History log of /PHP-5.5/ext/standard/var_unserializer.c (Results 1 – 25 of 144)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1, php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14, php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4, php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2, php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1, php-5.6.37, php-7.1.20, php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3, php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1, php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1, php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28, php-7.2.3RC1, php-7.1.15RC1, php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27, php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1, php-7.2.0, php-7.1.12, php-7.0.26, php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1, php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25, php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24, php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1, php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1, php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1, php-5.6.31, php-7.0.21, php-7.1.7, php-7.2.0alpha3, php-7.1.7RC1, php-7.0.21RC1, php-7.2.0alpha2, php-7.1.6, php-7.2.0alpha1, php-7.0.20, php-7.1.6RC1, php-7.0.20RC1, php-7.1.5, php-7.0.19, php-7.0.19RC1, php-7.1.5RC1, php-7.1.4, php-7.0.18, php-7.1.4RC1, php-7.0.18RC1, php-7.1.3, php-7.0.17, php-7.1.3RC1, php-7.0.17RC1, php-7.1.2, php-7.0.16, php-7.0.16RC1, php-7.1.2RC1, php-5.6.30, php-7.0.15, php-5.6.30RC1, php-7.1.1RC1, php-7.0.15RC1, php-7.1.1, php-5.6.29, php-7.0.14, php-7.1.0, php-5.6.29RC1, php-7.0.14RC1, php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27, php-7.0.12, php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11, php-5.6.26RC1, php-7.1.0RC1, php-7.0.11RC1, php-7.1.0beta3, php-5.6.25, php-7.0.10, php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1, php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38, php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1, php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37, php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1, php-5.6.22, php-5.5.36, php-7.0.7, php-5.6.22RC1, php-7.0.7RC1, php-7.0.6, php-5.6.21, php-5.5.35, php-5.6.21RC1, php-7.0.6RC1, php-5.6.20, php-5.5.34, php-7.0.5, php-5.6.20RC1, php-7.0.5RC1, php-5.6.19, php-5.5.33, php-7.0.4, php-5.6.19RC1, php-7.0.4RC1, php-5.6.18, php-7.0.3, php-5.5.32, php-5.6.18RC1, php-7.0.3RC1, php-5.6.17, php-5.5.31, php-7.0.2, php-7.0.2RC1, php-5.6.17RC1, php-7.0.1RC1, php-7.0.0, php-5.6.16, php-7.0.0RC8, php-7.0.0RC7, php-5.6.16RC1, php-5.6.15, php-7.0.0RC6, php-7.0.1, php-5.6.15RC1, php-7.0.0RC5, php-5.5.30, php-5.6.14, php-7.0.0RC4, php-5.6.14RC1, php-7.0.0RC3, php-5.6.13, php-7.0.0RC2, php-5.5.29, php-5.4.45
# e8429400 01-Sep-2015 Stanislav Malyshev

Fix bug #70172 - Use After Free Vulnerability in unserialize()
# df4bf28f 23-Aug-2015 Stanislav Malyshev

Fix bug #70219 (Use after free vulnerability in session deserializer)
Revision tags: php-5.6.13RC1, php-7.0.0RC1, php-5.6.12, php-5.5.28, php-7.0.0beta3, php-5.4.44, php-5.6.12RC1, php-7.0.0beta2, php-7.0.0beta1, php-5.6.11, php-5.5.27, php-5.4.43, php-5.6.11RC1, php-5.5.27RC1, php-7.0.0alpha2, php-5.5.26, php-7.0.0alpha1, php-5.6.10, php-5.4.42, POST_PHP7_NSAPI_REMOVAL, PRE_PHP7_NSAPI_REMOVAL, php-5.6.10RC1, php-5.5.26RC1, php-5.5.25, php-5.6.9, php-5.4.41, php-5.6.9RC1, php-5.5.25RC1, php-5.6.8, php-5.5.24, php-5.4.40, php-5.6.8RC1, php-5.5.24RC1, php-5.6.7, php-5.5.23, php-5.4.39
# 646572d6 17-Mar-2015 Stanislav Malyshev

Fixed bug #68976 - Use After Free Vulnerability in unserialize()
Revision tags: php-5.6.7RC1, php-5.5.23RC1, POST_PHP7_EREG_MYSQL_REMOVALS, PRE_PHP7_EREG_MYSQL_REMOVALS
# caebb761 01-Mar-2015 Xinchen Hui

Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize)
Revision tags: php-5.6.6, php-5.5.22, php-5.4.38, POST_PHP7_REMOVALS, PRE_PHP7_REMOVALS, php-5.6.6RC1, php-5.5.22RC1, php-5.5.21, php-5.6.5, php-5.4.37
# 73c1be26 15-Jan-2015 Xinchen Hui

Bump year
Revision tags: php-5.5.21RC1, php-5.6.5RC1
# b585a3ae 02-Jan-2015 Stanislav Malyshev

Fix for bug #68710 (Use After Free Vulnerability in PHP's unserialize())
Revision tags: POST_NATIVE_TLS_MERGE, PRE_NATIVE_TLS_MERGE, php-5.5.20, php-5.4.36, php-5.6.4
# 630f9c33 12-Dec-2014 Stanislav Malyshev

Fix bug #68594 - Use after free vulnerability in unserialize()
# 13f1c276 10-Dec-2014 Anatol Belski

Fixed bug #68545 NULL pointer dereference in unserialize.c
# 20d93534 10-Dec-2014 Anatol Belski

Fixed bug #68545 NULL pointer dereference in unserialize.c
Revision tags: php-5.6.4RC1, php-5.5.20RC1, php-5.6.3, php-5.5.19, php-5.4.35, php-5.6.3RC1, php-5.5.19RC1, php-5.5.18, php-5.4.34, php-5.5.18RC1, php-5.6.1
# 9aa90145 28-Sep-2014 Stanislav Malyshev

Fixed bug #68044: Integer overflow in unserialize() (32-bits only)
# 56754a7f 28-Sep-2014 Stanislav Malyshev

Fixed bug #68044: Integer overflow in unserialize() (32-bits only)
Revision tags: php-5.6.2, php-5.4.33, php-5.5.17, php-5.6.1RC1, php-5.5.17RC1, php-5.4.33RC1, php-5.6.0, POST_AST_MERGE, PRE_AST_MERGE, POST_64BIT_BRANCH_MERGE, PRE_64BIT_BRANCH_MERGE, php-5.5.16, php-5.4.32, POST_PHPNG_MERGE, PRE_PHPNG_MERGE, php-5.6.0RC4, php-5.3.29, php-5.5.16RC1, php-5.4.32RC1, php-5.3.29RC1, php-5.6.0RC3, php-5.5.15, php-5.4.31, php-5.4.31RC1, php-5.5.15RC1, php-5.6.0RC2, php-5.4.30, php-5.5.14
# 6d97b4b2 22-Jun-2014 Stanislav Malyshev

Better fix for bug #67072 with more BC provisions
# 342240fd 22-Jun-2014 Stanislav Malyshev

Better fix for bug #67072 with more BC provisions
# c42d5cf5 22-Jun-2014 Stanislav Malyshev

Better fix for bug #67072 with more BC provisions
Revision tags: php-5.6.0RC1
# 6f3bcb0d 16-Jun-2014 Lior Kaplan

Update copyright year for re2c generated files
Revision tags: php-5.5.14RC1, php-5.4.30RC1, php-5.6.0beta4
# 20568e50 03-Jun-2014 Anatol Belski

Fixed regression introduced by patch for bug #67072

This applies to 5.4 and 5.5 only as a legacy fix.
Revision tags: php-5.4.29, php-5.5.13, php-5.5.13RC1, php-5.6.0beta3, php-5.4.29RC1, php-5.6.0beta2, php-5.5.12, php-5.4.28
# c2acdbdd 18-Apr-2014 Anatol Belski

Improved the fix for bug #67072, thanks Nikita
# 5328d428 17-Apr-2014 Anatol Belski

Fixed bug #67072 Echoing unserialized "SplFileObject" crash

The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callba

Fixed bug #67072 Echoing unserialized "SplFileObject" crash

The actual issue lays in the unserializer code which doesn't honor
the unserialize callback. By contrast, the serialize callback is
respected. This leads to the situation that even if a class has
disabled the serialization explicitly, user could still construct
a vulnerable string which would result bad things when trying
to unserialize.

This conserns also the classes implementing Serializable as well
as some core classes disabling serialize/unserialize callbacks
explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
flow is first to call the unserialize callback (if available),
then call __wakeup. If the unserialize callback returns with no
success, no object is instantiated. This makes the scheme used
by internal classes effective, to disable unserialize just assign
zend_class_unserialize_deny as callback.

show more ...


Revision tags: php-5.4.28RC1, php-5.5.12RC1, php-5.6.0beta1, php-5.4.27, php-5.5.11, php-5.5.11RC1, php-5.4.27RC1, php-5.5.10, php-5.4.26, php-5.6.0alpha3, php-5.4.26RC1, php-5.5.10RC1, php-5.6.0alpha2, php-5.5.9, php-5.4.25, php-5.5.9RC1, php-5.4.25RC1, php-5.6.0alpha1, php-5.5.8, php-5.4.24
# 47c90277 03-Jan-2014 Xinchen Hui

Bump year
# c0d060f5 03-Jan-2014 Xinchen Hui

Bump year
Revision tags: php-5.4.24RC1, php-5.5.8RC1, php-5.5.7, php-5.4.23, php-5.3.28, php-5.5.7RC1, php-5.4.23RC1, php-5.4.22, php-5.5.6, php-5.4.22RC1, php-5.5.6RC1, php-5.4.21, php-5.5.5, php-5.4.21RC1, php-5.5.5RC1, php-5.5.4, php-5.4.20, php-5.5.4RC1, php-5.4.20RC1, php-5.5.3, php-5.4.19, php-5.5.2, php-5.4.18, php-5.5.2RC1, php-5.4.18RC2
# 1ac4d8f2 29-Jul-2013 Michael Wallner

fix bug #65481 (shutdown segfault due to serialize)
Revision tags: php-5.5.1, php-5.4.18RC1, php-5.3.27, php-5.4.17, php-5.5.0, php-5.3.27RC1, php-5.4.17RC1, php-5.5.0RC3, php-5.3.26, php-5.4.16, php-5.5.0RC2, php-5.3.26RC1, php-5.4.16RC1, php-5.5.0RC1, php-5.3.25, php-5.4.15, php-5.3.25RC1, php-5.5.0beta4, php-5.4.15RC1, php-5.4.14, php-5.3.24, php-5.5.0beta3, php-5.3.24RC1, php-5.4.14RC1, php-5.5.0beta2, php-5.5.0beta1, php-5.3.23, php-5.4.13
# f52b2e6a 09-Mar-2013 Xinchen Hui

Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail)

about the __sleep one, since php_serialize_* are all void function,
so,,only check exception at the v

Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail)

about the __sleep one, since php_serialize_* are all void function,
so,,only check exception at the very begining

show more ...


Revision tags: php-5.5.0alpha6, php-5.3.23RC1, php-5.4.13RC1, php-5.3.22, php-5.5.0alpha5, php-5.4.12, php-5.3.22RC2, php-5.4.12RC2, php-5.3.22RC1, php-5.4.12RC1, php-5.5.0alpha4
# 86c1a261 21-Jan-2013 Xinchen Hui

Merge fix of #62836 to ?.re, and regenerate ?.c
Revision tags: php-5.3.21, php-5.4.11, php-5.5.0alpha3, php-5.3.21RC1, php-5.4.11RC1
# a666285b 01-Jan-2013 Xinchen Hui

Happy New Year
# 0a7395e0 01-Jan-2013 Xinchen Hui

Happy New Year

123456