New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes issue #3620. #3621

Merged
merged 1 commit into from Jan 26, 2017

Conversation

Projects
None yet
3 participants
@dellsala
Contributor

dellsala commented Jan 17, 2017

Change to the Spyc library to correctly convert hex strings to INTs under PHP 7. Should fix issue #3620

@rayfoss rayfoss requested review from rayfoss, JediKev and aydreeihn Jan 17, 2017

@rayfoss

This comment has been minimized.

Show comment
Hide comment
@rayfoss

rayfoss Jan 17, 2017

Contributor

there is a new version of Spyc with a regex for hex that supports capital X... this is an upstream problem.
We should probably just update spyc once it's fixed. mustangostang/spyc#60

but this fix works, it's kind of urgent.

http://php.net/manual/en/function.is-numeric.php
https://github.com/mustangostang/spyc

Contributor

rayfoss commented Jan 17, 2017

there is a new version of Spyc with a regex for hex that supports capital X... this is an upstream problem.
We should probably just update spyc once it's fixed. mustangostang/spyc#60

but this fix works, it's kind of urgent.

http://php.net/manual/en/function.is-numeric.php
https://github.com/mustangostang/spyc

@rayfoss

This comment has been minimized.

Show comment
Hide comment
@rayfoss

rayfoss Jan 17, 2017

Contributor

the upstream pulled this change, but we had also modified Spyc to support multi line scalars... pushed a request to merge the change. Waiting on them.

Contributor

rayfoss commented Jan 17, 2017

the upstream pulled this change, but we had also modified Spyc to support multi line scalars... pushed a request to merge the change. Waiting on them.

@JediKev

Nice!!

@rayfoss

This comment has been minimized.

Show comment
Hide comment
@rayfoss

rayfoss Jan 26, 2017

Contributor

Still waiting on Spicy to review my request to merge @greezybacon 's multiline scalar support. The documentation for is_numeric is also confusing as their example shows output from 5.6, which is wrong on 7.0.0, I've submitted an update to their doc.

As of 7.0.0 Strings in hexadecimal (e.g. 0xf4c3b00c) notation are no longer regarded as numeric strings, i.e. is_numeric() returns FALSE now.

Contributor

rayfoss commented Jan 26, 2017

Still waiting on Spicy to review my request to merge @greezybacon 's multiline scalar support. The documentation for is_numeric is also confusing as their example shows output from 5.6, which is wrong on 7.0.0, I've submitted an update to their doc.

As of 7.0.0 Strings in hexadecimal (e.g. 0xf4c3b00c) notation are no longer regarded as numeric strings, i.e. is_numeric() returns FALSE now.

@rayfoss rayfoss merged commit 4e49086 into osTicket:develop Jan 26, 2017

NFarrington added a commit to VATSIM-UK/Helpdesk that referenced this pull request Oct 7, 2017

Merge tag 'v1.10.1' into development
osTicket v1.10.1

Maintenance release for osTicket 1.10

=== Enhancements
- Users: Support search by phone number
- i18n: Fix getPrimaryLanguage() on non-object (#3799)
- Add TimezoneField (#3786)
- Chunk long text body (#3757, 7b68c99)
- Spyc: convert hex strings to INTs under PHP 7 (#3621)
- forms: Proper Field Deletion
- Move orphaned tasks on department deletion to the default department (42e2c55)
- List: Save List Item Abbreviation (8513f13)

=== Performance and Security
- XSS: Encode html entities of advanced search title (#3919)
- XSS: Encode html entities of cached form data (#3960, bcd58e8)
- ORM: Addresses an SQL injection vulnerability in ORM lookup function (#3959, 1eaa691)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment