|
Revision tags: php-8.2.0RC1, php-8.1.10, php-8.0.23, php-8.0.23RC1, php-8.1.10RC1, php-8.2.0beta3, php-8.2.0beta2, php-8.1.9, php-8.0.22, php-8.1.9RC1, php-8.2.0beta1, php-8.0.22RC1, php-8.0.21, php-8.1.8, php-8.2.0alpha3, php-8.1.8RC1, php-8.2.0alpha2, php-8.0.21RC1, php-8.0.20, php-8.1.7, php-8.2.0alpha1, php-7.4.30, php-8.1.7RC1, php-8.0.20RC1, php-8.1.6, php-8.0.19, php-8.1.6RC1, php-8.0.19RC1, php-8.0.18, php-8.1.5, php-7.4.29, php-8.1.5RC1, php-8.0.18RC1, php-8.1.4, php-8.0.17, php-8.1.4RC1, php-8.0.17RC1, php-8.1.3, php-8.0.16, php-7.4.28, php-8.1.3RC1, php-8.0.16RC1, php-8.1.2, php-8.0.15 |
|
| #
d8fc05c0 |
| 06-Jan-2022 |
root |
Add FILTER_FLAG_GLOBAL_RANGE to filter Global IPs as per RFC 6890 |
| #
187a0e47 |
| 28-Mar-2022 |
Stanislav Malyshev |
Merge branch 'PHP-8.0' into PHP-8.1
* PHP-8.0:
Don't try to access memory outside string
|
| #
2119ba21 |
| 28-Mar-2022 |
Stanislav Malyshev |
Don't try to access memory outside string |
| #
1c3374c7 |
| 28-Mar-2022 |
Christoph M. Becker |
Merge branch 'PHP-8.0' into PHP-8.1
* PHP-8.0:
Fix signedness confusion in php_filter_validate_domain()
|
| #
771dbdb3 |
| 28-Mar-2022 |
Christoph M. Becker |
Fix signedness confusion in php_filter_validate_domain()
As is, there is the possibility that integer underflow occurs, making
`_php_filter_validate_domain()` succeed for very long domai
Fix signedness confusion in php_filter_validate_domain()
As is, there is the possibility that integer underflow occurs, making
`_php_filter_validate_domain()` succeed for very long domain names.
Cf. <https://pwning.systems/posts/php_filter_var_shenanigans/>.
show more ...
|
| #
414d5620 |
| 14-Feb-2022 |
Stanislav Malyshev |
Merge branch 'PHP-8.0' into PHP-8.1
|
| #
82f1bf1b |
| 31-Jan-2022 |
Christoph M. Becker |
Fix #81708: UAF due to php_filter_float() failing for ints
We must only release the zval, if we actually assign a new zval. |
|
Revision tags: php-8.1.2RC1, php-8.0.15RC1 |
|
| #
a000af6e |
| 19-Dec-2021 |
Christoph M. Becker |
Merge branch 'PHP-8.0' into PHP-8.1
* PHP-8.0:
Fix FILTER_FLAG_NO_RES_RANGE flag
|
| #
3587e13a |
| 19-Dec-2021 |
Yifan Tong |
Fix FILTER_FLAG_NO_RES_RANGE flag
`2001:10::/28` is a reserved IPv6 range. But there's a typo in GH-7476,
which caused IPv6 address like `240b:0010::1` will be filtered by the
flag `
Fix FILTER_FLAG_NO_RES_RANGE flag
`2001:10::/28` is a reserved IPv6 range. But there's a typo in GH-7476,
which caused IPv6 address like `240b:0010::1` will be filtered by the
flag `FILTER_FLAG_NO_RES_RANGE`.
http://www.faqs.org/rfcs/rfc6890.html
Closes GH-7790.
show more ...
|
|
Revision tags: php-8.0.14, php-8.1.1, php-7.4.27, php-8.1.1RC1, php-8.0.14RC1, php-7.4.27RC1, php-8.1.0, php-8.0.13, php-7.4.26, php-7.3.33, php-8.1.0RC6, php-7.4.26RC1, php-8.0.13RC1, php-8.1.0RC5, php-7.3.32, php-7.4.25, php-8.0.12, php-8.1.0RC4, php-8.0.12RC1, php-7.4.25RC1, php-8.1.0RC3, php-8.0.11, php-7.4.24, php-7.3.31 |
|
| #
1dcc0ff5 |
| 20-Sep-2021 |
Christoph M. Becker |
Merge branch 'PHP-8.0' into PHP-8.1
* PHP-8.0:
Fix #61700: FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing
|
| #
fbc922d5 |
| 20-Sep-2021 |
Christoph M. Becker |
Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
Fix #61700: FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing
|
| #
288c25f7 |
| 20-Sep-2021 |
Christoph M. Becker |
Fix #61700: FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing
It makes no sense to compare IPv6 address ranges as strings; there are
too many different representation possibilities.
Fix #61700: FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing
It makes no sense to compare IPv6 address ranges as strings; there are
too many different representation possibilities. Instead, we change
`_php_filter_validate_ipv6()` so that it can calculate the IP address
as integer array. We do not rely on `inet_pton()` which may not be
available everywhere, at least IPv6 support may not, but rather parse
the IP address manually. Finally, we compare the integers.
Note that this patch does not fix what we consider as reserved and
private, respectively, but merely tries to keep what we had so far.
Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
Closes GH-7476.
show more ...
|
|
Revision tags: php-8.1.0RC2, php-7.4.24RC1, php-8.0.11RC1, php-8.1.0RC1, php-7.4.23, php-8.0.10, php-7.3.30, php-8.1.0beta3, php-8.0.10RC1, php-7.4.23RC1, php-8.1.0beta2, php-8.0.9, php-7.4.22, php-8.1.0beta1, php-7.4.22RC1, php-8.0.9RC1, php-8.1.0alpha3, php-7.4.21, php-7.3.29 |
|
| #
aff36587 |
| 29-Jun-2021 |
Patrick Allaert |
Fixed some spaces used instead of tabs |
|
Revision tags: php-8.0.8 |
|
| #
7bab67c2 |
| 28-Jun-2021 |
Stanislav Malyshev |
Fix warning
(cherry picked from commit 190013787bbc424c240413d914e3a038f974ccef) |
| #
4957b7c0 |
| 28-Jun-2021 |
Stanislav Malyshev |
Merge branch 'PHP-8.0'
* PHP-8.0:
Fix warning
|
| #
19001378 |
| 28-Jun-2021 |
Stanislav Malyshev |
Fix warning |
| #
d72e82bf |
| 28-Jun-2021 |
Stanislav Malyshev |
Merge branch 'PHP-8.0'
* PHP-8.0:
Update NEWS
Fix #76448: Stack buffer overflow in firebird_info_cb
Fix #76449: SIGSEGV in firebird_handle_doer
Fix #76450: SIGSEGV in
Merge branch 'PHP-8.0'
* PHP-8.0:
Update NEWS
Fix #76448: Stack buffer overflow in firebird_info_cb
Fix #76449: SIGSEGV in firebird_handle_doer
Fix #76450: SIGSEGV in firebird_stmt_execute
Fix #76452: Crash while parsing blob data in firebird_fetch_blob
Fix #81122: SSRF bypass in FILTER_VALIDATE_URL
show more ...
|
| #
892674ef |
| 28-Jun-2021 |
Stanislav Malyshev |
Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
Update NEWS
Fix #76448: Stack buffer overflow in firebird_info_cb
Fix #76449: SIGSEGV in firebird_handle_doer
Fix #7645
Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
Update NEWS
Fix #76448: Stack buffer overflow in firebird_info_cb
Fix #76449: SIGSEGV in firebird_handle_doer
Fix #76450: SIGSEGV in firebird_stmt_execute
Fix #76452: Crash while parsing blob data in firebird_fetch_blob
Fix #81122: SSRF bypass in FILTER_VALIDATE_URL
show more ...
|
| #
2327e3d3 |
| 28-Jun-2021 |
Stanislav Malyshev |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Update NEWS
Fix #76448: Stack buffer overflow in firebird_info_cb
Fix #76449: SIGSEGV in firebird_handle_doer
Fix #7645
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Update NEWS
Fix #76448: Stack buffer overflow in firebird_info_cb
Fix #76449: SIGSEGV in firebird_handle_doer
Fix #76450: SIGSEGV in firebird_stmt_execute
Fix #76452: Crash while parsing blob data in firebird_fetch_blob
Fix #81122: SSRF bypass in FILTER_VALIDATE_URL
show more ...
|
|
Revision tags: php-8.1.0alpha2, php-7.4.21RC1, php-8.0.8RC1 |
|
| #
a5538c62 |
| 14-Jun-2021 |
Christoph M. Becker |
Fix #81122: SSRF bypass in FILTER_VALIDATE_URL
We need to ensure that the password detected by parse_url() is actually
a valid password; we can re-use is_userinfo_valid() for that. |
|
Revision tags: php-8.1.0alpha1, php-8.0.7, php-7.4.20, php-8.0.7RC1, php-7.4.20RC1 |
|
| #
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
show more ...
|
|
Revision tags: php-8.0.6, php-7.4.19, php-7.4.18, php-7.3.28, php-8.0.5, php-8.0.5RC1, php-7.4.18RC1, php-8.0.4RC1, php-7.4.17RC1, php-8.0.3, php-7.4.16, php-8.0.3RC1, php-7.4.16RC1, php-8.0.2, php-7.4.15, php-7.3.27, php-8.0.2RC1, php-7.4.15RC2, php-7.4.15RC1, php-8.0.1, php-7.4.14, php-7.3.26, php-7.4.14RC1, php-8.0.1RC1, php-7.3.26RC1, php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1 |
|
| #
5caaf40b |
| 29-Sep-2020 |
George Peter Banyard |
Introduce pseudo-keyword ZEND_FALLTHROUGH
And use it instead of comments |
| #
4b20c033 |
| 17-Mar-2021 |
George Peter Banyard |
Use zend_string_equals() API instead of strcmp() in Filter extension |
| #
7eff4057 |
| 27-Jan-2021 |
Stanislav Malyshev |
Merge branch 'PHP-8.0'
* PHP-8.0:
Alternative fix for bug 77423
|
| #
effa287b |
| 27-Jan-2021 |
Stanislav Malyshev |
Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
Alternative fix for bug 77423
|
