Commit: b08b7fe78785230dd37e7969e38f1913727fbc88
Author: Rasmus Lerdorf <ras...@php.net> Sun, 25 Mar 2012 05:45:55
+0530
Parents: cff89ceda0f237f7d5368056ed59c657065fe094
900778731c49611e1318e4d1839768eb46f26813
Branches: PHP-5.4
Link:
http://git.php.net/?p=php-src.git;a=commitdiff;h=b08b7fe78785230dd37e7969e38f1913727fbc88
Log:
Merge branch 'PHP-5.3' into PHP-5.4
Changed paths:
MM NEWS
MM ext/standard/link.c
b08b7fe78785230dd37e7969e38f1913727fbc88
diff --combined NEWS
index ceb1ad0,1658cdb..f3e3f9c
--- a/NEWS
+++ b/NEWS
@@@ -1,42 -1,33 +1,42 @@@
PHP
NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2012, PHP 5.3.11
+?? ??? 2012, PHP 5.4.1 RC1
+
+- CLI Server:
+ . Implemented FR #60850 (Built in web server does not set
+ $_SERVER['SCRIPT_FILENAME'] when using router). (Laruence)
+ . "Connection: close" instead of "Connection: closed" (Gustavo)
- Core:
- . Fixed bug #61273 (call_user_func_array with more than 16333 arguments
+ . Fixed bug #61374 (html_entity_decode tries to decode code points that
don't
+ exist in ISO-8859-1). (Gustavo)
+ . Fixed bug #61273 (call_user_func_array with more than 16333 arguments
leaks / crashes). (Laruence)
+ . Fixed bug #61225 (Incorrect lexing of 0b00*+<NUM>). (Pierrick)
. Fixed bug #61165 (Segfault - strip_tags()). (Laruence)
- . Improved max_input_vars directive to check nested variables (Dmitry).
- . Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>). (Etienne)
+ . Fixed bug #61106 (Segfault when using header_register_callback). (Nikita
+ Popov)
. Fixed bug #61087 (Memory leak in parse_ini_file when specifying
invalid scanner mode). (Nikic, Laruence)
. Fixed bug #61072 (Memory leak when restoring an exception handler).
(Nikic, Laruence)
. Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX).
- (Laruence)
- . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
- vars). (Laruence)
- . Fix bug #60895 (Possible invalid handler usage in windows random
- functions). (Pierre)
- . Fixed bug #60825 (Segfault when running symfony 2 tests).
- (Dmitry, Laruence)
+ (Laruence)
+ . Fixed bug #61052 (Missing error check in trait 'insteadof' clause).
(Stefan)
+ . Fixed bug #61011 (Crash when an exception is thrown by __autoload
+ accessing a static property). (Laruence)
+ . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
+ vars). (Laruence)
+ . Fixed bug #60978 (exit code incorrect). (Laruence)
+ . Fixed bug #60911 (Confusing error message when extending traits). (Stefan)
. Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam)
+ . Fixed bug #60717 (Order of traits in use statement can cause a fatal
+ error). (Stefan)
+ . Fixed bug #60573 (type hinting with "self" keyword causes weird errors).
+ (Laruence)
. Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia)
- . Fixed bug #60227 (header() cannot detect the multi-line header with CR).
- (rui, Gustavo)
- . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
. Fixed bug #52719 (array_walk_recursive crashes if third param of the
function is by reference). (Nikita Popov)
- . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
- Ibase
. Fixed bug #60947 (Segmentation fault while executing ibase_db_info).
@@@ -45,506 -36,99 +45,510 @@@
- Installation
. Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones)
-- Fileinfo
- . Fixed bug #61173 (Unable to detect error from finfo constructor).
(Gustavo)
-
-- Firebird Database extension (ibase):
- . Fixed bug #60802 (ibase_trans() gives segfault when passing params).
+- mbstring:
+ . MFH mb_ereg_replace_callback() for security enhancements. (Rui)
- mysqli
. Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes).
+- mysqlnd
+ . Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled).
+ (Johannes)
+
+- Readline:
+ . Fixed bug #61088 (Memory leak in readline_callback_handler_install).
+ (Nikic, Laruence)
+ . Add open_basedir checks to readline_write_history and
readline_read_history.
+ (Rasmus, reported by Mateusz Goik)
+
+- Session
+ . Fixed bug #60634 (Segmentation fault when trying to die() in
+ SessionHandler::write()). (Ilia)
+
+- SOAP
+ . Fixed bug #60887 (SoapClient ignores user_agent option and sends no
+ User-Agent header). (carloschilazo at gmail dot com)
+ . Fixed bug #60842, #51775 (Chunked response parsing error when
+ chunksize length line is > 10 bytes). (Ilia)
+
+- PDO
+ . Fixed bug #61292 (Segfault while calling a method on an overloaded PDO
+ object). (Laruence)
+
- PDO_mysql
. Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't
always work). (Johannes)
. Fixed bug #61194 (PDO should export compression flag with myslqnd).
(Johannes)
-- PDO_odbc
+- PDO_odbc
. Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia)
-- PDO_pgsql
- . Fixed bug #61267 (pdo_pgsql's PDO::exec() returns the number of SELECTed
- rows on postgresql >= 9). (ben dot pineau at gmail dot com)
-
-- PDO_Sqlite extension:
- . Add createCollation support. (Damien)
-
-- Phar:
+- Phar
. Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL
- bytes). (Nikic)
-
-- PHP-FPM SAPI:
- . Fixed bug #60811 (php-fpm compilation problem). (rasmus)
+ bytes). (Nikita Popov)
+ - Readline:
- . Fixed bug #61088 (Memory leak in readline_callback_handler_install).
- (Nikic, Laruence)
+ . Add open_basedir checks to readline_write_history and
readline_read_history.
+ (Rasmus, reported by Mateusz Goik)
+
- Reflection:
. Fixed bug #60968 (Late static binding doesn't work with
ReflectionMethod::invokeArgs()). (Laruence)
-- SOAP
- . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry)
- . Fixed bug #60887 (SoapClient ignores user_agent option and sends no
- User-Agent header). (carloschilazo at gmail dot com)
- . Fixed bug #60842, #51775 (Chunked response parsing error when
- chunksize length line is > 10 bytes). (Ilia)
-
-- SPL
- . Fixed memory leak when calling SplFileInfo's constructor twice. (Felipe)
- . Fixed bug #61418 (Segmentation fault when DirectoryIterator's or
- FilesystemIterator's iterators are requested more than once without
- having had its dtor callback called in between). (Gustavo)
+- SPL:
. Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence)
- . Fixed bug #61326 (ArrayObject comparison). (Gustavo)
-- SQLite3 extension:
- . Add createCollation() method. (Brad Dewar)
+- Standard:
+ . Fixed memory leak in substr_replace. (Pierrick)
+ . Make max_file_uploads ini directive settable outside of php.ini (Rasmus)
+ . Fixed bug #61409 (Bad formatting on phpinfo()). (Jakub Vrana)
+ . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
+ . Fixed bug #60106 (stream_socket_server silently truncates long unix socket
+ paths). (Ilia)
+
+- XMLRPC:
+ . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary
+ variable). (Nikita Popov)
+ . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita
+ Popov)
+
+- Zlib:
+ . Fixed bug #61306 (initialization of global inappropriate for ZTS).
(Gustavo)
+ . Fixed bug #61287 (A particular string fails to decompress). (Mike)
+ . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita
Popov)
+
+01 Mar 2012, PHP 5.4.0
+
+- Installation:
+ . autoconf 2.59+ is now supported (and required) for generating the
+ configure script with ./buildconf. Autoconf 2.60+ is desirable
+ otherwise the configure help order may be incorrect. (Rasmus, Chris
Jones)
+
+- Removed legacy features:
+ . break/continue $var syntax. (Dmitry)
+ . Safe mode and all related php.ini options. (Kalle)
+ . register_globals and register_long_arrays php.ini options. (Kalle)
+ . import_request_variables(). (Kalle)
+ . allow_call_time_pass_reference. (Pierrick)
+ . define_syslog_variables php.ini option and its associated function.
(Kalle)
+ . highlight.bg php.ini option. (Kalle)
+ . safe_mode, safe_mode_gid, safe_mode_include_dir,
+ safe_mode_exec_dir, safe_mode_allowed_env_vars and
+ safe_mode_protected_env_vars php.ini options.
+ . zend.ze1_compatibility_mode php.ini option.
+ . Session bug compatibility mode (session.bug_compat_42 and
+ session.bug_compat_warn php.ini options). (Kalle)
+ . session_is_registered(), session_register() and session_unregister()
+ functions. (Kalle)
+ . y2k_compliance php.ini option. (Kalle)
+ . magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase
+ php.ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept
+ but always return false, set_magic_quotes_runtime raises an
+ E_CORE_ERROR. (Pierrick, Pierre)
+ . Removed support for putenv("TZ=..") for setting the timezone. (Derick)
+ . Removed the timezone guessing algorithm in case the timezone isn't set
with
+ date.timezone or date_default_timezone_set(). Instead of a guessed
+ timezone, "UTC" is now used instead. (Derick)
-- Session:
+- Moved extensions to PECL:
+ . ext/sqlite. (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are
+ not affected) (Johannes)
+
+- General improvements:
+ . Added short array syntax support ([1,2,3]), see UPGRADING guide for full
+ details. (rsky0711 at gmail . com, sebastian.deutsch at 9elements . com,
+ Pierre)
+ . Added binary number format (0b001010). (Jonah dot Harris at gmail dot com)
+ . Added support for Class::{expr}() syntax (Pierrick)
+ . Added multibyte support by default. Previously PHP had to be compiled
+ with --enable-zend-multibyte. Now it can be enabled or disabled through
+ the zend.multibyte directive in php.ini. (Dmitry)
+ . Removed compile time dependency from ext/mbstring (Dmitry)
+ . Added support for Traits. (Stefan, with fixes by Dmitry and Laruence)
+ . Added closure $this support back. (Stas)
+ . Added array dereferencing support. (Felipe)
+ . Added callable typehint. (Hannes)
+ . Added indirect method call through array. FR #47160. (Felipe)
+ . Added DTrace support. (David Soria Parra)
+ . Added class member access on instantiation (e.g. (new foo)->bar())
support.
+ (Felipe)
+ . <?= is now always available regardless of the short_open_tag setting.
(Rasmus)
+ . Implemented Zend Signal Handling (configurable option
--enable-zend-signals,
+ off by default). (Lucas Nealan, Arnaud Le Blanc, Brian Shire, Ilia)
+ . Improved output layer, see README.NEW-OUTPUT-API for internals. (Mike)
+ . Improved UNIX build system to allow building multiple PHP binary SAPIs and
+ one SAPI module the same time. FR #53271, FR #52419. (Jani)
+ . Implemented closure rebinding as parameter to bindTo. (Gustavo Lopes)
+ . Improved the warning message of incompatible arguments. (Laruence)
+ . Improved ternary operator performance when returning arrays. (Arnaud,
Dmitry)
+ . Changed error handlers to only generate docref links when the docref_root
+ php.ini setting is not empty. (Derick)
+ . Changed silent conversion of array to string to produce a notice.
(Patrick)
+ . Changed default encoding from ISO-8859-1 to UTF-8 when not specified in
+ htmlspecialchars and htmlentities. (Rasmus)
+ . Changed casting of null/''/false into an Object when adding a property
+ from E_STRICT into a warning. (Scott)
+ . Changed E_ALL to include E_STRICT. (Stas)
+ . Disabled Windows CRT warning by default, can be enabled again using the
+ php.ini directive windows_show_crt_warnings. (Pierre)
+ . Fixed bug #55378: Binary number literal returns float number though its
+ value is small enough. (Derick)
+
+- Improved Zend Engine memory usage: (Dmitry)
+ . Improved parse error messages. (Felipe)
+ . Replaced zend_function.pass_rest_by_reference by
+ ZEND_ACC_PASS_REST_BY_REFERENCE in zend_function.fn_flags.
+ . Replaced zend_function.return_reference by ZEND_ACC_RETURN_REFERENCE
+ in zend_function.fn_flags.
+ . Removed zend_arg_info.required_num_args as it was only needed for internal
+ functions. Now the first arg_info for internal functions (which has
special
+ meaning) is represented by the zend_internal_function_info structure.
+ . Moved zend_op_array.size, size_var, size_literal, current_brk_cont,
+ backpatch_count into CG(context) as they are used only during compilation.
+ . Moved zend_op_array.start_op into EG(start_op) as it's used only for
+ 'interactive' execution of a single top-level op-array.
+ . Replaced zend_op_array.done_pass_two by ZEND_ACC_DONE_PASS_TWO in
+ zend_op_array.fn_flags.
+ . op_array.vars array is trimmed (reallocated) during pass_two.
+ . Replaced zend_class_entry.constants_updated by ZEND_ACC_CONSTANTS_UPDATED
+ in zend_class_entry.ce_flags.
+ . Reduced the size of zend_class_entry by sharing the same memory space
+ by different information for internal and user classes.
+ See zend_class_entry.info union.
+ . Reduced size of temp_variable.
+
+- Improved Zend Engine - performance tweaks and optimizations: (Dmitry)
+ . Inlined most probable code-paths for arithmetic operations directly into
+ executor.
+ . Eliminated unnecessary iterations during request startup/shutdown.
+ . Changed $GLOBALS into a JIT autoglobal, so it's initialized only if used.
+ (this may affect opcode caches!)
+ . Improved performance of @ (silence) operator.
+ . Simplified string offset reading. Given $str="abc" then $str[1][0] is now
+ a legal construct.
+ . Added caches to eliminate repeatable run-time bindings of functions,
+ classes, constants, methods and properties.
+ . Added concept of interned strings. All strings constants known at compile
+ time are allocated in a single copy and never changed.
+ . ZEND_RECV now always has IS_CV as its result.
+ . ZEND_CATCH now has to be used only with constant class names.
+ . ZEND_FETCH_DIM_? may fetch array and dimension operands in different
order.
+ . Simplified ZEND_FETCH_*_R operations. They can't be used with the
+ EXT_TYPE_UNUSED flag any more. This is a very rare and useless case.
+ ZEND_FREE might be required after them instead.
+ . Split ZEND_RETURN into two new instructions ZEND_RETURN and
+ ZEND_RETURN_BY_REF.
+ . Optimized access to global constants using values with pre-calculated
+ hash_values from the literals table.
+ . Optimized access to static properties using executor specialization.
+ A constant class name may be used as a direct operand of ZEND_FETCH_*
+ instruction without previous ZEND_FETCH_CLASS.
+ . zend_stack and zend_ptr_stack allocation is delayed until actual usage.
+
+- Other improvements to Zend Engine:
+ . Added an optimization which saves memory and emalloc/efree calls for empty
+ HashTables. (Stas, Dmitry)
+ . Added ability to reset user opcode handlers (Yoram).
+ . Changed the structure of op_array.opcodes. The constant values are moved
from
+ opcode operands into a separate literal table. (Dmitry)
+ . Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods.
+ (Dmitry)
+
+- Improved core functions:
+ . Enforce an extended class' __construct arguments to match the
+ abstract constructor in the base class.
+ . Disallow reusing superglobal names as parameter names.
+ . Added optional argument to debug_backtrace() and debug_print_backtrace()
+ to limit the amount of stack frames returned. (Sebastian, Patrick)
+ . Added hex2bin() function. (Scott)
+ . number_format() no longer truncates multibyte decimal points and thousand
+ separators to the first byte. FR #53457. (Adam)
+ . Added support for object references in recursive serialize() calls.
+ FR #36424. (Mike)
+ . Added support for SORT_NATURAL and SORT_FLAG_CASE in array
+ sort functions (sort, rsort, ksort, krsort, asort, arsort and
+ array_multisort). FR#55158 (Arpad)
+ . Added stream metadata API support and stream_metadata() stream class
+ handler. (Stas)
+ . User wrappers can now define a stream_truncate() method that responds
+ to truncation, e.g. through ftruncate(). FR #53888. (Gustavo)
+ . Improved unserialize() performance.
+ (galaxy dot mipt at gmail dot com, Kalle)
+ . Changed array_combine() to return empty array instead of FALSE when both
+ parameter arrays are empty. FR #34857. (joel.per...@gmail.com)
+ . Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>). (Etienne)
+ . Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
+ $double=false). (Gustavo)
+ . Fixed bug #60895 (Possible invalid handler usage in windows random
+ functions). (Pierre)
+ . Fixed bug #60879 (unserialize() Does not invoke __wakeup() on object).
+ (Pierre, Steve)
+ . Fixed bug #60825 (Segfault when running symfony 2 tests).
+ (Dmitry, Laruence)
+ . Fixed bug #60627 (httpd.worker segfault on startup with php_value).
+ . Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax). (Dmitry)
+ . Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax).
(Laruence)
+ (Laruence)
+ . Fixed bug #60558 (Invalid read and writes). (Laruence)
+ . Fixed bug #60444 (Segmentation fault with include & class extending).
+ (Laruence, Dmitry).
+ . Fixed bug #60362 (non-existent sub-sub keys should not have values).
+ (Laruence, alan_k, Stas)
+ . Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e).
+ (php at mickweiss dot com)
+ . Fixed bug #60321 (ob_get_status(true) no longer returns an array when
+ buffer is empty). (Pierrick)
+ . Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers).
+ (Laruence)
+ . Fixed bug #60240 (invalid read/writes when unserializing specially crafted
+ strings). (Mike)
+ . Fixed bug #60227 (header() cannot detect the multi-line header with
+ CR(0x0D)). (rui)
+ . Fixed bug #60174 (Notice when array in method prototype error).
+ (Laruence)
+ . Fixed bug #60169 (Conjunction of ternary and list crashes PHP).
+ (Laruence)
+ . Fixed bug #60038 (SIGALRM cause segfault in php_error_cb). (Laruence)
+ (klightspeed at netspace dot net dot au)
+ . Fixed bug #55871 (Interruption in substr_replace()). (Stas)
+ . Fixed bug #55801 (Behavior of unserialize has changed). (Mike)
+ . Fixed bug #55758 (Digest Authenticate missed in 5.4) . (Laruence)
+ . Fixed bug #55748 (multiple NULL Pointer Dereference with zend_strndup())
+ (CVE-2011-4153). (Stas)
+ . Fixed bug #55124 (recursive mkdir fails with current (dot) directory in
path).
+ (Pierre)
+ . Fixed bug #55084 (Function registered by header_register_callback is
+ called only once per process). (Hannes)
+ . Implement FR #54514 (Get php binary path during script execution).
+ (Laruence)
+ . Fixed bug #52211 (iconv() returns part of string on error). (Felipe)
+ . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
+
+- Improved generic SAPI support:
+ . Added $_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision.
+ (Patrick)
+ . Added header_register_callback() which is invoked immediately
+ prior to the sending of headers and after default headers have
+ been added. (Scott)
+ . Added http_response_code() function. FR #52555. (Paul Dragoonis, Kalle)
+ . Fixed bug #55500 (Corrupted $_FILES indices lead to security concern).
+ (CVE-2012-1172). (Stas)
+ . Fixed bug #54374 (Insufficient validating of upload name leading to
+ corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at gmail
dot com)
+
+- Improved CLI SAPI:
+ . Added built-in web server that is intended for testing purpose.
+ (Moriyoshi, Laruence, and fixes by Pierre, Derick, Arpad,
+ chobieee at gmail dot com)
+ . Added command line option --rz <name> which shows information of the
+ named Zend extension. (Johannes)
+ . Interactive readline shell improvements: (Johannes)
+ . Added "cli.pager" php.ini setting to set a pager for output.
+ . Added "cli.prompt" php.ini setting to configure the shell prompt.
+ . Added shortcut #inisetting=value to change php.ini settings at run-time.
+ . Changed shell not to terminate on fatal errors.
+ . Interactive shell works with shared readline extension. FR #53878.
+
+- Improved CGI/FastCGI SAPI: (Dmitry)
+ . Added apache compatible functions: apache_child_terminate(),
+ getallheaders(), apache_request_headers() and apache_response_headers()
+ . Improved performance of FastCGI request parsing.
+ . Fixed reinitialization of SAPI callbacks after php_module_startup().
+ (Dmitry)
+
+- Improved PHP-FPM SAPI:
+ . Removed EXPERIMENTAL flag. (fat)
+ . Fixed bug #60659 (FPM does not clear auth_user on request accept).
+ (bonbons at linux-vserver dot org)
+
+- Improved Litespeed SAPI:
+ . Fixed bug #55769 (Make Fails with "Missing Separator" error). (Adam)
+
+- Improved Date extension:
+ . Added the + modifier to parseFromFormat to allow trailing text in the
+ string to parse without throwing an error. (Stas, Derick)
+
+- Improved DBA extension:
+ . Added Tokyo Cabinet abstract DB support. (Michael Maclean)
+ . Added Berkeley DB 5 support. (Johannes, Chris Jones)
+
+- Improved DOM extension:
+ . Added the ability to pass options to loadHTML (Chregu, fxmulder at gmail
dot com)
+
+- Improved filesystem functions:
+ . scandir() now accepts SCANDIR_SORT_NONE as a possible sorting_order value.
+ FR #53407. (Adam)
+
+- Improved HASH extension:
+ . Added Jenkins's one-at-a-time hash support. (Martin Jansen)
+ . Added FNV-1 hash support. (Michael Maclean)
+ . Made Adler32 algorithm faster. FR #53213. (zavasek at yandex dot ru)
+ . Removed Salsa10/Salsa20, which are actually stream ciphers (Mike)
+ . Fixed bug #60221 (Tiger hash output byte order) (Mike)
+
+- Improved intl extension:
+ . Added Spoofchecker class, allows checking for visibly confusable
characters and
+ other security issues. (Scott)
+ . Added Transliterator class, allowing transliteration of strings.
+ (Gustavo)
+ . Added support for UTS #46. (Gustavo)
+ . Fixed build on Fedora 15 / Ubuntu 11. (Hannes)
+ . Fixed bug #55562 (grapheme_substr() returns false on big length). (Stas)
+
+- Improved JSON extension:
+ . Added new json_encode() option JSON_UNESCAPED_UNICODE. FR #53946.
+ (Alexander, Gwynne)
+ . Added JsonSerializable interface. (Sara)
+ . Added JSON_BIGINT_AS_STRING, extended json_decode() sig with $options.
+ (Sara)
+ . Added support for JSON_NUMERIC_CHECK option in json_encode() that converts
+ numeric strings to integers. (Ilia)
+ . Added new json_encode() option JSON_UNESCAPED_SLASHES. FR #49366. (Adam)
+ . Added new json_encode() option JSON_PRETTY_PRINT. FR #44331. (Adam)
+
+- Improved LDAP extension:
+ . Added paged results support. FR #42060. (a...@openldap.org,
+ iaren...@eteo.mondragon.edu, jean...@au-fil-du.net, remy.sai...@gmail.com)
+
+- Improved mbstring extension:
+ . Added Shift_JIS/UTF-8 Emoji (pictograms) support. (Rui)
+ . Added JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
+ support. (Rui)
+ . Ill-formed UTF-8 check for security enhancements. (Rui)
+ . Added MacJapanese (Shift_JIS) and gb18030 encoding support. (Rui)
+ . Added encode/decode in hex format to mb_[en|de]code_numericentity(). (Rui)
+ . Added user JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004)
+ support. (Rui)
+ . Added the user defined area for CP936 and CP950 (Rui).
+ . Fixed bug #60306 (Characters lost while converting from cp936 to utf8).
+ (Laruence)
+
+- Improved MySQL extensions:
+ . MySQL: Deprecated mysql_list_dbs(). FR #50667. (Andrey)
+ . mysqlnd: Added named pipes support. FR #48082. (Andrey)
+ . MySQLi: Added iterator support in MySQLi. mysqli_result implements
+ Traversable. (Andrey, Johannes)
+ . PDO_mysql: Removed support for linking with MySQL client libraries older
+ than 4.1. (Johannes)
+ . ext/mysql, mysqli and pdo_mysql now use mysqlnd by default. (Johannes)
+ . Fixed bug #55473 (mysql_pconnect leaks file descriptors on reconnect).
+ (Andrey, Laruence)
+ . Fixed bug #55653 (PS crash with libmysql when binding same variable as
+ param and out). (Laruence)
+
+- Improved OpenSSL extension:
+ . Added AES support. FR #48632. (yonas dot y at gmail dot com, Pierre)
+ . Added no padding option to openssl_encrypt()/openssl_decrypt(). (Scott)
+ . Use php's implementation for Windows Crypto API in
+ openssl_random_pseudo_bytes. (Pierre)
+ . On error in openssl_random_pseudo_bytes() made sure we set strong result
+ to false. (Scott)
+ . Fixed possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
+ CVE-2011-3389. (Scott)
+ . Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
+ (me at ktamura dot com, Scott)
+
+- Improved PDO:
+ . Fixed PDO objects binary incompatibility. (Dmitry)
+
+- PDO DBlib driver:
+ . Added nextRowset support.
+ . Fixed bug #50755 (PDO DBLIB Fails with OOM).
+
+- Improved PostgreSQL extension:
+ . Added support for "extra" parameter for PGNotify().
+ (r dot i dot k at free dot fr, Ilia)
+
+- Improved PCRE extension:
+ . Changed third parameter of preg_match_all() to optional. FR #53238. (Adam)
+
+- Improved Readline extension:
+ . Fixed bug #54450 (Enable callback support when built against libedit).
+ (fedora at famillecollet dot com, Hannes)
+
+- Improved Reflection extension:
+ . Added ReflectionClass::newInstanceWithoutConstructor() to create a new
+ instance of a class without invoking its constructor. FR #55490.
+ (Sebastian)
+ . Added ReflectionExtension::isTemporary() and
+ ReflectionExtension::isPersistent() methods. (Johannes)
+ . Added ReflectionZendExtension class. (Johannes)
+ . Added ReflectionClass::isCloneable(). (Felipe)
+
+- Improved Session extension:
+ . Expose session status via new function, session_status (FR #52982) (Arpad)
+ . Added support for object-oriented session handlers. (Arpad)
+ . Added support for storing upload progress feedback in session data.
(Arnaud)
+ . Changed session.entropy_file to default to /dev/urandom or /dev/arandom if
+ either is present at compile time. (Rasmus)
. Fixed bug #60860 (session.save_handler=user without defined function core
dumps). (Felipe)
- . Fixed bug #60634 (Segmentation fault when trying to die() in
- SessionHandler::write()). (Ilia)
+ . Implement FR #60551 (session_set_save_handler should support a core's
+ session handler interface). (Arpad)
+ . Fixed bug #60640 (invalid return values). (Arpad)
-- Streams:
- . Fixed bug #61371 (stream_context_create() causes memory leaks on use
- streams_socket_create). (Gustavo)
- . Fixed bug #61253 (Wrappers opened with errors concurrency problem on ZTS).
- (Gustavo)
- . Fixed bug #61115 (stream related segfault on fatal error in
- php_stream_context_link). (Gustavo)
- . Fixed bug #60817 (stream_get_line() reads from stream even when there is
- already sufficient data buffered). stream_get_line() now behaves more like
- fgets(), as is documented. (Gustavo)
- . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not
- detected together with the last read). (Gustavo)
- . Fixed bug #60106 (stream_socket_server silently truncates long unix
- socket paths). (Ilia)
-
-- Tidy:
- . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria
Parra)
+- Improved SNMP extension (Boris Lytochkin):
+ . Added OO API. FR #53594 (php-snmp rewrite).
+ . Sanitized return values of existing functions. Now it returns FALSE on
+ failure.
+ . Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to
max_oids
+ upon request.
+ . Introducing unit tests for extension with ~full coverage.
+ . IPv6 support. (FR #42918)
+ . Way of representing OID value can now be changed when SNMP_VALUE_OBJECT
+ is used for value output mode. Use or'ed SNMP_VALUE_LIBRARY(default if
+ not specified) or SNMP_VALUE_PLAIN. (FR #54502)
+ . Fixed bug #60749 (SNMP module should not strip non-standard SNMP port
+ from hostname). (Boris Lytochkin)
+ . Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support
+ is disabled). (Boris Lytochkin)
+ . Fixed bug #53862 (snmp_set_oid_output_format does not allow returning to
default)
+ . Fixed bug #46065 (snmp_set_quick_print() persists between requests)
+ . Fixed bug #45893 (Snmp buffer limited to 2048 char)
+ . Fixed bug #44193 (snmp v3 noAuthNoPriv doesn't work)
-- XMLRPC:
- . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary
variable). (Nikita Popov)
- . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikic)
+- Improved SOAP extension:
+ . Added new SoapClient option "keep_alive". FR #60329. (Pierrick)
+ . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry)
-- Zlib:
- . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikic)
+- Improved SPL extension:
+ . Added RegexIterator::getRegex() method. (Joshua Thijssen)
+ . Added SplObjectStorage::getHash() hook. (Etienne)
+ . Added CallbackFilterIterator and RecursiveCallbackFilterIterator. (Arnaud)
+ . Added missing class_uses(..) as pointed out by #55266 (Stefan)
+ . Immediately reject wrong usages of directories under Spl(Temp)FileObject
+ and friends. (Etienne, Pierre)
+ . FilesystemIterator, GlobIterator and (Recursive)DirectoryIterator now use
+ the default stream context. (Hannes)
+ . Fixed bug #60201 (SplFileObject::setCsvControl does not expose third
+ argument via Reflection). (Peter)
+ . Fixed bug #55287 (spl_classes() not includes CallbackFilter classes)
+ (sasezaki at gmail dot com, salathe)
+
+- Improved Sysvshm extension:
+ . Fixed bug #55750 (memory copy issue in sysvshm extension).
+ (Ilia, jeffhuang9999 at gmail dot com)
+
+- Improved Tidy extension:
+ . Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference).
+ (Maksymilian Arciemowicz, Felipe)
+
+- Improved Tokenizer extension:
+ . Fixed bug #54089 (token_get_all with regards to __halt_compiler is
+ not binary safe). (Nikita Popov)
+
+- Improved XSL extension:
+ . Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs() to
+ define forbidden operations within XSLT stylesheets, default is not to
+ enable write operations from XSLT. Bug #54446 (Chregu, Nicolas Gregoire)
+ . XSL doesn't stop transformation anymore, if a PHP function can't be called
+ (Christian)
+
+- Improved ZLIB extension:
+ . Re-implemented non-file related functionality. (Mike)
+ . Fixed bug #55544 (ob_gzhandler always conflicts with
zlib.output_compression).
+ (Mike)
02 Feb 2012, PHP 5.3.10
diff --combined ext/standard/link.c
index 4c65adc,cb42408..3832e70
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@@@ -47,6 -47,7 +47,6 @@@
#include <errno.h>
#include <ctype.h>
-#include "safe_mode.h"
#include "php_link.h"
#include "php_string.h"
@@@ -63,6 -64,14 +63,6 @@@ PHP_FUNCTION(readlink
return;
}
- if (strlen(link) != link_len) {
- RETURN_FALSE;
- }
-
- if (PG(safe_mode) && !php_checkuid(link, NULL,
CHECKUID_CHECK_FILE_AND_DIR)) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(link TSRMLS_CC)) {
RETURN_FALSE;
}
@@@ -85,20 -94,31 +85,31 @@@
PHP_FUNCTION(linkinfo)
{
char *link;
- int link_len;
+ char *dirname;
+ int link_len, dir_len;
struct stat sb;
int ret;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &link,
&link_len) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &link,
&link_len) == FAILURE) {
return;
}
+ dirname = estrndup(link, link_len);
+ dir_len = php_dirname(dirname, link_len);
+
+ if (php_check_open_basedir(dirname TSRMLS_CC)) {
+ efree(dirname);
+ RETURN_FALSE;
+ }
+
ret = VCWD_LSTAT(link, &sb);
if (ret == -1) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s",
strerror(errno));
+ efree(dirname);
RETURN_LONG(-1L);
}
+ efree(dirname);
RETURN_LONG((long) sb.st_dev);
}
/* }}} */
@@@ -115,9 -135,17 +126,9 @@@ PHP_FUNCTION(symlink
char dirname[MAXPATHLEN];
size_t len;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &topath,
&topath_len, &frompath, &frompath_len) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "pp", &topath,
&topath_len, &frompath, &frompath_len) == FAILURE) {
return;
}
-
- if (strlen(topath) != topath_len) {
- RETURN_FALSE;
- }
-
- if (strlen(frompath) != frompath_len) {
- RETURN_FALSE;
- }
if (!expand_filepath(frompath, source_p TSRMLS_CC)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or
directory");
@@@ -139,6 -167,14 +150,6 @@@
RETURN_FALSE;
}
- if (PG(safe_mode) && !php_checkuid(dest_p, NULL,
CHECKUID_CHECK_FILE_AND_DIR)) {
- RETURN_FALSE;
- }
-
- if (PG(safe_mode) && !php_checkuid(source_p, NULL,
CHECKUID_CHECK_FILE_AND_DIR)) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(dest_p TSRMLS_CC)) {
RETURN_FALSE;
}
@@@ -171,10 -207,18 +182,10 @@@ PHP_FUNCTION(link
char source_p[MAXPATHLEN];
char dest_p[MAXPATHLEN];
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &topath,
&topath_len, &frompath, &frompath_len) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "pp", &topath,
&topath_len, &frompath, &frompath_len) == FAILURE) {
return;
}
- if (strlen(topath) != topath_len) {
- RETURN_FALSE;
- }
-
- if (strlen(frompath) != frompath_len) {
- RETURN_FALSE;
- }
-
if (!expand_filepath(frompath, source_p TSRMLS_CC) ||
!expand_filepath(topath, dest_p TSRMLS_CC)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or
directory");
RETURN_FALSE;
@@@ -187,6 -231,14 +198,6 @@@
RETURN_FALSE;
}
- if (PG(safe_mode) && !php_checkuid(dest_p, NULL,
CHECKUID_CHECK_FILE_AND_DIR)) {
- RETURN_FALSE;
- }
-
- if (PG(safe_mode) && !php_checkuid(source_p, NULL,
CHECKUID_CHECK_FILE_AND_DIR)) {
- RETURN_FALSE;
- }
-
if (php_check_open_basedir(dest_p TSRMLS_CC)) {
RETURN_FALSE;
}--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
