#
ec10b28d |
| 27-Jan-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix array overrun when appending slash to paths Fix it by extending the array sizes by one character. As the input is limited to the maximum path length, there will always be place to ap
Fix array overrun when appending slash to paths Fix it by extending the array sizes by one character. As the input is limited to the maximum path length, there will always be place to append the slash. As the php_check_specific_open_basedir() simply uses the strings to compare against each other, no new failures related to too long paths are introduced. We'll let the DOM and XML case handle a potentially too long path in the library code.
show more ...
|
#
ee9e0754 |
| 21-May-2021 |
Christoph M. Becker |
Fix #76359: open_basedir bypass through adding ".." We explicitly forbid adding paths with a leading `..` to `open_basedir` at runtime. Closes GH-7024.
|
#
ee7a8acd |
| 19-May-2021 |
Nikita Popov |
Fix handling of open_basedir that contains cwd While resolving the path, the last step will reduce it down to "" (an empty string) and realpath() will resolve this to getcwd(). If op
Fix handling of open_basedir that contains cwd While resolving the path, the last step will reduce it down to "" (an empty string) and realpath() will resolve this to getcwd(). If open_basedir contains the CWD, then that means open_basedir will be bypassed for paths that don't have any components that exist (if one of the components exists, then we abort the realpath loop at that point). Closes GH-7015.
show more ...
|
Revision tags: php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23, php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1, php-8.0.0beta3, php-7.4.10, php-7.3.22, php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1, php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21, php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1, php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20 |
|
#
2b5de6f8 |
| 01-Jul-2020 |
Max Semenik |
Remove proto comments from C files Closes GH-5758
|
Revision tags: php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1, php-7.4.7, php-7.3.19, php-7.4.7RC1, php-7.3.19RC1, php-7.4.6, php-7.2.31, php-7.4.6RC1, php-7.3.18RC1 |
|
#
41c7d28c |
| 27-Apr-2020 |
Nikita Popov |
Add macro to get ini target address
|
Revision tags: php-7.2.30, php-7.4.5, php-7.3.17, php-7.4.5RC1, php-7.3.17RC1, php-7.3.18, php-7.4.4, php-7.2.29, php-7.3.16, php-7.4.4RC1, php-7.3.16RC1, php-7.4.3, php-7.2.28, php-7.3.15RC1, php-7.4.3RC1, php-7.3.15, php-7.2.27, php-7.4.2, php-7.3.14, php-7.3.14RC1, php-7.4.2RC1 |
|
#
003be875 |
| 30-Dec-2019 |
Nikita Popov |
Make url_stats in resolve_path quiet These stats are used to check whether the file exists -- they should not generate errors. Having the flag set is particularly important for custo
Make url_stats in resolve_path quiet These stats are used to check whether the file exists -- they should not generate errors. Having the flag set is particularly important for custom stream wrappers.
show more ...
|
#
f77747b0 |
| 30-Dec-2019 |
Nikita Popov |
Properly propagate url_stat exceptions during include Make sure we abort operations early, and that we don't emit additional warnings or errors if an exception has been thrown.
|
Revision tags: php-7.4.1, php-7.2.26, php-7.3.13, php-7.4.1RC1, php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3 |
|
#
5d6e923d |
| 24-Sep-2019 |
Gabriel Caruso |
Remove mention of PHP major version in Copyright headers Closes GH-4732.
|
Revision tags: php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1 |
|
#
92ac598a |
| 22-Jan-2019 |
Peter Kokot |
Remove local variables This patch removes the so called local variables defined per file basis for certain editors to properly show tab width, and similar settings. These are mainly
Remove local variables This patch removes the so called local variables defined per file basis for certain editors to properly show tab width, and similar settings. These are mainly used by Vim and Emacs editors yet with recent changes the once working definitions don't work anymore in Vim without custom plugins or additional configuration. Neither are these settings synced across the PHP code base. A simpler and better approach is EditorConfig and fixing code using some code style fixing tools in the future instead. This patch also removes the so called modelines for Vim. Modelines allow Vim editor specifically to set some editor configuration such as syntax highlighting, indentation style and tab width to be set in the first line or the last 5 lines per file basis. Since the php test files have syntax highlighting already set in most editors properly and EditorConfig takes care of the indentation settings, this patch removes these as well for the Vim 6.0 and newer versions. With the removal of local variables for certain editors such as Emacs and Vim, the footer is also probably not needed anymore when creating extensions using ext_skel.php script. Additionally, Vim modelines for setting php syntax and some editor settings has been removed from some *.phpt files. All these are mostly not relevant for phpt files neither work properly in the middle of the file.
show more ...
|
#
0cf7de1c |
| 30-Jan-2019 |
Zeev Suraski |
Remove yearly range from copyright notice
|
#
38c337f2 |
| 30-Jan-2019 |
Zeev Suraski |
Remove year range from copyright notice
|
Revision tags: php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14, php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4, php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2, php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1, php-5.6.37, php-7.1.20, php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3 |
|
#
8d3f8ca1 |
| 03-Jul-2018 |
Peter Kokot |
Remove unused Git attributes ident The $Id$ keywords were used in Subversion where they can be substituted with filename, last revision number change, last changed date, and last use
Remove unused Git attributes ident The $Id$ keywords were used in Subversion where they can be substituted with filename, last revision number change, last changed date, and last user who changed it. In Git this functionality is different and can be done with Git attribute ident. These need to be defined manually for each file in the .gitattributes file and are afterwards replaced with 40-character hexadecimal blob object name which is based only on the particular file contents. This patch simplifies handling of $Id$ keywords by removing them since they are not used anymore.
show more ...
|
Revision tags: php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1 |
|
#
5eb1f92f |
| 28-May-2018 |
Dmitry Stogov |
Use zend_string_release_ex() instread of zend_string_release() in places, where we sure about string persistence.
|
Revision tags: php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1, php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28, php-7.2.3RC1, php-7.1.15RC1, php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27 |
|
#
a6519d05 |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
#
7a7ec01a |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
#
ccd4716e |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
Revision tags: php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1, php-7.2.0, php-7.1.12, php-7.0.26, php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1, php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25, php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24, php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1, php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1, php-7.1.8, php-7.2.0beta2, php-7.0.22 |
|
#
49d9b301 |
| 26-Jul-2017 |
Anatol Belski |
Move cwd_state and path related routines to size_t Having `int` there is no real profit in the size or speed, while unsigned improves security and overall integration. ZPP supplied strin
Move cwd_state and path related routines to size_t Having `int` there is no real profit in the size or speed, while unsigned improves security and overall integration. ZPP supplied strings can be then accepted directly and structs can be still handled with smaller unsigned types for size reasons, which is safe. Yet some related places are to go. basic move tsrm_realpath_r to size_t fix conditions and sync with affected places touch ocurrences of php_sys_readlink usage follow up on phar path handling remove duplicated check move zend_resolve_path and related pieces to size_t touch yet resolve path related places remove cast missing pieces missing piece yet cleanups for php_sys_readlink for ssize_t fix wrong return
show more ...
|
Revision tags: php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1 |
|
#
72b0a3a8 |
| 09-Jul-2017 |
Anatol Belski |
remove some casts
|
Revision tags: php-5.6.31, php-7.0.21, php-7.1.7, php-7.2.0alpha3, php-7.1.7RC1, php-7.0.21RC1, php-7.2.0alpha2, php-7.1.6, php-7.2.0alpha1, php-7.0.20, php-7.1.6RC1, php-7.0.20RC1, php-7.1.5, php-7.0.19, php-7.0.19RC1, php-7.1.5RC1, php-7.1.4, php-7.0.18 |
|
#
4bebcb84 |
| 10-Apr-2017 |
Xinchen Hui |
Fixed condition check
|
Revision tags: php-7.1.4RC1, php-7.0.18RC1 |
|
#
932c4b35 |
| 16-Mar-2017 |
Thomas Punt |
Remove more unnecessary checks on Zend's allocator functions
|
Revision tags: php-7.1.3, php-7.0.17, php-7.1.3RC1, php-7.0.17RC1, php-7.1.2, php-7.0.16, php-7.0.16RC1, php-7.1.2RC1, php-5.6.30, php-7.0.15, php-5.6.30RC1, php-7.1.1RC1, php-7.0.15RC1 |
|
#
dac6c639 |
| 04-Jan-2017 |
Sammy Kaye Powers |
Update copyright headers to 2017
|
#
478f119a |
| 04-Jan-2017 |
Sammy Kaye Powers |
Update copyright headers to 2017
|
#
9e29f841 |
| 02-Jan-2017 |
Sammy Kaye Powers |
Update copyright headers to 2017
|
Revision tags: php-7.1.1, php-5.6.29, php-7.0.14, php-7.1.0, php-5.6.29RC1, php-7.0.14RC1 |
|
#
2104bea5 |
| 12-Nov-2016 |
Kalle Sommer Nielsen |
Remove Netware support If this does not break the Unix system somehow, I'll be amazed. This should get most of it out, apologies for any errors this may cause on non-Windows ends which I can
Remove Netware support If this does not break the Unix system somehow, I'll be amazed. This should get most of it out, apologies for any errors this may cause on non-Windows ends which I cannot test atm.
show more ...
|
Revision tags: php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27, php-7.0.12 |
|
#
f8be3ede |
| 29-Sep-2016 |
Stanislav Malyshev |
Fix bug #73189 - Memcpy negative size parameter php_resolve_path (cherry picked from commit da7e89cde880c66887caacd0a3eae7ecdacf9b2a) (cherry picked from commit c4c2cce37dd99bbcf1411ad8d
Fix bug #73189 - Memcpy negative size parameter php_resolve_path (cherry picked from commit da7e89cde880c66887caacd0a3eae7ecdacf9b2a) (cherry picked from commit c4c2cce37dd99bbcf1411ad8d6884c3c927d7bc9)
show more ...
|