#
4d227814 |
| 27-Jul-2015 |
Stanislav Malyshev |
Fix #69793 - limit what we accept when unserializing exception |
#
e488690d |
| 27-Jul-2015 |
Stanislav Malyshev |
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref) |
#
feeb2fba |
| 05-Aug-2015 |
Stanislav Malyshev |
fix merge |
#
3e416bba |
| 04-Aug-2015 |
Stanislav Malyshev |
fix merge |
#
54daa531 |
| 04-Aug-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.6' * PHP-5.6: __wakeup doesn't have to be final
|
#
97047e76 |
| 04-Aug-2015 |
Stanislav Malyshev |
Merge branch 'PHP-5.6' * PHP-5.6: update NEWS fix test update NEWS Fix bug #70019 - limit extracted files to given directory Do not do convert_to_* on unseriali
Merge branch 'PHP-5.6' * PHP-5.6: update NEWS fix test update NEWS Fix bug #70019 - limit extracted files to given directory Do not do convert_to_* on unserialize, it messes up references Fix #69793 - limit what we accept when unserializing exception Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList) Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject ignore signatures for packages too Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage Fixed bug #69892 Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes Improved fix for Bug #69441 Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items) Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref) Fix bug #70081: check types for SOAP variables Conflicts: Zend/zend_exceptions.c ext/date/php_date.c ext/openssl/openssl.c ext/phar/phar_internal.h ext/soap/php_http.c ext/spl/spl_array.c ext/spl/spl_dllist.c ext/spl/spl_observer.c ext/standard/tests/serialize/bug69152.phpt sapi/cli/tests/005.phpt
show more ...
|
Revision tags: php-5.6.12RC1, php-7.0.0beta2, php-7.0.0beta1, php-5.6.11, php-5.5.27, php-5.4.43 |
|
#
a1a83bf5 |
| 07-Jul-2015 |
Aaron Piotrowski |
Switch code on thrown TypeError and ParseError to 0, update related tests |
#
5df893ce |
| 07-Jul-2015 |
Aaron Piotrowski |
Use NULL where possible for exception class Matches usage of zend_throw_exception()/zend_throw_exception_ex(). |
#
22c38b2e |
| 03-Jul-2015 |
Aaron Piotrowski |
Remove need to pass error level |
#
5a99c07e |
| 03-Jul-2015 |
Aaron Piotrowski |
Enable throwing custom exceptions from errors |
#
ed1b6487 |
| 03-Jul-2015 |
Aaron Piotrowski |
Switch position of ce in exception ce variable names |
#
f9e9d3a4 |
| 03-Jul-2015 |
Aaron Piotrowski |
Cleanup exception ce API Removed recently added functions to get Error ce's and marked the old functions fetching default_exception_ce and error_exception_ce as deprecated. |
#
94722e12 |
| 02-Jul-2015 |
Bob Weinand |
Introduce ArithmeticError |
#
007d7ac7 |
| 01-Jul-2015 |
Bob Weinand |
Use DivisionByZeroError instead of exception for %/intdiv() |
#
7aa76271 |
| 30-Jun-2015 |
Dmitry Stogov |
Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes). |
#
4bd22cf1 |
| 29-Jun-2015 |
Dmitry Stogov |
Improved zend_string API (Francois Laupretre) Squashed commit of the following: commit d96eab8d79b75ac83d49d49ae4665f948d15a804 Author: Francois Laupretre <francois@tekwire.net>
Improved zend_string API (Francois Laupretre) Squashed commit of the following: commit d96eab8d79b75ac83d49d49ae4665f948d15a804 Author: Francois Laupretre <francois@tekwire.net> Date: Fri Jun 26 01:23:31 2015 +0200 Use the new 'ZSTR' macros in the rest of the code. Does not change anything to the generated code (thanks to compat macros) but cleaner. commit b3526439104ac7a89a8e0c79dbebf33b22bd01b8 Author: Francois Laupretre <francois@tekwire.net> Date: Thu Jun 25 13:45:06 2015 +0200 Improve zend_string API Add missing methods
show more ...
|
#
5e167223 |
| 28-Jun-2015 |
Bob Weinand |
Show exception source in phpdbg |
Revision tags: php-5.6.11RC1, php-5.5.27RC1, php-7.0.0alpha2 |
|
#
8813b389 |
| 18-Jun-2015 |
Aaron Piotrowski |
Fix bug when constructing an Error with invalid params |
#
f97dbb05 |
| 17-Jun-2015 |
Anatol Belski |
cleanup unused var |
#
577c1f3e |
| 17-Jun-2015 |
Anatol Belski |
preserve the orig class name when extending the ErrorException |
#
9076eb26 |
| 17-Jun-2015 |
Anatol Belski |
dont use function to fetch default exception ce |
#
57940664 |
| 17-Jun-2015 |
Anatol Belski |
fix crash when invalid exception arguments passed |
#
653c8693 |
| 17-Jun-2015 |
Christoph M. Becker |
Fix #61362: Exception::getTraceAsString and ::__toString scramble Unicode The logic in smart_str_append_escaped() relies on unsigned values of c, so we have to declare it as such. |
#
c5eb924e |
| 17-Jun-2015 |
Aaron Piotrowski |
Rename interface macros Renamed REGISTER_INTERFACE (formerly REGISTER_ITERATOR_INTERFACE) to REGISTER_MAGIC_INTERFACE and renamed REGISTER_ITERATOR_IMPLEMENT to REGISTER_MAGI
Rename interface macros Renamed REGISTER_INTERFACE (formerly REGISTER_ITERATOR_INTERFACE) to REGISTER_MAGIC_INTERFACE and renamed REGISTER_ITERATOR_IMPLEMENT to REGISTER_MAGIC_IMPLEMENT. Both have now been moved to zend_interfaces.h.
show more ...
|
#
47d838a7 |
| 15-Jun-2015 |
Aaron Piotrowski |
Move definition of Throwable to zend_exceptions.h/c Also moved REGISTER_ITERATOR_INTERFACE macro to zend_interfaces.h and renamed it to REGISTER_INTERFACE. |