| #
a5538c62 |
| 14-Jun-2021 |
Christoph M. Becker |
Fix #81122: SSRF bypass in FILTER_VALIDATE_URL
We need to ensure that the password detected by parse_url() is actually
a valid password; we can re-use is_userinfo_valid() for that.
|
| #
4a89e726 |
| 19-Jan-2021 |
Christoph M. Becker |
Alternative fix for bug 77423
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the cha
Alternative fix for bug 77423
That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.
[1] <https://github.com/php/php-src/commit/5174de7cd33c3d4fa591c9c93859ff9989b07e8c#commitcomment-45967652>
show more ...
|
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1, php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14, php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4, php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2, php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1 |
|
| #
a5e80b22 |
| 25-Jul-2018 |
Peter Kokot |
Fix typos in code comments
|
|
Revision tags: php-5.6.37, php-7.1.20, php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3 |
|
| #
8d3f8ca1 |
| 03-Jul-2018 |
Peter Kokot |
Remove unused Git attributes ident
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
use
Remove unused Git attributes ident
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.
In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.
This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
show more ...
|
| #
c0407d95 |
| 16-Jul-2018 |
Christoph M. Becker |
Deprecate explicit use of FILTER_FLAG_SCHEME|HOST_REQUIRED
As of PHP 5.2.1 FILTER_VALIDATE_URL implies FILTER_FLAG_SCHEME_REQUIRED
| FILTER_FLAG_HOST_REQUIRED, which makes these constant
Deprecate explicit use of FILTER_FLAG_SCHEME|HOST_REQUIRED
As of PHP 5.2.1 FILTER_VALIDATE_URL implies FILTER_FLAG_SCHEME_REQUIRED
| FILTER_FLAG_HOST_REQUIRED, which makes these constants useless at
best, if not even misleading. Therefore we deprecate the explicit use
of these constants for FILTER_VALIDATE_URL, to pave the way for their
eventual removal.
See <https://wiki.php.net/rfc/deprecations_php_7_3#filter_flag_scheme_required_and_filter_flag_host_required>.
show more ...
|
|
Revision tags: php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1 |
|
| #
5eb1f92f |
| 28-May-2018 |
Dmitry Stogov |
Use zend_string_release_ex() instread of zend_string_release() in places, where we sure about string persistence.
|
|
Revision tags: php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1 |
|
| #
aed1e358 |
| 11-Mar-2018 |
Christoph M. Becker |
Implement #51368: php_filter_float does not allow custom thousand separators
A set of hard-coded thousand separator characters (presently, `',.`) is
somewhat limited (users may prefer ot
Implement #51368: php_filter_float does not allow custom thousand separators
A set of hard-coded thousand separator characters (presently, `',.`) is
somewhat limited (users may prefer other separators, such as spaces or
underscores), as well as somewhat too liberal (arbitrary combinations
of different thousand separators are presently possible). Therefore we
introduce a `thousand` option analogous to `decimal`, which allows to
define the desired thousand separators as non-empty string, defaulting
to `',.`. While we easily could support empty strings here as well,
that would not make much sense, since this behavior can more easily be
accomplished by not setting the `FILTER_FLAG_ALLOW_THOUSAND` flag in
the first place.
show more ...
|
|
Revision tags: php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28, php-7.2.3RC1, php-7.1.15RC1, php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27 |
|
| #
a6519d05 |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
| #
7a7ec01a |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
| #
ccd4716e |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
|
Revision tags: php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1, php-7.2.0, php-7.1.12, php-7.0.26 |
|
| #
20d930d8 |
| 14-Nov-2017 |
Anatol Belski |
Fix remaining signedness warnings
|
|
Revision tags: php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1, php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25 |
|
| #
a5bc5aed |
| 12-Oct-2017 |
Anatol Belski |
Patch core for PCRE2 support
RFC https://wiki.php.net/rfc/pcre2-migration
|
|
Revision tags: php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24, php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1, php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1 |
|
| #
513b0093 |
| 06-Aug-2017 |
Xinchen Hui |
Refactor php_url struct to save memory dup in common cases
|
|
Revision tags: php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1, php-5.6.31, php-7.0.21, php-7.1.7, php-7.2.0alpha3, php-7.1.7RC1, php-7.0.21RC1, php-7.2.0alpha2 |
|
| #
40ecad34 |
| 19-Jun-2017 |
Dmitry Stogov |
Fixed wrong usage of old ZPP API.
|
|
Revision tags: php-7.1.6, php-7.2.0alpha1, php-7.0.20, php-7.1.6RC1, php-7.0.20RC1, php-7.1.5, php-7.0.19, php-7.0.19RC1, php-7.1.5RC1, php-7.1.4, php-7.0.18, php-7.1.4RC1, php-7.0.18RC1, php-7.1.3, php-7.0.17, php-7.1.3RC1, php-7.0.17RC1, php-7.1.2, php-7.0.16, php-7.0.16RC1, php-7.1.2RC1, php-5.6.30, php-7.0.15, php-5.6.30RC1, php-7.1.1RC1, php-7.0.15RC1 |
|
| #
dac6c639 |
| 04-Jan-2017 |
Sammy Kaye Powers |
Update copyright headers to 2017
|
| #
478f119a |
| 04-Jan-2017 |
Sammy Kaye Powers |
Update copyright headers to 2017
|
| #
9e29f841 |
| 02-Jan-2017 |
Sammy Kaye Powers |
Update copyright headers to 2017
|
|
Revision tags: php-7.1.1, php-5.6.29, php-7.0.14, php-7.1.0, php-5.6.29RC1, php-7.0.14RC1, php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27, php-7.0.12, php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11, php-5.6.26RC1 |
|
| #
9834978a |
| 01-Sep-2016 |
Julien Pauli |
Fix #72972, Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE
|
|
Revision tags: php-7.1.0RC1, php-7.0.11RC1, php-7.1.0beta3, php-5.6.25, php-7.0.10, php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1, php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38 |
|
| #
7f3375d5 |
| 18-Jul-2016 |
Anatol Belski |
make constant name more descriptive
|
| #
cb42fc34 |
| 18-Jul-2016 |
Anatol Belski |
fix regex decls and c89 compat
|
|
Revision tags: php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1, php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37, php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1, php-5.6.22, php-5.5.36, php-7.0.7, php-5.6.22RC1, php-7.0.7RC1, php-7.0.6, php-5.6.21, php-5.5.35, php-5.6.21RC1, php-7.0.6RC1, php-5.6.20, php-5.5.34, php-7.0.5, php-5.6.20RC1, php-7.0.5RC1, php-5.6.19, php-5.5.33, php-7.0.4, php-5.6.19RC1, php-7.0.4RC1, php-5.6.18, php-7.0.3, php-5.5.32, php-5.6.18RC1, php-7.0.3RC1, php-5.6.17, php-5.5.31, php-7.0.2, php-7.0.2RC1, php-5.6.17RC1, php-7.0.1RC1, php-7.0.0, php-5.6.16, php-7.0.0RC8, php-7.0.0RC7, php-5.6.16RC1, php-5.6.15, php-7.0.0RC6, php-7.0.1 |
|
| #
8f405070 |
| 15-Oct-2015 |
Leo Feyer |
Support Unicode characters in the local part of an e-mail address.
See RFC 6531 (https://tools.ietf.org/html/rfc6531).
Encode IDNA domains.
Add the missing "Done" to the ex
Support Unicode characters in the local part of an e-mail address.
See RFC 6531 (https://tools.ietf.org/html/rfc6531).
Encode IDNA domains.
Add the missing "Done" to the expected output.
Add the FILTER_FLAG_EMAIL_RFC6531 flag.
Fix the filter_var() call.
show more ...
|
| #
6fc78175 |
| 24-Jun-2016 |
Jos Elstgeest |
update filter_var filters for ipv4 addresses to reflect rfc6890
|
| #
323b2733 |
| 21-Jun-2016 |
Dmitry Stogov |
Fixed compilation warnings
|
| #
49493a2d |
| 01-Jan-2016 |
Lior Kaplan |
Happy new year (Update copyright to 2016)
|
|
Revision tags: php-5.6.15RC1, php-7.0.0RC5, php-5.5.30, php-5.6.14, php-7.0.0RC4, php-5.6.14RC1, php-7.0.0RC3, php-5.6.13, php-7.0.0RC2, php-5.5.29, php-5.4.45, php-5.6.13RC1, php-7.0.0RC1, php-5.6.12, php-5.5.28, php-7.0.0beta3, php-5.4.44, php-5.6.12RC1, php-7.0.0beta2, php-7.0.0beta1, php-5.6.11, php-5.5.27, php-5.4.43, php-5.6.11RC1, php-5.5.27RC1, php-7.0.0alpha2, php-5.5.26, php-7.0.0alpha1, php-5.6.10, php-5.4.42, POST_PHP7_NSAPI_REMOVAL, PRE_PHP7_NSAPI_REMOVAL, php-5.6.10RC1, php-5.5.26RC1, php-5.5.25, php-5.6.9, php-5.4.41, php-5.6.9RC1, php-5.5.25RC1, php-5.6.8, php-5.5.24, php-5.4.40, php-5.6.8RC1, php-5.5.24RC1, php-5.6.7, php-5.5.23, php-5.4.39, php-5.6.7RC1, php-5.5.23RC1, POST_PHP7_EREG_MYSQL_REMOVALS, PRE_PHP7_EREG_MYSQL_REMOVALS, php-5.6.6, php-5.5.22, php-5.4.38, POST_PHP7_REMOVALS, PRE_PHP7_REMOVALS, php-5.6.6RC1, php-5.5.22RC1 |
|
| #
f6508f9f |
| 30-Jan-2015 |
Michael Wallner |
fix warnings
|
