If SG(request_info).request_body can't be completely written (e.g. due to a
full drive), only parts of the POST data will be available. This patch changes
this, so that SG(request_info).request_body will be reset in this case, and a
warning will be thrown.
* PHP-5.5:
update NEWS
fix test
update NEWS
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
* PHP-5.4:
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Fix #53854: Missing constants for compression type
The constants have already been added long ago. This patch just adds a PHPT
which checks the recognition of the respective compression methods.
Unfortunately, I've not been able to assemble a zip with all compression
methods.
Fix #70052: getimagesize() fails for very large and very small WBMP
Very large WBMP (width or height greater than 2**31-1) cause an overflow and
circumvent the size limitation of 2048x2048 px. Very small WBMP (less than 12
bytes) cause a read error and are not recognized. This patch fixes both bugs.
The stack overflow is caused by the recursive algorithm in combination with a
very large negative coordinate passed to gdImageFillToBorder(). As there is
already a clipping for large positive coordinates to the width and height of
the image, it seems to be consequent to clip to zero also.
Fix #53156: imagerectangle problem with point ordering
Contrary to imagefilledrectangle(), imagerectangle() has the documented
limitation that the given points have to be the upper left and the lower right
corner, respectively. However, libgd already caters to upper right / lower left
pairs, and not catering to the other two combinations seems to be an oversight.
Fix #66590: imagewebp() doesn't pad to even length
The code in the bundled libgd uses libvpx and writes the riff manually. The
code generates the correct even size, but neglects the padding. It's possible
older versions of libwebp would decode this, but libwebp 0.4.0 does not.
Let's apply the patch supplied by one of the WebP developers.
When there is already an APP13 marker segment in the file, iptcembed() doesn't
skip the first byte (0xFF) of this segment, what leads to unnecessary and
potentially invalid duplication of this byte. This patch fixes this issue.
Fix #53840: Misleading extension entries in php.ini
As of PHP 5.3.0 the php_pspell.dll is not delivered anymore with the Windows
binaries, and according to bug #47464 that's highly unlike to change. So it's
appropriate to remove the respective extension entry from php.ini.
Fix #66882: imagerotate by -90 degrees truncates image by 1px
Contrary to the external libgd, the bundled libgd doesn't use optimized
rotation algorithms for negative square angles. We fix that now.
There are other improvements in gdImageRotateInterpolated() in the external
libgd. I'll leave them out for now, in the hope that we'll be able to rejoin
the two libraries rather soon.
Fix #69024: imagescale segfault with palette based image
imagescale(..., IMG_BICUBIC) is not supposed to work with palette images, so we
fix that by converting to true color if necessary. Basically the same fix has
already been applied to the external libgd[1].
To avoid drawing the corner pixels twice, gdImageRectangle() draws the vertical
lines 2 points shorter than the actual side of the rectangle. However, this
causes "whiskers" for rectangles with height 0. This patch fixes this issue and
at the same time optimizes the algorithm by drawing only a single line for zero
height and zero width rectangles.
Actually, this is not really a bug fix, but rather a simplification and
optimization in the same vein as has been done with the external libgd, but
going a small step further and joining both for loops.
The file parameter of the XBM image ZPP is not properly taken into account. If
it is NULL that would result in a segfault, because gdImageXbmCtx() is not
prepared to take a NULL file_name. If it is not NULL the XBM data would be
written to STDOUT, because the stream is not initialized. This patch fixes both
issues.
projects / php / log