6f18d7e2 | 27-Jul-2020 |
Christoph M. Becker |
Fix #77932: File extensions are case-sensitive The file extension to mime type mapping *must* not depend on the file extension's case for case-insensitive file systems, and *should* not
Fix #77932: File extensions are case-sensitive The file extension to mime type mapping *must* not depend on the file extension's case for case-insensitive file systems, and *should* not for case-sensitive file systems.
show more ...
|
874284d1 | 23-Jul-2020 |
George Wang |
Merge branch 'PHP-7.2' into PHP-7.3
|
c39f5fe9 | 23-Jul-2020 |
George Wang |
Security: update to LiteSpeed SAPI v7.7 to address an buffer overflow, and some log message tunings. |
15efb96d | 22-Jul-2020 |
Christoph M. Becker |
Fix #79884: PHP_CONFIG_FILE_PATH is meaningless It does not make sense to make assumptions about `PHP_CONFIG_FILE_PATH` during build time, since that value is never used during run time
Fix #79884: PHP_CONFIG_FILE_PATH is meaningless It does not make sense to make assumptions about `PHP_CONFIG_FILE_PATH` during build time, since that value is never used during run time on Windows. Since there is no `--with-config-file-path` on Windows either, we define `PHP_CONFIG_FILE_PATH` as `""`.
show more ...
|
6b99a8be | 22-Jul-2020 |
Christoph M. Becker |
Fix brittle test This test fails occasionally due to timing issues, because the session file may have been unlinked by the first `session_start()`'s GC. We adapt the test expectatio
Fix brittle test This test fails occasionally due to timing issues, because the session file may have been unlinked by the first `session_start()`'s GC. We adapt the test expectation to this reality.
show more ...
|
2c0a6977 | 21-Jul-2020 |
Christoph M. Becker |
7.3 is now 7.3.22-dev |
b2e3fd1e | 10-Jul-2020 |
Christoph M. Becker |
Fix #63527: DCOM does not work with Username, Password parameter We must not mix multibyte and wide character strings in the `COAUTHIDENTITY` structure. Using wide character strings thr
Fix #63527: DCOM does not work with Username, Password parameter We must not mix multibyte and wide character strings in the `COAUTHIDENTITY` structure. Using wide character strings throughout would have the advantage that the remote connection can be established regardless of the code page of the server, but that would more likely break BC, so we just drop the wide character string conversion of the username.
show more ...
|
2c57378b | 14-Jul-2020 |
Andy Postnikov |
Fix bug #78008: dns_check_record() always return true on Alpine - free handle before return result - cleaned up remaining usage of MAXPACKET - update dns_get_mx() to use the same app
Fix bug #78008: dns_check_record() always return true on Alpine - free handle before return result - cleaned up remaining usage of MAXPACKET - update dns_get_mx() to use the same approach Closes GH-5854.
show more ...
|
ce149b0c | 13-Jul-2020 |
Evgeny Stepanischev |
Fixed bug #79849 Closes GH-5853. |
f0b2c2cb | 11-Jul-2020 |
twosee |
Fixed BC break of php_debug_zval_dump It introduced by fixing bug #79830 |
56dec3cc | 11-Jul-2020 |
twosee |
Fixed bug #79830 introduced by fixing bug #79821 This also fixes memory error in debug_zval_dump and var_export. |
150504e6 | 10-Jul-2020 |
twosee |
Fixed bug #79821 HashTable was reallocated (zend_hash_packed_grow) during php_var_dump, so we should call GC_ADDREF to make SEPARATE_ARRAY work. Closes GH-5837. |
a72c53a0 | 10-Jul-2020 |
Nikita Popov |
Fixed bug #79817 Use *_IND macros in a few places in string.c. |
23ef0a12 | 03-Jul-2020 |
Paweł Tomulik |
Fix some memory bugs in ldap.c |
3d5de7d7 | 04-Jul-2020 |
XXiang |
Fix bug #79787 Closes GH-5807. |
e6160e99 | 03-Jun-2020 |
Nikita Popov |
Report len as -1 instead of INT_MAX Per docs it should be -1. And would be on 32-bit systems, but not on 64-bit systems. (cherry picked from commit 39111585a2f8e40e72bdc662eb8b2
Report len as -1 instead of INT_MAX Per docs it should be -1. And would be on 32-bit systems, but not on 64-bit systems. (cherry picked from commit 39111585a2f8e40e72bdc662eb8b2e3c19e93615)
show more ...
|
f23bd488 | 07-Jul-2020 |
Christoph M. Becker |
Don't use deprecated curly brace offset syntax (cherry picked from commit 7ec3aa1871074f5de25865af42c984a7668eb85f) Better safe than sorry in case someone ever builds PHP 7.3 with a
Don't use deprecated curly brace offset syntax (cherry picked from commit 7ec3aa1871074f5de25865af42c984a7668eb85f) Better safe than sorry in case someone ever builds PHP 7.3 with a future version of PHP SDK with bundled PHP 8.
show more ...
|
64931fd3 | 07-Jul-2020 |
Nikita Popov |
Fixed bug #79792 We need to remove the iterators even if the array is empty (we will not create one if the first place, but the array may become empty after the fact). |
b765f96f | 07-Jul-2020 |
Nikita Popov |
Fixed bug #79778 In the interest of avoiding side-effects during dumping, I'm replacing the value with a <constant ast> string instead of performing an update constant operation. |
187a72d5 | 30-Jun-2020 |
Nikita Popov |
Remove bogus generator iterator dtor Fixes a use-after-free encountered in Symfony's SecurityBundle. I don't have a reproducer for this, and believe the issue can only occur if we le
Remove bogus generator iterator dtor Fixes a use-after-free encountered in Symfony's SecurityBundle. I don't have a reproducer for this, and believe the issue can only occur if we leak an iterator (the leak is a separate issue). We should not free the generator iterator here, because we do not own it. The code that fetched the iterator is responsible for releasing it. In the rare case where we do hit this code-path, we cause a use-after-free.
show more ...
|
fc6f53d4 | 30-Jun-2020 |
Nikita Popov |
Fix leak when setting cyclic previous exception in finally A curious exception handling pattern found in Symfony's HttpClient. |
7f3bc642 | 05-Mar-2020 |
Christoph M. Becker |
Fix #70362: Can't copy() large 'data://' with open_basedir open_basedir is only relevant for plain files, so there is no need to check it for other URL wrappers. |
a385cfa7 | 29-Jun-2020 |
Christoph M. Becker |
Fix #63208: BSTR to PHP string conversion not binary safe A `BSTR` is similar to a `zend_string`; it stores the length of the string just before the actual string, and thus the string ma
Fix #63208: BSTR to PHP string conversion not binary safe A `BSTR` is similar to a `zend_string`; it stores the length of the string just before the actual string, and thus the string may contain NUL bytes. However, `php_com_olestring_to_string()` is supposed to deal with arbitrary `OLECHAR*`s which may not be `BSTR`s, so we introduce `php_com_bstr_to_string()` and use it for the only case where we actually have to deal with `BSTR`s which may contain NUL bytes. Contrary to `php_com_olestring_to_string()` we return a `zend_string`, so we can save the re-allocation when converting to a `zval`. We also cater to `php_com_string_to_olestring()` not being binary safe, with basically the same fix we did for `php_com_olestring_to_string()`.
show more ...
|
816b4c12 | 29-Jun-2020 |
Christoph M. Becker |
Fix #79756: finfo_file crash (FILEINFO_MIME) If `ctime` or `asctime` return `NULL`, we must not attempt to copy the buffer, but rather return `NULL` as well. |
43cd3f68 | 26-Jun-2020 |
Nikita Popov |
Fixed bug #79741 |