Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
tag-related code
|
|
https://github.com/php/php-src/blob/2d467abc46ec4ee97484d4e35909bed322600037/UPGRADING#L43
https://github.com/php/php-src/blob/2d467abc46ec4ee97484d4e35909bed322600037/UPGRADING#L63
|
|
https://github.com/php/php-src/blob/2d467abc46ec4ee97484d4e35909bed322600037/UPGRADING#L886
|
|
The global in 'sanity_check()' was null... possibly due to circular requires?
|
|
'sanity_check.php' gets included in 'update.php' and 'update_daemon2.php', where a Host request header is likely not provided.
|
|
- regenerate config checks without sphinx-related variables
|
|
|
|
|
|
|
|
|
|
|
|
|
|
classes instead
|
|
|
|
|
|
validate_url: treat scheme as case-insensitive
|
|
|
|
|
|
|
|
filtering to fetch_file_contents()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
|
|
parameter
use type-strict comparison when validating CSRF token on the backend
|
|
|
|
loopback address
|
|
rewrite_relative_url: simplify handling of relative URLs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
hooks
|
|
|
|
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
|
|
|