| #
b7e7a895 |
| 16-Aug-2014 |
Anatol Belski |
several fixes -
- param parsing Z_PARAM_STR vs Z_PARAM_STRING
- some functions for new params
- etc
|
| #
73fe4186 |
| 13-Aug-2014 |
Dmitry Stogov |
Avoid reallocation
|
| #
6d97b4b2 |
| 22-Jun-2014 |
Stanislav Malyshev |
Better fix for bug #67072 with more BC provisions
|
| #
342240fd |
| 22-Jun-2014 |
Stanislav Malyshev |
Better fix for bug #67072 with more BC provisions
|
| #
c42d5cf5 |
| 22-Jun-2014 |
Stanislav Malyshev |
Better fix for bug #67072 with more BC provisions
|
| #
e667d231 |
| 16-Jun-2014 |
Lior Kaplan |
Update copyright year for re2c files as well
|
| #
20568e50 |
| 03-Jun-2014 |
Anatol Belski |
Fixed regression introduced by patch for bug #67072
This applies to 5.4 and 5.5 only as a legacy fix.
|
| #
c2acdbdd |
| 18-Apr-2014 |
Anatol Belski |
Improved the fix for bug #67072, thanks Nikita
|
| #
5328d428 |
| 17-Apr-2014 |
Anatol Belski |
Fixed bug #67072 Echoing unserialized "SplFileObject" crash
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callba
Fixed bug #67072 Echoing unserialized "SplFileObject" crash
The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.
This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.
show more ...
|
| #
6bfedfd2 |
| 10-Apr-2014 |
Dmitry Stogov |
Fixed unserialize()
|
| #
0ae14f3a |
| 10-Apr-2014 |
Dmitry Stogov |
Fixed access to uninitialized data
|
| #
6ee5e813 |
| 09-Apr-2014 |
Dmitry Stogov |
var_push_dtor_no_addref() is useles (var_push_dtor() doesn't work properly as well)
|
| #
c6cba554 |
| 27-Mar-2014 |
Dmitry Stogov |
Use ZVAL_DEREF() macro
|
| #
887189ca |
| 26-Mar-2014 |
Dmitry Stogov |
Refactored IS_INDIRECT usage for CV and object properties to support HashTable resizing
|
| #
62c448ab |
| 17-Mar-2014 |
Dmitry Stogov |
Fixed serialize/unserialize problems
|
| #
24540362 |
| 26-Feb-2014 |
Xinchen Hui |
Re-fixed unserialize
|
| #
b7052ef1 |
| 26-Feb-2014 |
Xinchen Hui |
Revert "Fixed unserialize implementation (it's complicated, this issue took me 4 hours :<, need some review)"
This reverts commit 80a178015d6b162ff0ba7a8e8f5a08c88829cc3c.
|
| #
80a17801 |
| 26-Feb-2014 |
Xinchen Hui |
Fixed unserialize implementation (it's complicated, this issue took me 4 hours :<, need some review)
|
| #
7f527d80 |
| 26-Feb-2014 |
Xinchen Hui |
Fixed reference handling in serialize/unserialize
|
| #
595741f6 |
| 25-Feb-2014 |
Xinchen Hui |
Fixed test fail in ext/standard/tests/serialize/bug64354_1.php
|
| #
dc2d758c |
| 25-Feb-2014 |
Xinchen Hui |
Fixed segfaults
|
| #
398256e5 |
| 14-Feb-2014 |
Dmitry Stogov |
Use better data structures (incomplete)
|
| #
1ac4d8f2 |
| 29-Jul-2013 |
Michael Wallner |
fix bug #65481 (shutdown segfault due to serialize)
|
|
Revision tags: php-5.3.24RC1, php-5.4.14RC1, php-5.5.0beta2, php-5.5.0beta1, php-5.3.23, php-5.4.13 |
|
| #
f52b2e6a |
| 09-Mar-2013 |
Xinchen Hui |
Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail)
about the __sleep one, since php_serialize_* are all void function,
so,,only check exception at the v
Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail)
about the __sleep one, since php_serialize_* are all void function,
so,,only check exception at the very begining
show more ...
|
|
Revision tags: php-5.5.0alpha6, php-5.3.23RC1, php-5.4.13RC1, php-5.3.22, php-5.5.0alpha5, php-5.4.12, php-5.3.22RC2, php-5.4.12RC2, php-5.3.22RC1, php-5.4.12RC1, php-5.5.0alpha4 |
|
| #
86c1a261 |
| 21-Jan-2013 |
Xinchen Hui |
Merge fix of #62836 to ?.re, and regenerate ?.c
|
