Just update PHP to v.4.1.0 about 10 mins ago
Worked pretty go so far ! :)
Will tell about loads soon .. But as far as I see, the load really dropped
Yeah, and waiting till Zend is bringing out a working version of Optimizer
that PHP version ! :)

cya !

PS: thx for your affords !

"Zeev Suraski" <[EMAIL PROTECTED]> schrieb im Newsbeitrag">news:
> After a lengthy QA process, PHP 4.1.0 is finally out.  Download at
> http://www.php.net/downloads.php !
> PHP 4.1.0 includes several other key improvements:
> - A new input interface for improved security (read below)
> - Highly improved performance in general
> - Revolutionary performance and stability improvements under Windows.  The
> multithreaded server modules under Windows (ISAPI, Apache, etc.) perform
> much as 30 times faster under load!  We want to thank Brett Brewer and his
> team in Microsoft for working with us to improve PHP for Windows.
> - Versioning support for extensions.  Right now it's barely being used,
> the infrastructure was put in place to support separate version numbers
> different extensions.  The negative side effect is that loading extensions
> that were built against old versions of PHP will now result in a crash,
> instead of in a nice clear message.  Make sure you only use extensions
> built with PHP 4.1.0.
> - Turn-key output compression support
> - *LOTS* of fixes and new functions
> As some of you may notice, this version is quite historical, as it's the
> first time in history we actually incremented the middle digit!  :) The
> key reasons for this unprecedented change were the new input interface,
> the broken binary compatibility of modules due to the versioning support.
> Following is a description of the new input mechanism.  For a full list of
> changes in PHP 4.1.0, scroll down to the end of this section.
> -----------------------------------
> First and foremost, it's important to stress that regardless of anything
> you may read in the following lines, PHP 4.1.0 *supports* the old input
> mechanisms from older versions.  Old applications should go on working
> without modification!
> Now that we have that behind us, let's move on :)
> For various reasons, PHP setups which rely on register_globals being on
> (i.e., on form, server and environment variables becoming a part of the
> global namespace, automatically) are very often exploitable to various
> degrees.  For example, the piece of code:
> <?php
> if (authenticate_user()) {
>    $authenticated = true;
> }
> ...
> ?>
> May be exploitable, as remote users can simply pass on 'authenticated' as
> form variable, and then even if authenticate_user() returns false,
> $authenticated will actually be set to true.  While this looks like a
> simple example, in reality, quite a few PHP applications ended up being
> exploitable by things related to this misfeature.
> While it is quite possible to write secure code in PHP, we felt that the
> fact that PHP makes it too easy to write insecure code was bad, and we've
> decided to attempt a far-reaching change, and deprecate
> register_globals.  Obviously, because the vast majority of the PHP code in
> the world relies on the existence of this feature, we have no plans to
> actually remove it from PHP anytime in the foreseeable future, but we've
> decided to encourage people to shut it off whenever possible.
> To help users build PHP applications with register_globals being off,
> added several new special variables that can be used instead of the old
> global variables.  There are 7 new special arrays:
> $_GET - contains form variables sent through GET
> $_POST - contains form variables sent through POST
> $_COOKIE - contains HTTP cookie variables
> $_SERVER - contains server variables (e.g., REMOTE_ADDR)
> $_ENV - contains the environment variables
> $_REQUEST - a merge of the GET variables, POST variables and Cookie
> variables.  In other words - all the information that is coming from the
> user, and that from a security point of view, cannot be trusted.
> $_SESSION - contains HTTP variables registered by the session module
> Now, other than the fact that these variables contain this special
> information, they're also special in another way - they're automatically
> global in any scope.  This means that you can access them anywhere,
> having to 'global' them first.  For example:
> function example1()
> {
> print $_GET["name"];   // works, 'global $_GET;' is not necessary!
> }
> would work fine!  We hope that this fact would ease the pain in migrating
> old code to new code a bit, and we're confident it's going to make writing
> new code easier.  Another neat trick is that creating new entries in the
> $_SESSION array will automatically register them as session variables, as
> if you called session_register().  This trick is limited to the session
> module only - for example, setting new entries in $_ENV will *not* perform
> an implicit putenv().
> PHP 4.1.0 still defaults to have register_globals set to on.  It's a
> transitional version, and we encourage application authors, especially
> public ones which are used by a wide audience, to change their
> to work in an environment where register_globals is set to off.  Of
> they should take advantage of the new features supplied in PHP 4.1.0 that
> make this transition much easier.
> As of the next semi-major version of PHP, new installations of PHP will
> default to having register_globals set to off.  No worries!  Existing
> installations, which already have a php.ini file that has register_globals
> set to on, will not be affected.  Only when you install PHP on a brand new
> machine (typically, if you're a brand new user), will this affect you, and
> then too - you can turn it on if you choose to.
> Note:  Some of these arrays had old names, e.g. $HTTP_GET_VARS.  These
> names still work, but we encourage users to switch to the new shorter, and
> auto-global versions.
> Thanks go to Shaun Clowes ([EMAIL PROTECTED]) for pointing out
> this problem and for analyzing it.
> -------------------------------------
> 10 Dec 2001, Version 4.1.0
> - Worked around a bug in the MySQL client library that could cause PHP to
>    when using unbuffered queries. (Zeev)
> - Fixed a bug which caused set_time_limit() to affect all subsequent
>    to running Apache child process. (Zeev)
> - Removed the sablotron extension in favor of the new XSLT extension.
>    (Sterling)
> - Fixed a bug in WDDX deserialization that would sometimes corrupt the
>    element if it was a scalar one. (Andrei)
> - Make ImageColorAt() and ImageColorsForIndex() work with TrueColor
>    (Rasmus)
> - Fixed a bug in preg_match_all() that would return results under improper
>    indices in certain cases. (Andrei)
> - Fixed a crash in str_replace() that would happen if search parameter was
>    array and one of the replacements resulted in subject string being
>    (Andrei)
> - Fixed MySQL extension to work with MySQL 4.0. (Jani)
> - Fixed a crash bug within Cobalt systems. Patch by [EMAIL PROTECTED]
> - Bundled Dan Libby's xmlrpc-epi extension.
> - Introduced extension version numbers. (Stig)
> - Added version_compare() function. (Stig)
> - Fixed pg_last_notice() (could cause random crashes in PostgreSQL
>    applications, even if they didn't use pg_last_notice()). (Zeev)
> - Fixed DOM-XML's error reporting, so E_WARNING errors are given instead
>    E_ERROR error's, this allows you to trap errors thrown by DOMXML
>    (Sterling)
> - Fixed a bug in the mcrypt extension, where list destructors were not
>    properly being allocated. (Sterling)
> - Better Interbase blob, null and error handling. (Patch by Jeremy Bettis)
> - Fixed a crash bug in array_map() if the input arrays had string or
>    non-sequential keys. Also modified it so that if a single array is
>    its keys are preserved in the resulting array. (Andrei)
> - Fixed a crash in dbase_replace_record. (Patch by
> - Fixed a crash in msql_result(). (Zeev)
> - Added support for single dimensional SafeArrays and Enumerations.
>    Added an is_enum() function to check if a component implements an
>    enumeration. (Alan, Harald)
> - Fixed a bug in dbase_get_record() and dbase_get_record_with_names().
>    boolean fields are now returned correctly.
>    Patch by Lawrence E. Widman <[EMAIL PROTECTED]> (Jani)
> - Added --version option to php-config. (Stig)
> - Improved support for thttpd-2.21b by incorporating patches for all known
>    bugs. (Sascha)
> - Added ircg_get_username, a roomkey argument to ircg_join, error fetching
>    infrastructure, a tokenizer to speed up message processing, and fixed
>    a lot of bugs in the IRCG extension. (Sascha)
> - Improved speed of the serializer/deserializer. (Thies, Sascha)
> - Floating point numbers are better detected when converting from strings.
>    (Zeev, Zend Engine)
> - Replaced php.ini-optimized with php.ini-recommended.  As the name
>    it's warmly recommended to use this file as the basis for your PHP
>    configuration, rather than php.ini-dist.  (Zeev)
> - Restore xpath_eval() and php_xpathptr_eval() for 4.0.7. There
>    are still some known leaks. (Joey)
> - Added import_request_variables(), to allow users to safely import form
>    variables to the global scope (Zeev)
> - Introduced a new $_REQUEST array, which includes any GET, POST or COOKIE
>    variables.  Like the other new variables, this variable is also
>    regardless of the context.  (Andi & Zeev)
> - Introduced $_GET, $_POST, $_COOKIE, $_SERVER and $_ENV variables, which
>    deprecate the old $HTTP_*_VARS arrays.  In addition to be much shorter
>    type - these variables are also available regardless of the scope, and
>    there's no need to import them using the 'global' statement.  (Andi &
> - Added vprintf() and vsprintf() functions that allow passing all
>    after format as an array. (Andrei)
> - Added support for GD2 image type for ImageCreateFromString() (Jani)
> - Added ImageCreateFromGD(), ImageCreateFromGD2(),
>    ImageGD() and ImageGD2() functions (Jani)
> - addcslashes now warns when charlist is invalid. The returned string
>    remained the same (Jeroen)
> - Added optional extra argument to gmp_init(). The extra argument
>    indicates which number base gmp should use when converting a
>    string to the gmp-number. (Troels)
> - Added the Cyrus-IMAP extension, which allows a direct interface to
>    more advanced capabilities. (Sterling)
> - Enhance read_exif_data() to support multiple comment tags (Rasmus)
> - Fixed a crash bug in array_map() when NULL callback was passed in.
> - Change from E_ERROR to E_WARNING in the exif extension (Rasmus)
> - New pow() implementation, which returns an integer when possible,
>    and warnings on wrong input (jeroen)
> - Added optional second parameter to trim, chop and ltrim. You can
>    now specify which characters to trim (jeroen)
> - Hugely improved the performance of the thread-safe version of PHP,
>    under Windows (Andi & Zeev)
> - Improved request-shutdown performance significantly (Andi & Zeev, Zend
>    Engine)
> - Added a few new math functions. (Jesus)
> - Bump bundled expat to 1.95.2 (Thies)
> - Improved the stability of OCIPlogon() after a database restart. (Thies)
> - Fixed __FILE__ in the CGI & Java servlet modes when used in the main
>    It only worked correctly in included files before this fix (Andi)
> - Improved the Zend hash table implementation to be much faster (Andi,
>    Engine)
> - Updated PHP's file open function (used by include()) to check in the
>    script's directory in case the file can't be found in the include_path
> (Andi)
> - Fixed a corruption bug that could cause constants to become corrupted,
>    possibly prevent resources from properly being cleaned up at the end of
>    a request (Zeev)
> - Added optional use of Boyer-Moore algorithm to str_replace() (Sascha)
> - Fixed and improved shared-memory session storage module (Sascha)
> - Add config option (always_populate_raw_post_data) which when enabled
>    will always populate $HTTP_RAW_POST_DATA regardless of the post mime
>    type (Rasmus)
> - Added support for socket and popen file types to ftp_fput (Jason)
> - Fixed various memory leaks in the LDAP extension (Stig Venaas)
> - Improved interactive mode - it is now available in all builds of PHP,
>    any significant slowdown (Zeev, Zend Engine)
> - Fixed crash in iptcparse() if the supplied data was bogus. (Thies)
> - Fixed return value for a failed snmpset() - now returns false  (Rasmus)
> - Added hostname:port support to snmp functions ([EMAIL PROTECTED],
> - Added fdf_set_encoding() function (Masaki YATSU, Rasmus)
> - Reversed the destruction-order of resources.  This fixes the reported
>    "failed to rollback outstanding transactions!" message (Thies, Zend
> - Added option for returning XMLRPC fault packets. (Matt Allen, Sascha
>    Schumann)
> - Improved range() function to support range('a','z') and range(9,0) types
>    ranges. (Rasmus)
> - Added getmygid() and safe_mode_gid ini directive to allow safe mode to
>    a gid check instead of a uid check. (James E. Flemer, Rasmus)
> - Made assert() accept the array(&$obj, 'methodname') syntax. (Thies)
> - Made sure that OCI8 outbound variables are always zero-terminated.
> - Fixed a bug that allowed users to spawn processes while using the 5th
>    parameter to mail(). (Derick)
> - Added nl_langinfo() (when OS provides it) that returns locale.
> - Fixed a major memory corruption bug in the thread safe version. (Zeev)
> - Fixed a crash when using the CURLOPT_WRITEHEADER option. (Sterling)
> - Added optional suffix removal parameter to basename(). (Hartmut)
> - Added new parameter UDM_PARAM_VARDIR ha in Udm_Set_Agent_Param()
function to
>    support alternative search data directory.  This requires mnogoSearch
>    or later.
> - Fixed references in sessions. This doesn't work when using the WDDX
>    session-serializer. Also improved speed of sessions. (Thies)
> - Added new experimental module pcntl (Process Control). (Jason)
> - Fixed a bug when com.allow_dcom is set to false. (phanto)
> - Added a further parameter to the constructor to load typelibs from file
>    instantiating components (e.g. DCOM Components without local
>    (phanto)
> - Added the possibility to specify typelibs by full name in the typelib
>    (Alan Brown)
> - Renamed the ZZiplib extension to the Zip extension, function names have
>    changed accordingly, functionality, has stayed constant. (Sterling)
> - Made the length argument (argument 2) to pg_loread() optional, if not
>    specified data will be read in 1kb chunks. (Sterling)
> - Added a third argument to pg_lowrite() which is the length of the data
>    write. (Sterling)
>    constants. (Zak)
> - Assigning to a string offset beyond the end of the string now
>    increases the string length by padding it with spaces, and performs the
>    assignment. (Zeev, Zend Engine)
> - Added warnings in case an uninitialized string offset is read. (Zeev,
>    Engine)
> - Fixed a couple of overflow bugs in case of very large negative integer
>    numbers. (Zeev, Zend Engine)
> - Fixed a crash bug in the string-offsets implementation (Zeev, Zend
> - Improved the implementation of parent::method_name() for classes which
>    run-time inheritance. (Zeev, Zend Engine)
> - Added 'W' flag to date() function to return week number of year using
>    8601 standard. (Colin)
> - Made the PostgreSQL driver do internal row counting when iterating
>    result sets. ([EMAIL PROTECTED])
> - Updated ext/mysql/libmysql to version 3.23.39; Portability fixes, minor
>    bug fixes. ([EMAIL PROTECTED])
> - Added get_defined_constants() function to return an associative array of
>    constants mapped to their values. (Sean)
> - New mailparse extension for parsing and manipulating MIME mail. (Wez)
> - Define HAVE_CONFIG_H when building standalone DSO extensions. (Stig)
> - Added the 'u' modifier to printf/sprintf which prints unsigned longs.
>    (Derick)
> - Improved IRIX compatibility. (Sascha)
> - Fixed crash bug in bzopen() when specifying an invalid file. (Andi)
> - Fixed bugs in the mcrypt extension that caused crashes. (Derick)
> - Added the IMG_ARC_ROUNDED option for the ImageFilledArc() function,
>    specified that the drawn curve should be rounded. (Sterling)
> - Updated the sockets extension to use resources instead of longs for the
>    socket descriptors.  The socket functions have been renamed to conform
>    the PHP standard instead of their C counterparts.  The sockets
extension is
>    now usable under Win32. (Daniel)
> - Added disk_total_space() to return the total size of a filesystem.
>    (Patch from Steven Bower)
> - Renamed diskfreespace() to disk_free_space() to conform to established
>    naming conventions. (Jon)
> - Fixed #2181. Now zero is returned instead of an unset value for
>    7-bit encoding and plain text body type. (Vlad)
> - Fixed a bug in call_user_*() functions that would not allow calling
>    functions/methods that accepted parameters by reference. (Andrei)
> - Added com_release($obj) and com_addref($obj) functions and the related
>    members $obj->Release() and $obj->AddRef() to gain more control over
> used
>    COM components. (phanto)
> - Added an additional parameter to dotnet_load to specify the codepage
> - Added peak memory logging. Use --enable-memory-limit to create a new Apa
>    1.x logging directive "{mod_php_memory_usage}n" which will log the peak
>    amount of memory used by the script. (Thies)
> - Made fstat() and stat() provide identical output by returning a
numerical and
>    string indexed array. (Jason)
> - Fixed memory leak upon re-registering constants. (Sascha, Zend Engine)
> -----------------------------------
> Zeev

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to