History log of /PHP-5.4/ext/standard/var_unserializer.re (Results 1 – 25 of 103)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1, php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14, php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4, php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2, php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1, php-5.6.37, php-7.1.20, php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3, php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1, php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1, php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28, php-7.2.3RC1, php-7.1.15RC1, php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27, php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1, php-7.2.0, php-7.1.12, php-7.0.26, php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1, php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25, php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24, php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1, php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1, php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1, php-5.6.31, php-7.0.21, php-7.1.7, php-7.2.0alpha3, php-7.1.7RC1, php-7.0.21RC1, php-7.2.0alpha2, php-7.1.6, php-7.2.0alpha1, php-7.0.20, php-7.1.6RC1, php-7.0.20RC1, php-7.1.5, php-7.0.19, php-7.0.19RC1, php-7.1.5RC1, php-7.1.4, php-7.0.18, php-7.1.4RC1, php-7.0.18RC1, php-7.1.3, php-7.0.17, php-7.1.3RC1, php-7.0.17RC1, php-7.1.2, php-7.0.16, php-7.0.16RC1, php-7.1.2RC1, php-5.6.30, php-7.0.15, php-5.6.30RC1, php-7.1.1RC1, php-7.0.15RC1, php-7.1.1, php-5.6.29, php-7.0.14, php-7.1.0, php-5.6.29RC1, php-7.0.14RC1, php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27, php-7.0.12, php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11, php-5.6.26RC1, php-7.1.0RC1, php-7.0.11RC1, php-7.1.0beta3, php-5.6.25, php-7.0.10, php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1, php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38, php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1, php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37, php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1, php-5.6.22, php-5.5.36, php-7.0.7, php-5.6.22RC1, php-7.0.7RC1, php-7.0.6, php-5.6.21, php-5.5.35, php-5.6.21RC1, php-7.0.6RC1, php-5.6.20, php-5.5.34, php-7.0.5, php-5.6.20RC1, php-7.0.5RC1, php-5.6.19, php-5.5.33, php-7.0.4, php-5.6.19RC1, php-7.0.4RC1, php-5.6.18, php-7.0.3, php-5.5.32, php-5.6.18RC1, php-7.0.3RC1, php-5.6.17, php-5.5.31, php-7.0.2, php-7.0.2RC1, php-5.6.17RC1, php-7.0.1RC1, php-7.0.0, php-5.6.16, php-7.0.0RC8, php-7.0.0RC7, php-5.6.16RC1, php-5.6.15, php-7.0.0RC6, php-7.0.1, php-5.6.15RC1, php-7.0.0RC5, php-5.5.30, php-5.6.14, php-7.0.0RC4, php-5.6.14RC1, php-7.0.0RC3, php-5.6.13, php-7.0.0RC2, php-5.5.29, php-5.4.45
# e8429400 01-Sep-2015 Stanislav Malyshev

Fix bug #70172 - Use After Free Vulnerability in unserialize()


# df4bf28f 23-Aug-2015 Stanislav Malyshev

Fix bug #70219 (Use after free vulnerability in session deserializer)


Revision tags: php-5.6.13RC1, php-7.0.0RC1, php-5.6.12, php-5.5.28, php-7.0.0beta3, php-5.4.44, php-5.6.12RC1, php-7.0.0beta2, php-7.0.0beta1, php-5.6.11, php-5.5.27, php-5.4.43, php-5.6.11RC1, php-5.5.27RC1, php-7.0.0alpha2, php-5.5.26, php-7.0.0alpha1, php-5.6.10, php-5.4.42, POST_PHP7_NSAPI_REMOVAL, PRE_PHP7_NSAPI_REMOVAL, php-5.6.10RC1, php-5.5.26RC1, php-5.5.25, php-5.6.9, php-5.4.41, php-5.6.9RC1, php-5.5.25RC1, php-5.6.8, php-5.5.24, php-5.4.40, php-5.6.8RC1, php-5.5.24RC1, php-5.6.7, php-5.5.23, php-5.4.39
# 646572d6 17-Mar-2015 Stanislav Malyshev

Fixed bug #68976 - Use After Free Vulnerability in unserialize()


Revision tags: php-5.6.7RC1, php-5.5.23RC1, POST_PHP7_EREG_MYSQL_REMOVALS, PRE_PHP7_EREG_MYSQL_REMOVALS, php-5.6.6, php-5.5.22, php-5.4.38, POST_PHP7_REMOVALS, PRE_PHP7_REMOVALS, php-5.6.6RC1, php-5.5.22RC1, php-5.5.21, php-5.6.5, php-5.4.37, php-5.5.21RC1, php-5.6.5RC1
# b585a3ae 02-Jan-2015 Stanislav Malyshev

Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())


Revision tags: POST_NATIVE_TLS_MERGE, PRE_NATIVE_TLS_MERGE, php-5.5.20, php-5.4.36, php-5.6.4
# 630f9c33 12-Dec-2014 Stanislav Malyshev

Fix bug #68594 - Use after free vulnerability in unserialize()


# 13f1c276 10-Dec-2014 Anatol Belski

Fixed bug #68545 NULL pointer dereference in unserialize.c


Revision tags: php-5.6.4RC1, php-5.5.20RC1, php-5.6.3, php-5.5.19, php-5.4.35, php-5.6.3RC1, php-5.5.19RC1, php-5.5.18, php-5.4.34, php-5.5.18RC1, php-5.6.1
# 56754a7f 28-Sep-2014 Stanislav Malyshev

Fixed bug #68044: Integer overflow in unserialize() (32-bits only)


Revision tags: php-5.6.2, php-5.4.33, php-5.5.17, php-5.6.1RC1, php-5.5.17RC1, php-5.4.33RC1, php-5.6.0, POST_AST_MERGE, PRE_AST_MERGE, POST_64BIT_BRANCH_MERGE, PRE_64BIT_BRANCH_MERGE, php-5.5.16, php-5.4.32, POST_PHPNG_MERGE, PRE_PHPNG_MERGE, php-5.6.0RC4, php-5.3.29, php-5.5.16RC1, php-5.4.32RC1, php-5.3.29RC1, php-5.6.0RC3, php-5.5.15, php-5.4.31, php-5.4.31RC1, php-5.5.15RC1, php-5.6.0RC2, php-5.4.30, php-5.5.14
# 6d97b4b2 22-Jun-2014 Stanislav Malyshev

Better fix for bug #67072 with more BC provisions


# c42d5cf5 22-Jun-2014 Stanislav Malyshev

Better fix for bug #67072 with more BC provisions


Revision tags: php-5.6.0RC1
# e667d231 16-Jun-2014 Lior Kaplan

Update copyright year for re2c files as well


Revision tags: php-5.5.14RC1, php-5.4.30RC1, php-5.6.0beta4
# 20568e50 03-Jun-2014 Anatol Belski

Fixed regression introduced by patch for bug #67072

This applies to 5.4 and 5.5 only as a legacy fix.


Revision tags: php-5.4.29, php-5.5.13, php-5.5.13RC1, php-5.6.0beta3, php-5.4.29RC1, php-5.6.0beta2, php-5.5.12, php-5.4.28
# c2acdbdd 18-Apr-2014 Anatol Belski

Improved the fix for bug #67072, thanks Nikita


# 5328d428 17-Apr-2014 Anatol Belski

Fixed bug #67072 Echoing unserialized "SplFileObject" crash

The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callba

Fixed bug #67072 Echoing unserialized "SplFileObject" crash

The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.

show more ...


Revision tags: php-5.4.28RC1, php-5.5.12RC1, php-5.6.0beta1, php-5.4.27, php-5.5.11, php-5.5.11RC1, php-5.4.27RC1, php-5.5.10, php-5.4.26, php-5.6.0alpha3, php-5.4.26RC1, php-5.5.10RC1, php-5.6.0alpha2, php-5.5.9, php-5.4.25, php-5.5.9RC1, php-5.4.25RC1, php-5.6.0alpha1, php-5.5.8, php-5.4.24, php-5.4.24RC1, php-5.5.8RC1, php-5.5.7, php-5.4.23, php-5.3.28, php-5.5.7RC1, php-5.4.23RC1, php-5.4.22, php-5.5.6, php-5.4.22RC1, php-5.5.6RC1, php-5.4.21, php-5.5.5, php-5.4.21RC1, php-5.5.5RC1, php-5.5.4, php-5.4.20, php-5.5.4RC1, php-5.4.20RC1, php-5.5.3, php-5.4.19, php-5.5.2, php-5.4.18, php-5.5.2RC1, php-5.4.18RC2
# 1ac4d8f2 29-Jul-2013 Michael Wallner

fix bug #65481 (shutdown segfault due to serialize)


Revision tags: php-5.5.1, php-5.4.18RC1, php-5.3.27, php-5.4.17, php-5.5.0, php-5.3.27RC1, php-5.4.17RC1, php-5.5.0RC3, php-5.3.26, php-5.4.16, php-5.5.0RC2, php-5.3.26RC1, php-5.4.16RC1, php-5.5.0RC1, php-5.3.25, php-5.4.15, php-5.3.25RC1, php-5.5.0beta4, php-5.4.15RC1, php-5.4.14, php-5.3.24, php-5.5.0beta3, php-5.3.24RC1, php-5.4.14RC1, php-5.5.0beta2, php-5.5.0beta1, php-5.3.23, php-5.4.13
# f52b2e6a 09-Mar-2013 Xinchen Hui

Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail)

about the __sleep one, since php_serialize_* are all void function,
so,,only check exception at the v

Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail)

about the __sleep one, since php_serialize_* are all void function,
so,,only check exception at the very begining

show more ...


Revision tags: php-5.5.0alpha6, php-5.3.23RC1, php-5.4.13RC1, php-5.3.22, php-5.5.0alpha5, php-5.4.12, php-5.3.22RC2, php-5.4.12RC2, php-5.3.22RC1, php-5.4.12RC1, php-5.5.0alpha4
# 86c1a261 21-Jan-2013 Xinchen Hui

Merge fix of #62836 to ?.re, and regenerate ?.c


Revision tags: php-5.3.21, php-5.4.11, php-5.5.0alpha3, php-5.3.21RC1, php-5.4.11RC1
# 0a7395e0 01-Jan-2013 Xinchen Hui

Happy New Year


# a2045ff3 01-Jan-2013 Xinchen Hui

Happy New Year~


Revision tags: php-5.3.20, php-5.4.10, php-5.5.0alpha2, php-5.3.20RC1, php-5.4.10RC1, php-5.3.19, php-5.4.9, php-5.5.0alpha1, php-5.3.19RC1, php-5.4.9RC1, php-5.3.18, php-5.4.8, php-5.3.18RC1, php-5.4.8RC1, php-5.3.17, php-5.4.7, php-5.4.7RC1, php-5.3.16, php-5.4.6, php-5.4.6RC1, php-5.4.5, php-5.3.15, php-5.3.15RC1, php-5.4.5RC1, php-5.3.14, php-5.4.4, php-5.3.14RC2, php-5.4.4RC2, php-5.3.14RC1, php-5.4.4RC1, php-5.3.13, php-5.4.3, php-5.4.2, php-5.3.12, php-5.3.11, php-5.4.1, php-5.3.11RC2, php-5.4.1RC2, php-5.3.11RC1, php-5.4.1RC1, PHP-5.4.1-RC1, php-5.4.0
# ee772f60 28-Feb-2012 Pierre Joye

- fix bug #60879, unserialize does not invoke __wakeup


Revision tags: php-5.4.0RC8, php-5.3.10, php-5.4.0RC7, php-5.4.0RC6, php-5.3.9, php-5.4.0RC5
# e4ca0ed0 01-Jan-2012 Felipe Pena

- Year++


# 4e198252 01-Jan-2012 Felipe Pena

- Year++


Revision tags: php-5.3.9RC4, php-5.4.0RC4, php-5.3.9RC3, php-5.4.0RC3, php-5.3.9RC2, php-5.4.0RC2, php-5.4.0RC1
# 6781229e 09-Nov-2011 Felipe Pena

- Make valgrind happy with session_decode_error2.phpt


Revision tags: php-5.3.9RC1, php-5.4.0beta2
# b6921369 19-Oct-2011 Michael Wallner

Fix Bug #55801 Behavior of unserialize has changed:
(un)serialize in __wakeup/__sleep now use clean var_hashes


# d3fdacb9 28-Sep-2011 Gustavo André dos Santos Lopes

- Fixed #55798: serialize followed by unserialize with numeric object prop.
gives integer prop.


# ecfa660a 28-Sep-2011 Gustavo André dos Santos Lopes

- Fixed #55798: serialize followed by unserialize with numeric object prop.
gives integer prop.


12345