| #
bf8c01db |
| 26-Sep-2024 |
Christoph M. Becker |
Merge branch 'PHP-8.2' into PHP-8.3
* PHP-8.2:
Fix GH-15905: Assertion failure for TRACK_VARS_SERVER
|
| #
87d59d7f |
| 16-Sep-2024 |
Christoph M. Becker |
Fix GH-15905: Assertion failure for TRACK_VARS_SERVER
When the superglobals are eagerly initialized, but "S" is not contained
in `variables_order`, `TRACK_VARS_SERVER` is created as empt
Fix GH-15905: Assertion failure for TRACK_VARS_SERVER
When the superglobals are eagerly initialized, but "S" is not contained
in `variables_order`, `TRACK_VARS_SERVER` is created as empty array
with refcount > 1. Since this hash table may later be modified, a flag
is set which allows such COW violations for assertions. However, when
`register_argc_argv` is on, the so far uninitialized hash table is
updated with `argv`, what causes the hash table to be initialized, what
drops the allow-COW-violations flag. The following update with `argc`
then triggers a refcount violation assertion.
Since we consider `HT_ALLOW_COW_VIOLATION` a hack, we do not want to
keep the flag during hash table initialization, so we initialize the
hash table right away after creation for this code path.
Closes GH-15930.
show more ...
|
| #
3d9941fd |
| 10-Apr-2024 |
Ben Ramsey |
Merge branch 'PHP-8.2' into PHP-8.3
|
| #
a9ffc447 |
| 10-Apr-2024 |
Ben Ramsey |
Merge branch 'PHP-8.1' into PHP-8.2
|
| #
093c08af |
| 17-Mar-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
The check happened too early as later code paths may perform more
mangling rules. Move the chec
Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
The check happened too early as later code paths may perform more
mangling rules. Move the check downwards right before adding the actual
variable.
show more ...
|
| #
ae44ab47 |
| 04-Feb-2024 |
Jakub Zelenka |
Merge branch 'PHP-8.2' into PHP-8.3
|
| #
bc30ae4f |
| 19-Jan-2024 |
Jakub Zelenka |
Fix bug #75712: getenv in php-fpm should not read $_ENV, $_SERVER
Closes GH-13195 |
| #
732d92c0 |
| 28-Apr-2023 |
Javier Eguiluz |
[skip ci] Fix various typos and grammar issues (#11143) |
| #
25290cd2 |
| 27-Sep-2022 |
Derick Rethans |
Merge branch 'PHP-8.1' into PHP-8.2
|
| #
cfee252a |
| 27-Sep-2022 |
Derick Rethans |
Merge branch 'PHP-8.0' into PHP-8.1
|
| #
def8c8d1 |
| 27-Sep-2022 |
Derick Rethans |
Merge branch 'PHP-7.4' into PHP-8.0
|
| #
0611be4e |
| 09-Sep-2022 |
Derick Rethans |
Fix #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. |
|
Revision tags: php-8.2.0RC1, php-8.1.10, php-8.0.23, php-8.0.23RC1, php-8.1.10RC1, php-8.2.0beta3, php-8.2.0beta2, php-8.1.9, php-8.0.22, php-8.1.9RC1, php-8.2.0beta1, php-8.0.22RC1, php-8.0.21, php-8.1.8, php-8.2.0alpha3, php-8.1.8RC1, php-8.2.0alpha2, php-8.0.21RC1, php-8.0.20, php-8.1.7, php-8.2.0alpha1, php-7.4.30, php-8.1.7RC1, php-8.0.20RC1 |
|
| #
55908db0 |
| 16-May-2022 |
George Peter Banyard |
Add php_register_known_variable() for know var names |
|
Revision tags: php-8.1.6, php-8.0.19, php-8.1.6RC1, php-8.0.19RC1, php-8.0.18, php-8.1.5, php-7.4.29, php-8.1.5RC1 |
|
| #
b9e895bc |
| 31-Mar-2022 |
Max Kellermann |
Replace memcmp() with zend_string functions (#8216)
* ext/oci8: use zend_string_equals()
Eliminate duplicate code.
* main/php_variables: use zend_string_equals_literal()
Replace memcmp() with zend_string functions (#8216)
* ext/oci8: use zend_string_equals()
Eliminate duplicate code.
* main/php_variables: use zend_string_equals_literal()
Eliminate duplicate code.
* Zend/zend_string: add zend_string_equals_cstr()
Allows eliminating duplicate code.
* Zend, ext/{opcache,standard}, main/output: use zend_string_equals_cstr()
Eliminate duplicate code.
* Zend/zend_string: add zend_string_starts_with()
* ext/{opcache,phar,spl,standard}: use zend_string_starts_with()
This adds missing length checks to several callers, e.g. in
cache_script_in_shared_memory(). This is important when the
zend_string is shorter than the string parameter, when memcmp()
happens to check backwards; this can result in an out-of-bounds memory
access.
show more ...
|
|
Revision tags: php-8.0.18RC1, php-8.1.4, php-8.0.17, php-8.1.4RC1, php-8.0.17RC1, php-8.1.3, php-8.0.16, php-7.4.28, php-8.1.3RC1, php-8.0.16RC1, php-8.1.2, php-8.0.15 |
|
| #
8d2ed194 |
| 17-Jan-2022 |
Christoph M. Becker |
Merge branch 'PHP-8.0' into PHP-8.1
* PHP-8.0:
Fix GH-7896: Environment vars may be mangled on Windows
|
| #
93a3c71e |
| 11-Jan-2022 |
Christoph M. Becker |
Fix GH-7896: Environment vars may be mangled on Windows
When bug 77574[1] has been fixed, the fix only catered to variables
retrieved via `getenv()` with a `$varname` passed, but neither
Fix GH-7896: Environment vars may be mangled on Windows
When bug 77574[1] has been fixed, the fix only catered to variables
retrieved via `getenv()` with a `$varname` passed, but neither to
`getenv()` without arguments nor to the general import of environment
variables into `$_ENV` and `$_SERVER`. We catch up on this by using
`GetEnvironmentStringsW()` in `_php_import_environment_variables()` and
converting the encoding to whatever had been chosen by the user.
[1] <https://bugs.php.net/bug.php?id=75574>
Closes GH-7928.
show more ...
|
|
Revision tags: php-8.1.2RC1, php-8.0.15RC1, php-8.0.14, php-8.1.1, php-7.4.27, php-8.1.1RC1, php-8.0.14RC1, php-7.4.27RC1, php-8.1.0, php-8.0.13, php-7.4.26, php-7.3.33, php-8.1.0RC6, php-7.4.26RC1, php-8.0.13RC1, php-8.1.0RC5, php-7.3.32, php-7.4.25, php-8.0.12, php-8.1.0RC4, php-8.0.12RC1, php-7.4.25RC1, php-8.1.0RC3, php-8.0.11, php-7.4.24, php-7.3.31, php-8.1.0RC2, php-7.4.24RC1, php-8.0.11RC1, php-8.1.0RC1, php-7.4.23, php-8.0.10, php-7.3.30, php-8.1.0beta3, php-8.0.10RC1, php-7.4.23RC1, php-8.1.0beta2, php-8.0.9, php-7.4.22, php-8.1.0beta1, php-7.4.22RC1, php-8.0.9RC1, php-8.1.0alpha3, php-7.4.21, php-7.3.29, php-8.0.8, php-8.1.0alpha2, php-7.4.21RC1, php-8.0.8RC1, php-8.1.0alpha1, php-8.0.7, php-7.4.20, php-8.0.7RC1, php-7.4.20RC1 |
|
| #
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
show more ...
|
|
Revision tags: php-8.0.6, php-7.4.19, php-7.4.18, php-7.3.28, php-8.0.5, php-8.0.5RC1, php-7.4.18RC1 |
|
| #
462da6e0 |
| 31-Mar-2021 |
Josh Soref |
Fix spelling and grammar mistakes
This PR corrects misspellings identified by the check-spelling action.
The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465
Fix spelling and grammar mistakes
This PR corrects misspellings identified by the check-spelling action.
The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465
The action reports that the changes in this PR would make it happy: jsoref@602417c
Closes GH-6822.
show more ...
|
| #
4ce5d2ea |
| 09-Apr-2021 |
Nikita Popov |
Add known strings for jit autoglobals
We always create interned strings for all autoglobals anyway, so
we might as well add known strings to make them more widely usable. |
|
Revision tags: php-8.0.4RC1, php-7.4.17RC1, php-8.0.3, php-7.4.16, php-8.0.3RC1, php-7.4.16RC1, php-8.0.2, php-7.4.15, php-7.3.27, php-8.0.2RC1, php-7.4.15RC2, php-7.4.15RC1 |
|
| #
3e01f5af |
| 15-Jan-2021 |
Nikita Popov |
Replace zend_bool uses with bool
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool
Replace zend_bool uses with bool
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool is retained as an alias.
show more ...
|
|
Revision tags: php-8.0.1, php-7.4.14, php-7.3.26, php-7.4.14RC1, php-8.0.1RC1, php-7.3.26RC1, php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23 |
|
| #
e14f835d |
| 29-Sep-2020 |
Stanislav Malyshev |
Merge branch 'PHP-7.4'
* PHP-7.4:
Update UPGRADING
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/
Merge branch 'PHP-7.4'
* PHP-7.4:
Update UPGRADING
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
show more ...
|
| #
c4dc0802 |
| 29-Sep-2020 |
Stanislav Malyshev |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
show more ...
|
| #
a9e43218 |
| 29-Sep-2020 |
Stanislav Malyshev |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 1
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
show more ...
|
| #
6559fe91 |
| 21-Sep-2020 |
Stanislav Malyshev |
Do not decode cookie names anymore |
|
Revision tags: php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1, php-8.0.0beta3, php-7.4.10, php-7.3.22, php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1, php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21 |
|
| #
fc4d462e |
| 23-Jul-2020 |
Christoph M. Becker |
Fix #78236: convert error on receiving variables when duplicate [
When an input variable name contains a non matched open bracket, we not
only have to replace that with an underscore, bu
Fix #78236: convert error on receiving variables when duplicate [
When an input variable name contains a non matched open bracket, we not
only have to replace that with an underscore, but also all following
forbidden characters.
show more ...
|
