| #
093c08af |
| 17-Mar-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
The check happened too early as later code paths may perform more
mangling rules. Move the chec
Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
The check happened too early as later code paths may perform more
mangling rules. Move the check downwards right before adding the actual
variable.
show more ...
|
| #
d2635b10 |
| 10-Mar-2024 |
Peter Kokot |
Remove unused php_std_auto_global_callback() (#13656)
Introduced in 4e55747a2b0fd481018bfd390e2aa50569f73c41 but not used in
current code. There was previous removal attempt via
afa4
Remove unused php_std_auto_global_callback() (#13656)
Introduced in 4e55747a2b0fd481018bfd390e2aa50569f73c41 but not used in
current code. There was previous removal attempt via
afa4e41c2fdd676c428614ff67f6517e995bcbdf but looks like it didn't make
it into the master branch at that point.
show more ...
|
| #
cd66fcc6 |
| 17-Jun-2023 |
Ilija Tovilo |
Add request_parse_body() function
RFC: https://wiki.php.net/rfc/rfc1867-non-post
This function allows populating the $_POST and $_FILES globals for non-post
requests. This avoid
Add request_parse_body() function
RFC: https://wiki.php.net/rfc/rfc1867-non-post
This function allows populating the $_POST and $_FILES globals for non-post
requests. This avoids manual parsing of RFC1867 requests.
Fixes #55815
Closes GH-11472
show more ...
|
| #
bc30ae4f |
| 19-Jan-2024 |
Jakub Zelenka |
Fix bug #75712: getenv in php-fpm should not read $_ENV, $_SERVER
Closes GH-13195
|
| #
732d92c0 |
| 28-Apr-2023 |
Javier Eguiluz |
[skip ci] Fix various typos and grammar issues (#11143)
|
| #
0611be4e |
| 09-Sep-2022 |
Derick Rethans |
Fix #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning.
|
|
Revision tags: php-8.2.0RC1, php-8.1.10, php-8.0.23, php-8.0.23RC1, php-8.1.10RC1, php-8.2.0beta3, php-8.2.0beta2, php-8.1.9, php-8.0.22, php-8.1.9RC1, php-8.2.0beta1, php-8.0.22RC1, php-8.0.21, php-8.1.8, php-8.2.0alpha3, php-8.1.8RC1, php-8.2.0alpha2, php-8.0.21RC1, php-8.0.20, php-8.1.7, php-8.2.0alpha1, php-7.4.30, php-8.1.7RC1, php-8.0.20RC1 |
|
| #
55908db0 |
| 16-May-2022 |
George Peter Banyard |
Add php_register_known_variable() for know var names |
|
Revision tags: php-8.1.6, php-8.0.19, php-8.1.6RC1, php-8.0.19RC1, php-8.0.18, php-8.1.5, php-7.4.29, php-8.1.5RC1 |
|
| #
b9e895bc |
| 31-Mar-2022 |
Max Kellermann |
Replace memcmp() with zend_string functions (#8216)
* ext/oci8: use zend_string_equals()
Eliminate duplicate code.
* main/php_variables: use zend_string_equals_literal()
Replace memcmp() with zend_string functions (#8216)
* ext/oci8: use zend_string_equals()
Eliminate duplicate code.
* main/php_variables: use zend_string_equals_literal()
Eliminate duplicate code.
* Zend/zend_string: add zend_string_equals_cstr()
Allows eliminating duplicate code.
* Zend, ext/{opcache,standard}, main/output: use zend_string_equals_cstr()
Eliminate duplicate code.
* Zend/zend_string: add zend_string_starts_with()
* ext/{opcache,phar,spl,standard}: use zend_string_starts_with()
This adds missing length checks to several callers, e.g. in
cache_script_in_shared_memory(). This is important when the
zend_string is shorter than the string parameter, when memcmp()
happens to check backwards; this can result in an out-of-bounds memory
access.
show more ...
|
|
Revision tags: php-8.0.18RC1, php-8.1.4, php-8.0.17, php-8.1.4RC1, php-8.0.17RC1, php-8.1.3, php-8.0.16, php-7.4.28, php-8.1.3RC1, php-8.0.16RC1, php-8.1.2, php-8.0.15 |
|
| #
8d2ed194 |
| 17-Jan-2022 |
Christoph M. Becker |
Merge branch 'PHP-8.0' into PHP-8.1
* PHP-8.0:
Fix GH-7896: Environment vars may be mangled on Windows
|
| #
93a3c71e |
| 11-Jan-2022 |
Christoph M. Becker |
Fix GH-7896: Environment vars may be mangled on Windows
When bug 77574[1] has been fixed, the fix only catered to variables
retrieved via `getenv()` with a `$varname` passed, but neither
Fix GH-7896: Environment vars may be mangled on Windows
When bug 77574[1] has been fixed, the fix only catered to variables
retrieved via `getenv()` with a `$varname` passed, but neither to
`getenv()` without arguments nor to the general import of environment
variables into `$_ENV` and `$_SERVER`. We catch up on this by using
`GetEnvironmentStringsW()` in `_php_import_environment_variables()` and
converting the encoding to whatever had been chosen by the user.
[1] <https://bugs.php.net/bug.php?id=75574>
Closes GH-7928.
show more ...
|
|
Revision tags: php-8.1.2RC1, php-8.0.15RC1, php-8.0.14, php-8.1.1, php-7.4.27, php-8.1.1RC1, php-8.0.14RC1, php-7.4.27RC1, php-8.1.0, php-8.0.13, php-7.4.26, php-7.3.33, php-8.1.0RC6, php-7.4.26RC1, php-8.0.13RC1, php-8.1.0RC5, php-7.3.32, php-7.4.25, php-8.0.12, php-8.1.0RC4, php-8.0.12RC1, php-7.4.25RC1, php-8.1.0RC3, php-8.0.11, php-7.4.24, php-7.3.31, php-8.1.0RC2, php-7.4.24RC1, php-8.0.11RC1, php-8.1.0RC1, php-7.4.23, php-8.0.10, php-7.3.30, php-8.1.0beta3, php-8.0.10RC1, php-7.4.23RC1, php-8.1.0beta2, php-8.0.9, php-7.4.22, php-8.1.0beta1, php-7.4.22RC1, php-8.0.9RC1, php-8.1.0alpha3, php-7.4.21, php-7.3.29, php-8.0.8, php-8.1.0alpha2, php-7.4.21RC1, php-8.0.8RC1, php-8.1.0alpha1, php-8.0.7, php-7.4.20, php-8.0.7RC1, php-7.4.20RC1 |
|
| #
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
show more ...
|
|
Revision tags: php-8.0.6, php-7.4.19, php-7.4.18, php-7.3.28, php-8.0.5, php-8.0.5RC1, php-7.4.18RC1 |
|
| #
462da6e0 |
| 31-Mar-2021 |
Josh Soref |
Fix spelling and grammar mistakes
This PR corrects misspellings identified by the check-spelling action.
The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465
Fix spelling and grammar mistakes
This PR corrects misspellings identified by the check-spelling action.
The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465
The action reports that the changes in this PR would make it happy: jsoref@602417c
Closes GH-6822.
show more ...
|
| #
4ce5d2ea |
| 09-Apr-2021 |
Nikita Popov |
Add known strings for jit autoglobals
We always create interned strings for all autoglobals anyway, so
we might as well add known strings to make them more widely usable. |
|
Revision tags: php-8.0.4RC1, php-7.4.17RC1, php-8.0.3, php-7.4.16, php-8.0.3RC1, php-7.4.16RC1, php-8.0.2, php-7.4.15, php-7.3.27, php-8.0.2RC1, php-7.4.15RC2, php-7.4.15RC1 |
|
| #
3e01f5af |
| 15-Jan-2021 |
Nikita Popov |
Replace zend_bool uses with bool
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool
Replace zend_bool uses with bool
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool is retained as an alias.
show more ...
|
|
Revision tags: php-8.0.1, php-7.4.14, php-7.3.26, php-7.4.14RC1, php-8.0.1RC1, php-7.3.26RC1, php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23 |
|
| #
e14f835d |
| 29-Sep-2020 |
Stanislav Malyshev |
Merge branch 'PHP-7.4'
* PHP-7.4:
Update UPGRADING
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/
Merge branch 'PHP-7.4'
* PHP-7.4:
Update UPGRADING
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
show more ...
|
| #
c4dc0802 |
| 29-Sep-2020 |
Stanislav Malyshev |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Update UPGRADING
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
show more ...
|
| #
a9e43218 |
| 29-Sep-2020 |
Stanislav Malyshev |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 1
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Update NEWS & UPGRADING
Do not decode cookie names anymore
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
show more ...
|
| #
6559fe91 |
| 21-Sep-2020 |
Stanislav Malyshev |
Do not decode cookie names anymore |
|
Revision tags: php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1, php-8.0.0beta3, php-7.4.10, php-7.3.22, php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1, php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21 |
|
| #
fc4d462e |
| 23-Jul-2020 |
Christoph M. Becker |
Fix #78236: convert error on receiving variables when duplicate [
When an input variable name contains a non matched open bracket, we not
only have to replace that with an underscore, bu
Fix #78236: convert error on receiving variables when duplicate [
When an input variable name contains a non matched open bracket, we not
only have to replace that with an underscore, but also all following
forbidden characters.
show more ...
|
|
Revision tags: php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1, php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20 |
|
| #
2b5de6f8 |
| 01-Jul-2020 |
Max Semenik |
Remove proto comments from C files
Closes GH-5758 |
|
Revision tags: php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1, php-7.4.7, php-7.3.19 |
|
| #
83a77015 |
| 08-Jun-2020 |
twosee |
Add helper APIs for maybe-interned string creation
Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using
ZVAL_INTERNED_STRING and ZSTR_CHAR.
Add zend_string_init_fast()
Add helper APIs for maybe-interned string creation
Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using
ZVAL_INTERNED_STRING and ZSTR_CHAR.
Add zend_string_init_fast() as a helper for the empty string /
one char interned string / zend_string_init() pattern.
Also add corresponding ZVAL_STRINGL_FAST etc macros.
Closes GH-5684.
show more ...
|
| #
88355dd3 |
| 07-Jun-2020 |
twosee |
Constify char * arguments of APIs
Closes GH-5676. |
|
Revision tags: php-7.4.7RC1, php-7.3.19RC1, php-7.4.6, php-7.2.31, php-7.4.6RC1, php-7.3.18RC1 |
|
| #
f91f7260 |
| 22-Apr-2020 |
George Peter Banyard |
Drop unnecessary stdint and inttypes header checks
These are always available as of C99.
Closes GH-5323
Co-authored-by: "Christoph M. Becker" <cmbecker69@gmx.de> |
|
Revision tags: php-7.2.30, php-7.4.5, php-7.3.17, php-7.4.5RC1, php-7.3.17RC1, php-7.3.18, php-7.4.4, php-7.2.29, php-7.3.16, php-7.4.4RC1, php-7.3.16RC1, php-7.4.3, php-7.2.28 |
|
| #
69819bae |
| 11-Feb-2020 |
Christoph M. Becker |
Merge branch 'PHP-7.4'
* PHP-7.4:
Fix #79254: getenv() w/o arguments not showing changes
|
| #
93b183ed |
| 11-Feb-2020 |
Christoph M. Becker |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix #79254: getenv() w/o arguments not showing changes
|
