|
Revision tags: RELEASE_1_2_4, RELEASE_1_2_1, php-5.2.4, RELEASE_1_5, php-5.2.4RC3, php-5.2.4RC2 |
|
| #
6b7f1648 |
| 03-Aug-2007 |
Stanislav Malyshev |
correct fix for access control for save_path and .htaccess
|
|
Revision tags: php-5.2.4RC1 |
|
| #
30340921 |
| 29-Jul-2007 |
Ilia Alshanetsky |
Fixed bug #42135 (Second call of session_start() causes creation of SID)
|
|
Revision tags: BEFORE_REAL_IMPORT_OF_MYSQLND, BEFORE_IMPORT_OF_MYSQLND |
|
| #
e2d606e1 |
| 17-Jun-2007 |
Ilia Alshanetsky |
Fixed compiler warning
|
| #
df7bfe0a |
| 16-Jun-2007 |
Stefan Esser |
MFH
|
| #
70a8f931 |
| 15-Jun-2007 |
Stanislav Malyshev |
Disallow characters that Cookie RFC does not allow in unquoted cookies
|
| #
d042fd06 |
| 07-Jun-2007 |
Antony Dovgal |
MFH: php_gmtime_r() fixes
|
|
Revision tags: php-5.2.3, RELEASE_1_4, php-5.2.3RC1, RELEASE_1_2_0 |
|
| #
69650d0e |
| 16-May-2007 |
Stanislav Malyshev |
do not send cookie when session is passed in URL, same as it happens with GET/POST
|
|
Revision tags: php-4.4.7, php-5.2.2, php-5.2.2RC2, RELEASE_1_1_0, php-4.4.7RC1, php-5.2.2RC1 |
|
| #
39f9184f |
| 04-Apr-2007 |
Antony Dovgal |
MFH: fix #40998 (long session array keys are truncated)
|
|
Revision tags: RELEASE_1_0_1 |
|
| #
7aab16c3 |
| 14-Mar-2007 |
Ilia Alshanetsky |
Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability
# Discovered by Stefan Esser
|
| #
a500d1ef |
| 03-Mar-2007 |
Ilia Alshanetsky |
Adjust checks to allow paths without a trailing /
|
| #
4735df26 |
| 02-Mar-2007 |
Ilia Alshanetsky |
Improve safe_mode check
|
|
Revision tags: php-4.4.6 |
|
| #
efad70c2 |
| 27-Feb-2007 |
Ilia Alshanetsky |
snprintf() -> slprintf()
|
| #
50ea2676 |
| 24-Feb-2007 |
Marcus Boerger |
- Avoid sprintf, even when checked copy'n'paste or changes lead to errors
|
| #
3e262bd3 |
| 24-Feb-2007 |
Stanislav Malyshev |
disallow negative length
|
|
Revision tags: php-4.4.6RC1, php-4.4.5, php-5.2.1, RELEASE_1_0_0RC1, php-4.4.5RC2, php-5.2.1RC4, php-5.2.1RC3 |
|
| #
ae792a06 |
| 10-Jan-2007 |
Dmitry Stogov |
Fixed SIGSEGV
|
| #
81729c1e |
| 09-Jan-2007 |
Ilia Alshanetsky |
Prevent SESSION/GLOBALS overload via session decoding
|
|
Revision tags: php-4.4.5RC1, php-5.2.1RC2 |
|
| #
4223aa4d |
| 01-Jan-2007 |
Sebastian Bergmann |
MFH: Bump year.
|
| #
ba645539 |
| 31-Dec-2006 |
Ilia Alshanetsky |
Added boundary checks to php_binary deserializer
|
| #
ffd41a50 |
| 26-Dec-2006 |
Ilia Alshanetsky |
Session deserializer protection.
|
| #
7d2142a5 |
| 20-Dec-2006 |
Antony Dovgal |
protect _SESSION, HTTP_SESSION_VARS and GLOBALS
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
|
|
Revision tags: php-5.2.1RC1 |
|
| #
bcf457d8 |
| 04-Dec-2006 |
Antony Dovgal |
MFH: fix retval type
|
| #
35f78f22 |
| 04-Dec-2006 |
Ilia Alshanetsky |
Fixed bug #37627 (session save_path check checks the parent directory).
|
| #
5f3e233e |
| 01-Dec-2006 |
Ilia Alshanetsky |
Disallow \0 chars inside session.save_path
|
| #
050f94f7 |
| 03-Nov-2006 |
Hannes Magnusson |
MFH: Fix double "wron param count" messages
|
|
Revision tags: php-5.2.0, php-5.2.0RC6 |
|
| #
b1d8f7e0 |
| 06-Oct-2006 |
Ilia Alshanetsky |
Expose session storage module locater and serialization function via PHPAPI
|
