History log of /PHP-7.4/ext/filter/logical_filters.c (Results 1 – 25 of 141)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# dce5e561 31-Jan-2022 Christoph M. Becker

Fix #81708: UAF due to php_filter_float() failing for ints

We must only release the zval, if we actually assign a new zval.


# 288c25f7 20-Sep-2021 Christoph M. Becker

Fix #61700: FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing

It makes no sense to compare IPv6 address ranges as strings; there are
too many different representation possibilities.

Fix #61700: FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing

It makes no sense to compare IPv6 address ranges as strings; there are
too many different representation possibilities. Instead, we change
`_php_filter_validate_ipv6()` so that it can calculate the IP address
as integer array. We do not rely on `inet_pton()` which may not be
available everywhere, at least IPv6 support may not, but rather parse
the IP address manually. Finally, we compare the integers.

Note that this patch does not fix what we consider as reserved and
private, respectively, but merely tries to keep what we had so far.

Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>

Closes GH-7476.

show more ...


# 7bab67c2 28-Jun-2021 Stanislav Malyshev

Fix warning

(cherry picked from commit 190013787bbc424c240413d914e3a038f974ccef)


# a5538c62 14-Jun-2021 Christoph M. Becker

Fix #81122: SSRF bypass in FILTER_VALIDATE_URL

We need to ensure that the password detected by parse_url() is actually
a valid password; we can re-use is_userinfo_valid() for that.


# 4a89e726 19-Jan-2021 Christoph M. Becker

Alternative fix for bug 77423

That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the cha

Alternative fix for bug 77423

That bug report originally was about `parse_url()` misbehaving, but the
security aspect was actually only regarding `FILTER_VALIDATE_URL`.
Since the changes to `parse_url_ex()` apparently affect userland code
which is relying on the sloppy URL parsing[1], this alternative
restores the old parsing behavior, but ensures that the userinfo is
checked for correctness for `FILTER_VALIDATE_URL`.

[1] <https://github.com/php/php-src/commit/5174de7cd33c3d4fa591c9c93859ff9989b07e8c#commitcomment-45967652>

show more ...


Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28
# 07df6594 29-Mar-2019 Florian Berberich

Added range options to the float validation filter

php_filter_int (called via the constant FILTER_VALIDATE_INT) has the options min_range
and max_range. they allow the user to not only t

Added range options to the float validation filter

php_filter_int (called via the constant FILTER_VALIDATE_INT) has the options min_range
and max_range. they allow the user to not only test if a value is a double but also if
the value is inside a specific range. php_filter_float (called via the constant
FILTER_VALIDATE_FLOAT) didn't provide this yet, making validation of numeric but
not-only-int values more complicated for the user.
this commits implements the options min_range and max_range for the function
php_filter_float to fix this inconsistency.

show more ...


Revision tags: php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1
# 92ac598a 22-Jan-2019 Peter Kokot

Remove local variables

This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly

Remove local variables

This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.

A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.

This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.

With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.

Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files. All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.

show more ...


# 0cf7de1c 30-Jan-2019 Zeev Suraski

Remove yearly range from copyright notice


Revision tags: php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14
# 27e9c05e 26-Dec-2018 Nikita Popov

Remove preg_options param from pcre_get_compiled_regex()

This parameter is always zero and not necessary to call pcre2_match.

I'm leaving the parameter behind on the _ex() variant,

Remove preg_options param from pcre_get_compiled_regex()

This parameter is always zero and not necessary to call pcre2_match.

I'm leaving the parameter behind on the _ex() variant, so the preg_flags
are still accessible in some way.

show more ...


Revision tags: php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4
# bfaba831 11-Oct-2018 Nikita Popov

Remove HASH_OF uses in ext/filter

It turns out that all of these places ultimately only accept arrays,
not objects, so we can use Z_ARRVAL_P everywhere.

Also add _deref in a few

Remove HASH_OF uses in ext/filter

It turns out that all of these places ultimately only accept arrays,
not objects, so we can use Z_ARRVAL_P everywhere.

Also add _deref in a few places where the hash lookup result is
directly type-checked.

show more ...


Revision tags: php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2, php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1
# a5e80b22 25-Jul-2018 Peter Kokot

Fix typos in code comments


Revision tags: php-5.6.37, php-7.1.20, php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3
# 8d3f8ca1 03-Jul-2018 Peter Kokot

Remove unused Git attributes ident

The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
use

Remove unused Git attributes ident

The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.

In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.

This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.

show more ...


# c0407d95 16-Jul-2018 Christoph M. Becker

Deprecate explicit use of FILTER_FLAG_SCHEME|HOST_REQUIRED

As of PHP 5.2.1 FILTER_VALIDATE_URL implies FILTER_FLAG_SCHEME_REQUIRED
| FILTER_FLAG_HOST_REQUIRED, which makes these constant

Deprecate explicit use of FILTER_FLAG_SCHEME|HOST_REQUIRED

As of PHP 5.2.1 FILTER_VALIDATE_URL implies FILTER_FLAG_SCHEME_REQUIRED
| FILTER_FLAG_HOST_REQUIRED, which makes these constants useless at
best, if not even misleading. Therefore we deprecate the explicit use
of these constants for FILTER_VALIDATE_URL, to pave the way for their
eventual removal.

See <https://wiki.php.net/rfc/deprecations_php_7_3#filter_flag_scheme_required_and_filter_flag_host_required>.

show more ...


Revision tags: php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1
# 5eb1f92f 28-May-2018 Dmitry Stogov

Use zend_string_release_ex() instread of zend_string_release() in places, where we sure about string persistence.


Revision tags: php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1
# aed1e358 11-Mar-2018 Christoph M. Becker

Implement #51368: php_filter_float does not allow custom thousand separators

A set of hard-coded thousand separator characters (presently, `',.`) is
somewhat limited (users may prefer ot

Implement #51368: php_filter_float does not allow custom thousand separators

A set of hard-coded thousand separator characters (presently, `',.`) is
somewhat limited (users may prefer other separators, such as spaces or
underscores), as well as somewhat too liberal (arbitrary combinations
of different thousand separators are presently possible). Therefore we
introduce a `thousand` option analogous to `decimal`, which allows to
define the desired thousand separators as non-empty string, defaulting
to `',.`. While we easily could support empty strings here as well,
that would not make much sense, since this behavior can more easily be
accomplished by not setting the `FILTER_FLAG_ALLOW_THOUSAND` flag in
the first place.

show more ...


Revision tags: php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28, php-7.2.3RC1, php-7.1.15RC1, php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27
# a6519d05 02-Jan-2018 Xinchen Hui

year++


# 7a7ec01a 02-Jan-2018 Xinchen Hui

year++


# ccd4716e 02-Jan-2018 Xinchen Hui

year++


Revision tags: php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1, php-7.2.0, php-7.1.12, php-7.0.26
# 20d930d8 14-Nov-2017 Anatol Belski

Fix remaining signedness warnings


Revision tags: php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1, php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25
# a5bc5aed 12-Oct-2017 Anatol Belski

Patch core for PCRE2 support

RFC https://wiki.php.net/rfc/pcre2-migration


Revision tags: php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24, php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1, php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1
# 513b0093 06-Aug-2017 Xinchen Hui

Refactor php_url struct to save memory dup in common cases


Revision tags: php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1, php-5.6.31, php-7.0.21, php-7.1.7, php-7.2.0alpha3, php-7.1.7RC1, php-7.0.21RC1, php-7.2.0alpha2
# 40ecad34 19-Jun-2017 Dmitry Stogov

Fixed wrong usage of old ZPP API.


Revision tags: php-7.1.6, php-7.2.0alpha1, php-7.0.20, php-7.1.6RC1, php-7.0.20RC1, php-7.1.5, php-7.0.19, php-7.0.19RC1, php-7.1.5RC1, php-7.1.4, php-7.0.18, php-7.1.4RC1, php-7.0.18RC1, php-7.1.3, php-7.0.17, php-7.1.3RC1, php-7.0.17RC1, php-7.1.2, php-7.0.16, php-7.0.16RC1, php-7.1.2RC1, php-5.6.30, php-7.0.15, php-5.6.30RC1, php-7.1.1RC1, php-7.0.15RC1
# dac6c639 04-Jan-2017 Sammy Kaye Powers

Update copyright headers to 2017


# 478f119a 04-Jan-2017 Sammy Kaye Powers

Update copyright headers to 2017


# 9e29f841 02-Jan-2017 Sammy Kaye Powers

Update copyright headers to 2017


123456