[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/Zend/tests/bug54262.phpt branches/PHP_5_2/Zend/zend_vm_def.h branches/PHP_5_2/Zend/zend_vm_execute.h branches/PHP_5_3/NEWS branches/
dmitry Wed, 16 Mar 2011 11:14:33 + Revision: http://svn.php.net/viewvc?view=revisionrevision=309300 Log: Fixed bug #54262 (Crash when assigning value to a dimension in a non-array) Bug: http://bugs.php.net/54262 (error getting bug information) Changed paths: U php/php-src/branches/PHP_5_2/NEWS A php/php-src/branches/PHP_5_2/Zend/tests/bug54262.phpt U php/php-src/branches/PHP_5_2/Zend/zend_vm_def.h U php/php-src/branches/PHP_5_2/Zend/zend_vm_execute.h U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/Zend/tests/bug54262.phpt U php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h U php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h U php/php-src/branches/PHP_5_3/Zend/zend_vm_opcodes.h A php/php-src/trunk/Zend/tests/bug54262.phpt U php/php-src/trunk/Zend/zend_vm_def.h U php/php-src/trunk/Zend/zend_vm_execute.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2011-03-16 10:56:51 UTC (rev 309299) +++ php/php-src/branches/PHP_5_2/NEWS 2011-03-16 11:14:33 UTC (rev 309300) @@ -4,6 +4,8 @@ - Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/Proxy-Authorization (Dmitry) +- Fixed bug #54262 (Crash when assigning value to a dimension in a non-array). + (Dmitry) - Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos) - Fixed bug #53568 (swapped memset arguments in struct initialization). (crrodriguez at opensuse dot org) Added: php/php-src/branches/PHP_5_2/Zend/tests/bug54262.phpt === --- php/php-src/branches/PHP_5_2/Zend/tests/bug54262.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/Zend/tests/bug54262.phpt 2011-03-16 11:14:33 UTC (rev 309300) @@ -0,0 +1,17 @@ +--TEST-- +Bug #54262 (Crash when assigning value to a dimension in a non-array) +--FILE-- +?php +$a = '0'; +var_dump(isset($a['b'])); +$simpleString = preg_match('//', '', $a-a); +$simpleString[wrong] = f; +echo ok\n; +? +--EXPECTF-- +bool(true) + +Warning: Attempt to modify property of non-object in %s/Zend/tests/bug54262.php on line 4 + +Warning: Cannot use a scalar value as an array in %s/Zend/tests/bug54262.php on line 5 +ok \ No newline at end of file Modified: php/php-src/branches/PHP_5_2/Zend/zend_vm_def.h === --- php/php-src/branches/PHP_5_2/Zend/zend_vm_def.h 2011-03-16 10:56:51 UTC (rev 309299) +++ php/php-src/branches/PHP_5_2/Zend/zend_vm_def.h 2011-03-16 11:14:33 UTC (rev 309300) @@ -2379,10 +2379,9 @@ } if (OP1_TYPE == IS_VAR *varptr_ptr == EG(error_zval_ptr)) { - (*varptr_ptr)-refcount--; - ALLOC_ZVAL(*varptr_ptr); - INIT_ZVAL(**varptr_ptr); - (*varptr_ptr)-refcount = 0; + ALLOC_INIT_ZVAL(varptr); + zend_ptr_stack_push(EG(argument_stack), varptr); + ZEND_VM_NEXT_OPCODE(); } if (EX(function_state).function-type == ZEND_INTERNAL_FUNCTION !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline-op2.u.opline_num)) { Modified: php/php-src/branches/PHP_5_2/Zend/zend_vm_execute.h === --- php/php-src/branches/PHP_5_2/Zend/zend_vm_execute.h 2011-03-16 10:56:51 UTC (rev 309299) +++ php/php-src/branches/PHP_5_2/Zend/zend_vm_execute.h 2011-03-16 11:14:33 UTC (rev 309300) @@ -7606,10 +7606,9 @@ } if (IS_VAR == IS_VAR *varptr_ptr == EG(error_zval_ptr)) { - (*varptr_ptr)-refcount--; - ALLOC_ZVAL(*varptr_ptr); - INIT_ZVAL(**varptr_ptr); - (*varptr_ptr)-refcount = 0; + ALLOC_INIT_ZVAL(varptr); + zend_ptr_stack_push(EG(argument_stack), varptr); + ZEND_VM_NEXT_OPCODE(); } if (EX(function_state).function-type == ZEND_INTERNAL_FUNCTION !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline-op2.u.opline_num)) { @@ -20049,10 +20048,9 @@ } if (IS_CV == IS_VAR *varptr_ptr == EG(error_zval_ptr)) { - (*varptr_ptr)-refcount--; - ALLOC_ZVAL(*varptr_ptr); - INIT_ZVAL(**varptr_ptr); - (*varptr_ptr)-refcount = 0; + ALLOC_INIT_ZVAL(varptr); + zend_ptr_stack_push(EG(argument_stack), varptr); + ZEND_VM_NEXT_OPCODE(); } if (EX(function_state).function-type == ZEND_INTERNAL_FUNCTION !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline-op2.u.opline_num)) { Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-03-16 10:56:51 UTC (rev 309299) +++ php/php-src/branches/PHP_5_3/NEWS 2011-03-16 11:14:33 UTC (rev 309300) @@ -1,6 +1,10 @@ PHPNEWS ||| ?? Mar 2011, PHP 5.3.6 +- Zend Engine: + . Fixed bug #54262 (Crash when assigning value to a dimension in a non-array). +(Dmitry) + - Phar
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/Zend/tests/bug54262.phpt branches/PHP_5_2/Zend/zend_vm_def.h branches/PHP_5_2/Zend/zend_vm_execute.h branches/PHP_5_3/NEWS branc
hi Dmitry, Can you revert this commit from 5.3 please? We are about to package 5.3.6 and as far as I can tell Johannes do not want more commits before. 5.3.7 release process should follow shortly as we already have quite a few issues already. Cheers, On Wed, Mar 16, 2011 at 12:14 PM, Dmitry Stogov dmi...@php.net wrote: dmitry Wed, 16 Mar 2011 11:14:33 + Revision: http://svn.php.net/viewvc?view=revisionrevision=309300 Log: Fixed bug #54262 (Crash when assigning value to a dimension in a non-array) Bug: http://bugs.php.net/54262 (error getting bug information) Changed paths: U php/php-src/branches/PHP_5_2/NEWS A php/php-src/branches/PHP_5_2/Zend/tests/bug54262.phpt U php/php-src/branches/PHP_5_2/Zend/zend_vm_def.h U php/php-src/branches/PHP_5_2/Zend/zend_vm_execute.h U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/Zend/tests/bug54262.phpt U php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h U php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h U php/php-src/branches/PHP_5_3/Zend/zend_vm_opcodes.h A php/php-src/trunk/Zend/tests/bug54262.phpt U php/php-src/trunk/Zend/zend_vm_def.h U php/php-src/trunk/Zend/zend_vm_execute.h -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/Zend/tests/bug54265.phpt branches/PHP_5_2/Zend/zend_execute.c branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug54265.phpt branch
dmitry Wed, 16 Mar 2011 15:21:38 + Revision: http://svn.php.net/viewvc?view=revisionrevision=309308 Log: Fixed bug #54265 (crash when variable gets reassigned in error handler) Bug: http://bugs.php.net/54265 (error getting bug information) Changed paths: U php/php-src/branches/PHP_5_2/NEWS A php/php-src/branches/PHP_5_2/Zend/tests/bug54265.phpt U php/php-src/branches/PHP_5_2/Zend/zend_execute.c U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt U php/php-src/branches/PHP_5_3/Zend/zend_execute.c A php/php-src/trunk/Zend/tests/bug54265.phpt U php/php-src/trunk/Zend/zend_execute.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2011-03-16 14:10:59 UTC (rev 309307) +++ php/php-src/branches/PHP_5_2/NEWS 2011-03-16 15:21:38 UTC (rev 309308) @@ -4,6 +4,8 @@ - Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/Proxy-Authorization (Dmitry) +- Fixed bug #54265 (crash when variable gets reassigned in error handler). + (Dmitry) - Fixed bug #54262 (Crash when assigning value to a dimension in a non-array). (Dmitry) - Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos) Added: php/php-src/branches/PHP_5_2/Zend/tests/bug54265.phpt === --- php/php-src/branches/PHP_5_2/Zend/tests/bug54265.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/Zend/tests/bug54265.phpt 2011-03-16 15:21:38 UTC (rev 309308) @@ -0,0 +1,17 @@ +--TEST-- +Bug #54265 (crash when variable gets reassigned in error handler) +--FILE-- +?php +function my_errorhandler($errno,$errormsg) { + global $my_var; + $my_var = 0; + echo EROOR: $errormsg\n; +} +set_error_handler(my_errorhandler); +$my_var = str_repeat(A,$my_var[0]-errormsg = xyz); +echo ok\n; +? +--EXPECT-- +EROOR: Creating default object from empty value +ok + Modified: php/php-src/branches/PHP_5_2/Zend/zend_execute.c === --- php/php-src/branches/PHP_5_2/Zend/zend_execute.c2011-03-16 14:10:59 UTC (rev 309307) +++ php/php-src/branches/PHP_5_2/Zend/zend_execute.c2011-03-16 15:21:38 UTC (rev 309308) @@ -542,7 +542,30 @@ return; } - make_real_object(object_ptr TSRMLS_CC); /* this should modify object only if it's empty */ + if (Z_TYPE_PP(object_ptr) == IS_NULL + || (Z_TYPE_PP(object_ptr) == IS_BOOL Z_LVAL_PP(object_ptr) == 0) + || (Z_TYPE_PP(object_ptr) == IS_STRING Z_STRLEN_PP(object_ptr) == 0) + ) { + SEPARATE_ZVAL_IF_NOT_REF(object_ptr); + object = *object_ptr; + object-refcount++; + zend_error(E_STRICT, Creating default object from empty value); + if (object-refcount == 1) { + /* object was removed by error handler, nothing to assign to */ + zval_ptr_dtor(object); + FREE_OP(free_op2); + if (!RETURN_VALUE_UNUSED(result)) { + *retval = EG(uninitialized_zval); + PZVAL_LOCK(*retval); + } + FREE_OP(free_value); + return; + } + object-refcount--; + zval_dtor(object); + object_init(object); + } + object = *object_ptr; if (Z_TYPE_P(object) != IS_OBJECT || (opcode == ZEND_ASSIGN_OBJ !Z_OBJ_HT_P(object)-write_property)) { Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-03-16 14:10:59 UTC (rev 309307) +++ php/php-src/branches/PHP_5_3/NEWS 2011-03-16 15:21:38 UTC (rev 309308) @@ -2,6 +2,8 @@ ||| ?? Mar 2011, PHP 5.3.6 - Zend Engine: + . Fixed bug #54265 (crash when variable gets reassigned in error handler). +(Dmitry) . Fixed bug #54262 (Crash when assigning value to a dimension in a non-array). (Dmitry) Added: php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt === --- php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/Zend/tests/bug54265.phpt 2011-03-16 15:21:38 UTC (rev 309308) @@ -0,0 +1,17 @@ +--TEST-- +Bug #54265 (crash when variable gets reassigned in error handler) +--FILE-- +?php +function my_errorhandler($errno,$errormsg) { + global $my_var; + $my_var = 0; + echo EROOR: $errormsg\n; +} +set_error_handler(my_errorhandler);
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_2/NEWS PHP_5_2/ext/snmp/snmp.c PHP_5_3/NEWS PHP_5_3/ext/snmp/snmp.c
lytboris Mon, 31 Jan 2011 11:34:12 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307876 Log: Fixed bug #51336 Bug: http://bugs.php.net/51336 (Open) snmprealwalk (snmp v1) does not handle end of OID tree correctly Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/snmp/snmp.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/snmp/snmp.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2011-01-31 11:17:22 UTC (rev 307875) +++ php/php-src/branches/PHP_5_2/NEWS 2011-01-31 11:34:12 UTC (rev 307876) @@ -8,6 +8,9 @@ - Fixed bug #53568 (swapped memset arguments in struct initialization). (crrodriguez at opensuse dot org) +- Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly) + (Boris Lytochkin) + 06 Jan 2010, PHP 5.2.17 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, Rasmus) Modified: php/php-src/branches/PHP_5_2/ext/snmp/snmp.c === --- php/php-src/branches/PHP_5_2/ext/snmp/snmp.c2011-01-31 11:17:22 UTC (rev 307875) +++ php/php-src/branches/PHP_5_2/ext/snmp/snmp.c2011-01-31 11:34:12 UTC (rev 307876) @@ -502,7 +502,7 @@ } } } else { - if (st != SNMP_CMD_WALK || response-errstat != SNMP_ERR_NOSUCHNAME) { + if ((st != SNMP_CMD_WALK st != SNMP_CMD_REALWALK) || response-errstat != SNMP_ERR_NOSUCHNAME) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Error in packet: %s, snmp_errstring(response-errstat)); if (response-errstat == SNMP_ERR_NOSUCHNAME) { for (count=1, vars = response-variables; vars count != response-errindex; Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-01-31 11:17:22 UTC (rev 307875) +++ php/php-src/branches/PHP_5_3/NEWS 2011-01-31 11:34:12 UTC (rev 307876) @@ -157,6 +157,9 @@ . Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (Stas, Maksymilian Arciemowicz). +- Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly) + (Boris Lytochkin) + 06 Jan 2011, PHP 5.3.5 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, Rasmus) Modified: php/php-src/branches/PHP_5_3/ext/snmp/snmp.c === --- php/php-src/branches/PHP_5_3/ext/snmp/snmp.c2011-01-31 11:17:22 UTC (rev 307875) +++ php/php-src/branches/PHP_5_3/ext/snmp/snmp.c2011-01-31 11:34:12 UTC (rev 307876) @@ -689,7 +689,7 @@ } } } else { - if (st != SNMP_CMD_WALK || response-errstat != SNMP_ERR_NOSUCHNAME) { + if ((st != SNMP_CMD_WALK st != SNMP_CMD_REALWALK) || response-errstat != SNMP_ERR_NOSUCHNAME) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Error in packet: %s, snmp_errstring(response-errstat)); if (response-errstat == SNMP_ERR_NOSUCHNAME) { for (count=1, vars = response-variables; vars count != response-errindex; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/branches/ PHP_5_2/NEWS PHP_5_2/ext/snmp/snmp.c PHP_5_3/NEWS PHP_5_3/ext/snmp/snmp.c
Hi Boris 2011/1/31 Boris Lytochkin lytbo...@php.net: lytboris Mon, 31 Jan 2011 11:34:12 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307876 Log: Fixed bug #51336 Bug: http://bugs.php.net/51336 (Open) snmprealwalk (snmp v1) does not handle end of OID tree correctly Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/snmp/snmp.c The PHP_5_2 branch is dead, so please revert the changes in that branch and keep it to 5.3/trunk. -- regards, Kalle Sommer Nielsen ka...@php.net -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS ext/snmp/snmp.c
lytboris Mon, 31 Jan 2011 13:00:27 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307881 Log: revert commit 307876 Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/snmp/snmp.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2011-01-31 12:47:28 UTC (rev 307880) +++ php/php-src/branches/PHP_5_2/NEWS 2011-01-31 13:00:27 UTC (rev 307881) @@ -8,9 +8,6 @@ - Fixed bug #53568 (swapped memset arguments in struct initialization). (crrodriguez at opensuse dot org) -- Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly) - (Boris Lytochkin) - 06 Jan 2010, PHP 5.2.17 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, Rasmus) Modified: php/php-src/branches/PHP_5_2/ext/snmp/snmp.c === --- php/php-src/branches/PHP_5_2/ext/snmp/snmp.c2011-01-31 12:47:28 UTC (rev 307880) +++ php/php-src/branches/PHP_5_2/ext/snmp/snmp.c2011-01-31 13:00:27 UTC (rev 307881) @@ -502,7 +502,7 @@ } } } else { - if ((st != SNMP_CMD_WALK st != SNMP_CMD_REALWALK) || response-errstat != SNMP_ERR_NOSUCHNAME) { + if (st != SNMP_CMD_WALK || response-errstat != SNMP_ERR_NOSUCHNAME) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Error in packet: %s, snmp_errstring(response-errstat)); if (response-errstat == SNMP_ERR_NOSUCHNAME) { for (count=1, vars = response-variables; vars count != response-errindex; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/branches/ PHP_5_2/NEWS PHP_5_2/ext/snmp/snmp.c PHP_5_3/NEWS PHP_5_3/ext/snmp/snmp.c
Hi. On Mon, Jan 31, 2011 at 3:46 PM, Kalle Sommer Nielsen ka...@php.net wrote: The PHP_5_2 branch is dead, so please revert the changes in that branch and keep it to 5.3/trunk. done, thanks. -- Boris -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/standard/http_fopen_wrapper.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/http_fopen_wrapper.c trunk/ext/standard/http_f
dmitry Fri, 28 Jan 2011 10:33:47 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307815 Log: Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/Proxy-Authorization Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/http_fopen_wrapper.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c U php/php-src/trunk/ext/standard/http_fopen_wrapper.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2011-01-28 09:15:33 UTC (rev 307814) +++ php/php-src/branches/PHP_5_2/NEWS 2011-01-28 10:33:47 UTC (rev 307815) @@ -1,6 +1,9 @@ PHPNEWS ||| ?? ??? , PHP 5.2.18 +- Added ability to connect to HTTPS sites through proxy with basic + authentication using stream_context/http/header/Proxy-Authorization (Dmitry) + - Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos) - Fixed bug #53568 (swapped memset arguments in struct initialization). (crrodriguez at opensuse dot org) Modified: php/php-src/branches/PHP_5_2/ext/standard/http_fopen_wrapper.c === --- php/php-src/branches/PHP_5_2/ext/standard/http_fopen_wrapper.c 2011-01-28 09:15:33 UTC (rev 307814) +++ php/php-src/branches/PHP_5_2/ext/standard/http_fopen_wrapper.c 2011-01-28 10:33:47 UTC (rev 307815) @@ -200,7 +200,70 @@ smart_str_appends(header, resource-host); smart_str_appendc(header, ':'); smart_str_append_unsigned(header, resource-port); - smart_str_appendl(header, HTTP/1.0\r\n\r\n, sizeof( HTTP/1.0\r\n\r\n)-1); + smart_str_appendl(header, HTTP/1.0\r\n, sizeof( HTTP/1.0\r\n)-1); + + /* check if we have Proxy-Authorization header */ + if (context php_stream_context_get_option(context, http, header, tmpzval) == SUCCESS) { + char *s, *p; + + if (Z_TYPE_PP(tmpzval) == IS_ARRAY) { +HashPosition pos; +zval **tmpheader = NULL; + +for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(tmpzval), pos); + SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(tmpzval), (void *)tmpheader, pos); + zend_hash_move_forward_ex(Z_ARRVAL_PP(tmpzval), pos)) { + if (Z_TYPE_PP(tmpheader) == IS_STRING) { + s = Z_STRVAL_PP(tmpheader); + do { + while (*s == ' ' || *s == '\t') s++; + p = s; + while (*p != 0 *p != ':' *p != '\r' *p !='\n') p++; + if (*p == ':') { +p++; +if (p - s == sizeof(Proxy-Authorization:) - 1 +zend_binary_strcasecmp(s, sizeof(Proxy-Authorization:) - 1, +Proxy-Authorization:, sizeof(Proxy-Authorization:) - 1) == 0) { + while (*p != 0 *p != '\r' *p !='\n') p++; + smart_str_appendl(header, s, p - s); + smart_str_appendl(header, \r\n, sizeof(\r\n)-1); + goto finish; +} else { + while (*p != 0 *p != '\r' *p !='\n') p++; +} + } + s = p; + while (*s == '\r' || *s == '\n') s++; + } while (*s != 0); + } +} + } else if (Z_TYPE_PP(tmpzval) == IS_STRING Z_STRLEN_PP(tmpzval)) { +s = Z_STRVAL_PP(tmpzval); +do { + while (*s == ' ' || *s == '\t') s++; + p = s; + while (*p != 0 *p != ':' *p != '\r' *p !='\n') p++; + if (*p == ':') { + p++; + if (p - s == sizeof(Proxy-Authorization:) - 1 + zend_binary_strcasecmp(s, sizeof(Proxy-Authorization:) - 1, + Proxy-Authorization:, sizeof(Proxy-Authorization:) - 1) == 0) { + while (*p != 0 *p != '\r' *p !='\n') p++; + smart_str_appendl(header, s, p - s); + smart_str_appendl(header, \r\n, sizeof(\r\n)-1); + goto finish; + } else { + while (*p != 0 *p != '\r' *p !='\n') p++; + } + } + s = p; + while (*s == '\r' || *s == '\n') s++; +} while (*s != 0); + } + } +finish: + smart_str_appendl(header, \r\n, sizeof(\r\n)-1); + if (php_stream_write(stream, header.c, header.len) != header.len) { php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, Cannot connect to HTTPS server through proxy); php_stream_close(stream); @@ -357,9 +420,11 @@ tmp = php_trim(Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval), NULL, 0, NULL, 3 TSRMLS_CC); } if (tmp strlen(tmp) 0) { + char *s; + if (!header_init) { /* Remove post headers for redirects */ int l = strlen(tmp); -char *s, *s2, *tmp_c = estrdup(tmp); +char *s2, *tmp_c = estrdup(tmp); php_strtolower(tmp_c, l); if ((s = strstr(tmp_c, content-length:))) { @@ -380,6 +445,7 @@ tmp[s - tmp_c] = '\0'; } } + efree(tmp_c); tmp_c = php_trim(tmp, strlen(tmp),
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/standard/http_fopen_wrapper.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/http_fopen_wrapper.c trunk/ext/standard/ht
hi Dmitry 5.2 is dead and if anything should go in then only critical fixes just in case we have to do another last 5.2 release. Adding Ilia to the loop. On Fri, Jan 28, 2011 at 11:33 AM, Dmitry Stogov dmi...@php.net wrote: dmitry Fri, 28 Jan 2011 10:33:47 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307815 Log: Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/Proxy-Authorization Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/http_fopen_wrapper.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c U php/php-src/trunk/ext/standard/http_fopen_wrapper.c -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS ext/zip/lib/zip_dirent.c
felipe Tue, 11 Jan 2011 20:55:06 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307385 Log: - Fixed bug #53568 (swapped memset arguments in struct initialization) [backported] Bug: http://bugs.php.net/53568 (Closed) swapped memset arguments in ext/zip/lib/zip_dirent.c Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/zip/lib/zip_dirent.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2011-01-11 19:09:09 UTC (rev 307384) +++ php/php-src/branches/PHP_5_2/NEWS 2011-01-11 20:55:06 UTC (rev 307385) @@ -2,6 +2,8 @@ ||| ?? ??? , PHP 5.2.18 - Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos) +- Fixed bug #53568 (swapped memset arguments in struct initialization). + (crrodriguez at opensuse dot org) 06 Jan 2010, PHP 5.2.17 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, Modified: php/php-src/branches/PHP_5_2/ext/zip/lib/zip_dirent.c === --- php/php-src/branches/PHP_5_2/ext/zip/lib/zip_dirent.c 2011-01-11 19:09:09 UTC (rev 307384) +++ php/php-src/branches/PHP_5_2/ext/zip/lib/zip_dirent.c 2011-01-11 20:55:06 UTC (rev 307385) @@ -473,9 +473,7 @@ static time_t _zip_d2u_time(int dtime, int ddate) { -struct tm tm; - -memset(tm, sizeof(tm), 0); +struct tm tm = {0}; /* let mktime decide if DST is in effect */ tm.tm_isdst = -1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_2/NEWS PHP_5_3/NEWS
pajoye Thu, 06 Jan 2011 12:51:35 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307158 Log: - add CVE (too late for the release tho') Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2011-01-06 12:01:41 UTC (rev 307157) +++ php/php-src/branches/PHP_5_2/NEWS 2011-01-06 12:51:35 UTC (rev 307158) @@ -3,7 +3,8 @@ ?? ??? , PHP 5.2.18 06 Jan 2010, PHP 5.2.17 -- Fixed Bug #53632 (infinite loop with x87 fpu). (Scott, Rasmus) +- Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, + Rasmus) 16 Dec 2010, PHP 5.2.16 - Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-01-06 12:01:41 UTC (rev 307157) +++ php/php-src/branches/PHP_5_3/NEWS 2011-01-06 12:51:35 UTC (rev 307158) @@ -102,7 +102,8 @@ gmail dot com, Gustavo) ?? ??? 2011, PHP 5.3.5 -- Fixed Bug #53632 (infinite loop with x87 fpu). (Scott, Rasmus) +- Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, + Rasmus) 09 Dec 2010, PHP 5.3.4 - Upgraded bundled Sqlite3 to version 3.7.3. (Ilia) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/Zend/zend_strtod.c branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_strtod.c trunk/Zend/zend_strtod.c
rasmus Thu, 06 Jan 2011 22:48:20 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307192 Log: Fix bug #53682 Bug: http://bugs.php.net/53682 (Open) VAX handling needs a small update Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/Zend/zend_strtod.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/Zend/zend_strtod.c U php/php-src/trunk/Zend/zend_strtod.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2011-01-06 22:40:20 UTC (rev 307191) +++ php/php-src/branches/PHP_5_2/NEWS 2011-01-06 22:48:20 UTC (rev 307192) @@ -1,6 +1,7 @@ PHP NEWS ||| ?? ??? , PHP 5.2.18 +- Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos) 06 Jan 2010, PHP 5.2.17 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, Modified: php/php-src/branches/PHP_5_2/Zend/zend_strtod.c === --- php/php-src/branches/PHP_5_2/Zend/zend_strtod.c 2011-01-06 22:40:20 UTC (rev 307191) +++ php/php-src/branches/PHP_5_2/Zend/zend_strtod.c 2011-01-06 22:48:20 UTC (rev 307192) @@ -164,6 +164,7 @@ #ifdef __vax__ #define VAX +#undef IEEE_LITTLE_ENDIAN #endif #if defined(_MSC_VER) Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-01-06 22:40:20 UTC (rev 307191) +++ php/php-src/branches/PHP_5_3/NEWS 2011-01-06 22:48:20 UTC (rev 307192) @@ -14,6 +14,7 @@ (Ilia) . Fixed bug #48607 (fwrite() doesn't check reply from ftp server before exiting). (Ilia) + . Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos) - Calendar extension: . Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to Modified: php/php-src/branches/PHP_5_3/Zend/zend_strtod.c === --- php/php-src/branches/PHP_5_3/Zend/zend_strtod.c 2011-01-06 22:40:20 UTC (rev 307191) +++ php/php-src/branches/PHP_5_3/Zend/zend_strtod.c 2011-01-06 22:48:20 UTC (rev 307192) @@ -164,6 +164,7 @@ #ifdef __vax__ #define VAX +#undef IEEE_LITTLE_ENDIAN #endif #if defined(_MSC_VER) Modified: php/php-src/trunk/Zend/zend_strtod.c === --- php/php-src/trunk/Zend/zend_strtod.c2011-01-06 22:40:20 UTC (rev 307191) +++ php/php-src/trunk/Zend/zend_strtod.c2011-01-06 22:48:20 UTC (rev 307192) @@ -164,6 +164,7 @@ #ifdef __vax__ #define VAX +#undef IEEE_LITTLE_ENDIAN #endif #if defined(_MSC_VER) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaThu, 06 Jan 2011 23:01:19 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307193 Log: re-tag Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2011-01-06 22:48:20 UTC (rev 307192) +++ php/php-src/branches/PHP_5_2/NEWS 2011-01-06 23:01:19 UTC (rev 307193) @@ -1,8 +1,5 @@ PHP NEWS ||| -?? ??? , PHP 5.2.18 -- Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos) - 06 Jan 2010, PHP 5.2.17 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, Rasmus) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2011-01-06 22:48:20 UTC (rev 307192) +++ php/php-src/branches/PHP_5_2/configure.in 2011-01-06 23:01:19 UTC (rev 307193) @@ -41,8 +41,8 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 -PHP_RELEASE_VERSION=18 -PHP_EXTRA_VERSION=-dev +PHP_RELEASE_VERSION=17 +PHP_EXTRA_VERSION= PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2011-01-06 22:48:20 UTC (rev 307192) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2011-01-06 23:01:19 UTC (rev 307193) @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 -#define PHP_RELEASE_VERSION 18 -#define PHP_EXTRA_VERSION -dev -#define PHP_VERSION 5.2.18-dev -#define PHP_VERSION_ID 50218 +#define PHP_RELEASE_VERSION 17 +#define PHP_EXTRA_VERSION +#define PHP_VERSION 5.2.17 +#define PHP_VERSION_ID 50217 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaThu, 06 Jan 2011 23:02:27 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307196 Log: back to dev Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2011-01-06 23:01:48 UTC (rev 307195) +++ php/php-src/branches/PHP_5_2/NEWS 2011-01-06 23:02:27 UTC (rev 307196) @@ -1,5 +1,8 @@ PHP NEWS ||| +?? ??? , PHP 5.2.18 +- Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos) + 06 Jan 2010, PHP 5.2.17 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, Rasmus) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2011-01-06 23:01:48 UTC (rev 307195) +++ php/php-src/branches/PHP_5_2/configure.in 2011-01-06 23:02:27 UTC (rev 307196) @@ -41,8 +41,8 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 -PHP_RELEASE_VERSION=17 -PHP_EXTRA_VERSION= +PHP_RELEASE_VERSION=18 +PHP_EXTRA_VERSION=-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2011-01-06 23:01:48 UTC (rev 307195) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2011-01-06 23:02:27 UTC (rev 307196) @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 -#define PHP_RELEASE_VERSION 17 -#define PHP_EXTRA_VERSION -#define PHP_VERSION 5.2.17 -#define PHP_VERSION_ID 50217 +#define PHP_RELEASE_VERSION 18 +#define PHP_EXTRA_VERSION -dev +#define PHP_VERSION 5.2.18-dev +#define PHP_VERSION_ID 50218 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaWed, 05 Jan 2011 14:48:13 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307125 Log: 5.2.17 Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2011-01-05 14:47:27 UTC (rev 307124) +++ php/php-src/branches/PHP_5_2/NEWS 2011-01-05 14:48:13 UTC (rev 307125) @@ -1,6 +1,7 @@ PHP NEWS ||| -?? ??? , PHP 5.2.17 +06 Jan 2010, PHP 5.2.17 +- Fixed Bug #53632 (infinite loop with x87 fpu). (Scott, Rasmus) 16 Dec 2010, PHP 5.2.16 - Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2011-01-05 14:47:27 UTC (rev 307124) +++ php/php-src/branches/PHP_5_2/configure.in 2011-01-05 14:48:13 UTC (rev 307125) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 PHP_RELEASE_VERSION=17 -PHP_EXTRA_VERSION=-dev +PHP_EXTRA_VERSION= PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2011-01-05 14:47:27 UTC (rev 307124) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2011-01-05 14:48:13 UTC (rev 307125) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 #define PHP_RELEASE_VERSION 17 -#define PHP_EXTRA_VERSION -dev -#define PHP_VERSION 5.2.16-dev +#define PHP_EXTRA_VERSION +#define PHP_VERSION 5.2.17 #define PHP_VERSION_ID 50217 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaWed, 05 Jan 2011 14:50:13 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307127 Log: Back to dev Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2011-01-05 14:49:26 UTC (rev 307126) +++ php/php-src/branches/PHP_5_2/NEWS 2011-01-05 14:50:13 UTC (rev 307127) @@ -1,5 +1,7 @@ PHP NEWS ||| +?? ??? , PHP 5.2.18 + 06 Jan 2010, PHP 5.2.17 - Fixed Bug #53632 (infinite loop with x87 fpu). (Scott, Rasmus) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2011-01-05 14:49:26 UTC (rev 307126) +++ php/php-src/branches/PHP_5_2/configure.in 2011-01-05 14:50:13 UTC (rev 307127) @@ -41,8 +41,8 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 -PHP_RELEASE_VERSION=17 -PHP_EXTRA_VERSION= +PHP_RELEASE_VERSION=18 +PHP_EXTRA_VERSION=-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2011-01-05 14:49:26 UTC (rev 307126) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2011-01-05 14:50:13 UTC (rev 307127) @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 -#define PHP_RELEASE_VERSION 17 -#define PHP_EXTRA_VERSION -#define PHP_VERSION 5.2.17 -#define PHP_VERSION_ID 50217 +#define PHP_RELEASE_VERSION 18 +#define PHP_EXTRA_VERSION -dev +#define PHP_VERSION 5.2.18-dev +#define PHP_VERSION_ID 50218 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaWed, 15 Dec 2010 13:37:15 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306383 Log: 5.2.16 Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-12-15 13:04:38 UTC (rev 306382) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-15 13:37:15 UTC (rev 306383) @@ -1,6 +1,6 @@ PHP NEWS ||| -?? ??? , PHP 5.2.16 +16 Dec 2010, PHP 5.2.16 - Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu) - Fixed bug #53516 (Regression in open_basedir handling). (Ilia) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-12-15 13:04:38 UTC (rev 306382) +++ php/php-src/branches/PHP_5_2/configure.in 2010-12-15 13:37:15 UTC (rev 306383) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 PHP_RELEASE_VERSION=16 -PHP_EXTRA_VERSION=-dev +PHP_EXTRA_VERSION= PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-15 13:04:38 UTC (rev 306382) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-15 13:37:15 UTC (rev 306383) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 #define PHP_RELEASE_VERSION 16 -#define PHP_EXTRA_VERSION -dev -#define PHP_VERSION 5.2.16-dev +#define PHP_EXTRA_VERSION +#define PHP_VERSION 5.2.16 #define PHP_VERSION_ID 50216 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaWed, 15 Dec 2010 13:47:14 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306385 Log: back to dev Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-12-15 13:41:13 UTC (rev 306384) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-15 13:47:14 UTC (rev 306385) @@ -1,5 +1,7 @@ PHP NEWS ||| +?? ??? , PHP 5.2.17 + 16 Dec 2010, PHP 5.2.16 - Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-12-15 13:41:13 UTC (rev 306384) +++ php/php-src/branches/PHP_5_2/configure.in 2010-12-15 13:47:14 UTC (rev 306385) @@ -41,8 +41,8 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 -PHP_RELEASE_VERSION=16 -PHP_EXTRA_VERSION= +PHP_RELEASE_VERSION=17 +PHP_EXTRA_VERSION=-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-15 13:41:13 UTC (rev 306384) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-15 13:47:14 UTC (rev 306385) @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 -#define PHP_RELEASE_VERSION 16 -#define PHP_EXTRA_VERSION -#define PHP_VERSION 5.2.16 -#define PHP_VERSION_ID 50216 +#define PHP_RELEASE_VERSION 17 +#define PHP_EXTRA_VERSION -dev +#define PHP_VERSION 5.2.16-dev +#define PHP_VERSION_ID 50217 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS main/fopen_wrappers.c
iliaaFri, 10 Dec 2010 12:50:25 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306184 Log: Fixed bug #53516 (Regression in open_basedir handling). Bug: http://bugs.php.net/53516 (Open) open_basedir BUG introduced in PHP 5.2.15 Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/main/fopen_wrappers.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-12-10 11:52:13 UTC (rev 306183) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-10 12:50:25 UTC (rev 306184) @@ -1,6 +1,7 @@ PHP NEWS ||| ?? ??? , PHP 5.2.16 +- Fixed bug #53516 (Regression in open_basedir handling). (Ilia) 09 Dec 2010, PHP 5.2.15 - Fixed extract() to do not overwrite $GLOBALS and $this when using Modified: php/php-src/branches/PHP_5_2/main/fopen_wrappers.c === --- php/php-src/branches/PHP_5_2/main/fopen_wrappers.c 2010-12-10 11:52:13 UTC (rev 306183) +++ php/php-src/branches/PHP_5_2/main/fopen_wrappers.c 2010-12-10 12:50:25 UTC (rev 306184) @@ -192,7 +192,7 @@ if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif if (resolved_name_len resolved_basedir_len - resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { return -1; } else { /* File is in the right directory */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/pdo_pgsql/pgsql_statement.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/pdo_pgsql/pgsql_statement.c trunk/ext/pdo_pgsql/pgsql_sta
felipe Fri, 10 Dec 2010 17:50:26 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306192 Log: - Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down) patch by: gyp at balabit dot hu Bug: http://bugs.php.net/53517 (Closed) segfault in pgsql_stmt_execute() when postgres is down Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/pdo_pgsql/pgsql_statement.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/pdo_pgsql/pgsql_statement.c U php/php-src/trunk/ext/pdo_pgsql/pgsql_statement.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-12-10 17:19:58 UTC (rev 306191) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-10 17:50:26 UTC (rev 306192) @@ -1,6 +1,8 @@ PHP NEWS ||| ?? ??? , PHP 5.2.16 +- Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). + (gyp at balabit dot hu) - Fixed bug #53516 (Regression in open_basedir handling). (Ilia) 09 Dec 2010, PHP 5.2.15 Modified: php/php-src/branches/PHP_5_2/ext/pdo_pgsql/pgsql_statement.c === --- php/php-src/branches/PHP_5_2/ext/pdo_pgsql/pgsql_statement.c 2010-12-10 17:19:58 UTC (rev 306191) +++ php/php-src/branches/PHP_5_2/ext/pdo_pgsql/pgsql_statement.c 2010-12-10 17:50:26 UTC (rev 306192) @@ -156,7 +156,7 @@ * chance to DEALLOCATE the prepared statements it has created. so, if we hit a 42P05 we * deallocate it and retry ONCE (thies 2005.12.15) */ - if (!strcmp(sqlstate, 42P05)) { + if (sqlstate !strcmp(sqlstate, 42P05)) { char buf[100]; /* stmt_name == pdo_crsr_%08x */ PGresult *res; snprintf(buf, sizeof(buf), DEALLOCATE %s, S-stmt_name); Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-12-10 17:19:58 UTC (rev 306191) +++ php/php-src/branches/PHP_5_3/NEWS 2010-12-10 17:50:26 UTC (rev 306192) @@ -9,6 +9,10 @@ . Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on ORACLE 10). (spatar at mail dot nnov dot ru) +- PDO PostgreSQL driver: + . Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). +(gyp at balabit dot hu) + - Zend Engine: . Indirect reference to $this fails to resolve if direct $this is never used in method. (Scott) Modified: php/php-src/branches/PHP_5_3/ext/pdo_pgsql/pgsql_statement.c === --- php/php-src/branches/PHP_5_3/ext/pdo_pgsql/pgsql_statement.c 2010-12-10 17:19:58 UTC (rev 306191) +++ php/php-src/branches/PHP_5_3/ext/pdo_pgsql/pgsql_statement.c 2010-12-10 17:50:26 UTC (rev 306192) @@ -184,7 +184,7 @@ * chance to DEALLOCATE the prepared statements it has created. so, if we hit a 42P05 we * deallocate it and retry ONCE (thies 2005.12.15) */ - if (!strcmp(sqlstate, 42P05)) { + if (sqlstate !strcmp(sqlstate, 42P05)) { char buf[100]; /* stmt_name == pdo_crsr_%08x */ PGresult *res; snprintf(buf, sizeof(buf), DEALLOCATE %s, S-stmt_name); Modified: php/php-src/trunk/ext/pdo_pgsql/pgsql_statement.c === --- php/php-src/trunk/ext/pdo_pgsql/pgsql_statement.c 2010-12-10 17:19:58 UTC (rev 306191) +++ php/php-src/trunk/ext/pdo_pgsql/pgsql_statement.c 2010-12-10 17:50:26 UTC (rev 306192) @@ -184,7 +184,7 @@ * chance to DEALLOCATE the prepared statements it has created. so, if we hit a 42P05 we * deallocate it and retry ONCE (thies 2005.12.15) */ - if (!strcmp(sqlstate, 42P05)) { + if (sqlstate !strcmp(sqlstate, 42P05)) { char buf[100]; /* stmt_name == pdo_crsr_%08x */
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS main/fopen_wrappers.c
Is there a test for this? Chris On 12/10/2010 04:50 AM, Ilia Alshanetsky wrote: iliaaFri, 10 Dec 2010 12:50:25 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306184 Log: Fixed bug #53516 (Regression in open_basedir handling). Bug: http://bugs.php.net/53516 (Open) open_basedir BUG introduced in PHP 5.2.15 Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/main/fopen_wrappers.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-12-10 11:52:13 UTC (rev 306183) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-10 12:50:25 UTC (rev 306184) @@ -1,6 +1,7 @@ PHP NEWS ||| ?? ??? , PHP 5.2.16 +- Fixed bug #53516 (Regression in open_basedir handling). (Ilia) 09 Dec 2010, PHP 5.2.15 - Fixed extract() to do not overwrite $GLOBALS and $this when using Modified: php/php-src/branches/PHP_5_2/main/fopen_wrappers.c === --- php/php-src/branches/PHP_5_2/main/fopen_wrappers.c 2010-12-10 11:52:13 UTC (rev 306183) +++ php/php-src/branches/PHP_5_2/main/fopen_wrappers.c 2010-12-10 12:50:25 UTC (rev 306184) @@ -192,7 +192,7 @@ if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif if (resolved_name_len resolved_basedir_len - resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { return -1; } else { /* File is in the right directory */ -- Email: christopher.jo...@oracle.com Tel: +1 650 506 8630 Blog: http://blogs.oracle.com/opal/ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS main/fopen_wrappers.c
Going to see if we can add one. On Fri, Dec 10, 2010 at 4:33 PM, Christopher Jones christopher.jo...@oracle.com wrote: Is there a test for this? Chris On 12/10/2010 04:50 AM, Ilia Alshanetsky wrote: iliaa Fri, 10 Dec 2010 12:50:25 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306184 Log: Fixed bug #53516 (Regression in open_basedir handling). Bug: http://bugs.php.net/53516 (Open) open_basedir BUG introduced in PHP 5.2.15 Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/main/fopen_wrappers.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-12-10 11:52:13 UTC (rev 306183) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-10 12:50:25 UTC (rev 306184) @@ -1,6 +1,7 @@ PHP NEWS ||| ?? ??? , PHP 5.2.16 +- Fixed bug #53516 (Regression in open_basedir handling). (Ilia) 09 Dec 2010, PHP 5.2.15 - Fixed extract() to do not overwrite $GLOBALS and $this when using Modified: php/php-src/branches/PHP_5_2/main/fopen_wrappers.c === --- php/php-src/branches/PHP_5_2/main/fopen_wrappers.c 2010-12-10 11:52:13 UTC (rev 306183) +++ php/php-src/branches/PHP_5_2/main/fopen_wrappers.c 2010-12-10 12:50:25 UTC (rev 306184) @@ -192,7 +192,7 @@ if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif if (resolved_name_len resolved_basedir_len - resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { return -1; } else { /* File is in the right directory */ -- Email: christopher.jo...@oracle.com Tel: +1 650 506 8630 Blog: http://blogs.oracle.com/opal/ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaThu, 09 Dec 2010 19:35:13 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306138 Log: Re-branch 5.2.15 Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-12-09 19:34:23 UTC (rev 306137) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-09 19:35:13 UTC (rev 306138) @@ -1,7 +1,5 @@ PHP NEWS ||| -?? ?? , PHP 5.2.16 - 09 Dec 2010, PHP 5.2.15 - Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. (jorto at redhat dot com) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-12-09 19:34:23 UTC (rev 306137) +++ php/php-src/branches/PHP_5_2/configure.in 2010-12-09 19:35:13 UTC (rev 306138) @@ -41,8 +41,8 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 -PHP_RELEASE_VERSION=16 -PHP_EXTRA_VERSION=-dev +PHP_RELEASE_VERSION=15 +PHP_EXTRA_VERSION= PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-09 19:34:23 UTC (rev 306137) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-09 19:35:13 UTC (rev 306138) @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 -#define PHP_RELEASE_VERSION 16 -#define PHP_EXTRA_VERSION -dev -#define PHP_VERSION 5.2.16-dev -#define PHP_VERSION_ID 50216 +#define PHP_RELEASE_VERSION 15 +#define PHP_EXTRA_VERSION +#define PHP_VERSION 5.2.15 +#define PHP_VERSION_ID 50215 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaThu, 09 Dec 2010 19:36:06 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306140 Log: back to dev Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-12-09 19:35:29 UTC (rev 306139) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-09 19:36:06 UTC (rev 306140) @@ -1,5 +1,7 @@ PHP NEWS ||| +?? ??? , PHP 5.2.16 + 09 Dec 2010, PHP 5.2.15 - Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. (jorto at redhat dot com) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-12-09 19:35:29 UTC (rev 306139) +++ php/php-src/branches/PHP_5_2/configure.in 2010-12-09 19:36:06 UTC (rev 306140) @@ -41,8 +41,8 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 -PHP_RELEASE_VERSION=15 -PHP_EXTRA_VERSION= +PHP_RELEASE_VERSION=16 +PHP_EXTRA_VERSION=-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-09 19:35:29 UTC (rev 306139) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-09 19:36:06 UTC (rev 306140) @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 -#define PHP_RELEASE_VERSION 15 -#define PHP_EXTRA_VERSION -#define PHP_VERSION 5.2.15 -#define PHP_VERSION_ID 50215 +#define PHP_RELEASE_VERSION 16 +#define PHP_EXTRA_VERSION -dev +#define PHP_VERSION 5.2.16-dev +#define PHP_VERSION_ID 50216 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS ext/gd/gd.c
iliaaWed, 08 Dec 2010 22:30:12 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306097 Log: Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). Bug: http://bugs.php.net/53492 (Closed) Stack buffer overflow in imagepstext Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/gd/gd.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-12-08 22:07:40 UTC (rev 306096) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-08 22:30:12 UTC (rev 306097) @@ -1,21 +1,18 @@ PHP NEWS ||| -?? ??? 2010, PHP 5.2.15 - -02 Dec 2010, PHP 5.2.15RC2 +09 Dec 2010, PHP 5.2.15 - Fixed extract() to do not overwrite $GLOBALS and $this when using - EXTR_OVERWRITE. (jorto at redhat dot com) - -18 Nov 2010, PHP 5.2.15RC1 + EXTR_OVERWRITE. (jorto at redhat dot com) - Fixed crash in zip extract method (possible CWE-170). (Maksymilian Arciemowicz, Pierre) - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia) - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) - Fixed possible crash in mssql_fetch_batch(). (Kalle) - - Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz) + +- Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre) - Fixed bug #53323 (pdo_firebird getAttribute() crash). (preeves at ibphoenix dot com) - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with Modified: php/php-src/branches/PHP_5_2/ext/gd/gd.c === --- php/php-src/branches/PHP_5_2/ext/gd/gd.c2010-12-08 22:07:40 UTC (rev 306096) +++ php/php-src/branches/PHP_5_2/ext/gd/gd.c2010-12-08 22:30:12 UTC (rev 306097) @@ -4593,6 +4593,11 @@ return; } + if (aa_steps != 4 || aa_steps != 16) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, AA steps must be 4 or 16); + RETURN_FALSE; + } + ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, img, -1, Image, le_gd); ZEND_FETCH_RESOURCE(f_ind, int *, fnt, -1, Type 1 font, le_ps_font); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaWed, 08 Dec 2010 22:33:02 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306100 Log: Back to dev, one final time ;-) Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-12-08 22:31:09 UTC (rev 306099) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-08 22:33:02 UTC (rev 306100) @@ -1,5 +1,7 @@ PHP NEWS ||| +?? ?? , PHP 5.2.15 + 09 Dec 2010, PHP 5.2.15 - Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. (jorto at redhat dot com) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-12-08 22:31:09 UTC (rev 306099) +++ php/php-src/branches/PHP_5_2/configure.in 2010-12-08 22:33:02 UTC (rev 306100) @@ -41,8 +41,8 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 -PHP_RELEASE_VERSION=15 -PHP_EXTRA_VERSION= +PHP_RELEASE_VERSION=16 +PHP_EXTRA_VERSION=-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-08 22:31:09 UTC (rev 306099) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-08 22:33:02 UTC (rev 306100) @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 -#define PHP_RELEASE_VERSION 15 -#define PHP_EXTRA_VERSION -#define PHP_VERSION 5.2.15 -#define PHP_VERSION_ID 50215 +#define PHP_RELEASE_VERSION 16 +#define PHP_EXTRA_VERSION -dev +#define PHP_VERSION 5.2.16-dev +#define PHP_VERSION_ID 50216 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
aharvey Thu, 09 Dec 2010 02:47:47 + Revision: http://svn.php.net/viewvc?view=revisionrevision=306105 Log: Fix the next version number in NEWS. Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-12-09 00:18:40 UTC (rev 306104) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-09 02:47:47 UTC (rev 306105) @@ -1,6 +1,6 @@ PHP NEWS ||| -?? ?? , PHP 5.2.15 +?? ?? , PHP 5.2.16 09 Dec 2010, PHP 5.2.15 - Fixed extract() to do not overwrite $GLOBALS and $this when using -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaFri, 03 Dec 2010 00:13:07 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305924 Log: 5.2.15RC2 Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-12-02 23:23:14 UTC (rev 305923) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-03 00:13:07 UTC (rev 305924) @@ -1,6 +1,6 @@ PHP NEWS ||| -?? ??? 2010, PHP 5.2.15RC2 +02 Dec 2010, PHP 5.2.15RC2 - Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. (jorto at redhat dot com) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-12-02 23:23:14 UTC (rev 305923) +++ php/php-src/branches/PHP_5_2/configure.in 2010-12-03 00:13:07 UTC (rev 305924) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 PHP_RELEASE_VERSION=15 -PHP_EXTRA_VERSION=RC2-dev +PHP_EXTRA_VERSION=RC2 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-02 23:23:14 UTC (rev 305923) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-03 00:13:07 UTC (rev 305924) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 #define PHP_RELEASE_VERSION 15 -#define PHP_EXTRA_VERSION RC2-dev -#define PHP_VERSION 5.2.15RC2-dev +#define PHP_EXTRA_VERSION RC2 +#define PHP_VERSION 5.2.15RC2 #define PHP_VERSION_ID 50215 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaFri, 03 Dec 2010 00:29:16 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305926 Log: Back to dev Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-12-03 00:28:05 UTC (rev 305925) +++ php/php-src/branches/PHP_5_2/NEWS 2010-12-03 00:29:16 UTC (rev 305926) @@ -1,5 +1,7 @@ PHP NEWS ||| +?? ??? 2010, PHP 5.2.15 + 02 Dec 2010, PHP 5.2.15RC2 - Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. (jorto at redhat dot com) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-12-03 00:28:05 UTC (rev 305925) +++ php/php-src/branches/PHP_5_2/configure.in 2010-12-03 00:29:16 UTC (rev 305926) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 PHP_RELEASE_VERSION=15 -PHP_EXTRA_VERSION=RC2 +PHP_EXTRA_VERSION=RC3-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-03 00:28:05 UTC (rev 305925) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-12-03 00:29:16 UTC (rev 305926) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 #define PHP_RELEASE_VERSION 15 -#define PHP_EXTRA_VERSION RC2 -#define PHP_VERSION 5.2.15RC2 +#define PHP_EXTRA_VERSION RC3-dev +#define PHP_VERSION 5.2.15RC3-dev #define PHP_VERSION_ID 50215 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/zip/php_zip.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/zip/php_zip.c trunk/ext/zip/php_zip.c
pajoye Tue, 30 Nov 2010 11:04:06 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305848 Log: Fixed crash in zip extract method (possible CWE-170) Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/zip/php_zip.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/zip/php_zip.c U php/php-src/trunk/ext/zip/php_zip.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-11-30 10:20:33 UTC (rev 305847) +++ php/php-src/branches/PHP_5_2/NEWS 2010-11-30 11:04:06 UTC (rev 305848) @@ -5,6 +5,8 @@ EXTR_OVERWRITE. (jorto at redhat dot com) 18 Nov 2010, PHP 5.2.15RC1 +- Fixed crash in zip extract method (possible CWE-170). + (Maksymilian Arciemowicz, Pierre) - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia) - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) Modified: php/php-src/branches/PHP_5_2/ext/zip/php_zip.c === --- php/php-src/branches/PHP_5_2/ext/zip/php_zip.c 2010-11-30 10:20:33 UTC (rev 305847) +++ php/php-src/branches/PHP_5_2/ext/zip/php_zip.c 2010-11-30 11:04:06 UTC (rev 305848) @@ -413,6 +413,9 @@ return 0; } path_cleaned = php_zip_make_relative_path(new_state.cwd, new_state.cwd_length); + if(!path_cleaned) { + return 0; + } path_cleaned_len = strlen(path_cleaned); if (path_cleaned_len = MAXPATHLEN || zip_stat(za, file, 0, sb) != 0) { Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-11-30 10:20:33 UTC (rev 305847) +++ php/php-src/branches/PHP_5_3/NEWS 2010-11-30 11:04:06 UTC (rev 305848) @@ -49,6 +49,8 @@ - Upgraded bundled PCRE to version 8.10. (Ilia) - Security enhancements: + . Fixed crash in zip extract method (possible CWE-170). +(Maksymilian Arciemowicz, Pierre) . Paths with NULL in them (foo\0bar.txt) are now considered as invalid. (Rasmus) . Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia) Modified: php/php-src/branches/PHP_5_3/ext/zip/php_zip.c === --- php/php-src/branches/PHP_5_3/ext/zip/php_zip.c 2010-11-30 10:20:33 UTC (rev 305847) +++ php/php-src/branches/PHP_5_3/ext/zip/php_zip.c 2010-11-30 11:04:06 UTC (rev 305848) @@ -162,6 +162,9 @@ */ virtual_file_ex(new_state, file, NULL, CWD_EXPAND); path_cleaned = php_zip_make_relative_path(new_state.cwd, new_state.cwd_length); + if(!path_cleaned) { + return 0; + } path_cleaned_len = strlen(path_cleaned); if (path_cleaned_len = MAXPATHLEN || zip_stat(za, file, 0, sb) != 0) { Modified: php/php-src/trunk/ext/zip/php_zip.c === --- php/php-src/trunk/ext/zip/php_zip.c 2010-11-30 10:20:33 UTC (rev 305847) +++ php/php-src/trunk/ext/zip/php_zip.c 2010-11-30 11:04:06 UTC (rev 305848) @@ -162,6 +162,9 @@ */ virtual_file_ex(new_state, file, NULL, CWD_EXPAND TSRMLS_CC); path_cleaned = php_zip_make_relative_path(new_state.cwd, new_state.cwd_length); + if(!path_cleaned) { + return 0; + } path_cleaned_len = strlen(path_cleaned); if (path_cleaned_len = MAXPATHLEN || zip_stat(za, file, 0, sb) != 0) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/standard/array.c branches/PHP_5_2/ext/standard/tests/array/extract_safety.phpt branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standa
felipe Fri, 19 Nov 2010 22:06:44 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305570 Log: - Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. patch by: jorto at redhat dot com Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/array.c A php/php-src/branches/PHP_5_2/ext/standard/tests/array/extract_safety.phpt U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/array.c A php/php-src/branches/PHP_5_3/ext/standard/tests/array/extract_safety.phpt U php/php-src/trunk/ext/standard/array.c A php/php-src/trunk/ext/standard/tests/array/extract_safety.phpt Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-11-19 21:38:48 UTC (rev 305569) +++ php/php-src/branches/PHP_5_2/NEWS 2010-11-19 22:06:44 UTC (rev 305570) @@ -1,6 +1,8 @@ PHP NEWS ||| ?? ??? 2010, PHP 5.2.15RC2 +- Fixed extract() to do not overwrite $GLOBALS and $this when using + EXTR_OVERWRITE. (jorto at redhat dot com) 18 Nov 2010, PHP 5.2.15RC1 - Fixed a possible double free in imap extension (Identified by Mateusz Modified: php/php-src/branches/PHP_5_2/ext/standard/array.c === --- php/php-src/branches/PHP_5_2/ext/standard/array.c 2010-11-19 21:38:48 UTC (rev 305569) +++ php/php-src/branches/PHP_5_2/ext/standard/array.c 2010-11-19 22:06:44 UTC (rev 305570) @@ -1516,10 +1516,10 @@ case EXTR_OVERWRITE: /* GLOBALS protection */ - if (var_exists var_name_len == sizeof(GLOBALS) !strcmp(var_name, GLOBALS)) { + if (var_exists var_name_len == sizeof(GLOBALS)-1 !strcmp(var_name, GLOBALS)) { break; } - if (var_exists var_name_len == sizeof(this) !strcmp(var_name, this) EG(scope) EG(scope)-name_length != 0) { + if (var_exists var_name_len == sizeof(this)-1 !strcmp(var_name, this) EG(scope) EG(scope)-name_length != 0) { break; } smart_str_appendl(final_name, var_name, var_name_len); Added: php/php-src/branches/PHP_5_2/ext/standard/tests/array/extract_safety.phpt === --- php/php-src/branches/PHP_5_2/ext/standard/tests/array/extract_safety.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/ext/standard/tests/array/extract_safety.phpt 2010-11-19 22:06:44 UTC (rev 305570) @@ -0,0 +1,24 @@ +--TEST-- +Test extract() for overwrite of GLOBALS +--FILE-- +?php +$str = John; +debug_zval_dump($GLOBALS[str]); + +/* Extracting Global Variables */ +$splat = array(foo = bar); +var_dump(extract(array(GLOBALS = $splat, EXTR_OVERWRITE))); + +unset ($splat); + +debug_zval_dump($GLOBALS[str]); + +echo \nDone; +? + +--EXPECTF-- +string(4) John refcount(2) +int(0) +string(4) John refcount(2) + +Done \ No newline at end of file Property changes on: php/php-src/branches/PHP_5_2/ext/standard/tests/array/extract_safety.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-11-19 21:38:48 UTC (rev 305569) +++ php/php-src/branches/PHP_5_3/NEWS 2010-11-19 22:06:44 UTC (rev 305570) @@ -1,6 +1,8 @@ PHP NEWS ||| ?? ??? 2010, PHP 5.3.4 +- Fixed extract() to do not overwrite $GLOBALS and $this when using + EXTR_OVERWRITE. (jorto at redhat dot com) - Fixed bug #53362 (Segmentation fault when extending SplFixedArray). (Felipe) - Fixed bug #47168 (printf of floating point variable prints maximum of 40 decimal places). (Ilia) Modified: php/php-src/branches/PHP_5_3/ext/standard/array.c === --- php/php-src/branches/PHP_5_3/ext/standard/array.c 2010-11-19 21:38:48 UTC (rev 305569) +++ php/php-src/branches/PHP_5_3/ext/standard/array.c 2010-11-19 22:06:44 UTC (rev 305570) @@ -1389,10 +1389,10 @@ case EXTR_OVERWRITE: /* GLOBALS protection */ - if (var_exists
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaThu, 18 Nov 2010 14:30:55 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305497 Log: 5.2.15RC1 Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-11-18 13:27:31 UTC (rev 305496) +++ php/php-src/branches/PHP_5_2/NEWS 2010-11-18 14:30:55 UTC (rev 305497) @@ -1,6 +1,6 @@ PHP NEWS ||| -?? ??? 2010, PHP 5.2.15 +18 Nov 2010, PHP 5.2.15RC1 - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia) - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-11-18 13:27:31 UTC (rev 305496) +++ php/php-src/branches/PHP_5_2/configure.in 2010-11-18 14:30:55 UTC (rev 305497) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 PHP_RELEASE_VERSION=15 -PHP_EXTRA_VERSION=-dev +PHP_EXTRA_VERSION=RC1 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-11-18 13:27:31 UTC (rev 305496) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-11-18 14:30:55 UTC (rev 305497) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 #define PHP_RELEASE_VERSION 15 -#define PHP_EXTRA_VERSION -dev -#define PHP_VERSION 5.2.15-dev +#define PHP_EXTRA_VERSION RC1 +#define PHP_VERSION 5.2.15RC1 #define PHP_VERSION_ID 50215 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaThu, 18 Nov 2010 14:35:34 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305499 Log: Back to dev Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-11-18 14:34:51 UTC (rev 305498) +++ php/php-src/branches/PHP_5_2/NEWS 2010-11-18 14:35:34 UTC (rev 305499) @@ -1,5 +1,7 @@ PHP NEWS ||| +?? ??? 2010, PHP 5.2.15RC2 + 18 Nov 2010, PHP 5.2.15RC1 - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-11-18 14:34:51 UTC (rev 305498) +++ php/php-src/branches/PHP_5_2/configure.in 2010-11-18 14:35:34 UTC (rev 305499) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 PHP_RELEASE_VERSION=15 -PHP_EXTRA_VERSION=RC1 +PHP_EXTRA_VERSION=RC2-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-11-18 14:34:51 UTC (rev 305498) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-11-18 14:35:34 UTC (rev 305499) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 #define PHP_RELEASE_VERSION 15 -#define PHP_EXTRA_VERSION RC1 -#define PHP_VERSION 5.2.15RC1 +#define PHP_EXTRA_VERSION RC2-dev +#define PHP_VERSION 5.2.15RC2-dev #define PHP_VERSION_ID 50215 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaThu, 18 Nov 2010 14:38:25 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305501 Log: One more try Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-11-18 14:37:51 UTC (rev 305500) +++ php/php-src/branches/PHP_5_2/NEWS 2010-11-18 14:38:25 UTC (rev 305501) @@ -1,7 +1,5 @@ PHP NEWS ||| -?? ??? 2010, PHP 5.2.15RC2 - 18 Nov 2010, PHP 5.2.15RC1 - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-11-18 14:37:51 UTC (rev 305500) +++ php/php-src/branches/PHP_5_2/configure.in 2010-11-18 14:38:25 UTC (rev 305501) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 PHP_RELEASE_VERSION=15 -PHP_EXTRA_VERSION=RC2-dev +PHP_EXTRA_VERSION=RC1 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-11-18 14:37:51 UTC (rev 305500) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-11-18 14:38:25 UTC (rev 305501) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 #define PHP_RELEASE_VERSION 15 -#define PHP_EXTRA_VERSION RC2-dev -#define PHP_VERSION 5.2.15RC2-dev +#define PHP_EXTRA_VERSION RC1 +#define PHP_VERSION 5.2.15RC1 #define PHP_VERSION_ID 50215 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaThu, 18 Nov 2010 14:40:49 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305505 Log: Back to dev Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-11-18 14:40:07 UTC (rev 305504) +++ php/php-src/branches/PHP_5_2/NEWS 2010-11-18 14:40:49 UTC (rev 305505) @@ -1,5 +1,7 @@ PHP NEWS ||| +?? ??? 2010, PHP 5.2.15RC2 + 18 Nov 2010, PHP 5.2.15RC1 - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-11-18 14:40:07 UTC (rev 305504) +++ php/php-src/branches/PHP_5_2/configure.in 2010-11-18 14:40:49 UTC (rev 305505) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 PHP_RELEASE_VERSION=15 -PHP_EXTRA_VERSION=RC1 +PHP_EXTRA_VERSION=RC2-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-11-18 14:40:07 UTC (rev 305504) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-11-18 14:40:49 UTC (rev 305505) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 #define PHP_RELEASE_VERSION 15 -#define PHP_EXTRA_VERSION RC1 -#define PHP_VERSION 5.2.15RC1 +#define PHP_EXTRA_VERSION RC2-dev +#define PHP_VERSION 5.2.15RC2-dev #define PHP_VERSION_ID 50215 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/pdo_firebird/firebird_driver.c trunk/ext/pdo_fireb
2010/11/17 Pierre Joye pierre@gmail.com hi Felipe, The 5.2 builds are broken after this commit: do_firebird.c firebird_driver.c ext\pdo_firebird\firebird_driver.c(556) : error C2039: 'fetch_table_names' : is not a member of 'pdo_firebird_db_handle' ext\pdo_firebird\php_pdo_firebird_int.h(62) : see declaration of 'pdo_firebird_db_handle' firebird_statement.c pdo_firebird.c NMAKE : fatal error U1077: 'cl.exe' : return code '0x2' Stop. Fixed, thanks. -- Regards, Felipe Pena
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/pdo_firebird/firebird_driver.c trunk/ext/pdo_firebird/
felipe Tue, 16 Nov 2010 21:02:14 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305416 Log: - Fixed bug #53323 (pdo_firebird getAttribute() crash) patch by: preeves at ibphoenix dot com Bug: http://bugs.php.net/53323 (Open) Some calls to pdo_firebird getAttribute crash Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/pdo_firebird/firebird_driver.c U php/php-src/trunk/ext/pdo_firebird/firebird_driver.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-11-16 20:50:29 UTC (rev 305415) +++ php/php-src/branches/PHP_5_2/NEWS 2010-11-16 21:02:14 UTC (rev 305416) @@ -8,6 +8,8 @@ - Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz) +- Fixed bug #53323 (pdo_firebird getAttribute() crash). + (preeves at ibphoenix dot com) - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). (CVE-2010-3709). (Adam) - Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset Modified: php/php-src/branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c === --- php/php-src/branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c 2010-11-16 20:50:29 UTC (rev 305415) +++ php/php-src/branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c 2010-11-16 21:02:14 UTC (rev 305416) @@ -508,7 +508,7 @@ pdo_firebird_db_handle *H = (pdo_firebird_db_handle *)dbh-driver_data; switch (attr) { - char tmp[200]; + char tmp[512]; case PDO_ATTR_AUTOCOMMIT: ZVAL_LONG(val,dbh-auto_commit); @@ -551,6 +551,10 @@ ZVAL_STRING(val,tmp,1); return 1; } + + case PDO_ATTR_FETCH_TABLE_NAMES: + ZVAL_BOOL(val, H-fetch_table_names); + return 1; } return 0; } Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-11-16 20:50:29 UTC (rev 305415) +++ php/php-src/branches/PHP_5_3/NEWS 2010-11-16 21:02:14 UTC (rev 305416) @@ -64,6 +64,8 @@ - Fixed the filter extension accepting IPv4 octets with a leading 0 as that belongs to the unsupported dotted octal representation. (Gustavo) +- Fixed bug #53323 (pdo_firebird getAttribute() crash). + (preeves at ibphoenix dot com) - Fixed bug #53305 (E_NOTICE when defining a constant starts with __COMPILER_HALT_OFFSET__). (Felipe) - Fixed bug #53297 (gettimeofday implementation in php/win32/time.c can return Modified: php/php-src/branches/PHP_5_3/ext/pdo_firebird/firebird_driver.c === --- php/php-src/branches/PHP_5_3/ext/pdo_firebird/firebird_driver.c 2010-11-16 20:50:29 UTC (rev 305415) +++ php/php-src/branches/PHP_5_3/ext/pdo_firebird/firebird_driver.c 2010-11-16 21:02:14 UTC (rev 305416) @@ -547,7 +547,7 @@ pdo_firebird_db_handle *H = (pdo_firebird_db_handle *)dbh-driver_data; switch (attr) { - char tmp[200]; + char tmp[512]; case PDO_ATTR_AUTOCOMMIT: ZVAL_LONG(val,dbh-auto_commit); @@ -590,6 +590,10 @@ ZVAL_STRING(val,tmp,1); return 1; } + + case PDO_ATTR_FETCH_TABLE_NAMES: + ZVAL_BOOL(val, H-fetch_table_names); + return 1; } return 0; } Modified: php/php-src/trunk/ext/pdo_firebird/firebird_driver.c === --- php/php-src/trunk/ext/pdo_firebird/firebird_driver.c2010-11-16 20:50:29 UTC (rev 305415) +++ php/php-src/trunk/ext/pdo_firebird/firebird_driver.c2010-11-16 21:02:14 UTC (rev 305416) @@ -547,7 +547,7 @@ pdo_firebird_db_handle *H = (pdo_firebird_db_handle *)dbh-driver_data; switch (attr) { - char tmp[200]; + char tmp[512]; case PDO_ATTR_AUTOCOMMIT: ZVAL_LONG(val,dbh-auto_commit); @@ -590,6 +590,10 @@ ZVAL_STRING(val,tmp,1); return 1; } + + case PDO_ATTR_FETCH_TABLE_NAMES: + ZVAL_BOOL(val, H-fetch_table_names); + return 1; } return 0; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit:
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/pdo_firebird/firebird_driver.c trunk/ext/pdo_fireb
hi Felipe, The 5.2 builds are broken after this commit: do_firebird.c firebird_driver.c ext\pdo_firebird\firebird_driver.c(556) : error C2039: 'fetch_table_names' : is not a member of 'pdo_firebird_db_handle' ext\pdo_firebird\php_pdo_firebird_int.h(62) : see declaration of 'pdo_firebird_db_handle' firebird_statement.c pdo_firebird.c NMAKE : fatal error U1077: 'cl.exe' : return code '0x2' Stop. Cheers, On Tue, Nov 16, 2010 at 10:02 PM, Felipe Pena fel...@php.net wrote: felipe Tue, 16 Nov 2010 21:02:14 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305416 Log: - Fixed bug #53323 (pdo_firebird getAttribute() crash) patch by: preeves at ibphoenix dot com Bug: http://bugs.php.net/53323 (Open) Some calls to pdo_firebird getAttribute crash Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/pdo_firebird/firebird_driver.c U php/php-src/trunk/ext/pdo_firebird/firebird_driver.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-11-16 20:50:29 UTC (rev 305415) +++ php/php-src/branches/PHP_5_2/NEWS 2010-11-16 21:02:14 UTC (rev 305416) @@ -8,6 +8,8 @@ - Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz) +- Fixed bug #53323 (pdo_firebird getAttribute() crash). + (preeves at ibphoenix dot com) - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). (CVE-2010-3709). (Adam) - Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset Modified: php/php-src/branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c === --- php/php-src/branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c 2010-11-16 20:50:29 UTC (rev 305415) +++ php/php-src/branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c 2010-11-16 21:02:14 UTC (rev 305416) @@ -508,7 +508,7 @@ pdo_firebird_db_handle *H = (pdo_firebird_db_handle *)dbh-driver_data; switch (attr) { - char tmp[200]; + char tmp[512]; case PDO_ATTR_AUTOCOMMIT: ZVAL_LONG(val,dbh-auto_commit); @@ -551,6 +551,10 @@ ZVAL_STRING(val,tmp,1); return 1; } + + case PDO_ATTR_FETCH_TABLE_NAMES: + ZVAL_BOOL(val, H-fetch_table_names); + return 1; } return 0; } Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-11-16 20:50:29 UTC (rev 305415) +++ php/php-src/branches/PHP_5_3/NEWS 2010-11-16 21:02:14 UTC (rev 305416) @@ -64,6 +64,8 @@ - Fixed the filter extension accepting IPv4 octets with a leading 0 as that belongs to the unsupported dotted octal representation. (Gustavo) +- Fixed bug #53323 (pdo_firebird getAttribute() crash). + (preeves at ibphoenix dot com) - Fixed bug #53305 (E_NOTICE when defining a constant starts with __COMPILER_HALT_OFFSET__). (Felipe) - Fixed bug #53297 (gettimeofday implementation in php/win32/time.c can return Modified: php/php-src/branches/PHP_5_3/ext/pdo_firebird/firebird_driver.c === --- php/php-src/branches/PHP_5_3/ext/pdo_firebird/firebird_driver.c 2010-11-16 20:50:29 UTC (rev 305415) +++ php/php-src/branches/PHP_5_3/ext/pdo_firebird/firebird_driver.c 2010-11-16 21:02:14 UTC (rev 305416) @@ -547,7 +547,7 @@ pdo_firebird_db_handle *H = (pdo_firebird_db_handle *)dbh-driver_data; switch (attr) { - char tmp[200]; + char tmp[512]; case PDO_ATTR_AUTOCOMMIT: ZVAL_LONG(val,dbh-auto_commit); @@ -590,6 +590,10 @@ ZVAL_STRING(val,tmp,1); return 1; } + + case PDO_ATTR_FETCH_TABLE_NAMES: + ZVAL_BOOL(val, H-fetch_table_names); + return 1; } return 0; } Modified: php/php-src/trunk/ext/pdo_firebird/firebird_driver.c === --- php/php-src/trunk/ext/pdo_firebird/firebird_driver.c 2010-11-16 20:50:29 UTC (rev 305415) +++ php/php-src/trunk/ext/pdo_firebird/firebird_driver.c 2010-11-16 21:02:14 UTC (rev 305416) @@ -547,7 +547,7 @@ pdo_firebird_db_handle *H = (pdo_firebird_db_handle *)dbh-driver_data; switch (attr) { -
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/pdo_firebird/firebird_driver.c trunk/ext/pdo_fireb
Hi Pierre, Felipe 2010/11/17 Pierre Joye pierre@gmail.com: hi Felipe, The 5.2 builds are broken after this commit: This commit should be reverted in 5.2, the case PDO_ATTR_FETCH_TABLE_NAMES part. As only 5.3+ have the feature and since 5.2 is security-only I don't think it should be altered to work with it. -- regards, Kalle Sommer Nielsen ka...@php.net -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS ext/standard/array.c
felipe Thu, 11 Nov 2010 21:25:34 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305279 Log: - Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4) Bug: http://bugs.php.net/47643 (Closed) array_diff() takes over 3000 times longer than php 5.2.4 Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/array.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-11-11 20:37:33 UTC (rev 305278) +++ php/php-src/branches/PHP_5_2/NEWS 2010-11-11 21:25:34 UTC (rev 305279) @@ -20,6 +20,8 @@ (Sriram Natarajan) - Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle) - Fixed bug #51008 (Zend/tests/bug45877.phpt fails). (Dmitry) +- Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4). + (Felipe) - Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object). (Dmitry) Modified: php/php-src/branches/PHP_5_2/ext/standard/array.c === --- php/php-src/branches/PHP_5_2/ext/standard/array.c 2010-11-11 20:37:33 UTC (rev 305278) +++ php/php-src/branches/PHP_5_2/ext/standard/array.c 2010-11-11 21:25:34 UTC (rev 305279) @@ -3842,8 +3842,8 @@ for (i = 1; i arr_argc; i++) { Bucket **ptr = ptrs[i]; if (behavior == DIFF_NORMAL) { - while (*ptr (0 (c = diff_data_compare_func(ptrs[0], ptr TSRMLS_CC { - ptr++; + while (*ptrs[i] (0 (c = diff_data_compare_func(ptrs[0], ptrs[i] TSRMLS_CC { + ptrs[i]++; } } else if (behavior DIFF_ASSOC) { /* triggered also when DIFF_KEY */ while (*ptr (0 != (c = diff_key_compare_func(ptrs[0], ptr TSRMLS_CC { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_2/NEWS PHP_5_3/NEWS
pajoye Wed, 03 Nov 2010 20:22:08 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305062 Log: - add CVE Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-11-03 18:52:29 UTC (rev 305061) +++ php/php-src/branches/PHP_5_2/NEWS 2010-11-03 20:22:08 UTC (rev 305062) @@ -2,7 +2,7 @@ ||| ?? ??? 2010, PHP 5.2.15 - Fixed a possible double free in imap extension (Identified by Mateusz - Kocielski). (Ilia) + Kocielski). (CVE-2010-4150). (Ilia) - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) - Fixed possible crash in mssql_fetch_batch(). (Kalle) Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-11-03 18:52:29 UTC (rev 305061) +++ php/php-src/branches/PHP_5_3/NEWS 2010-11-03 20:22:08 UTC (rev 305062) @@ -26,7 +26,7 @@ disables zlib.output_compression. - Fixed a possible double free in imap extension (Identified by Mateusz - Kocielski). (Ilia) + Kocielski). (CVE-2010-4150). (Ilia) - Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz) - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS ext/xml/tests/bug49687.phpt ext/xml/xml.c
cataphract Wed, 03 Nov 2010 14:18:28 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305055 Log: - Added fix to bug #49687 to PHP 5.2. Bug: http://bugs.php.net/49687 (Closed) utf8_decode xml_utf8_decode vuln Changed paths: U php/php-src/branches/PHP_5_2/NEWS A php/php-src/branches/PHP_5_2/ext/xml/tests/bug49687.phpt U php/php-src/branches/PHP_5_2/ext/xml/xml.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-11-03 12:39:14 UTC (rev 305054) +++ php/php-src/branches/PHP_5_2/NEWS 2010-11-03 14:18:28 UTC (rev 305055) @@ -138,6 +138,8 @@ include file and line in trace). (Felipe) - Fixed bug #49730 (Firebird - new PDO() returns NULL). (Felipe) - Fixed bug #49723 (LimitIterator with empty SeekableIterator). (Etienne) +- Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number + of reported malformed sequences). (CVE-2010-3870) (Gustavo) - Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus) - Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe) - Fixed bug #49267 (Linking fails for iconv). (Moriyosh) Added: php/php-src/branches/PHP_5_2/ext/xml/tests/bug49687.phpt === --- php/php-src/branches/PHP_5_2/ext/xml/tests/bug49687.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/ext/xml/tests/bug49687.phpt2010-11-03 14:18:28 UTC (rev 305055) @@ -0,0 +1,24 @@ +--TEST-- +Bug #49687 Several utf8_decode deficiencies and vulnerabilities +--SKIPIF-- +?php +require_once(skipif.inc); +if (!extension_loaded('xml')) die (skip xml extension not available); +? +--FILE-- +?php + +$tests = array( +\x41\xC2\x3E\x42, +\xE3\x80\x22, +\x41\x98\xBA\x42\xE2\x98\x43\xE2\x98\xBA\xE2\x98, +); +foreach ($tests as $t) { +echo bin2hex(utf8_decode($t)), \n; +} +echo Done.\n; +--EXPECT-- +413f3e42 +3f22 +413f3f423f433f3f +Done. Modified: php/php-src/branches/PHP_5_2/ext/xml/xml.c === --- php/php-src/branches/PHP_5_2/ext/xml/xml.c 2010-11-03 12:39:14 UTC (rev 305054) +++ php/php-src/branches/PHP_5_2/ext/xml/xml.c 2010-11-03 14:18:28 UTC (rev 305055) @@ -554,10 +554,111 @@ } /* }}} */ +/* copied from trunk's implementation of get_next_char in ext/standard/html.c */ +#define MB_FAILURE(pos, advance) do { \ + *cursor = pos + (advance); \ + *status = FAILURE; \ + return 0; \ +} while (0) + +#define CHECK_LEN(pos, chars_need) ((str_len - (pos)) = (chars_need)) +#define utf8_lead(c) ((c) 0x80 || ((c) = 0xC2 (c) = 0xF4)) +#define utf8_trail(c) ((c) = 0x80 (c) = 0xBF) + +/* {{{ php_next_utf8_char + */ +static inline unsigned int php_next_utf8_char( + const unsigned char *str, + size_t str_len, + size_t *cursor, + int *status) +{ + size_t pos = *cursor; + unsigned int this_char = 0; + unsigned char c; + + *status = SUCCESS; + + if (!CHECK_LEN(pos, 1)) + MB_FAILURE(pos, 1); + + /* We'll follow strategy 2. from section 3.6.1 of UTR #36: + * In a reported illegal byte sequence, do not include any + * non-initial byte that encodes a valid character or is a leading + * byte for a valid sequence. */ + c = str[pos]; + if (c 0x80) { + this_char = c; + pos++; + } else if (c 0xc2) { + MB_FAILURE(pos, 1); + } else if (c 0xe0) { + if (!CHECK_LEN(pos, 2)) + MB_FAILURE(pos, 1); + + if (!utf8_trail(str[pos + 1])) { + MB_FAILURE(pos, utf8_lead(str[pos + 1]) ? 1 : 2); + } + this_char = ((c 0x1f) 6) | (str[pos + 1] 0x3f); + if (this_char 0x80) { /* non-shortest form */ + MB_FAILURE(pos, 2); + } + pos += 2; + } else if (c 0xf0) { + size_t avail = str_len - pos; + + if (avail 3 || + !utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2])) { + if (avail 2 || utf8_lead(str[pos + 1])) + MB_FAILURE(pos, 1); + else if (avail 3 || utf8_lead(str[pos + 2])) + MB_FAILURE(pos, 2); + else + MB_FAILURE(pos, 3); + } + + this_char = ((c 0x0f) 12) | ((str[pos + 1] 0x3f) 6) | (str[pos + 2] 0x3f); + if (this_char 0x800) { /* non-shortest form */ + MB_FAILURE(pos, 3); + } else if (this_char = 0xd800 this_char = 0xdfff) { /* surrogate */ +
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/imap/php_imap.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/imap/php_imap.c trunk/ext/imap/php_imap.c
iliaaTue, 02 Nov 2010 17:50:39 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305032 Log: Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/imap/php_imap.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/imap/php_imap.c U php/php-src/trunk/ext/imap/php_imap.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-11-02 17:44:23 UTC (rev 305031) +++ php/php-src/branches/PHP_5_2/NEWS 2010-11-02 17:50:39 UTC (rev 305032) @@ -1,6 +1,8 @@ PHP NEWS ||| ?? ??? 2010, PHP 5.2.15 +- Fixed a possible double free in imap extension (Identified by Mateusz + Kocielski). (Ilia) - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) - Fixed possible crash in mssql_fetch_batch(). (Kalle) Modified: php/php-src/branches/PHP_5_2/ext/imap/php_imap.c === --- php/php-src/branches/PHP_5_2/ext/imap/php_imap.c2010-11-02 17:44:23 UTC (rev 305031) +++ php/php-src/branches/PHP_5_2/ext/imap/php_imap.c2010-11-02 17:50:39 UTC (rev 305032) @@ -794,10 +794,12 @@ if (IMAPG(imap_user)) { efree(IMAPG(imap_user)); + IMAPG(imap_user) = 0; } if (IMAPG(imap_password)) { efree(IMAPG(imap_password)); + IMAPG(imap_password) = 0; } /* local filename, need to perform open_basedir and safe_mode checks */ Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-11-02 17:44:23 UTC (rev 305031) +++ php/php-src/branches/PHP_5_3/NEWS 2010-11-02 17:50:39 UTC (rev 305032) @@ -22,6 +22,8 @@ - Implemented FR #44164, setting the header Content-length implicitly disables zlib.output_compression. +- Fixed a possible double free in imap extension (Identified by Mateusz + Kocielski). (Ilia) - Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz) - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) Modified: php/php-src/branches/PHP_5_3/ext/imap/php_imap.c === --- php/php-src/branches/PHP_5_3/ext/imap/php_imap.c2010-11-02 17:44:23 UTC (rev 305031) +++ php/php-src/branches/PHP_5_3/ext/imap/php_imap.c2010-11-02 17:50:39 UTC (rev 305032) @@ -1209,10 +1209,12 @@ if (IMAPG(imap_user)) { efree(IMAPG(imap_user)); + IMAPG(imap_user) = 0; } if (IMAPG(imap_password)) { efree(IMAPG(imap_password)); + IMAPG(imap_password) = 0; } /* local filename, need to perform open_basedir and safe_mode checks */ Modified: php/php-src/trunk/ext/imap/php_imap.c === --- php/php-src/trunk/ext/imap/php_imap.c 2010-11-02 17:44:23 UTC (rev 305031) +++ php/php-src/trunk/ext/imap/php_imap.c 2010-11-02 17:50:39 UTC (rev 305032) @@ -1209,10 +1209,12 @@ if (IMAPG(imap_user)) { efree(IMAPG(imap_user)); + IMAPG(imap_user) = 0; } if (IMAPG(imap_password)) { efree(IMAPG(imap_password)); + IMAPG(imap_password) = 0; } /* local filename, need to perform open_basedir check */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
pajoye Tue, 19 Oct 2010 10:16:58 + Revision: http://svn.php.net/viewvc?view=revisionrevision=304508 Log: - update #52929 and zip NULL deref Bug: http://bugs.php.net/52929 (Closed) Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-10-19 09:56:59 UTC (rev 304507) +++ php/php-src/branches/PHP_5_2/NEWS 2010-10-19 10:16:58 UTC (rev 304508) @@ -4,8 +4,10 @@ - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) - Fixed possible crash in mssql_fetch_batch(). (Kalle) +- Fixed NULL pointer dereference in ZipArchive::getArchiveComment. + (CVE-2010-3709). (Maksymilian Arciemowicz) - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with - large amount of data). (Adam) + large amount of data). (CVE-2010-3709). (Adam) - Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry) - Fixed bug #52772 (var_dump() doesn't check for the existence of -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/soap/php_http.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/soap/php_http.c trunk/ext/soap/php_http.c
dmitry Tue, 05 Oct 2010 11:43:59 + Revision: http://svn.php.net/viewvc?view=revisionrevision=304084 Log: Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object). Bug: http://bugs.php.net/44248 (Assigned) RFC2616 transgression while HTTPS request through proxy with SoapClient object Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/soap/php_http.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/soap/php_http.c U php/php-src/trunk/ext/soap/php_http.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-10-05 11:28:56 UTC (rev 304083) +++ php/php-src/branches/PHP_5_2/NEWS 2010-10-05 11:43:59 UTC (rev 304084) @@ -16,6 +16,8 @@ (Sriram Natarajan) - Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle) - Fixed bug #51008 (Zend/tests/bug45877.phpt fails). (Dmitry) +- Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy + with SoapClient object). (Dmitry) 22 Jul 2010, PHP 5.2.14 - Reverted bug fix #49521 (PDO fetchObject sets values before calling Modified: php/php-src/branches/PHP_5_2/ext/soap/php_http.c === --- php/php-src/branches/PHP_5_2/ext/soap/php_http.c2010-10-05 11:28:56 UTC (rev 304083) +++ php/php-src/branches/PHP_5_2/ext/soap/php_http.c2010-10-05 11:43:59 UTC (rev 304084) @@ -167,6 +167,13 @@ smart_str_appendc(soap_headers, ':'); smart_str_append_unsigned(soap_headers, phpurl-port); smart_str_append_const(soap_headers, HTTP/1.1\r\n); + smart_str_append_const(soap_headers, Host: ); + smart_str_appends(soap_headers, phpurl-host); + if (phpurl-port != 80) { + smart_str_appendc(soap_headers, ':'); + smart_str_append_unsigned(soap_headers, phpurl-port); + } + smart_str_append_const(soap_headers, \r\n); proxy_authentication(this_ptr, soap_headers TSRMLS_CC); smart_str_append_const(soap_headers, \r\n); if (php_stream_write(stream, soap_headers.c, soap_headers.len) != soap_headers.len) { Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-10-05 11:28:56 UTC (rev 304083) +++ php/php-src/branches/PHP_5_3/NEWS 2010-10-05 11:43:59 UTC (rev 304084) @@ -121,6 +121,8 @@ - Fixed bug #48831 (php -i has different output to php --ini). (Richard, Pierre) - Fixed bug #45921 (Can't initialize character set hebrew). (Andrey) +- Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy + with SoapClient object). (Dmitry) 22 Jul 2010, PHP 5.3.3 - Upgraded bundled sqlite to version 3.6.23.1. (Ilia) Modified: php/php-src/branches/PHP_5_3/ext/soap/php_http.c === --- php/php-src/branches/PHP_5_3/ext/soap/php_http.c2010-10-05 11:28:56 UTC (rev 304083) +++ php/php-src/branches/PHP_5_3/ext/soap/php_http.c2010-10-05 11:43:59 UTC (rev 304084) @@ -137,6 +137,13 @@ smart_str_appendc(soap_headers, ':'); smart_str_append_unsigned(soap_headers, phpurl-port); smart_str_append_const(soap_headers, HTTP/1.1\r\n); + smart_str_append_const(soap_headers, Host: ); + smart_str_appends(soap_headers, phpurl-host); + if (phpurl-port != 80) { + smart_str_appendc(soap_headers, ':'); + smart_str_append_unsigned(soap_headers, phpurl-port); + } + smart_str_append_const(soap_headers, \r\n); proxy_authentication(this_ptr, soap_headers TSRMLS_CC); smart_str_append_const(soap_headers, \r\n); if (php_stream_write(stream, soap_headers.c, soap_headers.len) != soap_headers.len) { Modified: php/php-src/trunk/ext/soap/php_http.c === --- php/php-src/trunk/ext/soap/php_http.c 2010-10-05 11:28:56 UTC (rev 304083) +++ php/php-src/trunk/ext/soap/php_http.c 2010-10-05 11:43:59 UTC (rev 304084) @@ -137,6 +137,13 @@ smart_str_appendc(soap_headers, ':'); smart_str_append_unsigned(soap_headers, phpurl-port); smart_str_append_const(soap_headers, HTTP/1.1\r\n); + smart_str_append_const(soap_headers, Host: ); + smart_str_appends(soap_headers, phpurl-host); + if (phpurl-port != 80) { + smart_str_appendc(soap_headers, ':'); +
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/Zend/tests/bug52879.phpt branches/PHP_5_2/Zend/zend_object_handlers.c branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug52879.php
dmitry Fri, 01 Oct 2010 09:49:20 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303913 Log: Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry) Bug: http://bugs.php.net/52879 (Assigned) Objects unreferenced in __get, __set, __isset or __unset can be freed too early Changed paths: U php/php-src/branches/PHP_5_2/NEWS A php/php-src/branches/PHP_5_2/Zend/tests/bug52879.phpt U php/php-src/branches/PHP_5_2/Zend/zend_object_handlers.c U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/Zend/tests/bug52879.phpt U php/php-src/branches/PHP_5_3/Zend/zend_object_handlers.c A php/php-src/trunk/Zend/tests/bug52879.phpt U php/php-src/trunk/Zend/zend_object_handlers.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-10-01 09:18:44 UTC (rev 303912) +++ php/php-src/branches/PHP_5_2/NEWS 2010-10-01 09:49:20 UTC (rev 303913) @@ -6,6 +6,8 @@ - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). (Adam) +- Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset + can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry) - Fixed bug #52772 (var_dump() doesn't check for the existence of get_class_name before calling it). (Kalle, Gustavo) - Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values). Added: php/php-src/branches/PHP_5_2/Zend/tests/bug52879.phpt === --- php/php-src/branches/PHP_5_2/Zend/tests/bug52879.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/Zend/tests/bug52879.phpt 2010-10-01 09:49:20 UTC (rev 303913) @@ -0,0 +1,16 @@ +--TEST-- +Bug #52879 (Objects unreferenced in __get, __set, __isset or __unset can be freed too early) +--FILE-- +?php +class MyClass { + public $myRef; + public function __set($property,$value) { + $this-myRef = $value; + } +} +$myGlobal=new MyClass($myGlobal); +$myGlobal-myRef=$myGlobal; +$myGlobal-myNonExistentProperty=ok\n; +echo $myGlobal; +--EXPECT-- +ok Modified: php/php-src/branches/PHP_5_2/Zend/zend_object_handlers.c === --- php/php-src/branches/PHP_5_2/Zend/zend_object_handlers.c 2010-10-01 09:18:44 UTC (rev 303912) +++ php/php-src/branches/PHP_5_2/Zend/zend_object_handlers.c 2010-10-01 09:49:20 UTC (rev 303913) @@ -329,6 +329,9 @@ !guard-in_get) { /* have getter - try with it! */ ZVAL_ADDREF(object); + if (PZVAL_IS_REF(object)) { +SEPARATE_ZVAL(object); + } guard-in_get = 1; /* prevent circular getting */ rv = zend_std_call_getter(object, member TSRMLS_CC); guard-in_get = 0; @@ -418,22 +421,22 @@ } } } else { - int setter_done = 0; zend_guard *guard; if (zobj-ce-__set zend_get_property_guard(zobj, property_info, member, guard) == SUCCESS !guard-in_set) { ZVAL_ADDREF(object); + if (PZVAL_IS_REF(object)) { +SEPARATE_ZVAL(object); + } guard-in_set = 1; /* prevent circular setting */ if (zend_std_call_setter(object, member, value TSRMLS_CC) != SUCCESS) { /* for now, just ignore it - __set should take care of warnings, etc. */ } - setter_done = 1; guard-in_set = 0; zval_ptr_dtor(object); - } - if (!setter_done property_info) { + } else if (property_info) { zval **foo; /* if we assign referenced variable, we should separate it */ @@ -611,6 +614,9 @@ !guard-in_unset) { /* have unseter - try with it! */ ZVAL_ADDREF(object); + if (PZVAL_IS_REF(object)) { +SEPARATE_ZVAL(object); + } guard-in_unset = 1; /* prevent circular unsetting */ zend_std_call_unsetter(object, member TSRMLS_CC); guard-in_unset = 0; @@ -1042,6 +1048,9 @@ /* have issetter - try with it! */ ZVAL_ADDREF(object); + if (PZVAL_IS_REF(object)) { +SEPARATE_ZVAL(object); + } guard-in_isset = 1; /* prevent circular getting */ rv = zend_std_call_issetter(object, member TSRMLS_CC); if (rv) { Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-10-01 09:18:44 UTC (rev 303912) +++ php/php-src/branches/PHP_5_3/NEWS 2010-10-01 09:49:20 UTC (rev 303913) @@ -37,6 +37,8 @@ expected). (Stas) - Fixed bug #52891 (Wrong data inserted with mysqli/mysqlnd when using mysqli_stmt_bind_param and value PHP_INT_MAX). (Andrey) +- Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset + can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry) - Fixed bug #52849 (GNU MP invalid version match). (Adam) - Fixed bug #52843 (Segfault when optional
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS ext/filter/logical_filters.c ext/filter/tests/bug52929.phpt
aharvey Thu, 30 Sep 2010 02:35:37 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303885 Log: MFH: Fix for bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). Bug: http://bugs.php.net/52929 (Closed) Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/filter/logical_filters.c A + php/php-src/branches/PHP_5_2/ext/filter/tests/bug52929.phpt (from php/php-src/trunk/ext/filter/tests/bug52929.phpt:r303779) Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-09-30 00:59:26 UTC (rev 303884) +++ php/php-src/branches/PHP_5_2/NEWS 2010-09-30 02:35:37 UTC (rev 303885) @@ -4,6 +4,8 @@ - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) - Fixed possible crash in mssql_fetch_batch(). (Kalle) +- Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with + large amount of data). (Adam) - Fixed bug #52772 (var_dump() doesn't check for the existence of get_class_name before calling it). (Kalle, Gustavo) - Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values). Modified: php/php-src/branches/PHP_5_2/ext/filter/logical_filters.c === --- php/php-src/branches/PHP_5_2/ext/filter/logical_filters.c 2010-09-30 00:59:26 UTC (rev 303884) +++ php/php-src/branches/PHP_5_2/ext/filter/logical_filters.c 2010-09-30 02:35:37 UTC (rev 303885) @@ -531,6 +531,11 @@ int matches; + /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */ + if (Z_STRLEN_P(value) 320) { + RETURN_VALIDATION_FAILED + } + re = pcre_get_compiled_regex((char *)regexp, pcre_extra, preg_options TSRMLS_CC); if (!re) { RETURN_VALIDATION_FAILED Copied: php/php-src/branches/PHP_5_2/ext/filter/tests/bug52929.phpt (from rev 303779, php/php-src/trunk/ext/filter/tests/bug52929.phpt) === --- php/php-src/branches/PHP_5_2/ext/filter/tests/bug52929.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/ext/filter/tests/bug52929.phpt 2010-09-30 02:35:37 UTC (rev 303885) @@ -0,0 +1,18 @@ +--TEST-- +Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) +--SKIPIF-- +?php if (!extension_loaded(filter)) die(skip); ? +--FILE-- +?php +var_dump(filter_var('va...@email.address', FILTER_VALIDATE_EMAIL)); + +// Beyond the allowable limit for an e-mail address. +var_dump(filter_var('xx...@.zz', FILTER_VALIDATE_EMAIL)); + +// An invalid address likely to crash PHP due to stack exhaustion if it goes to +// the validation regex. +var_dump(filter_var(str_repeat('x', 8000), FILTER_VALIDATE_EMAIL)); +--EXPECT-- +string(19) va...@email.address +bool(false) +bool(false) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
pajoye Tue, 28 Sep 2010 13:30:20 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303825 Log: - Fixed possible flaw in open_basedir (CVE-2010-3436) Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-09-28 13:29:33 UTC (rev 303824) +++ php/php-src/branches/PHP_5_2/NEWS 2010-09-28 13:30:20 UTC (rev 303825) @@ -1,6 +1,7 @@ PHP NEWS ||| ?? ??? 2010, PHP 5.2.15 +- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) - Fixed possible crash in mssql_fetch_batch(). (Kalle) - Fixed bug #52772 (var_dump() doesn't check for the existence of -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/standard/var.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/var.c trunk/ext/standard/var.c
kalleMon, 13 Sep 2010 20:14:18 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303330 Log: Fixed bug #52772 (var_dump() doesn't check for the existence of get_class_name before calling it) Bug: http://bugs.php.net/52772 (Open) var_dump() doesn't check for the existence of get_class_name before calling it Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/var.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/var.c U php/php-src/trunk/ext/standard/var.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-09-13 19:08:36 UTC (rev 303329) +++ php/php-src/branches/PHP_5_2/NEWS 2010-09-13 20:14:18 UTC (rev 303330) @@ -3,6 +3,8 @@ ?? ??? 2010, PHP 5.2.15 - Fixed possible crash in mssql_fetch_batch(). (Kalle) +- Fixed bug #52772 (var_dump() doesn't check for the existence of + get_class_name before calling it). (Kalle, Gustavo) - Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values). (Felipe, Adam) - Fixed bug #52436 (Compile error if systems do not have stdint.h) Modified: php/php-src/branches/PHP_5_2/ext/standard/var.c === --- php/php-src/branches/PHP_5_2/ext/standard/var.c 2010-09-13 19:08:36 UTC (rev 303329) +++ php/php-src/branches/PHP_5_2/ext/standard/var.c 2010-09-13 20:14:18 UTC (rev 303330) @@ -140,9 +140,13 @@ return; } - Z_OBJ_HANDLER(**struc, get_class_name)(*struc, class_name, class_name_len, 0 TSRMLS_CC); - php_printf(%sobject(%s)#%d (%d) {\n, COMMON, class_name, Z_OBJ_HANDLE_PP(struc), myht ? zend_hash_num_elements(myht) : 0); - efree(class_name); + if (Z_OBJ_HANDLER(**struc, get_class_name)) { + Z_OBJ_HANDLER(**struc, get_class_name)(*struc, class_name, class_name_len, 0 TSRMLS_CC); + php_printf(%sobject(%s)#%d (%d) {\n, COMMON, class_name, Z_OBJ_HANDLE_PP(struc), myht ? zend_hash_num_elements(myht) : 0); + efree(class_name); + } else { + php_printf(%sobject(unknown class)#%d (%d) {\n, COMMON, Z_OBJ_HANDLE_PP(struc), myht ? zend_hash_num_elements(myht) : 0); + } php_element_dump_func = php_object_property_dump; head_done: if (myht) { Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-09-13 19:08:36 UTC (rev 303329) +++ php/php-src/branches/PHP_5_3/NEWS 2010-09-13 20:14:18 UTC (rev 303330) @@ -23,6 +23,8 @@ - Fixed bug #52786 (PHP should reset section to [PHP] after ini sections). (Fedora at famillecollet dot com) +- Fixed bug #52772 (var_dump() doesn't check for the existence of + get_class_name before calling it). (Kalle, Gustavo) - Fixed bug #52744 (cal_days_in_month incorrect for December 1 BCE). (gpap at internet dot gr, Adam) - Fixed bug #52725 (gcc builtin atomic functions were sometimes used when they Modified: php/php-src/branches/PHP_5_3/ext/standard/var.c === --- php/php-src/branches/PHP_5_3/ext/standard/var.c 2010-09-13 19:08:36 UTC (rev 303329) +++ php/php-src/branches/PHP_5_3/ext/standard/var.c 2010-09-13 20:14:18 UTC (rev 303330) @@ -284,9 +284,13 @@ return; } ce = Z_OBJCE_PP(struc); - Z_OBJ_HANDLER_PP(struc, get_class_name)(*struc, class_name, class_name_len, 0 TSRMLS_CC); - php_printf(%sobject(%s)#%d (%d) refcount(%u){\n, COMMON, class_name, Z_OBJ_HANDLE_PP(struc), myht ? zend_hash_num_elements(myht) : 0, Z_REFCOUNT_PP(struc)); - efree(class_name); + if (Z_OBJ_HANDLER_PP(struc, get_class_name)) { + Z_OBJ_HANDLER_PP(struc, get_class_name)(*struc, class_name, class_name_len, 0 TSRMLS_CC); + php_printf(%sobject(%s)#%d (%d) refcount(%u){\n, COMMON, class_name, Z_OBJ_HANDLE_PP(struc), myht ? zend_hash_num_elements(myht) : 0, Z_REFCOUNT_PP(struc)); + efree(class_name); + } else { + php_printf(%sobject(unknown class)#%d (%d) refcount(%u){\n, COMMON, Z_OBJ_HANDLE_PP(struc), myht ? zend_hash_num_elements(myht) : 0, Z_REFCOUNT_PP(struc)); + } zval_element_dump_func = zval_object_property_dump; head_done: if (myht) { Modified: php/php-src/trunk/ext/standard/var.c === --- php/php-src/trunk/ext/standard/var.c2010-09-13 19:08:36 UTC (rev 303329)
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
aharvey Tue, 24 Aug 2010 17:00:23 + Revision: http://svn.php.net/viewvc?view=revisionrevision=302746 Log: Sorry, forgot the news update for the previous commit. Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-08-24 16:58:16 UTC (rev 302745) +++ php/php-src/branches/PHP_5_2/NEWS 2010-08-24 17:00:23 UTC (rev 302746) @@ -3,6 +3,8 @@ ?? ??? 2010, PHP 5.2.15 - Fixed possible crash in mssql_fetch_batch(). (Kalle) +- Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values). + (Felipe, Adam) - Fixed bug #52436 (Compile error if systems do not have stdint.h) (Sriram Natarajan) - Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS ext/mysql/php_mysql.c
kalleSat, 21 Aug 2010 16:19:30 + Revision: http://svn.php.net/viewvc?view=revisionrevision=302613 Log: Revert fix for #52636 in 5.2 Bug: http://bugs.php.net/52636 (Closed) php_mysql_fetch_hash writes long value into int Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/mysql/php_mysql.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-08-21 16:09:18 UTC (rev 302612) +++ php/php-src/branches/PHP_5_2/NEWS 2010-08-21 16:19:30 UTC (rev 302613) @@ -3,8 +3,6 @@ ?? ??? 2010, PHP 5.2.15 - Fixed possible crash in mssql_fetch_batch(). (Kalle) -- Fixed bug #52636 (php_mysql_fetch_hash writes long value into int). - (Kalle, rein at basefarm dot no) - Fixed bug #52436 (Compile error if systems do not have stdint.h) (Sriram Natarajan) - Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle) Modified: php/php-src/branches/PHP_5_2/ext/mysql/php_mysql.c === --- php/php-src/branches/PHP_5_2/ext/mysql/php_mysql.c 2010-08-21 16:09:18 UTC (rev 302612) +++ php/php-src/branches/PHP_5_2/ext/mysql/php_mysql.c 2010-08-21 16:19:30 UTC (rev 302613) @@ -1884,7 +1884,7 @@ /* {{{ php_mysql_fetch_hash */ -static void php_mysql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type, int expected_args, int into_object) +static void php_mysql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, int result_type, int expected_args, int into_object) { zval **result, **arg2; MYSQL_RES *mysql_result; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/mysql/php_mysql.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/mysql/php_mysql.c trunk/ext/mysql/php_mysql.c
kalleWed, 18 Aug 2010 20:00:18 + Revision: http://svn.php.net/viewvc?view=revisionrevision=302456 Log: Fixed bug #52636 (php_mysql_fetch_hash writes long value into int) # Tested by rein at basefarm dot no Bug: http://bugs.php.net/52636 (Assigned) php_mysql_fetch_hash writes long value into int Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/mysql/php_mysql.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/mysql/php_mysql.c U php/php-src/trunk/ext/mysql/php_mysql.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-08-18 19:29:58 UTC (rev 302455) +++ php/php-src/branches/PHP_5_2/NEWS 2010-08-18 20:00:18 UTC (rev 302456) @@ -33,6 +33,8 @@ PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe) +- Fixed bug #52636 (php_mysql_fetch_hash writes long value into int). + (Kalle, rein at basefarm dot no) - Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64 bit)). (Adam) - Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). Modified: php/php-src/branches/PHP_5_2/ext/mysql/php_mysql.c === --- php/php-src/branches/PHP_5_2/ext/mysql/php_mysql.c 2010-08-18 19:29:58 UTC (rev 302455) +++ php/php-src/branches/PHP_5_2/ext/mysql/php_mysql.c 2010-08-18 20:00:18 UTC (rev 302456) @@ -1884,7 +1884,7 @@ /* {{{ php_mysql_fetch_hash */ -static void php_mysql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, int result_type, int expected_args, int into_object) +static void php_mysql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type, int expected_args, int into_object) { zval **result, **arg2; MYSQL_RES *mysql_result; Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-08-18 19:29:58 UTC (rev 302455) +++ php/php-src/branches/PHP_5_3/NEWS 2010-08-18 20:00:18 UTC (rev 302456) @@ -11,6 +11,8 @@ (Kalle) - Changed the $context parameter on copy() to actually have an effect. (Kalle) +- Fixed bug #52636 (php_mysql_fetch_hash writes long value into int). + (Kalle, rein at basefarm dot no) - Fixed bug #52613 (crash in mysqlnd after hitting memory limit). (Andrey) - Fixed bug #52573 (SplFileObject::fscanf Segmentation fault). (Felipe) - Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values). Modified: php/php-src/branches/PHP_5_3/ext/mysql/php_mysql.c === --- php/php-src/branches/PHP_5_3/ext/mysql/php_mysql.c 2010-08-18 19:29:58 UTC (rev 302455) +++ php/php-src/branches/PHP_5_3/ext/mysql/php_mysql.c 2010-08-18 20:00:18 UTC (rev 302456) @@ -2006,7 +2006,7 @@ /* {{{ php_mysql_fetch_hash */ -static void php_mysql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, int result_type, int expected_args, int into_object) +static void php_mysql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type, int expected_args, int into_object) { MYSQL_RES *mysql_result; zval*res, *ctor_params = NULL; Modified: php/php-src/trunk/ext/mysql/php_mysql.c === --- php/php-src/trunk/ext/mysql/php_mysql.c 2010-08-18 19:29:58 UTC (rev 302455) +++ php/php-src/trunk/ext/mysql/php_mysql.c 2010-08-18 20:00:18 UTC (rev 302456) @@ -2008,7 +2008,7 @@ /* {{{ php_mysql_fetch_hash */ -static void php_mysql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, int result_type, int expected_args, int into_object) +static void php_mysql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type, int expected_args, int into_object) { MYSQL_RES *mysql_result; zval*res, *ctor_params = NULL; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/mysqli/mysqli.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/mysqli/mysqli.c trunk/ext/mysqli/mysqli.c
kalleFri, 13 Aug 2010 10:43:15 + Revision: http://svn.php.net/viewvc?view=revisionrevision=302181 Log: Changed mysqli_report() to be per-request specific rather than per-process specific (Fixes #52390) Bug: http://bugs.php.net/52390 (Assigned) mysqli_report() should be per-request setting Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/mysqli/mysqli.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/mysqli/mysqli.c U php/php-src/trunk/ext/mysqli/mysqli.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-08-13 09:58:36 UTC (rev 302180) +++ php/php-src/branches/PHP_5_2/NEWS 2010-08-13 10:43:15 UTC (rev 302181) @@ -1,9 +1,9 @@ -PHPNEWS +PHP NEWS ||| ?? ??? 2010, PHP 5.2.15 - - Fixed bug #52436 (Compile error if systems do not have stdint.h) (Sriram Natarajan) +- Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle) 22 Jul 2010, PHP 5.2.14 - Reverted bug fix #49521 (PDO fetchObject sets values before calling Modified: php/php-src/branches/PHP_5_2/ext/mysqli/mysqli.c === --- php/php-src/branches/PHP_5_2/ext/mysqli/mysqli.c2010-08-13 09:58:36 UTC (rev 302180) +++ php/php-src/branches/PHP_5_2/ext/mysqli/mysqli.c2010-08-13 10:43:15 UTC (rev 302181) @@ -695,6 +695,7 @@ #endif MyG(error_msg) = NULL; MyG(error_no) = 0; + MyG(report_mode) = 0; return SUCCESS; } Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-08-13 09:58:36 UTC (rev 302180) +++ php/php-src/branches/PHP_5_3/NEWS 2010-08-13 10:43:15 UTC (rev 302181) @@ -3,6 +3,7 @@ ?? ??? 2010, PHP 5.3.4 - Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED. (Kalle) + - Fixed bug #52573 (SplFileObject::fscanf Segmentation fault). (Felipe) - Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values). (Felipe) @@ -19,6 +20,7 @@ - Fixed bug #52433 (Call to undefined method mysqli::poll() - must be static). (Andrey) - Fixed bug #52413 (MySQLi/libmysql build failure on OS X, FreeBSD). (Andrey) +- Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle) - Fixed bug #52302 (mysqli_fetch_all does not work with MYSQLI_USE_RESULT). (Andrey) - Fixed bug #51610 (Using oci_connect causes PHP to take a long time to Modified: php/php-src/branches/PHP_5_3/ext/mysqli/mysqli.c === --- php/php-src/branches/PHP_5_3/ext/mysqli/mysqli.c2010-08-13 09:58:36 UTC (rev 302180) +++ php/php-src/branches/PHP_5_3/ext/mysqli/mysqli.c2010-08-13 10:43:15 UTC (rev 302181) @@ -891,6 +891,7 @@ #endif MyG(error_msg) = NULL; MyG(error_no) = 0; + MyG(report_mode) = 0; return SUCCESS; } Modified: php/php-src/trunk/ext/mysqli/mysqli.c === --- php/php-src/trunk/ext/mysqli/mysqli.c 2010-08-13 09:58:36 UTC (rev 302180) +++ php/php-src/trunk/ext/mysqli/mysqli.c 2010-08-13 10:43:15 UTC (rev 302181) @@ -893,6 +893,7 @@ #endif MyG(error_msg) = NULL; MyG(error_no) = 0; + MyG(report_mode) = 0; return SUCCESS; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/pcre/pcrelib/config.h branches/PHP_5_3/NEWS branches/PHP_5_3/ext/pcre/pcrelib/config.h trunk/ext/pcre/pcrelib/config.h
srinatar Tue, 27 Jul 2010 21:42:22 + Revision: http://svn.php.net/viewvc?view=revisionrevision=301625 Log: - Fixed bug #52436 (Compile error in pcre if systems do not have stdint.h) # PCRE's config.h can very well reuse the definitions made available from # PHP's configure script output available within php_config.h Bug: http://bugs.php.net/52436 (Assigned) Compile error if systems do not have stdint.h Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/pcre/pcrelib/config.h U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/pcre/pcrelib/config.h U php/php-src/trunk/ext/pcre/pcrelib/config.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-27 21:09:56 UTC (rev 301624) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-27 21:42:22 UTC (rev 301625) @@ -2,6 +2,8 @@ ||| ?? ??? 2010, PHP 5.2.15 +- Fixed bug #52436 (Compile error if systems do not have stdint.h) + (Sriram Natarajan) 22 Jul 2010, PHP 5.2.14 - Reverted bug fix #49521 (PDO fetchObject sets values before calling Modified: php/php-src/branches/PHP_5_2/ext/pcre/pcrelib/config.h === --- php/php-src/branches/PHP_5_2/ext/pcre/pcrelib/config.h 2010-07-27 21:09:56 UTC (rev 301624) +++ php/php-src/branches/PHP_5_2/ext/pcre/pcrelib/config.h 2010-07-27 21:42:22 UTC (rev 301625) @@ -1,5 +1,7 @@ #include php_compat.h +#include php_config.h + #undef PACKAGE_NAME #undef PACKAGE_VERSION #undef PACKAGE_TARNAME @@ -8,6 +10,8 @@ #define SUPPORT_UCP #define SUPPORT_UTF8 +/* Exclude these below definitions when building within PHP */ +#ifndef ZEND_API /* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ @@ -179,6 +183,9 @@ /* Define to 1 if you have `_strtoi64'. */ /* #undef HAVE__STRTOI64 */ +/* Exclude these above definitions when building within PHP */ +#endif + /* The value of LINK_SIZE determines the number of bytes used to store links as offsets within the compiled regex. The default is 2, which allows for compiled patterns up to 64K long. This covers the vast majority of cases. Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-07-27 21:09:56 UTC (rev 301624) +++ php/php-src/branches/PHP_5_3/NEWS 2010-07-27 21:42:22 UTC (rev 301625) @@ -2,6 +2,9 @@ ||| ?? ??? 2010, PHP 5.3.4 +- Fixed bug #52436 (Compile error if systems do not have stdint.h) + (Sriram Natarajan) + 22 Jul 2010, PHP 5.3.3 - Upgraded bundled sqlite to version 3.6.23.1. (Ilia) - Upgraded bundled PCRE to version 8.02. (Ilia) Modified: php/php-src/branches/PHP_5_3/ext/pcre/pcrelib/config.h === --- php/php-src/branches/PHP_5_3/ext/pcre/pcrelib/config.h 2010-07-27 21:09:56 UTC (rev 301624) +++ php/php-src/branches/PHP_5_3/ext/pcre/pcrelib/config.h 2010-07-27 21:42:22 UTC (rev 301625) @@ -1,5 +1,7 @@ #include php_compat.h +#include php_config.h + #undef PACKAGE_NAME #undef PACKAGE_VERSION #undef PACKAGE_TARNAME @@ -18,6 +20,8 @@ # define PCRE_EXP_DATA_DEFN__attribute__ ((visibility(default))) #endif +/* Exclude these below definitions when building within PHP */ +#ifndef ZEND_API /* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ @@ -189,6 +193,9 @@ /* Define to 1 if you have `_strtoi64'. */ /* #undef HAVE__STRTOI64 */ +/* Exclude these above definitions when building within PHP */ +#endif + /* The value of LINK_SIZE determines the number of bytes used to store links as offsets within the compiled regex. The default is 2, which allows for compiled patterns up to 64K long. This covers the vast majority of cases. Modified: php/php-src/trunk/ext/pcre/pcrelib/config.h === --- php/php-src/trunk/ext/pcre/pcrelib/config.h 2010-07-27 21:09:56 UTC (rev 301624) +++ php/php-src/trunk/ext/pcre/pcrelib/config.h 2010-07-27 21:42:22 UTC (rev 301625) @@ -1,5 +1,7 @@ #include php_compat.h +#include php_config.h + #undef PACKAGE_NAME #undef PACKAGE_VERSION #undef PACKAGE_TARNAME @@ -18,6 +20,8 @@ # define PCRE_EXP_DATA_DEFN__attribute__ ((visibility(default))) #endif +/* Exclude these below definitions when building within PHP */ +#ifndef ZEND_API /* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ @@ -189,6 +193,9 @@ /*
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
johannes Thu, 22 Jul 2010 11:06:58 + Revision: http://svn.php.net/viewvc?view=revisionrevision=301463 Log: - back to -dev Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-22 10:55:24 UTC (rev 301462) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-22 11:06:58 UTC (rev 301463) @@ -1,5 +1,8 @@ PHPNEWS ||| +?? ??? 2010, PHP 5.2.15 + + 22 Jul 2010, PHP 5.2.14 - Reverted bug fix #49521 (PDO fetchObject sets values before calling constructor). (Felipe) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-07-22 10:55:24 UTC (rev 301462) +++ php/php-src/branches/PHP_5_2/configure.in 2010-07-22 11:06:58 UTC (rev 301463) @@ -41,8 +41,8 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 -PHP_RELEASE_VERSION=14 -PHP_EXTRA_VERSION= +PHP_RELEASE_VERSION=15 +PHP_EXTRA_VERSION=-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-07-22 10:55:24 UTC (rev 301462) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-07-22 11:06:58 UTC (rev 301463) @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 -#define PHP_RELEASE_VERSION 14 -#define PHP_EXTRA_VERSION -#define PHP_VERSION 5.2.14 -#define PHP_VERSION_ID 50214 +#define PHP_RELEASE_VERSION 15 +#define PHP_EXTRA_VERSION -dev +#define PHP_VERSION 5.2.15-dev +#define PHP_VERSION_ID 50215 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
johannes Wed, 21 Jul 2010 14:19:59 + Revision: http://svn.php.net/viewvc?view=revisionrevision=301442 Log: - Add lost entries Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-21 12:42:49 UTC (rev 301441) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-21 14:19:59 UTC (rev 301442) @@ -9,6 +9,12 @@ - Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531). (Scott) +- Fixed a possible interruption array leak in strrchr(). Reported by + Péter Veres. (CVE-2010-2484) (Felipe) +- Fixed a possible interruption array leak in strchr(), strstr(), substr(), + chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe) +- Fixed a possible memory corruption in substr_replace() (Dmitry) +- Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas) - Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser (Ilia) - Reset error state in PDO::beginTransaction() reset error state. (Ilia) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
pajoye Tue, 20 Jul 2010 09:26:18 + Revision: http://svn.php.net/viewvc?view=revisionrevision=301416 Log: - add CVE # Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-20 08:33:04 UTC (rev 301415) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-20 09:26:18 UTC (rev 301416) @@ -7,7 +7,7 @@ 15 Jul 2010, PHP 5.2.14RC3 - Rewrote var_export() to use smart_str rather than output buffering, prevents - data disclosure if a fatal error occurs. (Scott) + data disclosure if a fatal error occurs (CVE-2010-2531). (Scott) - Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). (Johannes) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_2/NEWS PHP_5_2/ext/standard/mail.c PHP_5_3/NEWS PHP_5_3/ext/standard/mail.c
aharvey Mon, 19 Jul 2010 13:38:53 + Revision: http://svn.php.net/viewvc?view=revisionrevision=301396 Log: MFH: fix for bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64 bit)). Bug: http://bugs.php.net/52317 (Assigned) Segmentation fault when using mail() on a rhel 4.x (only 64 bit) Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/mail.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/mail.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-19 13:25:16 UTC (rev 301395) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-19 13:38:53 UTC (rev 301396) @@ -1,6 +1,8 @@ PHPNEWS ||| ?? Jul 2010, PHP 5.2.14 +- Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64 + bit)). (Adam) 15 Jul 2010, PHP 5.2.14RC3 Modified: php/php-src/branches/PHP_5_2/ext/standard/mail.c === --- php/php-src/branches/PHP_5_2/ext/standard/mail.c2010-07-19 13:25:16 UTC (rev 301395) +++ php/php-src/branches/PHP_5_2/ext/standard/mail.c2010-07-19 13:38:53 UTC (rev 301396) @@ -39,6 +39,7 @@ #include php_mail.h #include php_ini.h +#include php_string.h #include safe_mode.h #include exec.h Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-07-19 13:25:16 UTC (rev 301395) +++ php/php-src/branches/PHP_5_3/NEWS 2010-07-19 13:38:53 UTC (rev 301396) @@ -1,6 +1,8 @@ PHPNEWS ||| ?? Jul 2010, PHP 5.3.3 +- Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64 + bit)). (Adam) - Fixed bug #51583 (Bus error due to wrong alignment in mysqlnd). (Rainer Jung) Modified: php/php-src/branches/PHP_5_3/ext/standard/mail.c === --- php/php-src/branches/PHP_5_3/ext/standard/mail.c2010-07-19 13:25:16 UTC (rev 301395) +++ php/php-src/branches/PHP_5_3/ext/standard/mail.c2010-07-19 13:38:53 UTC (rev 301396) @@ -41,6 +41,7 @@ #include php_mail.h #include php_ini.h +#include php_string.h #include safe_mode.h #include exec.h -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/date/lib/parse_date.c branches/PHP_5_2/ext/hash/php_hash_tiger.h branches/PHP_5_2/ext/pdo/php_pdo_driver.h branches/PHP_5_
hi, Please read: http://news.php.net/php.internals/49064 Thanks for your understanding, -- Pierre On Wed, Jul 14, 2010 at 1:59 AM, Kalle Sommer Nielsen ka...@php.net wrote: kalle Tue, 13 Jul 2010 23:59:54 + Revision: http://svn.php.net/viewvc?view=revisionrevision=301252 Log: Fixed bug #51943 (Several files are out of ANSI spec) # Based on patch by CoreyStup at gmail dot com Bug: http://bugs.php.net/51943 (Assigned) Several files are out of ANSI spec Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/date/lib/parse_date.c U php/php-src/branches/PHP_5_2/ext/hash/php_hash_tiger.h U php/php-src/branches/PHP_5_2/ext/pdo/php_pdo_driver.h U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/date/lib/parse_date.c U php/php-src/branches/PHP_5_3/ext/hash/php_hash_tiger.h U php/php-src/branches/PHP_5_3/ext/pdo/php_pdo_driver.h U php/php-src/trunk/ext/date/lib/parse_date.c U php/php-src/trunk/ext/hash/php_hash_tiger.h U php/php-src/trunk/ext/pdo/php_pdo_driver.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-13 19:45:07 UTC (rev 301251) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-13 23:59:54 UTC (rev 301252) @@ -8,8 +8,10 @@ (Johannes) - Fixed bug #52237 (Crash when passing the reference of the property of a non-object). (Dmitry) -- Fixed bug #52037 (Concurrent builds fail in install-programs) (seanius at +- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle) +- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle, + coreystup at gmail dot com) 01 Jul 2010, PHP 5.2.14RC2 - Fixed a possible interruption array leak in strrchr(). Reported by Modified: php/php-src/branches/PHP_5_2/ext/date/lib/parse_date.c === --- php/php-src/branches/PHP_5_2/ext/date/lib/parse_date.c 2010-07-13 19:45:07 UTC (rev 301251) +++ php/php-src/branches/PHP_5_2/ext/date/lib/parse_date.c 2010-07-13 23:59:54 UTC (rev 301252) @@ -88,6 +88,8 @@ #define TIMELIB_ERROR 999 +/* Some compilers like AIX, defines uchar in sys/types.h */ +#undef uchar typedef unsigned char uchar; #define BSIZE 8192 Modified: php/php-src/branches/PHP_5_2/ext/hash/php_hash_tiger.h === --- php/php-src/branches/PHP_5_2/ext/hash/php_hash_tiger.h 2010-07-13 19:45:07 UTC (rev 301251) +++ php/php-src/branches/PHP_5_2/ext/hash/php_hash_tiger.h 2010-07-13 23:59:54 UTC (rev 301252) @@ -25,8 +25,8 @@ typedef struct { php_hash_uint64 state[3]; php_hash_uint64 passed; - unsigned char passes:1; - unsigned char length:7; + unsigned int passes:1; + unsigned int length:7; unsigned char buffer[64]; } PHP_TIGER_CTX; Modified: php/php-src/branches/PHP_5_2/ext/pdo/php_pdo_driver.h === --- php/php-src/branches/PHP_5_2/ext/pdo/php_pdo_driver.h 2010-07-13 19:45:07 UTC (rev 301251) +++ php/php-src/branches/PHP_5_2/ext/pdo/php_pdo_driver.h 2010-07-13 23:59:54 UTC (rev 301252) @@ -183,7 +183,7 @@ enum pdo_null_handling { PDO_NULL_NATURAL = 0, PDO_NULL_EMPTY_STRING = 1, - PDO_NULL_TO_STRING = 2, + PDO_NULL_TO_STRING = 2 }; /* {{{ utils for reading attributes set as driver_options */ @@ -343,7 +343,7 @@ PDO_PARAM_EVT_EXEC_POST, PDO_PARAM_EVT_FETCH_PRE, PDO_PARAM_EVT_FETCH_POST, - PDO_PARAM_EVT_NORMALIZE, + PDO_PARAM_EVT_NORMALIZE }; typedef int (*pdo_stmt_param_hook_func)(pdo_stmt_t *stmt, struct pdo_bound_param_data *param, enum pdo_param_event event_type TSRMLS_DC); Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-07-13 19:45:07 UTC (rev 301251) +++ php/php-src/branches/PHP_5_3/NEWS 2010-07-13 23:59:54 UTC (rev 301252) @@ -10,8 +10,10 @@ results and PHP crashes). (Felipe) - Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). (Johannes) -- Fixed bug #52037 (Concurrent builds fail in install-programs) (seanius at +- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle) +- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle, + coreystup at gmail dot com) - Fixed bug #51697 (Unsafe operations in free_storage of SPL iterators, causes crash during shutdown). (Etienne) Modified: php/php-src/branches/PHP_5_3/ext/date/lib/parse_date.c ===
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
johannes Wed, 14 Jul 2010 22:03:47 + Revision: http://svn.php.net/viewvc?view=revisionrevision=301267 Log: PHP 5.2.14RC3 Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-14 21:49:45 UTC (rev 301266) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-14 22:03:47 UTC (rev 301267) @@ -1,6 +1,6 @@ PHPNEWS ||| -?? Jul 2010, PHP 5.2.14 +15 Jul 2010, PHP 5.2.14RC3 - Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. (Scott) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-07-14 21:49:45 UTC (rev 301266) +++ php/php-src/branches/PHP_5_2/configure.in 2010-07-14 22:03:47 UTC (rev 301267) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 PHP_RELEASE_VERSION=14 -PHP_EXTRA_VERSION=RC3-dev +PHP_EXTRA_VERSION=RC3 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-07-14 21:49:45 UTC (rev 301266) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-07-14 22:03:47 UTC (rev 301267) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 #define PHP_RELEASE_VERSION 14 -#define PHP_EXTRA_VERSION RC3-dev -#define PHP_VERSION 5.2.14RC3-dev +#define PHP_EXTRA_VERSION RC3 +#define PHP_VERSION 5.2.14RC3 #define PHP_VERSION_ID 50214 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
johannes Wed, 14 Jul 2010 22:59:20 + Revision: http://svn.php.net/viewvc?view=revisionrevision=301269 Log: Back to -dev Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-14 22:06:01 UTC (rev 301268) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-14 22:59:20 UTC (rev 301269) @@ -1,5 +1,8 @@ PHPNEWS ||| +?? Jul 2010, PHP 5.2.14 + + 15 Jul 2010, PHP 5.2.14RC3 - Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. (Scott) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-07-14 22:06:01 UTC (rev 301268) +++ php/php-src/branches/PHP_5_2/configure.in 2010-07-14 22:59:20 UTC (rev 301269) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 PHP_RELEASE_VERSION=14 -PHP_EXTRA_VERSION=RC3 +PHP_EXTRA_VERSION=RC4-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-07-14 22:06:01 UTC (rev 301268) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-07-14 22:59:20 UTC (rev 301269) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 #define PHP_RELEASE_VERSION 14 -#define PHP_EXTRA_VERSION RC3 -#define PHP_VERSION 5.2.14RC3 +#define PHP_EXTRA_VERSION RC4-dev +#define PHP_VERSION 5.2.14RC4-dev #define PHP_VERSION_ID 50214 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS scripts/Makefile.frag
kalleTue, 13 Jul 2010 17:24:44 + Revision: http://svn.php.net/viewvc?view=revisionrevision=301244 Log: MFT: Fixed bug #52037 (Concurrent builds fail in install-programs) -- Patch by Seanius at debian dot org # Sorry for the non sparse commit, due to a broken co Bug: http://bugs.php.net/52037 (Assigned) Concurrent builds fail in install-programs Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/scripts/Makefile.frag Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-13 17:24:13 UTC (rev 301243) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-13 17:24:44 UTC (rev 301244) @@ -6,6 +6,8 @@ (Johannes) - Fixed bug #52237 (Crash when passing the reference of the property of a non-object). (Dmitry) +- Fixed bug #52037 (Concurrent builds fail in install-programs) (seanius at + debian dot org, Kalle) 01 Jul 2010, PHP 5.2.14RC2 - Fixed a possible interruption array leak in strrchr(). Reported by Modified: php/php-src/branches/PHP_5_2/scripts/Makefile.frag === --- php/php-src/branches/PHP_5_2/scripts/Makefile.frag 2010-07-13 17:24:13 UTC (rev 301243) +++ php/php-src/branches/PHP_5_2/scripts/Makefile.frag 2010-07-13 17:24:44 UTC (rev 301244) @@ -33,6 +33,7 @@ install-programs: $(builddir)/phpize $(builddir)/php-config @echo Installing helper programs: $(INSTALL_ROOT)$(bindir)/ + @$(mkinstalldirs) $(INSTALL_ROOT)$(bindir) @for prog in $(bin_SCRIPTS); do \ echo program: $(program_prefix)$${prog}$(program_suffix); \ $(INSTALL) -m 755 $(builddir)/$${prog} $(INSTALL_ROOT)$(bindir)/$(program_prefix)$${prog}$(program_suffix); \ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
pajoye Tue, 13 Jul 2010 18:56:05 + Revision: http://svn.php.net/viewvc?view=revisionrevision=301246 Log: - merge news for var_export fix Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-13 18:53:12 UTC (rev 301245) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-13 18:56:05 UTC (rev 301246) @@ -1,6 +1,8 @@ PHPNEWS ||| ?? Jul 2010, PHP 5.2.14 +- Rewrote var_export() to use smart_str rather than output buffering, prevents + data disclosure if a fatal error occurs. (Scott) - Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). (Johannes) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/date/lib/parse_date.c branches/PHP_5_2/ext/hash/php_hash_tiger.h branches/PHP_5_2/ext/pdo/php_pdo_driver.h branches/PHP_5_3/NEWS
kalleTue, 13 Jul 2010 23:59:54 + Revision: http://svn.php.net/viewvc?view=revisionrevision=301252 Log: Fixed bug #51943 (Several files are out of ANSI spec) # Based on patch by CoreyStup at gmail dot com Bug: http://bugs.php.net/51943 (Assigned) Several files are out of ANSI spec Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/date/lib/parse_date.c U php/php-src/branches/PHP_5_2/ext/hash/php_hash_tiger.h U php/php-src/branches/PHP_5_2/ext/pdo/php_pdo_driver.h U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/date/lib/parse_date.c U php/php-src/branches/PHP_5_3/ext/hash/php_hash_tiger.h U php/php-src/branches/PHP_5_3/ext/pdo/php_pdo_driver.h U php/php-src/trunk/ext/date/lib/parse_date.c U php/php-src/trunk/ext/hash/php_hash_tiger.h U php/php-src/trunk/ext/pdo/php_pdo_driver.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-13 19:45:07 UTC (rev 301251) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-13 23:59:54 UTC (rev 301252) @@ -8,8 +8,10 @@ (Johannes) - Fixed bug #52237 (Crash when passing the reference of the property of a non-object). (Dmitry) -- Fixed bug #52037 (Concurrent builds fail in install-programs) (seanius at +- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle) +- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle, + coreystup at gmail dot com) 01 Jul 2010, PHP 5.2.14RC2 - Fixed a possible interruption array leak in strrchr(). Reported by Modified: php/php-src/branches/PHP_5_2/ext/date/lib/parse_date.c === --- php/php-src/branches/PHP_5_2/ext/date/lib/parse_date.c 2010-07-13 19:45:07 UTC (rev 301251) +++ php/php-src/branches/PHP_5_2/ext/date/lib/parse_date.c 2010-07-13 23:59:54 UTC (rev 301252) @@ -88,6 +88,8 @@ #define TIMELIB_ERROR 999 +/* Some compilers like AIX, defines uchar in sys/types.h */ +#undef uchar typedef unsigned char uchar; #define BSIZE 8192 Modified: php/php-src/branches/PHP_5_2/ext/hash/php_hash_tiger.h === --- php/php-src/branches/PHP_5_2/ext/hash/php_hash_tiger.h 2010-07-13 19:45:07 UTC (rev 301251) +++ php/php-src/branches/PHP_5_2/ext/hash/php_hash_tiger.h 2010-07-13 23:59:54 UTC (rev 301252) @@ -25,8 +25,8 @@ typedef struct { php_hash_uint64 state[3]; php_hash_uint64 passed; - unsigned char passes:1; - unsigned char length:7; + unsigned int passes:1; + unsigned int length:7; unsigned char buffer[64]; } PHP_TIGER_CTX; Modified: php/php-src/branches/PHP_5_2/ext/pdo/php_pdo_driver.h === --- php/php-src/branches/PHP_5_2/ext/pdo/php_pdo_driver.h 2010-07-13 19:45:07 UTC (rev 301251) +++ php/php-src/branches/PHP_5_2/ext/pdo/php_pdo_driver.h 2010-07-13 23:59:54 UTC (rev 301252) @@ -183,7 +183,7 @@ enum pdo_null_handling { PDO_NULL_NATURAL = 0, PDO_NULL_EMPTY_STRING = 1, - PDO_NULL_TO_STRING = 2, + PDO_NULL_TO_STRING = 2 }; /* {{{ utils for reading attributes set as driver_options */ @@ -343,7 +343,7 @@ PDO_PARAM_EVT_EXEC_POST, PDO_PARAM_EVT_FETCH_PRE, PDO_PARAM_EVT_FETCH_POST, - PDO_PARAM_EVT_NORMALIZE, + PDO_PARAM_EVT_NORMALIZE }; typedef int (*pdo_stmt_param_hook_func)(pdo_stmt_t *stmt, struct pdo_bound_param_data *param, enum pdo_param_event event_type TSRMLS_DC); Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-07-13 19:45:07 UTC (rev 301251) +++ php/php-src/branches/PHP_5_3/NEWS 2010-07-13 23:59:54 UTC (rev 301252) @@ -10,8 +10,10 @@ results and PHP crashes). (Felipe) - Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). (Johannes) -- Fixed bug #52037 (Concurrent builds fail in install-programs) (seanius at +- Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle) +- Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle, + coreystup at gmail dot com) - Fixed bug #51697 (Unsafe operations in free_storage of SPL iterators, causes crash during shutdown). (Etienne) Modified: php/php-src/branches/PHP_5_3/ext/date/lib/parse_date.c === --- php/php-src/branches/PHP_5_3/ext/date/lib/parse_date.c 2010-07-13 19:45:07 UTC (rev 301251) +++ php/php-src/branches/PHP_5_3/ext/date/lib/parse_date.c 2010-07-13 23:59:54 UTC (rev 301252) @@ -91,6 +91,8 @@ #define TIMELIB_ERROR
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/Zend/tests/bug52237.phpt branches/PHP_5_2/Zend/zend_vm_def.h branches/PHP_5_2/Zend/zend_vm_execute.h branches/PHP_5_3/Zend/tests/bug
dmitry Mon, 05 Jul 2010 09:08:35 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300990 Log: Fixed bug #52237 (Crash when passing the reference of the property of a non-object) Bug: http://bugs.php.net/52237 (Assigned) Crash when passing the reference of the property of a non-object Changed paths: U php/php-src/branches/PHP_5_2/NEWS A php/php-src/branches/PHP_5_2/Zend/tests/bug52237.phpt U php/php-src/branches/PHP_5_2/Zend/zend_vm_def.h U php/php-src/branches/PHP_5_2/Zend/zend_vm_execute.h A php/php-src/branches/PHP_5_3/Zend/tests/bug52237.phpt U php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h U php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h A php/php-src/trunk/Zend/tests/bug52237.phpt U php/php-src/trunk/Zend/zend_vm_def.h U php/php-src/trunk/Zend/zend_vm_execute.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-05 08:11:41 UTC (rev 300989) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-05 09:08:35 UTC (rev 300990) @@ -4,6 +4,8 @@ - Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). (Johannes) +- Fixed bug #52237 (Crash when passing the reference of the property of a + non-object). (Dmitry) 01 Jul 2010, PHP 5.2.14RC2 - Fixed a possible interruption array leak in strrchr(). Reported by Added: php/php-src/branches/PHP_5_2/Zend/tests/bug52237.phpt === --- php/php-src/branches/PHP_5_2/Zend/tests/bug52237.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/Zend/tests/bug52237.phpt 2010-07-05 09:08:35 UTC (rev 300990) @@ -0,0 +1,10 @@ +--TEST-- +Bug #52237 (Crash when passing the reference of the property of a non-object) +--FILE-- +?php +$data = 'test'; +preg_match('//', '', $data-info); +var_dump($data); +? +--EXPECT-- +string(4) test Modified: php/php-src/branches/PHP_5_2/Zend/zend_vm_def.h === --- php/php-src/branches/PHP_5_2/Zend/zend_vm_def.h 2010-07-05 08:11:41 UTC (rev 300989) +++ php/php-src/branches/PHP_5_2/Zend/zend_vm_def.h 2010-07-05 09:08:35 UTC (rev 300990) @@ -2378,10 +2378,17 @@ zend_error_noreturn(E_ERROR, Only variables can be passed by reference); } - if (EX(function_state).function-type == ZEND_INTERNAL_FUNCTION !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline-op2.u.opline_num)) { - ZEND_VM_DISPATCH_TO_HELPER(zend_send_by_var_helper); -} + if (OP1_TYPE == IS_VAR *varptr_ptr == EG(error_zval_ptr)) { + (*varptr_ptr)-refcount--; + ALLOC_ZVAL(*varptr_ptr); + INIT_ZVAL(**varptr_ptr); + (*varptr_ptr)-refcount = 0; + } + if (EX(function_state).function-type == ZEND_INTERNAL_FUNCTION !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline-op2.u.opline_num)) { + ZEND_VM_DISPATCH_TO_HELPER(zend_send_by_var_helper); + } + SEPARATE_ZVAL_TO_MAKE_IS_REF(varptr_ptr); varptr = *varptr_ptr; varptr-refcount++; Modified: php/php-src/branches/PHP_5_2/Zend/zend_vm_execute.h === --- php/php-src/branches/PHP_5_2/Zend/zend_vm_execute.h 2010-07-05 08:11:41 UTC (rev 300989) +++ php/php-src/branches/PHP_5_2/Zend/zend_vm_execute.h 2010-07-05 09:08:35 UTC (rev 300990) @@ -7605,10 +7605,17 @@ zend_error_noreturn(E_ERROR, Only variables can be passed by reference); } - if (EX(function_state).function-type == ZEND_INTERNAL_FUNCTION !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline-op2.u.opline_num)) { - return zend_send_by_var_helper_SPEC_VAR(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); -} + if (IS_VAR == IS_VAR *varptr_ptr == EG(error_zval_ptr)) { + (*varptr_ptr)-refcount--; + ALLOC_ZVAL(*varptr_ptr); + INIT_ZVAL(**varptr_ptr); + (*varptr_ptr)-refcount = 0; + } + if (EX(function_state).function-type == ZEND_INTERNAL_FUNCTION !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline-op2.u.opline_num)) { + return zend_send_by_var_helper_SPEC_VAR(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); + } + SEPARATE_ZVAL_TO_MAKE_IS_REF(varptr_ptr); varptr = *varptr_ptr; varptr-refcount++; @@ -20041,10 +20048,17 @@ zend_error_noreturn(E_ERROR, Only variables can be passed by reference); } - if (EX(function_state).function-type == ZEND_INTERNAL_FUNCTION !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline-op2.u.opline_num)) { - return zend_send_by_var_helper_SPEC_CV(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); -} + if (IS_CV == IS_VAR *varptr_ptr == EG(error_zval_ptr)) { + (*varptr_ptr)-refcount--; + ALLOC_ZVAL(*varptr_ptr); + INIT_ZVAL(**varptr_ptr); + (*varptr_ptr)-refcount = 0; + } + if (EX(function_state).function-type == ZEND_INTERNAL_FUNCTION !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline-op2.u.opline_num)) { + return zend_send_by_var_helper_SPEC_CV(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); + } +
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
felipe Fri, 02 Jul 2010 19:16:21 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300950 Log: - Added CVE id Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-02 19:12:51 UTC (rev 300949) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-02 19:16:21 UTC (rev 300950) @@ -4,7 +4,7 @@ 01 Jul 2010, PHP 5.2.14RC2 - Fixed a possible interruption array leak in strrchr(). Reported by - Péter Veres. (Felipe) + Péter Veres. (CVE-2010-2484) (Felipe) - Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe) - Fixed a possible memory corruption in substr_replace() (Dmitry) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/spl/spl_iterators.c branches/PHP_5_2/ext/spl/tests/bug52238.phpt branches/PHP_5_3/NEWS branches/PHP_5_3/ext/spl/spl_iterators.c
johannes Fri, 02 Jul 2010 19:17:45 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300951 Log: Fix bug #52238: Crash when an Exception occured in iterator_to_array Bug: http://bugs.php.net/52238 (Open) Crash when an Exception occured in iterator_to_array Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/spl/spl_iterators.c A php/php-src/branches/PHP_5_2/ext/spl/tests/bug52238.phpt U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/spl/spl_iterators.c A php/php-src/branches/PHP_5_3/ext/spl/tests/bug52238.phpt U php/php-src/trunk/ext/spl/spl_iterators.c A php/php-src/trunk/ext/spl/tests/bug52238.phpt Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-02 19:16:21 UTC (rev 300950) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-02 19:17:45 UTC (rev 300951) @@ -2,6 +2,9 @@ ||| ?? Jul 2010, PHP 5.2.14 +- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). + (Johannes) + 01 Jul 2010, PHP 5.2.14RC2 - Fixed a possible interruption array leak in strrchr(). Reported by Péter Veres. (CVE-2010-2484) (Felipe) Modified: php/php-src/branches/PHP_5_2/ext/spl/spl_iterators.c === --- php/php-src/branches/PHP_5_2/ext/spl/spl_iterators.c2010-07-02 19:16:21 UTC (rev 300950) +++ php/php-src/branches/PHP_5_2/ext/spl/spl_iterators.c2010-07-02 19:17:45 UTC (rev 300951) @@ -2701,7 +2701,9 @@ } done: - iter-funcs-dtor(iter TSRMLS_CC); + if (iter) { + iter-funcs-dtor(iter TSRMLS_CC); + } return EG(exception) ? FAILURE : SUCCESS; } /* }}} */ Added: php/php-src/branches/PHP_5_2/ext/spl/tests/bug52238.phpt === --- php/php-src/branches/PHP_5_2/ext/spl/tests/bug52238.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/ext/spl/tests/bug52238.phpt2010-07-02 19:17:45 UTC (rev 300951) @@ -0,0 +1,24 @@ +--TEST-- +Bug #52238 - Crash when an Exception occured in iterator_to_array +--FILE-- +?php +class Foo implements IteratorAggregate +{ +public function bar() { +throw new Exception; +} + +public function getIterator() { +return new ArrayIterator($this-bar()); +} +} +var_dump(iterator_to_array(new Foo)); +? +--EXPECTF-- +Fatal error: Uncaught exception 'Exception' in %s +Stack trace: +#0 %s: Foo-bar() +#1 [internal function]: Foo-getIterator() +#2 %s: iterator_to_array(Object(Foo)) +#3 {main} + thrown in %s on line %d Property changes on: php/php-src/branches/PHP_5_2/ext/spl/tests/bug52238.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-07-02 19:16:21 UTC (rev 300950) +++ php/php-src/branches/PHP_5_3/NEWS 2010-07-02 19:17:45 UTC (rev 300951) @@ -2,6 +2,8 @@ ||| ?? Jul 2010, PHP 5.3.3 RC3 +- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). + (Johannes) 01 Jul 2010, PHP 5.3.3 RC2 - Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas) Modified: php/php-src/branches/PHP_5_3/ext/spl/spl_iterators.c === --- php/php-src/branches/PHP_5_3/ext/spl/spl_iterators.c2010-07-02 19:16:21 UTC (rev 300950) +++ php/php-src/branches/PHP_5_3/ext/spl/spl_iterators.c2010-07-02 19:17:45 UTC (rev 300951) @@ -3035,7 +3035,9 @@ } done: - iter-funcs-dtor(iter TSRMLS_CC); + if (iter) { + iter-funcs-dtor(iter TSRMLS_CC); + } return EG(exception) ? FAILURE : SUCCESS; } /* }}} */ Added: php/php-src/branches/PHP_5_3/ext/spl/tests/bug52238.phpt === --- php/php-src/branches/PHP_5_3/ext/spl/tests/bug52238.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/spl/tests/bug52238.phpt2010-07-02 19:17:45 UTC (rev 300951) @@ -0,0 +1,24 @@ +--TEST-- +Bug #52238 - Crash when an Exception occured in iterator_to_array +--FILE-- +?php +class Foo implements IteratorAggregate +{ +public function bar() { +throw new Exception; +} + +public function getIterator() { +return new ArrayIterator($this-bar()); +} +} +var_dump(iterator_to_array(new Foo)); +? +--EXPECTF-- +Fatal error: Uncaught exception 'Exception' in %s +Stack trace: +#0
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaThu, 01 Jul 2010 14:41:17 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300906 Log: Back to dev Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-01 14:40:34 UTC (rev 300905) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-01 14:41:17 UTC (rev 300906) @@ -1,5 +1,7 @@ PHPNEWS ||| +?? Jul 2010, PHP 5.2.14 + 01 Jul 2010, PHP 5.2.14RC2 - Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-07-01 14:40:34 UTC (rev 300905) +++ php/php-src/branches/PHP_5_2/configure.in 2010-07-01 14:41:17 UTC (rev 300906) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 PHP_RELEASE_VERSION=14 -PHP_EXTRA_VERSION=RC2 +PHP_EXTRA_VERSION=RC3-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-07-01 14:40:34 UTC (rev 300905) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-07-01 14:41:17 UTC (rev 300906) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 #define PHP_RELEASE_VERSION 14 -#define PHP_EXTRA_VERSION RC2 -#define PHP_VERSION 5.2.14RC2 +#define PHP_EXTRA_VERSION RC3-dev +#define PHP_VERSION 5.2.14RC3-dev #define PHP_VERSION_ID 50214 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
felipe Thu, 01 Jul 2010 21:59:41 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300922 Log: - BFN Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-01 21:46:32 UTC (rev 300921) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-01 21:59:41 UTC (rev 300922) @@ -3,6 +3,11 @@ ?? Jul 2010, PHP 5.2.14 01 Jul 2010, PHP 5.2.14RC2 +- Fixed a possible interruption array leak in strrchr(). Reported by + Péter Veres. (Felipe) +- Fixed a possible interruption array leak in strchr(), strstr(), substr(), + chunk_split(), strtok(), addcslashes(), str_repeat(). (Felipe) +- Fixed a possible memory corruption in substr_replace() (Dmitry) - Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas) - Fixed bug #52163 (SplFileObject::fgetss() fails due to parameter that can't -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS ext/standard/string.c
felipe Fri, 02 Jul 2010 00:33:42 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300926 Log: - Fixed a possible interruption array leak in trim() Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/string.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-07-01 23:30:35 UTC (rev 300925) +++ php/php-src/branches/PHP_5_2/NEWS 2010-07-02 00:33:42 UTC (rev 300926) @@ -6,7 +6,7 @@ - Fixed a possible interruption array leak in strrchr(). Reported by Péter Veres. (Felipe) - Fixed a possible interruption array leak in strchr(), strstr(), substr(), - chunk_split(), strtok(), addcslashes(), str_repeat(). (Felipe) + chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe) - Fixed a possible memory corruption in substr_replace() (Dmitry) - Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas) Modified: php/php-src/branches/PHP_5_2/ext/standard/string.c === --- php/php-src/branches/PHP_5_2/ext/standard/string.c 2010-07-01 23:30:35 UTC (rev 300925) +++ php/php-src/branches/PHP_5_2/ext/standard/string.c 2010-07-02 00:33:42 UTC (rev 300926) @@ -774,6 +774,9 @@ WRONG_PARAM_COUNT; } + if (PZVAL_IS_REF(*str)) { + SEPARATE_ZVAL(str); + } convert_to_string_ex(str); if (argc 1) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_2/NEWS PHP_5_2/Zend/tests/bug51421.phpt PHP_5_2/Zend/zend_compile.c PHP_5_3/NEWS PHP_5_3/Zend/tests/bug51421.phpt PHP_5_3/Zend/zend_compile.c
felipe Mon, 28 Jun 2010 16:37:57 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300817 Log: - Reverted fix for bug #51421 Bug: http://bugs.php.net/51421 (Closed) Abstract __construct constructor argument list not enforced Changed paths: U php/php-src/branches/PHP_5_2/NEWS D php/php-src/branches/PHP_5_2/Zend/tests/bug51421.phpt U php/php-src/branches/PHP_5_2/Zend/zend_compile.c U php/php-src/branches/PHP_5_3/NEWS D php/php-src/branches/PHP_5_3/Zend/tests/bug51421.phpt U php/php-src/branches/PHP_5_3/Zend/zend_compile.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-28 16:17:20 UTC (rev 300816) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-28 16:37:57 UTC (rev 300817) @@ -9,8 +9,6 @@ - Fixed bug #52061 (memory_limit above 2G). (Felipe) - Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command). (Ilia, Felipe) -- Fixed bug #51421 (Abstract __construct constructor argument list not - enforced). (Felipe) - Fixed bug #49730 (Firebird - new PDO() returns NULL). (Felipe) 17 Jun 2010, PHP 5.2.14RC1 Deleted: php/php-src/branches/PHP_5_2/Zend/tests/bug51421.phpt === --- php/php-src/branches/PHP_5_2/Zend/tests/bug51421.phpt 2010-06-28 16:17:20 UTC (rev 300816) +++ php/php-src/branches/PHP_5_2/Zend/tests/bug51421.phpt 2010-06-28 16:37:57 UTC (rev 300817) @@ -1,18 +0,0 @@ ---TEST-- -Bug #51421 (Abstract __construct constructor argument list not enforced) ---FILE-- -?php - -class ExampleClass {} - -abstract class TestInterface { - abstract public function __construct(ExampleClass $var); -} - -class Test extends TestInterface { - public function __construct() {} -} - -? ---EXPECTF-- -Fatal error: Declaration of Test::__construct() must be compatible with that of TestInterface::__construct() in %s on line %d Modified: php/php-src/branches/PHP_5_2/Zend/zend_compile.c === --- php/php-src/branches/PHP_5_2/Zend/zend_compile.c2010-06-28 16:17:20 UTC (rev 300816) +++ php/php-src/branches/PHP_5_2/Zend/zend_compile.c2010-06-28 16:37:57 UTC (rev 300817) @@ -2017,12 +2017,8 @@ return 1; } - /* Checks for constructors only if they are declared in an interface, -* or explicitly marked as abstract -*/ - if ((fe-common.fn_flags ZEND_ACC_CTOR) -((proto-common.scope-ce_flags ZEND_ACC_INTERFACE) == 0 -(proto-common.fn_flags ZEND_ACC_ABSTRACT) == 0)) { + /* Checks for constructors only if they are declared in an interface */ + if ((fe-common.fn_flags ZEND_ACC_CTOR) (proto-common.scope-ce_flags ZEND_ACC_INTERFACE) == 0) { return 1; } Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-06-28 16:17:20 UTC (rev 300816) +++ php/php-src/branches/PHP_5_3/NEWS 2010-06-28 16:37:57 UTC (rev 300817) @@ -15,8 +15,6 @@ (Felipe) - Fixed bug #52115 (mysqli_result::fetch_all returns null, not an empty array). (Andrey) -- Fixed bug #51421 (Abstract __construct constructor argument list not - enforced). (Felipe) - Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP = 5.3). (Felipe) 17 Jun 2010, PHP 5.3.3 RC1 Deleted: php/php-src/branches/PHP_5_3/Zend/tests/bug51421.phpt === --- php/php-src/branches/PHP_5_3/Zend/tests/bug51421.phpt 2010-06-28 16:17:20 UTC (rev 300816) +++ php/php-src/branches/PHP_5_3/Zend/tests/bug51421.phpt 2010-06-28 16:37:57 UTC (rev 300817) @@ -1,18 +0,0 @@ ---TEST-- -Bug #51421 (Abstract __construct constructor argument list not enforced) ---FILE-- -?php - -class ExampleClass {} - -abstract class TestInterface { - abstract public function __construct(ExampleClass $var); -} - -class Test extends TestInterface { - public function __construct() {} -} - -? ---EXPECTF-- -Fatal error: Declaration of Test::__construct() must be compatible with that of TestInterface::__construct() in %s on line %d Modified: php/php-src/branches/PHP_5_3/Zend/zend_compile.c === --- php/php-src/branches/PHP_5_3/Zend/zend_compile.c2010-06-28 16:17:20 UTC (rev 300816) +++ php/php-src/branches/PHP_5_3/Zend/zend_compile.c2010-06-28 16:37:57 UTC (rev 300817) @@ -2540,12 +2540,8 @@ return 1; } - /* Checks for constructors only if they are declared in an interface, -* or explicitly marked as abstract -*/ - if ((fe-common.fn_flags ZEND_ACC_CTOR) -((proto-common.scope-ce_flags
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/spl/SplObjectStorage_unserialize_bad.phpt branches/PHP_5_2/ext/spl/SplObjectStorage_unserialize_nested.phpt branches/PHP_5_2/ext
stas Tue, 29 Jun 2010 00:58:31 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300843 Log: fix SplObjectStorage unserialization (CVE-2010-2225) Changed paths: U php/php-src/branches/PHP_5_2/NEWS A php/php-src/branches/PHP_5_2/ext/spl/SplObjectStorage_unserialize_bad.phpt A php/php-src/branches/PHP_5_2/ext/spl/SplObjectStorage_unserialize_nested.phpt U php/php-src/branches/PHP_5_2/ext/spl/spl_observer.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/spl/spl_observer.c A php/php-src/branches/PHP_5_3/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt A php/php-src/branches/PHP_5_3/ext/spl/tests/SplObjectStorage_unserialize_nested.phpt U php/php-src/branches/PHP_5_3/ext/standard/php_var.h U php/php-src/branches/PHP_5_3/ext/standard/var_unserializer.c U php/php-src/branches/PHP_5_3/ext/standard/var_unserializer.re U php/php-src/trunk/ext/spl/spl_observer.c A php/php-src/trunk/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt A php/php-src/trunk/ext/spl/tests/SplObjectStorage_unserialize_nested.phpt U php/php-src/trunk/ext/standard/php_var.h U php/php-src/trunk/ext/standard/var_unserializer.c U php/php-src/trunk/ext/standard/var_unserializer.re Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-29 00:57:58 UTC (rev 300842) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-29 00:58:31 UTC (rev 300843) @@ -1,6 +1,8 @@ PHPNEWS ||| ?? Jun 2010, PHP 5.2.14 +- Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas) + - Fixed bug #52163 (SplFileObject::fgetss() fails due to parameter that can't be set). (Felipe) - Fixed bug #52162 (custom request header variables with numbers are removed). Added: php/php-src/branches/PHP_5_2/ext/spl/SplObjectStorage_unserialize_bad.phpt === --- php/php-src/branches/PHP_5_2/ext/spl/SplObjectStorage_unserialize_bad.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/ext/spl/SplObjectStorage_unserialize_bad.phpt 2010-06-29 00:58:31 UTC (rev 300843) @@ -0,0 +1,24 @@ +--TEST-- +SPL: Test that serialized blob contains unique elements (CVE-2010-2225) +--FILE-- +?php + +$badblobs = array( +'x:i:2;i:0;;i:0;;m:a:0:{}', +'x:i:2;O:8:stdClass:0:{};R:1;;m:a:0:{}', +'x:i:3;O:8:stdClass:0:{};r:1;;r:1;;m:a:0:{}', +); +foreach($badblobs as $blob) { +try { + $so = new SplObjectStorage(); + $so-unserialize($blob); + var_dump($so); +} catch(UnexpectedValueException $e) { + echo $e-getMessage().\n; +} +} +--EXPECTF-- +Error at offset 6 of 24 bytes +Error at offset 26 of 39 bytes +object(SplObjectStorage)#2 (0) { +} Added: php/php-src/branches/PHP_5_2/ext/spl/SplObjectStorage_unserialize_nested.phpt === --- php/php-src/branches/PHP_5_2/ext/spl/SplObjectStorage_unserialize_nested.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/ext/spl/SplObjectStorage_unserialize_nested.phpt 2010-06-29 00:58:31 UTC (rev 300843) @@ -0,0 +1,33 @@ +--TEST-- +SPL: Test unserializing tested linked storage +--FILE-- +?php +$o = new StdClass(); +$a = new StdClass(); + +$o-a = $a; + +$so = new SplObjectStorage(); + +$so-attach($o); +$so-attach($a); + +$s = serialize($so); +echo $s.\n; + +$so1 = unserialize($s); +var_dump($so1); +foreach($so1 as $obj) { + var_dump($obj); +} +--EXPECTF-- +C:16:SplObjectStorage:66:{x:i:2;O:8:stdClass:1:{s:1:a;O:8:stdClass:0:{}};r:2;;m:a:0:{}} +object(SplObjectStorage)#4 (0) { +} +object(stdClass)#5 (1) { + [a]= + object(stdClass)#6 (0) { + } +} +object(stdClass)#6 (0) { +} Modified: php/php-src/branches/PHP_5_2/ext/spl/spl_observer.c === --- php/php-src/branches/PHP_5_2/ext/spl/spl_observer.c 2010-06-29 00:57:58 UTC (rev 300842) +++ php/php-src/branches/PHP_5_2/ext/spl/spl_observer.c 2010-06-29 00:58:31 UTC (rev 300843) @@ -182,6 +182,21 @@ intern-index = 0; } /* }}} */ +int spl_object_storage_contains(spl_SplObjectStorage *intern, zval *obj TSRMLS_DC) /* {{{ */ +{ +#if HAVE_PACKED_OBJECT_VALUE + return zend_hash_exists(intern-storage, (char*)Z_OBJVAL_P(obj), sizeof(zend_object_value)); +#else + { + zend_object_value zvalue; + memset(zvalue, 0, sizeof(zend_object_value)); + zvalue.handle = Z_OBJ_HANDLE_P(obj); + zvalue.handlers = Z_OBJ_HT_P(obj); + return zend_hash_exists(intern-storage, (char*)zvalue, sizeof(zend_object_value)); + } +#endif +} /* }}} */ + /* {{{ proto bool SplObjectStorage::contains($obj) Determine whethe an object is contained in the storage */ SPL_METHOD(SplObjectStorage,
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/Zend/tests/bug35634.phpt branches/PHP_5_2/Zend/tests/bug52160.phpt branches/PHP_5_2/Zend/tests/objects_011.phpt branches/PHP_5_2/Zen
felipe Sat, 26 Jun 2010 19:19:16 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300768 Log: - Fixed bug #52160 (Invalid E_STRICT redefined constructor error) Bug: http://bugs.php.net/52160 (error getting bug information) Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/Zend/tests/bug35634.phpt A php/php-src/branches/PHP_5_2/Zend/tests/bug52160.phpt U php/php-src/branches/PHP_5_2/Zend/tests/objects_011.phpt U php/php-src/branches/PHP_5_2/Zend/zend_compile.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/Zend/tests/bug35634.phpt U php/php-src/branches/PHP_5_3/Zend/tests/bug48215.phpt U php/php-src/branches/PHP_5_3/Zend/tests/bug48215_2.phpt A php/php-src/branches/PHP_5_3/Zend/tests/bug52160.phpt U php/php-src/branches/PHP_5_3/Zend/tests/objects_011.phpt U php/php-src/branches/PHP_5_3/Zend/zend_compile.c U php/php-src/trunk/Zend/tests/bug35634.phpt U php/php-src/trunk/Zend/tests/bug48215.phpt U php/php-src/trunk/Zend/tests/bug48215_2.phpt A php/php-src/trunk/Zend/tests/bug52160.phpt U php/php-src/trunk/Zend/tests/objects_011.phpt U php/php-src/trunk/Zend/zend_compile.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-26 18:39:54 UTC (rev 300767) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-26 19:19:16 UTC (rev 300768) @@ -5,6 +5,7 @@ be set). (Felipe) - Fixed bug #52162 (custom request header variables with numbers are removed). (Sriram Natarajan) +- Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe) - Fixed bug #52061 (memory_limit above 2G). (Felipe) - Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command). (Ilia, Felipe) Modified: php/php-src/branches/PHP_5_2/Zend/tests/bug35634.phpt === --- php/php-src/branches/PHP_5_2/Zend/tests/bug35634.phpt 2010-06-26 18:39:54 UTC (rev 300767) +++ php/php-src/branches/PHP_5_2/Zend/tests/bug35634.phpt 2010-06-26 19:19:16 UTC (rev 300768) @@ -30,7 +30,9 @@ set_error_handler('errorHandler'); define(pass2, 1); include(__FILE__); + print ok\n; } + ? ---EXPECTF-- -Error: Redefining already defined constructor for class TestClass (%sbug35634.php:12) +--EXPECT-- +ok Added: php/php-src/branches/PHP_5_2/Zend/tests/bug52160.phpt === --- php/php-src/branches/PHP_5_2/Zend/tests/bug52160.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/Zend/tests/bug52160.phpt 2010-06-26 19:19:16 UTC (rev 300768) @@ -0,0 +1,34 @@ +--TEST-- +Bug #52160 (Invalid E_STRICT redefined constructor error) +--FILE-- +?php + +class bar { + function __construct() { } + static function bar() { + var_dump(1); + } +} + +bar::bar(); + +class foo { + static function foo() { + var_dump(2); + } + function __construct() { } +} + +foo::foo(); + +class baz { + static function baz() { + var_dump(3); + } +} + +? +--EXPECTF-- +Strict Standards: Redefining already defined constructor for class foo in %s on line %d + +Fatal error: Constructor baz::baz() cannot be static in %s on line %d Property changes on: php/php-src/branches/PHP_5_2/Zend/tests/bug52160.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_2/Zend/tests/objects_011.phpt === --- php/php-src/branches/PHP_5_2/Zend/tests/objects_011.phpt 2010-06-26 18:39:54 UTC (rev 300767) +++ php/php-src/branches/PHP_5_2/Zend/tests/objects_011.phpt 2010-06-26 19:19:16 UTC (rev 300768) @@ -14,6 +14,5 @@ echo Done\n; ? ---EXPECTF-- -Strict Standards: Redefining already defined constructor for class test in %s on line %d +--EXPECT-- Done Modified: php/php-src/branches/PHP_5_2/Zend/zend_compile.c === --- php/php-src/branches/PHP_5_2/Zend/zend_compile.c 2010-06-26 18:39:54 UTC (rev 300767) +++ php/php-src/branches/PHP_5_2/Zend/zend_compile.c 2010-06-26 19:19:16 UTC (rev 300768) @@ -1175,9 +1175,7 @@ /* Improve after RC: cache the lowercase class name */ if ((short_class_name_length == name_len) (!memcmp(short_class_name, lcname, name_len))) { -if (CG(active_class_entry)-constructor) { - zend_error(E_STRICT, Redefining already defined constructor for class %s, CG(active_class_entry)-name); -} else { +if (!CG(active_class_entry)-constructor) { CG(active_class_entry)-constructor = (zend_function *) CG(active_op_array); } } else if ((name_len == sizeof(ZEND_CONSTRUCTOR_FUNC_NAME)-1) (!memcmp(lcname, ZEND_CONSTRUCTOR_FUNC_NAME,
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_2/NEWS PHP_5_3/NEWS
felipe Sat, 26 Jun 2010 22:07:04 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300771 Log: - BFN Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-26 22:05:13 UTC (rev 300770) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-26 22:07:04 UTC (rev 300771) @@ -9,6 +9,8 @@ - Fixed bug #52061 (memory_limit above 2G). (Felipe) - Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command). (Ilia, Felipe) +- Fixed bug #51421 (Abstract __construct constructor argument list not + enforced). (Felipe) - Fixed bug #49730 (Firebird - new PDO() returns NULL). (Felipe) 17 Jun 2010, PHP 5.2.14RC1 Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-06-26 22:05:13 UTC (rev 300770) +++ php/php-src/branches/PHP_5_3/NEWS 2010-06-26 22:07:04 UTC (rev 300771) @@ -15,6 +15,8 @@ (Felipe) - Fixed bug #52115 (mysqli_result::fetch_all returns null, not an empty array). (Andrey) +- Fixed bug #51421 (Abstract __construct constructor argument list not + enforced). (Felipe) 17 Jun 2010, PHP 5.3.3 RC1 - Upgraded bundled sqlite to version 3.6.23.1. (Ilia) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS ext/spl/spl_directory.c
felipe Thu, 24 Jun 2010 23:10:39 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300741 Log: - Fixed bug #52163 (SplFileObject::fgetss() fails due to parameter that can't be set) [already fixed on other branches] Bug: http://bugs.php.net/52163 (Open) SplFileObject::fgetss() fails due to parameter that can't be set Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/spl/spl_directory.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-24 22:53:14 UTC (rev 300740) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-24 23:10:39 UTC (rev 300741) @@ -1,6 +1,8 @@ PHPNEWS ||| ?? Jun 2010, PHP 5.2.14 +- Fixed bug #52163 (SplFileObject::fgetss() fails due to parameter that can't + be set). (Felipe) - Fixed bug #52162 (custom request header variables with numbers are removed). (Sriram Natarajan) - Fixed bug #52061 (memory_limit above 2G). (Felipe) Modified: php/php-src/branches/PHP_5_2/ext/spl/spl_directory.c === --- php/php-src/branches/PHP_5_2/ext/spl/spl_directory.c2010-06-24 22:53:14 UTC (rev 300740) +++ php/php-src/branches/PHP_5_2/ext/spl/spl_directory.c2010-06-24 23:10:39 UTC (rev 300741) @@ -2118,8 +2118,13 @@ spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); zval *arg2 = NULL; MAKE_STD_ZVAL(arg2); - ZVAL_LONG(arg2, intern-u.file.max_line_len); + if (intern-u.file.max_line_len 0) { + ZVAL_LONG(arg2, intern-u.file.max_line_len); + } else { + ZVAL_LONG(arg2, 1024); + } + spl_filesystem_file_free_line(intern TSRMLS_CC); intern-u.file.current_line_num++; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/sapi/nsapi/nsapi.c branches/PHP_5_3/NEWS branches/PHP_5_3/sapi/nsapi/nsapi.c trunk/sapi/nsapi/nsapi.c
srinatar Wed, 23 Jun 2010 19:06:33 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300707 Log: - Fixed bug #52162 (custom request header variables with numbers are removed) Bug: http://bugs.php.net/52162 (Assigned) for NSAPI module, custom request header variables with numbers are removed Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/sapi/nsapi/nsapi.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/sapi/nsapi/nsapi.c U php/php-src/trunk/sapi/nsapi/nsapi.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-23 18:28:26 UTC (rev 300706) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-23 19:06:33 UTC (rev 300707) @@ -1,6 +1,8 @@ PHPNEWS ||| ?? Jun 2010, PHP 5.2.14 +- Fixed bug #52162 (custom request header variables with numbers are removed). + (Sriram Natarajan) - Fixed bug #52061 (memory_limit above 2G). (Felipe) - Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command). (Ilia, Felipe) Modified: php/php-src/branches/PHP_5_2/sapi/nsapi/nsapi.c === --- php/php-src/branches/PHP_5_2/sapi/nsapi/nsapi.c 2010-06-23 18:28:26 UTC (rev 300706) +++ php/php-src/branches/PHP_5_2/sapi/nsapi/nsapi.c 2010-06-23 19:06:33 UTC (rev 300707) @@ -634,7 +634,7 @@ if (value) { for(p = value + pos; *p; p++) { *p = toupper(*p); - if (*p 'A' || *p 'Z') { + if (!isalnum(*p)) { *p = '_'; } } Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-06-23 18:28:26 UTC (rev 300706) +++ php/php-src/branches/PHP_5_3/NEWS 2010-06-23 19:06:33 UTC (rev 300707) @@ -3,6 +3,8 @@ ?? ??? 2010, PHP 5.3.3 RC2 - Implemented FR #51295 (SQLite3::busyTimeout not existing). (Mark) - Fixed the mail.log ini setting when no filename was given. (Johannes) +- Fixed bug #52162 (custom request header variables with numbers are removed). + (Sriram Natarajan) - Fixed bug #52115 (mysqli_result::fetch_all returns null, not an empty array). (Andrey) Modified: php/php-src/branches/PHP_5_3/sapi/nsapi/nsapi.c === --- php/php-src/branches/PHP_5_3/sapi/nsapi/nsapi.c 2010-06-23 18:28:26 UTC (rev 300706) +++ php/php-src/branches/PHP_5_3/sapi/nsapi/nsapi.c 2010-06-23 19:06:33 UTC (rev 300707) @@ -687,7 +687,7 @@ if (value) { for(p = value + pos; *p; p++) { *p = toupper(*p); - if (*p 'A' || *p 'Z') { + if (!isalnum(*p)) { *p = '_'; } } Modified: php/php-src/trunk/sapi/nsapi/nsapi.c === --- php/php-src/trunk/sapi/nsapi/nsapi.c2010-06-23 18:28:26 UTC (rev 300706) +++ php/php-src/trunk/sapi/nsapi/nsapi.c2010-06-23 19:06:33 UTC (rev 300707) @@ -684,7 +684,7 @@ if (value) { for(p = value + pos; *p; p++) { *p = toupper(*p); - if (*p 'A' || *p 'Z') { + if (!isalnum(*p)) { *p = '_'; } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS ext/pdo_firebird/firebird_driver.c
felipe Mon, 21 Jun 2010 21:38:35 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300637 Log: - Fixed bug #49730 (Firebird - new PDO() returns NULL) Bug: http://bugs.php.net/49730 (Open) Firebird - new PDO() returns NULL in CLI Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-21 17:38:21 UTC (rev 300636) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-21 21:38:35 UTC (rev 300637) @@ -4,6 +4,7 @@ - Fixed bug #52061 (memory_limit above 2G). (Felipe) - Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command). (Ilia, Felipe) +- Fixed bug #49730 (Firebird - new PDO() returns NULL). (Felipe) 17 Jun 2010, PHP 5.2.14RC1 - Upgraded bundled PCRE to version 8.02. (Ilia) Modified: php/php-src/branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c === --- php/php-src/branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c 2010-06-21 17:38:21 UTC (rev 300636) +++ php/php-src/branches/PHP_5_2/ext/pdo_firebird/firebird_driver.c 2010-06-21 21:38:35 UTC (rev 300637) @@ -648,6 +648,14 @@ efree(vars[i].optval); } } + + if (!dbh-methods) { + char errmsg[512]; + ISC_STATUS *s = H-isc_status; + isc_interprete(errmsg, s); + zend_throw_exception_ex(php_pdo_get_exception(), H-isc_status[1] TSRMLS_CC, SQLSTATE[%s] [%d] %s, + HY000, H-isc_status[1], errmsg); + } if (!ret) { firebird_handle_closer(dbh TSRMLS_CC); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/pdo_sqlite/sqlite_driver.c branches/PHP_5_2/ext/sqlite/pdo_sqlite2.c branches/PHP_5_3/ext/pdo_sqlite/sqlite_driver.c branches/PH
felipe Sun, 20 Jun 2010 14:12:06 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300612 Log: - Completed the fix for bug #52010 # Fixing pdo drivers Bug: http://bugs.php.net/52010 (Closed) open_basedir restrictions mismatch on vacuum command Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/pdo_sqlite/sqlite_driver.c U php/php-src/branches/PHP_5_2/ext/sqlite/pdo_sqlite2.c U php/php-src/branches/PHP_5_3/ext/pdo_sqlite/sqlite_driver.c U php/php-src/branches/PHP_5_3/ext/sqlite/pdo_sqlite2.c U php/php-src/trunk/ext/pdo_sqlite/sqlite_driver.c U php/php-src/trunk/ext/sqlite/pdo_sqlite2.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-20 02:31:58 UTC (rev 300611) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-20 14:12:06 UTC (rev 300612) @@ -2,6 +2,8 @@ ||| ?? Jun 2010, PHP 5.2.14 - Fixed bug #52061 (memory_limit above 2G). (Felipe) +- Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command). + (Ilia, Felipe) 17 Jun 2010, PHP 5.2.14RC1 - Upgraded bundled PCRE to version 8.02. (Ilia) Modified: php/php-src/branches/PHP_5_2/ext/pdo_sqlite/sqlite_driver.c === --- php/php-src/branches/PHP_5_2/ext/pdo_sqlite/sqlite_driver.c 2010-06-20 02:31:58 UTC (rev 300611) +++ php/php-src/branches/PHP_5_2/ext/pdo_sqlite/sqlite_driver.c 2010-06-20 14:12:06 UTC (rev 300612) @@ -642,7 +642,7 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) { - if (strncmp(filename, :memory:, sizeof(:memory:)-1)) { + if (*filename strncmp(filename, :memory:, sizeof(:memory:)-1)) { char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); if (!fullpath) { Modified: php/php-src/branches/PHP_5_2/ext/sqlite/pdo_sqlite2.c === --- php/php-src/branches/PHP_5_2/ext/sqlite/pdo_sqlite2.c 2010-06-20 02:31:58 UTC (rev 300611) +++ php/php-src/branches/PHP_5_2/ext/sqlite/pdo_sqlite2.c 2010-06-20 14:12:06 UTC (rev 300612) @@ -515,7 +515,7 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) { - if (strncmp(filename, :memory:, sizeof(:memory:)-1)) { + if (*filename strncmp(filename, :memory:, sizeof(:memory:)-1)) { char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); if (!fullpath) { Modified: php/php-src/branches/PHP_5_3/ext/pdo_sqlite/sqlite_driver.c === --- php/php-src/branches/PHP_5_3/ext/pdo_sqlite/sqlite_driver.c 2010-06-20 02:31:58 UTC (rev 300611) +++ php/php-src/branches/PHP_5_3/ext/pdo_sqlite/sqlite_driver.c 2010-06-20 14:12:06 UTC (rev 300612) @@ -636,7 +636,7 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) { - if (strncmp(filename, :memory:, sizeof(:memory:)-1)) { + if (*filename strncmp(filename, :memory:, sizeof(:memory:)-1)) { char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); if (!fullpath) { Modified: php/php-src/branches/PHP_5_3/ext/sqlite/pdo_sqlite2.c === --- php/php-src/branches/PHP_5_3/ext/sqlite/pdo_sqlite2.c 2010-06-20 02:31:58 UTC (rev 300611) +++ php/php-src/branches/PHP_5_3/ext/sqlite/pdo_sqlite2.c 2010-06-20 14:12:06 UTC (rev 300612) @@ -515,7 +515,7 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) { - if (strncmp(filename, :memory:, sizeof(:memory:)-1)) { + if (*filename strncmp(filename, :memory:, sizeof(:memory:)-1)) { char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); if (!fullpath) { Modified: php/php-src/trunk/ext/pdo_sqlite/sqlite_driver.c === --- php/php-src/trunk/ext/pdo_sqlite/sqlite_driver.c2010-06-20 02:31:58 UTC (rev 300611) +++ php/php-src/trunk/ext/pdo_sqlite/sqlite_driver.c2010-06-20 14:12:06 UTC (rev 300612) @@ -636,7 +636,7 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) { - if (strncmp(filename, :memory:, sizeof(:memory:)-1)) { + if (*filename strncmp(filename, :memory:, sizeof(:memory:)-1)) { char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); if (!fullpath) { Modified: php/php-src/trunk/ext/sqlite/pdo_sqlite2.c === --- php/php-src/trunk/ext/sqlite/pdo_sqlite2.c 2010-06-20 02:31:58 UTC (rev 300611) +++ php/php-src/trunk/ext/sqlite/pdo_sqlite2.c 2010-06-20 14:12:06 UTC (rev 300612) @@
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
felipe Sat, 19 Jun 2010 22:24:51 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300608 Log: - BFN Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-19 22:23:01 UTC (rev 300607) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-19 22:24:51 UTC (rev 300608) @@ -1,6 +1,7 @@ PHPNEWS ||| ?? Jun 2010, PHP 5.2.14 +- Fixed bug #52061 (memory_limit above 2G). (Felipe) 17 Jun 2010, PHP 5.2.14RC1 - Upgraded bundled PCRE to version 8.02. (Ilia) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaThu, 17 Jun 2010 11:53:21 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300514 Log: 5.2.14RC1 Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-17 11:37:49 UTC (rev 300513) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-17 11:53:21 UTC (rev 300514) @@ -1,6 +1,6 @@ PHPNEWS ||| -?? ??? 2010, PHP 5.2.14 +17 Jun 2010, PHP 5.2.14RC1 - Upgraded bundled PCRE to version 8.02. (Ilia) - Reverted bug fix #49521 (PDO fetchObject sets values before calling Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-06-17 11:37:49 UTC (rev 300513) +++ php/php-src/branches/PHP_5_2/configure.in 2010-06-17 11:53:21 UTC (rev 300514) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 PHP_RELEASE_VERSION=14 -PHP_EXTRA_VERSION=-dev +PHP_EXTRA_VERSION=RC1 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-06-17 11:37:49 UTC (rev 300513) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-06-17 11:53:21 UTC (rev 300514) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 #define PHP_RELEASE_VERSION 14 -#define PHP_EXTRA_VERSION -dev -#define PHP_VERSION 5.2.14-dev +#define PHP_EXTRA_VERSION +#define PHP_VERSION 5.2.14RC1 #define PHP_VERSION_ID 50214 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS configure.in main/php_version.h
iliaaThu, 17 Jun 2010 11:55:17 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300516 Log: back to dev Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/configure.in U php/php-src/branches/PHP_5_2/main/php_version.h Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-17 11:54:39 UTC (rev 300515) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-17 11:55:17 UTC (rev 300516) @@ -1,5 +1,7 @@ PHPNEWS ||| +?? Jun 2010, PHP 5.2.14 + 17 Jun 2010, PHP 5.2.14RC1 - Upgraded bundled PCRE to version 8.02. (Ilia) Modified: php/php-src/branches/PHP_5_2/configure.in === --- php/php-src/branches/PHP_5_2/configure.in 2010-06-17 11:54:39 UTC (rev 300515) +++ php/php-src/branches/PHP_5_2/configure.in 2010-06-17 11:55:17 UTC (rev 300516) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 PHP_RELEASE_VERSION=14 -PHP_EXTRA_VERSION=RC1 +PHP_EXTRA_VERSION=RC2-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_2/main/php_version.h === --- php/php-src/branches/PHP_5_2/main/php_version.h 2010-06-17 11:54:39 UTC (rev 300515) +++ php/php-src/branches/PHP_5_2/main/php_version.h 2010-06-17 11:55:17 UTC (rev 300516) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 #define PHP_RELEASE_VERSION 14 -#define PHP_EXTRA_VERSION -#define PHP_VERSION 5.2.14RC1 +#define PHP_EXTRA_VERSION RC2-dev +#define PHP_VERSION 5.2.14RC2-dev #define PHP_VERSION_ID 50214 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_2/NEWS PHP_5_3/NEWS
felipe Wed, 16 Jun 2010 23:40:23 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300505 Log: - BFN Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-16 23:33:01 UTC (rev 300504) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-16 23:40:23 UTC (rev 300505) @@ -17,6 +17,9 @@ characters. Reported by Stefan Esser (Ilia) - Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia) +- Fixed a crash when calling an inexistent method of a class that inherits + PDOStatement if instantiated directly instead of doing by the PDO methods. + (Felipe) - Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function). (Dmitry) Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-06-16 23:33:01 UTC (rev 300504) +++ php/php-src/branches/PHP_5_3/NEWS 2010-06-16 23:40:23 UTC (rev 300505) @@ -37,6 +37,9 @@ Reported by Stefan Esser. (Andrey) - Fixed very rare memory leak in mysqlnd, when binding thousands of columns. (Andrey) +- Fixed a crash when calling an inexistent method of a class that inherits + PDOStatement if instantiated directly instead of doing by the PDO methods. + (Felipe) - Fixed memory leak on error in mcrypt_create_iv on Windows. (Pierre) - Fixed a possible crash because of recursive GC invocation. (Dmitry) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/Zend/tests/bug52041.phpt branches/PHP_5_2/Zend/zend_vm_def.h branches/PHP_5_2/Zend/zend_vm_execute.h branches/PHP_5_2/ext/soap/php_e
dmitry Tue, 15 Jun 2010 08:22:51 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300457 Log: Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function) Bug: http://bugs.php.net/52041 (Assigned) Memory leak when writing on uninitialized variable returned from function Changed paths: U php/php-src/branches/PHP_5_2/NEWS A php/php-src/branches/PHP_5_2/Zend/tests/bug52041.phpt U php/php-src/branches/PHP_5_2/Zend/zend_vm_def.h U php/php-src/branches/PHP_5_2/Zend/zend_vm_execute.h U php/php-src/branches/PHP_5_2/ext/soap/php_encoding.c A php/php-src/branches/PHP_5_3/Zend/tests/bug52041.phpt U php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h U php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h U php/php-src/branches/PHP_5_3/ext/soap/php_encoding.c A php/php-src/trunk/Zend/tests/bug52041.phpt U php/php-src/trunk/Zend/zend_vm_def.h U php/php-src/trunk/Zend/zend_vm_execute.h U php/php-src/trunk/ext/soap/php_encoding.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-15 08:19:26 UTC (rev 300456) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-15 08:22:51 UTC (rev 300457) @@ -18,6 +18,8 @@ - Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia) +- Fixed bug #52041 (Memory leak when writing on uninitialized variable returned + from function). (Dmitry) - Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick) - Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with constant array). (Felipe) Added: php/php-src/branches/PHP_5_2/Zend/tests/bug52041.phpt === --- php/php-src/branches/PHP_5_2/Zend/tests/bug52041.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/Zend/tests/bug52041.phpt 2010-06-15 08:22:51 UTC (rev 300457) @@ -0,0 +1,50 @@ +--TEST-- +Bug #52041 (Memory leak when writing on uninitialized variable returned from function) +--FILE-- +?php +function foo() { + return $x; +} + +foo()-a = 1; +foo()-a-b = 2; +foo()-a++; +foo()-a-b++; +foo()-a += 2; +foo()-a-b += 2; + +//foo()[0] = 1; +//foo()[0][0] = 2; +//foo()[0]++; +//foo()[0][0]++; +//foo()[0] += 2; +//foo()[0][0] += 2; +var_dump(foo()); +? +--EXPECTF-- +Notice: Undefined variable: x in %sbug52041.php on line 3 + +Strict Standards: Creating default object from empty value in %sbug52041.php on line 6 + +Notice: Undefined variable: x in %sbug52041.php on line 3 + +Strict Standards: Creating default object from empty value in %sbug52041.php on line 7 + +Notice: Undefined variable: x in %sbug52041.php on line 3 + +Strict Standards: Creating default object from empty value in %sbug52041.php on line 8 + +Notice: Undefined variable: x in %sbug52041.php on line 3 + +Strict Standards: Creating default object from empty value in %sbug52041.php on line 9 + +Notice: Undefined variable: x in %sbug52041.php on line 3 + +Strict Standards: Creating default object from empty value in %sbug52041.php on line 10 + +Notice: Undefined variable: x in %sbug52041.php on line 3 + +Strict Standards: Creating default object from empty value in %sbug52041.php on line 11 + +Notice: Undefined variable: x in %sbug52041.php on line 3 +NULL Modified: php/php-src/branches/PHP_5_2/Zend/zend_vm_def.h === --- php/php-src/branches/PHP_5_2/Zend/zend_vm_def.h 2010-06-15 08:19:26 UTC (rev 300456) +++ php/php-src/branches/PHP_5_2/Zend/zend_vm_def.h 2010-06-15 08:22:51 UTC (rev 300457) @@ -2192,6 +2192,12 @@ INIT_PZVAL_COPY(ret, retval_ptr); zval_copy_ctor(ret); *EG(return_value_ptr_ptr) = ret; + } else if ((OP1_TYPE == IS_CV || OP1_TYPE == IS_VAR) + retval_ptr == EG(uninitialized_zval)) { +zval *ret; + +ALLOC_INIT_ZVAL(ret); +*EG(return_value_ptr_ptr) = ret; } else { *EG(return_value_ptr_ptr) = retval_ptr; retval_ptr-refcount++; Modified: php/php-src/branches/PHP_5_2/Zend/zend_vm_execute.h === --- php/php-src/branches/PHP_5_2/Zend/zend_vm_execute.h 2010-06-15 08:19:26 UTC (rev 300456) +++ php/php-src/branches/PHP_5_2/Zend/zend_vm_execute.h 2010-06-15 08:22:51 UTC (rev 300457) @@ -1809,6 +1809,12 @@ INIT_PZVAL_COPY(ret, retval_ptr); zval_copy_ctor(ret); *EG(return_value_ptr_ptr) = ret; + } else if ((IS_CONST == IS_CV || IS_CONST == IS_VAR) + retval_ptr == EG(uninitialized_zval)) { +zval *ret; + +ALLOC_INIT_ZVAL(ret); +*EG(return_value_ptr_ptr) = ret; } else { *EG(return_value_ptr_ptr) = retval_ptr; retval_ptr-refcount++; @@ -4385,6 +4391,12 @@ INIT_PZVAL_COPY(ret, retval_ptr); zval_copy_ctor(ret);
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/sqlite/pdo_sqlite2.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/sqlite/pdo_sqlite2.c trunk/ext/sqlite/pdo_sqlite2.c
felipe Sat, 12 Jun 2010 22:04:48 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300413 Log: - Fixed bug #49320 (PDO returns null when SQLite connection fails) Bug: http://bugs.php.net/49320 (No Feedback) PDO returns null when SQLite connection fails Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/sqlite/pdo_sqlite2.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/sqlite/pdo_sqlite2.c U php/php-src/trunk/ext/sqlite/pdo_sqlite2.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-12 16:33:02 UTC (rev 300412) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-12 22:04:48 UTC (rev 300413) @@ -82,6 +82,7 @@ include file and line in trace). (Felipe) - Fixed bug #49723 (LimitIterator with empty SeekableIterator). (Etienne) - Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus) +- Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe) - Fixed bug #49267 (Linking fails for iconv). (Moriyosh) - Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob) - Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken). Modified: php/php-src/branches/PHP_5_2/ext/sqlite/pdo_sqlite2.c === --- php/php-src/branches/PHP_5_2/ext/sqlite/pdo_sqlite2.c 2010-06-12 16:33:02 UTC (rev 300412) +++ php/php-src/branches/PHP_5_2/ext/sqlite/pdo_sqlite2.c 2010-06-12 22:04:48 UTC (rev 300413) @@ -594,6 +594,7 @@ efree(filename); if (!H-db) { + H-einfo.errcode = SQLITE_ERROR; pdo_sqlite2_error(errmsg, dbh); goto cleanup; } Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-06-12 16:33:02 UTC (rev 300412) +++ php/php-src/branches/PHP_5_3/NEWS 2010-06-12 22:04:48 UTC (rev 300413) @@ -201,6 +201,7 @@ - Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus) - Fixed bug #49490 (XPath namespace prefix conflict). (Rob) - Fixed bug #49429 (odbc_autocommit doesn't work). (Felipe) +- Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe) - Fixed bug #49234 (mysqli_ssl_set not found). (Andrey) - Fixed bug #49192 (PHP crashes when GC invoked on COM object). (Stas) - Fixed bug #49081 (DateTime::diff() mistake if start in January and interval Modified: php/php-src/branches/PHP_5_3/ext/sqlite/pdo_sqlite2.c === --- php/php-src/branches/PHP_5_3/ext/sqlite/pdo_sqlite2.c 2010-06-12 16:33:02 UTC (rev 300412) +++ php/php-src/branches/PHP_5_3/ext/sqlite/pdo_sqlite2.c 2010-06-12 22:04:48 UTC (rev 300413) @@ -594,6 +594,7 @@ efree(filename); if (!H-db) { + H-einfo.errcode = SQLITE_ERROR; pdo_sqlite2_error(errmsg, dbh); goto cleanup; } Modified: php/php-src/trunk/ext/sqlite/pdo_sqlite2.c === --- php/php-src/trunk/ext/sqlite/pdo_sqlite2.c 2010-06-12 16:33:02 UTC (rev 300412) +++ php/php-src/trunk/ext/sqlite/pdo_sqlite2.c 2010-06-12 22:04:48 UTC (rev 300413) @@ -589,6 +589,7 @@ efree(filename); if (!H-db) { + H-einfo.errcode = SQLITE_ERROR; pdo_sqlite2_error(errmsg, dbh); goto cleanup; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
felipe Sat, 12 Jun 2010 22:09:13 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300414 Log: - Fix entry Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-12 22:04:48 UTC (rev 300413) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-12 22:09:13 UTC (rev 300414) @@ -20,9 +20,9 @@ - Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick) - Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with + constant array). (Felipe) - Fixed bug #51905 (ReflectionParameter fails if default value is an array with an access to self::). (Felipe) - constant array). (Felipe) - Fixed bug #51822i (Segfault with strange __destruct() for static class variables). (Dmitry) - Fixed bug #51671 (imagefill does not work correctly for small images). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/Zend/tests/bug51822.phpt branches/PHP_5_2/Zend/zend_opcode.c branches/PHP_5_3/Zend/tests/bug51822.phpt branches/PHP_5_3/Zend/zend_op
dmitry Thu, 10 Jun 2010 11:45:51 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300350 Log: Fixed bug #51822i (Segfault with strange __destruct() for static class variables) Bug: http://bugs.php.net/51822 (Assigned) Segfault with strange __destruct() for static class variables Changed paths: U php/php-src/branches/PHP_5_2/NEWS A php/php-src/branches/PHP_5_2/Zend/tests/bug51822.phpt U php/php-src/branches/PHP_5_2/Zend/zend_opcode.c A php/php-src/branches/PHP_5_3/Zend/tests/bug51822.phpt U php/php-src/branches/PHP_5_3/Zend/zend_opcode.c A php/php-src/trunk/Zend/tests/bug51822.phpt U php/php-src/trunk/Zend/zend_opcode.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-10 11:31:47 UTC (rev 300349) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-10 11:45:51 UTC (rev 300350) @@ -22,6 +22,8 @@ - Fixed bug #51905 (ReflectionParameter fails if default value is an array with an access to self::). (Felipe) constant array). (Felipe) +- Fixed bug #51822i (Segfault with strange __destruct() for static class + variables). (Dmitry) - Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre) - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query Added: php/php-src/branches/PHP_5_2/Zend/tests/bug51822.phpt === --- php/php-src/branches/PHP_5_2/Zend/tests/bug51822.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/Zend/tests/bug51822.phpt 2010-06-10 11:45:51 UTC (rev 300350) @@ -0,0 +1,40 @@ +--TEST-- +Bug #51822 (Segfault with strange __destruct() for static class variables) +--FILE-- +?php +class DestructableObject +{ + public function __destruct() + { + echo 2\n; + } +} + +class DestructorCreator +{ + public function __destruct() + { + $this-test = new DestructableObject; + echo 1\n; + } +} + +class Test +{ + public static $mystatic; +} + +// Uncomment this to avoid segfault +//Test::$mystatic = new DestructorCreator(); + +$x = new Test(); + +if (!isset(Test::$mystatic)) + Test::$mystatic = new DestructorCreator(); + +echo bla\n; +? +--EXPECT-- +bla +1 +2 Modified: php/php-src/branches/PHP_5_2/Zend/zend_opcode.c === --- php/php-src/branches/PHP_5_2/Zend/zend_opcode.c 2010-06-10 11:31:47 UTC (rev 300349) +++ php/php-src/branches/PHP_5_2/Zend/zend_opcode.c 2010-06-10 11:45:51 UTC (rev 300350) @@ -157,7 +157,10 @@ /* Note that only run-time accessed data need to be cleaned up, pre-defined data can not contain objects and thus are not probelmatic */ zend_hash_apply((*pce)-function_table, (apply_func_t) zend_cleanup_function_data_full TSRMLS_CC); - (*pce)-static_members = NULL; + if ((*pce)-static_members) { + zend_hash_clean((*pce)-static_members); + (*pce)-static_members = NULL; + } } else if (CE_STATIC_MEMBERS(*pce)) { zend_hash_destroy(CE_STATIC_MEMBERS(*pce)); FREE_HASHTABLE(CE_STATIC_MEMBERS(*pce)); Added: php/php-src/branches/PHP_5_3/Zend/tests/bug51822.phpt === --- php/php-src/branches/PHP_5_3/Zend/tests/bug51822.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/Zend/tests/bug51822.phpt 2010-06-10 11:45:51 UTC (rev 300350) @@ -0,0 +1,40 @@ +--TEST-- +Bug #51822 (Segfault with strange __destruct() for static class variables) +--FILE-- +?php +class DestructableObject +{ + public function __destruct() + { + echo 2\n; + } +} + +class DestructorCreator +{ + public function __destruct() + { + $this-test = new DestructableObject; + echo 1\n; + } +} + +class Test +{ + public static $mystatic; +} + +// Uncomment this to avoid segfault +//Test::$mystatic = new DestructorCreator(); + +$x = new Test(); + +if (!isset(Test::$mystatic)) + Test::$mystatic = new DestructorCreator(); + +echo bla\n; +? +--EXPECT-- +bla +1 +2 Modified: php/php-src/branches/PHP_5_3/Zend/zend_opcode.c === --- php/php-src/branches/PHP_5_3/Zend/zend_opcode.c 2010-06-10 11:31:47 UTC (rev 300349) +++ php/php-src/branches/PHP_5_3/Zend/zend_opcode.c 2010-06-10 11:45:51 UTC (rev 300350) @@ -159,7 +159,10 @@ /* Note that only run-time accessed data need to be cleaned up, pre-defined data can not contain objects and thus are not probelmatic */
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/soap/soap.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/soap/soap.c trunk/ext/soap/soap.c
iliaaWed, 09 Jun 2010 15:48:22 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300317 Log: Fixed bug #51273 (Faultstring property does not exist when the faultstring is empty) # Patch by dennis at transip dot nl Bug: http://bugs.php.net/51273 (Open) Faultstring property does not exist when the faultstring is empty Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/soap/soap.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/soap/soap.c U php/php-src/trunk/ext/soap/soap.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-09 15:39:03 UTC (rev 300316) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-09 15:48:22 UTC (rev 300317) @@ -48,6 +48,8 @@ - Fixed bug #51374 (Wrongly initialized object properties). (Etienne) - Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is on). (Ilia, j dot jeising at gmail dot com) +- Fixed bug #51273 (Faultstring property does not exist when the faultstring is + empty) (Ilia, dennis at transip dot nl) - Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam) - Fixed bug #51263 (imagettftext and rotated text uses wrong baseline) (cschneid at cschneid dot com, Takeshi Abe) Modified: php/php-src/branches/PHP_5_2/ext/soap/soap.c === --- php/php-src/branches/PHP_5_2/ext/soap/soap.c2010-06-09 15:39:03 UTC (rev 300316) +++ php/php-src/branches/PHP_5_2/ext/soap/soap.c2010-06-09 15:48:22 UTC (rev 300317) @@ -3240,12 +3240,12 @@ if (Z_TYPE_P(obj) != IS_OBJECT) { object_init_ex(obj, soap_fault_class_entry); } - if (fault_string != NULL) { - add_property_string(obj, faultstring, fault_string, 1); + + add_property_string(obj, faultstring, fault_string ? fault_string : , 1); #ifdef ZEND_ENGINE_2 - zend_update_property_string(zend_exception_get_default(TSRMLS_C), obj, message, sizeof(message)-1, fault_string TSRMLS_CC); + zend_update_property_string(zend_exception_get_default(TSRMLS_C), obj, message, sizeof(message)-1, (fault_string ? fault_string : ) TSRMLS_CC); #endif - } + if (fault_code != NULL) { int soap_version = SOAP_GLOBAL(soap_version); Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-06-09 15:39:03 UTC (rev 300316) +++ php/php-src/branches/PHP_5_3/NEWS 2010-06-09 15:48:22 UTC (rev 300317) @@ -134,6 +134,8 @@ (Oracle Corp.) - Fixed bug #51276 (php_load_extension() is missing when HAVE_LIBDL is undefined). (Tony) +- Fixed bug #51273 (Faultstring property does not exist when the faultstring is + empty) (Ilia, dennis at transip dot nl) - Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam) - Fixed bug #51257 (CURL_VERSION_LARGEFILE incorrectly used after libcurl version 7.10.1). (aron dot ujvari at microsec dot hu) Modified: php/php-src/branches/PHP_5_3/ext/soap/soap.c === --- php/php-src/branches/PHP_5_3/ext/soap/soap.c2010-06-09 15:39:03 UTC (rev 300316) +++ php/php-src/branches/PHP_5_3/ext/soap/soap.c2010-06-09 15:48:22 UTC (rev 300317) @@ -3422,12 +3422,12 @@ if (Z_TYPE_P(obj) != IS_OBJECT) { object_init_ex(obj, soap_fault_class_entry); } - if (fault_string != NULL) { - add_property_string(obj, faultstring, fault_string, 1); + + add_property_string(obj, faultstring, fault_string ? fault_string : , 1); #ifdef ZEND_ENGINE_2 - zend_update_property_string(zend_exception_get_default(TSRMLS_C), obj, message, sizeof(message)-1, fault_string TSRMLS_CC); + zend_update_property_string(zend_exception_get_default(TSRMLS_C), obj, message, sizeof(message)-1, (fault_string ? fault_string : ) TSRMLS_CC); #endif - } + if (fault_code != NULL) { int soap_version = SOAP_GLOBAL(soap_version); Modified: php/php-src/trunk/ext/soap/soap.c === --- php/php-src/trunk/ext/soap/soap.c 2010-06-09 15:39:03 UTC (rev 300316) +++ php/php-src/trunk/ext/soap/soap.c 2010-06-09 15:48:22 UTC (rev 300317) @@ -3372,12 +3372,12 @@ if (Z_TYPE_P(obj) != IS_OBJECT) { object_init_ex(obj, soap_fault_class_entry); } - if (fault_string != NULL) { - add_property_string(obj, faultstring, fault_string, 1); + + add_property_string(obj, faultstring, fault_string ? fault_string : , 1); #ifdef ZEND_ENGINE_2 -
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/date/php_date.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/date/php_date.c trunk/ext/date/php_date.c
srinatar Tue, 08 Jun 2010 21:23:48 + Revision: http://svn.php.net/viewvc?view=revisionrevision=300294 Log: - Fixed Bug #51168 (fails to compile with Sun Studio) # C99 standard supports inline keyword and supported by # by major compilers like GCC, HP C, IBM C and Sun C Bug: http://bugs.php.net/51168 (Bogus) Userland Cyclic Reference with Nested DateTime are not garbage collected Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/date/php_date.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/date/php_date.c U php/php-src/trunk/ext/date/php_date.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-06-08 21:03:34 UTC (rev 300293) +++ php/php-src/branches/PHP_5_2/NEWS 2010-06-08 21:23:48 UTC (rev 300294) @@ -58,6 +58,8 @@ includes '-'). (Adam, solar at azrael dot ws). - Fixed bug #51190 (ftp_put() returns false when transfer was successful). (Ilia) +- Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio). + (Sriram Natarajan) - Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia) - Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre) Modified: php/php-src/branches/PHP_5_2/ext/date/php_date.c === --- php/php-src/branches/PHP_5_2/ext/date/php_date.c2010-06-08 21:03:34 UTC (rev 300293) +++ php/php-src/branches/PHP_5_2/ext/date/php_date.c2010-06-08 21:23:48 UTC (rev 300294) @@ -35,7 +35,7 @@ #elif defined(__GNUC__) __GNUC__ 3 static __inline __int64_t php_date_llabs( __int64_t i ) { return i = 0 ? i : -i; } #else -static __inline long long php_date_llabs( long long i ) { return i = 0 ? i : -i; } +static inline long long php_date_llabs( long long i ) { return i = 0 ? i : -i; } #endif /* {{{ arginfo */ Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-06-08 21:03:34 UTC (rev 300293) +++ php/php-src/branches/PHP_5_3/NEWS 2010-06-08 21:23:48 UTC (rev 300294) @@ -144,6 +144,8 @@ alexr at oplot dot com) - Fixed bug #51190 (ftp_put() returns false when transfer was successful). (Ilia) +- Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio). + (Sriram Natarajan) - Fixed bug #51176 (Static calling in non-static method behaves like $this-). (Felipe) - Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when Modified: php/php-src/branches/PHP_5_3/ext/date/php_date.c === --- php/php-src/branches/PHP_5_3/ext/date/php_date.c2010-06-08 21:03:34 UTC (rev 300293) +++ php/php-src/branches/PHP_5_3/ext/date/php_date.c2010-06-08 21:23:48 UTC (rev 300294) @@ -36,7 +36,7 @@ #elif defined(__GNUC__) __GNUC__ 3 static __inline __int64_t php_date_llabs( __int64_t i ) { return i = 0 ? i : -i; } #else -static __inline long long php_date_llabs( long long i ) { return i = 0 ? i : -i; } +static inline long long php_date_llabs( long long i ) { return i = 0 ? i : -i; } #endif /* {{{ arginfo */ Modified: php/php-src/trunk/ext/date/php_date.c === --- php/php-src/trunk/ext/date/php_date.c 2010-06-08 21:03:34 UTC (rev 300293) +++ php/php-src/trunk/ext/date/php_date.c 2010-06-08 21:23:48 UTC (rev 300294) @@ -36,7 +36,7 @@ #elif defined(__GNUC__) __GNUC__ 3 static __inline __int64_t php_date_llabs( __int64_t i ) { return i = 0 ? i : -i; } #else -static __inline long long php_date_llabs( long long i ) { return i = 0 ? i : -i; } +static inline long long php_date_llabs( long long i ) { return i = 0 ? i : -i; } #endif /* {{{ arginfo */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/soap/soap.c branches/PHP_5_2/ext/soap/tests/bugs/bug50762.phpt branches/PHP_5_2/ext/soap/tests/bugs/bug50762.wsdl branches/PHP_5
dmitry Fri, 28 May 2010 10:52:16 + Revision: http://svn.php.net/viewvc?view=revisionrevision=299901 Log: Fixed bug #50762 (in WSDL mode Soap Header handler function only being called if defined in WSDL). (mephius at gmail dot com) Bug: http://bugs.php.net/50762 (Assigned) in WSDL mode Soap Header handler function only being called if defined in WSDL Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/soap/soap.c A php/php-src/branches/PHP_5_2/ext/soap/tests/bugs/bug50762.phpt A php/php-src/branches/PHP_5_2/ext/soap/tests/bugs/bug50762.wsdl U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/soap/soap.c A php/php-src/branches/PHP_5_3/ext/soap/tests/bugs/bug50762.phpt A php/php-src/branches/PHP_5_3/ext/soap/tests/bugs/bug50762.wsdl U php/php-src/trunk/ext/soap/soap.c A php/php-src/trunk/ext/soap/tests/bugs/bug50762.phpt A php/php-src/trunk/ext/soap/tests/bugs/bug50762.wsdl Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-05-28 09:27:03 UTC (rev 299900) +++ php/php-src/branches/PHP_5_2/NEWS 2010-05-28 10:52:16 UTC (rev 299901) @@ -65,6 +65,8 @@ - Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris Jones) - Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4). (Raphael Geissert) +- Fixed bug #50762 (in WSDL mode Soap Header handler function only being called + if defined in WSDL). (mephius at gmail dot com) - Fixed bug #50698 (SoapClient should handle wsdls with some incompatiable endpoints). (Justin Dearing) - Fixed bug #50383 (Exceptions thrown in __call() / __callStatic() do not Modified: php/php-src/branches/PHP_5_2/ext/soap/soap.c === --- php/php-src/branches/PHP_5_2/ext/soap/soap.c 2010-05-28 09:27:03 UTC (rev 299900) +++ php/php-src/branches/PHP_5_2/ext/soap/soap.c 2010-05-28 10:52:16 UTC (rev 299901) @@ -1706,6 +1706,7 @@ soapHeader *h = header; header = header-next; +#if 0 if (service-sdl !h-function !h-hdr) { if (h-mustUnderstand) { soap_server_fault(MustUnderstand,Header not understood, NULL, NULL, NULL TSRMLS_CC); @@ -1713,7 +1714,7 @@ continue; } } - +#endif fn_name = estrndup(Z_STRVAL(h-function_name),Z_STRLEN(h-function_name)); if (zend_hash_exists(function_table, php_strtolower(fn_name, Z_STRLEN(h-function_name)), Z_STRLEN(h-function_name) + 1) || ((service-type == SOAP_CLASS || service-type == SOAP_OBJECT) Added: php/php-src/branches/PHP_5_2/ext/soap/tests/bugs/bug50762.phpt === --- php/php-src/branches/PHP_5_2/ext/soap/tests/bugs/bug50762.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/ext/soap/tests/bugs/bug50762.phpt 2010-05-28 10:52:16 UTC (rev 299901) @@ -0,0 +1,45 @@ +--TEST-- +Bug #50762 (in WSDL mode Soap Header handler function only being called if defined in WSDL) +--FILE-- +?php +class testSoap { + private $auth; + public function authToken($token){ + $this-auth=true; + } + public function testHeader($param){ + return 'header handler ' . ($this-auth ? 'called' : 'not called'); + } +} + +class LocalSoapClient extends SoapClient { + + function __construct($wsdl, $options) { +parent::__construct($wsdl, $options); +$this-server = new SoapServer($wsdl, $options); + $this-server-setObject(new testSoap()); + } + + function __doRequest($request, $location, $action, $version, $one_way = 0) { +ob_start(); +$this-server-handle($request); +$response = ob_get_contents(); +ob_end_clean(); +return $response; + } + +} + +$cl = new LocalSoapClient(dirname(__FILE__).'/bug50762.wsdl', array('cache_wsdl'=WSDL_CACHE_NONE, 'trace'=true)); + +class authToken{ + public function __construct($token){ + $this-authToken=$token; + } +} + +$cl-__setSoapHeaders(array(new SoapHeader('http://sova.pronto.ru/', 'authToken', new authToken('tokendata'; +echo $cl-testHeader('param') . PHP_EOL; +? +--EXPECT-- +header handler called Added: php/php-src/branches/PHP_5_2/ext/soap/tests/bugs/bug50762.wsdl === --- php/php-src/branches/PHP_5_2/ext/soap/tests/bugs/bug50762.wsdl (rev 0) +++ php/php-src/branches/PHP_5_2/ext/soap/tests/bugs/bug50762.wsdl 2010-05-28 10:52:16 UTC (rev 299901) @@ -0,0 +1,36 @@ +?xml version=1.0 encoding=UTF-8 standalone=no? +wsdl:definitions xmlns:soap=http://schemas.xmlsoap.org/wsdl/soap/; xmlns:tns=http://sova.pronto.ru/; xmlns:xsd1=http://sova.pronto.ru/schema; xmlns:wsdl=http://schemas.xmlsoap.org/wsdl/; xmlns:xsd=http://www.w3.org/2001/XMLSchema; name=sova targetNamespace=http://sova.pronto.ru/; + wsdl:message name=authToken + wsdl:part
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/reflection/php_reflection.c branches/PHP_5_2/ext/reflection/tests/bug51911.phpt branches/PHP_5_3/NEWS branches/PHP_5_3/ext/refle
felipe Tue, 25 May 2010 22:46:17 + Revision: http://svn.php.net/viewvc?view=revisionrevision=299763 Log: - Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with constant array) Bug: http://bugs.php.net/51911 (Closed) ReflectionParameter::getDefaultValue() memory leaks with constant array Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/reflection/php_reflection.c A php/php-src/branches/PHP_5_2/ext/reflection/tests/bug51911.phpt U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c A php/php-src/branches/PHP_5_3/ext/reflection/tests/bug51911.phpt U php/php-src/trunk/ext/reflection/php_reflection.c A php/php-src/trunk/ext/reflection/tests/bug51911.phpt Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-05-25 22:42:25 UTC (rev 299762) +++ php/php-src/branches/PHP_5_2/NEWS 2010-05-25 22:46:17 UTC (rev 299763) @@ -18,6 +18,8 @@ - Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia) +- Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with + constant array). (Felipe) - Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre) - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query Modified: php/php-src/branches/PHP_5_2/ext/reflection/php_reflection.c === --- php/php-src/branches/PHP_5_2/ext/reflection/php_reflection.c 2010-05-25 22:42:25 UTC (rev 299762) +++ php/php-src/branches/PHP_5_2/ext/reflection/php_reflection.c 2010-05-25 22:46:17 UTC (rev 299763) @@ -2170,7 +2170,7 @@ *return_value = precv-op2.u.constant; INIT_PZVAL(return_value); - if (Z_TYPE_P(return_value) != IS_CONSTANT) { + if (Z_TYPE_P(return_value) != IS_CONSTANT Z_TYPE_P(return_value) != IS_CONSTANT_ARRAY) { zval_copy_ctor(return_value); } zval_update_constant_ex(return_value, (void*)0, param-fptr-common.scope TSRMLS_CC); Added: php/php-src/branches/PHP_5_2/ext/reflection/tests/bug51911.phpt === --- php/php-src/branches/PHP_5_2/ext/reflection/tests/bug51911.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/ext/reflection/tests/bug51911.phpt 2010-05-25 22:46:17 UTC (rev 299763) @@ -0,0 +1,22 @@ +--TEST-- +Bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with constant array) +--FILE-- +?php + +class Foo { + const X = 1; + public function x($x = array(1)) {} +} + +$clazz = new ReflectionClass('Foo'); +$method = $clazz-getMethod('x'); +foreach ($method-getParameters() as $param) { +if ( $param-isDefaultValueAvailable()) +echo '$', $param-getName(), ' : ', var_export($param-getDefaultValue(), 1), \n; +} + +? +--EXPECT-- +$x : array ( + 0 = 1, +) Property changes on: php/php-src/branches/PHP_5_2/ext/reflection/tests/bug51911.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-05-25 22:42:25 UTC (rev 299762) +++ php/php-src/branches/PHP_5_3/NEWS 2010-05-25 22:46:17 UTC (rev 299763) @@ -62,6 +62,8 @@ requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas) +- Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with + constant array). (Felipe) - Fixed bug #51844 (checkdnsrr does not support types other than MX). (Pierre) - Fixed bug #51827 (Bad warning when register_shutdown_function called with wrong num of parameters). (Felipe) Modified: php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c === --- php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c 2010-05-25 22:42:25 UTC (rev 299762) +++ php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c 2010-05-25 22:46:17 UTC (rev 299763) @@ -2408,7 +2408,7 @@ *return_value = precv-op2.u.constant; INIT_PZVAL(return_value); - if (Z_TYPE_P(return_value) != IS_CONSTANT) { + if (Z_TYPE_P(return_value) != IS_CONSTANT Z_TYPE_P(return_value) != IS_CONSTANT_ARRAY) { zval_copy_ctor(return_value); } zval_update_constant_ex(return_value, (void*)0, param-fptr-common.scope TSRMLS_CC); Added: php/php-src/branches/PHP_5_3/ext/reflection/tests/bug51911.phpt
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/Zend/zend_execute.h branches/PHP_5_2/Zend/zend_execute_API.c branches/PHP_5_2/ext/reflection/tests/bug51905.phpt branches/PHP_5_3/NE
felipe Wed, 26 May 2010 00:00:58 + Revision: http://svn.php.net/viewvc?view=revisionrevision=299766 Log: - Fixed bug #51905 (ReflectionParameter fails if default value is an array with an access to self::) Bug: http://bugs.php.net/51905 (Open) ReflectionParameter fails if default value is an array with an access to self:: Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/Zend/zend_execute.h U php/php-src/branches/PHP_5_2/Zend/zend_execute_API.c A php/php-src/branches/PHP_5_2/ext/reflection/tests/bug51905.phpt U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/Zend/zend_execute.h U php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c A php/php-src/branches/PHP_5_3/ext/reflection/tests/bug51905.phpt U php/php-src/trunk/Zend/zend_execute.h U php/php-src/trunk/Zend/zend_execute_API.c A php/php-src/trunk/ext/reflection/tests/bug51905.phpt Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-05-25 23:18:13 UTC (rev 299765) +++ php/php-src/branches/PHP_5_2/NEWS 2010-05-26 00:00:58 UTC (rev 299766) @@ -19,6 +19,8 @@ by Mateusz Kocielski. (Ilia) - Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with +- Fixed bug #51905 (ReflectionParameter fails if default value is an array + with an access to self::). (Felipe) constant array). (Felipe) - Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre) Modified: php/php-src/branches/PHP_5_2/Zend/zend_execute.h === --- php/php-src/branches/PHP_5_2/Zend/zend_execute.h 2010-05-25 23:18:13 UTC (rev 299765) +++ php/php-src/branches/PHP_5_2/Zend/zend_execute.h 2010-05-26 00:00:58 UTC (rev 299766) @@ -140,6 +140,8 @@ } ZEND_API int zval_update_constant(zval **pp, void *arg TSRMLS_DC); +ZEND_API int zval_update_constant_inline_change(zval **pp, void *arg TSRMLS_DC); +ZEND_API int zval_update_constant_no_inline_change(zval **pp, void *arg TSRMLS_DC); ZEND_API int zval_update_constant_ex(zval **pp, void *arg, zend_class_entry *scope TSRMLS_DC); /* dedicated Zend executor functions - do not use! */ Modified: php/php-src/branches/PHP_5_2/Zend/zend_execute_API.c === --- php/php-src/branches/PHP_5_2/Zend/zend_execute_API.c 2010-05-25 23:18:13 UTC (rev 299765) +++ php/php-src/branches/PHP_5_2/Zend/zend_execute_API.c 2010-05-26 00:00:58 UTC (rev 299766) @@ -584,12 +584,22 @@ zend_hash_move_forward(Z_ARRVAL_P(p)); zval_dtor(const_value); } - zend_hash_apply_with_argument(Z_ARRVAL_P(p), (apply_func_arg_t) zval_update_constant, (void *) 1 TSRMLS_CC); + zend_hash_apply_with_argument(Z_ARRVAL_P(p), (apply_func_arg_t) zval_update_constant_inline_change, (void *) scope TSRMLS_CC); zend_hash_internal_pointer_reset(Z_ARRVAL_P(p)); } return 0; } +ZEND_API int zval_update_constant_inline_change(zval **pp, void *scope TSRMLS_DC) +{ + return zval_update_constant_ex(pp, (void*)1, scope TSRMLS_CC); +} + +ZEND_API int zval_update_constant_no_inline_change(zval **pp, void *scope TSRMLS_DC) +{ + return zval_update_constant_ex(pp, (void*)0, scope TSRMLS_CC); +} + ZEND_API int zval_update_constant(zval **pp, void *arg TSRMLS_DC) { return zval_update_constant_ex(pp, arg, NULL TSRMLS_CC); Added: php/php-src/branches/PHP_5_2/ext/reflection/tests/bug51905.phpt === --- php/php-src/branches/PHP_5_2/ext/reflection/tests/bug51905.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/ext/reflection/tests/bug51905.phpt 2010-05-26 00:00:58 UTC (rev 299766) @@ -0,0 +1,28 @@ +--TEST-- +Bug #51905 (ReflectionParameter fails if default value is an array with an access to self::) +--FILE-- +?php + +class Bar { + const Y = 20; +} + +class Foo extends Bar { + const X = 12; + public function x($x = 1, $y = array(self::X), $z = parent::Y) {} +} + +$clazz = new ReflectionClass('Foo'); +$method = $clazz-getMethod('x'); +foreach ($method-getParameters() as $param) { +if ( $param-isDefaultValueAvailable()) +echo '$', $param-getName(), ' : ', var_export($param-getDefaultValue(), 1), \n; +} + +? +--EXPECT-- +$x : 1 +$y : array ( + 0 = 12, +) +$z : 20 Property changes on: php/php-src/branches/PHP_5_2/ext/reflection/tests/bug51905.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-05-25 23:18:13 UTC (rev 299765) +++ php/php-src/branches/PHP_5_3/NEWS 2010-05-26 00:00:58 UTC (rev 299766) @@ -64,6 +64,8 @@ - Fixed
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/sapi/apache2handler/sapi_apache2.c branches/PHP_5_3/NEWS branches/PHP_5_3/sapi/apache2handler/sapi_apache2.c trunk/sapi/apache
On Mon, May 3, 2010 at 19:47, Pierre Joye paj...@php.net wrote: pajoye Mon, 03 May 2010 17:47:58 + Revision: http://svn.php.net/viewvc?view=revisionrevision=298919 Log: - #51273, Content-length header is limited to 32bit integer with apache2/windows Bug: http://bugs.php.net/51273 (Open) Faultstring property does not exist when the faultstring is empty Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/sapi/apache2handler/sapi_apache2.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/sapi/apache2handler/sapi_apache2.c U php/php-src/trunk/sapi/apache2handler/sapi_apache2.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-05-03 17:10:04 UTC (rev 298918) +++ php/php-src/branches/PHP_5_2/NEWS 2010-05-03 17:47:58 UTC (rev 298919) @@ -18,6 +18,8 @@ - Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia) +- Fixed bug #51723 (Content-length header is limited to 32bit integer with + Apache2 on Windows). (Pierre) - Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre) - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query Modified: php/php-src/branches/PHP_5_2/sapi/apache2handler/sapi_apache2.c === --- php/php-src/branches/PHP_5_2/sapi/apache2handler/sapi_apache2.c 2010-05-03 17:10:04 UTC (rev 298918) +++ php/php-src/branches/PHP_5_2/sapi/apache2handler/sapi_apache2.c 2010-05-03 17:47:58 UTC (rev 298919) @@ -110,7 +110,15 @@ } ctx-content_type = estrdup(val); } else if (!strcasecmp(sapi_header-header, content-length)) { - ap_set_content_length(ctx-r, strtol(val, (char **)NULL, 10)); +#ifdef PHP_WINDOWS +# ifdef APR_HAS_LARGE_FILES + ap_set_content_length(ctx-r, (apr_off_t) _strtoui64(val, (char **)NULL, 10)); +# else + ap_set_content_length(ctx-r, (apr_off_t) strtol(val, (char **)NULL, 10)); +# endif +#else + ap_set_content_length(ctx-r, (apr_off_t) strtol(val, (char **)NULL, 10)); +#endif You probably need to do the same thing with apache2filter, it shares that code snippet. -Hannes -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/simplexml/simplexml.c branches/PHP_5_2/ext/simplexml/tests/bug48601.phpt branches/PHP_5_3/NEWS branches/PHP_5_3/ext/simplexml/si
rrichardsWed, 05 May 2010 11:40:11 + Revision: http://svn.php.net/viewvc?view=revisionrevision=299016 Log: fix bug #48601 (xpath() returns FALSE for legitimate query) add test Bug: http://bugs.php.net/48601 (Open) xpath() returns FALSE for legitimate query Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/simplexml/simplexml.c A php/php-src/branches/PHP_5_2/ext/simplexml/tests/bug48601.phpt U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/simplexml/simplexml.c A php/php-src/branches/PHP_5_3/ext/simplexml/tests/bug48601.phpt U php/php-src/trunk/ext/simplexml/simplexml.c A php/php-src/trunk/ext/simplexml/tests/bug48601.phpt Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-05-05 10:54:53 UTC (rev 299015) +++ php/php-src/branches/PHP_5_2/NEWS 2010-05-05 11:40:11 UTC (rev 299016) @@ -68,6 +68,7 @@ - Fixed bug #49723 (LimitIterator with empty SeekableIterator). (Etienne) - Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus) - Fixed bug #49267 (Linking fails for iconv). (Moriyosh) +- Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob) - Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken). (Adam, patch from hiroaki dot kawai at gmail dot com). - Fixed bug #43314 (iconv_mime_encode(), broken Q scheme). (Rasmus) Modified: php/php-src/branches/PHP_5_2/ext/simplexml/simplexml.c === --- php/php-src/branches/PHP_5_2/ext/simplexml/simplexml.c 2010-05-05 10:54:53 UTC (rev 299015) +++ php/php-src/branches/PHP_5_2/ext/simplexml/simplexml.c 2010-05-05 11:40:11 UTC (rev 299016) @@ -1219,31 +1219,29 @@ } result = retval-nodesetval; - if (!result) { - xmlXPathFreeObject(retval); - RETURN_FALSE; - } array_init(return_value); - for (i = 0; i result-nodeNr; ++i) { - nodeptr = result-nodeTab[i]; - if (nodeptr-type == XML_TEXT_NODE || nodeptr-type == XML_ELEMENT_NODE || nodeptr-type == XML_ATTRIBUTE_NODE) { - MAKE_STD_ZVAL(value); - /** - * Detect the case where the last selector is text(), simplexml - * always accesses the text() child by default, therefore we assign - * to the parent node. - */ - if (nodeptr-type == XML_TEXT_NODE) { -_node_as_zval(sxe, nodeptr-parent, value, SXE_ITER_NONE, NULL, NULL, 0 TSRMLS_CC); - } else if (nodeptr-type == XML_ATTRIBUTE_NODE) { -_node_as_zval(sxe, nodeptr-parent, value, SXE_ITER_ATTRLIST, (char*)nodeptr-name, nodeptr-ns ? (xmlChar *)nodeptr-ns-href : NULL, 0 TSRMLS_CC); - } else { -_node_as_zval(sxe, nodeptr, value, SXE_ITER_NONE, NULL, NULL, 0 TSRMLS_CC); - } + if (result != NULL) { + for (i = 0; i result-nodeNr; ++i) { + nodeptr = result-nodeTab[i]; + if (nodeptr-type == XML_TEXT_NODE || nodeptr-type == XML_ELEMENT_NODE || nodeptr-type == XML_ATTRIBUTE_NODE) { +MAKE_STD_ZVAL(value); +/** + * Detect the case where the last selector is text(), simplexml + * always accesses the text() child by default, therefore we assign + * to the parent node. + */ +if (nodeptr-type == XML_TEXT_NODE) { + _node_as_zval(sxe, nodeptr-parent, value, SXE_ITER_NONE, NULL, NULL, 0 TSRMLS_CC); +} else if (nodeptr-type == XML_ATTRIBUTE_NODE) { + _node_as_zval(sxe, nodeptr-parent, value, SXE_ITER_ATTRLIST, (char*)nodeptr-name, nodeptr-ns ? (xmlChar *)nodeptr-ns-href : NULL, 0 TSRMLS_CC); +} else { + _node_as_zval(sxe, nodeptr, value, SXE_ITER_NONE, NULL, NULL, 0 TSRMLS_CC); +} - add_next_index_zval(return_value, value); +add_next_index_zval(return_value, value); + } } } Added: php/php-src/branches/PHP_5_2/ext/simplexml/tests/bug48601.phpt === --- php/php-src/branches/PHP_5_2/ext/simplexml/tests/bug48601.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/ext/simplexml/tests/bug48601.phpt 2010-05-05 11:40:11 UTC (rev 299016) @@ -0,0 +1,20 @@ +--TEST-- +Bug #48601 (xpath() returns FALSE for legitimate query) +--SKIPIF-- +?php if (!extension_loaded(simplexml)) print skip; ? +--FILE-- +?php + +$sxe = simplexml_load_string('rootnode11/node1/root'); + +$nodes = $sxe-xpath(/root/node2/@test); + +if (! is_array($nodes)) { +echo An error occured\n; +} else { + echo Result Count: . count($nodes) . \n; +} + +? +--EXPECTF-- +Result Count: 0 Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-05-05 10:54:53 UTC (rev 299015) +++ php/php-src/branches/PHP_5_3/NEWS 2010-05-05 11:40:11 UTC (rev 299016) @@ -137,6 +137,7 @@ - Fixed bug #48983 (DomDocument : saveHTMLFile wrong charset). (Rob) - Fixed bug #48902 (Timezone database fallback map
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/iconv/iconv.c branches/PHP_5_2/ext/iconv/tests/bug48289.phpt branches/PHP_5_3/NEWS branches/PHP_5_3/ext/iconv/iconv.c branches/P
aharvey Tue, 04 May 2010 11:56:59 + Revision: http://svn.php.net/viewvc?view=revisionrevision=298963 Log: Fix for bug #48289 (iconv_mime_encode() quoted-printable scheme is broken). Thanks to Hiroaki Kawai for the original patch. Bug: http://bugs.php.net/48289 (Assigned) iconv_mime_encode() quoted-printable scheme is broken Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/iconv/iconv.c A php/php-src/branches/PHP_5_2/ext/iconv/tests/bug48289.phpt U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/iconv/iconv.c A php/php-src/branches/PHP_5_3/ext/iconv/tests/bug48289.phpt U php/php-src/trunk/ext/iconv/iconv.c A php/php-src/trunk/ext/iconv/tests/bug48289.phpt Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-05-04 11:01:46 UTC (rev 298962) +++ php/php-src/branches/PHP_5_2/NEWS 2010-05-04 11:56:59 UTC (rev 298963) @@ -66,6 +66,8 @@ - Fixed bug #49723 (LimitIterator with empty SeekableIterator). (Etienne) - Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus) - Fixed bug #49267 (Linking fails for iconv). (Moriyosh) +- Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken). + (Adam, patch from hiroaki dot kawai at gmail dot com). - Fixed bug #43314 (iconv_mime_encode(), broken Q scheme). (Rasmus) - Fixed bug #23229 (syslog() truncates messages). (Adam) Modified: php/php-src/branches/PHP_5_2/ext/iconv/iconv.c === --- php/php-src/branches/PHP_5_2/ext/iconv/iconv.c 2010-05-04 11:01:46 UTC (rev 298962) +++ php/php-src/branches/PHP_5_2/ext/iconv/iconv.c 2010-05-04 11:56:59 UTC (rev 298963) @@ -1217,7 +1217,7 @@ prev_in_left = ini_in_left = in_left; ini_in_p = in_p; - for (out_size = char_cnt; out_size 0;) { + for (out_size = (char_cnt - 2) / 3; out_size 0;) { size_t prev_out_left; nbytes_required = 0; Added: php/php-src/branches/PHP_5_2/ext/iconv/tests/bug48289.phpt === --- php/php-src/branches/PHP_5_2/ext/iconv/tests/bug48289.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/ext/iconv/tests/bug48289.phpt 2010-05-04 11:56:59 UTC (rev 298963) @@ -0,0 +1,22 @@ +--TEST-- +Bug #48289 (iconv_mime_encode() quoted-printable scheme is broken) +--SKIPIF-- +?php extension_loaded('iconv') or die('skip iconv extension is not available'); ? +--FILE-- +?php +$text = \xE3\x83\x86\xE3\x82\xB9\xE3\x83\x88\xE3\x83\x86\xE3\x82\xB9\xE3\x83\x88; +$options = array( +'scheme' = 'Q', +'input-charset' = 'UTF-8', +'output-charset' = 'UTF-8', +'line-length' = 30, +); + +echo iconv_mime_encode('Subject', $text, $options); +--EXPECT-- +Subject: =?UTF-8?Q?=E3=83=86?= + =?UTF-8?Q?=E3=82=B9?= + =?UTF-8?Q?=E3=83=88?= + =?UTF-8?Q?=E3=83=86?= + =?UTF-8?Q?=E3=82=B9?= + =?UTF-8?Q?=E3=83=88?= Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-05-04 11:01:46 UTC (rev 298962) +++ php/php-src/branches/PHP_5_3/NEWS 2010-05-04 11:56:59 UTC (rev 298963) @@ -131,6 +131,8 @@ (yoa...@gmail.com, Derick) - Fixed bug #48983 (DomDocument : saveHTMLFile wrong charset). (Rob) - Fixed bug #48902 (Timezone database fallback map is outdated). (Derick) +- Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken). + (Adam, patch from hiroaki dot kawai at gmail dot com). - Fixed bug #48781 (Cyclical garbage collector memory leak). (Dmitry) - Fixed bug #48361 (SplFileInfo::getPathInfo should return the parent dir). (Etienne) Modified: php/php-src/branches/PHP_5_3/ext/iconv/iconv.c === --- php/php-src/branches/PHP_5_3/ext/iconv/iconv.c 2010-05-04 11:01:46 UTC (rev 298962) +++ php/php-src/branches/PHP_5_3/ext/iconv/iconv.c 2010-05-04 11:56:59 UTC (rev 298963) @@ -1206,7 +1206,7 @@ prev_in_left = ini_in_left = in_left; ini_in_p = in_p; - for (out_size = char_cnt; out_size 0;) { + for (out_size = (char_cnt - 2) / 3; out_size 0;) { size_t prev_out_left; nbytes_required = 0; Added: php/php-src/branches/PHP_5_3/ext/iconv/tests/bug48289.phpt === --- php/php-src/branches/PHP_5_3/ext/iconv/tests/bug48289.phpt
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/sapi/apache2handler/sapi_apache2.c branches/PHP_5_3/NEWS branches/PHP_5_3/sapi/apache2handler/sapi_apache2.c trunk/sapi/apache2handl
pajoye Mon, 03 May 2010 17:47:58 + Revision: http://svn.php.net/viewvc?view=revisionrevision=298919 Log: - #51273, Content-length header is limited to 32bit integer with apache2/windows Bug: http://bugs.php.net/51273 (Open) Faultstring property does not exist when the faultstring is empty Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/sapi/apache2handler/sapi_apache2.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/sapi/apache2handler/sapi_apache2.c U php/php-src/trunk/sapi/apache2handler/sapi_apache2.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-05-03 17:10:04 UTC (rev 298918) +++ php/php-src/branches/PHP_5_2/NEWS 2010-05-03 17:47:58 UTC (rev 298919) @@ -18,6 +18,8 @@ - Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia) +- Fixed bug #51723 (Content-length header is limited to 32bit integer with + Apache2 on Windows). (Pierre) - Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre) - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query Modified: php/php-src/branches/PHP_5_2/sapi/apache2handler/sapi_apache2.c === --- php/php-src/branches/PHP_5_2/sapi/apache2handler/sapi_apache2.c 2010-05-03 17:10:04 UTC (rev 298918) +++ php/php-src/branches/PHP_5_2/sapi/apache2handler/sapi_apache2.c 2010-05-03 17:47:58 UTC (rev 298919) @@ -110,7 +110,15 @@ } ctx-content_type = estrdup(val); } else if (!strcasecmp(sapi_header-header, content-length)) { - ap_set_content_length(ctx-r, strtol(val, (char **)NULL, 10)); +#ifdef PHP_WINDOWS +# ifdef APR_HAS_LARGE_FILES + ap_set_content_length(ctx-r, (apr_off_t) _strtoui64(val, (char **)NULL, 10)); +# else + ap_set_content_length(ctx-r, (apr_off_t) strtol(val, (char **)NULL, 10)); +# endif +#else + ap_set_content_length(ctx-r, (apr_off_t) strtol(val, (char **)NULL, 10)); +#endif } else if (sapi_header-replace) { apr_table_set(ctx-r-headers_out, sapi_header-header, val); } else { Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-05-03 17:10:04 UTC (rev 298918) +++ php/php-src/branches/PHP_5_3/NEWS 2010-05-03 17:47:58 UTC (rev 298919) @@ -37,6 +37,8 @@ requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas) +- Fixed bug #51723 (Content-length header is limited to 32bit integer with + Apache2 on Windows). (Pierre) - Fixed bug #51690 (Phar::setStub looks for case-sensitive __HALT_COMPILER()). (Ilia) - Fixed bug #51688 (ini per dir crashes when invalid document root are given). Modified: php/php-src/branches/PHP_5_3/sapi/apache2handler/sapi_apache2.c === --- php/php-src/branches/PHP_5_3/sapi/apache2handler/sapi_apache2.c 2010-05-03 17:10:04 UTC (rev 298918) +++ php/php-src/branches/PHP_5_3/sapi/apache2handler/sapi_apache2.c 2010-05-03 17:47:58 UTC (rev 298919) @@ -120,7 +120,15 @@ } ctx-content_type = estrdup(val); } else if (!strcasecmp(sapi_header-header, content-length)) { - ap_set_content_length(ctx-r, strtol(val, (char **)NULL, 10)); +#ifdef PHP_WINDOWS +# ifdef APR_HAS_LARGE_FILES + ap_set_content_length(ctx-r, (apr_off_t) _strtoui64(val, (char **)NULL, 10)); +# else + ap_set_content_length(ctx-r, (apr_off_t) strtol(val, (char **)NULL, 10)); +# endif +#else + ap_set_content_length(ctx-r, (apr_off_t) strtol(val, (char **)NULL, 10)); +#endif } else if (op == SAPI_HEADER_REPLACE) { apr_table_set(ctx-r-headers_out, sapi_header-header, val); } else { Modified: php/php-src/trunk/sapi/apache2handler/sapi_apache2.c === --- php/php-src/trunk/sapi/apache2handler/sapi_apache2.c2010-05-03 17:10:04 UTC (rev 298918) +++ php/php-src/trunk/sapi/apache2handler/sapi_apache2.c2010-05-03 17:47:58 UTC (rev 298919) @@ -120,7 +120,15 @@ } ctx-content_type = estrdup(val); } else if (!strcasecmp(sapi_header-header, content-length)) { - ap_set_content_length(ctx-r, strtol(val, (char
[PHP-CVS] svn: /php/php-src/branches/PHP_5_2/ NEWS
pajoye Mon, 03 May 2010 19:53:02 + Revision: http://svn.php.net/viewvc?view=revisionrevision=298931 Log: - revert #51273 Bug: http://bugs.php.net/51273 (Open) Faultstring property does not exist when the faultstring is empty Changed paths: U php/php-src/branches/PHP_5_2/NEWS Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-05-03 19:51:59 UTC (rev 298930) +++ php/php-src/branches/PHP_5_2/NEWS 2010-05-03 19:53:02 UTC (rev 298931) @@ -18,8 +18,6 @@ - Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia) -- Fixed bug #51723 (Content-length header is limited to 32bit integer with - Apache2 on Windows). (Pierre) - Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre) - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/standard/file.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/file.c trunk/ext/standard/file.c
iliaaSun, 02 May 2010 19:34:21 + Revision: http://svn.php.net/viewvc?view=revisionrevision=298881 Log: - Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/file.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/file.c U php/php-src/trunk/ext/standard/file.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-05-02 18:47:27 UTC (rev 298880) +++ php/php-src/branches/PHP_5_2/NEWS 2010-05-02 19:34:21 UTC (rev 298881) @@ -8,6 +8,8 @@ - Updated timezone database to version 2010.5. (Derick) +- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan + Esser (Ilia) - Reset error state in PDO::beginTransaction() reset error state. (Ilia) - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) Modified: php/php-src/branches/PHP_5_2/ext/standard/file.c === --- php/php-src/branches/PHP_5_2/ext/standard/file.c2010-05-02 18:47:27 UTC (rev 298880) +++ php/php-src/branches/PHP_5_2/ext/standard/file.c2010-05-02 19:34:21 UTC (rev 298881) @@ -2551,6 +2551,10 @@ php_error_docref(NULL TSRMLS_CC, E_WARNING, Filename exceeds the maximum allowed length of %d characters, MAXPATHLEN); RETURN_FALSE; } + if (pattern_len = MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Pattern exceeds the maximum allowed length of %d characters, MAXPATHLEN); + RETURN_FALSE; + } RETURN_BOOL( ! fnmatch( pattern, filename, flags )); } Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-05-02 18:47:27 UTC (rev 298880) +++ php/php-src/branches/PHP_5_3/NEWS 2010-05-02 19:34:21 UTC (rev 298881) @@ -23,6 +23,8 @@ - Fixed very rare memory leak in mysqlnd, when binding thousands of columns. (Andrey) +- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan + Esser (Ilia) - Fixed a possible dechunking filter buffer overflow. Reported by Stefan Esser. (Pierre) - Fixed a possible arbitrary memory access inside sqlite extension. Reported Modified: php/php-src/branches/PHP_5_3/ext/standard/file.c === --- php/php-src/branches/PHP_5_3/ext/standard/file.c2010-05-02 18:47:27 UTC (rev 298880) +++ php/php-src/branches/PHP_5_3/ext/standard/file.c2010-05-02 19:34:21 UTC (rev 298881) @@ -136,27 +136,13 @@ /* {{{ ZTS-stuff / Globals / Prototypes */ -/* sharing globals is *evil* */ -static int le_stream_context = FAILURE; -PHPAPI int php_le_stream_context(void) -{ - return le_stream_context; -} /* }}} */ /* {{{ Module-Stuff */ -static ZEND_RSRC_DTOR_FUNC(file_context_dtor) -{ - php_stream_context *context = (php_stream_context*)rsrc-ptr; - if (context-options) { - zval_ptr_dtor(context-options); - context-options = NULL; - } - php_stream_context_free(context); -} + static void file_globals_ctor(php_file_globals *file_globals_p TSRMLS_DC) { FG(pclose_ret) = 0; @@ -176,7 +162,6 @@ PHP_MINIT_FUNCTION(file) { - le_stream_context = zend_register_list_destructors_ex(file_context_dtor, NULL, stream-context, module_number); #ifdef ZTS ts_allocate_id(file_globals_id, sizeof(php_file_globals), (ts_allocate_ctor) file_globals_ctor, (ts_allocate_dtor) file_globals_dtor); @@ -2521,6 +2506,10 @@ php_error_docref(NULL TSRMLS_CC, E_WARNING, Filename exceeds the maximum allowed length of %d characters, MAXPATHLEN); RETURN_FALSE; } + if (pattern_len = MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Pattern exceeds the maximum allowed length of %d characters, MAXPATHLEN); + RETURN_FALSE; + } RETURN_BOOL( ! fnmatch( pattern, filename, flags )); } Modified: php/php-src/trunk/ext/standard/file.c === --- php/php-src/trunk/ext/standard/file.c 2010-05-02 18:47:27 UTC (rev 298880) +++ php/php-src/trunk/ext/standard/file.c 2010-05-02 19:34:21 UTC (rev 298881) @@ -2469,6 +2469,10 @@ php_error_docref(NULL TSRMLS_CC, E_WARNING, Filename exceeds the maximum allowed length of %d characters, MAXPATHLEN); RETURN_FALSE; } + if (pattern_len = MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Pattern exceeds the maximum allowed length of %d characters,
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/gd/libgd/gd.c branches/PHP_5_2/ext/gd/tests/bug51671.phpt branches/PHP_5_3/NEWS branches/PHP_5_3/ext/gd/libgd/gd.c branches/PHP_
pajoye Wed, 28 Apr 2010 08:23:44 + Revision: http://svn.php.net/viewvc?view=revisionrevision=298693 Log: - Fix #51671, imagefill does not work correctly for small images Bug: http://bugs.php.net/51671 (Assigned) imagefill does not work correctly for small images Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/gd/libgd/gd.c A php/php-src/branches/PHP_5_2/ext/gd/tests/bug51671.phpt U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/gd/libgd/gd.c A php/php-src/branches/PHP_5_3/ext/gd/tests/bug51671.phpt U php/php-src/trunk/ext/gd/libgd/gd.c A php/php-src/trunk/ext/gd/tests/bug51671.phpt Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-04-28 08:04:52 UTC (rev 298692) +++ php/php-src/branches/PHP_5_2/NEWS 2010-04-28 08:23:44 UTC (rev 298693) @@ -14,6 +14,8 @@ - Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser (Ilia) +- Fixed bug #51671 (imagefill does not work correctly for small images). + (Pierre) - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query after calling nextRowset). (Pierrick) - Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading). Modified: php/php-src/branches/PHP_5_2/ext/gd/libgd/gd.c === --- php/php-src/branches/PHP_5_2/ext/gd/libgd/gd.c 2010-04-28 08:04:52 UTC (rev 298692) +++ php/php-src/branches/PHP_5_2/ext/gd/libgd/gd.c 2010-04-28 08:23:44 UTC (rev 298693) @@ -2000,7 +2000,7 @@ goto done; } gdImageSetPixel(im, ix, iy, nc); - } while(ix++ (im-sx -1)); + } while(iy++ (im-sy -1)); goto done; } Added: php/php-src/branches/PHP_5_2/ext/gd/tests/bug51671.phpt === --- php/php-src/branches/PHP_5_2/ext/gd/tests/bug51671.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/ext/gd/tests/bug51671.phpt 2010-04-28 08:23:44 UTC (rev 298693) @@ -0,0 +1,24 @@ +--TEST-- +Bug #51671 (imagefill does not work correctly for small images) +--SKIPIF-- +?php + if(!extension_loaded('gd')){ die('skip gd extension not available'); } +? +--FILE-- +?php +$w = 1; +$h = 50; +$im = imagecreatetruecolor($w, $h); +$white = imagecolorallocate($im, 255, 255, 255); +imagefill($im, 0, 0, $white); + +for ($iy = 0; $iy $h; $iy++) { +if (($c = imagecolorat($im, 0, $iy)) != $white) { +printf(Failed, (0, $iy) is %X\n, $c); +} +} + +echo OK\n; +? +--EXPECTF-- +OK Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-04-28 08:04:52 UTC (rev 298692) +++ php/php-src/branches/PHP_5_3/NEWS 2010-04-28 08:23:44 UTC (rev 298693) @@ -28,6 +28,9 @@ - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas) + +- Fixed bug #51671 (imagefill does not work correctly for small images). + (Pierre) - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query after calling nextRowset). (Pierrick) - Fixed bug #51647 Certificate file without private key (pk in another file) Modified: php/php-src/branches/PHP_5_3/ext/gd/libgd/gd.c === --- php/php-src/branches/PHP_5_3/ext/gd/libgd/gd.c 2010-04-28 08:04:52 UTC (rev 298692) +++ php/php-src/branches/PHP_5_3/ext/gd/libgd/gd.c 2010-04-28 08:23:44 UTC (rev 298693) @@ -1907,7 +1907,7 @@ goto done; } gdImageSetPixel(im, ix, iy, nc); - } while(ix++ (im-sx -1)); + } while(iy++ (im-sy -1)); goto done; } Added: php/php-src/branches/PHP_5_3/ext/gd/tests/bug51671.phpt === --- php/php-src/branches/PHP_5_3/ext/gd/tests/bug51671.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/gd/tests/bug51671.phpt 2010-04-28 08:23:44 UTC (rev 298693) @@ -0,0 +1,24 @@ +--TEST-- +Bug #51671 (imagefill does not work correctly for small images) +--SKIPIF-- +?php + if(!extension_loaded('gd')){ die('skip gd extension not available'); } +? +--FILE-- +?php +$w = 1; +$h = 50; +$im = imagecreatetruecolor($w, $h); +$white = imagecolorallocate($im, 255, 255, 255); +imagefill($im, 0, 0, $white); + +for ($iy = 0; $iy $h; $iy++) { +if (($c = imagecolorat($im,
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/sqlite/sqlite.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/sqlite/sqlite.c trunk/ext/sqlite/sqlite.c
iliaaWed, 28 Apr 2010 12:10:10 + Revision: http://svn.php.net/viewvc?view=revisionrevision=298697 Log: Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/sqlite/sqlite.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/sqlite/sqlite.c U php/php-src/trunk/ext/sqlite/sqlite.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-04-28 10:36:33 UTC (rev 298696) +++ php/php-src/branches/PHP_5_2/NEWS 2010-04-28 12:10:10 UTC (rev 298697) @@ -13,6 +13,8 @@ requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser (Ilia) +- Fixed a possible arbitrary memory access inside sqlite extension. Reported + by Mateusz Kocielski. (Ilia) - Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre) Modified: php/php-src/branches/PHP_5_2/ext/sqlite/sqlite.c === --- php/php-src/branches/PHP_5_2/ext/sqlite/sqlite.c2010-04-28 10:36:33 UTC (rev 298696) +++ php/php-src/branches/PHP_5_2/ext/sqlite/sqlite.c2010-04-28 12:10:10 UTC (rev 298697) @@ -2170,7 +2170,7 @@ return; } - rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); + rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres)); sqlite_query(NULL, db, sql, sql_len, (int)mode, 0, NULL, rres, NULL TSRMLS_CC); if (db-last_err_code != SQLITE_OK) { if (rres) { @@ -2286,7 +2286,7 @@ return; } - rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); + rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres)); sqlite_query(NULL, db, sql, sql_len, PHPSQLITE_NUM, 0, NULL, rres, NULL TSRMLS_CC); if (db-last_err_code != SQLITE_OK) { if (rres) { Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-04-28 10:36:33 UTC (rev 298696) +++ php/php-src/branches/PHP_5_3/NEWS 2010-04-28 12:10:10 UTC (rev 298697) @@ -21,6 +21,8 @@ - Fixed very rare memory leak in mysqlnd, when binding thousands of columns. (Andrey) +- Fixed a possible arbitrary memory access inside sqlite extension. Reported + by Mateusz Kocielski. (Ilia) - Fixed string format validation inside phar extension. Reported by Stefan Esser (Ilia) - Fixed handling of session variable serialization on certain prefix Modified: php/php-src/branches/PHP_5_3/ext/sqlite/sqlite.c === --- php/php-src/branches/PHP_5_3/ext/sqlite/sqlite.c2010-04-28 10:36:33 UTC (rev 298696) +++ php/php-src/branches/PHP_5_3/ext/sqlite/sqlite.c2010-04-28 12:10:10 UTC (rev 298697) @@ -2508,7 +2508,7 @@ return; } - rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); + rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres)); sqlite_query(NULL, db, sql, sql_len, (int)mode, 0, NULL, rres, NULL TSRMLS_CC); if (db-last_err_code != SQLITE_OK) { if (rres) { @@ -2624,7 +2624,7 @@ return; } - rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); + rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres)); sqlite_query(NULL, db, sql, sql_len, PHPSQLITE_NUM, 0, NULL, rres, NULL TSRMLS_CC); if (db-last_err_code != SQLITE_OK) { if (rres) { Modified: php/php-src/trunk/ext/sqlite/sqlite.c === --- php/php-src/trunk/ext/sqlite/sqlite.c 2010-04-28 10:36:33 UTC (rev 298696) +++ php/php-src/trunk/ext/sqlite/sqlite.c 2010-04-28 12:10:10 UTC (rev 298697) @@ -2499,7 +2499,7 @@ return; } - rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); + rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres)); sqlite_query(NULL, db, sql, sql_len, (int)mode, 0, NULL, rres, NULL TSRMLS_CC); if (db-last_err_code != SQLITE_OK) { if (rres) { @@ -2615,7 +2615,7 @@ return; } - rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); + rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres)); sqlite_query(NULL, db, sql, sql_len, PHPSQLITE_NUM, 0, NULL, rres, NULL TSRMLS_CC); if (db-last_err_code != SQLITE_OK) { if (rres) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/gd/libgd/gd.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/gd/libgd/gd.c trunk/ext/gd/libgd/gd.c
pajoye Wed, 28 Apr 2010 14:35:42 + Revision: http://svn.php.net/viewvc?view=revisionrevision=298701 Log: - - Fixed #51128, imagefill() doesn't work with large images Bug: http://bugs.php.net/51128 (Assigned) imagefill() doesn't work with large images Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/gd/libgd/gd.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/gd/libgd/gd.c U php/php-src/trunk/ext/gd/libgd/gd.c Modified: php/php-src/branches/PHP_5_2/NEWS === --- php/php-src/branches/PHP_5_2/NEWS 2010-04-28 14:10:01 UTC (rev 298700) +++ php/php-src/branches/PHP_5_2/NEWS 2010-04-28 14:35:42 UTC (rev 298701) @@ -54,6 +54,7 @@ (Ilia) - Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia) +- Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre) - Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones) - Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris Jones) - Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4). Modified: php/php-src/branches/PHP_5_2/ext/gd/libgd/gd.c === --- php/php-src/branches/PHP_5_2/ext/gd/libgd/gd.c 2010-04-28 14:10:01 UTC (rev 298700) +++ php/php-src/branches/PHP_5_2/ext/gd/libgd/gd.c 2010-04-28 14:35:42 UTC (rev 298701) @@ -1938,9 +1938,9 @@ struct seg {int y, xl, xr, dy;}; /* max depth of stack */ -#define FILL_MAX 120 +#define FILL_MAX ((int)(im-sy*im-sx)/4) #define FILL_PUSH(Y, XL, XR, DY) \ -if (spstack+FILL_MAX*10 Y+(DY)=0 Y+(DY)wy2) \ +if (spstack+FILL_MAX Y+(DY)=0 Y+(DY)wy2) \ {sp-y = Y; sp-xl = XL; sp-xr = XR; sp-dy = DY; sp++;} #define FILL_POP(Y, XL, XR, DY) \ Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2010-04-28 14:10:01 UTC (rev 298700) +++ php/php-src/branches/PHP_5_3/NEWS 2010-04-28 14:35:42 UTC (rev 298701) @@ -86,6 +86,7 @@ (Felipe) - Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia) +- Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre) - Fixed bug #51096 ('last day' and 'first day' are handled incorrectly when parsing date strings). (Derick) - Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones) Modified: php/php-src/branches/PHP_5_3/ext/gd/libgd/gd.c === --- php/php-src/branches/PHP_5_3/ext/gd/libgd/gd.c 2010-04-28 14:10:01 UTC (rev 298700) +++ php/php-src/branches/PHP_5_3/ext/gd/libgd/gd.c 2010-04-28 14:35:42 UTC (rev 298701) @@ -1845,9 +1845,9 @@ struct seg {int y, xl, xr, dy;}; /* max depth of stack */ -#define FILL_MAX 120 +#define FILL_MAX ((int)(im-sy*im-sx)/4) #define FILL_PUSH(Y, XL, XR, DY) \ -if (spstack+FILL_MAX*10 Y+(DY)=0 Y+(DY)wy2) \ +if (spstack+FILL_MAX Y+(DY)=0 Y+(DY)wy2) \ {sp-y = Y; sp-xl = XL; sp-xr = XR; sp-dy = DY; sp++;} #define FILL_POP(Y, XL, XR, DY) \ Modified: php/php-src/trunk/ext/gd/libgd/gd.c === --- php/php-src/trunk/ext/gd/libgd/gd.c 2010-04-28 14:10:01 UTC (rev 298700) +++ php/php-src/trunk/ext/gd/libgd/gd.c 2010-04-28 14:35:42 UTC (rev 298701) @@ -1845,9 +1845,9 @@ struct seg {int y, xl, xr, dy;}; /* max depth of stack */ -#define FILL_MAX 120 +#define FILL_MAX ((int)(im-sy*im-sx)/4) #define FILL_PUSH(Y, XL, XR, DY) \ -if (spstack+FILL_MAX*10 Y+(DY)=0 Y+(DY)wy2) \ +if (spstack+FILL_MAX Y+(DY)=0 Y+(DY)wy2) \ {sp-y = Y; sp-xl = XL; sp-xr = XR; sp-dy = DY; sp++;} #define FILL_POP(Y, XL, XR, DY) \ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php