Commit: a8cc0b05b45110ccf408ea9410447bf82b8826f2
Author: Dmitry Stogov <dmi...@zend.com> Wed, 21 Mar 2012 16:42:08
+0400
Parents: 1e18f11c9ab56fb120c9e26ecd3f68f0651cddde
657547f8c4758efcf85c73fec6d7fd8b3983d7cb
Branches: PHP-5.4 master
Link:
http://git.php.net/?p=php-src.git;a=commitdiff;h=a8cc0b05b45110ccf408ea9410447bf82b8826f2
Log:
Merge branch 'PHP-5.3' into PHP-5.4
* PHP-5.3:
Fixed bug #49853 (Soap Client stream context header option ignored)
Conflicts:
NEWS
ext/soap/php_sdl.c
Bugs:
https://bugs.php.net/49853
Changed paths:
MM NEWS
MM ext/soap/php_http.c
MM ext/soap/php_sdl.c
a8cc0b05b45110ccf408ea9410447bf82b8826f2
diff --combined NEWS
index af4f4c9,6866355..ed26589
--- a/NEWS
+++ b/NEWS
@@@ -1,43 -1,36 +1,43 @@@
PHP
NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2012, PHP 5.3.11
+?? ??? 2012, PHP 5.4.1 RC1
+
+- CLI Server:
+ . Fixed bug #61461 (missing checks around malloc() calls). (Ilia)
+ . Implemented FR #60850 (Built in web server does not set
+ $_SERVER['SCRIPT_FILENAME'] when using router). (Laruence)
+ . "Connection: close" instead of "Connection: closed" (Gustavo)
- Core:
- . Fixed bug #61273 (call_user_func_array with more than 16333 arguments
+ . Fixed bug #61374 (html_entity_decode tries to decode code points that
don't
+ exist in ISO-8859-1). (Gustavo)
+ . Fixed bug #61273 (call_user_func_array with more than 16333 arguments
leaks / crashes). (Laruence)
+ . Fixed bug #61225 (Incorrect lexing of 0b00*+<NUM>). (Pierrick)
. Fixed bug #61165 (Segfault - strip_tags()). (Laruence)
- . Improved max_input_vars directive to check nested variables (Dmitry).
- . Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>). (Etienne)
+ . Fixed bug #61106 (Segfault when using header_register_callback). (Nikita
+ Popov)
. Fixed bug #61087 (Memory leak in parse_ini_file when specifying
invalid scanner mode). (Nikic, Laruence)
. Fixed bug #61072 (Memory leak when restoring an exception handler).
(Nikic, Laruence)
. Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX).
- (Laruence)
- . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
- vars). (Laruence)
- . Fix bug #60895 (Possible invalid handler usage in windows random
- functions). (Pierre)
- . Fixed bug #60825 (Segfault when running symfony 2 tests).
- (Dmitry, Laruence)
+ (Laruence)
+ . Fixed bug #61052 (Missing error check in trait 'insteadof' clause).
(Stefan)
+ . Fixed bug #61011 (Crash when an exception is thrown by __autoload
+ accessing a static property). (Laruence)
+ . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
+ vars). (Laruence)
+ . Fixed bug #60978 (exit code incorrect). (Laruence)
+ . Fixed bug #60911 (Confusing error message when extending traits). (Stefan)
. Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam)
+ . Fixed bug #60717 (Order of traits in use statement can cause a fatal
+ error). (Stefan)
+ . Fixed bug #60573 (type hinting with "self" keyword causes weird errors).
+ (Laruence)
. Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia)
- . Fixed bug #60227 (header() cannot detect the multi-line header with CR).
- (rui, Gustavo)
- . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
- . Fixed bug #54374 (Insufficient validating of upload name leading to
- corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at
- gmail dot com, Pierre)
. Fixed bug #52719 (array_walk_recursive crashes if third param of the
function is by reference). (Nikita Popov)
- . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
- FPM
. Fixed bug #61430 (Transposed memset() params in sapi/fpm/fpm/fpm_shm.c).
@@@ -50,504 -43,99 +50,506 @@@
- Installation
. Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones)
-- Fileinfo
- . Fixed bug #61173 (Unable to detect error from finfo constructor).
(Gustavo)
-
-- Firebird Database extension (ibase):
- . Fixed bug #60802 (ibase_trans() gives segfault when passing params).
+- mbstring:
+ . MFH mb_ereg_replace_callback() for security enhancements. (Rui)
- mysqli
. Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes).
-- PDO_mysql
- . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't
- always work). (Johannes)
- . Fixed bug #61194 (PDO should export compression flag with myslqnd).
+- mysqlnd
+ . Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled).
(Johannes)
-- PDO_odbc
- . Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia)
-
-- PDO_pgsql
- . Fixed bug #61267 (pdo_pgsql's PDO::exec() returns the number of SELECTed
- rows on postgresql >= 9). (ben dot pineau at gmail dot com)
-
-- PDO_Sqlite extension:
- . Add createCollation support. (Damien)
-
-- Phar:
- . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL
- bytes). (Nikic)
-
-- PHP-FPM SAPI:
- . Fixed bug #60811 (php-fpm compilation problem). (rasmus)
-
- Readline:
. Fixed bug #61088 (Memory leak in readline_callback_handler_install).
(Nikic, Laruence)
-- Reflection:
- . Fixed bug #61388 (ReflectionObject:getProperties() issues invalid reads
- when get_properties returns a hash table with (inaccessible) dynamic
- numeric properties). (Gustavo)
- . Fixed bug #60968 (Late static binding doesn't work with
- ReflectionMethod::invokeArgs()). (Laruence)
+- Session
+ . Fixed bug #60634 (Segmentation fault when trying to die() in
+ SessionHandler::write()). (Ilia)
- SOAP
- . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry)
. Fixed bug #60887 (SoapClient ignores user_agent option and sends no
User-Agent header). (carloschilazo at gmail dot com)
. Fixed bug #60842, #51775 (Chunked response parsing error when
chunksize length line is > 10 bytes). (Ilia)
+ . Fixed bug #49853 (Soap Client stream context header option ignored).
+ (Dmitry)
-- SPL
- . Fixed memory leak when calling SplFileInfo's constructor twice. (Felipe)
- . Fixed bug #61418 (Segmentation fault when DirectoryIterator's or
- FilesystemIterator's iterators are requested more than once without
- having had its dtor callback called in between). (Gustavo)
+- PDO
+ . Fixed bug #61292 (Segfault while calling a method on an overloaded PDO
+ object). (Laruence)
+
+- PDO_mysql
+ . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't
+ always work). (Johannes)
+ . Fixed bug #61194 (PDO should export compression flag with myslqnd).
+ (Johannes)
+
+- PDO_odbc
+ . Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia)
+
+- Phar
+ . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL
+ bytes). (Nikita Popov)
+
+- Reflection:
+ . Fixed bug #60968 (Late static binding doesn't work with
+ ReflectionMethod::invokeArgs()). (Laruence)
+
+- SPL:
. Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence)
- . Fixed bug #61326 (ArrayObject comparison). (Gustavo)
-- SQLite3 extension:
- . Add createCollation() method. (Brad Dewar)
+- Standard:
+ . Fixed memory leak in substr_replace. (Pierrick)
+ . Make max_file_uploads ini directive settable outside of php.ini (Rasmus)
+ . Fixed bug #61409 (Bad formatting on phpinfo()). (Jakub Vrana)
+ . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
+ . Fixed bug #60106 (stream_socket_server silently truncates long unix socket
+ paths). (Ilia)
+
+- XMLRPC:
+ . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary
+ variable). (Nikita Popov)
+ . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita
+ Popov)
+
+- Zlib:
+ . Fixed bug #61306 (initialization of global inappropriate for ZTS).
(Gustavo)
+ . Fixed bug #61287 (A particular string fails to decompress). (Mike)
+ . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita
Popov)
+
+01 Mar 2012, PHP 5.4.0
+
+- Installation:
+ . autoconf 2.59+ is now supported (and required) for generating the
+ configure script with ./buildconf. Autoconf 2.60+ is desirable
+ otherwise the configure help order may be incorrect. (Rasmus, Chris
Jones)
+
+- Removed legacy features:
+ . break/continue $var syntax. (Dmitry)
+ . Safe mode and all related php.ini options. (Kalle)
+ . register_globals and register_long_arrays php.ini options. (Kalle)
+ . import_request_variables(). (Kalle)
+ . allow_call_time_pass_reference. (Pierrick)
+ . define_syslog_variables php.ini option and its associated function.
(Kalle)
+ . highlight.bg php.ini option. (Kalle)
+ . safe_mode, safe_mode_gid, safe_mode_include_dir,
+ safe_mode_exec_dir, safe_mode_allowed_env_vars and
+ safe_mode_protected_env_vars php.ini options.
+ . zend.ze1_compatibility_mode php.ini option.
+ . Session bug compatibility mode (session.bug_compat_42 and
+ session.bug_compat_warn php.ini options). (Kalle)
+ . session_is_registered(), session_register() and session_unregister()
+ functions. (Kalle)
+ . y2k_compliance php.ini option. (Kalle)
+ . magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase
+ php.ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept
+ but always return false, set_magic_quotes_runtime raises an
+ E_CORE_ERROR. (Pierrick, Pierre)
+ . Removed support for putenv("TZ=..") for setting the timezone. (Derick)
+ . Removed the timezone guessing algorithm in case the timezone isn't set
with
+ date.timezone or date_default_timezone_set(). Instead of a guessed
+ timezone, "UTC" is now used instead. (Derick)
-- Session:
+- Moved extensions to PECL:
+ . ext/sqlite. (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are
+ not affected) (Johannes)
+
+- General improvements:
+ . Added short array syntax support ([1,2,3]), see UPGRADING guide for full
+ details. (rsky0711 at gmail . com, sebastian.deutsch at 9elements . com,
+ Pierre)
+ . Added binary number format (0b001010). (Jonah dot Harris at gmail dot com)
+ . Added support for Class::{expr}() syntax (Pierrick)
+ . Added multibyte support by default. Previously PHP had to be compiled
+ with --enable-zend-multibyte. Now it can be enabled or disabled through
+ the zend.multibyte directive in php.ini. (Dmitry)
+ . Removed compile time dependency from ext/mbstring (Dmitry)
+ . Added support for Traits. (Stefan, with fixes by Dmitry and Laruence)
+ . Added closure $this support back. (Stas)
+ . Added array dereferencing support. (Felipe)
+ . Added callable typehint. (Hannes)
+ . Added indirect method call through array. FR #47160. (Felipe)
+ . Added DTrace support. (David Soria Parra)
+ . Added class member access on instantiation (e.g. (new foo)->bar())
support.
+ (Felipe)
+ . <?= is now always available regardless of the short_open_tag setting.
(Rasmus)
+ . Implemented Zend Signal Handling (configurable option
--enable-zend-signals,
+ off by default). (Lucas Nealan, Arnaud Le Blanc, Brian Shire, Ilia)
+ . Improved output layer, see README.NEW-OUTPUT-API for internals. (Mike)
+ . Improved UNIX build system to allow building multiple PHP binary SAPIs and
+ one SAPI module the same time. FR #53271, FR #52419. (Jani)
+ . Implemented closure rebinding as parameter to bindTo. (Gustavo Lopes)
+ . Improved the warning message of incompatible arguments. (Laruence)
+ . Improved ternary operator performance when returning arrays. (Arnaud,
Dmitry)
+ . Changed error handlers to only generate docref links when the docref_root
+ php.ini setting is not empty. (Derick)
+ . Changed silent conversion of array to string to produce a notice.
(Patrick)
+ . Changed default encoding from ISO-8859-1 to UTF-8 when not specified in
+ htmlspecialchars and htmlentities. (Rasmus)
+ . Changed casting of null/''/false into an Object when adding a property
+ from E_STRICT into a warning. (Scott)
+ . Changed E_ALL to include E_STRICT. (Stas)
+ . Disabled Windows CRT warning by default, can be enabled again using the
+ php.ini directive windows_show_crt_warnings. (Pierre)
+ . Fixed bug #55378: Binary number literal returns float number though its
+ value is small enough. (Derick)
+
+- Improved Zend Engine memory usage: (Dmitry)
+ . Improved parse error messages. (Felipe)
+ . Replaced zend_function.pass_rest_by_reference by
+ ZEND_ACC_PASS_REST_BY_REFERENCE in zend_function.fn_flags.
+ . Replaced zend_function.return_reference by ZEND_ACC_RETURN_REFERENCE
+ in zend_function.fn_flags.
+ . Removed zend_arg_info.required_num_args as it was only needed for internal
+ functions. Now the first arg_info for internal functions (which has
special
+ meaning) is represented by the zend_internal_function_info structure.
+ . Moved zend_op_array.size, size_var, size_literal, current_brk_cont,
+ backpatch_count into CG(context) as they are used only during compilation.
+ . Moved zend_op_array.start_op into EG(start_op) as it's used only for
+ 'interactive' execution of a single top-level op-array.
+ . Replaced zend_op_array.done_pass_two by ZEND_ACC_DONE_PASS_TWO in
+ zend_op_array.fn_flags.
+ . op_array.vars array is trimmed (reallocated) during pass_two.
+ . Replaced zend_class_entry.constants_updated by ZEND_ACC_CONSTANTS_UPDATED
+ in zend_class_entry.ce_flags.
+ . Reduced the size of zend_class_entry by sharing the same memory space
+ by different information for internal and user classes.
+ See zend_class_entry.info union.
+ . Reduced size of temp_variable.
+
+- Improved Zend Engine - performance tweaks and optimizations: (Dmitry)
+ . Inlined most probable code-paths for arithmetic operations directly into
+ executor.
+ . Eliminated unnecessary iterations during request startup/shutdown.
+ . Changed $GLOBALS into a JIT autoglobal, so it's initialized only if used.
+ (this may affect opcode caches!)
+ . Improved performance of @ (silence) operator.
+ . Simplified string offset reading. Given $str="abc" then $str[1][0] is now
+ a legal construct.
+ . Added caches to eliminate repeatable run-time bindings of functions,
+ classes, constants, methods and properties.
+ . Added concept of interned strings. All strings constants known at compile
+ time are allocated in a single copy and never changed.
+ . ZEND_RECV now always has IS_CV as its result.
+ . ZEND_CATCH now has to be used only with constant class names.
+ . ZEND_FETCH_DIM_? may fetch array and dimension operands in different
order.
+ . Simplified ZEND_FETCH_*_R operations. They can't be used with the
+ EXT_TYPE_UNUSED flag any more. This is a very rare and useless case.
+ ZEND_FREE might be required after them instead.
+ . Split ZEND_RETURN into two new instructions ZEND_RETURN and
+ ZEND_RETURN_BY_REF.
+ . Optimized access to global constants using values with pre-calculated
+ hash_values from the literals table.
+ . Optimized access to static properties using executor specialization.
+ A constant class name may be used as a direct operand of ZEND_FETCH_*
+ instruction without previous ZEND_FETCH_CLASS.
+ . zend_stack and zend_ptr_stack allocation is delayed until actual usage.
+
+- Other improvements to Zend Engine:
+ . Added an optimization which saves memory and emalloc/efree calls for empty
+ HashTables. (Stas, Dmitry)
+ . Added ability to reset user opcode handlers (Yoram).
+ . Changed the structure of op_array.opcodes. The constant values are moved
from
+ opcode operands into a separate literal table. (Dmitry)
+ . Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods.
+ (Dmitry)
+
+- Improved core functions:
+ . Enforce an extended class' __construct arguments to match the
+ abstract constructor in the base class.
+ . Disallow reusing superglobal names as parameter names.
+ . Added optional argument to debug_backtrace() and debug_print_backtrace()
+ to limit the amount of stack frames returned. (Sebastian, Patrick)
+ . Added hex2bin() function. (Scott)
+ . number_format() no longer truncates multibyte decimal points and thousand
+ separators to the first byte. FR #53457. (Adam)
+ . Added support for object references in recursive serialize() calls.
+ FR #36424. (Mike)
+ . Added support for SORT_NATURAL and SORT_FLAG_CASE in array
+ sort functions (sort, rsort, ksort, krsort, asort, arsort and
+ array_multisort). FR#55158 (Arpad)
+ . Added stream metadata API support and stream_metadata() stream class
+ handler. (Stas)
+ . User wrappers can now define a stream_truncate() method that responds
+ to truncation, e.g. through ftruncate(). FR #53888. (Gustavo)
+ . Improved unserialize() performance.
+ (galaxy dot mipt at gmail dot com, Kalle)
+ . Changed array_combine() to return empty array instead of FALSE when both
+ parameter arrays are empty. FR #34857. (joel.per...@gmail.com)
+ . Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>). (Etienne)
+ . Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
+ $double=false). (Gustavo)
+ . Fixed bug #60895 (Possible invalid handler usage in windows random
+ functions). (Pierre)
+ . Fixed bug #60879 (unserialize() Does not invoke __wakeup() on object).
+ (Pierre, Steve)
+ . Fixed bug #60825 (Segfault when running symfony 2 tests).
+ (Dmitry, Laruence)
+ . Fixed bug #60627 (httpd.worker segfault on startup with php_value).
+ . Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax). (Dmitry)
+ . Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax).
(Laruence)
+ (Laruence)
+ . Fixed bug #60558 (Invalid read and writes). (Laruence)
+ . Fixed bug #60444 (Segmentation fault with include & class extending).
+ (Laruence, Dmitry).
+ . Fixed bug #60362 (non-existent sub-sub keys should not have values).
+ (Laruence, alan_k, Stas)
+ . Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e).
+ (php at mickweiss dot com)
+ . Fixed bug #60321 (ob_get_status(true) no longer returns an array when
+ buffer is empty). (Pierrick)
+ . Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers).
+ (Laruence)
+ . Fixed bug #60240 (invalid read/writes when unserializing specially crafted
+ strings). (Mike)
+ . Fixed bug #60227 (header() cannot detect the multi-line header with
+ CR(0x0D)). (rui)
+ . Fixed bug #60174 (Notice when array in method prototype error).
+ (Laruence)
+ . Fixed bug #60169 (Conjunction of ternary and list crashes PHP).
+ (Laruence)
+ . Fixed bug #60038 (SIGALRM cause segfault in php_error_cb). (Laruence)
+ (klightspeed at netspace dot net dot au)
+ . Fixed bug #55871 (Interruption in substr_replace()). (Stas)
+ . Fixed bug #55801 (Behavior of unserialize has changed). (Mike)
+ . Fixed bug #55758 (Digest Authenticate missed in 5.4) . (Laruence)
+ . Fixed bug #55748 (multiple NULL Pointer Dereference with zend_strndup())
+ (CVE-2011-4153). (Stas)
+ . Fixed bug #55124 (recursive mkdir fails with current (dot) directory in
path).
+ (Pierre)
+ . Fixed bug #55084 (Function registered by header_register_callback is
+ called only once per process). (Hannes)
+ . Implement FR #54514 (Get php binary path during script execution).
+ (Laruence)
+ . Fixed bug #52211 (iconv() returns part of string on error). (Felipe)
+ . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
+
+- Improved generic SAPI support:
+ . Added $_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision.
+ (Patrick)
+ . Added header_register_callback() which is invoked immediately
+ prior to the sending of headers and after default headers have
+ been added. (Scott)
+ . Added http_response_code() function. FR #52555. (Paul Dragoonis, Kalle)
+ . Fixed bug #55500 (Corrupted $_FILES indices lead to security concern).
+ (CVE-2012-1172). (Stas)
+ . Fixed bug #54374 (Insufficient validating of upload name leading to
+ corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at gmail
dot com)
+
+- Improved CLI SAPI:
+ . Added built-in web server that is intended for testing purpose.
+ (Moriyoshi, Laruence, and fixes by Pierre, Derick, Arpad,
+ chobieee at gmail dot com)
+ . Added command line option --rz <name> which shows information of the
+ named Zend extension. (Johannes)
+ . Interactive readline shell improvements: (Johannes)
+ . Added "cli.pager" php.ini setting to set a pager for output.
+ . Added "cli.prompt" php.ini setting to configure the shell prompt.
+ . Added shortcut #inisetting=value to change php.ini settings at run-time.
+ . Changed shell not to terminate on fatal errors.
+ . Interactive shell works with shared readline extension. FR #53878.
+
+- Improved CGI/FastCGI SAPI: (Dmitry)
+ . Added apache compatible functions: apache_child_terminate(),
+ getallheaders(), apache_request_headers() and apache_response_headers()
+ . Improved performance of FastCGI request parsing.
+ . Fixed reinitialization of SAPI callbacks after php_module_startup().
+ (Dmitry)
+
+- Improved PHP-FPM SAPI:
+ . Removed EXPERIMENTAL flag. (fat)
+ . Fixed bug #60659 (FPM does not clear auth_user on request accept).
+ (bonbons at linux-vserver dot org)
+
+- Improved Litespeed SAPI:
+ . Fixed bug #55769 (Make Fails with "Missing Separator" error). (Adam)
+
+- Improved Date extension:
+ . Added the + modifier to parseFromFormat to allow trailing text in the
+ string to parse without throwing an error. (Stas, Derick)
+
+- Improved DBA extension:
+ . Added Tokyo Cabinet abstract DB support. (Michael Maclean)
+ . Added Berkeley DB 5 support. (Johannes, Chris Jones)
+
+- Improved DOM extension:
+ . Added the ability to pass options to loadHTML (Chregu, fxmulder at gmail
dot com)
+
+- Improved filesystem functions:
+ . scandir() now accepts SCANDIR_SORT_NONE as a possible sorting_order value.
+ FR #53407. (Adam)
+
+- Improved HASH extension:
+ . Added Jenkins's one-at-a-time hash support. (Martin Jansen)
+ . Added FNV-1 hash support. (Michael Maclean)
+ . Made Adler32 algorithm faster. FR #53213. (zavasek at yandex dot ru)
+ . Removed Salsa10/Salsa20, which are actually stream ciphers (Mike)
+ . Fixed bug #60221 (Tiger hash output byte order) (Mike)
+
+- Improved intl extension:
+ . Added Spoofchecker class, allows checking for visibly confusable
characters and
+ other security issues. (Scott)
+ . Added Transliterator class, allowing transliteration of strings.
+ (Gustavo)
+ . Added support for UTS #46. (Gustavo)
+ . Fixed build on Fedora 15 / Ubuntu 11. (Hannes)
+ . Fixed bug #55562 (grapheme_substr() returns false on big length). (Stas)
+
+- Improved JSON extension:
+ . Added new json_encode() option JSON_UNESCAPED_UNICODE. FR #53946.
+ (Alexander, Gwynne)
+ . Added JsonSerializable interface. (Sara)
+ . Added JSON_BIGINT_AS_STRING, extended json_decode() sig with $options.
+ (Sara)
+ . Added support for JSON_NUMERIC_CHECK option in json_encode() that converts
+ numeric strings to integers. (Ilia)
+ . Added new json_encode() option JSON_UNESCAPED_SLASHES. FR #49366. (Adam)
+ . Added new json_encode() option JSON_PRETTY_PRINT. FR #44331. (Adam)
+
+- Improved LDAP extension:
+ . Added paged results support. FR #42060. (a...@openldap.org,
+ iaren...@eteo.mondragon.edu, jean...@au-fil-du.net, remy.sai...@gmail.com)
+
+- Improved mbstring extension:
+ . Added Shift_JIS/UTF-8 Emoji (pictograms) support. (Rui)
+ . Added JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
+ support. (Rui)
+ . Ill-formed UTF-8 check for security enhancements. (Rui)
+ . Added MacJapanese (Shift_JIS) and gb18030 encoding support. (Rui)
+ . Added encode/decode in hex format to mb_[en|de]code_numericentity(). (Rui)
+ . Added user JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
+ support. (Rui)
+ . Added the user defined area for CP936 and CP950 (Rui).
+ . Fixed bug #60306 (Characters lost while converting from cp936 to utf8).
+ (Laruence)
+
+- Improved MySQL extensions:
+ . MySQL: Deprecated mysql_list_dbs(). FR #50667. (Andrey)
+ . mysqlnd: Added named pipes support. FR #48082. (Andrey)
+ . MySQLi: Added iterator support in MySQLi. mysqli_result implements
+ Traversable. (Andrey, Johannes)
+ . PDO_mysql: Removed support for linking with MySQL client libraries older
+ than 4.1. (Johannes)
+ . ext/mysql, mysqli and pdo_mysql now use mysqlnd by default. (Johannes)
+ . Fixed bug #55473 (mysql_pconnect leaks file descriptors on reconnect).
+ (Andrey, Laruence)
+ . Fixed bug #55653 (PS crash with libmysql when binding same variable as
+ param and out). (Laruence)
+
+- Improved OpenSSL extension:
+ . Added AES support. FR #48632. (yonas dot y at gmail dot com, Pierre)
+ . Added no padding option to openssl_encrypt()/openssl_decrypt(). (Scott)
+ . Use php's implementation for Windows Crypto API in
+ openssl_random_pseudo_bytes. (Pierre)
+ . On error in openssl_random_pseudo_bytes() made sure we set strong result
+ to false. (Scott)
+ . Fixed possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
+ CVE-2011-3389. (Scott)
+ . Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
+ (me at ktamura dot com, Scott)
+
+- Improved PDO:
+ . Fixed PDO objects binary incompatibility. (Dmitry)
+
+- PDO DBlib driver:
+ . Added nextRowset support.
+ . Fixed bug #50755 (PDO DBLIB Fails with OOM).
+
+- Improved PostgreSQL extension:
+ . Added support for "extra" parameter for PGNotify().
+ (r dot i dot k at free dot fr, Ilia)
+
+- Improved PCRE extension:
+ . Changed third parameter of preg_match_all() to optional. FR #53238. (Adam)
+
+- Improved Readline extension:
+ . Fixed bug #54450 (Enable callback support when built against libedit).
+ (fedora at famillecollet dot com, Hannes)
+
+- Improved Reflection extension:
+ . Added ReflectionClass::newInstanceWithoutConstructor() to create a new
+ instance of a class without invoking its constructor. FR #55490.
+ (Sebastian)
+ . Added ReflectionExtension::isTemporary() and
+ ReflectionExtension::isPersistent() methods. (Johannes)
+ . Added ReflectionZendExtension class. (Johannes)
+ . Added ReflectionClass::isCloneable(). (Felipe)
+
+- Improved Session extension:
+ . Expose session status via new function, session_status (FR #52982) (Arpad)
+ . Added support for object-oriented session handlers. (Arpad)
+ . Added support for storing upload progress feedback in session data.
(Arnaud)
+ . Changed session.entropy_file to default to /dev/urandom or /dev/arandom if
+ either is present at compile time. (Rasmus)
. Fixed bug #60860 (session.save_handler=user without defined function core
dumps). (Felipe)
- . Fixed bug #60634 (Segmentation fault when trying to die() in
- SessionHandler::write()). (Ilia)
+ . Implement FR #60551 (session_set_save_handler should support a core's
+ session handler interface). (Arpad)
+ . Fixed bug #60640 (invalid return values). (Arpad)
-- Streams:
- . Fixed bug #61371 (stream_context_create() causes memory leaks on use
- streams_socket_create). (Gustavo)
- . Fixed bug #61253 (Wrappers opened with errors concurrency problem on ZTS).
- (Gustavo)
- . Fixed bug #61115 (stream related segfault on fatal error in
- php_stream_context_link). (Gustavo)
- . Fixed bug #60817 (stream_get_line() reads from stream even when there is
- already sufficient data buffered). stream_get_line() now behaves more like
- fgets(), as is documented. (Gustavo)
- . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not
- detected together with the last read). (Gustavo)
- . Fixed bug #60106 (stream_socket_server silently truncates long unix
- socket paths). (Ilia)
-
-- Tidy:
- . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria
Parra)
+- Improved SNMP extension (Boris Lytochkin):
+ . Added OO API. FR #53594 (php-snmp rewrite).
+ . Sanitized return values of existing functions. Now it returns FALSE on
+ failure.
+ . Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to
max_oids
+ upon request.
+ . Introducing unit tests for extension with ~full coverage.
+ . IPv6 support. (FR #42918)
+ . Way of representing OID value can now be changed when SNMP_VALUE_OBJECT
+ is used for value output mode. Use or'ed SNMP_VALUE_LIBRARY(default if
+ not specified) or SNMP_VALUE_PLAIN. (FR #54502)
+ . Fixed bug #60749 (SNMP module should not strip non-standard SNMP port
+ from hostname). (Boris Lytochkin)
+ . Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support
+ is disabled). (Boris Lytochkin)
+ . Fixed bug #53862 (snmp_set_oid_output_format does not allow returning to
default)
+ . Fixed bug #46065 (snmp_set_quick_print() persists between requests)
+ . Fixed bug #45893 (Snmp buffer limited to 2048 char)
+ . Fixed bug #44193 (snmp v3 noAuthNoPriv doesn't work)
-- XMLRPC:
- . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary
variable). (Nikita Popov)
- . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikic)
+- Improved SOAP extension:
+ . Added new SoapClient option "keep_alive". FR #60329. (Pierrick)
+ . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry)
-- Zlib:
- . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikic)
+- Improved SPL extension:
+ . Added RegexIterator::getRegex() method. (Joshua Thijssen)
+ . Added SplObjectStorage::getHash() hook. (Etienne)
+ . Added CallbackFilterIterator and RecursiveCallbackFilterIterator. (Arnaud)
+ . Added missing class_uses(..) as pointed out by #55266 (Stefan)
+ . Immediately reject wrong usages of directories under Spl(Temp)FileObject
+ and friends. (Etienne, Pierre)
+ . FilesystemIterator, GlobIterator and (Recursive)DirectoryIterator now use
+ the default stream context. (Hannes)
+ . Fixed bug #60201 (SplFileObject::setCsvControl does not expose third
+ argument via Reflection). (Peter)
+ . Fixed bug #55287 (spl_classes() not includes CallbackFilter classes)
+ (sasezaki at gmail dot com, salathe)
+
+- Improved Sysvshm extension:
+ . Fixed bug #55750 (memory copy issue in sysvshm extension).
+ (Ilia, jeffhuang9999 at gmail dot com)
+
+- Improved Tidy extension:
+ . Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference).
+ (Maksymilian Arciemowicz, Felipe)
+
+- Improved Tokenizer extension:
+ . Fixed bug #54089 (token_get_all with regards to __halt_compiler is
+ not binary safe). (Nikita Popov)
+
+- Improved XSL extension:
+ . Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs() to
+ define forbidden operations within XSLT stylesheets, default is not to
+ enable write operations from XSLT. Bug #54446 (Chregu, Nicolas Gregoire)
+ . XSL doesn't stop transformation anymore, if a PHP function can't be called
+ (Christian)
+
+- Improved ZLIB extension:
+ . Re-implemented non-file related functionality. (Mike)
+ . Fixed bug #55544 (ob_gzhandler always conflicts with
zlib.output_compression).
+ (Mike)
02 Feb 2012, PHP 5.3.10
diff --combined ext/soap/php_http.c
index 2933576,358877d..a156488
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@@@ -32,7 -32,7 +32,7 @@@ static int get_http_headers(php_stream
smart_str_appendl(str,const,sizeof(const)-1)
/* Proxy HTTP Authentication */
- void proxy_authentication(zval* this_ptr, smart_str* soap_headers TSRMLS_DC)
+ int proxy_authentication(zval* this_ptr, smart_str* soap_headers TSRMLS_DC)
{
zval **login, **password;
@@@ -53,11 -53,13 +53,13 @@@
smart_str_append_const(soap_headers, "\r\n");
efree(buf);
smart_str_free(&auth);
+ return 1;
}
+ return 0;
}
/* HTTP Authentication */
- void basic_authentication(zval* this_ptr, smart_str* soap_headers TSRMLS_DC)
+ int basic_authentication(zval* this_ptr, smart_str* soap_headers TSRMLS_DC)
{
zval **login, **password;
@@@ -79,6 -81,78 +81,78 @@@
smart_str_append_const(soap_headers, "\r\n");
efree(buf);
smart_str_free(&auth);
+ return 1;
+ }
+ return 0;
+ }
+
+ /* Additional HTTP headers */
+ void http_context_headers(php_stream_context* context,
+ zend_bool has_authorization,
+ zend_bool has_proxy_authorization,
+ zend_bool has_cookies,
+ smart_str* soap_headers TSRMLS_DC)
+ {
+ zval **tmp;
+
+ if (context &&
+ php_stream_context_get_option(context, "http", "header", &tmp)
== SUCCESS &&
+ Z_TYPE_PP(tmp) == IS_STRING && Z_STRLEN_PP(tmp)) {
+ char *s = Z_STRVAL_PP(tmp);
+ char *p;
+ int name_len;
+
+ while (*s) {
+ /* skip leading newlines and spaces */
+ while (*s == ' ' || *s == '\t' || *s == '\r' || *s ==
'\n') {
+ s++;
+ }
+ /* extract header name */
+ p = s;
+ name_len = -1;
+ while (*p) {
+ if (*p == ':') {
+ if (name_len < 0) name_len = p - s;
+ break;
+ } else if (*p == ' ' || *p == '\t') {
+ if (name_len < 0) name_len = p - s;
+ } else if (*p == '\r' || *p == '\n') {
+ break;
+ }
+ p++;
+ }
+ if (*p == ':') {
+ /* extract header value */
+ while (*p && *p != '\r' && *p != '\n') {
+ p++;
+ }
+ /* skip some predefined headers */
+ if ((name_len != sizeof("host")-1 ||
+ strncasecmp(s, "host", sizeof("host")-1)
!= 0) &&
+ (name_len != sizeof("connection")-1 ||
+ strncasecmp(s, "connection",
sizeof("connection")-1) != 0) &&
+ (name_len != sizeof("user-agent")-1 ||
+ strncasecmp(s, "user-agent",
sizeof("user-agent")-1) != 0) &&
+ (name_len != sizeof("content-length")-1 ||
+ strncasecmp(s, "content-length",
sizeof("content-length")-1) != 0) &&
+ (name_len != sizeof("content-type")-1 ||
+ strncasecmp(s, "content-type",
sizeof("content-type")-1) != 0) &&
+ (!has_cookies ||
+ name_len != sizeof("cookie")-1 ||
+ strncasecmp(s, "cookie",
sizeof("cookie")-1) != 0) &&
+ (!has_authorization ||
+ name_len != sizeof("authorization")-1 ||
+ strncasecmp(s, "authorization",
sizeof("authorization")-1) != 0) &&
+ (!has_proxy_authorization ||
+ name_len !=
sizeof("proxy-authorization")-1 ||
+ strncasecmp(s, "proxy-authorization",
sizeof("proxy-authorization")-1) != 0)) {
+ /* add header */
+ smart_str_appendl(soap_headers, s, p-s);
+ smart_str_append_const(soap_headers,
"\r\n");
+ }
+ }
+ s = (*p) ? (p + 1) : p;
+ }
}
}
@@@ -118,7 -192,7 +192,7 @@@ static php_stream* http_connect(zval* t
namelen = spprintf(&name, 0, "%s://%s:%d", (use_ssl && !*use_proxy)?
"ssl" : "tcp", host, port);
stream = php_stream_xport_create(name, namelen,
- ENFORCE_SAFE_MODE | REPORT_ERRORS,
+ REPORT_ERRORS,
STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
NULL /*persistent_id*/,
timeout,
@@@ -387,7 -461,7 +461,7 @@@ try_again
if (stream) {
zval **cookies, **login, **password;
- int ret = zend_list_insert(phpurl, le_url);
+ int ret = zend_list_insert(phpurl, le_url TSRMLS_CC);
add_property_resource(this_ptr, "httpurl", ret);
/*zend_list_addref(ret);*/
@@@ -433,14 -507,12 +507,14 @@@
smart_str_appendc(&soap_headers, ':');
smart_str_append_unsigned(&soap_headers, phpurl->port);
}
- if (http_1_1) {
+ if (!http_1_1 ||
+ (zend_hash_find(Z_OBJPROP_P(this_ptr), "_keep_alive",
sizeof("_keep_alive"), (void **)&tmp) == SUCCESS &&
+ Z_LVAL_PP(tmp) == 0)) {
smart_str_append_const(&soap_headers, "\r\n"
- "Connection: Keep-Alive\r\n");
+ "Connection: close\r\n");
} else {
smart_str_append_const(&soap_headers, "\r\n"
- "Connection: close\r\n");
+ "Connection: Keep-Alive\r\n");
}
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_user_agent",
sizeof("_user_agent"), (void **)&tmp) == SUCCESS &&
Z_TYPE_PP(tmp) == IS_STRING) {
@@@ -664,8 -736,7 +738,7 @@@
/* Proxy HTTP Authentication */
if (use_proxy && !use_ssl) {
- has_proxy_authorization = 1;
- proxy_authentication(this_ptr, &soap_headers TSRMLS_CC);
+ has_proxy_authorization =
proxy_authentication(this_ptr, &soap_headers TSRMLS_CC);
}
/* Send cookies along with request */
@@@ -707,65 -778,7 +780,7 @@@
}
}
- if (context &&
- php_stream_context_get_option(context, "http",
"header", &tmp) == SUCCESS &&
- Z_TYPE_PP(tmp) == IS_STRING && Z_STRLEN_PP(tmp)) {
- char *s = Z_STRVAL_PP(tmp);
- char *p;
- int name_len;
-
- while (*s) {
- /* skip leading newlines and spaces */
- while (*s == ' ' || *s == '\t' || *s == '\r' ||
*s == '\n') {
- s++;
- }
- /* extract header name */
- p = s;
- name_len = -1;
- while (*p) {
- if (*p == ':') {
- if (name_len < 0) name_len = p
- s;
- break;
- } else if (*p == ' ' || *p == '\t') {
- if (name_len < 0) name_len = p
- s;
- } else if (*p == '\r' || *p == '\n') {
- break;
- }
- p++;
- }
- if (*p == ':') {
- /* extract header value */
- while (*p && *p != '\r' && *p != '\n') {
- p++;
- }
- /* skip some predefined headers */
- if ((name_len != sizeof("host")-1 ||
- strncasecmp(s, "host",
sizeof("host")-1) != 0) &&
- (name_len != sizeof("connection")-1
||
- strncasecmp(s, "connection",
sizeof("connection")-1) != 0) &&
- (name_len != sizeof("user-agent")-1
||
- strncasecmp(s, "user-agent",
sizeof("user-agent")-1) != 0) &&
- (name_len !=
sizeof("content-length")-1 ||
- strncasecmp(s, "content-length",
sizeof("content-length")-1) != 0) &&
- (name_len !=
sizeof("content-type")-1 ||
- strncasecmp(s, "content-type",
sizeof("content-type")-1) != 0) &&
- (!has_cookies ||
- name_len != sizeof("cookie")-1 ||
- strncasecmp(s, "cookie",
sizeof("cookie")-1) != 0) &&
- (!has_authorization ||
- name_len !=
sizeof("authorization")-1 ||
- strncasecmp(s, "authorization",
sizeof("authorization")-1) != 0) &&
- (!has_proxy_authorization ||
- name_len !=
sizeof("proxy-authorization")-1 ||
- strncasecmp(s,
"proxy-authorization", sizeof("proxy-authorization")-1) != 0)) {
- /* add header */
-
smart_str_appendl(&soap_headers, s, p-s);
-
smart_str_append_const(&soap_headers, "\r\n");
- }
- }
- s = (*p) ? (p + 1) : p;
- }
- }
+ http_context_headers(context, has_authorization,
has_proxy_authorization, has_cookies, &soap_headers TSRMLS_CC);
smart_str_append_const(&soap_headers, "\r\n");
smart_str_0(&soap_headers);
@@@ -1388,7 -1401,7 +1403,7 @@@ static int get_http_body(php_stream *st
if (header_length < 0 || header_length >= INT_MAX) {
return FALSE;
}
- http_buf = emalloc(header_length + 1);
+ http_buf = safe_emalloc(1, header_length, 1);
while (http_buf_size < header_length) {
int len_read = php_stream_read(stream, http_buf +
http_buf_size, header_length - http_buf_size);
if (len_read <= 0) {
diff --combined ext/soap/php_sdl.c
index eeedc51,e85b606..d250850
--- a/ext/soap/php_sdl.c
+++ b/ext/soap/php_sdl.c
@@@ -2373,7 -2373,7 +2373,7 @@@ static void add_sdl_to_cache(const cha
}
}
- write(f, buf.c, buf.len);
+ php_ignore_value(write(f, buf.c, buf.len));
close(f);
smart_str_free(&buf);
zend_hash_destroy(&tmp_functions);
@@@ -3196,6 -3196,8 +3196,8 @@@ sdlPtr get_sdl(zval *this_ptr, char *ur
smart_str headers = {0};
char* key = NULL;
time_t t = time(0);
+ zend_bool has_proxy_authorization = 0;
+ zend_bool has_authorization = 0;
if (strchr(uri,':') != NULL || IS_ABSOLUTE_PATH(uri, uri_len)) {
uri_len = strlen(uri);
@@@ -3226,7 -3228,7 +3228,7 @@@
unsigned char digest[16];
int len = strlen(SOAP_GLOBAL(cache_dir));
time_t cached;
- char *user = php_get_current_user();
+ char *user = php_get_current_user(TSRMLS_C);
int user_len = user ? strlen(user) + 1 : 0;
md5str[0] = '\0';
@@@ -3256,7 -3258,7 +3258,7 @@@
"_stream_context", sizeof("_stream_context"),
(void**)&tmp)) {
context = php_stream_context_from_zval(*tmp, 0);
} else {
- context = php_stream_context_alloc();
+ context = php_stream_context_alloc(TSRMLS_C);
}
if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_user_agent",
sizeof("_user_agent"), (void **) &tmp) == SUCCESS &&
@@@ -3286,7 -3288,7 +3288,7 @@@
smart_str_free(&proxy);
if (!context) {
- context = php_stream_context_alloc();
+ context = php_stream_context_alloc(TSRMLS_C);
}
php_stream_context_set_option(context, "http", "proxy",
str_proxy);
zval_ptr_dtor(&str_proxy);
@@@ -3299,10 -3301,10 +3301,10 @@@
zval_ptr_dtor(&str_proxy);
}
- proxy_authentication(this_ptr, &headers TSRMLS_CC);
+ has_proxy_authorization = proxy_authentication(this_ptr,
&headers TSRMLS_CC);
}
- basic_authentication(this_ptr, &headers TSRMLS_CC);
+ has_authorization = basic_authentication(this_ptr, &headers TSRMLS_CC);
/* Use HTTP/1.1 with "Connection: close" by default */
if (php_stream_context_get_option(context, "http", "protocol_version",
&tmp) == FAILURE) {
@@@ -3311,14 -3313,16 +3313,16 @@@
ZVAL_DOUBLE(http_version, 1.1);
php_stream_context_set_option(context, "http",
"protocol_version", http_version);
zval_ptr_dtor(&http_version);
- smart_str_appendl(&headers, "Connection: close",
sizeof("Connection: close")-1);
+ smart_str_appendl(&headers, "Connection: close\r\n",
sizeof("Connection: close\r\n")-1);
}
if (headers.len > 0) {
zval *str_headers;
if (!context) {
- context = php_stream_context_alloc();
+ context = php_stream_context_alloc(TSRMLS_C);
+ } else {
+ http_context_headers(context, has_authorization,
has_proxy_authorization, 0, &headers TSRMLS_CC);
}
smart_str_0(&headers);--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
