Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master

Apr 18, 2014

  1. Anatol Belski

    Merge branch 'PHP-5.6'

    * PHP-5.6:
      updated libs versions
    authored April 18, 2014
  2. Anatol Belski

    updated libs versions

    authored April 18, 2014
  3. Anatol Belski

    Merge branch 'PHP-5.6'

    * PHP-5.6:
      added some notes about the win build system
    authored April 18, 2014
  4. Anatol Belski

    added some notes about the win build system

    authored April 18, 2014
  5. Anatol Belski

    Merge branch 'PHP-5.6'

    * PHP-5.6:
      UPGRADING note about bug #67072
      UPGRADING note about bug #67072
      UPGRADING note about bug #67072
    authored April 18, 2014
  6. Anatol Belski

    UPGRADING note about bug #67072

    authored April 18, 2014
  7. Anatol Belski

    Merge branch 'PHP-5.5' into PHP-5.6

    * PHP-5.5:
      UPGRADING note about bug #67072
      UPGRADING note about bug #67072
    authored April 18, 2014
  8. Anatol Belski

    UPGRADING note about bug #67072

    authored April 18, 2014
  9. Anatol Belski

    Merge branch 'PHP-5.4' into PHP-5.5

    * PHP-5.4:
      UPGRADING note about bug #67072
    authored April 18, 2014
  10. Anatol Belski

    UPGRADING note about bug #67072

    authored April 18, 2014
  11. Anatol Belski

    Merge branch 'PHP-5.6'

    * PHP-5.6:
      refixed the test related to bug #67072
      Improved the fix for bug #67072, thanks Nikita
    authored April 18, 2014
  12. Anatol Belski

    Merge branch 'PHP-5.5' into PHP-5.6

    * PHP-5.5:
      refixed the test related to bug #67072
      Improved the fix for bug #67072, thanks Nikita
    authored April 18, 2014
  13. Anatol Belski

    refixed the test related to bug #67072

    authored April 18, 2014
  14. Anatol Belski

    Merge branch 'PHP-5.4' into PHP-5.5

    * PHP-5.4:
      Improved the fix for bug #67072, thanks Nikita
    authored April 18, 2014
  15. Anatol Belski

    Improved the fix for bug #67072, thanks Nikita

    authored April 18, 2014
  16. Stanislav Malyshev

    Merge branch 'pull-request/646'

    * pull-request/646:
      Fixed test case for 5328d42
    authored April 17, 2014
  17. Stanislav Malyshev

    Merge branch 'PHP-5.6'

    * PHP-5.6:
      Fixed test case for 5328d42
    authored April 17, 2014
  18. Stanislav Malyshev

    Merge branch 'PHP-5.5' into PHP-5.6

    * PHP-5.5:
      Fixed test case for 5328d42
    authored April 17, 2014
  19. datibbaw

    Fixed test case for 5328d42

    authored April 18, 2014 smalyshev committed April 17, 2014
  20. datibbaw

    Fixed test case for 5328d42

    authored April 18, 2014

Apr 17, 2014

  1. Bob Weinand

    Merge branch 'PHP-5.6'

    authored April 17, 2014
  2. Bob Weinand

    Merge branch 'PHP-5.5' into PHP-5.6

    authored April 17, 2014
  3. Bob Weinand

    Merge branch 'PHP-5.4' into PHP-5.5

    authored April 17, 2014
  4. Levi Morrison

    These links to ~helly don't work anymore.

    authored April 17, 2014 bwoebi committed April 17, 2014
  5. Levi Morrison

    These links to ~helly don't work anymore.

    authored April 17, 2014
  6. Anatol Belski

    Merge branch 'PHP-5.6'

    * PHP-5.6:
      updated NEWS
      updated NEWS
      Fixed bug #67072 Echoing unserialized "SplFileObject" crash
    authored April 17, 2014
  7. Anatol Belski

    updated NEWS

    authored April 17, 2014
  8. Anatol Belski

    Merge branch 'PHP-5.5' into PHP-5.6

    * PHP-5.5:
      updated NEWS
      Fixed bug #67072 Echoing unserialized "SplFileObject" crash
    authored April 17, 2014
  9. Anatol Belski

    updated NEWS

    authored April 17, 2014
  10. Anatol Belski

    Merge branch 'PHP-5.4' into PHP-5.5

    * PHP-5.4:
      Fixed bug #67072 Echoing unserialized "SplFileObject" crash
    
    Conflicts:
    	ext/standard/var_unserializer.c
    authored April 17, 2014
  11. Anatol Belski

    Fixed bug #67072 Echoing unserialized "SplFileObject" crash

    The actual issue lays in the unserializer code which doesn't honor
    the unserialize callback. By contrast, the serialize callback is
    respected. This leads to the situation that even if a class has
    disabled the serialization explicitly, user could still construct
    a vulnerable string which would result bad things when trying
    to unserialize.
    
    This conserns also the classes implementing Serializable as well
    as some core classes disabling serialize/unserialize callbacks
    explicitly (PDO, SimpleXML, SplFileInfo and co). As of now, the
    flow is first to call the unserialize callback (if available),
    then call __wakeup. If the unserialize callback returns with no
    success, no object is instantiated. This makes the scheme used
    by internal classes effective, to disable unserialize just assign
    zend_class_unserialize_deny as callback.
    authored April 17, 2014

Apr 16, 2014

  1. Anatol Belski

    Merge branch 'PHP-5.6'

    * PHP-5.6:
      updated UPGRADING
      updated UPGRADING
    authored April 16, 2014
  2. Anatol Belski

    Merge branch 'PHP-5.5' into PHP-5.6

    * PHP-5.5:
      updated UPGRADING
    authored April 16, 2014
  3. Anatol Belski

    updated UPGRADING

    authored April 16, 2014
  4. Anatol Belski

    updated UPGRADING

    authored April 16, 2014
Something went wrong with that request. Please try again.