summaryrefslogtreecommitdiff
path: root/ext/standard/var_unserializer.re
Commit message (Collapse)AuthorAgeFilesLines
* Fix bug #68594 - Use after free vulnerability in unserialize()Stanislav Malyshev2014-12-171-0/+3
|
* Fixed bug #68545 NULL pointer dereference in unserialize.cAnatol Belski2014-12-101-1/+7
|
* Fixed bug #68044: Integer overflow in unserialize() (32-bits only)Stanislav Malyshev2014-10-141-1/+1
|
* Better fix for bug #67072 with more BC provisionsStanislav Malyshev2014-06-211-1/+2
|
* Update copyright year for re2c files as wellLior Kaplan2014-06-161-1/+1
|
* Fixed regression introduced by patch for bug #67072Anatol Belski2014-06-031-1/+5
| | | | This applies to 5.4 and 5.5 only as a legacy fix.
* Improved the fix for bug #67072, thanks NikitaAnatol Belski2014-04-181-2/+5
|
* Fixed bug #67072 Echoing unserialized "SplFileObject" crashAnatol Belski2014-04-171-1/+10
| | | | | | | | | | | | | | | | | | The actual issue lays in the unserializer code which doesn't honor the unserialize callback. By contrast, the serialize callback is respected. This leads to the situation that even if a class has disabled the serialization explicitly, user could still construct a vulnerable string which would result bad things when trying to unserialize. This conserns also the classes implementing Serializable as well as some core classes disabling serialize/unserialize callbacks explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the flow is first to call the unserialize callback (if available), then call __wakeup. If the unserialize callback returns with no success, no object is instantiated. This makes the scheme used by internal classes effective, to disable unserialize just assign zend_class_unserialize_deny as callback.
* fix bug #65481 (shutdown segfault due to serialize)Michael Wallner2013-08-201-13/+40
|
* Fixed bug #64354 (Unserialize array of objects whose class can't be ↵Xinchen Hui2013-03-091-1/+27
| | | | | | | autoloaded fail) about the __sleep one, since php_serialize_* are all void function, so,,only check exception at the very begining
* Merge fix of #62836 to ?.re, and regenerate ?.cXinchen Hui2013-01-211-0/+6
|
* Happy New YearXinchen Hui2013-01-011-1/+1
|
* - fix bug #60879, unserialize does not invoke __wakeupPierre Joye2012-02-281-0/+6
|
* - Year++Felipe Pena2012-01-011-1/+1
|
* - Make valgrind happy with session_decode_error2.phpt Felipe Pena2011-11-091-1/+6
|
* Fix Bug #55801 Behavior of unserialize has changed:Michael Wallner2011-10-191-0/+2
| | | | | | (un)serialize in __wakeup/__sleep now use clean var_hashes
* - Fixed #55798: serialize followed by unserialize with numeric object prop.Gustavo André dos Santos Lopes2011-09-281-4/+11
| | | | | gives integer prop.
* - Year++Felipe Pena2011-01-011-1/+1
|
* Improved performance of unserialize(), original patch by galaxy dot mipt at ↵Kalle Sommer Nielsen2010-09-181-20/+16
| | | | gmail dot com
* Do these ops in the right order here. First of many fixes forRasmus Lerdorf2010-08-061-1/+1
| | | | | bug #52550
* fix SplObjectStorage unserialization (CVE-2010-2225)Stanislav Malyshev2010-06-291-1/+1
|
* Added support for object references in recursive serialize() calls. FR #36424Michael Wallner2010-05-261-13/+28
|
* sed -i "s#1997-2009#1997-2010#g" **/*.re **/*.y **/*.lSebastian Bergmann2010-01-031-1/+1
|
* - MFH: Year++Felipe Pena2009-03-171-1/+1
|
* MFH: Fixed bug #46882 (Serialize / Unserialize misbehaviour under OS with ↵Matt Wilmas2009-03-171-0/+23
| | | | different bit numbers)
* - Next step in namespaces, using / as namespace separator.Marcus Boerger2008-11-041-1/+1
|
* Fixed bug #45706 (Unserialization of classes derived from ArrayIterator fails)Dmitry Stogov2008-08-291-7/+10
|
* MFH: Add array_init_size() and use it where array size is known at ↵Matt Wilmas2008-05-271-3/+1
| | | | initialization
* MFB: Fixed bug #43614 (incorrect processing of numerical string keys of ↵Felipe Pena2008-03-191-2/+2
| | | | array in arbitrary serialized data)
* Fixed bug #42919 (Unserializing of namespaced class object fails)Dmitry Stogov2007-10-171-1/+1
|
* MFH: Added macros for managing zval refcounts and is_ref statusesYiduo (David) Wang2007-10-071-5/+5
|
* fix a few compiler warnings (mostly use of unitialized values)Nuno Lopes2007-09-291-1/+1
|
* - fix wsJani Taskinen2007-08-061-9/+9
|
* Fixed compiler warningIlia Alshanetsky2007-08-061-1/+1
|
* Proper fix for MOPB-29Dmitry Stogov2007-07-091-4/+8
|
* MFH: fix compile warningAntony Dovgal2007-03-271-1/+1
|
* fix MOPB-29 - unserialize modifier S does not calculate length correctlyStanislav Malyshev2007-03-231-5/+12
| | | | | # reported by Stefan Esser
* Support for 'S' format in unserialize() (forward compatibility with PHPAndrei Zmievski2006-12-151-0/+61
| | | | | 6)
* bump the year and license versionfoobar2006-01-011-3/+3
|
* MFH: - Fixed bug #34311 (unserialize() crashes with characters above 191 dec)foobar2005-09-051-1/+1
|
* - Bumber up yearfoobar2005-08-031-1/+1
|
* Fixed bug #30791 (magic methods (__sleep/__wakeup/__toString) call __call if ↵Dmitry Stogov2005-06-011-1/+2
| | | | object is overloaded)
* - Fixed bug with unserialize() with "exotic" letters in class namesfoobar2005-05-311-1/+1
| | | | | # Patch by: Christian Schneider <cschneid@cschneid.com>
* - Fix #31442 unserialize broken on 64-bit systemsMarcus Boerger2005-03-101-20/+20
| | | | | - Fix one warning
* - Update signatureMarcus Boerger2005-03-071-2/+2
|
* This way around for correct error messagesStefan Esser2005-02-281-2/+2
|
* Drop invalid arraysStefan Esser2005-02-281-0/+4
|
* fix typoStanislav Malyshev2005-02-271-1/+1
|
* fix typoStanislav Malyshev2005-02-241-1/+1
|
* Correcting bounds check before someone uses this codeStefan Esser2005-02-231-1/+1
|
View Lorry Controller Status