| #
19e7e4b1 |
| 30-Sep-2019 |
Nikita Popov |
Fixed bug #78604
<?php followed by EOF is valid since PHP 7.4. |
| #
1806ce9c |
| 24-Sep-2019 |
Nikita Popov |
Add max_depth option to unserialize()
Add a max_depth option to unserialize and an unserialize_max_depth
ini setting, which can be used to control the depth limit. The
default value
Add max_depth option to unserialize()
Add a max_depth option to unserialize and an unserialize_max_depth
ini setting, which can be used to control the depth limit. The
default value is 4096.
This option is intended to prevent stack overflows during the
unserialization of deeply nested structures.
This fixes bug #78549 and addresses oss-fuzz #17581, #17589, #17664,
and #17788.
show more ...
|
| #
75309386 |
| 24-Sep-2019 |
Christoph M. Becker |
Update NEWS |
| #
8c9c5843 |
| 23-Sep-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix NEWS entry
|
| #
ed099ab1 |
| 23-Sep-2019 |
Christoph M. Becker |
Fix NEWS entry
Cf. <https://bugs.php.net/78590>. |
| #
5356bad8 |
| 22-Sep-2019 |
Christoph M. Becker |
Remove unused parameter
The `$use_include_path` parameter doesn't make sense for
`tidy_repair_string()`, and actually unused, so we remove it. |
| #
48892e6d |
| 21-Sep-2019 |
Christoph M. Becker |
Remove unused parameter
Cf. <https://bugs.php.net/78579>. |
| #
6dea11ac |
| 21-Sep-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix #78579: mb_decode_numericentity: args number inconsistency
|
| #
698088ca |
| 21-Sep-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #78579: mb_decode_numericentity: args number inconsistency
|
| #
398b3083 |
| 21-Sep-2019 |
Christoph M. Becker |
Fix #78579: mb_decode_numericentity: args number inconsistency
mb_decode_numericentity() accepts a fourth optional parameter, which is
unused, however. Since this parameter doesn't do a
Fix #78579: mb_decode_numericentity: args number inconsistency
mb_decode_numericentity() accepts a fourth optional parameter, which is
unused, however. Since this parameter doesn't do any harm, and to avoid
the small BC break, we're keeping this parameter for PHP 7, but adjust
the arginfo.
For PHP 8, we will remove this parameter.
show more ...
|
| #
dc40332b |
| 20-Sep-2019 |
Remi Collet |
Fixed bug #78574 (broken shared build) |
| #
9dfbcd72 |
| 18-Sep-2019 |
Christoph M. Becker |
Fix #78543: is_callable() on FFI\CData throws Exception
If `Z_OBJ_HANDLER_P(callable, get_closure)` throws, we must not let the
exeception pass to userland, if called through `is_callabl
Fix #78543: is_callable() on FFI\CData throws Exception
If `Z_OBJ_HANDLER_P(callable, get_closure)` throws, we must not let the
exeception pass to userland, if called through `is_callable()`.
show more ...
|
| #
e11ed028 |
| 18-Sep-2019 |
Nikita Popov |
Fixed bug #78272
Use MAP_JIT only when running under hardened runtime, because MAP_JIT
is incompatible with fork().
The check is based on
https://github.com/mono/mono/commit
Fixed bug #78272
Use MAP_JIT only when running under hardened runtime, because MAP_JIT
is incompatible with fork().
The check is based on
https://github.com/mono/mono/commit/f879e35e3ed7496d819bd766deb8be6992d068ed.
show more ...
|
| #
d61bc63c |
| 14-Sep-2019 |
Christoph M. Becker |
Change XMLWriter resources to objects
While we generally prefer objects over resources for quite a while, the
procedural XMLWriter API still uses resources, although there is
already
Change XMLWriter resources to objects
While we generally prefer objects over resources for quite a while, the
procedural XMLWriter API still uses resources, although there is
already an object-oriented API which uses objects. This dichotomy
makes no sense, slightly complicates the implementation, and doesn't
allow a stepwise migration to the object-oriented API, which might be
desired. Thus we completely drop the XMLWriter resources in favor of
XMLWriter objects.
We consider the minor BC break acceptable for a major version, since
only explicit type checks (`is_resource()`, `gettype()` etc.) need to
be adapted.
show more ...
|
| #
7baca200 |
| 17-Sep-2019 |
Derick Rethans |
Update NEWS for 7.4.0RC3 |
| #
19ac6b2a |
| 17-Sep-2019 |
Derick Rethans |
Update NEWS for PHP 7.4.0RC2 |
| #
9ed247b7 |
| 17-Sep-2019 |
Derick Rethans |
Revert "Update NEWS for PHP 7.4.0RC2"
This reverts commit 050059cb269f3581901d3ac4d155292fee95d4cf. |
| #
4c39f557 |
| 17-Sep-2019 |
Derick Rethans |
Revert "Update NEWS for 7.4.0RC3"
This reverts commit 803dc6b8f2ea1f9314d19eb242365f32a364437e. |
| #
c5d4c45e |
| 17-Sep-2019 |
Nikita Popov |
Merge branch 'PHP-7.2' into PHP-7.3
|
| #
e691a98c |
| 29-Jul-2019 |
fancyweb |
Fix #76342: file_get_contents waits twice specified timeout |
| #
803dc6b8 |
| 17-Sep-2019 |
Derick Rethans |
Update NEWS for 7.4.0RC3 |
| #
050059cb |
| 17-Sep-2019 |
Derick Rethans |
Update NEWS for PHP 7.4.0RC2 |
| #
20f73d3d |
| 20-Aug-2019 |
Christoph M. Becker |
Fix #78429: opcache_compile_file(__FILE__); segfaults
We have to ensure that OPcache has been properly started up when
`opcache_compile_file()` is called. |
| #
42046c71 |
| 16-Sep-2019 |
Fabien Villepinte |
Fix typo |
| #
145ffd93 |
| 14-Sep-2019 |
Christoph M. Becker |
Fix #78516: password_hash(): Memory cost is not in allowed range
libsodium measures the memory cost in bytes, while password_hash() and
friends expect kibibyte values. We have to proper
Fix #78516: password_hash(): Memory cost is not in allowed range
libsodium measures the memory cost in bytes, while password_hash() and
friends expect kibibyte values. We have to properly map between these
scales not only when calling libsodium functions, but also when
checking for allowed values.
We also refactor to rid the code duplication.
show more ...
|
