The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.12:
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
- Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)
- Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)
- Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)
Download PHP 5.2.12
Sunday, December 20, 2009
Saturday, December 19, 2009
Using PHP cURL module to fetch the website.com
Following code returns the curl output as a string.
<?php
// create curl resource
$ch = curl_init();
// set url
curl_setopt($ch, CURLOPT_URL, "example.com");
//return the transfer as a string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// $output contains the output string
$output = curl_exec($ch);
// close curl resource to free up system resources
curl_close($ch);
?>
Saturday, September 19, 2009
PHP 5.2.11 Released
The PHP development team would like to announce the immediate availability of PHP 5.2.11. This release focuses on improving the stability of the PHP 5.2.x branch with over 75 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.11:
* Security Fixes
o Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
o Added missing sanity checks around exif processing. (Ilia)
o Fixed sanity check for the color index in imagecolortransparent. (Pierre)
o Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
* Updated timezone database to version 2009.13 (2009m) (Derick)
* Fixed zlib.deflate compress filter to actually accept level parameter. (Jani)
* Fixed leak on error in popen/exec (and related functions) on Windows. (Pierre)
* Fixed regression in cURL extension that prevented flush of data to output defined as a file handle. (Ilia)
* Fixed memory leak in stream_is_local(). (Felipe, Tony)
* Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia)
* Fixed bug #49447 (php engine needs to correctly check for socket API return status on windows). (Sriram Natarajan)
* Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre)
* Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries). (Ilia, code-it at mail dot ru)
* Fixed bug #49289 (bcmath module doesn't compile with phpize configure). (Jani)
* Fixed bug #49286 (php://input (php_stream_input_read) is broken). (Jani)
* Fixed bug #49269 (Ternary operator fails on Iterator object when used inside foreach declaration). (Etienne, Dmitry)
* Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani)
* Fixed bug #49144 (Import of schema from different host transmits original authentication details). (Dmitry)
* Fixed bug #49132 (posix_times returns false without error). (phpbugs at gunnu dot us)
* Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu)
* Fixed bug #49095 (proc_get_status['exitcode'] fails on win32). (Felipe)
* Fixed bug #49074 (private class static fields can be modified by using reflection). (Jani)
* Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre)
* Fixed bug #49052 (context option headers freed too early when using --with-curlwrappers). (Jani)
* Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference). (Jani)
* Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars restrictions). (Ilia)
* Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes when including files from function). (Stas)
* Fixed bug #48994 (zlib.output_compression does not output HTTP headers when set to a string value). (Jani)
* Fixed bug #48980 (Crash when compiling with pdo_firebird). (Felipe)
* Fixed bug #48962 (cURL does not upload files with specified filename). (Ilia)
* Fixed bug #48929 (Double \r\n after HTTP headers when "header" context option is an array). (David Zülke)
* Fixed bug #48913 (Too long error code strings in pdo_odbc driver). (naf at altlinux dot ru, Felipe)
* Fixed bug #48802 (printf() returns incorrect outputted length). (Jani)
* Fixed bug #48801 (Problem with imagettfbbox). (Takeshi Abe)
* Fixed bug #48788 (RecursiveDirectoryIterator doesn't descend into symlinked directories). (Ilia)
* Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()). (Sriram Natarajan)
* Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at gmail dot com, Pierre)
* Fixed bug #48762 (IPv6 address filter still rejects valid address). (Felipe)
* Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on files that have been opened with r+). (Ilia)
* Fixed bug #48732 (TTF Bounding box wrong for letters below baseline). (Takeshi Abe)
* Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia)
* Fixed bug #48709 (metaphone and 'wh'). (brettz9 at yahoo dot com, Felipe)
* Fixed bug #48697 (mb_internal_encoding() value gets reset by parse_str()). (Moriyoshi)
* Fixed bug #48696 (ldap_read() segfaults with invalid parameters). (Felipe)
* Fixed bug #48693 (Double declaration of __lambda_func when lambda wrongly formatted). (peter at lvp-media dot com, Felipe)
* Fixed bug #48661 (phpize is broken with non-bash shells). (Jani)
* Fixed bug #48645 (mb_convert_encoding() doesn't understand hexadecimal html-entities). (Moriyoshi)
* Fixed bug #48637 ("file" fopen wrapper is overwritten when using --with-curlwrappers). (Jani)
* Fixed bug #48636 (Error compiling of ext/date on netware). (guenter at php.net, Ilia)
* Fixed bug #48629 (get_defined_constants() ignores categorize parameter). (Felipe)
* Fixed bug #48619 (imap_search ALL segfaults). (Pierre)
* Fixed bug #48608 (Invalid libreadline version not detected during configure). (Jani)
* Fixed bug #48555 (ImageFTBBox() differs from previous versions for texts with new lines) (Takeshi Abe)
* Fixed bug #48539 (pdo_dblib fails to connect, throws empty PDOException "SQLSTATE[] (null)"). (Felipe)
* Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using TMPDIR). (Ilia)
* Fixed bug #48450 (Compile failure under IRIX 6.5.30 building gd.c). (Kalle)
* Fixed bug #48400 (imap crashes when closing stream opened with OP_PROTOTYPE flag). (Jani)
* Fixed bug #48284 (hash "adler32" byte order is reversed). (Scott)
* Fixed bug #48276 (date("Y") on big endian machines produces the wrong result). (Scott)
* Fixed bug #48247 (Infinite loop and possible crash during startup with errors when errors are logged). (Jani)
* Fixed bug #48182 (ssl handshake fails during asynchronous socket connection). (Sriram Natarajan)
* Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre, Al dot Smith at aeschi dot ch dot eu dot org)
* Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo)
* Fixed bug #48057 (Only the date fields of the first row are fetched, others are empty). (info at programmiernutte dot net)
* Fixed bug #47481 (natcasesort() does not sort extended ASCII characters correctly). (Herman Radtke)
* Fixed bug #47351 (Memory leak in DateTime). (Derick, Tobias John)
* Fixed bug #47273 (Encoding bug in SoapServer->fault). (Dmitry)
* Fixed bug #46020 (with Sun Java System Web Server 7.0 on HPUX, #define HPUX). (Uwe Schindler)
* Fixed bug #45905 (imagefilledrectangle() clipping error). (markril at hotmail dot com, Pierre)
* Fixed bug #45280 (Reflection of instantiated COM classes causes PHP to crash) (Paul Richards, Kalle)
* Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia)
* Fixed bug #44144 (spl_autoload_functions() should return object instance when appropriate). (Hannes, Etienne)
* Fixed bug #43510 (stream_get_meta_data() does not return same mode as used in fopen). (Jani)
* Fixed bug #42434 (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot com, Kalle)
* Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett)
Download PHP 5.2.11
Security Enhancements and Fixes in PHP 5.2.11:
* Security Fixes
o Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
o Added missing sanity checks around exif processing. (Ilia)
o Fixed sanity check for the color index in imagecolortransparent. (Pierre)
o Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
* Updated timezone database to version 2009.13 (2009m) (Derick)
* Fixed zlib.deflate compress filter to actually accept level parameter. (Jani)
* Fixed leak on error in popen/exec (and related functions) on Windows. (Pierre)
* Fixed regression in cURL extension that prevented flush of data to output defined as a file handle. (Ilia)
* Fixed memory leak in stream_is_local(). (Felipe, Tony)
* Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia)
* Fixed bug #49447 (php engine needs to correctly check for socket API return status on windows). (Sriram Natarajan)
* Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre)
* Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries). (Ilia, code-it at mail dot ru)
* Fixed bug #49289 (bcmath module doesn't compile with phpize configure). (Jani)
* Fixed bug #49286 (php://input (php_stream_input_read) is broken). (Jani)
* Fixed bug #49269 (Ternary operator fails on Iterator object when used inside foreach declaration). (Etienne, Dmitry)
* Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani)
* Fixed bug #49144 (Import of schema from different host transmits original authentication details). (Dmitry)
* Fixed bug #49132 (posix_times returns false without error). (phpbugs at gunnu dot us)
* Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu)
* Fixed bug #49095 (proc_get_status['exitcode'] fails on win32). (Felipe)
* Fixed bug #49074 (private class static fields can be modified by using reflection). (Jani)
* Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre)
* Fixed bug #49052 (context option headers freed too early when using --with-curlwrappers). (Jani)
* Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference). (Jani)
* Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars restrictions). (Ilia)
* Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes when including files from function). (Stas)
* Fixed bug #48994 (zlib.output_compression does not output HTTP headers when set to a string value). (Jani)
* Fixed bug #48980 (Crash when compiling with pdo_firebird). (Felipe)
* Fixed bug #48962 (cURL does not upload files with specified filename). (Ilia)
* Fixed bug #48929 (Double \r\n after HTTP headers when "header" context option is an array). (David Zülke)
* Fixed bug #48913 (Too long error code strings in pdo_odbc driver). (naf at altlinux dot ru, Felipe)
* Fixed bug #48802 (printf() returns incorrect outputted length). (Jani)
* Fixed bug #48801 (Problem with imagettfbbox). (Takeshi Abe)
* Fixed bug #48788 (RecursiveDirectoryIterator doesn't descend into symlinked directories). (Ilia)
* Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()). (Sriram Natarajan)
* Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at gmail dot com, Pierre)
* Fixed bug #48762 (IPv6 address filter still rejects valid address). (Felipe)
* Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on files that have been opened with r+). (Ilia)
* Fixed bug #48732 (TTF Bounding box wrong for letters below baseline). (Takeshi Abe)
* Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia)
* Fixed bug #48709 (metaphone and 'wh'). (brettz9 at yahoo dot com, Felipe)
* Fixed bug #48697 (mb_internal_encoding() value gets reset by parse_str()). (Moriyoshi)
* Fixed bug #48696 (ldap_read() segfaults with invalid parameters). (Felipe)
* Fixed bug #48693 (Double declaration of __lambda_func when lambda wrongly formatted). (peter at lvp-media dot com, Felipe)
* Fixed bug #48661 (phpize is broken with non-bash shells). (Jani)
* Fixed bug #48645 (mb_convert_encoding() doesn't understand hexadecimal html-entities). (Moriyoshi)
* Fixed bug #48637 ("file" fopen wrapper is overwritten when using --with-curlwrappers). (Jani)
* Fixed bug #48636 (Error compiling of ext/date on netware). (guenter at php.net, Ilia)
* Fixed bug #48629 (get_defined_constants() ignores categorize parameter). (Felipe)
* Fixed bug #48619 (imap_search ALL segfaults). (Pierre)
* Fixed bug #48608 (Invalid libreadline version not detected during configure). (Jani)
* Fixed bug #48555 (ImageFTBBox() differs from previous versions for texts with new lines) (Takeshi Abe)
* Fixed bug #48539 (pdo_dblib fails to connect, throws empty PDOException "SQLSTATE[] (null)"). (Felipe)
* Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using TMPDIR). (Ilia)
* Fixed bug #48450 (Compile failure under IRIX 6.5.30 building gd.c). (Kalle)
* Fixed bug #48400 (imap crashes when closing stream opened with OP_PROTOTYPE flag). (Jani)
* Fixed bug #48284 (hash "adler32" byte order is reversed). (Scott)
* Fixed bug #48276 (date("Y") on big endian machines produces the wrong result). (Scott)
* Fixed bug #48247 (Infinite loop and possible crash during startup with errors when errors are logged). (Jani)
* Fixed bug #48182 (ssl handshake fails during asynchronous socket connection). (Sriram Natarajan)
* Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre, Al dot Smith at aeschi dot ch dot eu dot org)
* Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo)
* Fixed bug #48057 (Only the date fields of the first row are fetched, others are empty). (info at programmiernutte dot net)
* Fixed bug #47481 (natcasesort() does not sort extended ASCII characters correctly). (Herman Radtke)
* Fixed bug #47351 (Memory leak in DateTime). (Derick, Tobias John)
* Fixed bug #47273 (Encoding bug in SoapServer->fault). (Dmitry)
* Fixed bug #46020 (with Sun Java System Web Server 7.0 on HPUX, #define HPUX). (Uwe Schindler)
* Fixed bug #45905 (imagefilledrectangle() clipping error). (markril at hotmail dot com, Pierre)
* Fixed bug #45280 (Reflection of instantiated COM classes causes PHP to crash) (Paul Richards, Kalle)
* Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia)
* Fixed bug #44144 (spl_autoload_functions() should return object instance when appropriate). (Hannes, Etienne)
* Fixed bug #43510 (stream_get_meta_data() does not return same mode as used in fopen). (Jani)
* Fixed bug #42434 (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot com, Kalle)
* Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett)
Download PHP 5.2.11
Friday, June 19, 2009
PHP 5.2.10 Released
The PHP development team would like to announce the immediate availability of PHP 5.2.10. This release focuses on improving the stability of the PHP 5.2.x branch with over 100 bug fixes, one of which is security related. All users of PHP are encouraged to upgrade to this release.
PHP 5 ChangeLog
Version 5.2.10
18-June-2009
* Security Fixes
o Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
* Updated timezone database to version 2009.9 (2009i) (Derick)
* Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara)
* Added new CURL options CURLOPT_REDIR_PROTOCOLS, CURLOPT_PROTOCOLS, and CURLPROTO_* for redirect fixes in CURL 7.19.4. (Yoram Bar Haim, Stas)
* Added support for Sun CC (FR #46595 and FR #46513). (David Soria Parra)
* Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)
* Fixed memory corruptions while reading properties of zip files. (Ilia)
* Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
* Fixed segfault on invalid session.save_path. (Hannes)
* Fixed leaks in imap when a mail_criteria is used. (Pierre)
* Fixed missing erealloc() in fix for Bug #40091 in spl_autoload_register. (Greg)
* Fixed bug #48562 (Reference recursion causes segfault when used in wddx_serialize_vars()). (Felipe)
* Fixed bug #48557 (Numeric string keys in Apache Hashmaps are not cast to integers). (David Zuelke)
* Fixed bug #48518 (curl crashes when writing into invalid file handle). (Tony)
* Fixed bug #48514 (cURL extension uses same resource name for simple and multi APIs). (Felipe)
* Fixed bug #48469 (ldap_get_entries() leaks memory on empty search results). (Patrick)
* Fixed bug #48456 (CPPFLAGS not restored properly in phpize.m4). (Jani, spisek at kerio dot com)
* Fixed bug #48448 (Compile failure under IRIX 6.5.30 building cast.c). (Kalle)
* Fixed bug #48441 (ldap_search() sizelimit, timelimit and deref options persist). (Patrick)
* Fixed bug #48434 (Improve memory_get_usage() accuracy). (Arnaud)
* Fixed bug #48416 (Force a cache limit in ereg() to stop excessive memory usage). (Scott)
* Fixed bug #48409 (Crash when exception is thrown while passing function arguments). (Arnaud)
* Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
* Fixed bug #48359 (Script hangs on snmprealwalk if OID is not increasing). (Ilia, simonov at gmail dot com)
* Fixed bug #48336 (ReflectionProperty::getDeclaringClass() does not work with redeclared property). (patch by Markus dot Lidel at shadowconnect dot com)
* Fixed bug #48326 (constant MSG_DONTWAIT not defined). (Arnaud)
* Fixed bug #48313 (fgetcsv() does not return null for empty rows). (Ilia)
* Fixed bug #48309 (stream_copy_to_stream() and fpasstru() do not update stream position of plain files). (Arnaud)
* Fixed bug #48307 (stream_copy_to_stream() copies 0 bytes when $source is a socket). (Arnaud)
* Fixed bug #48273 (snmp*_real_walk() returns SNMP errors as values). (Ilia, lytboris at gmail dot com)
* Fixed bug #48256 (Crash due to double-linking of history.o). (tstarling at wikimedia dot org)
* Fixed bug #48248 (SIGSEGV when access to private property via &__get). (Felipe)
* Fixed bug #48247 (Crash on errors during startup). (Stas)
* Fixed bug #48240 (DBA Segmentation fault dba_nextkey). (Felipe)
* Fixed bug #48224 (Incorrect shuffle in array_rand). (Etienne)
* Fixed bug #48221 (memory leak when passing invalid xslt parameter). (Felipe)
* Fixed bug #48207 (CURLOPT_(FILE|WRITEHEADER options do not error out when working with a non-writable stream). (Ilia)
* Fixed bug #48206 (Iterating over an invalid data structure with RecursiveIteratorIterator leads to a segfault). (Scott)
* Fixed bug #48204 (xmlwriter_open_uri() does not emit warnings on invalid paths). (Ilia)
* Fixed bug #48203 (Crash when CURLOPT_STDERR is set to regular file). (Jani)
* Fixed bug #48202 (Out of Memory error message when passing invalid file path) (Pierre)
* Fixed bug #48156 (Added support for lcov v1.7). (Ilia)
* Fixed bug #48132 (configure check for curl ssl support fails with --disable-rpath). (Jani)
* Fixed bug #48131 (Don't try to bind ipv4 addresses to ipv6 ips via bindto). (Ilia)
* Fixed bug #48070 (PDO_OCI: Segfault when using persistent connection). (Pierre, Matteo, jarismar dot php at gmail dot com)
* Fixed bug #48058 (Year formatter goes wrong with out-of-int range). (Derick)
* Fixed bug #48038 (odbc_execute changes variables used to form params array). (Felipe)
* Fixed bug #47997 (stream_copy_to_stream returns 1 on empty streams). (Arnaud)
* Fixed bug #47991 (SSL streams fail if error stack contains items). (Mikko)
* Fixed bug #47981 (error handler not called regardless). (Hannes)
* Fixed bug #47969 (ezmlm_hash() returns different values depend on OS). (Ilia)
* Fixed bug #47946 (ImageConvolution overwrites background). (Ilia)
* Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)
* Fixed bug #47937 (system() calls sapi_flush() regardless of output buffering). (Ilia)
* Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe)
* Fixed bug #47893 (CLI aborts on non blocking stdout). (Arnaud)
* Fixed bug #47849 (Non-deep import loses the namespace). (Rob)
* Fixed bug #47845 (PDO_Firebird omits first row from query). (Lars W)
* Fixed bug #47836 (array operator [] inconsistency when the array has PHP_INT_MAX index value). (Matt)
* Fixed bug #47831 (Compile warning for strnlen() in main/spprintf.c). (Ilia, rainer dot jung at kippdata dot de)
* Fixed bug #47828 (openssl_x509_parse() segfaults when a UTF-8 conversion fails). (Scott, Kees Cook, Pierre)
* Fixed bug #47818 (Segfault due to bound callback param). (Felipe)
* Fixed bug #47801 (__call() accessed via parent:: operator is provided incorrect method name). (Felipe)
* Fixed bug #47769 (Strange extends PDO). (Felipe)
* Fixed bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer). (Dmitry)
* Fixed bug #47721 (Alignment issues in mbstring and sysvshm extension) (crrodriguez at opensuse dot org, Ilia)
* Fixed bug #47704 (PHP crashes on some "bad" operations with string offsets). (Dmitry)
* Fixed bug #47695 (build error when xmlrpc and iconv are compiled against different iconv versions). (Scott)
* Fixed bug #47667 (ZipArchive::OVERWRITE seems to have no effect). (Mikko, Pierre)
* Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)
* Fixed bug #47639 (pg_copy_from() WARNING: nonstandard use of \\ in a string literal). (Ilia)
* Fixed bug #47616 (curl keeps crashing). (Felipe)
* Fixed bug #47598 (FILTER_VALIDATE_EMAIL is locale aware). (Ilia)
* Fixed bug #47566 (pcntl_wexitstatus() returns signed status). (patch by james at jamesreno dot com)
* Fixed bug #47564 (unpacking unsigned long 32bit bit endian returns wrong result). (Ilia)
* Fixed bug #47487 (performance degraded when reading large chunks after fix of bug #44607). (Arnaud)
* Fixed bug #47468 (enable cli|cgi-only extensions for embed sapi). (Jani)
* Fixed bug #47435 (FILTER_FLAG_NO_PRIV_RANGE does not work with ipv6 addresses in the filter extension). (Ilia)
* Fixed bug #47430 (Errors after writing to nodeValue parameter of an absent previousSibling). (Rob)
* Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems). (Ilia)
* Fixed bug #47254 (Wrong Reflection for extends class). (Felipe)
* Fixed bug #47042 (cgi sapi is incorrectly removing SCRIPT_FILENAME). (Sriram Natarajan, David Soria Parra)
* Fixed bug #46882 (Serialize / Unserialize misbehaviour under OS with different bit numbers). (Matt)
* Fixed bug #46812 (get_class_vars() does not include visible private variable looking at subclass). (Arnaud)
* Fixed bug #46386 (Digest authentication with SOAP module fails against MSSQL SOAP services). (Ilia, lordelph at gmail dot com)
* Fixed bug #46109 (Memory leak when mysqli::init() is called multiple times). (Andrey)
* Fixed bug #45997 (safe_mode bypass with exec/system/passthru (windows only)). (Pierre)
* Fixed bug #45877 (Array key '2147483647' left as string). (Matt)
* Fixed bug #45822 (Near infinite-loops while parsing huge relative offsets). (Derick, Mike Sullivan)
* Fixed bug #45799 (imagepng() crashes on empty image). (Martin McNickle, Takeshi Abe)
* Fixed bug #45622 (isset($arrayObject->p) misbehaves with ArrayObject:: ARRAY_AS_PROPS set). (robin_fernandes at uk dot ibm dot com, Arnaud)
* Fixed bug #45614 (ArrayIterator::current(), ::key() can show 1st private prop of wrapped object). (robin_fernandes at uk dot ibm dot com, Arnaud)
* Fixed bug #45540 (stream_context_create creates bad http request). (Arnaud)
* Fixed bug #45202 (zlib.output_compression can not be set with ini_set()). (Jani)
* Fixed bug #45191 (error_log ignores date.timezone php.ini val when setting logging timestamps). (Derick)
* Fixed bug #45092 (header HTTP context option not being used when compiled using --with-curlwrappers). (Jani)
* Fixed bug #44996 (xmlrpc_decode() ignores time zone on iso8601.datetime). (Ilia, kawai at apache dot org)
* Fixed bug #44827 (define() is missing error checks for class constants). (Ilia)
* Fixed bug #44214 (Crash using preg_replace_callback() and global variables). (Nuno, Scott)
* Fixed bug #43073 (TrueType bounding box is wrong for angle<>0). (Martin McNickle)
* Fixed bug #42663 (gzinflate() try to allocate all memory with truncated data). (Arnaud)
* Fixed bug #42414 (some odbc_*() functions incompatible with Oracle ODBC driver). (jhml at gmx dot net)
* Fixed bug #42362 (HTTP status codes 204 and 304 should not be gzipped). (Scott, Edward Z. Yang)
* Fixed bug #42143 (The constant NAN is reported as 0 on Windows) (Kanwaljeet Singla, Venkat Raman Don)
* Fixed bug #38805 (PDO truncates text from SQL Server text data type field). (Steph)
PHP 5 ChangeLog
Version 5.2.10
18-June-2009
* Security Fixes
o Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
* Updated timezone database to version 2009.9 (2009i) (Derick)
* Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara)
* Added new CURL options CURLOPT_REDIR_PROTOCOLS, CURLOPT_PROTOCOLS, and CURLPROTO_* for redirect fixes in CURL 7.19.4. (Yoram Bar Haim, Stas)
* Added support for Sun CC (FR #46595 and FR #46513). (David Soria Parra)
* Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)
* Fixed memory corruptions while reading properties of zip files. (Ilia)
* Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
* Fixed segfault on invalid session.save_path. (Hannes)
* Fixed leaks in imap when a mail_criteria is used. (Pierre)
* Fixed missing erealloc() in fix for Bug #40091 in spl_autoload_register. (Greg)
* Fixed bug #48562 (Reference recursion causes segfault when used in wddx_serialize_vars()). (Felipe)
* Fixed bug #48557 (Numeric string keys in Apache Hashmaps are not cast to integers). (David Zuelke)
* Fixed bug #48518 (curl crashes when writing into invalid file handle). (Tony)
* Fixed bug #48514 (cURL extension uses same resource name for simple and multi APIs). (Felipe)
* Fixed bug #48469 (ldap_get_entries() leaks memory on empty search results). (Patrick)
* Fixed bug #48456 (CPPFLAGS not restored properly in phpize.m4). (Jani, spisek at kerio dot com)
* Fixed bug #48448 (Compile failure under IRIX 6.5.30 building cast.c). (Kalle)
* Fixed bug #48441 (ldap_search() sizelimit, timelimit and deref options persist). (Patrick)
* Fixed bug #48434 (Improve memory_get_usage() accuracy). (Arnaud)
* Fixed bug #48416 (Force a cache limit in ereg() to stop excessive memory usage). (Scott)
* Fixed bug #48409 (Crash when exception is thrown while passing function arguments). (Arnaud)
* Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
* Fixed bug #48359 (Script hangs on snmprealwalk if OID is not increasing). (Ilia, simonov at gmail dot com)
* Fixed bug #48336 (ReflectionProperty::getDeclaringClass() does not work with redeclared property). (patch by Markus dot Lidel at shadowconnect dot com)
* Fixed bug #48326 (constant MSG_DONTWAIT not defined). (Arnaud)
* Fixed bug #48313 (fgetcsv() does not return null for empty rows). (Ilia)
* Fixed bug #48309 (stream_copy_to_stream() and fpasstru() do not update stream position of plain files). (Arnaud)
* Fixed bug #48307 (stream_copy_to_stream() copies 0 bytes when $source is a socket). (Arnaud)
* Fixed bug #48273 (snmp*_real_walk() returns SNMP errors as values). (Ilia, lytboris at gmail dot com)
* Fixed bug #48256 (Crash due to double-linking of history.o). (tstarling at wikimedia dot org)
* Fixed bug #48248 (SIGSEGV when access to private property via &__get). (Felipe)
* Fixed bug #48247 (Crash on errors during startup). (Stas)
* Fixed bug #48240 (DBA Segmentation fault dba_nextkey). (Felipe)
* Fixed bug #48224 (Incorrect shuffle in array_rand). (Etienne)
* Fixed bug #48221 (memory leak when passing invalid xslt parameter). (Felipe)
* Fixed bug #48207 (CURLOPT_(FILE|WRITEHEADER options do not error out when working with a non-writable stream). (Ilia)
* Fixed bug #48206 (Iterating over an invalid data structure with RecursiveIteratorIterator leads to a segfault). (Scott)
* Fixed bug #48204 (xmlwriter_open_uri() does not emit warnings on invalid paths). (Ilia)
* Fixed bug #48203 (Crash when CURLOPT_STDERR is set to regular file). (Jani)
* Fixed bug #48202 (Out of Memory error message when passing invalid file path) (Pierre)
* Fixed bug #48156 (Added support for lcov v1.7). (Ilia)
* Fixed bug #48132 (configure check for curl ssl support fails with --disable-rpath). (Jani)
* Fixed bug #48131 (Don't try to bind ipv4 addresses to ipv6 ips via bindto). (Ilia)
* Fixed bug #48070 (PDO_OCI: Segfault when using persistent connection). (Pierre, Matteo, jarismar dot php at gmail dot com)
* Fixed bug #48058 (Year formatter goes wrong with out-of-int range). (Derick)
* Fixed bug #48038 (odbc_execute changes variables used to form params array). (Felipe)
* Fixed bug #47997 (stream_copy_to_stream returns 1 on empty streams). (Arnaud)
* Fixed bug #47991 (SSL streams fail if error stack contains items). (Mikko)
* Fixed bug #47981 (error handler not called regardless). (Hannes)
* Fixed bug #47969 (ezmlm_hash() returns different values depend on OS). (Ilia)
* Fixed bug #47946 (ImageConvolution overwrites background). (Ilia)
* Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)
* Fixed bug #47937 (system() calls sapi_flush() regardless of output buffering). (Ilia)
* Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe)
* Fixed bug #47893 (CLI aborts on non blocking stdout). (Arnaud)
* Fixed bug #47849 (Non-deep import loses the namespace). (Rob)
* Fixed bug #47845 (PDO_Firebird omits first row from query). (Lars W)
* Fixed bug #47836 (array operator [] inconsistency when the array has PHP_INT_MAX index value). (Matt)
* Fixed bug #47831 (Compile warning for strnlen() in main/spprintf.c). (Ilia, rainer dot jung at kippdata dot de)
* Fixed bug #47828 (openssl_x509_parse() segfaults when a UTF-8 conversion fails). (Scott, Kees Cook, Pierre)
* Fixed bug #47818 (Segfault due to bound callback param). (Felipe)
* Fixed bug #47801 (__call() accessed via parent:: operator is provided incorrect method name). (Felipe)
* Fixed bug #47769 (Strange extends PDO). (Felipe)
* Fixed bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer). (Dmitry)
* Fixed bug #47721 (Alignment issues in mbstring and sysvshm extension) (crrodriguez at opensuse dot org, Ilia)
* Fixed bug #47704 (PHP crashes on some "bad" operations with string offsets). (Dmitry)
* Fixed bug #47695 (build error when xmlrpc and iconv are compiled against different iconv versions). (Scott)
* Fixed bug #47667 (ZipArchive::OVERWRITE seems to have no effect). (Mikko, Pierre)
* Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)
* Fixed bug #47639 (pg_copy_from() WARNING: nonstandard use of \\ in a string literal). (Ilia)
* Fixed bug #47616 (curl keeps crashing). (Felipe)
* Fixed bug #47598 (FILTER_VALIDATE_EMAIL is locale aware). (Ilia)
* Fixed bug #47566 (pcntl_wexitstatus() returns signed status). (patch by james at jamesreno dot com)
* Fixed bug #47564 (unpacking unsigned long 32bit bit endian returns wrong result). (Ilia)
* Fixed bug #47487 (performance degraded when reading large chunks after fix of bug #44607). (Arnaud)
* Fixed bug #47468 (enable cli|cgi-only extensions for embed sapi). (Jani)
* Fixed bug #47435 (FILTER_FLAG_NO_PRIV_RANGE does not work with ipv6 addresses in the filter extension). (Ilia)
* Fixed bug #47430 (Errors after writing to nodeValue parameter of an absent previousSibling). (Rob)
* Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems). (Ilia)
* Fixed bug #47254 (Wrong Reflection for extends class). (Felipe)
* Fixed bug #47042 (cgi sapi is incorrectly removing SCRIPT_FILENAME). (Sriram Natarajan, David Soria Parra)
* Fixed bug #46882 (Serialize / Unserialize misbehaviour under OS with different bit numbers). (Matt)
* Fixed bug #46812 (get_class_vars() does not include visible private variable looking at subclass). (Arnaud)
* Fixed bug #46386 (Digest authentication with SOAP module fails against MSSQL SOAP services). (Ilia, lordelph at gmail dot com)
* Fixed bug #46109 (Memory leak when mysqli::init() is called multiple times). (Andrey)
* Fixed bug #45997 (safe_mode bypass with exec/system/passthru (windows only)). (Pierre)
* Fixed bug #45877 (Array key '2147483647' left as string). (Matt)
* Fixed bug #45822 (Near infinite-loops while parsing huge relative offsets). (Derick, Mike Sullivan)
* Fixed bug #45799 (imagepng() crashes on empty image). (Martin McNickle, Takeshi Abe)
* Fixed bug #45622 (isset($arrayObject->p) misbehaves with ArrayObject:: ARRAY_AS_PROPS set). (robin_fernandes at uk dot ibm dot com, Arnaud)
* Fixed bug #45614 (ArrayIterator::current(), ::key() can show 1st private prop of wrapped object). (robin_fernandes at uk dot ibm dot com, Arnaud)
* Fixed bug #45540 (stream_context_create creates bad http request). (Arnaud)
* Fixed bug #45202 (zlib.output_compression can not be set with ini_set()). (Jani)
* Fixed bug #45191 (error_log ignores date.timezone php.ini val when setting logging timestamps). (Derick)
* Fixed bug #45092 (header HTTP context option not being used when compiled using --with-curlwrappers). (Jani)
* Fixed bug #44996 (xmlrpc_decode() ignores time zone on iso8601.datetime). (Ilia, kawai at apache dot org)
* Fixed bug #44827 (define() is missing error checks for class constants). (Ilia)
* Fixed bug #44214 (Crash using preg_replace_callback() and global variables). (Nuno, Scott)
* Fixed bug #43073 (TrueType bounding box is wrong for angle<>0). (Martin McNickle)
* Fixed bug #42663 (gzinflate() try to allocate all memory with truncated data). (Arnaud)
* Fixed bug #42414 (some odbc_*() functions incompatible with Oracle ODBC driver). (jhml at gmx dot net)
* Fixed bug #42362 (HTTP status codes 204 and 304 should not be gzipped). (Scott, Edward Z. Yang)
* Fixed bug #42143 (The constant NAN is reported as 0 on Windows) (Kanwaljeet Singla, Venkat Raman Don)
* Fixed bug #38805 (PDO truncates text from SQL Server text data type field). (Steph)
Thursday, March 26, 2009
PHP 5.3.0RC1 Release Announcement
The PHP development team is proud to announce the availability of the first release candidate of PHP 5.3.0 (PHP 5.3.0RC1). This release marks the final phase in a major improvement in the 5.X series, which includes a large number of new features, bug fixes and security enhancements.
The key features of the PHP 5.3 branch include:
- Support for namespaces
- Under the hood performance improvements
- Late static binding
- Lambda functions and closures
- Syntax additions: NOWDOC, limited GOTO, ternary short cut "?:" and __callStatic()
- Optional garbage collection for cyclic references
- Optional mysqlnd PHP native replacement for libmysql
- Improved windows support including VC6 and VC9 binaries
- More consistent float rounding
- Deprecation notices are now handle via E_DEPRECATED (part of E_ALL) instead of the E_STRICT error level
- Several enhancements to enable more flexiblity in php.ini (and ini parsing in general)
- New bundled extensions: ext/phar, ext/intl, ext/fileinfo, ext/sqlite3, ext/enchant
- Countless bug fixes and improvements to existing extensions in particular to: ext/openssl, ext/spl and ext/date
This release also drops several extensions and unifies usage of internal APIs. Users should be aware of the following known backwards compatibility breaks:
- Parameter parsing API unification will cause some functions to behave more or less strict when it comes to type juggling
- Removed the following extensions: ext/mhash (see ext/hash), ext/msql, ext/pspell (see ext/enchant), ext/sybase (see ext/sybase_ct)
- Moved the following extensions to PECL: ext/ming, ext/fbsql, ext/ncurses, ext/fdf
- Removed zend.ze1_compatibility_mode
- See the upgrading guide for other minor changes
All users of PHP, especially those using earlier PHP 5 releases are advised to test this release as the final release of PHP 5.3.0 will eventually obsolete the 5.2 branch of PHP.
For users upgrading from previous PHP 5 releases there is an upgrading guide available here, detailing the changes between those releases and PHP 5.3.0.
Please also note that we are aware of issues surrounding float/integer handling in some edge cases (some of which have been introduced in PHP 5.2.0), as well as a crash bug in NSAPI, that will be fixed in PHP 5.3.0RC2. These issues however do not prevent wide spread testing of PHP 5.3.0RC1 as users can now rely on the feature set and implementation decisions no longer being changed.
The key features of the PHP 5.3 branch include:
- Support for namespaces
- Under the hood performance improvements
- Late static binding
- Lambda functions and closures
- Syntax additions: NOWDOC, limited GOTO, ternary short cut "?:" and __callStatic()
- Optional garbage collection for cyclic references
- Optional mysqlnd PHP native replacement for libmysql
- Improved windows support including VC6 and VC9 binaries
- More consistent float rounding
- Deprecation notices are now handle via E_DEPRECATED (part of E_ALL) instead of the E_STRICT error level
- Several enhancements to enable more flexiblity in php.ini (and ini parsing in general)
- New bundled extensions: ext/phar, ext/intl, ext/fileinfo, ext/sqlite3, ext/enchant
- Countless bug fixes and improvements to existing extensions in particular to: ext/openssl, ext/spl and ext/date
This release also drops several extensions and unifies usage of internal APIs. Users should be aware of the following known backwards compatibility breaks:
- Parameter parsing API unification will cause some functions to behave more or less strict when it comes to type juggling
- Removed the following extensions: ext/mhash (see ext/hash), ext/msql, ext/pspell (see ext/enchant), ext/sybase (see ext/sybase_ct)
- Moved the following extensions to PECL: ext/ming, ext/fbsql, ext/ncurses, ext/fdf
- Removed zend.ze1_compatibility_mode
- See the upgrading guide for other minor changes
All users of PHP, especially those using earlier PHP 5 releases are advised to test this release as the final release of PHP 5.3.0 will eventually obsolete the 5.2 branch of PHP.
For users upgrading from previous PHP 5 releases there is an upgrading guide available here, detailing the changes between those releases and PHP 5.3.0.
Please also note that we are aware of issues surrounding float/integer handling in some edge cases (some of which have been introduced in PHP 5.2.0), as well as a crash bug in NSAPI, that will be fixed in PHP 5.3.0RC2. These issues however do not prevent wide spread testing of PHP 5.3.0RC1 as users can now rely on the feature set and implementation decisions no longer being changed.
Subscribe to:
Posts (Atom)