| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Source maps (http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/) are basically a way to map a combined/minified file back to an unbuilt state. To avoid error messages in Browser DevTools, source map files should be served with the MIME type "application/json"
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| |\ \
| |/
| |
| |
| |
| |
| |
| | |
* PHP-5.6:
Fix #68291: 404 on urls with '+'
Resolved conflicts:
sapi/cli/php_cli_server.c
|
| | |
| |
| |
| |
| | |
URI paths have to be treated according to RFC 3986 by the CLI web server, not
as application/x-www-form-urlencoded.
|
| | | |
|
| |\ \
| |/
| |
| |
| | |
* PHP-5.6:
Fix #70264: CLI server directory traversal
|
| | |
| |
| |
| |
| |
| |
| |
| | |
On Windows the built-in webserver doesn't prevent directory traversal when
backslashes are used as path component separators. Even though that is not a
security issue (the CLI webserver is meant for testing only), we fix that by
replacing backslashes in the path with slashes on Windows, because backslashes
may be valid characters for file names on other systems, but not on Windows.
|
| |\ \
| |/
| |
| |
| |
| | |
* PHP-5.6:
Fix #66606: Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE
added tests for bug #66606
|
| | |
| |
| |
| | |
The patch will store Content-Type header value in both HTTP_CONTENT_TYPE field and CONTENT_TYPE field.
|
| | | |
|
| | | |
|
| |\ \
| |/
| |
| |
| |
| |
| |
| | |
* PHP-5.6:
fix test
Conflicts:
sapi/cli/tests/005.phpt
|
| | |\
| | |
| | |
| | |
| | | |
* PHP-5.5:
fix test
|
| | | |\
| | | |
| | | |
| | | |
| | | | |
* PHP-5.4:
fix test
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.6:
update NEWS
fix test
update NEWS
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
Zend/zend_exceptions.c
ext/date/php_date.c
ext/openssl/openssl.c
ext/phar/phar_internal.h
ext/soap/php_http.c
ext/spl/spl_array.c
ext/spl/spl_dllist.c
ext/spl/spl_observer.c
ext/standard/tests/serialize/bug69152.phpt
sapi/cli/tests/005.phpt
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.5:
update NEWS
fix test
update NEWS
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
ext/soap/php_http.c
ext/spl/spl_observer.c
|
| | | |\ \
| | | |/
| | | |
| | | |
| | | |
| | | | |
* PHP-5.4:
fix test
update NEWS
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
This also fixes bug #54081
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A char can be either signed or unsigned, and on PowerPC and ARM it is
unsigned. The following code will always be false on these architectures:
if (c == -1) goto error;
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This fixes ext/openssl/tests/openssl_spki_export.phpt failing
with the no OPENSSL_Applink error. Applink is also an interesting
technique documented in the OpenSSL FAQ
https://www.openssl.org/support/faq.html#PROG2
which allows under circumstances using different OpenSSL binaries
than those a program was linked with.
|
| | | | |
| | | |
| | | |
| | | | |
semantick changes).
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | | |
* PHP-5.6:
updated NEWS
Fixed #69655: php -S changes MKCALENDAR request method to MKCOL
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
The parsing of the request method in the CLI server has been faulty, so that
several unsupported methods have been recognized as other methods.
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-5.6:
added skip condition for powershell requirement of test
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-5.6:
Fix #64878: 304 responses return Content-Type header
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
According to RFC 7232 304 responses should not send a Content-Type header,
so the CLI server should comply.
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
# Conflicts:
# Zend/zend_language_scanner.c
# Zend/zend_language_scanner.l
# ext/simplexml/tests/SimpleXMLElement_xpath.phpt
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| |\ \ \ \ \
| |/ / / / |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This implements a reduced variant of #1226 with just the following
change:
-Fatal error: Uncaught exception 'EngineException' with message 'Call to private method foo::bar() from context ''' in %s:%d
+Fatal error: Uncaught EngineException: Call to private method foo::bar() from context '' in %s:%d
The '' wrapper around messages is very weird if the exception
message itself contains ''. Futhermore having the message wrapped
in '' doesn't work for the "and defined" suffix of
TypeExceptions.
|
| | | | | | |
|
| |/ / / / |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
TypeException stays as-is for now because it uses messages that are
incompatible with the way exception messages are displayed.
closure_038.phpt and a few others now show that we're generating
too many exceptions for compound operations on undefined properties
-- this needs to be fixed in a followup.
|
| | | | | |
|
| | | | | |
|
