| #
70a8f931 |
| 15-Jun-2007 |
Stanislav Malyshev |
Disallow characters that Cookie RFC does not allow in unquoted cookies |
| #
d042fd06 |
| 07-Jun-2007 |
Antony Dovgal |
MFH: php_gmtime_r() fixes |
|
Revision tags: php-5.2.3, RELEASE_1_4, php-5.2.3RC1, RELEASE_1_2_0 |
|
| #
69650d0e |
| 16-May-2007 |
Stanislav Malyshev |
do not send cookie when session is passed in URL, same as it happens with GET/POST |
|
Revision tags: php-4.4.7, php-5.2.2, php-5.2.2RC2, RELEASE_1_1_0, php-4.4.7RC1, php-5.2.2RC1 |
|
| #
39f9184f |
| 04-Apr-2007 |
Antony Dovgal |
MFH: fix #40998 (long session array keys are truncated) |
|
Revision tags: RELEASE_1_0_1 |
|
| #
7aab16c3 |
| 14-Mar-2007 |
Ilia Alshanetsky |
Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability
# Discovered by Stefan Esser |
| #
a500d1ef |
| 03-Mar-2007 |
Ilia Alshanetsky |
Adjust checks to allow paths without a trailing / |
| #
4735df26 |
| 02-Mar-2007 |
Ilia Alshanetsky |
Improve safe_mode check |
|
Revision tags: php-4.4.6 |
|
| #
efad70c2 |
| 27-Feb-2007 |
Ilia Alshanetsky |
snprintf() -> slprintf() |
| #
50ea2676 |
| 24-Feb-2007 |
Marcus Boerger |
- Avoid sprintf, even when checked copy'n'paste or changes lead to errors |
| #
3e262bd3 |
| 24-Feb-2007 |
Stanislav Malyshev |
disallow negative length |
|
Revision tags: php-4.4.6RC1, php-4.4.5, php-5.2.1, RELEASE_1_0_0RC1, php-4.4.5RC2, php-5.2.1RC4, php-5.2.1RC3 |
|
| #
ae792a06 |
| 10-Jan-2007 |
Dmitry Stogov |
Fixed SIGSEGV |
| #
81729c1e |
| 09-Jan-2007 |
Ilia Alshanetsky |
Prevent SESSION/GLOBALS overload via session decoding |
|
Revision tags: php-4.4.5RC1, php-5.2.1RC2 |
|
| #
4223aa4d |
| 01-Jan-2007 |
Sebastian Bergmann |
MFH: Bump year. |
| #
ba645539 |
| 31-Dec-2006 |
Ilia Alshanetsky |
Added boundary checks to php_binary deserializer |
| #
ffd41a50 |
| 26-Dec-2006 |
Ilia Alshanetsky |
Session deserializer protection. |
| #
7d2142a5 |
| 20-Dec-2006 |
Antony Dovgal |
protect _SESSION, HTTP_SESSION_VARS and GLOBALS
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace |
|
Revision tags: php-5.2.1RC1 |
|
| #
bcf457d8 |
| 04-Dec-2006 |
Antony Dovgal |
MFH: fix retval type |
| #
35f78f22 |
| 04-Dec-2006 |
Ilia Alshanetsky |
Fixed bug #37627 (session save_path check checks the parent directory). |
| #
5f3e233e |
| 01-Dec-2006 |
Ilia Alshanetsky |
Disallow \0 chars inside session.save_path |
| #
050f94f7 |
| 03-Nov-2006 |
Hannes Magnusson |
MFH: Fix double "wron param count" messages |
|
Revision tags: php-5.2.0, php-5.2.0RC6 |
|
| #
b1d8f7e0 |
| 06-Oct-2006 |
Ilia Alshanetsky |
Expose session storage module locater and serialization function via PHPAPI |
|
Revision tags: php-5.2.0RC5 |
|
| #
154f70ac |
| 01-Oct-2006 |
Ilia Alshanetsky |
Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
session.save_path, allowing them to account for extra parameters). |
|
Revision tags: php-5.2.0RC4, php-5.2.0RC3 |
|
| #
b6ced951 |
| 30-Aug-2006 |
Antony Dovgal |
change ini handlers to produce E_ERROR if they are called during startup |
| #
f8fd45a7 |
| 30-Aug-2006 |
Antony Dovgal |
MFH: change E_ERROR to E_WARNING when invalid argument has been passed
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values |
|
Revision tags: php-5.1.6, php-5.2.0RC2, php-5.1.5, php-4.4.4, php-4.4.4RC1, php-5.1.5RC1 |
|
| #
7dfae526 |
| 10-Aug-2006 |
Ilia Alshanetsky |
Fixed proto |
