[pull] master from php:master#1056
Merged
pull[bot] merged 16 commits intoAlan-love:masterfrom Jun 28, 2021
Merged
Conversation
We need to ensure that the password detected by parse_url() is actually a valid password; we can re-use is_userinfo_valid() for that.
We need to prevent integer overflow when calling `erealloc()` with `len+1`.
We need to verify that the `result_size` is not larger than our buffer, and also should make sure that the `len` which is passed to `isc_vax_integer()` has a permissible value; otherwise we bail out.
We need to verify that the `result_size` is not larger than our buffer, and also should make sure that the `len` which is passed to `isc_vax_integer()` has a permissible value; otherwise we bail out.
We ensure not to overflow the stack allocated buffer by using `strlcat`.
* PHP-7.3: Update NEWS Fix #76448: Stack buffer overflow in firebird_info_cb Fix #76449: SIGSEGV in firebird_handle_doer Fix #76450: SIGSEGV in firebird_stmt_execute Fix #76452: Crash while parsing blob data in firebird_fetch_blob Fix #81122: SSRF bypass in FILTER_VALIDATE_URL
* PHP-7.4: Update NEWS Fix #76448: Stack buffer overflow in firebird_info_cb Fix #76449: SIGSEGV in firebird_handle_doer Fix #76450: SIGSEGV in firebird_stmt_execute Fix #76452: Crash while parsing blob data in firebird_fetch_blob Fix #81122: SSRF bypass in FILTER_VALIDATE_URL
* PHP-8.0: Update NEWS Fix #76448: Stack buffer overflow in firebird_info_cb Fix #76449: SIGSEGV in firebird_handle_doer Fix #76450: SIGSEGV in firebird_stmt_execute Fix #76452: Crash while parsing blob data in firebird_fetch_blob Fix #81122: SSRF bypass in FILTER_VALIDATE_URL
* PHP-8.0: Fix warning
Adds support for the following options beginning with version 7.71.0:
CURLOPT_ISSUERCERT_BLOB
CURLOPT_PROXY_ISSUERCERT
CURLOPT_PROXY_ISSUERCERT_BLOB
CURLOPT_PROXY_SSLCERT_BLOB
CURLOPT_PROXY_SSLKEY_BLOB
CURLOPT_SSLCERT_BLOB
CURLOPT_SSLKEY_BLOB
Closes GH-7194.
Compile the file separately and only include a header. There doesn't seem to be a good reason to directly include the C file here, and this ensures that there are no symbol clashes (see GH-7197).
This condition was present on the others, but missed for phpunit.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )