PHP 5 ChangeLog

2012 年 9 月 15 日291,0340

PHP 5 ChangeLog

Version 5.4.7

13-September-2012

Core

CURL

Fixed bug #62912 (CURLINFO_PRIMARY_* AND CURLINFO_LOCAL_* not exposed)
Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE)

DateTime

Fixed bug #62852 (Unserialize invalid DateTime causes crash)

Intl

Installation

Fixed bug #62460 (php binaries installed as binary.dSYM)

PCRE

Fixed bug #55856 (preg_replace should fail on trailing garbage)

PDO

Fixed bug #62685 (Wrong return datatype in PDO::inTransaction())

Reflection

Fixed bug #62892 (ReflectionClass::getTraitAliases crashes on importing trait methods as private)
Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong result)

Session

Fixed bug (segfault due to retval is not initialized)
Fixed bug (segfault due to PS(mod_user_implemented) not be reseted when close handler call exit)

SPL

Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray)
Implemented FR #62840 (Add sort flag to ArrayObject::ksort)

Standard

Fixed bug #62836 (Seg fault or broken object references on unserialize())

FPM

Merged PR 121 by minitux to add support for slow request counting on PHP FPM status page

Version 5.3.17

13-September-2012

Core

CURL

Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE)

DateTime

Fixed bug #62852 (Unserialize invalid DateTime causes crash)

Intl

Fix null pointer dereferences in some classes of ext/intl

MySQLnd

Fixed bug #62885 (mysqli_poll - Segmentation fault)

PDO

Fixed bug #62685 (Wrong return datatype in PDO::inTransaction())

Session

Fixed bug (segfault due to retval is not initialized)

SPL

Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray)

Enchant

Fixed bug #62838 (enchant_dict_quick_check() destroys zval, but fails to initialize it)

Version 5.4.6

16-August-2012

CLI Server

Implemented FR #62700 (have the console output 'Listening on http://localhost:8000').

Core

CURL

Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false).

DateTime

Fixed bug #62500 (Segfault in DateInterval class when extended).

Fileinfo

Fixed bug #61964 (finfo_open with directory causes invalid free).

Intl

Fixed bug #62564 (Extending MessageFormatter and adding property causes crash).

MySQLnd

Fixed bug #62594 (segfault in mysqlnd_res_meta::set_mode).

readline

Fixed bug #62612 (readline extension compilation fails with sapi/cli/cli.h: No such file).

Reflection

Implemented FR #61602 (Allow access to name of constant used as default value).

SimpleXML

Implemented FR #55218 (Get namespaces from current node).

SPL

Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault).
Fixed bug #61527 (ArrayIterator gives misleading notice on next() when moved to the end).

Streams

Fixed bug #62597 (segfault in php_stream_wrapper_log_error with ZTS build).

Zlib

Fixed bug #55544 (ob_gzhandler always conflicts with zlib.output_compression).

Version 5.3.16

16-August-2012

Core

CURL

Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE).
Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false).

DateTime

Fixed bug #62500 (Segfault in DateInterval class when extended).

Enchant

Fixed bug #62838 (enchant_dict_quick_check() destroys zval, but fails to initialize it).

PDO

Fixed bug #62685 (Wrong return datatype in PDO::inTransaction()).

Reflection

Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong result).

Session

Fixed bug (segfault due to retval is not initialized).

SPL

Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault).

Version 5.4.5

19-July-2012

Core

EXIF

Fixed information leak in ext exif

FPM

Iconv

Fixed bug #55042 (Erealloc in iconv.c unsafe)

Intl

JSON

Fixed bug #61359 (json_encode() calls too many reallocs)

libxml

Fixed bug #62266 (Custom extension segfaults during xmlParseFile with FPM SAPI)

Phar

Fixed bug #62227 (Invalid phar stream path causes crash)

Readline

Fixed bug #62186 (readline fails to compile - void function should not return a value)

Reflection

Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault)
Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant)

Sockets

Fixed bug #62025 (__ss_family was changed on AIX 5.3)

SPL

Fixed bug #62433 (Inconsistent behavior of RecursiveDirectoryIterator to dot files)
Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)

XML Writer

Fixed bug #62064 (memory leak in the XML Writer module)

Zip

Upgraded libzip to 0.10.

Version 5.3.15

19-July-2012

Zend Engine

Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon)

COM

Fixed bug #62146 com_dotnet cannot be built shared

Core

Fileinfo

Fixed magic file regex support

FPM

Intl

JSON

Reverted fix for bug #61537

Phar

Fixed bug #62227 (Invalid phar stream path causes crash)

Reflection

Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault)
Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant)

SPL

Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)

SQLite

Fixed open_basedir bypass, CVE-2012-3365

XML Write

Fixed bug #62064 (memory leak in the XML Writer module)

Zip

Upgraded libzip to 0.10

Version 5.4.4

06-June-2012

CLI SAPI

Core

CURL

Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)

COM

Fixed bug #62146 com_dotnet cannot be built shared

Fileinfo

Fixed bug #61812 (Uninitialised value used in libmagic)

FPM

Iconv

Fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail

Intl

Fixed bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()

JSON

Fixed bug #61537 (json_encode() incorrectly truncates/discards information)

LibXML

Fixed bug #61617 (Libxml tests failed(ht is already destroyed))

PDO

Fixed bug #61755 (A parsing bug in the prepared statements can lead to access violations)

Phar

Fixed bug #61065 (Secunia SA44335) (CVE-2012-2386)

Streams

Fixed bug #61961 (file_get_contents leaks when access empty file with maxlen set)

zlib

Version 5.3.14

06-June-2012

CLI SAPI

Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi)

Core

CURL

Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)

COM

Fixed bug #62146 com_dotnet cannot be built shared

Fileinfo

Fixed bug #61812 (Uninitialised value used in libmagic)

Iconv

Fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail

Intl

Fixed bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()

JSON

Fixed bug #61537 (json_encode() incorrectly truncates/discards information)

PDO

Fixed bug #61755 (A parsing bug in the prepared statements can lead to access violations)

Phar

Fixed bug #61065 (Secunia SA44335)

Streams

Fixed bug #61961 (file_get_contents leaks when access empty file with maxlen set)

Version 5.4.3

08-May-2012

Fixed bug #61807 Buffer Overflow in apache_request_headers, CVE-2012-2329.
Fixed bug #61910 Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311.

Version 5.3.13

08-May-2012

Fixed bug #61910 Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311.

Version 5.4.2

03-May-2012

Fixed bug #61910 Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.

Version 5.3.12

03-May-2012

Fixed bug #61910 Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.

Version 5.4.1

26-Apr-2012

CLI Server

Fixed bug #61461 (missing checks around malloc() calls).
Implemented #60850 (Built in web server does not set
$_SERVER['SCRIPT_FILENAME'] when using router).

Core

Fixed crash in ZTS using same class in many threads.
Fixed bug #61374 (html_entity_decode tries to decode code points that don't
exist in ISO-8859-1).
Fixed bug #61011 (Crash when an exception is thrown by __autoload
accessing a static property).
Fixed bug #60978 (exit code incorrect).
Fixed bug #60911 (Confusing error message when extending traits).
Fixed bug #60717 (Order of traits in use statement can cause a fatal
error).
Fixed bug #60573 (type hinting with "self" keyword causes weird errors).

Fileinfo

Fix fileinfo test problems.

Intl

Fixed bug #61487 (Incorrent bounds checking in grapheme_strpos).

mbstring

MFH mb_ereg_replace_callback() for security enhancements.

mysqlnd

Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled).

Standard

Fixed bug #60106 (stream_socket_server silently truncates long unix socket
paths).

Version 5.3.11

26-Apr-2012

Core

Fixed bug #61650 (ini parser crashes when using ${xxxx} ini variables
(without apache2)).
Fixed bug #61273 (call_user_func_array with more than 16333 arguments
leaks / crashes).
Fixed bug #61165 (Segfault - strip_tags()).
Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>).
Fixed bug #61087 (Memory leak in parse_ini_file when specifying
invalid scanner mode).
Fixed bug #61072 (Memory leak when restoring an exception handler).
Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX).
Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
vars).
Fixed bug #60895 (Possible invalid handler usage in windows random
functions).
Fixed bug #54374 (Insufficient validating of upload name leading to
corrupted $_FILES indices). (CVE-2012-1172).
Fixed bug #52719 (array_walk_recursive crashes if third param of the
function is by reference).
Improve performance of set_exception_handler while doing reset.
Fixed bug #51860 (Include fails with toplevel symlink to /).

DOM

Added debug info handler to DOM objects.

FPM

Fixed bug #61430 (Transposed memset() params in sapi/fpm/fpm/fpm_shm.)
Fixed bug #60811 (php-fpm compilation problem).

Fileinfo

Upgraded libmagic to 5.
Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a
directory descriptor under windows.
Fixed bug #61566 failure caused by the posix lseek and read versions
under windows in cdf_read().
Fixed bug #61173 (Unable to detect error from finfo constructor).

Firebird Database extension (ibase)

Fixed bug #60802 (ibase_trans() gives segfault when passing params).

Ibase

Fixed bug #60947 (Segmentation fault while executing ibase_db_info).

Installation

Fixed bug #61172 (Add Apache 2.4 support).

mysqli

Fixed bug #61003 (mysql_stat() require a valid connection).

PDO_mysql

Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't
always work).
Fixed bug #61194 (PDO should export compression flag with myslqnd).

PDO_odbc

Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO).

PDO_pgsql

Fixed bug #61267 (pdo_pgsql's PDO::exec() returns the number of SELECTed
rows on postgresql >= 9).

PDO_Sqlite extension

Add createCollation support.

pgsql

Fixed bug #60718 (Compile problem with libpq (PostgreSQL 7.3 or less).

Phar

Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL
bytes).

Readline

Fixed bug #61088 (Memory leak in readline_callback_handler_install).
Add open_basedir checks to readline_write_history and readline_read_history.

Reflection

Fixed bug #61388 (ReflectionObject:getProperties() issues invalid reads
when get_properties returns a hash table with (inaccessible) dynamic
numeric properties).
Fixed bug #60968 (Late static binding doesn't work with
ReflectionMethod::invokeArgs()).

Session

Fixed bug #60860 (session.save_handler=user without defined function core
dumps).
Fixed bug #60634 (Segmentation fault when trying to die() in
SessionHandler::write()).

SOAP

Fixed bug #61423 (gzip compression fails).
Fixed bug #60887 (SoapClient ignores user_agent option and sends no
User-Agent header).
Fixed bug #60842, Fixed bug #51775 (Chunked response parsing error when
chunksize length line is > 10 bytes).
Fixed bug #49853 (Soap Client stream context header option ignored).

SPL

Fixed memory leak when calling SplFileInfo's constructor twice.
Fixed bug #61418 (Segmentation fault when DirectoryIterator's or
FilesystemIterator's iterators are requested more than once without
having had its dtor callback called in between).
Fixed bug #61347 (inconsistent isset behavior of Arrayobject).
Fixed bug #61326 (ArrayObject comparison).

SQLite3 extension

Add createCollation() method.

Streams

Fixed bug #61371 (stream_context_create() causes memory leaks on use
streams_socket_create).
Fixed bug #61253 (Wrappers opened with errors concurrency problem on ZTS).
Fixed bug #61115 (stream related segfault on fatal error in
php_stream_context_link).
Fixed bug #60817 (stream_get_line() reads from stream even when there is
already sufficient data buffered). stream_get_line() now behaves more like
fgets(), as is documented.
Further fix for bug Fixed bug #60455 (stream_get_line misbehaves if EOF is not
detected together with the last read).
Fixed bug #60106 (stream_socket_server silently truncates long unix
socket paths).

Tidy

Fixed bug #54682 (tidy null pointer dereference).

XMLRPC

Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary
variable).
Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals).

Zlib

Version 5.4.0

01-Mar-2012

autoconf 2.59+ is now supported (and required) for generating the
configure script with ./buildconf. Autoconf 2.60+ is desirable
otherwise the configure help order may be incorrect.

Removed legacy features

Session bug compatibility mode (session.bug_compat_42 and
session.bug_compat_warn ini options).
session_is_registered(), session_register() and session_unregister()
functions.
y2k_compliance ini option.
magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase
ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept
but always return false, set_magic_quotes_runtime raises an
E_CORE_ERROR.
Removed support for putenv("TZ=..") for setting the timezone.
Removed the timezone guessing algorithm in case the timezone isn't set with
date.timezone or date_default_timezone_set(). Instead of a guessed
timezone, "UTC" is now used instead.

Moved extensions to PECL

ext/sqlite. (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are
not affected)

General improvements

Added short array syntax support ([1,2,3]), see UPGRADING guide for full
details.
Added binary numbers format (0b001010).
Added support for Class::{expr}() syntax.
Added multibyte support by default. Previously php had to be compiled
with --enable-zend-multibyte. Now it can be enabled or disabled through
zend.multibyte directive in php.ini.
Implemented Zend Signal Handling (configurable option --enable-zend-signals,
off by default).
Improved output layer, see README.NEW-OUTPUT-API for internals.
Improved unix build system to allow building multiple PHP binary SAPIs and
one SAPI module the same time. #53271, #52419.
Implemented closure rebinding as parameter to bindTo.
Improved the warning message of incompatible arguments.
Improved ternary operator performance when returning arrays.
Changed error handlers to only generate docref links when the docref_root
INI setting is not empty.
Changed silent conversion of array to string to produce a notice.
Changed default value of "default_charset" php.ini option from ISO-8859-1 to
UTF-8.
Changed silent casting of null/''/false into an Object when adding
a property into a warning.
Changed E_ALL to include E_STRICT.
Disabled windows CRT warning by default, can be enabled again using the ini
directive windows_show_crt_warnings.
Fixed bug #55378: Binary number literal returns float number though its
value is small enough.

Improved Zend Engine memory usage

Improved parse error messages.
Replaced zend_function.pass_rest_by_reference by
ZEND_ACC_PASS_REST_BY_REFERENCE in zend_function.fn_flags.
Replaced zend_function.return_reference by ZEND_ACC_RETURN_REFERENCE
in zend_function.fn_flags.
Removed zend_arg_info.required_num_args as it was only needed for internal
functions. Now the first arg_info for internal functions (which has special
meaning) is represented by zend_internal_function_info structure.
Moved zend_op_array.size, size_var, size_literal, current_brk_cont,
backpatch_count into CG(context) as they are used only during compilation.
Moved zend_op_array.start_op into EG(start_op) as it's used only for
'interactive' execution of single top-level op-array.
Replaced zend_op_array.done_pass_two by ZEND_ACC_DONE_PASS_TWO in
zend_op_array.fn_flags.
op_array.vars array is trimmed (reallocated) during pass_two.
Replaced zend_class_entry.constants_updated by ZEND_ACC_CONSTANTS_UPDATED
in zend_class_entry.ce_flags.
Reduced the size of zend_class_entry by sharing the same memory space
by different information for internal and user classes.
See zend_class_entry.info union.
Reduced size of temp_variable.

Improved Zend Engine, performance tweaks and optimizations

Inlined most probable code-paths for arithmetic operations directly into
executor.
Eliminated unnecessary iterations during request startup/shutdown.
Changed $GLOBALS into a JIT autoglobal, so it's initialized only if used.
(this may affect opcode caches!)
Improved performance of @ (silence) operator.
Simplified string offset reading. $str[1][0] is now a legal construct.
Added caches to eliminate repeatable run-time bindings of functions,
classes, constants, methods and properties.
Added concept of interned strings. All strings constants known at compile
time are allocated in a single copy and never changed.
Simplified ZEND_FETCH_*_R operations. They can't be used with the
EXT_TYPE_UNUSED flag any more. This is a very rare and useless case.
ZEND_FREE might be required after them instead.
Split ZEND_RETURN into two new instructions ZEND_RETURN and
ZEND_RETURN_BY_REF.
Optimized access to global constants using values with pre-calculated
hash_values from the literals table.
Optimized access to static properties using executor specialization.
A constant class name may be used as a direct operand of ZEND_FETCH_*
instruction without previous ZEND_FETCH_CLASS.
zend_stack and zend_ptr_stack allocation is delayed until actual usage.

Other improvements to Zend Engine

Added an optimization which saves memory and emalloc/efree calls for empty
HashTables.
Added ability to reset user opcode handlers.
Changed the structure of op_array.opcodes. The constant values are moved from
opcode operands into a separate literal table.
Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods.
Fixed bug #43200 (Interface implementation / inheritence not possible in
abstract classes).

Improved core functions

Added optional argument to debug_backtrace() and debug_print_backtrace()
to limit the amount of stack frames returned.
Added hex2bin() function.
number_format() no longer truncates multibyte decimal points and thousand
separators to the first byte. #53457.
Added support for object references in recursive serialize() calls.
#36424.
Added support for SORT_NATURAL and SORT_FLAG_CASE in array
sort functions (sort, rsort, ksort, krsort, asort, arsort and
array_multisort). #55158.
Added stream metadata API support and stream_metadata() stream class
handler.
User wrappers can now define a stream_truncate() method that responds
to truncation, e.g. through ftruncate(). #53888.
Improved unserialize() performance.
Changed array_combine() to return empty array instead of FALSE when both
parameter arrays are empty. #34857.
Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
$double=false).
Fixed bug #60895 (Possible invalid handler usage in windows random
functions).
Fixed bug #60321 (ob_get_status(true) no longer returns an array when
buffer is empty).
Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers).
Fixed bug #60240 (invalid read/writes when unserializing specially crafted
strings).
Fixed bug #60227 (header() cannot detect the multi-line header with
CR(0x0D)).
the data exceeds or is equal to 2048 bytes).
Fixed bug #55748 (multiple NULL Pointer Dereference with zend_strndup())
(CVE-2011-4153).
Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds).
Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux
parisc).
Fixed bug #55705 (Omitting a callable typehinted argument causes a segfault).
Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to
is_a and is_subclass_of).
Fixed bug #55471 (ZTS build broken with dtrace).
Fixed bug #55124 (recursive mkdir fails with current (dot) directory in path).
Fixed bug #55084 (Function registered by header_register_callback is
called only once per process).
Implement #54514 (Get php binary path during script execution).
Fixed bug #52624 (tempnam() by-pass open_basedir with nonexistent
directory).
Fixed bug #52211 (iconv() returns part of string on error).
Fixed bug #51860 (Include fails with toplevel symlink to /).

Improved generic SAPI support

Added $_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision.
Added max_input_vars directive to prevent attacks based on hash collisions.
Added header_register_callback() which is invoked immediately
prior to the sending of headers and after default headers have
been added.
Added http_response_code() function. #52555.
Fixed bug #55500 (Corrupted $_FILES indices lead to security concern).
Fixed bug #54374 (Insufficient validating of upload name leading to
corrupted $_FILES indices).

Improved Apache SAPI

Fixed bug #60205 (possible integer overflow in content_length).

Improved CLI SAPI

Added friendly log messages. #55109.
Added built-in web server that is intended for testing purpose.
Added command line option --rz <name> which shows information of the
named Zend extension.
Interactive readline shell improvements

Added "cli.pager" php.ini setting to set a pager for output.
Added "cli.prompt" php.ini setting to configure the shell prompt.
Added shortcut #inisetting=value to change ini settings at run-time.
Changed shell not to terminate on fatal errors.
Interactive shell works with shared readline extension. #53878.

Fixed bug #60591 (Memory leak when access a non-exists file).
Fixed bug #60523 (PHP Errors are not reported in browsers using built-in
SAPI).
Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
one 200 RQ and one 404).
Implement #60390 (Missing $_SERVER['SERVER_PORT']).
Fixed bug #60180 ($_SERVER["PHP_SELF"] incorrect).
Fixed bug #60159 (Router returns false, but POST is not passed to requested
resource).
Fixed bug #55726 (Changing the working directory makes router script
inaccessible).

Improved CGI/FastCGI SAPI

Added apache compatible functions: apache_child_terminate(),
getallheaders(), apache_request_headers() and apache_response_headers().
Improved performance of FastCGI request parsing.
Fixed reinitialization of SAPI callbacks after php_module_startup().

Improved PHP-FPM SAPI

Dropped restriction of not setting the same value multiple times, the last
one holds.
Lowered default value for Process Manager. #54098.
Enhanced security by limiting access to user defined extensions.
#55181.

Improved Litespeed SAPI

Fixed bug #55769 (Make Fails with "Missing Separator" error).

Improved BCmath extension

Fixed bug #60377 (bcscale related crashes on 64bits platforms).

Improved CURL extension

Added support for CURLOPT_MAX_RECV_SPEED_LARGE and
CURLOPT_MAX_SEND_SPEED_LARGE. #51815.
Fixed bug #60439 (curl_copy_handle segfault when used with
CURLOPT_PROGRESSFUNCTION).

Improved Date extension

Added the + modifier to parseFromFormat to allow trailing text in the
string to parse without throwing an error.

Improved DBA extension

Added Tokyo Cabinet abstract DB support.
Added Berkeley DB 5 support.

Improved DOM extension

Added the ability to pass options to loadHTML.

Improved filesystem functions

scandir() now accepts SCANDIR_SORT_NONE as a possible sorting_order value.
#53407.

Improved fileinfo extension

Improved HASH extension

Improved intl extension

Added Spoofchecker class, allows checking for visibly confusable characters and
other security issues.

Improved JSON extension

Added support for JSON_NUMERIC_CHECK option in json_encode() that converts
numeric strings to integers.
Added new json_encode() option JSON_UNESCAPED_SLASHES. #49366.
Added new json_encode() option JSON_PRETTY_PRINT. #44331.

Improved LDAP extension

Added paged results support. #42060.

Improved mbstring extension

Added Shift_JIS/UTF-8 Emoji (pictograms) support.
Added JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
support.
Added user JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
support.

Improved MS SQL extension

Fixed bug #60267 (Compile failure with freetds 0.91).

Improved MySQL extensions

MySQL: Deprecated mysql_list_dbs(). #50667.
mysqlnd: Added named pipes support. #48082.
MySQLi: Added iterator support in MySQLi. mysqli_result implements
Traversable.
PDO_mysql: Removed support for linking with MySQL client libraries older
than 4.1.
ext/mysql, mysqli and pdo_mysql now use mysqlnd by default.
Fixed bug #55473 (mysql_pconnect leaks file descriptors on reconnect).
Fixed bug #55653 (PS crash with libmysql when binding same variable as
param and out).

Improved OpenSSL extension

Added AES support. #48632.
Added a "no_ticket" SSL context option to disable the SessionTicket TLS
extension. #53447.
Added no padding option to openssl_encrypt()/openssl_decrypt().
Use php's implementation for Windows Crypto API in
openssl_random_pseudo_bytes.
On error in openssl_random_pseudo_bytes() made sure we set strong result
to false.
Fixed segfault with older versions of OpenSSL.
Fixed possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
CVE-2011-3389.
Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
Fixed bug #60279 (Fixed NULL pointer dereference in
stream_socket_enable_crypto, case when ssl_handle of session_stream is not
initialized.

Improved Oracle Database extension (OCI8)

Improved PDO

Fixed PDO objects binary incompatibility.

PDO DBlib driver

Added nextRowset support.
Fixed bug #60033 (Incorrectly merged PDO dblib patches break
uniqueidentifier column type).
Fixed bug #50755 (PDO DBLIB Fails with OOM).

Improved Pdo Firebird driver

Fixed bug #53280 (segfaults if query column count less than param count).
Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO Firebird).
Fixed bug #47415 (segfaults when passing lowercased column name to
bindColumn).

Improved PostgreSQL extension

Added support for "extra" parameter for PGNotify().

Improved preg extension

Changed third parameter of preg_match_all() to optional. #53238.

Improved readline extension

Fixed bug #54450 (Enable callback support when built against libedit).

Improved Reflection extension

Added ReflectionClass::newInstanceWithoutConstructor() to create a new
instance of a class without invoking its constructor. #55490.
Added ReflectionExtension::isTemporary() and
ReflectionExtension::isPersistent() methods.
Fixed bug #60357 (__toString() method triggers E_NOTICE "Array to string
conversion").

Improved Session extension

Changed session.entropy_file to default to /dev/urandom or /dev/arandom if
either is present at compile time.
Fixed bug #60860 (session.save_handler=user without defined function core
dumps).
Implement #60551 (session_set_save_handler should support a core's
session handler interface).
Fixed bug #60640 (invalid return values).

Improved SNMP extension

Added OO API. #53594 (php-snmp rewrite).
Sanitized return values of existing functions. Now it returns FALSE on
failure.
Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to max_oids
upon request.
Introducing unit tests for extension with ~full coverage.
IPv6 support. (#42918)
Way of representing OID value can now be changed when SNMP_VALUE_OBJECT
is used for value output mode. Use or'ed SNMP_VALUE_LIBRARY(default if
not specified) or SNMP_VALUE_PLAIN. (#54502)
Fixed bug #60749 (SNMP module should not strip non-standard SNMP port
from hostname).
Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support
is disabled).

Improved SOAP extension

Added new SoapClient option "keep_alive". #60329.
Fixed basic HTTP authentication for WSDL sub requests.

Improved SPL extension

Immediately reject wrong usages of directories under Spl(Temp)FileObject
and friends.
FilesystemIterator, GlobIterator and (Recursive)DirectoryIterator now use
the default stream context.
Fixed bug #60201 (SplFileObject::setCsvControl does not expose third
argument via Reflection).
Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
Fixed bug #55287 (spl_classes() not includes CallbackFilter classes)

Improved Sysvshm extension

Fixed bug #55750 (memory copy issue in sysvshm extension).

Improved Tidy extension

Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference).

Improved Tokenizer extension

Fixed bug #54089 (token_get_all with regards to __halt_compiler is
not binary safe).

Improved XSL extension

Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs() to
define forbidden operations within XSLT stylesheets, default is not to
enable write operations from XSLT. Fixed bug #54446.
XSL doesn't stop transformation anymore, if a PHP function can't be called

Improved ZLIB extension

Re-implemented non-file related functionality.
Fixed bug #55544 (ob_gzhandler always conflicts with zlib.output_compression).

Version 5.3.10

02-Feb-2012

Core:

Fixed arbitrary remote code execution vulnerability reported by Stefan
Esser, CVE-2012-0830.

Version 5.3.9

10-Jan-2012

Core:

Added max_input_vars directive to prevent attacks based on hash collisions
(Dmitry).
Fixed bug #60205 (possible integer overflow in content_length). (Laruence)
Fixed bug #60139 (Anonymous functions create cycles not detected by the
GC). (Dmitry)
Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator)
(Dmitry).
Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when
the data exceeds or is equal to 2048 bytes). (Pierre, Pascal Borreli)
Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe)
Fixed bug #60019 (Function time_nanosleep() is undefined on OS X). (Ilia)
Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs).
(klightspeed at netspace dot net dot au)
Fixed bug #55798 (serialize followed by unserialize with numeric object
prop. gives integer prop). (Gustavo)
Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds). (Pierre)
Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux
parisc). (Felipe)
Fixed bug #55674 (fgetcsv & str_getcsv skip empty fields in some
tab-separated records). (Laruence)
Fixed bug #55649 (Undefined function Bug()). (Laruence)
Fixed bug #55622 (memory corruption in parse_ini_string). (Pierre)
Fixed bug #55576 (Cannot conditionally move uploaded file without race
condition). (Gustavo)
Fixed bug #55510: $_FILES 'name' missing first character after upload.
(Arpad)
Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)
Fixed bug #55504 (Content-Type header is not parsed correctly on
HTTP POST request). (Hannes)
Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to
is_a and is_subclass_of). (alan_k)
Fixed bug #52461 (Incomplete doctype and missing xmlns).
(virsacer at web dot de, Pierre)
Fixed bug #55366 (keys lost when using substr_replace an array). (Arpad)
Fixed bug #55273 (base64_decode() with strict rejects whitespace after
pad). (Ilia)
Fixed bug #52624 (tempnam() by-pass open_basedir with nonnexistent
directory). (Felipe)
Fixed bug #50982 (incorrect assumption of PAGE_SIZE size). (Dmitry)
Fixed invalid free in call_user_method() function. (Felipe)
Fixed bug #43200 (Interface implementation / inheritence not possible in
abstract classes). (Felipe)

BCmath:

Fixed bug #60377 (bcscale related crashes on 64bits platforms). (shm)

Calendar:

Fixed bug #55797 (Integer overflow in SdnToGregorian leads to segfault (in
optimized builds). (Gustavo)

cURL:

Fixed bug #60439 (curl_copy_handle segfault when used with
CURLOPT_PROGRESSFUNCTION). (Pierrick)
Fixed bug #54798 (Segfault when CURLOPT_STDERR file pointer is closed
before calling curl_exec). (Hannes)
Fixed issues were curl_copy_handle() would sometimes lose copied
preferences. (Hannes)

DateTime:

Fixed bug #60373 (Startup errors with log_errors on cause segfault).
(Derick)
Fixed bug #60236 (TLA timezone dates are not converted properly from
timestamp). (Derick)
Fixed bug #55253 (DateTime::add() and sub() result -1 hour on objects with
time zone type 2). (Derick)
Fixed bug #54851 (DateTime::createFromFormat() doesn't interpret "D").
(Derick)
Fixed bug #53502 (strtotime with timezone memory leak). (Derick)
Fixed bug #52062 (large timestamps with DateTime::getTimestamp and
DateTime::setTimestamp). (Derick)
Fixed bug #51994 (date_parse_from_format is parsing invalid date using 'yz'
format). (Derick)
Fixed bug #52113 (Seg fault while creating (by unserialization)
DatePeriod). (Derick)
Fixed bug #48476 (cloning extended DateTime class without calling
parent::__constr crashed PHP). (Hannes)

EXIF:

Fixed bug #60150 (Integer overflow during the parsing of invalid exif
header). (Stas, flolechaud at gmail dot com)

Fileinfo:

Filter:

Fixed Bug #55478 (FILTER_VALIDATE_EMAIL fails with internationalized
domain name addresses containing >1 -). (Ilia)

FTP:

Fixed bug #60183 (out of sync ftp responses). (bram at ebskamp dot me,
rasmus)

Gd:

Fixed bug #60160 (imagefill() doesn't work correctly
for small images). (Florian)

Intl:

Fixed bug #60192 (SegFault when Collator not constructed
properly). (Florian)
Fixed memory leak in several Intl locale functions. (Felipe)

JSON:

Fixed bug #55543 (json_encode() with JSON_NUMERIC_CHECK fails on objects
with numeric string properties). (Ilia, dchurch at sciencelogic dot com)

mbstring:

Fixed possible crash in mb_ereg_search_init() using empty pattern. (Felipe)

MS SQL:

Fixed bug #60267 (Compile failure with freetds 0.91). (Felipe)

MySQL:

Fixed bug #55550 (mysql.trace_mode miscounts result sets). (Johannes)

MySQLi extension:

Fixed bug #55859 (mysqli->stat property access gives error). (Andrey)
Fixed bug #55582 (mysqli_num_rows() returns always 0 for unbuffered, when
mysqlnd is used). (Andrey)
Fixed bug #55703 (PHP crash when calling mysqli_fetch_fields).
(eran at zend dot com, Laruence)

mysqlnd:

Fixed bug #55609 (mysqlnd cannot be built shared). (Johannes)
Fixed bug #55067 (MySQL doesn't support compression - wrong config option).
(Andrey)

NSAPI SAPI:

Don't set $_SERVER['HTTPS'] on unsecure connection (bug #55403). (Uwe
Schindler)

OpenSSL:

Fixed bug #60279 (Fixed NULL pointer dereference in
stream_socket_enable_crypto, case when ssl_handle of session_stream is not
initialized.) (shm)
Fix segfault with older versions of OpenSSL. (Scott)

Oracle Database extension (OCI8):

Fixed bug #59985 (show normal warning text for OCI_NO_DATA).
(Chris Jones)
Increased maximum Oracle error message buffer length for new 11.2.0.3 size.
(Chris Jones)
Improve internal initalization failure error messages. (Chris Jones)

PDO

Fixed bug #55776 (PDORow to session bug). (Johannes)

PDO Firebird:

Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO Firebird).
(Mariuz)
Fixed bug #47415 (PDO_Firebird segfaults when passing lowercased column name to bindColumn).
Fixed bug #53280 (PDO_Firebird segfaults if query column count less than param count).
(Mariuz)

PDO MySQL driver:

Fixed bug #60155 (pdo_mysql.default_socket ignored). (Johannes)
Fixed bug #55870 (PDO ignores all SSL parameters when used with mysql
native driver). (Pierre)
Fixed bug #54158 (MYSQLND+PDO MySQL requires #define
MYSQL_OPT_LOCAL_INFILE). (Andrey)

PDO OCI driver:

Fixed bug #55768 (PDO_OCI can't resume Oracle session after it's been
killed). (mikhail dot v dot gavrilov at gmail dot com, Chris Jones, Tony)

Phar:

Fixed bug #60261 (NULL pointer dereference in phar). (Felipe)
Fixed bug #60164 (Stubs of a specific length break phar_open_from_fp
scanning for __HALT_COMPILER). (Ralph Schindler)
Fixed bug #53872 (internal corruption of phar). (Hannes)
Fixed bug #52013 (Unable to decompress files in a compressed phar). (Hannes)

PHP-FPM SAPI:

Fixed bug #60659 (FPM does not clear auth_user on request accept).
(bonbons at linux-vserver dot org)
Fixed bug #60629 (memory corruption when web server closed the fcgi fd).
(fat)
Implemented FR #52569 (Add the "ondemand" process-manager
to allow zero children). (fat)
Fixed bug #55486 (status show BIG processes number). (fat)
Fixed bug #55577 (status.html does not install). (fat)
Backported from 5.4 branch (Dropped restriction of not setting the same
value multiple times, the last one holds).
(giovanni at giacobbi dot net, fat)
Backported FR #55166 from 5.4 branch (Added process.max to control
the number of process FPM can fork). (fat)
Backported FR #55181 from 5.4 branch (Enhance security by limiting access
to user defined extensions). (fat)
Backported FR #54098 from 5.4 branch (Lowered process manager
default value). (fat)
Backported FR #52052 from 5.4 branch (Added partial syslog support). (fat)
Implemented FR #54577 (Enhanced status page with full status and details
about each processes. Also provide a web page (status.html) for
real-time FPM status. (fat)
Enhance error log when the primary script can't be open. FR #60199. (fat)
Added .phar to default authorized extensions. (fat)

Postgres:

Fixed bug #60244 (pg_fetch_* functions do not validate that row param
is >0). (Ilia)

Reflection:

Fixed bug #60367 (Reflection and Late Static Binding). (Laruence)

Session:

Fixed bug #55267 (session_regenerate_id fails after header sent). (Hannes)

SimpleXML:

Reverted the SimpleXML->query() behaviour to returning empty arrays
instead of false when no nodes are found as it was since 5.3.3
(bug #48601). (chregu, rrichards)

SOAP

Fixed bug #54911 (Access to a undefined member in inherit SoapClient may
cause Segmentation Fault). (Dmitry)
Fixed bug #48216 (PHP Fatal error: SOAP-ERROR: Parsing WSDL:
Extra content at the end of the doc, when server uses chunked transfer
encoding with spaces after chunk size). (Dmitry)
Fixed bug #44686 (SOAP-ERROR: Parsing WSDL with references). (Dmitry)

Sockets:

Fixed bug #60048 (sa_len a #define on IRIX). (china at thewrittenword dot
com)

SPL:

Fixed bug #60082 (Crash in ArrayObject() when using recursive references).
(Tony)
Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
(jgotti at modedemploi dot fr, Hannes)
Fixed bug #54304 (RegexIterator::accept() doesn't work with scalar values).
(Hannes)

Streams:

Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together
with the last read). (Gustavo)

Tidy:

Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference).
(Maksymilian Arciemowicz, Felipe)

XSL:

Added xsl.security_prefs ini option to define forbidden operations within
XSLT stylesheets, default is not to enable write operations. This option
won't be in 5.4, since there's a new method. Fixes Bug #54446. (Chregu,
Nicolas Gregoire)


Version 5.3.8

23-Aug-2011

Core:

Fixed bug #55439 (crypt() returns only the salt for MD5). (Stas)

OpenSSL:

Reverted a change in timeout handling restoring PHP 5.3.6 behavior,
as the new behavior caused mysqlnd SSL connections to hang (
Bug #55283).
(Pierre, Andrey, Johannes)


Version 5.3.7

18-Aug-2011

Upgraded bundled SQLite to version 3.7.7.1. (Scott)
Upgraded bundled PCRE to version 8.12. (Scott)

Zend Engine:

Core:

Apache2 Handler SAPI:

Fixed bug #54529 (SAPI crashes on apache_config.c:197). (hebergement at riastudio dot fr)

CLI SAPI:

Fixed bug #52496 (Zero exit code on option parsing failure). (Ilia)

cURL extension:

DateTime extension:

DBA extension:

Supress warning on non-existent file open with Berkeley DB 5.2 (Chris Jones)
Fixed bug #54242 (dba_insert returns true if key already exists). (Felipe)

Exif extesion:

Fixed bug #54121 (error message format string typo). (Ilia)

Fileinfo extension:

Fixed bug #54934 (Unresolved symbol strtoull in HP-UX 11.11). (Felipe)

Filter extension:

Added 3rd parameter to filter_var_array() and filter_input_array() functions that allows disabling addition of empty elements. (Ilia)
Fixed bug #53037 (FILTER_FLAG_EMPTY_STRING_NULL is not implemented). (Ilia)

Interbase extension:

Fixed bug #54269 (Short exception message buffer causes crash). (Felipe)

intl extension:

Implemented FR Fixed bug #54561 (Expose ICU version info). (David Zuelke, Ilia)
Implemented FR Fixed bug #54540 (Allow loading of arbitrary resource bundles when fallback is disabled). (David Zuelke, Stas)

Imap extension:

Fixed bug #55313 (Number of retries not set when params specified). (kevin at kevinlocke dot name)

json extension:

Fixed bug #54484 (Empty string in json_decode doesn't reset json_last_error()). (Ilia)

LDAP extension:

Fixed bug #53339 (Fails to build when compilng with gcc 4.5 and DSO libraries). (Clint Byrum, Raphael)

libxml extension:

Fixed bug #54601 (Removing the doctype node segfaults). (Hannes)
Fixed bug #54440 (libxml extension ignores default context). (Gustavo)

mbstring extension:

Fixed bug #54494 (mb_substr() mishandles UTF-32LE and UCS-2LE). (Gustavo)

MCrypt extension:

Change E_ERROR to E_WARNING in mcrypt_create_iv when not enough data has been fetched (Windows). (Pierre)
Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random data on Windows). (Pierre)

MySQL Improved extension:

Fixed Bug Fixed bug #54221 (mysqli::get_warnings segfault when used in multi queries). (Andrey)

mysqlnd

Fixed crash when using more than 28,000 bound parameters. Workaround is to set mysqlnd.net_cmd_buffer_size to at least 9000. (Andrey)
Fixed bug #54674 mysqlnd valid_sjis_(head|tail) is using invalid operator and range). (nihen at megabbs dot com, Andrey)

MySQLi extension:

Fixed bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections). (Andrey)

OpenSSL extension:

Oracle Database extension (OCI8):

Added oci_client_version() returning the runtime Oracle client library version (Chris Jones)

. PCRE extension:

Increased the backtrack limit from 100000 to 1000000 (Rasmus)

PDO extension:

Fixed bug #54929 (Parse error with single quote in sql comment). (Felipe)
Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE settings). (Ilia)

PDO DBlib driver:

Fixed bug #54329 (MSSql extension memory leak). (dotslashpok at gmail dot com)
Fixed bug #54167 (PDO_DBLIB returns null on SQLUNIQUE field). (mjh at hodginsmedia dot com, Felipe)

PDO ODBC driver:

Fixed data type usage in 64bit. (leocsilva at gmail dot com)

PDO MySQL driver:

PDO PostgreSQL driver:

Fixed bug #54318 (Non-portable grep option used in PDO pgsql configuration). (bwalton at artsci dot utoronto dot ca)

PDO Oracle driver:

Fixed bug #44989 (64bit Oracle RPMs still not supported by pdo-oci). (jbnance at tresgeek dot net)

Phar extension:

Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters). (Felipe)

PHP-FPM SAPI:

Fixed memory leak. (fat) Reported and fixed by Giovanni Giacobbi.

Reflection extension:

Fixed bug #54347 (reflection_extension does not lowercase module function name). (Felipe, laruence at yahoo dot com dot cn)

SOAP extension:

Fixed bug #55323 (SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION contains itself). (Dmitry)
Fixed bug #54312 (soap_version logic bug). (tom at samplonius dot org)

Sockets extension:

SPL extension:

Streams:


Version 5.3.6

17-Mar-2011

Upgraded bundled Sqlite3 to version 3.7.4. (Ilia)
Upgraded bundled PCRE to version 8.11. (Ilia)

Zend Engine:

Core:

Calendar extension:

Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to segfault). (Gustavo)

DOM extension:

Implemented FR #39771 (Made DOMDocument::saveHTML accept an optional DOMNode like DOMDocument::saveXML). (Gustavo)

DateTime extension:

Exif extension:

Fixed bug #54002 (crash on crafted tag, reported by Luca Carettoni). (Pierre) (CVE-2011-0708)

Filter extension:

Fileinfo extension:

Fixed bug #54016 (finfo_file() Cannot determine filetype in archives). (Hannes)

Gettext

Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE environment variable are set). (Pierre)

IMAP extension:

Implemented FR #53812 (get MIME headers of the part of the email). (Stas)
Fixed bug #53377 (imap_mime_header_decode() doesn't ignore \t during long MIME header unfolding). (Adam)

Intl extension:

JSON extension:

Fixed bug #53963 (Ensure error_code is always set during some failed decodings). (Scott)

mysqlnd

Fixed problem with always returning 0 as num_rows for unbuffered sets. (Andrey, Ulf)

MySQL Improved extension:

OpenSSL extension:

PDO MySQL driver:

Fixed bug #53551 (PDOStatement execute segfaults for pdo_mysql driver). (Johannes)
Implemented FR #47802 (Support for setting character sets in DSN strings). (Kalle)

PDO Oracle driver:

Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on ORACLE 10). (spatar at mail dot nnov dot ru)

PDO PostgreSQL driver:

Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu)

Phar extension:

PHP-FPM SAPI:

Readline extension:

Fixed bug #53630 (Fixed parameter handling inside readline() function). (jo at feuersee dot de, Ilia)

Reflection extension:

Fixed bug #53915 (ReflectionClass::getConstant(s) emits fatal error on constants with self::). (Gustavo)

Shmop extension:

Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe) Reported by Jose Carlos Norte (CVE-2011-1092)

SNMP extension:

Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly). (Boris Lytochkin)

SOAP extension:

Fixed possible crash introduced by the NULL poisoning patch. (Mateusz Kocielski, Pierre)

SPL extension:

SQLite3 extension:

Streams:

Tokenizer Extension

Fixed bug #54089 (token_get_all() does not stop after __halt_compiler). (Ilia)

XSL extension:

Fixed memory leaked introduced by the NULL poisoning patch. (Mateusz Kocielski, Pierre)

Zip extension:


Version 5.3.5

06-Jan-2011

Fixed bug #53632 (PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645) (Rasmus, Scott)


Version 5.2.17

06-Jan-2011

Fixed bug #53632 (PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645) (Rasmus, Scott)


Version 5.2.16

16-Dec-2010

Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu)
Fixed bug #53516 (Regression in open_basedir handling). (Ilia)


Version 5.3.4

09-Dec-2010

Upgraded bundled Sqlite3 to version 3.7.3. (Ilia)
Upgraded bundled PCRE to version 8.10. (Ilia)

Security enhancements:

Fixed crash in zip extract method (possible CWE-170).
(Maksymilian Arciemowicz, Pierre)
Paths with NULL in them (foo\0bar.txt) are now considered as invalid. (Rasmus)
Fixed a possible double free in imap extension (Identified by Mateusz
Kocielski). (CVE-2010-4150). (Ilia)
Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
(CVE-2010-3709). (Maksymilian Arciemowicz)
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data) (CVE-2010-3710). (Adam)

General improvements:

Added stat support for zip stream. (Pierre)
Added follow_location (enabled by default) option for the http stream
support. (Pierre)
Improved support for is_link and related functions on Windows. (Pierre)
Added a 3rd parameter to get_html_translation_table. It now takes a charset
hint, like htmlentities et al. (Gustavo)

Implemented feature requests:

Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect
zend multibyte at runtime. (Kalle)
Implemented FR #52173, added functions pcntl_get_last_error() and
pcntl_strerror(). (nick dot telford at gmail dot com, Arnaud)
Implemented symbolic links support for open_basedir checks. (Pierre)
Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre)
Implemented FR #50692, not uploaded files don't count towards
max_file_uploads limit. As a side improvement, temporary files are not opened
for empty uploads and, in debug mode, 0-length uploads. (Gustavo)

Improved MySQLnd:

Added new character sets to mysqlnd, which are available in MySQL 5.5
(Andrey)

Improved PHP-FPM SAPI:

Added '-p/--prefix' to php-fpm to use a custom prefix and run multiple
instances. (fat)
Added custom process title for FPM. (fat)
Added '-t/--test' to php-fpm to check and validate FPM conf file. (fat)
Added statistics about listening socket queue length for FPM.
(andrei dot nigmatulin at gmail dot com, fat)

Core:

Fixed extract() to do not overwrite $GLOBALS and $this when using
EXTR_OVERWRITE. (jorto at redhat dot com)
Fixed bug in the Windows implementation of dns_get_record, where the two
last parameters wouldn't be filled unless the type were DNS_ANY (Gustavo).
Changed the $context parameter on copy() to actually have an effect. (Kalle)
Fixed htmlentities/htmlspecialchars accepting certain ill-formed UTF-8
sequences. (Gustavo)
Fixed bug #53409 (sleep() returns NULL on Windows). (Pierre)
Fixed bug #53319 (strip_tags() may strip '<br />' incorrectly). (Felipe)
Fixed bug #53304 (quot_print_decode does not handle lower-case hex digits).
(Ilia, daniel dot mueller at inexio dot net)
Fixed bug #53248 (rawurlencode RFC 3986 EBCDIC support misses tilde char).
(Justin Martin)
Fixed bug #53226 (file_exists fails on big filenames). (Adam)
Fixed bug #53198 (changing INI setting "from" with ini_set did not have any
effect). (Gustavo)
Fixed bug #53180 (post_max_size=0 not disabling the limit when the content
type is application/x-www-form-urlencoded or is not registered with PHP).
(gm at tlink dot de, Gustavo)
Fixed bug #53141 (autoload misbehaves if called from closing session).
(ladislav at marek dot su)
Fixed bug #53021 (In html_entity_decode, failure to convert numeric entities
with ENT_NOQUOTES and ISO-8859-1). Fixed and extended the fix of ENT_NOQUOTES
in html_entity_decode that had introduced the bug (rev #185591) to other
encodings. Additionaly, html_entity_decode() now doesn't decode &#34; if
ENT_NOQUOTES is given. (Gustavo)
Fixed bug #52931 (strripos not overloaded with function overloading enabled).
(Felipe)
Fixed bug #52772 (var_dump() doesn't check for the existence of
get_class_name before calling it). (Kalle, Gustavo)
Fixed bug #52534 (var_export array with negative key). (Felipe)
Fixed bug #52327 (base64_decode() improper handling of leading padding in
strict mode). (Ilia)
Fixed bug #52260 (dns_get_record fails with non-existing domain on Windows).
(a_jelly_doughnut at phpbb dot com, Pierre)
Fixed bug #50953 (socket will not connect to IPv4 address when the host has
both IPv4 and IPv6 addresses, on Windows). (Gustavo, Pierre)
Fixed bug #50524 (proc_open on Windows does not respect cwd as it does on
other platforms). (Pierre)
Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number
of reported malformed sequences). (CVE-2010-3870) (Gustavo)
Fixed bug #49407 (get_html_translation_table doesn't handle UTF-8). (Gustavo)
Fixed bug #48831 (php -i has different output to php --ini). (Richard,
Pierre)
Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4).
(Felipe)
Fixed bug #47168 (printf of floating point variable prints maximum of 40
decimal places). (Ilia)
Fixed bug #46587 (mt_rand() does not check that max is greater than min).
(Ilia)
Fixed bug #29085 (bad default include_path on Windows). (Pierre)
Fixed bug #25927 (get_html_translation_table calls the ' &#39; instead of
&#039;). (Gustavo)

Zend engine:

Reverted fix for bug #51176 (Static calling in non-static method behaves
like $this->). (Felipe)
Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED.
(Kalle)
Fixed NULL dereference in lex_scan on zend multibyte builds where the script
had a flex incompatible encoding and there was no converter. (Gustavo)
Fixed covariance of return-by-ref constraints. (Etienne)
Fixed bug #53305 (E_NOTICE when defining a constant starts with
__COMPILER_HALT_OFFSET__). (Felipe)
Fixed bug #52939 (zend_call_function does not respect ZEND_SEND_PREFER_REF).
(Dmitry)
Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset
can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
Fixed bug #52786 (PHP should reset section to [PHP] after ini sections).
(Fedora at famillecollet dot com)
Fixed bug #52508 (newline problem with parse_ini_file+INI_SCANNER_RAW).
(Felipe)
Fixed bug #52484 (__set() ignores setting properties with empty names).
(Felipe)
Fixed bug #52361 (Throwing an exception in a destructor causes invalid
catching). (Dmitry)
Fixed bug #51008 (Zend/tests/bug45877.phpt fails). (Dmitry)

Build issues:

Fixed bug #52436 (Compile error if systems do not have stdint.h)
(Sriram Natarajan)
Fixed bug #50345 (nanosleep not detected properly on some solaris versions).
(Ulf, Tony)
Fixed bug #49215 (make fails on glob_wrapper). (Felipe)

Calendar extension:

Fixed bug #52744 (cal_days_in_month incorrect for December 1 BCE).
(gpap at internet dot gr, Adam)

cURL extension:

Fixed bug #52828 (curl_setopt does not accept persistent streams).
(Gustavo, Ilia)
Fixed bug #52827 (cURL leaks handle and causes assertion error
(CURLOPT_STDERR)). (Gustavo)
Fixed bug #52202 (CURLOPT_PRIVATE gets corrupted). (Ilia)
Fixed bug #50410 (curl extension slows down PHP on Windows). (Pierre)

DateTime extension:

Fixed bug #53297 (gettimeofday implementation in php/win32/time.c can return
1 million microsecs). (ped at 7gods dot org)
Fixed bug #52668 (Iterating over a dateperiod twice is broken). (Derick)
Fixed bug #52454 (Relative dates and getTimestamp increments by one day).
(Derick)
Fixed bug #52430 (date_parse parse 24:xx:xx as valid time). (Derick)
Added support for the ( and ) delimiters/separators to
DateTime::createFromFormat(). (Derick)

DBA extension:

Added Berkeley DB 5.1 support to the DBA extension. (Oracle Corp.)

DOM extension:

Fixed bug #52656 (DOMCdataSection does not work with splitText). (Ilia)

Filter extension:

Fixed the filter extension accepting IPv4 octets with a leading 0 as that
belongs to the unsupported "dotted octal" representation. (Gustavo)
Fixed bug #53236 (problems in the validation of IPv6 addresses with leading
and trailing :: in the filter extension). (Gustavo)
Fixed bug #50117 (problems in the validation of IPv6 addresses with IPv4
addresses and ::). (Gustavo)

GD extension:

Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre)

GMP extension:

Fixed bug #52906 (gmp_mod returns negative result when non-negative is
expected). (Stas)
Fixed bug #52849 (GNU MP invalid version match). (Adam)

Hash extension:

Fixed bug #51003 (unaligned memory access in ext/hash/hash_tiger.c).
(Mike, Ilia)

Iconv extension:

Fixed bug #52941 (The 'iconv_mime_decode_headers' function is skipping
headers). (Adam)
Fixed bug #52599 (iconv output handler outputs incorrect content type
when flags are used). (Ilia)
Fixed bug #51250 (iconv_mime_decode() does not ignore malformed Q-encoded
words). (Ilia)

Intl extension:

Fixed crashes on invalid parameters in intl extension. (CVE-2010-4409). (Stas, Maksymilian
Arciemowicz)
Added support for formatting the timestamp stored in a DateTime object.
(Stas)
Fixed bug #50590 (IntlDateFormatter::parse result is limited to the integer
range). (Stas)

Mbstring extension:

Fixed bug #53273 (mb_strcut() returns garbage with the excessive length
parameter). (CVE-2010-4156) (Mateusz Kocielski, Pierre, Moriyoshi)
Fixed bug #52981 (Unicode casing table was out-of-date. Updated with
UnicodeData-6.0.0d7.txt and included the source of the generator program with
the distribution) (Gustavo).
Fixed bug #52681 (mb_send_mail() appends an extra MIME-Version header).
(Adam)

MSSQL extension:

Fixed possible crash in mssql_fetch_batch(). (Kalle)
Fixed bug #52843 (Segfault when optional parameters are not passed in to
mssql_connect). (Felipe)

MySQL extension:

Fixed bug #52636 (php_mysql_fetch_hash writes long value into int).
(Kalle, rein at basefarm dot no)

MySQLi extension:

Fixed bug #52891 (Wrong data inserted with mysqli/mysqlnd when using
mysqli_stmt_bind_param and value> PHP_INT_MAX). (Andrey)
Fixed bug #52686 (mysql_stmt_attr_[gs]et argument points to incorrect type).
(rein at basefarm dot no)
Fixed bug #52654 (mysqli doesn't install headers with structures it uses).
(Andrey)
Fixed bug #52433 (Call to undefined method mysqli::poll() - must be static).
(Andrey)
Fixed bug #52302 (mysqli_fetch_all does not work with MYSQLI_USE_RESULT).
(Andrey)
Fixed bug #52221 (Misbehaviour of magic_quotes_runtime (get/set)). (Andrey)
Fixed bug #45921 (Can't initialize character set hebrew). (Andrey)

MySQLnd:

Fixed bug #52613 (crash in mysqlnd after hitting memory limit). (Andrey)

ODBC extension:

Fixed bug #52512 (Broken error handling in odbc_execute).
(mkoegler at auto dot tuwien dot ac dot at)

Openssl extension:

Fixed possible blocking behavior in openssl_random_pseudo_bytes on Windows.
(Pierre)
Fixed bug #53136 (Invalid read on openssl_csr_new()). (Felipe)
Fixed bug #52947 (segfault when ssl stream option capture_peer_cert_chain
used). (Felipe)

Oracle Database extension (OCI8):

Fixed bug #53284 (Valgrind warnings in oci_set_* functions) (Oracle Corp.)
Fixed bug #51610 (Using oci_connect causes PHP to take a long time to
exit). Requires Oracle 11.2.0.2 client libraries (or Oracle bug fix
9891199) for this patch to have an effect. (Oracle Corp.)

PCNTL extension:

Fixed bug #52784 (Race condition when handling many concurrent signals).
(nick dot telford at gmail dot com, Arnaud)

PCRE extension:

Fixed bug #52971 (PCRE-Meta-Characters not working with utf-8). (Felipe)
Fixed bug #52732 (Docs say preg_match() returns FALSE on error, but it
returns int(0)). (slugonamission at gmail dot com)

PHAR extension:

Fixed bug #50987 (unaligned memory access in phar.c).
(geissert at debian dot org, Ilia)

PHP-FPM SAPI:

Fixed bug #53412 (segfault when using -y). (fat)
Fixed inconsistent backlog default value (-1) in FPM on many systems. (fat)
Fixed bug #52501 (libevent made FPM crashed when forking - libevent has
been removed). (fat)
Fixed bug #52725 (gcc builtin atomic functions were sometimes used when they
were not available). (fat)
Fixed bug #52693 (configuration file errors are not logged to stderr). (fat)
Fixed bug #52674 (FPM Status page returns inconsistent Content-Type headers).
(fat)
Fixed bug #52498 (libevent was not only linked to php-fpm). (fat)

PDO:

Fixed bug #52699 (PDO bindValue writes long int 32bit enum).
(rein at basefarm dot no)
Fixed bug #52487 (PDO::FETCH_INTO leaks memory). (Felipe)

PDO DBLib driver:

Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values).
(Felipe)

PDO Firebird driver:

Restored firebird support (VC9 builds only). (Pierre)
Fixed bug #53335 (pdo_firebird did not implement rowCount()).
(preeves at ibphoenix dot com)
Fixed bug #53323 (pdo_firebird getAttribute() crash).
(preeves at ibphoenix dot com)

PDO MySQL driver:

Fixed bug #52745 (Binding params doesn't work when selecting a date inside a
CASE-WHEN). (Andrey)

PostgreSQL extension:

Fixed bug #47199 (pg_delete() fails on NULL). (ewgraf at gmail dot com)

Reflection extension:

Fixed ReflectionProperty::isDefault() giving a wrong result for properties
obtained with ReflectionClass::getProperties(). (Gustavo)
Fixed bug #53366 (Reflection doesnt get dynamic property value from
getProperty()). (Felipe)
Fixed bug #52854 (ReflectionClass::newInstanceArgs does not work for classes
without constructors). (Johannes)

SOAP extension:

Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy
with SoapClient object). (Dmitry)

SPL extension:

Fixed bug #53362 (Segmentation fault when extending SplFixedArray). (Felipe)
Fixed bug #53279 (SplFileObject doesn't initialise default CSV escape
character). (Adam)
Fixed bug #51763 (SplFileInfo::getType() does not work symbolic link
and directory). (Pierre)
Fixed bug #50481 (Storing many SPLFixedArray in an array crashes). (Felipe)
Fixed bug #50579 (RegexIterator::REPLACE doesn't work). (Felipe)

SQLite3 extension:

Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number).
(Felipe)

Streams:

Fixed forward stream seeking emulation in streams that don't support seeking
in situations where the read operation gives back less data than requested
and when there was data in the buffer before the emulation started. Also made
more consistent its behavior -- should return failure every time less data
than was requested was skipped. (Gustavo)
Fixed bug #53241 (stream casting that relies on fdopen/fopencookie fails
with streams opened with, inter alia, the 'xb' mode). (Gustavo)
Fixed bug #53006 (stream_get_contents has an unpredictable behavior when the
underlying stream does not support seeking). (Gustavo)
Fixed bug #52944 (Invalid write on second and subsequent reads with an
inflate filter fed invalid data). (Gustavo)
Fixed bug #52820 (writes to fopencookie FILE* not commited when seeking the
stream). (Gustavo)

WDDX extension:

Fixed bug #52468 (wddx_deserialize corrupts integer field value when left
empty). (Felipe)

Zlib extension:

Fixed bug #52926 (zlib fopen wrapper does not use context). (Gustavo)


Version 5.2.15

08-Dec-2010


Version 5.3.3

22-Jul-2010

Upgraded bundled sqlite to version 3.6.23.1. (Ilia)
Upgraded bundled PCRE to version 8.02. (Ilia)

Added fifth parameter to openssl_encrypt()/openssl_decrypt() (string $iv) to use non-NULL IV.
Made implicit use of NULL IV a warning. (Sara)

Changed namespaced classes so that the ctor can only be named __construct now. (Stas)
Reset error state in PDO::beginTransaction() reset error state. (Ilia)

Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
Reported by Stefan Esser. (Dmitry)


Version 5.2.14

22-Jul-2010

Reverted bug fix #49521 (PDO fetchObject sets values before calling constructor). (Felipe)

Updated timezone database to version 2010.5. (Derick)
Upgraded bundled PCRE to version 8.02. (Ilia)

Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken).
(Adam, patch from hiroaki dot kawai at gmail dot com).
Fixed bug #43314 (iconv_mime_encode(), broken Q scheme). (Rasmus)
Fixed bug #33210 (getimagesize() fails to detect width/height on certain
JPEGs). (Ilia)
Fixed bug #23229 (syslog() truncates messages). (Adam)


Version 5.3.2

04-Mar-2010

Security Fixes


Version 5.2.13

25-Feb-2010

Security Fixes


Version 5.3.1

19-Nov-2009

Security Fixes


Version 5.3.0

30-Jun-2009

Upgraded bundled PCRE to version 7.9. (Nuno)
Upgraded bundled sqlite to version 3.6.15. (Scott)

Moved extensions to PECL (Derick, Lukas, Pierre, Scott):

Removed the experimental RPL (master/slave) functions from mysqli. (Andrey)
Removed zend.ze1_compatibility_mode. (Dmitry)
Removed all zend_extension_* php.ini directives. Zend extensions are now
always loaded using zend_extension directive. (Derick)
Removed special treatment of "/tmp" in sessions for open_basedir.
Note: This undocumented behaviour was introduced in 5.2.2. (Alexey)
Changed HTTP stream wrapper to accept any code between and including
200 to 399 as successful. (Mike, Noah Fontes)
Changed __call() to be invoked on private/protected method access, similar to
properties and __get(). (Andrei)
Changed dl() to be disabled by default. Enabled only when explicitly
registered by the SAPI. Currently enabled with cli, cgi and embed SAPIs.
(Dmitry)
Changed opendir(), dir() and scandir() to use default context when no context
argument is passed. (Sara)
Changed open_basedir to allow tightening in runtime contexts. (Sara)
Changed PHP/Zend extensions to use flexible build IDs. (Stas)
Changed error level E_ERROR into E_WARNING in Soap extension methods
parameter validation. (Felipe)
Changed openssl info to show the shared library version number. (Scott)
Changed floating point behaviour to consistently use double precision on all
platforms and with all compilers. (Christian Seiler)
Changed round() to act more intuitively when rounding to a certain precision
and round very large and very small exponents correctly. (Christian Seiler)
Changed session_start() to return false when session startup fails. (Jani)
Changed property_exists() to check the existence of a property independent of
accessibility (like method_exists()). (Felipe)
Changed array_reduce() to allow mixed $initial (Christian Seiler)

Improved PHP syntax and semantics:

Added support for using static HEREDOCs to initialize static variables and
class members or constants. (Matt)
Improved syntax highlighting and consistency for variables in double-quoted
strings and literal text in HEREDOCs and backticks. (Matt)
Added support for dynamic access of static members using $foo::myFunc().
(Etienne Kneuss)
Improved checks for callbacks. (Marcus)
Added __DIR__ constant. (Lars Strojny)
Added new error modes E_USER_DEPRECATED and E_DEPRECATED.
E_DEPRECATED is used to inform about stuff being scheduled for removal
in future PHP versions. (Lars Strojny, Felipe, Marcus)
Added "request_order" INI variable to control specifically $_REQUEST
behavior. (Stas)
Added support for exception linking. (Marcus)
Added ability to handle exceptions in destructors. (Marcus)

Improved PHP runtime speed and memory usage:

Substitute global-scope, persistent constants with their values at compile
time. (Matt)
Optimized ZEND_RETURN opcode to not allocate and copy return value if it is
not used. (Dmitry)
Replaced all flex based scanners with re2c based scanners.
(Marcus, Nuno, Scott)
Added garbage collector. (David Wang, Dmitry).
Improved PHP binary size and startup speed with GCC4 visibility control.
(Nuno)
Improved engine stack implementation for better performance and stability.
(Dmitry)
Improved memory usage by moving constants to read only memory.
(Dmitry, Pierre)
Changed exception handling. Now each op_array doesn't contain
ZEND_HANDLE_EXCEPTION opcode in the end. (Dmitry)
Optimized require_once() and include_once() by eliminating fopen(3) on
second usage. (Dmitry)
Optimized ZEND_FETCH_CLASS + ZEND_ADD_INTERFACE into single
ZEND_ADD_INTERFACE opcode. (Dmitry)
Optimized string searching for a single character.
(Michal Dziemianko, Scott)
Optimized interpolated strings to use one less opcode. (Matt)

Improved php.ini handling: (Jani)

Added ".htaccess" style user-defined php.ini files support for CGI/FastCGI.
Added support for special [PATH=/opt/httpd/www.example.com/] and
[HOST=www.example.com] sections. Directives set in these sections can
not be overridden by user-defined ini-files or during runtime.
Added 3rd optional parameter to parse_ini_file() to specify the scanning
mode of INI_SCANNER_NORMAL or INI_SCANNER_RAW. In raw mode option values
and section values are treated as-is.
Fixed get_cfg_var() to be able to return "array" ini options.
Added optional parameter to ini_get_all() to only retrieve the current
value. (Hannes)

Improved Windows support:

Update all libraries to their latest stable version. (Pierre, Rob, Liz,
Garrett).
Added Windows support for stat(), touch(), filemtime(), filesize() and
related functions. (Pierre)
Re-added socket_create_pair() for Windows in sockets extension. (Kalle)
Added inet_pton() and inet_ntop() also for Windows platforms.
(Kalle, Pierre)
Added mcrypt_create_iv() for Windows platforms. (Pierre)
Added ACL Cache support on Windows.
(Kanwaljeet Singla, Pierre, Venkat Raman Don)
Added constants based on Windows' GetVersionEx information.
PHP_WINDOWS_VERSION_* and PHP_WINDOWS_NT_*. (Pierre)
Added support for ACL (is_writable, is_readable, reports now correct
results) on Windows. (Pierre, Venkat Raman Don, Kanwaljeet Singla)
Added support for fnmatch() on Windows. (Pierre)
Added support for time_nanosleep() and time_sleep_until() on Windows.
(Pierre)
Added support for symlink(), readlink(), linkinfo() and link() on Windows.
They are available only when the running platform supports them. (Pierre)
Drastically improve the build procedure (Pierre, Kalle, Rob):

VC9 (Visual C++ 2008) or later support
Initial experimental x64 support

MSI installer now supports all recent Windows versions, including
Windows 7. (John, Kanwaljeet Singla)

Improved and cleaned CGI code:

FastCGI is now always enabled and cannot be disabled.
See sapi/cgi/CHANGES for more details. (Dmitry)
Added CGI SAPI -T option which can be used to measure execution
time of script repeated several times. (Dmitry)

Improved streams:

Improved DNS API

Added Windows support for dns_check_record(), dns_get_mx(), checkdnsrr() and
getmxrr(). (Pierre)
Added support for old style DNS functions (supports OSX and FBSD). (Scott)
Added a new "entries" array in dns_check_record() containing the TXT
elements. (Felipe, Pierre)

Improved hash extension:

Improved IMAP support (Pierre):

Added imap_gc() to clear the imap cache
Added imap_utf8_to_mutf7() and imap_mutf7_to_utf8()

Improved mbstring extension:

Added "mbstring.http_output_conv_mimetypes" INI directive that allows
common non-text types such as "application/xhtml+xml" to be converted
by mb_output_handler(). (Moriyoshi)

Improved OCI8 extension (Chris Jones/Oracle Corp.):

Added Database Resident Connection Pooling (DRCP) and Fast
Application Notification (FAN) support.
Added support for Oracle External Authentication (not supported
on Windows).
Improve persistent connection handling of restarted DBs.
Added SQLT_AFC (aka CHAR datatype) support to oci_bind_by_name.
Fixed bug #45458 (Numeric keys for associative arrays are not
handled properly)
Fixed bug #41069 (Segmentation fault with query over DB link).
Fixed define of SQLT_BDOUBLE and SQLT_BFLOAT constants with Oracle
10g ORACLE_HOME builds.
Changed default value of oci8.default_prefetch from 10 to 100.
Fixed PECL bug #16035 (OCI8: oci_connect without ORACLE_HOME defined causes
segfault) (Chris Jones/Oracle Corp.)
Fixed PECL bug #15988 (OCI8: sqlnet.ora isn't read with older Oracle
libraries) (Chris Jones/Oracle Corp.)
Fixed PECL bug #14268 (Allow "pecl install oci8" command to "autodetect" an
Instant Client RPM install) (Chris Jones/Oracle Corp.)
Fixed PECL bug #12431 (OCI8 ping functionality is broken).
Allow building (e.g from PECL) the PHP 5.3-based OCI8 code with
PHP 4.3.9 onwards.
Provide separate extensions for Oracle 11g and 10g on Windows.
(Pierre, Chris)

Improved OpenSSL extension:

Fixed bug caused by uninitilized variables in openssl_pkcs7_encrypt() and
openssl_pkcs7_sign(). (Henrique)
Fixed error message in openssl_seal(). (Henrique)

Improved pcntl extension: (Arnaud)

Improved SOAP extension:

Added support for element names in context of XMLSchema's <any>. (Dmitry)
Added ability to use Traversable objects instead of plain arrays.
(Joshua Reese, Dmitry)
Fixed possible crash bug caused by an uninitialized value. (Zdash Urf)

Improved SPL extension:

Added SPL to list of standard extensions that cannot be disabled. (Marcus)
Added ability to store associative information with objects in
SplObjectStorage. (Marcus)

Improved Zend Engine:

Added "compact" handler for Zend MM storage. (Dmitry)
Added "+" and "*" specifiers to zend_parse_parameters(). (Andrei)
Added concept of "delayed early binding" that allows opcode caches to
perform class declaration (early and/or run-time binding) in exactly
the same order as vanilla PHP. (Dmitry)

Improved crypt() function: (Pierre)

Added Blowfish and extended DES support. (Using Blowfish implementation
from Solar Designer).
Made crypt features portable by providing our own implementations
for crypt_r and the algorithms which are used when OS does not provide
them. PHP implementations are always used for Windows builds.

Deprecated session_register(), session_unregister() and
session_is_registered(). (Hannes)
Deprecated define_syslog_variables(). (Kalle)
Deprecated ereg extension. (Felipe)

Added new extensions:

Added Enchant extension as a way to access spell checkers. (Pierre)
Added fileinfo extension as replacement for mime_magic extension. (Derick)
Added intl extension for Internationalization. (Ed B., Vladimir I.,
Dmitry L., Stanislav M., Vadim S., Kirti V.)
Added mysqlnd extension as replacement for libmysql for ext/mysql, mysqli
and PDO_mysql. (Andrey, Johannes, Ulf)
Added phar extension for handling PHP Archives. (Greg, Marcus, Steph)
Added SQLite3 extension. (Scott)

Added new date/time functionality: (Derick)

date_parse_from_format(): Parse date/time strings according to a format.
date_create_from_format()/DateTime::createFromFormat(): Create a date/time
object by parsing a date/time string according to a given format.
date_get_last_errors()/DateTime::getLastErrors(): Return a list of warnings
and errors that were found while parsing a date/time string through:

support for abbreviation and offset based timezone specifiers for
the 'e' format specifier, DateTime::__construct(), DateTime::getTimeZone()
and DateTimeZone::getName().
support for selectively listing timezone identifiers by continent or
country code through timezone_identifiers_list() / DateTimezone::listIdentifiers().
timezone_location_get() / DateTimezone::getLocation() for retrieving
location information from timezones.
date_timestamp_set() / DateTime::setTimestamp() to set a Unix timestamp
without invoking the date parser. (Scott, Derick)
date_timestamp_get() / DateTime::getTimestamp() to retrieve the Unix
timestamp belonging to a date object.
two optional parameters to timezone_transitions_get() /
DateTimeZone::getTranstions() to limit the range of transitions being
returned.
support for adding/subtracting weekdays with strtotime() and
DateTime::modify().
DateInterval class to represent the difference between two date/times.
support for parsing ISO intervals for use with DateInterval.
date_add() / DateTime::add(), date_sub() / DateTime::sub() for applying an
interval to an existing date/time.
proper support for "this week", "previous week"/"last week" and "next week"
phrases so that they actually mean the week and not a seven day period
around the current day.
support for "<xth> <weekday> of" and "last <weekday> of" phrases to be used
with months - like in "last saturday of februari 2008".
support for "back of <hour>" and "front of <hour>" phrases that are used in
Scotland.
DatePeriod class which supports iterating over a DateTime object applying
DateInterval on each iteration, up to an end date or limited by maximum
number of occurences.

Added compatibility mode in GD, imagerotate, image(filled)ellipse
imagefilter, imageconvolution and imagecolormatch are now always enabled.
(Pierre)
Added array_replace() and array_replace_recursive() functions. (Matt)
Added ReflectionProperty::setAccessible() method that allows non-public
property's values to be read through ::getValue() and set through
::setValue(). (Derick, Sebastian)
Added msg_queue_exists() function to sysvmsg extension. (Benjamin Schulz)
Added Firebird specific attributes that can be set via PDO::setAttribute()
to control formatting of date/timestamp columns: PDO::FB_ATTR_DATE_FORMAT,
PDO::FB_ATTR_TIME_FORMAT and PDO::FB_ATTR_TIMESTAMP_FORMAT. (Lars W)
Added gmp_testbit() function. (Stas)
Added icon format support to getimagesize(). (Scott)
Added LDAP_OPT_NETWORK_TIMEOUT option for ldap_set_option() to allow
setting network timeout (FR #42837). (Jani)
Added optional escape character parameter to fgetcsv(). (David Soria Parra)
Added an optional parameter to strstr() and stristr() for retrieval of either
the part of haystack before or after first occurrence of needle.
(Johannes, Felipe)
Added xsl->setProfiling() for profiling stylesheets. (Christian)
Added long-option feature to getopt() and made getopt() available also on
win32 systems by adding a common getopt implementation into core.
(David Soria Parra, Jani)
Added native support for asinh(), acosh(), atanh(), log1p() and expm1().
(Kalle)
Added LIBXML_LOADED_VERSION constant (libxml2 version currently used). (Rob)
Added JSON_FORCE_OBJECT flag to json_encode(). (Scott, Richard Quadling)
Added timezone_version_get() to retrieve the version of the used timezone
database. (Derick)
Added 'n' flag to fopen to allow passing O_NONBLOCK to the underlying
open(2) system call. (Mikko)
Added "dechunk" filter which can decode HTTP responses with chunked
transfer-encoding. HTTP streams use this filter automatically in case
"Transfer-Encoding: chunked" header is present in response. It's possible to
disable this behaviour using "http"=>array("auto_decode"=>0) in stream
context. (Dmitry)
Added support for CP850 encoding in mbstring extension.
(Denis Giffeler, Moriyoshi)
Added stream_cast() and stream_set_options() to user-space stream wrappers,
allowing stream_select(), stream_set_blocking(), stream_set_timeout() and
stream_set_write_buffer() to work with user-space stream wrappers. (Arnaud)
Added ability to send user defined HTTP headers with SOAP request.
(Brian J.France, Dmitry)
Added concatenation option to bz2.decompress stream filter.
(Keisial at gmail dot com, Greg)
Added support for using compressed connections with PDO_mysql. (Johannes)
Added the ability for json_decode() to take a user specified depth. (Scott)
Added support for the mysql_stmt_next_result() function from libmysql.
(Andrey)
Added function preg_filter() that does grep and replace in one go. (Marcus)
Added system independent realpath() implementation which caches intermediate
directories in realpath-cache. (Dmitry)
Added optional clear_realpath_cache and filename parameters to
clearstatcache(). (Jani, Arnaud)
Added optional "is_xhtml" parameter to nl2br() which makes the function
output <br> when false and <br /> when true (FR #34381). (Kalle)
Added mail logging functionality that allows logging of mail sent via
mail() function. (Ilia)
Added json_last_error() to return any error information from json_decode().
(Scott)
Added gethostname() to return the current system host name. (Ilia)
Added shm_has_var() function. (Mike)
Added depth parameter to json_decode() to lower the nesting depth from the
maximum if required. (Scott)
Added pixelation support in imagefilter(). (Takeshi Abe, Kalle)
Added SplObjectStorage::addAll/removeAll. (Etienne)

Implemented FR #41712 (curl progress callback: CURLOPT_PROGRESSFUNCTION).
(sdteffen[at]gmail[dot].com, Pierre)
Implemented FR #47739 (Missing cURL option do disable IPv6). (Pierre)
Implemented FR #39637 (Missing cURL option CURLOPT_FTP_FILEMETHOD). (Pierre)

Fixed an issue with ReflectionProperty::setAccessible().
(Sebastian, Roman Borschel)
Fixed html_entity_decode() incorrectly converting numeric html entities
to different characters with cp1251 and cp866. (Scott)
Fixed an issue in date() where a : was printed for the O modifier after a P
modifier was used. (Derick)
Fixed exec() on Windows to not eat the first and last double quotes. (Scott)
Fixed readlink on Windows in thread safe SAPI (apache2.x etc.). (Pierre)
Fixed a bug causing miscalculations with the "last <weekday> of <n> month"
relative time string. (Derick)
Fixed check in recode extension to allow builing of recode and mysql
extensions when using a recent libmysql. (Johannes)

Fixed bug #48641 (tmpfile() uses old parameter parsing).
(crrodriguez at opensuse dot org)
Fixed bug #48624 (.user.ini never gets parsed). (Pierre)
Fixed bug #48620 (X-PHP-Originating-Script assumes no trailing CRLF in
existing headers). (Ilia)
Fixed bug #48578 (Can't build 5.3 on FBSD 4.11). (Rasmus)
Fixed bug #48535 (file_exists returns false when impersonate is used).
(Kanwaljeet Singla, Venkat Raman Don)
Fixed bug #48493 (spl_autoload_register() doesn't work correctly when
prepending functions). (Scott)
Fixed bug #48215 (Calling a method with the same name as the parent class
calls the constructor). (Scott)
Fixed bug #48200 (compile failure with mbstring.c when
--enable-zend-multibyte is used). (Jani)
Fixed bug #48188 (Cannot execute a scrollable cursors twice with PDO_PGSQL).
(Matteo)
Fixed bug #48185 (warning: value computed is not used in
pdo_sqlite_stmt_get_col line 271). (Matteo)
Fixed bug #47779 (Wrong value for SIG_UNBLOCK and SIG_SETMASK constants).
(Matteo)
Fixed bug #47771 (Exception during object construction from arg call calls
object's destructor). (Dmitry)
Fixed bug #47767 (include_once does not resolve windows symlinks or junctions)
(Kanwaljeet Singla, Venkat Raman Don)
Fixed bug #47757 (rename JPG to JPEG in phpinfo). (Pierre)
Fixed bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer). (Dmitry)
Fixed bug #47714 (autoloading classes inside exception_handler leads to
crashes). (Dmitry)
Fixed bug #47549 (get_defined_constants() return array with broken array
categories). (Ilia)
Fixed bug #47535 (Compilation failure in ps_fetch_from_1_to_8_bytes()).
(Johannes)
Fixed bug #47534 (RecursiveDiteratoryIterator::getChildren ignoring
CURRENT_AS_PATHNAME). (Etienne)
Fixed bug #47343 (gc_collect_cycles causes a segfault when called within a
destructor in one case). (Dmitry)
Fixed bug #47320 ($php_errormsg out of scope in functions). (Dmitry)
Fixed bug #47318 (UMR when trying to activate user config). (Pierre)
Fixed bug #47243 (OCI8: Crash at shutdown on Windows) (Chris Jones/Oracle
Corp.)
Fixed bug #47231 (offsetGet error using incorrect offset). (Etienne)
Fixed bug #47229 (preg_quote() should escape the '-' char). (Nuno)
Fixed bug #47165 (Possible memory corruption when passing return value by
reference). (Dmitry)
Fixed bug #47087 (Second parameter of mssql_fetch_array()). (Felipe)
Fixed bug #47085 (rename() returns true even if the file in PHAR does not
exist). (Greg)
Fixed bug #47021 (SoapClient stumbles over WSDL delivered with
"Transfer-Encoding: chunked"). (Dmitry)
Fixed bug #46994 (OCI8: CLOB size does not update when using CLOB IN OUT param
in stored procedure) (Chris Jones/Oracle Corp.)
Fixed bug #46979 (use with non-compound name *has* effect). (Dmitry)
Fixed bug #46957 (The tokenizer returns deprecated values). (Felipe)
Fixed bug #46944 (UTF-8 characters outside the BMP aren't encoded correctly).
(Scott)
Fixed bug #46897 (ob_flush() should fail to flush unerasable buffers).
(David C.)
Fixed bug #46849 (Cloning DOMDocument doesn't clone the properties). (Rob)
Fixed bug #46847 (phpinfo() is missing some settings). (Hannes)
Fixed bug #46844 (php scripts or included files with first line starting
with # have the 1st line missed from the output). (Ilia)
Fixed bug #46817 (tokenizer misses last single-line comment (PHP 5.3+, with
re2c lexer)). (Matt, Shire)
Fixed bug #46811 (ini_set() doesn't return false on failure). (Hannes)
Fixed bug #46763 (mb_stristr() wrong output when needle does not exist).
(Henrique M. Decaria)
Fixed bug #46755 (warning: use statement with non-compound name). (Dmitry)
Fixed bug #46746 (xmlrpc_decode_request outputs non-suppressable error when
given bad data). (Ilia)
Fixed bug #46738 (Segfault when mb_detect_encoding() fails). (Scott)
Fixed bug #46731 (Missing validation for the options parameter of the
imap_fetch_overview() function). (Ilia)
Fixed bug #46711 (cURL curl_setopt leaks memory in foreach loops). (magicaltux
[at] php [dot] net)
Fixed bug #46701 (Creating associative array with long values in the key fails
on 32bit linux). (Shire)
Fixed bug #46681 (mkdir() fails silently on PHP 5.3). (Hannes)
Fixed bug #46653 (can't extend mysqli). (Johannes)
Fixed bug #46646 (Restrict serialization on some internal classes like Closure
and SplFileInfo using exceptions). (Etienne)
Fixed bug #46623 (OCI8: phpinfo doesn't show compile time ORACLE_HOME with
phpize) (Chris Jones/Oracle Corp.)
Fixed bug #46578 (strip_tags() does not honor end-of-comment when it
encounters a single quote). (Felipe)
Fixed bug #46546 (Segmentation fault when using declare statement with
non-string value). (Felipe)
Fixed bug #46542 (Extending PDO class with a __call() function doesn't work as
expected). (Johannes)
Fixed bug #46421 (SplFileInfo not correctly handling /). (Etienne)
Fixed bug #46347 (parse_ini_file() doesn't support * in keys). (Nuno)
Fixed bug #46268 (DateTime::modify() does not reset relative time values).
(Derick)
Fixed bug #46241 (stacked error handlers, internal error handling in general).
(Etienne)
Fixed bug #46238 (Segmentation fault on static call with empty string method).
(Felipe)
Fixed bug #46192 (ArrayObject with objects as storage serialization).
(Etienne)
Fixed bug #46185 (importNode changes the namespace of an XML element). (Rob)
Fixed bug #46178 (memory leak in ext/phar). (Greg)
Fixed bug #46160 (SPL - Memory leak when exception is thrown in offsetSet).
(Felipe)
Fixed bug #46147 (after stream seek, appending stream filter reads incorrect
data). (Greg)
Fixed bug #46127 (php_openssl_tcp_sockop_accept forgets to set context on
accepted stream) (Mark Karpeles, Pierre)
Fixed bug #46115 (Memory leak when calling a method using Reflection).
(Dmitry)
Fixed bug #46110 (XMLWriter - openmemory() and openuri() leak memory on
multiple calls). (Ilia)
Fixed bug #46087 (DOMXPath - segfault on destruction of a cloned object).
(Ilia)
Fixed bug #46048 (SimpleXML top-level @attributes not part of iterator).
(David C.)
Fixed bug #46044 (Mysqli - wrong error message). (Johannes)
Fixed bug #46042 (memory leaks with reflection of mb_convert_encoding()).
(Ilia)
Fixed bug #46039 (ArrayObject iteration is slow). (Arnaud)
Fixed bug #46033 (Direct instantiation of SQLite3stmt and SQLite3result cause
a segfault.) (Scott)
Fixed bug #45991 (Ini files with the UTF-8 BOM are treated as invalid).
(Scott)
Fixed bug #45989 (json_decode() doesn't return NULL on certain invalid
strings). (magicaltux, Scott)
Fixed bug #45976 (Moved SXE from SPL to SimpleXML). (Etienne)
Fixed bug #45928 (large scripts from stdin are stripped at 16K border).
(Christian Schneider, Arnaud)
Fixed bug #45757 (FreeBSD4.11 build failure: failed include; stdint.h).
(Hannes)
Fixed bug #45743 (property_exists fails to find static protected member in
child class). (Felipe)
Fixed bug #45717 (Fileinfo/libmagic build fails, missing err.h and getopt.h).
(Derick)
Fixed bug #45706 (Unserialization of classes derived from ArrayIterator
fails). (Etienne, Dmitry)
Fixed bug #45696 (Not all DateTime methods allow method chaining). (Derick)
Fixed bug #45682 (Unable to var_dump(DateInterval)). (Derick)
Fixed bug #45447 (Filesystem time functions on Vista and server 2008).
(Pierre)
Fixed bug #45432 (PDO: persistent connection leak). (Felipe)
Fixed bug #45392 (ob_start()/ob_end_clean() and memory_limit). (Ilia)
Fixed bug #45384 (parse_ini_file will result in parse error with no trailing
newline). (Arnaud)
Fixed bug #45382 (timeout bug in stream_socket_enable_crypto). (vnegrier at
optilian dot com, Ilia)
Fixed bug #45044 (relative paths not resolved correctly). (Dmitry)
Fixed bug #44861 (scrollable cursor don't work with pgsql). (Matteo)
Fixed bug #44842 (parse_ini_file keys that start/end with underscore).
(Arnaud)
Fixed bug #44575 (parse_ini_file comment # line problems). (Arnaud)
Fixed bug #44409 (PDO::FETCH_SERIALIZE calls __construct()). (Matteo)
Fixed bug #44173 (PDO->query() parameter parsing/checking needs an update).
(Matteo)
Fixed bug #44154 (pdo->errorInfo() always have three elements in the returned
array). (David C.)
Fixed bug #44153 (pdo->errorCode() returns NULL when there are no errors).
(David C.)
Fixed bug #44135 (PDO MySQL does not support CLIENT_FOUND_ROWS). (Johannes,
chx1975 at gmail dot com)
Fixed bug #44100 (Inconsistent handling of static array declarations with
duplicate keys). (Dmitry)
Fixed bug #43831 ($this gets mangled when extending PDO with persistent
connection). (Felipe)
Fixed bug #43817 (opendir() fails on Windows directories with parent directory
unaccessible). (Dmitry)
Fixed bug #43069 (SoapClient causes 505 HTTP Version not supported error
message). (Dmitry)
Fixed bug #43008 (php://filter uris ignore url encoded filternames and can't
handle slashes). (Arnaud)
Fixed bug #42362 (HTTP status codes 204 and 304 should not be gzipped).
(Scott, Edward Z. Yang)
Fixed bug #41874 (separate STDOUT and STDERR in exec functions). (Kanwaljeet
Singla, Venkat Raman Don, Pierre)
Fixed bug #41534 (SoapClient over HTTPS fails to reestablish connection).
(Dmitry)
Fixed bug #38802 (max_redirects and ignore_errors). (patch by
datibbaw@php.net)
Fixed bug #35980 (touch() works on files but not on directories). (Pierre)


Version 5.2.12

17-Dec-2009

Security Fixes


Version 5.2.11

16-Sep-2009

Security Fixes


Version 5.2.10

18-Jun-2009

Security Fixes

Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)


Version 5.2.9

26-Feb-2009

Security Fixes


Version 5.2.8

08-Dec-2008

Reverted bug fix Fixed bug #42718 that broke magic_quotes_gpc (Scott)


Version 5.2.7

04-Dec-2008

Security Fixes


Version 5.2.6

01-May-2008

Security Fixes

Version 5.2.5

08-Nov-2007

Security Fixes


Version 5.2.4

30-Aug-2007

Security Fixes


Version 5.2.3

31-May-2007

Security Fixes


Version 5.2.2

03-May-2007

Security Fixes

Improved bundled GD

Improved thread safety of the gif support (Roman Nemecek, Nuno, Pierre)

Use the dimension of the GIF frame to create the destination image (Pierre)
Load only once the local color map from a GIF data (Pierre)

Improved thread safety of the freetype cache (Scott MacVicar, Nuno, Pierre)

imagearc huge CPU usage with large angles, libgd bug #74 (Pierre)

Improved FastCGI SAPI to support external pipe and socket servers on win32. (Dmitry)
Improved Zend Memory Manager

guarantee of reasonable time for worst cases of best-fit free block searching algorithm. (Dmitry)
better cache usage and less fragmentation on erealloc() (Tony, Dmitry)

Improved SPL (Marcus)

Improved SOAP

Added ability to encode arrays with "SOAP-ENC:Array" type instead of WSDL type. To activate the ability use "feature"=>SOAP_USE_XSI_ARRAY_TYPE option in SoapClient/SoapServer constructors. (Rob, Dmitry)

Upgraded libraries bundled in the Windows distribution. (Edin)


Version 5.2.1

08-Feb-2007

Added internal heap protection (Dmitry)

Added forward support for 'b' prefix in front of string literals. (Andrei)
Added three new functions to ext/xmlwriter (Rob, Ilia)

Moved extensions to PECL:

ext/informix (Derick, Tony)

Zend Memory Manager Improvements (Dmitry)

use HeapAlloc() instead of VirtualAlloc()
use "win32" storage manager (instead of "malloc") on Windows by default

Zip Extension Improvements (Pierre)

Filter Extension Improvements (Ilia, Pierre)

PDO_MySQL Extension Improvements (Ilia)

Enabled buffered queries by default.
Enabled prepared statement emulation by default.

Windows related optimizations (Dmitry, Stas)

Streams optimization (Dmitry)

removed unnecessary ftell() calls (one call for each included PHP file)
disabled calls to read() after EOF


Version 5.2.0

02-Nov-2006

Moved extensions to PECL:

ext/filepro (Derick, Tony)
ext/hwapi (Derick, Tony)

Improved SNMP extension: (Jani)

Improved OpenSSL extension: (Pierre)

Improved the Zend memory manager: (Dmitry)

Improved apache2filter SAPI:

Allowed PHP to be an arbitrary filter in the chain and read the script from the Apache stream. (John)
Added support for apache2filter in the Windows build including binary support for both Apache 2.0.x (php5apache2_filter.dll) and Apache 2.2.x (php5apache2_2_filter.dll). (Edin)

Improved apache2handler SAPI:

Changed ap_set_content_type() to be called only once. (Mike)
Added support for Apache 2.2 handler in the Windows distribution. (Edin)

Improved FastCGI SAPI: (Dmitry)

Improved CURL:

Added control character checks for "open_basedir" and "safe_mode" checks. (Ilia)
Added implementation of curl_multi_info_read(). (Brian)

Improved PCRE: (Andrei)

Added run-time configurable backtracking/recursion limits.
Added preg_last_error(). (Andrei)

Improved PDO:

Added new attribute ATTR_DEFAULT_FETCH_MODE. (Pierre)
Added FETCH_PROPS_LATE. (Marcus)

Improved SPL: (Marcus)

Improved xmlReader: (Rob)


Version 5.1.6

24-Aug-2006

Fixed memory_limit on 64bit systems. (Stefan E.)
Fixed bug #38488 (Access to "php://stdin" and family crashes PHP on win32). (Dmitry)

Version 5.1.5

17-Aug-2006

Version 5.1.4

04-May-2006

Version 5.1.3

02-May-2006

Updated bundled PCRE library to version 6.6. (Andrei)
Moved extensions to PECL:

ext/msession (Derick)

Reimplemented FastCGI interface. (Dmitry)
Improved SPL: (Marcus)

Improved SimpleXML: (Marcus, Rob)

Improved Reflection API: (Marcus)

Improved cURL extension: (Ilia)

Added curl_setopt_array() function that allows setting of multiple options via an associated array.
Added the ability to retrieve the request message sent to the server.

Improved GD extension: (Pierre)

Version 5.1.2

12-Jan-2006

Added new extensions: (Ilia, Wez)

XMLWriter
Hash

Improved SPL extension: (Marcus)

Added class SplFileInfo as root class for DirectoryIterator and SplFileObject
Added SplTempFileObject

Improved SimpleXML extension: (Marcus)

Version 5.1.1

28-Nov-2005

Version 5.1.0

24-Nov-2005

Added several new functions to support the PostgreSQL v3 protocol introduced in PostgreSQL 7.4. (Christopher)

Added new functions:

Improved performance of:

Improved support for embedded server in mysqli. (Georg)
Improved mysqli extension. (Georg)

Improved SPL extension. (Marcus)

Upgraded bundled libraries:

Upgraded bundled libraries in Windows distribution. (Edin)

Moved extensions to PECL:

Version 5.0.5

05-Sep-2005

Changed sha1_file() and md5_file() functions to use streams instead of
low level IO. (Uwe)
Changed ming to support official 0.2a and 0.3 library versions. (Marcus)
Fixed failing queries problem (FALSE returned) with mysqli_query() on 64 bit.
(Andrey)
Fixed memory corruption in pg_copy_from() in case the as_null parameter was
passed. (Derick)
Fixed ext/mysqli to allocate less memory when fetching bound params
of type (MEDIUM|LONG)BLOB/(MEDIUM|LONG)TEXT. (Andrey)
Fixed various reentrancy bugs in user-sort functions, solves bugs #33286 and
#33295. (Mike Bretz)
Fixed bug #34307 (on_modify handler not called to set the default value if
setting from php.ini was invalid). (Andrei)
Fixed bug #34302 (date('W') do not return leading zeros for week 1 to 9).
(Derick)
Fixed bug #34299 (ReflectionClass::isInstantiable() returns true for abstract
classes). (Marcus)
Fixed bug #34277 (array_filter() crashes with references and objects).
(Dmitry)
Fixed bug #34260 (Segfault with callbacks (array_map) + overloading).
(Dmitry)
Fixed bug #34137 (assigning array element by reference causes binary mess).
(Dmitry)
Fixed bug #34078 (Reflection API problems in methods with boolean or
null default values). (Tony)
Fixed bug #34064 (arr[] as param to function is allowed only if function
receives argument by reference). (Dmitry)
Fixed bug #34062 (Crash in catch block when many arguments are used).
(Dmitry)
Fixed bug #33989 (extract($GLOBALS,EXTR_REFS) crashes PHP). (Dmitry)
Fixed bug #33940 (array_map() fails to pass by reference when called
recursively). (Dmitry)
Fixed bug #33558 (warning with nested calls to functions returning by
reference). (Dmitry)
Fixed bug #33520 (crash if safe_mode is on and session.save_path is changed).
(Dmitry)
Fixed bug #33268 (iconv_strlen() works only with a parameter of < 3 in
length). (Ilia)
Fixed bug #33263 (mysqli_real_escape doesn't work in __construct) (Georg)
Fixed bug #33257 (array_splice() inconsistent when passed function instead
of variable). (Dmitry)
Fixed bug #33214 (odbc_next_result does not signal SQL errors with
2-statement SQL batches). (rich at kastle dot com, Tony)
Fixed bug #33210 (relax jpeg recursive loop protection). (Ilia)
Fixed bug #33200 (preg_replace(): magic_quotes_sybase=On makes 'e' modifier
misbehave). (Jani)
Fixed bug #33185 (--enable-session=shared does not build). (Jani)
Fixed bug #33171 (foreach enumerates private fields declared in base
classes). (Dmitry)
Fixed bug #33164 (Soap extension incorrectly detects HTTP/1.1). (Ilia)
Fixed bug #33156 (cygwin version of setitimer doesn't accept ITIMER_PROF).
(Nuno)
Fixed bug #33116 (crash when assigning class name to global variable in
__autoload). (Dmitry)
Fixed bug #33090 (mysqli_prepare() doesn't return an error). (Georg)
Fixed bug #33076 (str_ireplace() incorrectly counts result string length
and may cause segfault). (Tony)
Fixed bug #33072 (Add a safemode/open_basedir check for runtime
"session.save_path" change using session_save_path() function). (Rasmus)
Fixed bug #33070 (Improved performance of bzdecompress() by several orders
of magnitude). (Ilia)
Fixed bug #33059 (crash when moving xml attribute set in dtd). (Ilia)
Fixed bug #33057 (Don't send extraneous entity-headers on a 304 as per
RFC 2616 section 10.3.5) (Rasmus, Choitel)
Fixed bug #33019 (socket errors cause memory leaks in php_strerror()).
(jwozniak23 at poczta dot onet dot pl, Tony).
Fixed bug #33017 ("make distclean" gives an error with VPATH build). (Jani)
Fixed bug #33013 ("next month" was handled wrong while parsing dates).
(Derick)
Fixed bug #32981 (ReflectionMethod::getStaticVariables() causes apache2.0.54
seg fault). (Dmitry)
Fixed bug #32956 (mysql_bind_result() doesn't support MYSQL_TYPE_NULL). (Georg)
Fixed bug #32947 (Incorrect option for mysqli default password). (Georg)
Fixed bug #32944 (Disabling session.use_cookies doesn't prevent reading
session cookies). (Jani, Tony)
Fixed bug #32852 (Crash with singleton and __destruct when
zend.ze1_compatibility_mode = On). (Dmitry)
Fixed bug #32799 (crash: calling the corresponding global var during the
destruct). (Dmitry)
Fixed bug #32755 (Segfault in replaceChild() when DocumentFragment has
no children). (Rob)
Fixed bug #32753 (Undefined constant SQLITE_NOTADB). (Ilia)
Fixed bug #32742 (segmentation fault when the stream with a wrapper
is not closed). (Tony, Dmitry)
Fixed bug #32699 (pg_affected_rows() was defined when it was not available).
(Derick)
Fixed bug #32686 (Require/include file in destructor causes segfault).
(Marcus)
Fixed bug #32682 (ext/mssql: Error on module shutdown when called from
activescript). (Frank)
Fixed bug #32674 (exception in iterator causes crash). (Dmitry)
Fixed bug #32660 (Assignment by reference causes crash when field access is
overloaded (__get)). (Dmitry)
Fixed bug #32647 (Using register_shutdown_function() with invalid callback
can crash PHP). (Jani)
Fixed bug #32615 (Segfault in replaceChild() using fragment when
previousSibling is NULL). (Rob)
Fixed bug #32613 (ext/snmp: use of snmp_shutdown() causes snmpapp.conf
access errors). (Jani, ric at arizona dot edu)
Fixed bug #32608 (html_entity_decode() converts single quotes even if
ENT_NOQUOTES is given). (Ilia)
Fixed bug #32596 (Segfault/Memory Leak by getClass (etc) in __destruct).
(Dmitry)
Fixed bug #32591 (ext/mysql: Unsatisfied symbol: ntohs with HP-UX). (Jani)
Fixed bug #32589 (Possible crash inside imap_mail_compose, with charsets).
(Ilia)
Fixed bug #32587 (Apache2: errors sent to error_log do not include
timestamps). (Jani)
Fixed bug #32530 (chunk_split() does not append endstr if chunklen is
longer then the original string). (Ilia)
Fixed bug #32491 (File upload error - unable to create a temporary file).
(Uwe Schindler)
Fixed bug #32405 (mysqli::fetch() returns bad data - 64bit problem). (Andrey)
Fixed bug #32282 (Segfault in mysqli_fetch_array on 64-bit). (Georg)
Fixed bug #32296 (get_class_methods() output has changed between 5.0.2 and
5.0.3). (Dmitry)
Fixed bug #32245 (xml_parser_free() in a function assigned to the xml parser
gives a segfault). (Rob)
Fixed bug #32171 (Userspace stream wrapper crashes PHP). (Tony, Dmitry)
Fixed bug #32080 (segfault when assigning object to itself with
zend.ze1_compatibility_mode=On). (Dmitry)
Fixed bug #32013 (ext/mysqli bind_result causes fatal error: memory
limit). (Andrey)
Fixed bug #31887 (ISAPI: Custom 5xx error does not return correct HTTP
response message). (Jani)
Fixed bug #31828 (Crash with zend.ze1_compatibility_mode=On). (Dmitry)
Fixed bug #31668 (multi_query works exactly every other time - multi query
d/e flag global and not per connection). (Andrey)
Fixed bug #31636 (another crash when echoing a COM object). (Wez)
Fixed bug #31583 (php_std_date() uses short day names in non-y2k_compliance
mode). (mike at php dot net)
Fixed bug #31525 (object reference being dropped. $this getting lost).
(Stas, Dmitry)
Fixed bug #31502 (Wrong deserialization from session when using WDDX
serializer). (Dmitry)
Fixed bug #30961 (Wrong linenumber in ReflectionClass getStartLine()).
(Dmitry)
Fixed bug #30889 (Conflict between __get/__set and ++ operator). (Dmitry)
Fixed bug #30833 (array_count_values() modifying input array). (Tony)
Fixed bug #30828 (debug_backtrace() reports incorrect class in overridden
methods). (Dmitry)
Fixed bug #30820 (static member conflict with $this->member silently
ignored). (Dmitry)
Fixed bug #30819 (Better support for LDAP SASL bind). (Jani)
Fixed bug #30791 (magic methods (__sleep/__wakeup/__toString) call __call if
object is overloaded). (Dmitry)
Fixed bug #30707 (Segmentation fault on exception in method). (Stas, Dmitry)
Fixed bug #30702 (cannot initialize class variable from class constant).
(Dmitry)
Fixed bug #30519 (Interface not existing says Class not found). (Dmitry)
Fixed bug #30394 (Assignment operators yield wrong result with __get/__set).
(Dmitry)
Fixed bug #30332 (zend.ze1_compatibility_mode isnt fully compatable with
array_push()). (Dmitry)
Fixed bug #30162 (Catching exception in constructor causes lose of $this).
(Dmitry)
Fixed bug #30140 (Problem with array in static properties). (Dmitry)
Fixed bug #30126 (Enhancement for error message for abstract classes).
(Marcus)
Fixed bug #30080 (Passing array or non array of objects). (Dmitry)
Fixed bug #29975 (memory leaks when set_error_handler() is used inside error
handler). (Tony)
Fixed bug #29210 (Function: is_callable - no support for private and
protected classes). (Dmitry)
Fixed bug #29104 (Function declaration in method doesn't work). (Dmitry)
Fixed bug #29015 (Incorrect behavior of member vars(non string ones)-numeric
mem vars und others). (Dmitry)
Fixed bug #28839 (SIGSEGV in interactive mode (php -a)).
(kameshj at fastmail dot fm)
Fixed bug #28605 (Need to use -[m]ieee option for Alpha CPUs). (Jani)
Fixed bug #28377 (debug_backtrace is intermittently passing args). (Dmitry)
Fixed bug #27598 (list() array key assignment causes HUGE memory leak).
(Dmitry)
Fixed bug #26456 (Wrong results from Reflection-API getDocComment() when
called via STDIN). (Dmitry)
Fixed bug #25922 (In error handler, modifying 5th arg (errcontext) may result
in seg fault). (Dmitry)
Fixed bug #22836 (returning reference to uninitialized variable). (Dmitry)
Fixed bug #29689 (default value of protected member overrides default value of private)
and other private variable problems in inherited classes (Stas)
Fixed bug #29253 (array_diff with $GLOBALS argument fails). (Dmitry)
Abstract private methods are no longer allowed (Stas)

Version 5.0.4

31-Mar-2005

Added checks for negative values to gmp_sqrt(), gmp_powm(), gmp_sqrtrem()
and gmp_fact() to prevent SIGFPE. (Tony)
Changed foreach() to throw an exception if IteratorAggregate::getIterator()
does not return an Iterator. (Marcus)
Changed phpize not to require libtool. (Jani)
Updated bundled oniguruma library (used for multibyte regular expression)
to 3.7.0. (Moriyoshi)
Updated bundled libmbfl library (used for multibyte functions). (Moriyoshi)
Fixed bugs:

Fixed bug preventing from building oci8 as shared.
(stanislav dot voroniy at portavita dot nl, Tony)
Fixed a bug in mysql_affected_rows and mysql_stmt_affected_rows when the
api function returns -1 (Georg)
Fixed a bug in mysqli_stmt_execute() (type conversion with NULL values).
(Georg)
Fixed segfault in mysqli_fetch_field_direct() when invalid field offset
is passed. (Tony)
Fixed posix_getsid() & posix_getpgid() to return sid & pgid instead
of true. (Tony)
Fixed bug #32394 (offsetUnset() segfaults in a foreach). (Marcus)
Fixed bug #32373 (segfault in bzopen() if supplied path to non-existent
file). (Tony)
Fixed bug #32326 (Check values of Connection/Transfer-Encoding
case-incentively in SOAP extension). (Ilia)
Fixed bug #32290 (call_user_func_array() calls wrong class method within
child class). (Marcus)
Fixed bug #32238 (spl_array.c: void function cannot return value). (Johannes)
Fixed bug #32210 (proc_get_status() sets "running" always to true). (Ilia)
Fixed bug #32200 (Prevent using both --with-apxs2 and --with-apxs2filter).
(Jani)
Fixed bug #32134 (Overloading offsetGet/offsetSet). (Marcus)
Fixed bug #32130 (ArrayIterator::seek() does not throw an Exception on
invalid index). (Marcus)
Fixed bug #32011 (Fragments which replaced Nodes are not globaly useable).
(Rob)
Fixed bug #32001 (xml_parse_into_struct() function exceeds maximum
execution time). (Rob, Moriyoshi)
Fixed bug #31980 (Unicode exif data not available on Windows). (Edin)
Fixed bug #31792 (getrusage() does not provide ru_nswap value). (Ilia)
Fixed bug #31960 (msql_fetch_row() and msql_fetch_array() dropping columns
with NULL values). (Daniel Convissor)
Fixed bug #31878 (Segmentation fault using clone keyword on nodes). (Rob)
Fixed bug #31858 (--disable-cli does not force --without-pear). (Jani)
Fixed bug #31842 (*date('r') does not return RFC2822 conforming date string).
(Jani)
Fixed bug #31832 (SOAP encoding problem with complex types in WSDL mode with
multiple parts). (Dmitry)
Fixed bug #31797 (exif_read_data() uses too low nesting limit). (Ilia)
Fixed bug #31796 (readline completion handler does not handle empty return
values). (Ilia)
Fixed bug #31747 (SOAP Digest Authentication doesn't work with
"HTTP/1.1 100 Continue" response). (Dmitry)
Fixed bug #31732 (mb_get_info() causes segfault when no parameters
specified). (Tony)
Fixed bug #31710 (Wrong return values for mysqli_autocommit/commit/rollback).
(Georg)
Fixed bug #31705 (parse_url() does not recognize http://foo.com#bar). (Ilia)
Fixed bug #31695 (Cannot redefine endpoint when using WSDL). (Dmitry)
Fixed bug #31684 (dio_tcsetattr(): misconfigured termios settings).
(elod at itfais dot com)
Fixed bug #31683 (changes to $name in __get($name) override future
parameters). (Dmitry)
Fixed bug #31699 (unserialize() float problem on non-English locales). (Ilia)
Fixed bug #31562 (__autoload() problem with static variables). (Marcus)
Fixed bug #31651 (ReflectionClass::getDefaultProperties segfaults with arrays).
(Marcus)
Fixed bug #31623 (OCILogin does not support password grace period).
(daniel dot beet at accuratesoftware dot com, Tony)
Fixed bug #31527 (crash in msg_send() when non-string is stored without
being serialized). (Ilia)
Fixed bug #31515 (Improve performance of scandir() by factor of 10 or so). (Ilia)
Fixed bug #31514 (open_basedir uses path_translated rather then cwd for .
translation). (Ilia)
Fixed bug #31454 (session_set_save_handler crashes PHP when supplied
non-existent object ref). (Tony)
Fixed bug #31444 (Memory leak in zend_language_scanner.c).
(hexer at studentcenter dot org)
Fixed bug #31442 (unserialize broken on 64-bit systems). (Marcus)
Fixed bug #31440 ($GLOBALS can be overwritten via GPC when register_globals
is enabled). (Ilia)
Fixed bug #31190 (Unexpected warning then exception is thrown from
call_user_func_array()). (phpbugs at domain51 dot net, Dmitry)
Fixed bug #31142 (imap_mail_compose() fails to generate correct output). (Ilia)
Fixed bug #31139 (XML Parser Functions seem to drop & when parsing). (Rob)
Fixed bug #31398 (When magic_guotes_gpc are enabled filenames with ' get cutoff).
(Ilia)
Fixed bug #31288 (Possible crash in mysql_fetch_field(), if mysql_list_fields()
was not called previously). (Ilia)
Fixed bug #31107, Fixed bug #31110, Fixed bug #31111, Fixed bug #31249 (Compile failure of zend_strtod.c).
(Jani)
Fixed bug #31098 (isset() / empty() incorrectly return true in dereference of
a string type). (Moriyoshi)
Fixed bug #31087 (broken php_url_encode_hash macro). (Ilia)
Fixed bug #31072 (var_export() does not output an array element with an empty
string key). (Derick)
Fixed bug #31060 (imageftbbox() does not use linespacing parameter). (Jani)
Fixed bug #31056 (php_std_date() returns invalid formatted date if
y2k_compliance is On). (Ilia)
Fixed bug #31055 (apache2filter: per request leak proportional to the full
path of the request URI). (kameshj at fastmail dot fm)
Fixed bug #30901 (can't send cookies with soap envelop). (Dmitry)
Fixed bug #30871 (Misleading warning message for array_combine()). (Andrey)
Fixed bug #30868 (evaluated pointer comparison in mbregex causes compile
failure). (Moriyoshi)
Fixed bug #30862 (Static array with boolean indexes). (Marcus)
Fixed bug #30726 (-.1 like numbers are not being handled correctly). (Ilia)
Fixed bug #30725 (PHP segfaults when an exception is thrown in getIterator()
within foreach). (Marcus)
Fixed bug #30609 (cURL functions bypass open_basedir). (Jani)
Fixed bug #30446 (apache2handler: virtual() includes files out of sequence)
Fixed bug #30430 (odbc_next_result() doesn't bind values and that results
in segfault). (pdan-php at esync dot org, Tony)
Fixed bug #30266 (Invalid opcode 137/1/8). (Marcus)
Fixed bug #30120 (imagettftext() and imagettfbbox() accept too many
parameters). (Jani)
Fixed bug #30106 (SOAP cannot not parse 'ref' element. Causes Uncaught
SoapFault exception). (Dmitry)
Fixed bug #29989 (type re_registers redefined in oniguruma.h). (Moriyoshi)
Fixed bug #28803 (enabled debug causes bailout errors with CLI on AIX
because of fflush() called on already closed filedescriptor). (Tony)
Fixed bug #29767 (Weird behaviour of __set($name, $value)). (Dmitry)
Fixed bug #29733 (printf() handles repeated placeholders wrong).
(bugs dot php dot net at bluetwanger dot de, Ilia)
Fixed bug #28976 (mail(): use "From:" from headers if sendmail_from is empty).
(Jani)
Fixed bug #28930 (PHP sources pick wrong header files generated by bison).
(eggert at gnu dot org, Jani)
Fixed bug #28840 (__destruct of a class that extends mysqli not called).
(Marcus)
Fixed bug #28804 (ini-file section parsing pattern is buggy).
(wendland at scan-plus dot de)
Fixed bug #28451 (corrupt EXIF headers have unlimited recursive IFD directory
entries). (Andrei)
Fixed bug #28444 (Cannot access undefined property for object with overloaded
property access). (Dmitry)
Fixed bug #28442 (Changing a static variables in a class changes it across
sub/super classes.) (Marcus)
Fixed bug #28324 (HTTP_SESSION_VARS appear when register_long_arrays is
Off). (Tony)
Fixed bug #28074 (FastCGI: stderr should be written in a FCGI stderr stream).
(chris at ex-parrot dot com)
Fixed bug #28067 (partially incorrect utf8 to htmlentities mapping). (Derick,
Benjamin Greiner)
Fixed bug #28041 (SOAP HTTP Digest Access Authentication). (Dmitry)
Fixed bug #27633 (Double \r problem on ftp_get in ASCII mode on Win32). (Ilia)
Fixed bug #18613 (Multiple OUs in x509 certificate not handled properly).
(Jani)

Version 5.0.3

15-Dec-2004

Version 5.0.2

23-Sep-2004


Version 5.0.1

12-Aug-2004


Version 5.0.0

13-Jul-2004


Version 5.0.0 Release Candidate 3

8-Jun-2004


Version 5.0.0 Release Candidate 2

25-Apr-2004

Implementing an interface/abstract method with the wrong prototype is now
a fatal error. (Zeev)

Reimplemented zend.ze1_compatibility_mode to have better PHP 4 compliance.
(Dmitry, Andi)

Under CLI, fclose() on php://stdin, php://stdout and php://stderr will now
close the real stream. Please update your CLI scripts to use STDIN, STDOUT
and STDERR constants instead of fopen()/fclose(). (Wez)

Moved yaz extension to PECL. (Wez)

Added pty support to proc_open(). (Wez)

Added possibility to check in which extension an internal class was defined
in using reflection API. (Marcus)

Changed tidy error handling to no longer use exceptions and
renamed the "error_buf" property to errorBuffer. (John)

Changed class and method names to use studlyCaps convention. (Marcus)

Changed language parser to throw errors when a non-empty signature is used in
a destructor definition. (Marcus)

Changed HTTP file uploads not to throw E_WARNINGs and E_NOTICEs. The error
value in the $_FILES global should be used for error handling. (Derick)

Changed __construct() to always take precedence over old style constructor.
(Dmitry)

Fixed handling of return values from storred procedures in mssql_execute()
with multiple result sets returned. (Frank)

Fixed bug #28096 (stream_socket_accept() doesn't work with ssl). (Wez)

Fixed bug #28007 (compile mssql extension with old versions of FreeTDS
fails). (Frank)

Fixed bug #27997 (SPL: Crash with getInnerIterator()). (Marcus)

Fixed bug #27974 (COM doesn't pass array parameters). (Wez)

Fixed bug #27928 (sqlite incorrectly handles invalid filenames). (Ilia)

Fixed bug #27923 (in some cases using foreach() to iterate over values
led to a false error message about the key being a reference). (Adam)

Fixed bug #27865 (STDIN, STDOUT, STDERR are dup()d under CLI). (Wez)

Fixed bug #27821 (xml_parse() segfaults when xml_set_object() is called from
class method). (Andi, Rob)

Fixed bug #27742 (WDSL SOAP Parsing Schema bug). (Dmitry)

Fixed bug #27722 (Segfault on schema without targetNamespace). (Dmitry)

Fixed bug #27719 (mktime issues on and around DST changeover). (Rasmus)

Fixed bug #27681 (soap extension fails without HAVE_TM_GMTOFF). (Dmitry)

Fixed bug #27641 (Object cloning in ze1_compatibility_mode was reimplemented)
(Dmitry, Andi)

Fixed bug #27628 (Simplify the process of making a POST request via stream
context). (Ilia)

Fixed bug #27619 (filters not applied to pre-buffered stream data). (Sara)

Fixed bug #27519 (Reflection_Function constructor crashes with non-existant
function's name). (Marcus)

Fixed bug #27469 (serialize() objects of incomplete class). (Dmitry)

Fixed bug #27457 (handling of numeric indexes in strtr()). (Dmitry)

Fixed bug #27397 (debug_backtrace() not showing function arguments). (Zeev)

Fixed bug #27283 (The last catch statement was sometimes skipped). (Andi)

Fixed bug #26441 (When __set() returned a value it corrupted it). (Andi)

Fixed bug #19749 (shouldn't mmap() files larger than memory_limit). (Wez)


Version 5.0.0 Release Candidate 1

18-Mar-2004

Fixed numerous bugs with the just-in-time auto-global initialization, that
could cause $_SERVER, $argv/$argc and other variables not to work properly.
(Zeev)

Fixed data corruption with constant assignments to object properties. (Zeev)

Changed __toString() to be called automatically only with print and echo
statements. (Andi)

Replaced the exec_finished hook by the zend_post_deactive hook for
extensions. The new hook will be run after the symbol table and destructors
are run. (Derick)

Fixed possible crash when internal get_method() is not defined. (Andi)

Fixed calling methods using call_user_func() in conjunction with
the array("Class","Method") syntax to use the scope of the PHP user function.
(Dmitry)

Fixed php-cgi to not ignore command-line switches when run in a web context.
This fixes our test cases allowing INI with GET sections to work. (Rasmus)

Fixed getopt() so it works without $_SERVER. (Rasmus, bfrance)

Added support for PHP 4 style object comparisons which is enabled in
ze1_compatiblity_mode. (Andi)

Added support for PHP 4 style object conversion to long, double, and boolean
values which is enabled in ze1_compatibility_mode. (Andi, Stas)

Allow object oriented extensions to overload comparison functions and other
operations. Solves problems using SimpleXML values. (Andi, Zeev)

Fixed crash when accessing a class constant with a value which in turn is
also a constant. (Dmitry)

Fixed object's truth value conversion. It is always true unless
ze1_compatibility_mode is on in which it behaves like in PHP 4. (Stas)

Improved out of memory handling in new memory manager. (Stas)

Fixed crash when an object references itself during destructor call. (Andi)

Fixed crash in foreach() when iterating over object properties or a method's
return values. (Andi)

Fixed crash when an exception is thrown in a destructor. Such exceptions are
now ignored as destruction happens out of context at no definite time. (Andi)

Fixed crashes in exception handling. (Dmitry, Andi)

Changed prototype checks so that they aren't done on constructors. (Andi)

Changed prototype checks to output an E_STRICT message instead of
an E_COMPILE_ERROR. (Andi)

Changed Iterator::has_more() to Iterator::valid(). (Marcus)

Upgraded bundled oniguruma library to version 2.2.2. (Rui, Moriyoshi)

Added mb_list_encoding() to return an array with all mbstring supported
encodings. (Derick)

Added support for more ISO8601 datetime formats in strtotime(). (Moriyoshi)

Timezone specifier (ex. "20040301T02:00:00+19:00")
Week specifier (ex. "1997W021")

Renamed php.ini option "zend2.implicit_clone" to
"zend.ze1_compatibility_mode" as it doesn't only affect implicit cloning.
(Andi, Zeev)

Methods that override parent methods are now subject to prototype checking,
and have to be compatible with the method they're overriding - this check is
disabled in compatibility mode. (Andi, Zeev)

Fixed crash in php_ini_scanned_files() when no additional INI files were
actually parsed. (Jon)

Fixed bug in gdImageFilledRectangle in the bundled GD library, that required
x1 < x2 and y1 < y2 for coordinates. (Derick)

Fixed crash with foreach() and temporary objects($obj->method()->a ...) where
method returns a non-referenced object. (Andi, Zeev)

Fixed problem preventing startup errors from being displayed. (Marcus)

Fixed start-up problem if both SPL and SimpleXML were enabled. The double
initialization of apache 1.3 was causing problems here. (Marcus, Derick)

Fixed bug #27606 (Expression must be a modifiable lvalue compiler error).
(Derick)

Fixed bug #27597 (pg_fetch_array not returning false). (Marcus)

Fixed bug #27586 (ArrayObject::getIterator crashes with [] assignment).
(Marcus)

Fixed bug #27537 (Objects pointing to each other segfaults). (Dmitry)

Fixed bug #27535 (Problem with object freeing mechanism). (Dmitry)

Fixed bug #27504 (Visibility bugs in call_user_function()). (Dmitry)

Fixed bug #27457 (handling of numeric indexes in strtr()). (Dmitry)

Fixed bug #27338 (memory leak inside tsrm_virtual_cwd.c on win32). (Ilia)

Fixed bug #27291 (get_browser matches browscap.ini patterns incorrectly).
(Jay)

Fixed bug #27287 (wddx segfaults during deserialization). (Moriyoshi)

Fixed bug #27263 (session extension crashes when unserializing referenced
values / objects). (Moriyoshi)

Fixed bug #27237 (Working with simplexml crashes apache2). (Rob)

Fixed bug #27227 (Mixed case class names causes Fatal Error in Constructor
call). (Marcus)

Fixed bug #27125 (strval() doesn't work for objects with __toString()).
(Marcus)

Fixed bug #27123 (Fix crash caused by bug in get_object_vars()). (Andi)

Fixed bug #26677 (mbstring compile errors with IRIX compiler).
(K.Kosako <kosako at sofnec dot co dot jp>, Rui, Moriyoshi)

Fixed bug #26206 (register_long_arrays breaks superglobals). (Zeev)

Fixed bug #25724 (argv and argc not defined). (Zeev)


Version 5.0.0 Beta 4

12-Feb-2004

Changed exceptions so that they must now inherit from the built-in Exception
class. This allows for a general catch(Exception $e) statement to catch all
exceptions. (Andi, Zeev)
Added SPL extension. (Marcus, Derick)
Added checks for invalid characters in a cookie name and cookie data
into set[raw]cookie(). (Brian)
Added support for ++ and += (and similar) to SimpleXML. (Andi, Zeev)
Added infrastructure for ++ and += (and similar) to object overloading
modules. (Andi, Zeev)
Added error message when trying to re-assign to $this variable. (Zeev, Andi)
Added support for an interface to extend another interface. (Zeev)
Added new pspell functions: (Brian)

pspell_config_dict_dir()
pspell_config_data_dir()

Added new Interbase functions: (Ard)

Added context option "http"/"request_fulluri" to send entire URI in request
which is required format for some proxies. (Sara)
Readded support for using classes before they are declared according to
the behavior in PHP 4. This won't work with classes who are using PHP 5
features such as interfaces. (Zeev, Andi)
Completely overhauled SimpleXML extension. (Marcus, Rob, Sterling)
Upgraded bundled SQLite library to version 2.8.11. (Ilia, Wez)
Improved destructor implementation to always call destructors on clean
shutdown. An order of destruction is not guaranteed. (Zeev, Andi)
Redesigned exception support. This fixes many bugs in the previous design
such as nested try's and problems with overloaded extensions. (Zeev, Andi)
Redesigned clone by adding a clone keyword (clone $obj) and copying all
properties before __clone() is called. Also allows calling parent __clone
function by using parent::__clone(). (Zeev, Andi)
Fixed interfaces to check for function return-by-reference equality when
inheriting and implementing interfaces. (Andi, Zeev)
Fixed foreach() to respect property visibility. (Marcus)
Fixed problem with parse error in include() file not stopping PHP's
execution. (Ilia)
Fixed var_export() to show public, protected and private modifiers properly.
(Derick)
Fixed problems with longlong values in mysqli. (Georg)
Fixed class name case preserving of user defined classes. (Marcus)
Fixed bug #27145 (Unmangle private/protected property names before printing
them inside error messages). (Ilia)
Fixed bug #27103 (preg_split('//u') incorrectly splits UTF-8 strings into
octets). (Moriyoshi)
Fixed bug #27042 (SPL: SeekableIterator seek() broken). (Marcus)
Fixed bug #27008 (Every class method can be called as static). (Marcus)
Fixed bug #26938 (exec() has problems reading long lines).
(Ilia, runekl[at]opoint[dot]com
Fixed bug #26947 (ext/dom: Crash when using DomDocument::getElementById()).
(Christian)
Fixed bug #26911 (crash in sqlite extension when fetching data from empty
queries). (Ilia)
Fixed bug #26844 (ext/mime_magic: magic file validation broken). (Jani)
Fixed bug #26819 (http_build_query() crashes on NULL output). (Ilia)
Fixed bug #26817 (http_build_query() does not handle private & protected
object properties correctly). (Ilia)
Fixed bug #26815 (foreach of (DOM) childnodes crashes when Xinclude is used).
(Rob)
Fixed bug #26796 (SQLite causes crashes with other extensions *connect()
calls). (Marcus)
Fixed bug #26697 (calling class_exists() on a nonexistent class in __autoload
results in segfault). (Marcus)
Fixed bug #26696 (string index in a switch() crashes with multiple matches).
(Andi)
Fixed bug #26695 (Reflection API does not recognize mixed-case class hints).
(Marcus)
Fixed bug #26690 (make xsltProcessor->transformToUri use streams wrappers).
(Ilia)
Fixed bug #26077 (memory leak when new() result is not assigned and no
constructor is defined). (Stanislav)
Fixed bug #26065 (Crash when nesting classes). (Marcus)
Fixed bug #25816 (disallow arrays in class constants). (Stanislav)
Fixed bug #25329 (sqlite_create_function with method and reference to $this).
(Marcus)
Fixed bug #25038 (call_user_func() issues a warning if function throws an
exception). (Marcus)
Fixed bug #24608 (__set not triggered when overloading with array).
(Stanislav)
Fixed bug #24243 (enabling browscap causes segfault). (Wez)


Version 5.0.0 Beta 3

21-Dec-2003

Moved extensions to PECL:

Added 'c' modifier to date() which returns the date in the ISO
8601 format. (Derick, Manuzhai)
Added an optional parameter to microtime() to get the time as
float. (Andrey)
Added MacRoman encoding support to htmlentities(). (Derick,
Marcus Bointon)
Added possibility to call PHP functions as XSLT-functions.
(Christian)
Added possibility to prevent PHP from registering variables when
input filter. support is used. (Derick)
Added new functions:

php_strip_whitespace(). strip whitespace & comments from a
script. (Ilia)
php_check_syntax(). check php script for parse errors. (Ilia)
image_type_to_extension(). return extension based on image type.
(Ilia)

Added proxy support to http:// wrapper. (Sara)
Added rename(), rmdir() and mkdir() support to userstreams.
(Sara)
Added rename(), rmdir() and mkdir() support to ftp:// wrapper.
(Sara)
Changed rename(), rmdir() and mkdir() to be routed via streams
API. (Sara)
Changed stat() and family to be routed via streams API. (Sara)
Fixed include_once() / require_once() on Windows to honor
case-insensitivity; of files. (Andi)
Fixed get_declared_classes() to return only classes. (Andrey,
Marcus)
Fixed __autoload() to preserve case of the passed class name.
(Andi)
Fixed bug #26615 () (runekl at opoint dot com, Derick)
Fixed bug #26591 ("__autoload threw an exception" during an
uncaught). (Marcus)
Fixed bug #26534 (stream_get_meta_data() -> Access Violation).
(Wez)
Fixed bug #26528 (HTML entities are not being decoded by
xml_parse()/xml_parse_into_struct()). (Ilia)
Fixed bug #26182 (Object properties created redundantly). (Andi)
Fixed bug #26156 (REPLACE_ZVAL_VALUE works on uninit stack-based
zvals). (Moriyoshi)
Fixed bug #26083 (Non-working write support in ext/dom). (Ilia)
Fixed bug #26072 (--disable-libxml does not work). (Jani)
Fixed bug #26001 (serialize crashes when accessing an overloaded
object that has no properties (NULL hashtable)). (Wez)
Fixed bug #25664 (COM crashes when calling a Delphi implementations
of ITypeInfo). (Wez)
Fixed bug #24837 (Incorrect behaviour of PPP using foreach).
(Marcus)
Fixed bug #24693 (Allow session.use_trans_sid to be
enabled/disabled from inside the script). (Ilia)
Fixed bug #24394 (Serializing cross-referenced objects causes
segfault). (Moriyoshi)


Version 5.0.0 Beta 2

30-Oct-2003

Lots and lots of changes in the Zend Engine 2 since beta 1:

You can read about most changes in ZEND_CHANGES under the Zend
directory.

Improved the DBX extension: (Marc)

Improved the Interbase extension: (Ard Biesheuvel)

Added support for multiple databases into ibase_trans()
Added support for CREATE DATABASE, SET TRANSACTION and EXECUTE
PROCEDURE statements into ibase_query()

Added new COM extension with integrated .Net support. (Wez)
Added new functions:

Added "resume_pos" context option to "ftp://" wrapper. (Sara)
Added optional parameter to OCIWriteTemporaryLob() to specify
the type of LOB (Patch by Novicky Marek <novicky@aarongroup.cz>).
(Thies)
Fixed fgetcsv() to correctly handle international (non-ascii)
characters. (Moriyoshi)
Fixed support for <![CDATA[]]> fields within XML documents
in ext/xml. (Sterling)
Fixed visibility of __construct and __clone. (Marcus)
Fixed bug #26003 (fgetcsv() not binary-safe on null bytes).
(Moriyoshi)
Fixed bug #25756 (SimpleXML's validate_schema_file() broken).
(Moriyoshi)
Fixed bug #25581 (getimagesize() returns incorrect values on
bitmap (os2) files). (Marcus)
Fixed bug #25494 (array_merge*() allows non-arrays as argument).
(Jay)
Fixed bug #24766 (strange result array from unpack()). (Moriyoshi)
Fixed bug #24729 ($obj = new $className; causes crash when
$className is not set). (Marcus)
Fixed bug #24565 (cannot read array elements received via
$_REQUEST). (Zeev)
Fixed bug #24445 (get_parent_class() returns different values).
(Sterling, Stanislav)
Fixed bug #24403 (preg_replace() problem: Using $this when not
in object context). (Zeev)
Fixed bug #24399 (PEAR DB isError crash [instanceof_function
fault?]). (Sterling, Marcus)
Fixed bug #19859 (allow fast_call_user_function to support __call).
(Stanislav)
Fixed bug #17997 (Warning when switch() and reference are combined).
(Zeev)
Fixed bug #17988 (strtotime failed to parse postgresql timestamp).
(Derick)


Version 5.0.0 Beta 1

29-Jun-2003

Switch to using Zend Engine 2, which includes numerous engine level improvements.
A full list is available at http://www.php.net/zend-engine-2.php.

The SQLite (http://www.hwaci.com/sw/sqlite/) extension is now bundled and
enabled by default. (Wez, Marcus, Tal)
Improved the speed of internal functions that use callbacks by 40% due to a
new internal fast_call_user_function() function. (Sterling)
Completely Overhauled XML support (Rob, Sterling, Chregu, Marcus)

Removed the bundled MySQL client library. (Sterling)
New php.ini options:

Improved the streams support: (Wez, Sara, Ilia)

Improved performance of readfile(), fpassthru() and some internal streams
operations under Win32.
stream_get_line() - Reads either the specified number of bytes or until
the ending string is found.
Added context property to userspace streams object.
Added generic crypto interface for streams (supports dynamic loading of
OpenSSL)
Added lightweight streaming input abstraction to the Zend Engine scanners
to provide uniform support for include()'ing data from PHP streams across
all platforms.
Added context options 'method', 'header' and 'content' for "http://" fopen
wrapper.

Improved the GD extension: (Pierre-Alain Joye, Ilia)

imagefilter() - Apply different filters to image. (Only available
with bundled GD library)
Antialiased drawing support:

imageantialias() - (de)active antialias
imageline() and imagepolygon() antialias support

Changed the length parameter in fgetss() to be optional. (Moriyoshi)
Changed ini parser to allow for handling of quoted multi-line values. (Ilia)
Changed get_extension_funcs() to return list of the built-in Zend Engine
functions if "zend" is specified as the module name. (Ilia)
Added new iconv functions. (Moriyoshi)

Added misc. new functions:

Added optional parameter to get_browser() to make it return an array. (Jay)
Added optional parameter to openssl_sign() to specify the hashing algorithm.(scott@planetscott.ca, Derick)
Added optional parameter to sha1(), sha1_file(), md5() and md5_file() which
makes them return the digest as binary data. (Michael Bretterklieber, Derick)
Added optional parameter to mkdir() to make directory creation recursive. (Ilia)
Added optional parameter to file() which makes the result array not contain
the line endings and to skip empty lines. (Ilia)
Added new range() functionality:

Added encoding detection feature for expat XML parser. (Adam Dickmeiss, Moriyoshi)
Added missing multibyte (unicode) support and numeric entity support to
html_entity_decode(). (Moriyoshi)
Fixed bug #21600 (Assign by reference function call changes variable
contents). (Zeev)

0 0