt. sec fixesChristoph M. Becker2020-01-211-0/+8
| |
* | Merge branch 'PHP-7.2' into PHP-7.3Stanislav Malyshev2020-01-206-5/+115
|\ \ | |/ | | | | | | | | | | | | * PHP-7.2: Update NEWS Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`) Fix #79099: OOB read in php_strip_tags_ex Fix #79091: heap use-after-free in session_create_id()
| * Update NEWSStanislav Malyshev2020-01-201-0/+9
| |
| * Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)Stanislav Malyshev2020-01-202-5/+22
| |
| * Fix #79099: OOB read in php_strip_tags_exStanislav Malyshev2020-01-202-3/+35
| |
| * Fix #79091: heap use-after-free in session_create_id()Christoph M. Becker2020-01-202-0/+68
| | | | | | | | If the `new_id` is released, we must not use it again.
* | Fixed bug #79115Nikita Popov2020-01-173-0/+22
| |
* | Fixed bug #71876Nikita Popov2020-01-172-4/+8
| | | | | | | | | | | | | | | | | | | | | | This is a backport of fcdc0a6db0ae63fbed9e3828137b899b844623ce to the PHP-7.3 branch. We need to make sure that OnUpdateString is also called for a NULL value, otherwise the reset of the encoding at the end of the request will not work. I believe I already tried to land this before once, but it didn't actually end up on the PHP-7.3 branch due to a push conflict that I only noticed just now.
* | Fix #79084: mysqlnd may fetch wrong column indexes with MYSQLI_BOTHChristoph M. Becker2020-01-134-6/+153
| | | | | | | | | | | | Column names can be numeric strings, so we have to make sure to insert the column values with the appropriate numeric keys, instead of adding them.
* | Fix test cases which fail on Windows debug buildsChristoph M. Becker2020-01-103-2/+4
| | | | | | | | | | | | | | | | We use the portable {TMP} instead of the hard-coded /tmp, and skip mysqli_debug_append.phpt on Windows, because unlinking the trace file while the connection is still open won't work there. (cherry picked from commit 60081ca20d5701111de5f94ae64909b1cc265f1e)
* | Fix test for Windows ZTS buildsChristoph M. Becker2020-01-111-0/+2
| | | | | | | | Cf. <https://bugs.php.net/bug.php?id=61685#1578672905>.
* | Fix #79078: Hypothetical use-after-free in curl_multi_add_handle()Christoph M. Becker2020-01-083-9/+15
| | | | | | | | | | To avoid this, we have to verify the handlers already in `curl_multi_add_handle()`, not only in `curl_multi_exec()`.
* | Bump versionChristoph M. Becker2020-01-074-6/+8
| |
* | Revert "Extend CURLFile to support streams"Christoph M. Becker2020-01-066-147/+1
| | | | | | | | | | | | This reverts commit 17a9f1401aeb35fe1e3657b38102a410d151d42f, because this commit would break ABI, and also due to bug #79013. We keep the commit for PHP 7.4+, though.
* | Fix #54298: Using empty additional_headers adding extraneous CRLFChristoph M. Becker2020-01-063-1/+29
| | | | | | | | | | If the header string is empty, we pass `NULL` to `php_mail()` to avoid further checks on the string length.
* | Fix #79068: gdTransformAffineCopy() changes interpolation methodChristoph M. Becker2020-01-064-1/+24
| | | | | | | | | | We port <https://github.com/libgd/libgd/commit/9088591eae437358ee5b929adf82865e37e3001e>.
View Lorry Controller Status