| #
56cdbe63 |
| 24-Feb-2020 |
Nikita Popov |
Don't treat any WS as start of header
Check that the header occurs after \n, not other whitespace
characters.
|
| #
3d9c0236 |
| 24-Feb-2020 |
Nikita Popov |
Reduce code duplication in HTTP header checks
|
| #
d0d60503 |
| 24-Feb-2020 |
Miguel Xavier Penha Neto |
Fixes #79265: Improper injection of Host header when using fopen for http requests
Check all occurrences of the string "host:" (and other headers),
not just the first one.
|
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8 |
|
| #
e691a98c |
| 29-Jul-2019 |
fancyweb |
Fix #76342: file_get_contents waits twice specified timeout
|
|
Revision tags: php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1, php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14, php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4 |
|
| #
902d39a3 |
| 13-Oct-2018 |
Peter Kokot |
Trim trailing whitespace in source code files
|
| #
7f6387b5 |
| 13-Oct-2018 |
Peter Kokot |
Trim trailing whitespace in source code files
|
|
Revision tags: php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2, php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1, php-5.6.37, php-7.1.20, php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3 |
|
| #
8d3f8ca1 |
| 03-Jul-2018 |
Peter Kokot |
Remove unused Git attributes ident
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
use
Remove unused Git attributes ident
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.
In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.
This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
show more ...
|
|
Revision tags: php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1 |
|
| #
5eb1f92f |
| 28-May-2018 |
Dmitry Stogov |
Use zend_string_release_ex() instread of zend_string_release() in places, where we sure about string persistence.
|
|
Revision tags: php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1, php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28 |
|
| #
523f230c |
| 20-Feb-2018 |
Stanislav Malyshev |
Fix bug #75981: prevent reading beyond buffer start
|
| #
36239fee |
| 20-Feb-2018 |
Stanislav Malyshev |
Fix bug #75981: prevent reading beyond buffer start
|
|
Revision tags: php-7.2.3RC1, php-7.1.15RC1, php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27 |
|
| #
64002648 |
| 31-Dec-2017 |
Gabriel Caruso |
Trailing whitespaces
Signed-off-by: Gabriel Caruso <carusogabriel34@gmail.com>
|
| #
a6519d05 |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
| #
7a7ec01a |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
| #
ccd4716e |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
| #
0f06df31 |
| 14-Dec-2017 |
Dmitry Stogov |
Turn "php_stream_wrapper"s into constants
Keep non-constant "php_stream_wrapper"s in API functions and callbacks for compatibility.
|
| #
83e495e0 |
| 14-Dec-2017 |
Dmitry Stogov |
Move constants into read-only data segment
|
|
Revision tags: php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1, php-7.2.0, php-7.1.12, php-7.0.26 |
|
| #
0e097f2c |
| 17-Nov-2017 |
Nikita Popov |
Fixed bug #75535
The sizeof()s for Content-Length and Transfer-Encoding were missing
the trailing ":". Apart from being generally wrong, this no longer
verified that the header actua
Fixed bug #75535
The sizeof()s for Content-Length and Transfer-Encoding were missing
the trailing ":". Apart from being generally wrong, this no longer
verified that the header actually contains a colon, leading to the
null http_header_value being used.
Additionally, in the interest of being defensive, also make sure
that http_header_value is non-null by setting it to the end of
the header line (effectively an empty string) if there is no colon.
If the following conditions are correct, this value is not going
to be used though.
show more ...
|
| #
c7bf314b |
| 17-Nov-2017 |
Anatol Belski |
Fix unsigned comparison
|
|
Revision tags: php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1 |
|
| #
49ea143b |
| 26-Oct-2017 |
Dmitry Stogov |
Encapsulate reference-counting primitives.
Prohibit direct update of GC_REFCOUNT(), GC_SET_REFCOUNT(), GC_ADDREF() and GC_DELREF() shoukf be instead.
Added mactros to validate reference-count
Encapsulate reference-counting primitives.
Prohibit direct update of GC_REFCOUNT(), GC_SET_REFCOUNT(), GC_ADDREF() and GC_DELREF() shoukf be instead.
Added mactros to validate reference-counting (disabled for now).
These macros are going to be used to eliminate race-condintions during reference-counting on data shared between threads.
show more ...
|
|
Revision tags: php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25, php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24 |
|
| #
3a4db74e |
| 26-Sep-2017 |
Nikita Popov |
Create $http_response_header even if not used
Extensions are relying on it.
|
|
Revision tags: php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1, php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1 |
|
| #
513b0093 |
| 06-Aug-2017 |
Xinchen Hui |
Refactor php_url struct to save memory dup in common cases
|
|
Revision tags: php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1, php-5.6.31, php-7.0.21, php-7.1.7, php-7.2.0alpha3, php-7.1.7RC1, php-7.0.21RC1, php-7.2.0alpha2, php-7.1.6, php-7.2.0alpha1, php-7.0.20, php-7.1.6RC1, php-7.0.20RC1, php-7.1.5, php-7.0.19, php-7.0.19RC1, php-7.1.5RC1, php-7.1.4, php-7.0.18, php-7.1.4RC1, php-7.0.18RC1, php-7.1.3, php-7.0.17, php-7.1.3RC1, php-7.0.17RC1, php-7.1.2, php-7.0.16, php-7.0.16RC1, php-7.1.2RC1, php-5.6.30, php-7.0.15, php-5.6.30RC1, php-7.1.1RC1, php-7.0.15RC1, php-7.1.1, php-5.6.29, php-7.0.14, php-7.1.0, php-5.6.29RC1, php-7.0.14RC1, php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27, php-7.0.12, php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11, php-5.6.26RC1, php-7.1.0RC1, php-7.0.11RC1, php-7.1.0beta3, php-5.6.25, php-7.0.10, php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1, php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38, php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1, php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37, php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1, php-5.6.22, php-5.5.36, php-7.0.7, php-5.6.22RC1, php-7.0.7RC1 |
|
| #
5eeb4147 |
| 05-May-2016 |
Nikita Popov |
Write $http_response_header to local var at end
Rather than trying to modify it mid-request. The protection against
tampering that was used (addref) violates COW because an rc>1 array
Write $http_response_header to local var at end
Rather than trying to modify it mid-request. The protection against
tampering that was used (addref) violates COW because an rc>1 array
is being modified.
Test bug69337.phpt changed because it was testing tampering with
$http_response_header while the HTTP request is being executed.
This simply no longer matters, so behavior is the same as if no
tampering occurred.
show more ...
|
| #
ec1b7b93 |
| 07-Jan-2017 |
Nikita Popov |
Fix OOB read introduced by previous commit
Ooops...
|
|
Revision tags: php-7.0.6, php-5.6.21, php-5.5.35, php-5.6.21RC1, php-7.0.6RC1, php-5.6.20 |
|
| #
5146d9f8 |
| 30-Mar-2016 |
Rowan Collins |
http_fopen_wrapper.c - Handle HTTP headers with varying white space
The stream handler assumed all HTTP headers contained exactly one space,
but the standard says there may be zero or mo
http_fopen_wrapper.c - Handle HTTP headers with varying white space
The stream handler assumed all HTTP headers contained exactly one space,
but the standard says there may be zero or more. Should fix Bug #47021,
and any other edge cases caused by a web server sending unusual spacing,
e.g. the MIME type discovered from Content-Type: can no longer contain
leading whitespace.
We strip trailing whitespace from the headers added into
$http_response_header as well.
show more ...
|
| #
dac6c639 |
| 04-Jan-2017 |
Sammy Kaye Powers |
Update copyright headers to 2017
|
