woooohoops, you are absolutly right I'm sorry - big apologizes :~/ *taking myself on my nose*
And I (*stupid*) had almost downloaded 4.06 twice (since I've 4.06 already installed) not remarking that this are the "old" 4.06 binaries... Stefan Rusterholz, [EMAIL PROTECTED] ---------------------------------- interaktion gmbh Stefan Rusterholz Zürichbergstrasse 17 8032 Zürich ---------------------------------- T. +41 1 253 19 55 F. +41 1 253 19 56 W3 www.interaktion.ch ---------------------------------- ----- Original Message ----- From: "Richard Black" <[EMAIL PROTECTED]> To: "PHP" <[EMAIL PROTECTED]> Sent: Tuesday, December 11, 2001 11:22 AM Subject: RE: [PHP] Re: PHP 4.1.0 released > > Um, excuse me for pointing out the obvious, but isn't that the 4.0.6 > Windows binaries? And wasn't the question about the 4.1.0 Windows > binaries??? > > Which aren't on php.net yet...... > > Richy > > -----Original Message----- > From: Stefan Rusterholz [SMTP:[EMAIL PROTECTED]] > Sent: 11 December 2001 10:14 > To: MindHunter > Cc: PHP > Subject: Re: [PHP] Re: PHP 4.1.0 released > > right from http://www.php.net/downloads.php which zeev mentions at the very > top of his mail: > > PHP 4.0.6 installer [755Kb] - 23 June 2001 (link: > http://www.php.net/do_download.php?download_file=php406-installer.exe) > (CGI only, MySQL support built-in, packaged as Windows installer to install > and configure PHP, and automatically configure IIS, PWS and Xitami, with > manual configuration for other servers. N.B. no external extensions > included) > > Please take your self time and comfort yourself to go to the php.net site > and take a look yourself to point that bit out yourself - thank you. > Stefan Rusterholz, [EMAIL PROTECTED] > ---------------------------------- > interaktion gmbh > Stefan Rusterholz > Zurichbergstrasse 17 > 8032 Zurich > ---------------------------------- > T. +41 1 253 19 55 > F. +41 1 253 19 56 > W3 www.interaktion.ch > ---------------------------------- > ----- Original Message ----- > From: "MindHunter" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Tuesday, December 11, 2001 6:42 AM > Subject: [PHP] Re: PHP 4.1.0 released > > > > Where do we get the Windows Binaries? > > > > Cheers > > MH > > > > Zeev Suraski <[EMAIL PROTECTED]> wrote in message > > 5.1.0.14.2.20011210234236.0516bec0@localhost">news:5.1.0.14.2.20011210234236.0516bec0@localhost... > > > After a lengthy QA process, PHP 4.1.0 is finally out. Download at > > > http://www.php.net/downloads.php ! > > > > > > PHP 4.1.0 includes several other key improvements: > > > - A new input interface for improved security (read below) > > > - Highly improved performance in general > > > - Revolutionary performance and stability improvements under Windows. > The > > > multithreaded server modules under Windows (ISAPI, Apache, etc.) > perform > > as > > > much as 30 times faster under load! We want to thank Brett Brewer and > his > > > team in Microsoft for working with us to improve PHP for Windows. > > > - Versioning support for extensions. Right now it's barely being used, > > but > > > the infrastructure was put in place to support separate version numbers > > for > > > different extensions. The negative side effect is that loading > extensions > > > that were built against old versions of PHP will now result in a crash, > > > instead of in a nice clear message. Make sure you only use extensions > > > built with PHP 4.1.0. > > > - Turn-key output compression support > > > - *LOTS* of fixes and new functions > > > > > > As some of you may notice, this version is quite historical, as it's > the > > > first time in history we actually incremented the middle digit! :) The > > two > > > key reasons for this unprecedented change were the new input interface, > > and > > > the broken binary compatibility of modules due to the versioning > support. > > > > > > Following is a description of the new input mechanism. For a full list > of > > > changes in PHP 4.1.0, scroll down to the end of this section. > > > > > > ----------------------------------- > > > > > > SECURITY: NEW INPUT MECHANISM > > > > > > First and foremost, it's important to stress that regardless of > anything > > > you may read in the following lines, PHP 4.1.0 *supports* the old input > > > mechanisms from older versions. Old applications should go on working > > fine > > > without modification! > > > > > > Now that we have that behind us, let's move on :) > > > > > > For various reasons, PHP setups which rely on register_globals being on > > > (i.e., on form, server and environment variables becoming a part of the > > > global namespace, automatically) are very often exploitable to various > > > degrees. For example, the piece of code: > > > > > > <?php > > > if (authenticate_user()) { > > > $authenticated = true; > > > } > > > ... > > > ?> > > > > > > May be exploitable, as remote users can simply pass on 'authenticated' > as > > a > > > form variable, and then even if authenticate_user() returns false, > > > $authenticated will actually be set to true. While this looks like a > > > simple example, in reality, quite a few PHP applications ended up being > > > exploitable by things related to this misfeature. > > > > > > While it is quite possible to write secure code in PHP, we felt that > the > > > fact that PHP makes it too easy to write insecure code was bad, and > we've > > > decided to attempt a far-reaching change, and deprecate > > > register_globals. Obviously, because the vast majority of the PHP code > in > > > the world relies on the existence of this feature, we have no plans to > > > actually remove it from PHP anytime in the foreseeable future, but > we've > > > decided to encourage people to shut it off whenever possible. > > > > > > To help users build PHP applications with register_globals being off, > > we've > > > added several new special variables that can be used instead of the old > > > global variables. There are 7 new special arrays: > > > > > > $_GET - contains form variables sent through GET > > > $_POST - contains form variables sent through POST > > > $_COOKIE - contains HTTP cookie variables > > > $_SERVER - contains server variables (e.g., REMOTE_ADDR) > > > $_ENV - contains the environment variables > > > $_REQUEST - a merge of the GET variables, POST variables and Cookie > > > variables. In other words - all the information that is coming from > the > > > user, and that from a security point of view, cannot be trusted. > > > $_SESSION - contains HTTP variables registered by the session module > > > > > > Now, other than the fact that these variables contain this special > > > information, they're also special in another way - they're > automatically > > > global in any scope. This means that you can access them anywhere, > > without > > > having to 'global' them first. For example: > > > > > > function example1() > > > { > > > print $_GET["name"]; // works, 'global $_GET;' is not necessary! > > > } > > > > > > would work fine! We hope that this fact would ease the pain in > migrating > > > old code to new code a bit, and we're confident it's going to make > writing > > > new code easier. Another neat trick is that creating new entries in > the > > > $_SESSION array will automatically register them as session variables, > as > > > if you called session_register(). This trick is limited to the session > > > module only - for example, setting new entries in $_ENV will *not* > perform > > > an implicit putenv(). > > > > > > PHP 4.1.0 still defaults to have register_globals set to on. It's a > > > transitional version, and we encourage application authors, especially > > > public ones which are used by a wide audience, to change their > > applications > > > to work in an environment where register_globals is set to off. Of > > course, > > > they should take advantage of the new features supplied in PHP 4.1.0 > that > > > make this transition much easier. > > > > > > As of the next semi-major version of PHP, new installations of PHP will > > > default to having register_globals set to off. No worries! Existing > > > installations, which already have a php.ini file that has > register_globals > > > set to on, will not be affected. Only when you install PHP on a brand > new > > > machine (typically, if you're a brand new user), will this affect you, > and > > > then too - you can turn it on if you choose to. > > > > > > Note: Some of these arrays had old names, e.g. $HTTP_GET_VARS. These > > > names still work, but we encourage users to switch to the new shorter, > and > > > auto-global versions. > > > > > > Thanks go to Shaun Clowes ([EMAIL PROTECTED]) for pointing out > > > this problem and for analyzing it. > > > > > > ------------------------------------- > > > > > > FULL LIST OF CHANGES > > > > > > 10 Dec 2001, Version 4.1.0 > > > - Worked around a bug in the MySQL client library that could cause PHP > to > > hang > > > when using unbuffered queries. (Zeev) > > > - Fixed a bug which caused set_time_limit() to affect all subsequent > > requests > > > to running Apache child process. (Zeev) > > > - Removed the sablotron extension in favor of the new XSLT extension. > > > (Sterling) > > > - Fixed a bug in WDDX deserialization that would sometimes corrupt the > > root > > > element if it was a scalar one. (Andrei) > > > - Make ImageColorAt() and ImageColorsForIndex() work with TrueColor > > images. > > > (Rasmus) > > > - Fixed a bug in preg_match_all() that would return results under > improper > > > indices in certain cases. (Andrei) > > > - Fixed a crash in str_replace() that would happen if search parameter > was > > an > > > array and one of the replacements resulted in subject string being > > empty. > > > (Andrei) > > > - Fixed MySQL extension to work with MySQL 4.0. (Jani) > > > - Fixed a crash bug within Cobalt systems. Patch by [EMAIL PROTECTED] > > (Jani) > > > - Bundled Dan Libby's xmlrpc-epi extension. > > > - Introduced extension version numbers. (Stig) > > > - Added version_compare() function. (Stig) > > > - Fixed pg_last_notice() (could cause random crashes in PostgreSQL > > > applications, even if they didn't use pg_last_notice()). (Zeev) > > > - Fixed DOM-XML's error reporting, so E_WARNING errors are given > instead > > of > > > E_ERROR error's, this allows you to trap errors thrown by DOMXML > > functions. > > > (Sterling) > > > - Fixed a bug in the mcrypt extension, where list destructors were not > > > properly being allocated. (Sterling) > > > - Better Interbase blob, null and error handling. (Patch by Jeremy > Bettis) > > > - Fixed a crash bug in array_map() if the input arrays had string or > > > non-sequential keys. Also modified it so that if a single array is > > passed, > > > its keys are preserved in the resulting array. (Andrei) > > > - Fixed a crash in dbase_replace_record. (Patch by > > [EMAIL PROTECTED]) > > > - Fixed a crash in msql_result(). (Zeev) > > > - Added support for single dimensional SafeArrays and Enumerations. > > > Added an is_enum() function to check if a component implements an > > > enumeration. (Alan, Harald) > > > - Fixed a bug in dbase_get_record() and dbase_get_record_with_names(). > > > boolean fields are now returned correctly. > > > Patch by Lawrence E. Widman <[EMAIL PROTECTED]> (Jani) > > > - Added --version option to php-config. (Stig) > > > - Improved support for thttpd-2.21b by incorporating patches for all > known > > > bugs. (Sascha) > > > - Added ircg_get_username, a roomkey argument to ircg_join, error > fetching > > > infrastructure, a tokenizer to speed up message processing, and > fixed > > > a lot of bugs in the IRCG extension. (Sascha) > > > - Improved speed of the serializer/deserializer. (Thies, Sascha) > > > - Floating point numbers are better detected when converting from > strings. > > > (Zeev, Zend Engine) > > > - Replaced php.ini-optimized with php.ini-recommended. As the name > > implies, > > > it's warmly recommended to use this file as the basis for your PHP > > > configuration, rather than php.ini-dist. (Zeev) > > > - Restore xpath_eval() and php_xpathptr_eval() for 4.0.7. There > > > are still some known leaks. (Joey) > > > - Added import_request_variables(), to allow users to safely import > form > > > variables to the global scope (Zeev) > > > - Introduced a new $_REQUEST array, which includes any GET, POST or > COOKIE > > > variables. Like the other new variables, this variable is also > > available > > > regardless of the context. (Andi & Zeev) > > > - Introduced $_GET, $_POST, $_COOKIE, $_SERVER and $_ENV variables, > which > > > deprecate the old $HTTP_*_VARS arrays. In addition to be much > shorter > > to > > > type - these variables are also available regardless of the scope, > and > > > there's no need to import them using the 'global' statement. (Andi > & > > Zeev) > > > - Added vprintf() and vsprintf() functions that allow passing all > > arguments > > > after format as an array. (Andrei) > > > - Added support for GD2 image type for ImageCreateFromString() (Jani) > > > - Added ImageCreateFromGD(), ImageCreateFromGD2(), > > ImageCreateFromGD2part(), > > > ImageGD() and ImageGD2() functions (Jani) > > > - addcslashes now warns when charlist is invalid. The returned string > > > remained the same (Jeroen) > > > - Added optional extra argument to gmp_init(). The extra argument > > > indicates which number base gmp should use when converting a > > > string to the gmp-number. (Troels) > > > - Added the Cyrus-IMAP extension, which allows a direct interface to > > Cyrus' > > > more advanced capabilities. (Sterling) > > > - Enhance read_exif_data() to support multiple comment tags (Rasmus) > > > - Fixed a crash bug in array_map() when NULL callback was passed in. > > (Andrei) > > > - Change from E_ERROR to E_WARNING in the exif extension (Rasmus) > > > - New pow() implementation, which returns an integer when possible, > > > and warnings on wrong input (jeroen) > > > - Added optional second parameter to trim, chop and ltrim. You can > > > now specify which characters to trim (jeroen) > > > - Hugely improved the performance of the thread-safe version of PHP, > > especially > > > under Windows (Andi & Zeev) > > > - Improved request-shutdown performance significantly (Andi & Zeev, > Zend > > > Engine) > > > - Added a few new math functions. (Jesus) > > > - Bump bundled expat to 1.95.2 (Thies) > > > - Improved the stability of OCIPlogon() after a database restart. > (Thies) > > > - Fixed __FILE__ in the CGI & Java servlet modes when used in the main > > script. > > > It only worked correctly in included files before this fix (Andi) > > > - Improved the Zend hash table implementation to be much faster (Andi, > > Zend > > > Engine) > > > - Updated PHP's file open function (used by include()) to check in the > > calling > > > script's directory in case the file can't be found in the > include_path > > > (Andi) > > > - Fixed a corruption bug that could cause constants to become > corrupted, > > and > > > possibly prevent resources from properly being cleaned up at the end > of > > > a request (Zeev) > > > - Added optional use of Boyer-Moore algorithm to str_replace() (Sascha) > > > - Fixed and improved shared-memory session storage module (Sascha) > > > - Add config option (always_populate_raw_post_data) which when enabled > > > will always populate $HTTP_RAW_POST_DATA regardless of the post mime > > > type (Rasmus) > > > - Added support for socket and popen file types to ftp_fput (Jason) > > > - Fixed various memory leaks in the LDAP extension (Stig Venaas) > > > - Improved interactive mode - it is now available in all builds of PHP, > > without > > > any significant slowdown (Zeev, Zend Engine) > > > - Fixed crash in iptcparse() if the supplied data was bogus. (Thies) > > > - Fixed return value for a failed snmpset() - now returns false > (Rasmus) > > > - Added hostname:port support to snmp functions ([EMAIL PROTECTED], > > Rasmus) > > > - Added fdf_set_encoding() function (Masaki YATSU, Rasmus) > > > - Reversed the destruction-order of resources. This fixes the reported > > OCI8 > > > "failed to rollback outstanding transactions!" message (Thies, Zend > > Engine) > > > - Added option for returning XMLRPC fault packets. (Matt Allen, Sascha > > > Schumann) > > > - Improved range() function to support range('a','z') and range(9,0) > types > > of > > > ranges. (Rasmus) > > > - Added getmygid() and safe_mode_gid ini directive to allow safe mode > to > > do > > > a gid check instead of a uid check. (James E. Flemer, Rasmus) > > > - Made assert() accept the array(&$obj, 'methodname') syntax. (Thies) > > > - Made sure that OCI8 outbound variables are always zero-terminated. > > (Thies) > > > - Fixed a bug that allowed users to spawn processes while using the 5th > > > parameter to mail(). (Derick) > > > - Added nl_langinfo() (when OS provides it) that returns locale. > > > - Fixed a major memory corruption bug in the thread safe version. > (Zeev) > > > - Fixed a crash when using the CURLOPT_WRITEHEADER option. (Sterling) > > > - Added optional suffix removal parameter to basename(). (Hartmut) > > > - Added new parameter UDM_PARAM_VARDIR ha in Udm_Set_Agent_Param() > > function to > > > support alternative search data directory. This requires > mnogoSearch > > 3.1.13 > > > or later. > > > - Fixed references in sessions. This doesn't work when using the WDDX > > > session-serializer. Also improved speed of sessions. (Thies) > > > - Added new experimental module pcntl (Process Control). (Jason) > > > - Fixed a bug when com.allow_dcom is set to false. (phanto) > > > - Added a further parameter to the constructor to load typelibs from > file > > when > > > instantiating components (e.g. DCOM Components without local > > registration). > > > (phanto) > > > - Added the possibility to specify typelibs by full name in the typelib > > file > > > (Alan Brown) > > > - Renamed the ZZiplib extension to the Zip extension, function names > have > > also > > > changed accordingly, functionality, has stayed constant. (Sterling) > > > - Made the length argument (argument 2) to pg_loread() optional, if not > > > specified data will be read in 1kb chunks. (Sterling) > > > - Added a third argument to pg_lowrite() which is the length of the > data > > to > > > write. (Sterling) > > > - Added the CONNECTION_ABORTED, CONNECTION_TIMEOUT and > CONNECTION_NORMAL > > > constants. (Zak) > > > - Assigning to a string offset beyond the end of the string now > > automatically > > > increases the string length by padding it with spaces, and performs > the > > > assignment. (Zeev, Zend Engine) > > > - Added warnings in case an uninitialized string offset is read. (Zeev, > > Zend > > > Engine) > > > - Fixed a couple of overflow bugs in case of very large negative > integer > > > numbers. (Zeev, Zend Engine) > > > - Fixed a crash bug in the string-offsets implementation (Zeev, Zend > > Engine) > > > - Improved the implementation of parent::method_name() for classes > which > > use > > > run-time inheritance. (Zeev, Zend Engine) > > > - Added 'W' flag to date() function to return week number of year using > > ISO > > > 8601 standard. (Colin) > > > - Made the PostgreSQL driver do internal row counting when iterating > > through > > > result sets. ([EMAIL PROTECTED]) > > > - Updated ext/mysql/libmysql to version 3.23.39; Portability fixes, > minor > > > bug fixes. ([EMAIL PROTECTED]) > > > - Added get_defined_constants() function to return an associative array > of > > > constants mapped to their values. (Sean) > > > - New mailparse extension for parsing and manipulating MIME mail. (Wez) > > > - Define HAVE_CONFIG_H when building standalone DSO extensions. (Stig) > > > - Added the 'u' modifier to printf/sprintf which prints unsigned longs. > > > (Derick) > > > - Improved IRIX compatibility. (Sascha) > > > - Fixed crash bug in bzopen() when specifying an invalid file. (Andi) > > > - Fixed bugs in the mcrypt extension that caused crashes. (Derick) > > > - Added the IMG_ARC_ROUNDED option for the ImageFilledArc() function, > > which > > > specified that the drawn curve should be rounded. (Sterling) > > > - Updated the sockets extension to use resources instead of longs for > the > > > socket descriptors. The socket functions have been renamed to > conform > > with > > > the PHP standard instead of their C counterparts. The sockets > > extension is > > > now usable under Win32. (Daniel) > > > - Added disk_total_space() to return the total size of a filesystem. > > > (Patch from Steven Bower) > > > - Renamed diskfreespace() to disk_free_space() to conform to > established > > > naming conventions. (Jon) > > > - Fixed #2181. Now zero is returned instead of an unset value for > > > 7-bit encoding and plain text body type. (Vlad) > > > - Fixed a bug in call_user_*() functions that would not allow calling > > > functions/methods that accepted parameters by reference. (Andrei) > > > - Added com_release($obj) and com_addref($obj) functions and the > related > > class > > > members $obj->Release() and $obj->AddRef() to gain more control over > > the > > > used > > > COM components. (phanto) > > > - Added an additional parameter to dotnet_load to specify the codepage > > (phanto) > > > - Added peak memory logging. Use --enable-memory-limit to create a new > > Apache > > > 1.x logging directive "{mod_php_memory_usage}n" which will log the > peak > > > amount of memory used by the script. (Thies) > > > - Made fstat() and stat() provide identical output by returning a > > numerical and > > > string indexed array. (Jason) > > > - Fixed memory leak upon re-registering constants. (Sascha, Zend > Engine) > > > > > > ----------------------------------- > > > > > > Zeev > > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]