| #
b510250b |
| 26-Mar-2020 |
Christoph M. Becker |
Fix #79413: session_create_id() fails for active sessions
The comment on `PS_VALIDATE_SID_FUNC(files)` is very clear that the
function is supposed to return `SUCCESS` if the session alre
Fix #79413: session_create_id() fails for active sessions
The comment on `PS_VALIDATE_SID_FUNC(files)` is very clear that the
function is supposed to return `SUCCESS` if the session already exists.
So to detect a collision, we have to check for `SUCCESS`, not
`FAILURE`.
We also fix the wrong condition in session_regenerate_id() as well.
show more ...
|
| #
d76f7c6c |
| 16-Feb-2020 |
Stanislav Malyshev |
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
|
| #
409965fe |
| 16-Feb-2020 |
Stanislav Malyshev |
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
|
| #
f79c7742 |
| 20-Jan-2020 |
Christoph M. Becker |
Fix #79091: heap use-after-free in session_create_id()
If the `new_id` is released, we must not use it again.
|
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5 |
|
| #
d20053a5 |
| 17-Apr-2019 |
Christoph M. Becker |
Fix #77911: Wrong warning for session.sid_bits_per_character
|
|
Revision tags: php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1, php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14, php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4, php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2 |
|
| #
a16aee6c |
| 01-Aug-2018 |
Pedro Magalhães |
Fix #76688: Disallow excessive parameters after options array
|
|
Revision tags: php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1, php-5.6.37, php-7.1.20 |
|
| #
2b58ab23 |
| 19-Jul-2018 |
Pedro Magalhães |
Support for samesite cookies with array syntax
Allows using an alternative array argument with
support for the samesite option on the following
functions:
setcookie
setrawcoo
Support for samesite cookies with array syntax
Allows using an alternative array argument with
support for the samesite option on the following
functions:
setcookie
setrawcookie
session_set_cookie_params
show more ...
|
|
Revision tags: php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3, php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1, php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1, php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28, php-7.2.3RC1, php-7.1.15RC1, php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27, php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1, php-7.2.0, php-7.1.12, php-7.0.26, php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1, php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25, php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24, php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1, php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1, php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1 |
|
| #
08b9310e |
| 07-Jul-2017 |
Frederik Bosch |
implement same site cookie see https://bugs.php.net/bug.php?id=72230 see https://tools.ietf.org/html/draft-west-first-party-cookies-07 see https://scotthelme.co.uk/csrf-is-dead/
|
| #
a5e80b22 |
| 25-Jul-2018 |
Peter Kokot |
Fix typos in code comments
|
| #
8d3f8ca1 |
| 03-Jul-2018 |
Peter Kokot |
Remove unused Git attributes ident
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
use
Remove unused Git attributes ident
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.
In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.
This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
show more ...
|
| #
67b4c337 |
| 09-Jul-2018 |
Dmitry Stogov |
Uze ZVAL_COPY_DEREF() instead of ZVAL_DEREF() and ZVAL_COPY()
|
| #
169d4545 |
| 05-Jul-2018 |
Dmitry Stogov |
Use zval_ptr_dtor() imstead of zval_dtor()
|
| #
4a475a49 |
| 04-Jul-2018 |
Dmitry Stogov |
Replace legacy zval_dtor() by zval_ptr_dtor_nogc() or even more specialized destructors.
zval_dtor() doesn't make a lot of sense in PHP-7.* and it's used incorrectly in some places.
Its occur
Replace legacy zval_dtor() by zval_ptr_dtor_nogc() or even more specialized destructors.
zval_dtor() doesn't make a lot of sense in PHP-7.* and it's used incorrectly in some places.
Its occurances should be replaced by zval_ptr_dtor() or zval_ptr_dtor_nogc(), or even more specialized destructors.
show more ...
|
| #
af341213 |
| 04-Jul-2018 |
Dmitry Stogov |
se zval_ptr_dtor_str() instead of zend_string_release_ex(Z_STR(*), 0)
|
| #
5eb1f92f |
| 28-May-2018 |
Dmitry Stogov |
Use zend_string_release_ex() instread of zend_string_release() in places, where we sure about string persistence.
|
| #
2d48d734 |
| 05-Feb-2018 |
Gabriel Caruso |
Fix some misspellings
|
| #
a6519d05 |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
| #
7a7ec01a |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
| #
ccd4716e |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
| #
83e495e0 |
| 14-Dec-2017 |
Dmitry Stogov |
Move constants into read-only data segment
|
| #
f98721b4 |
| 29-Nov-2017 |
Dmitry Stogov |
Intern auto global name strings in first place
|
| #
ccc12b82 |
| 16-Nov-2017 |
Dmitry Stogov |
Avoid unnecessary reference-counting on strings.
|
| #
a57f370e |
| 14-Nov-2017 |
Nikita Popov |
Clarify bin_to_readable code
I got a bit of a scare when I first saw this code. Turns out that
the way it's used inlen==outlen and that's why it works.
|
| #
0d1eeeb6 |
| 28-Jul-2017 |
Anatol Belski |
move zend_ato*() to size_t and remove casts
|
| #
bd00fe81 |
| 26-Jul-2017 |
Anatol Belski |
Fixed bug #74833, SID constant created with wrong module number
|
