#
093c08af |
| 17-Mar-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix The check happened too early as later code paths may perform more mangling rules. Move the chec
Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix The check happened too early as later code paths may perform more mangling rules. Move the check downwards right before adding the actual variable.
show more ...
|
#
0611be4e |
| 09-Sep-2022 |
Derick Rethans |
Fix #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning.
|
Revision tags: php-8.1.7RC1, php-8.1.4RC1, php-8.1.3 |
|
#
8d2ed194 |
| 17-Jan-2022 |
Christoph M. Becker |
Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix GH-7896: Environment vars may be mangled on Windows
|
#
93a3c71e |
| 11-Jan-2022 |
Christoph M. Becker |
Fix GH-7896: Environment vars may be mangled on Windows When bug 77574[1] has been fixed, the fix only catered to variables retrieved via `getenv()` with a `$varname` passed, but neither
Fix GH-7896: Environment vars may be mangled on Windows When bug 77574[1] has been fixed, the fix only catered to variables retrieved via `getenv()` with a `$varname` passed, but neither to `getenv()` without arguments nor to the general import of environment variables into `$_ENV` and `$_SERVER`. We catch up on this by using `GetEnvironmentStringsW()` in `_php_import_environment_variables()` and converting the encoding to whatever had been chosen by the user. [1] <https://bugs.php.net/bug.php?id=75574> Closes GH-7928.
show more ...
|
Revision tags: php-8.1.2RC1, php-8.1.0, php-7.3.33, php-7.3.32, php-7.3.31, php-7.3.30, php-7.3.29 |
|
#
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945) 1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https. 2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945) 1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https. 2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier". 3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted. 4. fixed indentation in some files before |
show more ...
|
Revision tags: php-7.3.28 |
|
#
462da6e0 |
| 31-Mar-2021 |
Josh Soref |
Fix spelling and grammar mistakes This PR corrects misspellings identified by the check-spelling action. The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465
Fix spelling and grammar mistakes This PR corrects misspellings identified by the check-spelling action. The misspellings have been reported at jsoref@b6ba3e2#commitcomment-48946465 The action reports that the changes in this PR would make it happy: jsoref@602417c Closes GH-6822.
show more ...
|
#
4ce5d2ea |
| 09-Apr-2021 |
Nikita Popov |
Add known strings for jit autoglobals We always create interned strings for all autoglobals anyway, so we might as well add known strings to make them more widely usable. |
Revision tags: php-7.3.27 |
|
#
3e01f5af |
| 15-Jan-2021 |
Nikita Popov |
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool is retained as an alias.
show more ...
|
Revision tags: php-7.3.26, php-7.3.26RC1, php-7.3.25, php-7.3.25RC1, php-7.3.24, php-7.3.24RC1, php-7.3.23 |
|
#
e14f835d |
| 29-Sep-2020 |
Stanislav Malyshev |
Merge branch 'PHP-7.4' * PHP-7.4: Update UPGRADING Update UPGRADING Update NEWS & UPGRADING Do not decode cookie names anymore Fix bug #79601 (Wrong ciphertext/
Merge branch 'PHP-7.4' * PHP-7.4: Update UPGRADING Update UPGRADING Update NEWS & UPGRADING Do not decode cookie names anymore Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
show more ...
|
#
c4dc0802 |
| 29-Sep-2020 |
Stanislav Malyshev |
Merge branch 'PHP-7.3' into PHP-7.4 * PHP-7.3: Update UPGRADING Update NEWS & UPGRADING Do not decode cookie names anymore Fix bug #79601 (Wrong ciphertext/tag in AES
Merge branch 'PHP-7.3' into PHP-7.4 * PHP-7.3: Update UPGRADING Update NEWS & UPGRADING Do not decode cookie names anymore Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
show more ...
|
#
a9e43218 |
| 29-Sep-2020 |
Stanislav Malyshev |
Merge branch 'PHP-7.2' into PHP-7.3 * PHP-7.2: Update NEWS & UPGRADING Do not decode cookie names anymore Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 1
Merge branch 'PHP-7.2' into PHP-7.3 * PHP-7.2: Update NEWS & UPGRADING Do not decode cookie names anymore Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
show more ...
|
#
6559fe91 |
| 21-Sep-2020 |
Stanislav Malyshev |
Do not decode cookie names anymore |
Revision tags: php-7.3.23RC1, php-7.3.22, php-7.3.22RC1, php-7.3.21 |
|
#
fc4d462e |
| 23-Jul-2020 |
Christoph M. Becker |
Fix #78236: convert error on receiving variables when duplicate [ When an input variable name contains a non matched open bracket, we not only have to replace that with an underscore, bu
Fix #78236: convert error on receiving variables when duplicate [ When an input variable name contains a non matched open bracket, we not only have to replace that with an underscore, but also all following forbidden characters.
show more ...
|
Revision tags: php-7.3.21RC1, php-7.3.20 |
|
#
2b5de6f8 |
| 01-Jul-2020 |
Max Semenik |
Remove proto comments from C files Closes GH-5758 |
Revision tags: php-7.3.20RC1, php-7.3.19 |
|
#
83a77015 |
| 08-Jun-2020 |
twosee |
Add helper APIs for maybe-interned string creation Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using ZVAL_INTERNED_STRING and ZSTR_CHAR. Add zend_string_init_fast()
Add helper APIs for maybe-interned string creation Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using ZVAL_INTERNED_STRING and ZSTR_CHAR. Add zend_string_init_fast() as a helper for the empty string / one char interned string / zend_string_init() pattern. Also add corresponding ZVAL_STRINGL_FAST etc macros. Closes GH-5684.
show more ...
|
#
88355dd3 |
| 07-Jun-2020 |
twosee |
Constify char * arguments of APIs Closes GH-5676. |
Revision tags: php-7.4.7RC1, php-7.3.19RC1, php-7.3.18RC1 |
|
#
f91f7260 |
| 22-Apr-2020 |
George Peter Banyard |
Drop unnecessary stdint and inttypes header checks These are always available as of C99. Closes GH-5323 Co-authored-by: "Christoph M. Becker" <cmbecker69@gmx.de> |
Revision tags: php-7.2.30, php-7.3.17, php-7.3.17RC1, php-7.3.18, php-7.3.16, php-7.3.16RC1 |
|
#
69819bae |
| 11-Feb-2020 |
Christoph M. Becker |
Merge branch 'PHP-7.4' * PHP-7.4: Fix #79254: getenv() w/o arguments not showing changes
|
#
93b183ed |
| 11-Feb-2020 |
Christoph M. Becker |
Merge branch 'PHP-7.3' into PHP-7.4 * PHP-7.3: Fix #79254: getenv() w/o arguments not showing changes
|
#
7b464ce6 |
| 11-Feb-2020 |
Christoph M. Becker |
Fix #79254: getenv() w/o arguments not showing changes To be able to see changes done only with `SetEnvironmentVariable()`, we have to use `GetEnvironmentStrings()` instead of `environ`,
Fix #79254: getenv() w/o arguments not showing changes To be able to see changes done only with `SetEnvironmentVariable()`, we have to use `GetEnvironmentStrings()` instead of `environ`, because the latter sees only changes done with `putenv()`. For best backward compatibility we're using `GetEnvironmentStringsA()`; switching to the wide string version likely makes sense for master, though.
show more ...
|
Revision tags: php-7.3.15RC1 |
|
#
16980577 |
| 03-Feb-2020 |
Nikita Popov |
Merge branch 'PHP-7.4' * PHP-7.4: Apply tidy formatting
|
#
58b17906 |
| 03-Feb-2020 |
Nikita Popov |
Apply tidy formatting Mostly reindent PHP scripts to spaces. |
Revision tags: php-7.3.15, php-7.3.14, php-7.3.14RC1, php-7.3.13 |
|
#
4c5a178d |
| 12-Dec-2019 |
Christoph M. Becker |
Merge branch 'PHP-7.4' * PHP-7.4: Fix #78929: plus signs in cookie values are converted to spaces
|
#
79376ab2 |
| 12-Dec-2019 |
Kachalin Alexey |
Fix #78929: plus signs in cookie values are converted to spaces We switch the cookie value parsing function from `php_url_decode()` to `php_raw_url_decode()`, so that cookie values are n
Fix #78929: plus signs in cookie values are converted to spaces We switch the cookie value parsing function from `php_url_decode()` to `php_raw_url_decode()`, so that cookie values are now parsed according to RFC 6265, section 4.1.1. We also refactor to remove duplicate code without changing the execution flow.
show more ...
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3 |
|
#
5d6e923d |
| 24-Sep-2019 |
Gabriel Caruso |
Remove mention of PHP major version in Copyright headers Closes GH-4732. |