Um, excuse me for pointing out the obvious, but isn't that the 4.0.6 Windows binaries? And wasn't the question about the 4.1.0 Windows binaries???
Which aren't on php.net yet...... Richy -----Original Message----- From: Stefan Rusterholz [SMTP:[EMAIL PROTECTED]] Sent: 11 December 2001 10:14 To: MindHunter Cc: PHP Subject: Re: [PHP] Re: PHP 4.1.0 released right from http://www.php.net/downloads.php which zeev mentions at the very top of his mail: PHP 4.0.6 installer [755Kb] - 23 June 2001 (link: http://www.php.net/do_download.php?download_file=php406-installer.exe) (CGI only, MySQL support built-in, packaged as Windows installer to install and configure PHP, and automatically configure IIS, PWS and Xitami, with manual configuration for other servers. N.B. no external extensions included) Please take your self time and comfort yourself to go to the php.net site and take a look yourself to point that bit out yourself - thank you. Stefan Rusterholz, [EMAIL PROTECTED] ---------------------------------- interaktion gmbh Stefan Rusterholz Zurichbergstrasse 17 8032 Zurich ---------------------------------- T. +41 1 253 19 55 F. +41 1 253 19 56 W3 www.interaktion.ch ---------------------------------- ----- Original Message ----- From: "MindHunter" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, December 11, 2001 6:42 AM Subject: [PHP] Re: PHP 4.1.0 released > Where do we get the Windows Binaries? > > Cheers > MH > > Zeev Suraski <[EMAIL PROTECTED]> wrote in message > 5.1.0.14.2.20011210234236.0516bec0@localhost">news:5.1.0.14.2.20011210234236.0516bec0@localhost... > > After a lengthy QA process, PHP 4.1.0 is finally out. Download at > > http://www.php.net/downloads.php ! > > > > PHP 4.1.0 includes several other key improvements: > > - A new input interface for improved security (read below) > > - Highly improved performance in general > > - Revolutionary performance and stability improvements under Windows. The > > multithreaded server modules under Windows (ISAPI, Apache, etc.) perform > as > > much as 30 times faster under load! We want to thank Brett Brewer and his > > team in Microsoft for working with us to improve PHP for Windows. > > - Versioning support for extensions. Right now it's barely being used, > but > > the infrastructure was put in place to support separate version numbers > for > > different extensions. The negative side effect is that loading extensions > > that were built against old versions of PHP will now result in a crash, > > instead of in a nice clear message. Make sure you only use extensions > > built with PHP 4.1.0. > > - Turn-key output compression support > > - *LOTS* of fixes and new functions > > > > As some of you may notice, this version is quite historical, as it's the > > first time in history we actually incremented the middle digit! :) The > two > > key reasons for this unprecedented change were the new input interface, > and > > the broken binary compatibility of modules due to the versioning support. > > > > Following is a description of the new input mechanism. For a full list of > > changes in PHP 4.1.0, scroll down to the end of this section. > > > > ----------------------------------- > > > > SECURITY: NEW INPUT MECHANISM > > > > First and foremost, it's important to stress that regardless of anything > > you may read in the following lines, PHP 4.1.0 *supports* the old input > > mechanisms from older versions. Old applications should go on working > fine > > without modification! > > > > Now that we have that behind us, let's move on :) > > > > For various reasons, PHP setups which rely on register_globals being on > > (i.e., on form, server and environment variables becoming a part of the > > global namespace, automatically) are very often exploitable to various > > degrees. For example, the piece of code: > > > > <?php > > if (authenticate_user()) { > > $authenticated = true; > > } > > ... > > ?> > > > > May be exploitable, as remote users can simply pass on 'authenticated' as > a > > form variable, and then even if authenticate_user() returns false, > > $authenticated will actually be set to true. While this looks like a > > simple example, in reality, quite a few PHP applications ended up being > > exploitable by things related to this misfeature. > > > > While it is quite possible to write secure code in PHP, we felt that the > > fact that PHP makes it too easy to write insecure code was bad, and we've > > decided to attempt a far-reaching change, and deprecate > > register_globals. Obviously, because the vast majority of the PHP code in > > the world relies on the existence of this feature, we have no plans to > > actually remove it from PHP anytime in the foreseeable future, but we've > > decided to encourage people to shut it off whenever possible. > > > > To help users build PHP applications with register_globals being off, > we've > > added several new special variables that can be used instead of the old > > global variables. There are 7 new special arrays: > > > > $_GET - contains form variables sent through GET > > $_POST - contains form variables sent through POST > > $_COOKIE - contains HTTP cookie variables > > $_SERVER - contains server variables (e.g., REMOTE_ADDR) > > $_ENV - contains the environment variables > > $_REQUEST - a merge of the GET variables, POST variables and Cookie > > variables. In other words - all the information that is coming from the > > user, and that from a security point of view, cannot be trusted. > > $_SESSION - contains HTTP variables registered by the session module > > > > Now, other than the fact that these variables contain this special > > information, they're also special in another way - they're automatically > > global in any scope. This means that you can access them anywhere, > without > > having to 'global' them first. For example: > > > > function example1() > > { > > print $_GET["name"]; // works, 'global $_GET;' is not necessary! > > } > > > > would work fine! We hope that this fact would ease the pain in migrating > > old code to new code a bit, and we're confident it's going to make writing > > new code easier. Another neat trick is that creating new entries in the > > $_SESSION array will automatically register them as session variables, as > > if you called session_register(). This trick is limited to the session > > module only - for example, setting new entries in $_ENV will *not* perform > > an implicit putenv(). > > > > PHP 4.1.0 still defaults to have register_globals set to on. It's a > > transitional version, and we encourage application authors, especially > > public ones which are used by a wide audience, to change their > applications > > to work in an environment where register_globals is set to off. Of > course, > > they should take advantage of the new features supplied in PHP 4.1.0 that > > make this transition much easier. > > > > As of the next semi-major version of PHP, new installations of PHP will > > default to having register_globals set to off. No worries! Existing > > installations, which already have a php.ini file that has register_globals > > set to on, will not be affected. Only when you install PHP on a brand new > > machine (typically, if you're a brand new user), will this affect you, and > > then too - you can turn it on if you choose to. > > > > Note: Some of these arrays had old names, e.g. $HTTP_GET_VARS. These > > names still work, but we encourage users to switch to the new shorter, and > > auto-global versions. > > > > Thanks go to Shaun Clowes ([EMAIL PROTECTED]) for pointing out > > this problem and for analyzing it. > > > > ------------------------------------- > > > > FULL LIST OF CHANGES > > > > 10 Dec 2001, Version 4.1.0 > > - Worked around a bug in the MySQL client library that could cause PHP to > hang > > when using unbuffered queries. (Zeev) > > - Fixed a bug which caused set_time_limit() to affect all subsequent > requests > > to running Apache child process. (Zeev) > > - Removed the sablotron extension in favor of the new XSLT extension. > > (Sterling) > > - Fixed a bug in WDDX deserialization that would sometimes corrupt the > root > > element if it was a scalar one. (Andrei) > > - Make ImageColorAt() and ImageColorsForIndex() work with TrueColor > images. > > (Rasmus) > > - Fixed a bug in preg_match_all() that would return results under improper > > indices in certain cases. (Andrei) > > - Fixed a crash in str_replace() that would happen if search parameter was > an > > array and one of the replacements resulted in subject string being > empty. > > (Andrei) > > - Fixed MySQL extension to work with MySQL 4.0. (Jani) > > - Fixed a crash bug within Cobalt systems. Patch by [EMAIL PROTECTED] > (Jani) > > - Bundled Dan Libby's xmlrpc-epi extension. > > - Introduced extension version numbers. (Stig) > > - Added version_compare() function. (Stig) > > - Fixed pg_last_notice() (could cause random crashes in PostgreSQL > > applications, even if they didn't use pg_last_notice()). (Zeev) > > - Fixed DOM-XML's error reporting, so E_WARNING errors are given instead > of > > E_ERROR error's, this allows you to trap errors thrown by DOMXML > functions. > > (Sterling) > > - Fixed a bug in the mcrypt extension, where list destructors were not > > properly being allocated. (Sterling) > > - Better Interbase blob, null and error handling. (Patch by Jeremy Bettis) > > - Fixed a crash bug in array_map() if the input arrays had string or > > non-sequential keys. Also modified it so that if a single array is > passed, > > its keys are preserved in the resulting array. (Andrei) > > - Fixed a crash in dbase_replace_record. (Patch by > [EMAIL PROTECTED]) > > - Fixed a crash in msql_result(). (Zeev) > > - Added support for single dimensional SafeArrays and Enumerations. > > Added an is_enum() function to check if a component implements an > > enumeration. (Alan, Harald) > > - Fixed a bug in dbase_get_record() and dbase_get_record_with_names(). > > boolean fields are now returned correctly. > > Patch by Lawrence E. Widman <[EMAIL PROTECTED]> (Jani) > > - Added --version option to php-config. (Stig) > > - Improved support for thttpd-2.21b by incorporating patches for all known > > bugs. (Sascha) > > - Added ircg_get_username, a roomkey argument to ircg_join, error fetching > > infrastructure, a tokenizer to speed up message processing, and fixed > > a lot of bugs in the IRCG extension. (Sascha) > > - Improved speed of the serializer/deserializer. (Thies, Sascha) > > - Floating point numbers are better detected when converting from strings. > > (Zeev, Zend Engine) > > - Replaced php.ini-optimized with php.ini-recommended. As the name > implies, > > it's warmly recommended to use this file as the basis for your PHP > > configuration, rather than php.ini-dist. (Zeev) > > - Restore xpath_eval() and php_xpathptr_eval() for 4.0.7. There > > are still some known leaks. (Joey) > > - Added import_request_variables(), to allow users to safely import form > > variables to the global scope (Zeev) > > - Introduced a new $_REQUEST array, which includes any GET, POST or COOKIE > > variables. Like the other new variables, this variable is also > available > > regardless of the context. (Andi & Zeev) > > - Introduced $_GET, $_POST, $_COOKIE, $_SERVER and $_ENV variables, which > > deprecate the old $HTTP_*_VARS arrays. In addition to be much shorter > to > > type - these variables are also available regardless of the scope, and > > there's no need to import them using the 'global' statement. (Andi & > Zeev) > > - Added vprintf() and vsprintf() functions that allow passing all > arguments > > after format as an array. (Andrei) > > - Added support for GD2 image type for ImageCreateFromString() (Jani) > > - Added ImageCreateFromGD(), ImageCreateFromGD2(), > ImageCreateFromGD2part(), > > ImageGD() and ImageGD2() functions (Jani) > > - addcslashes now warns when charlist is invalid. The returned string > > remained the same (Jeroen) > > - Added optional extra argument to gmp_init(). The extra argument > > indicates which number base gmp should use when converting a > > string to the gmp-number. (Troels) > > - Added the Cyrus-IMAP extension, which allows a direct interface to > Cyrus' > > more advanced capabilities. (Sterling) > > - Enhance read_exif_data() to support multiple comment tags (Rasmus) > > - Fixed a crash bug in array_map() when NULL callback was passed in. > (Andrei) > > - Change from E_ERROR to E_WARNING in the exif extension (Rasmus) > > - New pow() implementation, which returns an integer when possible, > > and warnings on wrong input (jeroen) > > - Added optional second parameter to trim, chop and ltrim. You can > > now specify which characters to trim (jeroen) > > - Hugely improved the performance of the thread-safe version of PHP, > especially > > under Windows (Andi & Zeev) > > - Improved request-shutdown performance significantly (Andi & Zeev, Zend > > Engine) > > - Added a few new math functions. (Jesus) > > - Bump bundled expat to 1.95.2 (Thies) > > - Improved the stability of OCIPlogon() after a database restart. (Thies) > > - Fixed __FILE__ in the CGI & Java servlet modes when used in the main > script. > > It only worked correctly in included files before this fix (Andi) > > - Improved the Zend hash table implementation to be much faster (Andi, > Zend > > Engine) > > - Updated PHP's file open function (used by include()) to check in the > calling > > script's directory in case the file can't be found in the include_path > > (Andi) > > - Fixed a corruption bug that could cause constants to become corrupted, > and > > possibly prevent resources from properly being cleaned up at the end of > > a request (Zeev) > > - Added optional use of Boyer-Moore algorithm to str_replace() (Sascha) > > - Fixed and improved shared-memory session storage module (Sascha) > > - Add config option (always_populate_raw_post_data) which when enabled > > will always populate $HTTP_RAW_POST_DATA regardless of the post mime > > type (Rasmus) > > - Added support for socket and popen file types to ftp_fput (Jason) > > - Fixed various memory leaks in the LDAP extension (Stig Venaas) > > - Improved interactive mode - it is now available in all builds of PHP, > without > > any significant slowdown (Zeev, Zend Engine) > > - Fixed crash in iptcparse() if the supplied data was bogus. (Thies) > > - Fixed return value for a failed snmpset() - now returns false (Rasmus) > > - Added hostname:port support to snmp functions ([EMAIL PROTECTED], > Rasmus) > > - Added fdf_set_encoding() function (Masaki YATSU, Rasmus) > > - Reversed the destruction-order of resources. This fixes the reported > OCI8 > > "failed to rollback outstanding transactions!" message (Thies, Zend > Engine) > > - Added option for returning XMLRPC fault packets. (Matt Allen, Sascha > > Schumann) > > - Improved range() function to support range('a','z') and range(9,0) types > of > > ranges. (Rasmus) > > - Added getmygid() and safe_mode_gid ini directive to allow safe mode to > do > > a gid check instead of a uid check. (James E. Flemer, Rasmus) > > - Made assert() accept the array(&$obj, 'methodname') syntax. (Thies) > > - Made sure that OCI8 outbound variables are always zero-terminated. > (Thies) > > - Fixed a bug that allowed users to spawn processes while using the 5th > > parameter to mail(). (Derick) > > - Added nl_langinfo() (when OS provides it) that returns locale. > > - Fixed a major memory corruption bug in the thread safe version. (Zeev) > > - Fixed a crash when using the CURLOPT_WRITEHEADER option. (Sterling) > > - Added optional suffix removal parameter to basename(). (Hartmut) > > - Added new parameter UDM_PARAM_VARDIR ha in Udm_Set_Agent_Param() > function to > > support alternative search data directory. This requires mnogoSearch > 3.1.13 > > or later. > > - Fixed references in sessions. This doesn't work when using the WDDX > > session-serializer. Also improved speed of sessions. (Thies) > > - Added new experimental module pcntl (Process Control). (Jason) > > - Fixed a bug when com.allow_dcom is set to false. (phanto) > > - Added a further parameter to the constructor to load typelibs from file > when > > instantiating components (e.g. DCOM Components without local > registration). > > (phanto) > > - Added the possibility to specify typelibs by full name in the typelib > file > > (Alan Brown) > > - Renamed the ZZiplib extension to the Zip extension, function names have > also > > changed accordingly, functionality, has stayed constant. (Sterling) > > - Made the length argument (argument 2) to pg_loread() optional, if not > > specified data will be read in 1kb chunks. (Sterling) > > - Added a third argument to pg_lowrite() which is the length of the data > to > > write. (Sterling) > > - Added the CONNECTION_ABORTED, CONNECTION_TIMEOUT and CONNECTION_NORMAL > > constants. (Zak) > > - Assigning to a string offset beyond the end of the string now > automatically > > increases the string length by padding it with spaces, and performs the > > assignment. (Zeev, Zend Engine) > > - Added warnings in case an uninitialized string offset is read. (Zeev, > Zend > > Engine) > > - Fixed a couple of overflow bugs in case of very large negative integer > > numbers. (Zeev, Zend Engine) > > - Fixed a crash bug in the string-offsets implementation (Zeev, Zend > Engine) > > - Improved the implementation of parent::method_name() for classes which > use > > run-time inheritance. (Zeev, Zend Engine) > > - Added 'W' flag to date() function to return week number of year using > ISO > > 8601 standard. (Colin) > > - Made the PostgreSQL driver do internal row counting when iterating > through > > result sets. ([EMAIL PROTECTED]) > > - Updated ext/mysql/libmysql to version 3.23.39; Portability fixes, minor > > bug fixes. ([EMAIL PROTECTED]) > > - Added get_defined_constants() function to return an associative array of > > constants mapped to their values. (Sean) > > - New mailparse extension for parsing and manipulating MIME mail. (Wez) > > - Define HAVE_CONFIG_H when building standalone DSO extensions. (Stig) > > - Added the 'u' modifier to printf/sprintf which prints unsigned longs. > > (Derick) > > - Improved IRIX compatibility. (Sascha) > > - Fixed crash bug in bzopen() when specifying an invalid file. (Andi) > > - Fixed bugs in the mcrypt extension that caused crashes. (Derick) > > - Added the IMG_ARC_ROUNDED option for the ImageFilledArc() function, > which > > specified that the drawn curve should be rounded. (Sterling) > > - Updated the sockets extension to use resources instead of longs for the > > socket descriptors. The socket functions have been renamed to conform > with > > the PHP standard instead of their C counterparts. The sockets > extension is > > now usable under Win32. (Daniel) > > - Added disk_total_space() to return the total size of a filesystem. > > (Patch from Steven Bower) > > - Renamed diskfreespace() to disk_free_space() to conform to established > > naming conventions. (Jon) > > - Fixed #2181. Now zero is returned instead of an unset value for > > 7-bit encoding and plain text body type. (Vlad) > > - Fixed a bug in call_user_*() functions that would not allow calling > > functions/methods that accepted parameters by reference. (Andrei) > > - Added com_release($obj) and com_addref($obj) functions and the related > class > > members $obj->Release() and $obj->AddRef() to gain more control over > the > > used > > COM components. (phanto) > > - Added an additional parameter to dotnet_load to specify the codepage > (phanto) > > - Added peak memory logging. Use --enable-memory-limit to create a new > Apache > > 1.x logging directive "{mod_php_memory_usage}n" which will log the peak > > amount of memory used by the script. (Thies) > > - Made fstat() and stat() provide identical output by returning a > numerical and > > string indexed array. (Jason) > > - Fixed memory leak upon re-registering constants. (Sascha, Zend Engine) > > > > ----------------------------------- > > > > Zeev > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
