| #
d8fc05c0 |
| 06-Jan-2022 |
root |
Add FILTER_FLAG_GLOBAL_RANGE to filter Global IPs as per RFC 6890
|
| #
2119ba21 |
| 28-Mar-2022 |
Stanislav Malyshev |
Don't try to access memory outside string
|
| #
771dbdb3 |
| 28-Mar-2022 |
Christoph M. Becker |
Fix signedness confusion in php_filter_validate_domain()
As is, there is the possibility that integer underflow occurs, making
`_php_filter_validate_domain()` succeed for very long domai
Fix signedness confusion in php_filter_validate_domain()
As is, there is the possibility that integer underflow occurs, making
`_php_filter_validate_domain()` succeed for very long domain names.
Cf. <https://pwning.systems/posts/php_filter_var_shenanigans/>.
show more ...
|
| #
82f1bf1b |
| 31-Jan-2022 |
Christoph M. Becker |
Fix #81708: UAF due to php_filter_float() failing for ints
We must only release the zval, if we actually assign a new zval.
|
| #
dce5e561 |
| 31-Jan-2022 |
Christoph M. Becker |
Fix #81708: UAF due to php_filter_float() failing for ints
We must only release the zval, if we actually assign a new zval.
|
| #
3587e13a |
| 19-Dec-2021 |
Yifan Tong |
Fix FILTER_FLAG_NO_RES_RANGE flag
`2001:10::/28` is a reserved IPv6 range. But there's a typo in GH-7476,
which caused IPv6 address like `240b:0010::1` will be filtered by the
flag `
Fix FILTER_FLAG_NO_RES_RANGE flag
`2001:10::/28` is a reserved IPv6 range. But there's a typo in GH-7476,
which caused IPv6 address like `240b:0010::1` will be filtered by the
flag `FILTER_FLAG_NO_RES_RANGE`.
http://www.faqs.org/rfcs/rfc6890.html
Closes GH-7790.
show more ...
|
| #
288c25f7 |
| 20-Sep-2021 |
Christoph M. Becker |
Fix #61700: FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing
It makes no sense to compare IPv6 address ranges as strings; there are
too many different representation possibilities.
Fix #61700: FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing
It makes no sense to compare IPv6 address ranges as strings; there are
too many different representation possibilities. Instead, we change
`_php_filter_validate_ipv6()` so that it can calculate the IP address
as integer array. We do not rely on `inet_pton()` which may not be
available everywhere, at least IPv6 support may not, but rather parse
the IP address manually. Finally, we compare the integers.
Note that this patch does not fix what we consider as reserved and
private, respectively, but merely tries to keep what we had so far.
Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
Closes GH-7476.
show more ...
|
| #
aff36587 |
| 29-Jun-2021 |
Patrick Allaert |
Fixed some spaces used instead of tabs
|
| #
7bab67c2 |
| 28-Jun-2021 |
Stanislav Malyshev |
Fix warning
(cherry picked from commit 190013787bbc424c240413d914e3a038f974ccef)
|
| #
19001378 |
| 28-Jun-2021 |
Stanislav Malyshev |
Fix warning
|
| #
a5538c62 |
| 14-Jun-2021 |
Christoph M. Becker |
Fix #81122: SSRF bypass in FILTER_VALIDATE_URL
We need to ensure that the password detected by parse_url() is actually
a valid password; we can re-use is_userinfo_valid() for that.
|
| #
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
show more ...
|
| #
5caaf40b |
| 29-Sep-2020 |
George Peter Banyard |
Introduce pseudo-keyword ZEND_FALLTHROUGH
And use it instead of comments
|
| #
4b20c033 |
| 17-Mar-2021 |
George Peter Banyard |
Use zend_string_equals() API instead of strcmp() in Filter extension
|
| #
4a89e726 |
| 19-Jan-2021 |
Christoph M. Becker |
Alternative fix for bug 77423
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the cha
Alternative fix for bug 77423
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.
[1] <https://github.com/php/php-src/commit/5174de7cd33c3d4fa591c9c93859ff9989b07e8c#commitcomment-45967652>
show more ...
|
| #
589bdf30 |
| 19-Oct-2020 |
George Peter Banyard |
Implement Explicit octal notation for integers RFC
RFC: https://wiki.php.net/rfc/explicit_octal_notation
Add an extensive test suits for other variants of integer literals
Implement Explicit octal notation for integers RFC
RFC: https://wiki.php.net/rfc/explicit_octal_notation
Add an extensive test suits for other variants of integer literals
Closes GH-6360
show more ...
|
| #
764b7bf1 |
| 04-Jan-2021 |
George Peter Banyard |
Fix bug #80584: 0x and 0X are considered valid hex numbers by filter_var()
Closes GH-6573
|
| #
cc35cfd2 |
| 10-Aug-2020 |
Máté Kocsis |
Promote warnings to exceptions in ext/filter
Closes GH-5970
|
| #
fb5114c6 |
| 12-May-2020 |
George Peter Banyard |
Fix [-Wundef] warning in Filter extension
|
| #
d1764ca3 |
| 15-Jan-2020 |
Máté Kocsis |
Make error messages more consistent by fixing capitalization
Closes GH-5066 As a first step, let's capitalize their initial letter when it is applicable.
|
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3 |
|
| #
5d6e923d |
| 24-Sep-2019 |
Gabriel Caruso |
Remove mention of PHP major version in Copyright headers
Closes GH-4732.
|
|
Revision tags: php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28 |
|
| #
07df6594 |
| 29-Mar-2019 |
Florian Berberich |
Added range options to the float validation filter
php_filter_int (called via the constant FILTER_VALIDATE_INT) has the options min_range
and max_range. they allow the user to not only t
Added range options to the float validation filter
php_filter_int (called via the constant FILTER_VALIDATE_INT) has the options min_range
and max_range. they allow the user to not only test if a value is a double but also if
the value is inside a specific range. php_filter_float (called via the constant
FILTER_VALIDATE_FLOAT) didn't provide this yet, making validation of numeric but
not-only-int values more complicated for the user.
this commits implements the options min_range and max_range for the function
php_filter_float to fix this inconsistency.
show more ...
|
|
Revision tags: php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1 |
|
| #
92ac598a |
| 22-Jan-2019 |
Peter Kokot |
Remove local variables
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly
Remove local variables
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.
A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.
This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.
With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.
Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files. All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.
show more ...
|
| #
0cf7de1c |
| 30-Jan-2019 |
Zeev Suraski |
Remove yearly range from copyright notice
|
| #
38c337f2 |
| 30-Jan-2019 |
Zeev Suraski |
Remove year range from copyright notice
|
