Fixed bug #68044: Integer overflow in unserialize() (32-bits only)

s/PHP 5/PHP 7/

Avoid double IS_INTERNED() check

Fix a number of format issues

master renamings phase 5

master renames phase 1

fixes to %pd format usage

further fixes on core

several fixes -

- param parsing Z_PARAM_STR vs Z_PARAM_STRING
- some functions for new params
- etc

Avoid reallocation

Better fix for bug #67072 with more BC provisions

Better fix for bug #67072 with more BC provisions

Merge branch 'master' into phpng

* master: (41 commits)
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright yea

Merge branch 'master' into phpng

* master: (41 commits)
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
NEWS
Fix Request #67453 Allow to unserialize empty data.
Update copyright year to 2014
Update copyright year for re2c generated files
Update copyright year to 2014
Update copyright year for re2c files as well
Fix patch for bug #67436
fix failed test
Fix test on modern distro where old unsecure algo are disabled in openssl config. Testing recent algo should be enough to check this function.
Added tests for bug 67436
Fixed wrong XFAIL test - already fixed
Fix typo in Bug #67406 NEWS entry
Fix typo in Bug #67406 NEWS entry
...

Conflicts:
Zend/zend_compile.c
ext/session/session.c
ext/standard/array.c
ext/standard/http_fopen_wrapper.c
tests/classes/bug63462.phpt

show more ...

Merge branch 'PHP-5.5' into PHP-5.6

* PHP-5.5:
Update copyright year for re2c generated files
Update copyright year to 2014
Update copyright year for re2c files as well

Update copyright year for re2c files as well

Fixed regression introduced by patch for bug #67072

This applies to 5.4 and 5.5 only as a legacy fix.

Merge mainstream 'master' branch into refactoring
During merge I had to revert:
Nikita's patch for php_splice() (it probably needs to be applyed again)
Bob Weinand's patch

Merge mainstream 'master' branch into refactoring
During merge I had to revert:
Nikita's patch for php_splice() (it probably needs to be applyed again)
Bob Weinand's patches related to constant expression handling (we need to review them carefully)
I also reverted all our attempts to support sapi/phpdbg (we didn't test it anyway)

Conflicts:
Zend/zend.h
Zend/zend_API.c
Zend/zend_ast.c
Zend/zend_compile.c
Zend/zend_compile.h
Zend/zend_constants.c
Zend/zend_exceptions.c
Zend/zend_execute.c
Zend/zend_execute.h
Zend/zend_execute_API.c
Zend/zend_hash.c
Zend/zend_highlight.c
Zend/zend_language_parser.y
Zend/zend_language_scanner.c
Zend/zend_language_scanner_defs.h
Zend/zend_variables.c
Zend/zend_vm_def.h
Zend/zend_vm_execute.h
ext/date/php_date.c
ext/dom/documenttype.c
ext/hash/hash.c
ext/iconv/iconv.c
ext/mbstring/tests/zend_multibyte-10.phpt
ext/mbstring/tests/zend_multibyte-11.phpt
ext/mbstring/tests/zend_multibyte-12.phpt
ext/mysql/php_mysql.c
ext/mysqli/mysqli.c
ext/mysqlnd/mysqlnd_reverse_api.c
ext/mysqlnd/php_mysqlnd.c
ext/opcache/ZendAccelerator.c
ext/opcache/zend_accelerator_util_funcs.c
ext/opcache/zend_persist.c
ext/opcache/zend_persist_calc.c
ext/pcre/php_pcre.c
ext/pdo/pdo_dbh.c
ext/pdo/pdo_stmt.c
ext/pdo_pgsql/pgsql_driver.c
ext/pgsql/pgsql.c
ext/reflection/php_reflection.c
ext/session/session.c
ext/spl/spl_array.c
ext/spl/spl_observer.c
ext/standard/array.c
ext/standard/basic_functions.c
ext/standard/html.c
ext/standard/mail.c
ext/standard/php_array.h
ext/standard/proc_open.c
ext/standard/streamsfuncs.c
ext/standard/user_filters.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
main/php_variables.c
sapi/phpdbg/phpdbg.c
sapi/phpdbg/phpdbg_bp.c
sapi/phpdbg/phpdbg_frame.c
sapi/phpdbg/phpdbg_help.c
sapi/phpdbg/phpdbg_list.c
sapi/phpdbg/phpdbg_print.c
sapi/phpdbg/phpdbg_prompt.c

show more ...

Improved the fix for bug #67072, thanks Nikita

Fixed bug #67072 Echoing unserialized "SplFileObject" crash

The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callba

Fixed bug #67072 Echoing unserialized "SplFileObject" crash

The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.

show more ...

Fixed unserialize()

Fixed access to uninitialized data

var_push_dtor_no_addref() is useles (var_push_dtor() doesn't work properly as well)

Use ZVAL_DEREF() macro

Refactored IS_INDIRECT usage for CV and object properties to support HashTable resizing

Fixed serialize/unserialize problems