Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix bug #68594 - Use after free vulnerability in unserialize() | Stanislav Malyshev | 2014-12-17 | 1 | -0/+3 |
| | |||||
* | Fixed bug #68545 NULL pointer dereference in unserialize.c | Anatol Belski | 2014-12-10 | 1 | -1/+7 |
| | |||||
* | Fixed bug #68044: Integer overflow in unserialize() (32-bits only) | Stanislav Malyshev | 2014-10-14 | 1 | -1/+1 |
| | |||||
* | Better fix for bug #67072 with more BC provisions | Stanislav Malyshev | 2014-06-21 | 1 | -1/+2 |
| | |||||
* | Update copyright year for re2c files as well | Lior Kaplan | 2014-06-16 | 1 | -1/+1 |
| | |||||
* | Fixed regression introduced by patch for bug #67072 | Anatol Belski | 2014-06-03 | 1 | -1/+5 |
| | | | | This applies to 5.4 and 5.5 only as a legacy fix. | ||||
* | Improved the fix for bug #67072, thanks Nikita | Anatol Belski | 2014-04-18 | 1 | -2/+5 |
| | |||||
* | Fixed bug #67072 Echoing unserialized "SplFileObject" crash | Anatol Belski | 2014-04-17 | 1 | -1/+10 |
| | | | | | | | | | | | | | | | | | | The actual issue lays in the unserializer code which doesn't honor the unserialize callback. By contrast, the serialize callback is respected. This leads to the situation that even if a class has disabled the serialization explicitly, user could still construct a vulnerable string which would result bad things when trying to unserialize. This conserns also the classes implementing Serializable as well as some core classes disabling serialize/unserialize callbacks explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the flow is first to call the unserialize callback (if available), then call __wakeup. If the unserialize callback returns with no success, no object is instantiated. This makes the scheme used by internal classes effective, to disable unserialize just assign zend_class_unserialize_deny as callback. | ||||
* | fix bug #65481 (shutdown segfault due to serialize) | Michael Wallner | 2013-08-20 | 1 | -13/+40 |
| | |||||
* | Fixed bug #64354 (Unserialize array of objects whose class can't be ↵ | Xinchen Hui | 2013-03-09 | 1 | -1/+27 |
| | | | | | | | autoloaded fail) about the __sleep one, since php_serialize_* are all void function, so,,only check exception at the very begining | ||||
* | Merge fix of #62836 to ?.re, and regenerate ?.c | Xinchen Hui | 2013-01-21 | 1 | -0/+6 |
| | |||||
* | Happy New Year | Xinchen Hui | 2013-01-01 | 1 | -1/+1 |
| | |||||
* | - fix bug #60879, unserialize does not invoke __wakeup | Pierre Joye | 2012-02-28 | 1 | -0/+6 |
| | |||||
* | - Year++ | Felipe Pena | 2012-01-01 | 1 | -1/+1 |
| | |||||
* | - Make valgrind happy with session_decode_error2.phpt | Felipe Pena | 2011-11-09 | 1 | -1/+6 |
| | |||||
* | Fix Bug #55801 Behavior of unserialize has changed: | Michael Wallner | 2011-10-19 | 1 | -0/+2 |
| | | | | | | (un)serialize in __wakeup/__sleep now use clean var_hashes | ||||
* | - Fixed #55798: serialize followed by unserialize with numeric object prop. | Gustavo André dos Santos Lopes | 2011-09-28 | 1 | -4/+11 |
| | | | | | gives integer prop. | ||||
* | - Year++ | Felipe Pena | 2011-01-01 | 1 | -1/+1 |
| | |||||
* | Improved performance of unserialize(), original patch by galaxy dot mipt at ↵ | Kalle Sommer Nielsen | 2010-09-18 | 1 | -20/+16 |
| | | | | gmail dot com | ||||
* | Do these ops in the right order here. First of many fixes for | Rasmus Lerdorf | 2010-08-06 | 1 | -1/+1 |
| | | | | | bug #52550 | ||||
* | fix SplObjectStorage unserialization (CVE-2010-2225) | Stanislav Malyshev | 2010-06-29 | 1 | -1/+1 |
| | |||||
* | Added support for object references in recursive serialize() calls. FR #36424 | Michael Wallner | 2010-05-26 | 1 | -13/+28 |
| | |||||
* | sed -i "s#1997-2009#1997-2010#g" **/*.re **/*.y **/*.l | Sebastian Bergmann | 2010-01-03 | 1 | -1/+1 |
| | |||||
* | - MFH: Year++ | Felipe Pena | 2009-03-17 | 1 | -1/+1 |
| | |||||
* | MFH: Fixed bug #46882 (Serialize / Unserialize misbehaviour under OS with ↵ | Matt Wilmas | 2009-03-17 | 1 | -0/+23 |
| | | | | different bit numbers) | ||||
* | - Next step in namespaces, using / as namespace separator. | Marcus Boerger | 2008-11-04 | 1 | -1/+1 |
| | |||||
* | Fixed bug #45706 (Unserialization of classes derived from ArrayIterator fails) | Dmitry Stogov | 2008-08-29 | 1 | -7/+10 |
| | |||||
* | MFH: Add array_init_size() and use it where array size is known at ↵ | Matt Wilmas | 2008-05-27 | 1 | -3/+1 |
| | | | | initialization | ||||
* | MFB: Fixed bug #43614 (incorrect processing of numerical string keys of ↵ | Felipe Pena | 2008-03-19 | 1 | -2/+2 |
| | | | | array in arbitrary serialized data) | ||||
* | Fixed bug #42919 (Unserializing of namespaced class object fails) | Dmitry Stogov | 2007-10-17 | 1 | -1/+1 |
| | |||||
* | MFH: Added macros for managing zval refcounts and is_ref statuses | Yiduo (David) Wang | 2007-10-07 | 1 | -5/+5 |
| | |||||
* | fix a few compiler warnings (mostly use of unitialized values) | Nuno Lopes | 2007-09-29 | 1 | -1/+1 |
| | |||||
* | - fix ws | Jani Taskinen | 2007-08-06 | 1 | -9/+9 |
| | |||||
* | Fixed compiler warning | Ilia Alshanetsky | 2007-08-06 | 1 | -1/+1 |
| | |||||
* | Proper fix for MOPB-29 | Dmitry Stogov | 2007-07-09 | 1 | -4/+8 |
| | |||||
* | MFH: fix compile warning | Antony Dovgal | 2007-03-27 | 1 | -1/+1 |
| | |||||
* | fix MOPB-29 - unserialize modifier S does not calculate length correctly | Stanislav Malyshev | 2007-03-23 | 1 | -5/+12 |
| | | | | | # reported by Stefan Esser | ||||
* | Support for 'S' format in unserialize() (forward compatibility with PHP | Andrei Zmievski | 2006-12-15 | 1 | -0/+61 |
| | | | | | 6) | ||||
* | bump the year and license version | foobar | 2006-01-01 | 1 | -3/+3 |
| | |||||
* | MFH: - Fixed bug #34311 (unserialize() crashes with characters above 191 dec) | foobar | 2005-09-05 | 1 | -1/+1 |
| | |||||
* | - Bumber up year | foobar | 2005-08-03 | 1 | -1/+1 |
| | |||||
* | Fixed bug #30791 (magic methods (__sleep/__wakeup/__toString) call __call if ↵ | Dmitry Stogov | 2005-06-01 | 1 | -1/+2 |
| | | | | object is overloaded) | ||||
* | - Fixed bug with unserialize() with "exotic" letters in class names | foobar | 2005-05-31 | 1 | -1/+1 |
| | | | | | # Patch by: Christian Schneider <cschneid@cschneid.com> | ||||
* | - Fix #31442 unserialize broken on 64-bit systems | Marcus Boerger | 2005-03-10 | 1 | -20/+20 |
| | | | | | - Fix one warning | ||||
* | - Update signature | Marcus Boerger | 2005-03-07 | 1 | -2/+2 |
| | |||||
* | This way around for correct error messages | Stefan Esser | 2005-02-28 | 1 | -2/+2 |
| | |||||
* | Drop invalid arrays | Stefan Esser | 2005-02-28 | 1 | -0/+4 |
| | |||||
* | fix typo | Stanislav Malyshev | 2005-02-27 | 1 | -1/+1 |
| | |||||
* | fix typo | Stanislav Malyshev | 2005-02-24 | 1 | -1/+1 |
| | |||||
* | Correcting bounds check before someone uses this code | Stefan Esser | 2005-02-23 | 1 | -1/+1 |
| |