| #
404e8bdb |
| 25-Jul-2022 |
Christoph M. Becker |
Fix #81726: phar wrapper: DOS when using quine gzip file
The phar wrapper needs to uncompress the file; the uncompressed file
might be compressed, so the wrapper implementation loops. Th
Fix #81726: phar wrapper: DOS when using quine gzip file
The phar wrapper needs to uncompress the file; the uncompressed file
might be compressed, so the wrapper implementation loops. This raises
potential DOS issues regarding too deep or even infinite recursion (the
latter are called compressed file quines[1]). We avoid that by
introducing a recursion limit; we choose the somewhat arbitrary limit
`3`.
This issue has been reported by real_as3617 and gPayl0ad.
[1] <https://honno.dev/gzip-quine/>
show more ...
|
| #
0611be4e |
| 09-Sep-2022 |
Derick Rethans |
Fix #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. |
| #
d5373eac |
| 02-Sep-2022 |
Ilija Tovilo |
Fix lsp error in eval'd code referring to incorrect class for static type
Fixes GH-9407
Closes GH-9471 |
| #
1435fc62 |
| 02-Sep-2022 |
Ilija Tovilo |
Private method incorrectly marked as "overwrites" in reflection
Fix GH-9409
Closes GH-9469 |
| #
b5cad508 |
| 05-Sep-2022 |
Christoph M. Becker |
Merge branch 'PHP-8.0' into PHP-8.1
* PHP-8.0:
Fix GH-9411: PgSQL large object resource is incorrectly closed
|
| #
6ac3f7c8 |
| 05-Sep-2022 |
Yurun |
Fix GH-9411: PgSQL large object resource is incorrectly closed
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
Closes GH-9411. |
| #
6deddd39 |
| 02-Sep-2022 |
Arnaud Le Blanc |
[ci skip] NEWS |
| #
6aedc5ea |
| 02-Sep-2022 |
Arnaud Le Blanc |
[ci skip] NEWS |
| #
2cfb028e |
| 01-Sep-2022 |
Ilija Tovilo |
Fix class name FQN when AST dumping new and class const
Fixes GH-9447
Closes GH-9462 |
| #
f8b217a3 |
| 08-Aug-2022 |
Niklas Keller |
Fix pcre.jit on Apple Silicon
This backports https://github.com/zherczeg/sljit/pull/105. Relates to bug #80435, however, it doesn't solve the bus error on PHP 8.0, but PHP 8.1 builds fine no
Fix pcre.jit on Apple Silicon
This backports https://github.com/zherczeg/sljit/pull/105. Relates to bug #80435, however, it doesn't solve the bus error on PHP 8.0, but PHP 8.1 builds fine now.
Closes GH-9279.
show more ...
|
| #
18621521 |
| 30-Aug-2022 |
Ben Ramsey |
Revert "Fix GH-9296: `ksort` behaves incorrectly on arrays with mixed keys"
This reverts commit cd1aed8eddd2dccbb55fb1bc3d67b23a8455248c, as
discussed on internals (<https://externals.io
Revert "Fix GH-9296: `ksort` behaves incorrectly on arrays with mixed keys"
This reverts commit cd1aed8eddd2dccbb55fb1bc3d67b23a8455248c, as
discussed on internals (<https://externals.io/message/118483>).
show more ...
|
| #
bf97b364 |
| 29-Aug-2022 |
Jakub Zelenka |
Merge branch 'PHP-8.0' into PHP-8.1
|
| #
3503b1da |
| 26-Jun-2022 |
Jakub Zelenka |
Fix bug #77780: "Headers already sent" when previous connection was aborted
This change primarily splits SAPI deactivation to module and destroy
parts. The reason is that currently some
Fix bug #77780: "Headers already sent" when previous connection was aborted
This change primarily splits SAPI deactivation to module and destroy
parts. The reason is that currently some SAPIs might bail out
on deactivation. One of those SAPI is PHP-FPM that can bail out on
request end if for example the connection is closed by the client
(web sever). The problem is that in such case the resources are not
freed and some values reset. The most visible impact can have not
resetting the PG(headers_sent) which can cause erorrs in the next
request. One such issue is described in #77780 bug which this fixes
and is also cover by a test in this commit. It seems reasonable
to separate deactivation and destroying of the resource which means
that the bail out will not impact it.
show more ...
|
| #
be45f540 |
| 29-Aug-2022 |
Jakub Zelenka |
Merge branch 'PHP-8.0' into PHP-8.1
|
| #
f92505cf |
| 03-Jul-2022 |
Dmitry Menshikov |
Fix GH-8885: access.log with stderr writes logs to error_log after reload
This fix allows restoring the the original stderr so the logs are
correctly written. |
| #
725cb4e8 |
| 29-Aug-2022 |
Christoph M. Becker |
Revert "Fix GH-9296: `ksort` behaves incorrectly on arrays with mixed keys"
This reverts commit cd1aed8eddd2dccbb55fb1bc3d67b23a8455248c, as
discussed on internals (<https://externals.io
Revert "Fix GH-9296: `ksort` behaves incorrectly on arrays with mixed keys"
This reverts commit cd1aed8eddd2dccbb55fb1bc3d67b23a8455248c, as
discussed on internals (<https://externals.io/message/118483>).
show more ...
|
| #
6427c4b8 |
| 22-Aug-2022 |
Christoph M. Becker |
Merge branch 'PHP-8.0' into PHP-8.1
* PHP-8.0:
Fix GH-9361: Segmentation fault on script exit
|
| #
bb341210 |
| 19-Aug-2022 |
Christoph M. Becker |
Fix GH-9361: Segmentation fault on script exit
Using a lot of memory may overflow some `int` calculations; to avoid
that we make sure that the operands are promoted to `size_t`.
Fix GH-9361: Segmentation fault on script exit
Using a lot of memory may overflow some `int` calculations; to avoid
that we make sure that the operands are promoted to `size_t`.
This issue has been analyzed by @chschneider.
Closes GH-9379.
show more ...
|
| #
9bd9e9a8 |
| 19-Aug-2022 |
Christoph M. Becker |
Merge branch 'PHP-8.0' into PHP-8.1
* PHP-8.0:
Fix #79451: DOMDocument->replaceChild on doctype causes double free
|
| #
6027d441c |
| 04-Aug-2022 |
NathanFreeman <1056159381@qq.com> |
Fix #79451: DOMDocument->replaceChild on doctype causes double free
We have to reset intSubset if replacing doctype with another doctype node.
Closes GH-9201.
Closes GH-9376. |
| #
eb8ea14c |
| 19-Aug-2022 |
George Peter Banyard |
Merge branch 'PHP-8.0' into PHP-8.1
|
| #
d6831e9a |
| 19-Aug-2022 |
George Peter Banyard |
Revert Fixed bug #79451
The fix for 8.1 and above is not identical and I don't know how to fix without breaking the whole build apparently |
| #
c36a1ea1 |
| 19-Aug-2022 |
George Peter Banyard |
Merge branch 'PHP-8.0' into PHP-8.1
|
| #
ba029fce |
| 19-Aug-2022 |
Tim Starling |
Fix GH-9323: crash when the VM enters userspace code via the GC
Closes GH-9323 |
| #
1d4300d8 |
| 30-Jul-2022 |
NathanFreeman <1056159381@qq.com> |
Fix bug #79451: Using DOMDocument->replaceChild on doctype causes double free
Closes GH-9201 |
