#
3fbca7fb |
| 24-Jun-2024 |
Arnaud Le Blanc |
Support sysconf(_SC_GETPW_R_SIZE_MAX) == -1 (#13922)
|
#
84a0da15 |
| 09-Jun-2024 |
Peter Kokot |
Sync #if/ifdef/defined (#14508) This syncs CPP macro conditions: - _WIN32 - _WIN64 - HAVE_ALLOCA_H - HAVE_ALPHASORT - HAVE_ARPA_INET_H - HAVE_CONFIG_H - HAVE_DIRE
Sync #if/ifdef/defined (#14508) This syncs CPP macro conditions: - _WIN32 - _WIN64 - HAVE_ALLOCA_H - HAVE_ALPHASORT - HAVE_ARPA_INET_H - HAVE_CONFIG_H - HAVE_DIRENT_H - HAVE_DLFCN_H - HAVE_GETTIMEOFDAY - HAVE_LIBDL - HAVE_POLL_H - HAVE_PWD_H - HAVE_SCANDIR - HAVE_SYS_FILE_H - HAVE_SYS_PARAM_H - HAVE_SYS_SOCKET_H - HAVE_SYS_TIME_H - HAVE_SYS_TYPES_H - HAVE_SYS_WAIT_H - HAVE_UNISTD_H - PHP_WIN32 - ZEND_WIN32 These are either undefined or defined to 1 in Autotools and Windows. Follow up of GH-5526 (-Wundef).
show more ...
|
#
127ad707 |
| 24-Jul-2023 |
Ilija Tovilo |
Fix open_basedir leak Fixes oss-fuzz #60741 Closes GH-11780
|
#
9bcdf219 |
| 31-Mar-2023 |
Ilija Tovilo |
Resolve open_basedir paths on ini update Closes GH-10987
|
#
732d92c0 |
| 28-Apr-2023 |
Javier Eguiluz |
[skip ci] Fix various typos and grammar issues (#11143)
|
#
a7f91e37 |
| 26-Mar-2023 |
Ilija Tovilo |
Fix buffer-overflow in open_basedir()
|
#
61e98bf3 |
| 23-Mar-2023 |
Ilija Tovilo |
Disallow parent dir components (..) in open_basedir() at runtime Fix GH-10469 Closes GH-10913
|
#
df579ada |
| 25-Feb-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-10692: PHP crashes on Windows when an inexistent filename is executed Fixes GH-10692 php_fopen_primary_script() does not initialize all fields of zend_file_handle. So whe
Fix GH-10692: PHP crashes on Windows when an inexistent filename is executed Fixes GH-10692 php_fopen_primary_script() does not initialize all fields of zend_file_handle. So when it fails and when fastcgi is true, the zend_destroy_file_handle() function will try to free uninitialized pointers, causing a segmentation fault. Fix it by zero-initializing file handles just like the zend_stream_init_fp() counterpart does. Closes GH-10697.
show more ...
|
#
ec10b28d |
| 27-Jan-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix array overrun when appending slash to paths Fix it by extending the array sizes by one character. As the input is limited to the maximum path length, there will always be place to ap
Fix array overrun when appending slash to paths Fix it by extending the array sizes by one character. As the input is limited to the maximum path length, there will always be place to append the slash. As the php_check_specific_open_basedir() simply uses the strings to compare against each other, no new failures related to too long paths are introduced. We'll let the DOM and XML case handle a potentially too long path in the library code.
show more ...
|
Revision tags: php-8.2.0RC1, php-8.1.10, php-8.0.23, php-8.0.23RC1, php-8.1.10RC1, php-8.2.0beta3, php-8.2.0beta2, php-8.1.9, php-8.0.22, php-8.1.9RC1, php-8.2.0beta1, php-8.0.22RC1, php-8.0.21, php-8.1.8, php-8.2.0alpha3, php-8.1.8RC1, php-8.2.0alpha2, php-8.0.21RC1, php-8.0.20, php-8.1.7, php-8.2.0alpha1, php-7.4.30, php-8.1.7RC1, php-8.0.20RC1, php-8.1.6, php-8.0.19, php-8.1.6RC1, php-8.0.19RC1, php-8.0.18, php-8.1.5, php-7.4.29, php-8.1.5RC1, php-8.0.18RC1, php-8.1.4, php-8.0.17, php-8.1.4RC1, php-8.0.17RC1, php-8.1.3, php-8.0.16, php-7.4.28, php-8.1.3RC1, php-8.0.16RC1, php-8.1.2, php-8.0.15, php-8.1.2RC1, php-8.0.15RC1, php-8.0.14, php-8.1.1, php-7.4.27, php-8.1.1RC1, php-8.0.14RC1, php-7.4.27RC1, php-8.1.0, php-8.0.13, php-7.4.26 |
|
#
96da4619 |
| 16-Nov-2021 |
jlbprof |
Fix for bug in file handling refactor. While testing the cPanel usage of PHP-FPM, we stumbled on this bug. Without the fix, the zend_string is corrupted and getting odd filenames
Fix for bug in file handling refactor. While testing the cPanel usage of PHP-FPM, we stumbled on this bug. Without the fix, the zend_string is corrupted and getting odd filenames When using FPM we kept getting "No input file specified". I work for cPanel and we use PHP extensively.
show more ...
|
Revision tags: php-7.3.33, php-8.1.0RC6, php-7.4.26RC1, php-8.0.13RC1, php-8.1.0RC5, php-7.3.32, php-7.4.25, php-8.0.12, php-8.1.0RC4, php-8.0.12RC1, php-7.4.25RC1, php-8.1.0RC3, php-8.0.11, php-7.4.24, php-7.3.31, php-8.1.0RC2, php-7.4.24RC1, php-8.0.11RC1, php-8.1.0RC1, php-7.4.23, php-8.0.10, php-7.3.30, php-8.1.0beta3, php-8.0.10RC1, php-7.4.23RC1, php-8.1.0beta2, php-8.0.9, php-7.4.22, php-8.1.0beta1, php-7.4.22RC1, php-8.0.9RC1, php-8.1.0alpha3 |
|
#
083d7f58 |
| 02-Jul-2021 |
Nikita Popov |
Reduce stack usage in php_resolve_path() tsrm_realpath() internally always allocates a string. If the out parameter is provided it gets copied there and freed. What we were doing her
Reduce stack usage in php_resolve_path() tsrm_realpath() internally always allocates a string. If the out parameter is provided it gets copied there and freed. What we were doing here was to first copy the path from the allocated string to a stack buffer, and then copy it from the stack buffer to a zend_string. We might as well save one copy and one buffer.
show more ...
|
Revision tags: php-7.4.21, php-7.3.29, php-8.0.8, php-8.1.0alpha2, php-7.4.21RC1, php-8.0.8RC1, php-8.1.0alpha1, php-8.0.7, php-7.4.20 |
|
#
ee9e0754 |
| 21-May-2021 |
Christoph M. Becker |
Fix #76359: open_basedir bypass through adding ".." We explicitly forbid adding paths with a leading `..` to `open_basedir` at runtime. Closes GH-7024.
|
Revision tags: php-8.0.7RC1 |
|
#
ee7a8acd |
| 19-May-2021 |
Nikita Popov |
Fix handling of open_basedir that contains cwd While resolving the path, the last step will reduce it down to "" (an empty string) and realpath() will resolve this to getcwd(). If op
Fix handling of open_basedir that contains cwd While resolving the path, the last step will reduce it down to "" (an empty string) and realpath() will resolve this to getcwd(). If open_basedir contains the CWD, then that means open_basedir will be bypassed for paths that don't have any components that exist (if one of the components exists, then we abort the realpath loop at that point). Closes GH-7015.
show more ...
|
Revision tags: php-7.4.20RC1 |
|
#
aca6aefd |
| 14-May-2021 |
George Peter Banyard |
Remove 'register' type qualifier (#6980) The compiler should be smart enough to optimize this on its own
|
#
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945) 1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https. 2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945) 1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https. 2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier". 3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted. 4. fixed indentation in some files before |
show more ...
|
Revision tags: php-8.0.6, php-7.4.19, php-7.4.18, php-7.3.28, php-8.0.5, php-8.0.5RC1, php-7.4.18RC1 |
|
#
c732ab40 |
| 16-Mar-2021 |
Dmitry Stogov |
Change Zend Stream API to use zend_string* instead of char*. This allows to eliminate re-calculation of string lenght and hash value. See the detailed list of changes in UPGRADING.INTERN
Change Zend Stream API to use zend_string* instead of char*. This allows to eliminate re-calculation of string lenght and hash value. See the detailed list of changes in UPGRADING.INTERNALS.
show more ...
|
Revision tags: php-8.0.4RC1, php-7.4.17RC1, php-8.0.3, php-7.4.16, php-8.0.3RC1, php-7.4.16RC1, php-8.0.2, php-7.4.15, php-7.3.27, php-8.0.2RC1, php-7.4.15RC2, php-7.4.15RC1 |
|
#
3e01f5af |
| 15-Jan-2021 |
Nikita Popov |
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool is retained as an alias.
show more ...
|
Revision tags: php-8.0.1, php-7.4.14, php-7.3.26, php-7.4.14RC1, php-8.0.1RC1, php-7.3.26RC1, php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23, php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1, php-8.0.0beta3, php-7.4.10, php-7.3.22, php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1, php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21, php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1, php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20 |
|
#
2b5de6f8 |
| 01-Jul-2020 |
Max Semenik |
Remove proto comments from C files Closes GH-5758
|
Revision tags: php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1, php-7.4.7, php-7.3.19, php-7.4.7RC1, php-7.3.19RC1, php-7.4.6, php-7.2.31, php-7.4.6RC1, php-7.3.18RC1 |
|
#
41c7d28c |
| 27-Apr-2020 |
Nikita Popov |
Add macro to get ini target address
|
Revision tags: php-7.2.30, php-7.4.5, php-7.3.17, php-7.4.5RC1, php-7.3.17RC1, php-7.3.18, php-7.4.4, php-7.2.29, php-7.3.16, php-7.4.4RC1, php-7.3.16RC1, php-7.4.3, php-7.2.28, php-7.3.15RC1, php-7.4.3RC1, php-7.3.15, php-7.2.27, php-7.4.2, php-7.3.14, php-7.3.14RC1, php-7.4.2RC1 |
|
#
003be875 |
| 30-Dec-2019 |
Nikita Popov |
Make url_stats in resolve_path quiet These stats are used to check whether the file exists -- they should not generate errors. Having the flag set is particularly important for custo
Make url_stats in resolve_path quiet These stats are used to check whether the file exists -- they should not generate errors. Having the flag set is particularly important for custom stream wrappers.
show more ...
|
#
f77747b0 |
| 30-Dec-2019 |
Nikita Popov |
Properly propagate url_stat exceptions during include Make sure we abort operations early, and that we don't emit additional warnings or errors if an exception has been thrown.
|
Revision tags: php-7.4.1, php-7.2.26, php-7.3.13, php-7.4.1RC1, php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3 |
|
#
5d6e923d |
| 24-Sep-2019 |
Gabriel Caruso |
Remove mention of PHP major version in Copyright headers Closes GH-4732.
|
Revision tags: php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1 |
|
#
92ac598a |
| 22-Jan-2019 |
Peter Kokot |
Remove local variables This patch removes the so called local variables defined per file basis for certain editors to properly show tab width, and similar settings. These are mainly
Remove local variables This patch removes the so called local variables defined per file basis for certain editors to properly show tab width, and similar settings. These are mainly used by Vim and Emacs editors yet with recent changes the once working definitions don't work anymore in Vim without custom plugins or additional configuration. Neither are these settings synced across the PHP code base. A simpler and better approach is EditorConfig and fixing code using some code style fixing tools in the future instead. This patch also removes the so called modelines for Vim. Modelines allow Vim editor specifically to set some editor configuration such as syntax highlighting, indentation style and tab width to be set in the first line or the last 5 lines per file basis. Since the php test files have syntax highlighting already set in most editors properly and EditorConfig takes care of the indentation settings, this patch removes these as well for the Vim 6.0 and newer versions. With the removal of local variables for certain editors such as Emacs and Vim, the footer is also probably not needed anymore when creating extensions using ext_skel.php script. Additionally, Vim modelines for setting php syntax and some editor settings has been removed from some *.phpt files. All these are mostly not relevant for phpt files neither work properly in the middle of the file.
show more ...
|
#
0cf7de1c |
| 30-Jan-2019 |
Zeev Suraski |
Remove yearly range from copyright notice
|
#
38c337f2 |
| 30-Jan-2019 |
Zeev Suraski |
Remove year range from copyright notice
|