| #
65bbc670 |
| 03-Dec-2019 |
Christoph M. Becker |
Next is 7.3.14 |
| #
d2cfb63f |
| 03-Dec-2019 |
Remi Collet |
next is 7.2.27 |
| #
996f217a |
| 02-Dec-2019 |
Christoph M. Becker |
Fix #78883: fgets(STDIN) fails on Windows
We add the `is_seekable` member to `php_stdio_stream_data`, and prefer
that over `is_pipe`, since the latter is simply a misnomer. We keep
Fix #78883: fgets(STDIN) fails on Windows
We add the `is_seekable` member to `php_stdio_stream_data`, and prefer
that over `is_pipe`, since the latter is simply a misnomer. We keep
`is_pipe` for now for Windows only, though, because we need special
support for pipes there. We also fix the misaligned bitfield which
formerly took 33 bit.
show more ...
|
| #
3356dd05 |
| 02-Dec-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix #78814: strip_tags allows / in tag name => whitelist bypass
|
| #
861fa608 |
| 02-Dec-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #78814: strip_tags allows / in tag name => whitelist bypass
|
| #
600f1f89 |
| 17-Nov-2019 |
Christoph M. Becker |
Fix #78814: strip_tags allows / in tag name => whitelist bypass
When normalizing tags to check whether they are contained in the set
of allowable tags, we must not strip slashes, unless
Fix #78814: strip_tags allows / in tag name => whitelist bypass
When normalizing tags to check whether they are contained in the set
of allowable tags, we must not strip slashes, unless they come
immediately after the opening `<`, or immediately before the closing
`>`.
show more ...
|
| #
a9e45bc0 |
| 02-Dec-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix #78296: is_file fails to detect file
|
| #
bb735c9e |
| 25-Nov-2019 |
Christoph M. Becker |
Fix #78296: is_file fails to detect file
If we're constructing extended-length paths (i.e. paths prefixed with
`\\?\`), we have to replace all forward slashes with backward slashes,
Fix #78296: is_file fails to detect file
If we're constructing extended-length paths (i.e. paths prefixed with
`\\?\`), we have to replace all forward slashes with backward slashes,
because the former are not supported by Windows for extended-length
paths.
The more efficient and likely cleaner alternative solution would be to
cater to this in `php_win32_ioutil_normalize_path_w()` by always
replacing forward slashes, but that might break existing code. It
might be sensible to change that for `master`, though.
show more ...
|
| #
4ff242a9 |
| 02-Dec-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix #78833: Integer overflow in pack causes out-of-bound access
|
| #
3d81c548 |
| 02-Dec-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #78833: Integer overflow in pack causes out-of-bound access
|
| #
db420cb6 |
| 19-Nov-2019 |
Christoph M. Becker |
Fix #78833: Integer overflow in pack causes out-of-bound access
We check for potential signed integer overflow, and bail out
gracefully, in that case. |
| #
67cd4271 |
| 01-Dec-2019 |
Jakub Zelenka |
Fix bug #78889 (php-fpm service fails to start) |
| #
1979c5d1 |
| 30-Nov-2019 |
Christoph M. Becker |
Upgrade to Oniguruma 6.9.4
Oniguruma 6.9.4 fixes several CVEs. |
| #
30aa2e89 |
| 27-Nov-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix #78840: imploding $GLOBALS crashes
|
| #
fee38633 |
| 26-Nov-2019 |
Christoph M. Becker |
Fix #78840: imploding $GLOBALS crashes
We add support for IS_INDIRECT zvals to implode(). |
| #
717730dd |
| 25-Nov-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix #77638: var_export'ing certain class instances segfaults
|
| #
23c65a81 |
| 25-Nov-2019 |
Christoph M. Becker |
Fix #77638: var_export'ing certain class instances segfaults
If objects return immutable property hash tables (typically,
`zend_empty_array`), we must not try to apply recursion protecti
Fix #77638: var_export'ing certain class instances segfaults
If objects return immutable property hash tables (typically,
`zend_empty_array`), we must not try to apply recursion protection on
those.
show more ...
|
| #
2ebf5309 |
| 25-Nov-2019 |
Dmitry Stogov |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value)
|
| #
bb30fe9e |
| 25-Nov-2019 |
Dmitry Stogov |
Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value) |
| #
71d42dc7 |
| 24-Nov-2019 |
Derick Rethans |
Consolidate NEWS for 7.4.0 release |
| #
c16cbfd1 |
| 23-Nov-2019 |
Derick Rethans |
WIP: Merge NEWS |
| #
cfb643ca |
| 22-Nov-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix #78853: preg_match() may return integer > 1
|
| #
e1da72bd |
| 22-Nov-2019 |
Christoph M. Becker |
Fix #78853: preg_match() may return integer > 1
Commit 54ebebd[1] optimized the match loop, but for this case it has
been overlooked, that we must only loop if we're doing global matchin
Fix #78853: preg_match() may return integer > 1
Commit 54ebebd[1] optimized the match loop, but for this case it has
been overlooked, that we must only loop if we're doing global matching.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=54ebebd686255c5f124af718c966edb392782d4a>
show more ...
|
| #
b78ec58f |
| 21-Nov-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix #78849: GD build broken with -D SIGNED_COMPARE_SLOW
|
| #
b4f501d5 |
| 21-Nov-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #78849: GD build broken with -D SIGNED_COMPARE_SLOW
|
