PHP NEWS|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||17 Dec 2009, PHP 5.2.12- Added LIBXML_PARSEHUGE constant to overrides the maximum text size of a single text node when using libxml2.7.3+. (Kalle)- Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check. (Stas)- Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia)- Improved fix for bug #50006 (Segfault caused by uksort()). (Stas)- Fixed error_log() to be binary safe when using message_type 3. (Jani)- Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)- Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (Rasmus)- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (Rasmus)- Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)- Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe)- Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)- Updated timezone database to version 2009.19 (2009s). (Derick)- Changed "post_max_size" php.ini directive to allow unlimited post size by setting it to 0. (Rasmus)- Fixed bug #50445 (PDO-ODBC stored procedure call from Solaris 64-bit causes segfault). (davbrown4 at yahoo dot com, Felipe)- Fixed bug #50345 (nanosleep not detected properly on some solaris versions). (Jani)- Fixed bug #50323 (Allow use of ; in values via ;; in PDO DSN). (Ilia, Pierrick)- Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays). (Felipe)- Fixed bug #50282 (xmlrpc_encode_request() changes object into array in calling function). (Felipe)- Fixed bug #50266 (conflicting types for llabs). (Jani)- Fixed bug #50255 (isset() and empty() silently casts array to object). (Felipe)- Fixed bug #50219 (soap call Segmentation fault on a redirected url). (Pierrick)- Fixed bug #50209 (Compiling with libedit cannot find readline.h). (tcallawa at redhat dot com)- Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia)- Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia)- Fixed bug #50185 (ldap_get_entries() return false instead of an empty array when there is no error). (Jani)- Fixed bug #50174 (Incorrectly matched docComment). (Felipe)- Fixed bug #50168 (FastCGI fails with wrong error on HEAD request to non-existent file). (Dmitry)- Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe)- Fixed bug #50158 (FILTER_VALIDATE_EMAIL fails with valid addresses containing = or ?). (Pierrick)- Fixed bug #50073 (parse_url() incorrect when ? in fragment). (Ilia)- Fixed bug #50006 (Segfault caused by uksort()). (Felipe)- Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe)- Fixed bug #49990 (SNMP3 warning message about security level printed twice). (Jani)- Fixed bug #49985 (pdo_pgsql prepare() re-use previous aborted transaction). (ben dot pineau at gmail dot com, Ilia, Matteo) - Fixed bug #49972 (AppendIterator undefined function crash). (Johannes)- Fixed bug #49921 (Curl post upload functions changed). (Ilia)- Fixed bug #49855 (import_request_variables() always returns NULL). (Ilia, sjoerd at php dot net)- Fixed bug #49847 (exec() fails to return data inside 2nd parameter, given output lines >4095 bytes). (Ilia)- Fixed bug #49809 (time_sleep_until() is not available on OpenSolaris). (Jani)- Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (Moriyoshi, hello at iwamot dot com)- Fixed bug #49757 (long2ip() can return wrong value in a multi-threaded applications). (Ilia, Florian Anderiasch)- Fixed bug #49738 (calling mcrypt() after mcrypt_generic_deinit() crashes). (Sriram Natarajan)- Fixed bug #49719 (ReflectionClass::hasProperty returns true for a private property in base class). (Felipe)- Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)- Fixed bug #49677 (ini parser crashes with apache2 and using ${something} ini variables). (Jani)- Fixed bug #49660 (libxml 2.7.3+ limits text nodes to 10MB). (Felipe)- Fixed bug #49647 (DOMUserData does not exist). (Rob)- Fixed bug #49630 (imap_listscan() function missing). (Felipe)- Fixed bug #49627 (error_log to specified file does not log time according to date.timezone). (Dmitry)- Fixed bug #49578 (make install-pear fails). (Hannes)- Fixed bug #49536 (mb_detect_encoding() returns incorrect results when mbstring.strict_mode is turned on). (Moriyoshi)- Fixed bug #49531 (CURLOPT_INFILESIZE sometimes causes warning "CURLPROTO_FILE cannot be set"). (Felipe)- Fixed bug #49528 (UTF-16 strings prefixed by BOMs wrongly converted). (Moriyoshi)- Fixed bug #49521 (PDO fetchObject sets values before calling constructor). (Pierrick)- Fixed bug #49517 (cURL's CURLOPT_FILE prevents file from being deleted after fclose()). (Ilia)- Fixed bug #49472 (Constants defined in Interfaces can be overridden). (Felipe)- Fixed bug #49354 (mb_strcut() cuts wrong length when offset is in the middle of a multibyte character). (Moriyoshi)- Fixed bug #49332 (Build error with Snow Leopard). (Scott)- Fixed bug #49244 (Floating point NaN cause garbage characters). (Sjoerd)- Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe)- Fixed bug #49098 (mysqli segfault on error). (Rasmus)- Fixed bug #48805 (IPv6 socket transport is not working). (Ilia)- Fixed bug #48764 (PDO_pgsql::query() always uses implicit prepared statements if v3 proto available). (Matteo, Mark Kirkwood)- Fixed bug #47848 (importNode doesn't preserve attribute namespaces). (Rob)- Fixed bug #45120 (PDOStatement->execute() returns true then false for same statement). (Pierrick)- Fixed bug #34852 (Failure in odbc_exec() using oracle-supplied odbc driver). (tim dot tassonis at trivadis dot com)17 Sep 2009, PHP 5.2.11- Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)- Updated timezone database to version 2009.13 (2009m) (Derick)- Added missing sanity checks around exif processing. (Ilia)- Fixed sanity check for the color index in imagecolortransparent. (Pierre)- Fixed zlib.deflate compress filter to actually accept level parameter. (Jani)- Fixed leak on error in popen/exec (and related functions) on Windows. (Pierre)- Fixed regression in cURL extension that prevented flush of data to output defined as a file handle. (Ilia)- Fixed memory leak in stream_is_local(). (Felipe, Tony)- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia)- Fixed bug #49447 (php engine needs to correctly check for socket API return status on windows). (Sriram Natarajan)- Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre)- Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries). (Ilia, code-it at mail dot ru)- Fixed bug #49289 (bcmath module doesn't compile with phpize configure). (Jani)- Fixed bug #49286 (php://input (php_stream_input_read) is broken). (Jani)- Fixed bug #49269 (Ternary operator fails on Iterator object when used inside foreach declaration). (Etienne, Dmitry)- Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani)- Fixed bug #49144 (Import of schema from different host transmits original authentication details). (Dmitry)- Fixed bug #49132 (posix_times returns false without error). (phpbugs at gunnu dot us)- Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu)- Fixed bug #49095 (proc_get_status['exitcode'] fails on win32). (Felipe)- Fixed bug #49074 (private class static fields can be modified by using reflection). (Jani)- Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre)- Fixed bug #49052 (context option headers freed too early when using --with-curlwrappers). (Jani)- Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference). (Jani)- Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars restrictions). (Ilia)- Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes when including files from function). (Stas)- Fixed bug #48994 (zlib.output_compression does not output HTTP headers when set to a string value). (Jani)- Fixed bug #48980 (Crash when compiling with pdo_firebird). (Felipe)- Fixed bug #48962 (cURL does not upload files with specified filename). (Ilia)- Fixed bug #48929 (Double \r\n after HTTP headers when "header" context option is an array). (David Zlke)- Fixed bug #48913 (Too long error code strings in pdo_odbc driver). (naf at altlinux dot ru, Felipe)- Fixed bug #48802 (printf() returns incorrect outputted length). (Jani)- Fixed bug #48801 (Problem with imagettfbbox). (Takeshi Abe)- Fixed bug #48788 (RecursiveDirectoryIterator doesn't descend into symlinked directories). (Ilia)- Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()). (Sriram Natarajan)- Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at gmail dot com, Pierre)- Fixed bug #48762 (IPv6 address filter still rejects valid address). (Felipe)- Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on files that have been opened with r+). (Ilia)- Fixed bug #48732 (TTF Bounding box wrong for letters below baseline). (Takeshi Abe)- Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia)- Fixed bug #48709 (metaphone and 'wh'). (brettz9 at yahoo dot com, Felipe)- Fixed bug #48697 (mb_internal_encoding() value gets reset by parse_str()). (Moriyoshi)- Fixed bug #48696 (ldap_read() segfaults with invalid parameters). (Felipe)- Fixed bug #48693 (Double declaration of __lambda_func when lambda wrongly formatted). (peter at lvp-media dot com, Felipe)- Fixed bug #48661 (phpize is broken with non-bash shells). (Jani)- Fixed bug #48645 (mb_convert_encoding() doesn't understand hexadecimal html-entities). (Moriyoshi)- Fixed bug #48637 ("file" fopen wrapper is overwritten when using --with-curlwrappers). (Jani)- Fixed bug #48636 (Error compiling of ext/date on netware). (guenter at php.net, Ilia)- Fixed bug #48629 (get_defined_constants() ignores categorize parameter). (Felipe)- Fixed bug #48619 (imap_search ALL segfaults). (Pierre)- Fixed bug #48608 (Invalid libreadline version not detected during configure). (Jani)- Fixed bug #48555 (ImageFTBBox() differs from previous versions for texts with new lines) (Takeshi Abe)- Fixed bug #48539 (pdo_dblib fails to connect, throws empty PDOException "SQLSTATE[] (null)"). (Felipe)- Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using TMPDIR). (Ilia)- Fixed bug #48450 (Compile failure under IRIX 6.5.30 building gd.c). (Kalle)- Fixed bug #48400 (imap crashes when closing stream opened with OP_PROTOTYPE flag). (Jani)- Fixed bug #48284 (hash "adler32" byte order is reversed). (Scott)- Fixed bug #48276 (date("Y") on big endian machines produces the wrong result). (Scott)- Fixed bug #48247 (Infinite loop and possible crash during startup with errors when errors are logged). (Jani)- Fixed bug #48182 (ssl handshake fails during asynchronous socket connection). (Sriram Natarajan)- Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre, Al dot Smith at aeschi dot ch dot eu dot org)- Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo)- Fixed bug #48057 (Only the date fields of the first row are fetched, others are empty). (info at programmiernutte dot net)- Fixed bug #47481 (natcasesort() does not sort extended ASCII characters correctly). (Herman Radtke)- Fixed bug #47351 (Memory leak in DateTime). (Derick, Tobias John)- Fixed bug #47273 (Encoding bug in SoapServer->fault). (Dmitry)- Fixed bug #46020 (with Sun Java System Web Server 7.0 on HPUX, #define HPUX). (Uwe Schindler)- Fixed bug #45905 (imagefilledrectangle() clipping error). (markril at hotmail dot com, Pierre)- Fixed bug #45280 (Reflection of instantiated COM classes causes PHP to crash). (Paul Richards, Kalle)- Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia)- Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)- Fixed bug #44144 (spl_autoload_functions() should return object instance when appropriate). (Hannes, Etienne)- Fixed bug #43510 (stream_get_meta_data() does not return same mode as used in fopen). (Jani)- Fixed bug #42434 (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot com, Kalle)- Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett)- Fixed bug #49572 (use of C++ style comments causes build failure). (Sriram Natarajan)17 Jun 2009, PHP 5.2.10- Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara)- Added new CURL options CURLOPT_REDIR_PROTOCOLS, CURLOPT_PROTOCOLS, and CURLPROTO_* for redirect fixes in CURL 7.19.4. (Yoram Bar Haim, Stas)- Added support for Sun CC (FR #46595 and FR #46513). (David Soria Parra)- Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)- Fixed memory corruptions while reading properties of zip files. (Ilia)- Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)- Fixed segfault on invalid session.save_path. (Hannes)- Fixed leaks in imap when a mail_criteria is used. (Pierre)- Fixed missing erealloc() in fix for Bug #40091 in spl_autoload_register. (Greg)- Fixed bug #48562 (Reference recursion causes segfault when used in wddx_serialize_vars()). (Felipe)- Fixed bug #48557 (Numeric string keys in Apache Hashmaps are not cast to integers). (David Zuelke)- Fixed bug #48518 (curl crashes when writing into invalid file handle). (Tony)- Fixed bug #48514 (cURL extension uses same resource name for simple and multi APIs). (Felipe)- Fixed bug #48469 (ldap_get_entries() leaks memory on empty search results). (Patrick)- Fixed bug #48456 (CPPFLAGS not restored properly in phpize.m4). (Jani, spisek at kerio dot com)- Fixed bug #48448 (Compile failure under IRIX 6.5.30 building cast.c). (Kalle)- Fixed bug #48441 (ldap_search() sizelimit, timelimit and deref options persist). (Patrick)- Fixed bug #48434 (Improve memory_get_usage() accuracy). (Arnaud)- Fixed bug #48416 (Force a cache limit in ereg() to stop excessive memory usage). (Scott)- Fixed bug #48409 (Crash when exception is thrown while passing function arguments). (Arnaud)- Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)- Fixed bug #48359 (Script hangs on snmprealwalk if OID is not increasing). (Ilia, simonov at gmail dot com)- Fixed bug #48336 (ReflectionProperty::getDeclaringClass() does not work with redeclared property). (patch by Markus dot Lidel at shadowconnect dot com)- Fixed bug #48326 (constant MSG_DONTWAIT not defined). (Arnaud)- Fixed bug #48313 (fgetcsv() does not return null for empty rows). (Ilia)- Fixed bug #48309 (stream_copy_to_stream() and fpasstru() do not update stream position of plain files). (Arnaud)- Fixed bug #48307 (stream_copy_to_stream() copies 0 bytes when $source is a socket). (Arnaud)- Fixed bug #48273 (snmp*_real_walk() returns SNMP errors as values). (Ilia, lytboris at gmail dot com)- Fixed bug #48256 (Crash due to double-linking of history.o). (tstarling at wikimedia dot org)- Fixed bug #48248 (SIGSEGV when access to private property via &__get). (Felipe)- Fixed bug #48247 (Crash on errors during startup). (Stas)- Fixed bug #48240 (DBA Segmentation fault dba_nextkey). (Felipe)- Fixed bug #48224 (Incorrect shuffle in array_rand). (Etienne)- Fixed bug #48221 (memory leak when passing invalid xslt parameter). (Felipe)- Fixed bug #48207 (CURLOPT_(FILE|WRITEHEADER options do not error out when working with a non-writable stream). (Ilia)- Fixed bug #48206 (Iterating over an invalid data structure with RecursiveIteratorIterator leads to a segfault). (Scott)- Fixed bug #48204 (xmlwriter_open_uri() does not emit warnings on invalid paths). (Ilia)- Fixed bug #48203 (Crash when CURLOPT_STDERR is set to regular file). (Jani)- Fixed bug #48202 (Out of Memory error message when passing invalid file path) (Pierre)- Fixed bug #48156 (Added support for lcov v1.7). (Ilia)- Fixed bug #48132 (configure check for curl ssl support fails with --disable-rpath). (Jani)- Fixed bug #48131 (Don't try to bind ipv4 addresses to ipv6 ips via bindto). (Ilia)- Fixed bug #48070 (PDO_OCI: Segfault when using persistent connection). (Pierre, Matteo, jarismar dot php at gmail dot com)- Fixed bug #48058 (Year formatter goes wrong with out-of-int range). (Derick)- Fixed bug #48038 (odbc_execute changes variables used to form params array). (Felipe)- Fixed bug #47997 (stream_copy_to_stream returns 1 on empty streams). (Arnaud)- Fixed bug #47991 (SSL streams fail if error stack contains items). (Mikko)- Fixed bug #47981 (error handler not called regardless). (Hannes)- Fixed bug #47969 (ezmlm_hash() returns different values depend on OS). (Ilia)- Fixed bug #47946 (ImageConvolution overwrites background). (Ilia)- Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)- Fixed bug #47937 (system() calls sapi_flush() regardless of output buffering). (Ilia)- Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe)- Fixed bug #47893 (CLI aborts on non blocking stdout). (Arnaud)- Fixed bug #47849 (Non-deep import loses the namespace). (Rob)- Fixed bug #47845 (PDO_Firebird omits first row from query). (Lars W)- Fixed bug #47836 (array operator [] inconsistency when the array has PHP_INT_MAX index value). (Matt)- Fixed bug #47831 (Compile warning for strnlen() in main/spprintf.c). (Ilia, rainer dot jung at kippdata dot de)- Fixed bug #47828 (openssl_x509_parse() segfaults when a UTF-8 conversion fails). (Scott, Kees Cook, Pierre)- Fixed bug #47818 (Segfault due to bound callback param). (Felipe)- Fixed bug #47801 (__call() accessed via parent:: operator is provided incorrect method name). (Felipe)- Fixed bug #47769 (Strange extends PDO). (Felipe)- Fixed bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer). (Dmitry)- Fixed bug #47721 (Alignment issues in mbstring and sysvshm extension). (crrodriguez at opensuse dot org, Ilia)- Fixed bug #47704 (PHP crashes on some "bad" operations with string offsets). (Dmitry)- Fixed bug #47695 (build error when xmlrpc and iconv are compiled against different iconv versions). (Scott)- Fixed bug #47667 (ZipArchive::OVERWRITE seems to have no effect). (Mikko, Pierre)- Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)- Fixed bug #47639 (pg_copy_from() WARNING: nonstandard use of \\ in a string literal). (Ilia)- Fixed bug #47616 (curl keeps crashing). (Felipe)- Fixed bug #47598 (FILTER_VALIDATE_EMAIL is locale aware). (Ilia)- Fixed bug #47566 (pcntl_wexitstatus() returns signed status). (patch by james at jamesreno dot com)- Fixed bug #47564 (unpacking unsigned long 32bit bit endian returns wrong result). (Ilia)- Fixed bug #47487 (performance degraded when reading large chunks after fix of bug #44607). (Arnaud)- Fixed bug #47468 (enable cli|cgi-only extensions for embed sapi). (Jani)- Fixed bug #47435 (FILTER_FLAG_NO_PRIV_RANGE does not work with ipv6 addresses in the filter extension). (Ilia)- Fixed bug #47430 (Errors after writing to nodeValue parameter of an absent previousSibling). (Rob)- Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems). (Ilia)- Fixed bug #47254 (Wrong Reflection for extends class). (Felipe)- Fixed bug #47042 (cgi sapi is incorrectly removing SCRIPT_FILENAME). (Sriram Natarajan, David Soria Parra)- Fixed bug #46882 (Serialize / Unserialize misbehaviour under OS with different bit numbers). (Matt)- Fixed bug #46812 (get_class_vars() does not include visible private variable looking at subclass). (Arnaud)- Fixed bug #46386 (Digest authentication with SOAP module fails against MSSQL SOAP services). (Ilia, lordelph at gmail dot com)- Fixed bug #46109 (Memory leak when mysqli::init() is called multiple times). (Andrey)- Fixed bug #45997 (safe_mode bypass with exec/system/passthru (windows only)). (Pierre)- Fixed bug #45877 (Array key '2147483647' left as string). (Matt)- Fixed bug #45822 (Near infinite-loops while parsing huge relative offsets). (Derick, Mike Sullivan)- Fixed bug #45799 (imagepng() crashes on empty image). (Martin McNickle, Takeshi Abe)- Fixed bug #45622 (isset($arrayObject->p) misbehaves with ArrayObject::ARRAY_AS_PROPS set). (robin_fernandes at uk dot ibm dot com, Arnaud)- Fixed bug #45614 (ArrayIterator::current(), ::key() can show 1st private prop of wrapped object). (robin_fernandes at uk dot ibm dot com, Arnaud)- Fixed bug #45540 (stream_context_create creates bad http request). (Arnaud)- Fixed bug #45202 (zlib.output_compression can not be set with ini_set()). (Jani)- Fixed bug #45191 (error_log ignores date.timezone php.ini val when setting logging timestamps). (Derick)- Fixed bug #45092 (header HTTP context option not being used when compiled using --with-curlwrappers). (Jani)- Fixed bug #44996 (xmlrpc_decode() ignores time zone on iso8601.datetime). (Ilia, kawai at apache dot org) - Fixed bug #44827 (define() is missing error checks for class constants). (Ilia)- Fixed bug #44214 (Crash using preg_replace_callback() and global variables). (Nuno, Scott)- Fixed bug #43073 (TrueType bounding box is wrong for angle0). (Martin McNickle)- Fixed bug #42663 (gzinflate() try to allocate all memory with truncated data). (Arnaud)- Fixed bug #42414 (some odbc_*() functions incompatible with Oracle ODBC driver). (jhml at gmx dot net)- Fixed bug #42362 (HTTP status codes 204 and 304 should not be gzipped). (Scott, Edward Z. Yang)- Fixed bug #42143 (The constant NAN is reported as 0 on Windows) (Kanwaljeet Singla, Venkat Raman Don)- Fixed bug #38805 (PDO truncates text from SQL Server text data type field). (Steph)26 Feb 2009, PHP 5.2.9- Changed __call() to be invoked on private/protected method access, similar to properties and __get(). (Andrei)- Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei)- Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)- Fixed error conditions handling in stream_filter_append(). (Arnaud)- Fixed zip filename property read. (Pierre)- Fixed explode() behavior with empty string to respect negative limit. (Shire)- Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott)- Fixed a segfault when malformed string is passed to json_decode(). (Scott)- Fixed bug in xml_error_string() which resulted in messages being off by one. (Scott)- Fixed bug #47422 (modulus operator returns incorrect results on 64 bit linux). (Matt)- Fixed bug #47399 (mb_check_encoding() returns true for some illegal SJIS characters). (for-bugs at hnw dot jp, Moriyoshi)- Fixed bug #47353 (crash when creating a lot of objects in object destructor). (Tony)- Fixed bug #47322 (sscanf %d doesn't work). (Felipe)- Fixed bug #47282 (FILTER_VALIDATE_EMAIL is marking valid email addresses as invalid). (Ilia)- Fixed bug #47220 (segfault in dom_document_parser in recovery mode). (Rob)- Fixed bug #47217 (content-type is not set properly for file uploads). (Ilia)- Fixed bug #47174 (base64_decode() interprets pad char in mid string as terminator). (Ilia)- Fixed bug #47165 (Possible memory corruption when passing return value by reference). (Dmitry)- Fixed bug #47152 (gzseek/fseek using SEEK_END produces strange results). (Felipe)- Fixed bug #47131 (SOAP Extension ignores "user_agent" ini setting). (Ilia)- Fixed bug #47109 (Memory leak on $a->{"a"."b"} when $a is not an object). (Etienne, Dmitry)- Fixed bug #47104 (Linking shared extensions fails with icc). (Jani)- Fixed bug #47049 (SoapClient::__soapCall causes a segmentation fault). (Dmitry)- Fixed bug #47048 (Segfault with new pg_meta_data). (Felipe)- Fixed bug #47042 (PHP cgi sapi is removing SCRIPT_FILENAME for non apache). (Sriram Natarajan)- Fixed bug #47037 (No error when using fopen with empty string). (Cristian Rodriguez R., Felipe)- Fixed bug #47035 (dns_get_record returns a garbage byte at the end of a TXT record). (Felipe)- Fixed bug #47027 (var_export doesn't show numeric indices on ArrayObject). (Derick)- Fixed bug #46985 (OVERWRITE and binary mode does not work, regression introduced in 5.2.8). (Pierre)- Fixed bug #46973 (IPv6 address filter rejects valid address). (Felipe)- Fixed bug #46964 (Fixed pdo_mysql build with older version of MySQL). (Ilia)- Fixed bug #46959 (Unable to disable PCRE). (Scott)- Fixed bug #46918 (imap_rfc822_parse_adrlist host part not filled in correctly). (Felipe)- Fixed bug #46889 (Memory leak in strtotime()). (Derick)- Fixed bug #46887 (Invalid calls to php_error_docref()). (oeriksson at mandriva dot com, Ilia)- Fixed bug #46873 (extract($foo) crashes if $foo['foo'] exists). (Arnaud)- Fixed bug #46843 (CP936 euro symbol is not converted properly). (ty_c at cybozuy dot co dot jp, Moriyoshi)- Fixed bug #46798 (Crash in mssql extension when retrieving a NULL value inside a binary or image column type). (Ilia)- Fixed bug #46782 (fastcgi.c parse error). (Matt)- Fixed bug #46760 (SoapClient doRequest fails when proxy is used). (Felipe)- Fixed bug #46748 (Segfault when an SSL error has more than one error). (Scott)- Fixed bug #46739 (array returned by curl_getinfo should contain content_type key). (Mikko)- Fixed bug #46699 (xml_parse crash when parser is namespace aware). (Rob)- Fixed bug #46419 (Elements of associative arrays with NULL value are lost). (Dmitry)- Fixed bug #46282 (Corrupt DBF When Using DATE). (arne at bukkie dot nl)- Fixed bug #46026 (bz2.decompress/zlib.inflate filter tries to decompress after end of stream). (Greg)- Fixed bug #46005 (User not consistently logged under Apache2). (admorten at umich dot edu, Stas)- Fixed bug #45996 (libxml2 2.7 causes breakage with character data in xml_parse()). (Rob)- Fixed bug #45940 (MySQLI OO does not populate connect_error property on failed connect). (Johannes)- Fixed bug #45923 (mb_st[r]ripos() offset not handled correctly). (Moriyoshi)- Fixed bug #45327 (memory leak if offsetGet throws exception). (Greg)- Fixed bug #45239 (Encoding detector hangs with mbstring.strict_detection enabled). (Moriyoshi)- Fixed bug #45161 (Reusing a curl handle leaks memory). (Mark Karpeles, Jani)- Fixed bug #44336 (Improve pcre UTF-8 string matching performance). (frode at coretrek dot com, Nuno)- Fixed bug #43841 (mb_strrpos() offset is byte count for negative values). (Moriyoshi)- Fixed bug #37209 (mssql_execute with non fatal errors). (Kalle)- Fixed bug #35975 (Session cookie expires date format isn't the most compatible. Now matches that of setcookie()). (Scott)08 Dec 2008, PHP 5.2.8- Reverted bug fix #42718 that broke magic_quotes_gpc (Scott)04 Dec 2008, PHP 5.2.7- Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371). (Ilia)- Updated timezone database to version 2008.9. (Derick)- Upgraded bundled libzip to 0.9.0. (Pierre)- Added logging option for error_log to send directly to SAPI. (Stas)- Added PHP_MAJOR_VERSION, PHP_MINOR_VERSION, PHP_RELEASE_VERSION, PHP_EXTRA_VERSION, PHP_VERSION_ID, PHP_ZTS and PHP_DEBUG constants. (Pierre)- Added "PHP_INI_SCAN_DIR" environment variable which can be used to either disable or change the compile time ini scan directory (FR #45114). (Jani)- Reverted fix for bug #44197 due to behaviour change in minor version. (Felipe)- Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz. (Stas)- Fixed memory leak inside sqlite_create_aggregate(). (Felipe)- Fixed memory leak inside PDO sqlite's sqliteCreateAggregate() method. (Felipe)- Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). (Pierre)- Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). (LaurentGaffie)- Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz. (Stas)- Fixed memory leak inside readline_callback_handler_remove() function. (Felipe)- Fixed sybase_fetch_*() to continue reading after CS_ROW_FAIL status (Timm)- Fixed a bug inside dba_replace() that could cause file truncation withinvalid keys. (Ilia)- Fixed memory leak inside readline_callback_handler_install() function.(Ilia)- Fixed memory leak inside readline_completion_function() function. (Felipe) - Fixed stream_get_contents() when using $maxlength and socket is notclosed. indeyets [at] php [dot] net on #46049. (Arnaud)- Fixed stream_get_line() to behave as documented on non-blocking streams. (Arnaud)- Fixed endless loop in PDOStatement::debugDumpParams(). (jonah.harris at gmail dot com)- Fixed ability to use "internal" heaps in extensions. (Arnaud, Dmitry)- Fixed weekdays adding/subtracting algorithm. (Derick)- Fixed some ambiguities in the date parser. (Derick)- Fixed a bug with the YYYY-MM format not resetting the day correctly. (Derick)- Fixed a bug in the DateTime->modify() methods, it would not use the advanced relative time strings. (Derick)- Fixed extraction of zip files or directories when the entry name is a relative path. (Pierre)- Fixed read or write errors for large zip archives. (Pierre)- Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666. (Christian Hoffmann)- Fixed simplexml asXML() not to lose encoding when dumping entire document to file. (Ilia)- Fixed a crash inside PDO when trying instantiate PDORow manually. (Felipe)- Fixed build failure of ext/mysqli with libmysql 6.0 - missing rplfunctions. (Andrey)- Fixed a regression when using strip_tags() and < is within an attribute.(Scott)- Fixed a crash on invalid method in ReflectionParameter constructor. (Christian Seiler)- Fixed bug #46732 (mktime.year description is wrong). (Derick)- Fixed bug #46696 (cURL fails in upload files with specified content-type). (Ilia)- Fixed bug #46673 (stream_lock call with wrong parameter). (Arnaud)- Fixed bug #46649 (Setting array element with that same array produces inconsistent results). (Arnaud)- Fixed bug #46626 (mb_convert_case does not handle apostrophe correctly). (Ilia)- Fixed bug #46543 (ibase_trans() memory leaks when using wrong parameters). (Felipe)- Fixed bug #46521 (Curl ZTS OpenSSL, error in config.m4 fragment). (jd at cpanel dot net)- Fixed bug #46496 (wddx_serialize treats input as ISO-8859-1). (Mark Karpeles)- Fixed bug #46427 (SoapClient() stumbles over its "stream_context" parameter). (Dmitry, Herman Radtke)- Fixed bug #46426 (offset parameter of stream_get_contents() does not workfor "0"). (Felipe)- Fixed bug #46406 (Unregistering nodeclass throws E_FATAL). (Rob)- Fixed bug #46389 (NetWare needs small patch for _timezone). (patch by guenter@php.net)- Fixed bug #46388 (stream_notification_callback inside of object destroys object variables). (Felipe)- Fixed bug #46381 (wrong $this passed to internal methods causes segfault). (Tony)- Fixed bug #46379 (Infinite loop when parsing '#' in one line file). (Arnaud)- Fixed bug #46366 (bad cwd with / as pathinfo). (Dmitry)- Fixed bug #46360 (TCP_NODELAY constant for socket_{get,set}_option). (bugs at trick dot vanstaveren dot us)- Fixed bug #46343 (IPv6 address filter accepts invalid address). (Ilia)- Fixed bug #46335 (DOMText::splitText doesn't handle multibyte characters). (Rob)- Fixed bug #46323 (compilation of simplexml for NetWare breaks). (Patch by guenter [at] php [dot] net)- Fixed bug #46319 (PHP sets default Content-Type header for HTTP 304 response code, in cgi sapi). (Ilia)- Fixed bug #46313 (Magic quotes broke $_FILES). (Arnaud)- Fixed bug #46308 (Invalid write when changing property from inside getter). (Dmitry)- Fixed bug #46292 (PDO::setFetchMode() shouldn't requires the 2nd arg when using FETCH_CLASSTYPE). (Felipe)- Fixed bug #46274, #46249 (pdo_pgsql always fill in NULL for empty BLOB and segfaults when returned by SELECT). (Felipe)- Fixed bug #46271 (local_cert option is not resolved to full path). (Ilia)- Fixed bug #46247 (ibase_set_event_handler() is allowing to pass callback without event). (Felipe)- Fixed bug #46246 (difference between call_user_func(array($this, $method)) and $this->$method()). (Dmitry)- Fixed bug #46222 (ArrayObject EG(uninitialized_var_ptr) overwrite). (Etienne)- Fixed bug #46215 (json_encode mutates its parameter and has some class-specific state). (Felipe)- Fixed bug #46206 (pg_query_params/pg_execute convert passed values to strings). (Ilia)- Fixed bug #46191 (BC break: DOMDocument saveXML() doesn't accept null). (Rob)- Fixed bug #46164 (stream_filter_remove() closes the stream). (Arnaud)- Fixed bug #46157 (PDOStatement::fetchObject prototype error). (Felipe)- Fixed bug #46147 (after stream seek, appending stream filter reads incorrect data). (Greg)- Fixed bug #46139 (PDOStatement->setFetchMode() forgets FETCH_PROPS_LATE). (chsc at peytz dot dk, Felipe)- Fixed bug #46127 (php_openssl_tcp_sockop_accept forgets to set context on accepted stream) (Mark Karpeles, Pierre)- Fixed bug #46110 (XMLWriter - openmemory() and openuri() leak memory on multiple calls). (Ilia)- Fixed bug #46088 (RegexIterator::accept - segfault). (Felipe)- Fixed bug #46082 (stream_set_blocking() can cause a crash in some circumstances). (Felipe)- Fixed bug #46064 (Exception when creating ReflectionProperty object on dynamicly created property). (Felipe)- Fixed bug #46059 (Compile failure under IRIX 6.5.30 building posix.c). (Arnaud)- Fixed bug #46053 (SplFileObject::seek - Endless loop). (Arnaud)- Fixed bug #46051 (SplFileInfo::openFile - memory overlap). (Arnaud)- Fixed bug #46047 (SimpleXML converts empty nodes into object with nested array). (Rob)- Fixed bug #46031 (Segfault in AppendIterator::next). (Arnaud)- Fixed bug #46029 (Segfault in DOMText when using with Reflection). (Rob)- Fixed bug #46026 (bzip2.decompress/zlib.inflate filter tries to decompress after end of stream). (Keisial at gmail dot com, Greg)- Fixed bug #46024 (stream_select() doesn't return the correct number). (Arnaud)- Fixed bug #46010 (warnings incorrectly generated for iv in ecb mode). (Felipe)- Fixed bug #46003 (isset on nonexisting node return unexpected results). (Rob)- Fixed bug #45956 (parse_ini_file() does not return false with syntax errors in parsed file). (Jani)- Fixed bug #45901 (wddx_serialize_value crash with SimpleXMLElement object). (Rob)- Fixed bug #45862 (get_class_vars is inconsistent with 'protected' and 'private' variables). (ilewis at uk dot ibm dot com, Felipe)- Fixed bug #45860 (header() function fails to correctly replace all Status lines). (Dmitry)- Fixed bug #45805 (Crash on throwing exception from error handler). (Dmitry)- Fixed bug #45765 (ReflectionObject with default parameters of self::xxx cause an error). (Felipe)- Fixed bug #45751 (Using auto_prepend_file crashes (out of scope stack address use)). (basant dot kukreja at sun dot com) - Fixed bug #45722 (mb_check_encoding() crashes). (Moriyoshi)- Fixed bug #45705 (rfc822_parse_adrlist() modifies passed address parameter). (Jani)- Fixed bug #45691 (Some per-dir or runtime settings may leak into other requests). (Moriyoshi)- Fixed bug #45581 (htmlspecialchars() double encoding hex items). (Arnaud)- Fixed bug #45580 (levenshtein() crashes with invalid argument). (Ilia)- Fixed bug #45575 (Segfault with invalid non-string as event handler callback). (Christian Seiler)- Fixed bug #45568 (ISAPI doesn't properly clear auth_digest in header). (Patch by: navara at emclient dot com)- Fixed bug #45556 (Return value from callback isn't freed). (Felipe)- Fixed bug #45555 (Segfault with invalid non-string as register_introspection_callback). (Christian Seiler)- Fixed bug #45553 (Using XPath to return values for attributes with a namespace does not work). (Rob)- Fixed bug #45529 (new DateTimeZone() and date_create()->getTimezone() behave different). (Derick)- Fixed bug #45522 (FCGI_GET_VALUES request does not return supplied values). (Arnaud)- Fixed bug #45486 (mb_send_mail(); header 'Content-Type: text/plain; charset=' parsing incorrect). (Felipe)- Fixed bug #45485 (strip_tags and fd casts broken in 64-bit build) (stotty at tvnet dot hu)08 Nov 2007, PHP 5.2.5- Upgraded PCRE to version 7.3 (Nuno)- Added optional parameter $provide_object to debug_backtrace(). (Sebastian)- Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre)- Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. (Dmitry)- Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc(). (Dmitry)- Fixed move_uploaded_file() to always set file permissions of resulting file according to UMASK. (Andrew Sitnikov)- Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf)- Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing '*'. (Ilia)- Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications - reported by SecurityReason. (Stas)- Fixed PDO crash when driver returns empty LOB stream. (Stas)- Fixed dl() to only accept filenames - reported by Laurent Gaffie. (Stas)- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). (Christian Hoffmann)- Fixed iconv_*() functions to limit argument sizes as workaround to libc bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas)- Fixed missing brackets leading to build warning and error in the log. Win32 code. (Andrey)- Fixed leaks with multiple connects on one mysqli object. (Andrey)- Fixed endianness detection on MacOS when building universal binary. (Uwe Schindler, Christian Speich, Tony)- Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie. (Ilia)- Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre)- Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. (Stas)- Fixed bug #43196 (array_intersect_assoc() crashes with non-array input). (Jani)- Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()). (Ilia)- Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani)- Fixed bug #43130 (Bound parameters cannot have - in their name). (Ilia)- Fixed bug #43099 (XMLWriter::endElement() does not check # of params). (Ilia)- Fixed bug #43020 (Warning message is missing with shuffle() and more than one argument). (Scott)- Fixed bug #42976 (Crash when constructor for newInstance() or newInstanceArgs() fails) (Ilia)- Fixed bug #42943 (ext/mssql: Move *timeout initialization from RINIT to connect time). (Ilia)- Fixed bug #42917 (PDO::FETCH_KEY_PAIR doesn't work with setFetchMode). (Ilia)- Fixed bug #42890 (Constant "LIST" defined by mysqlclient and c-client). (Andrey)- Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms). (Ilia)- Fixed bug #42818 ($foo = clone(array()); leaks memory). (Dmitry)- Fixed bug #42817 (clone() on a non-object does not result in a fatal error). (Ilia)- Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax). (Ilia)- Fixed bug #42783 (pg_insert() does not accept an empty list for insertion). (Ilia)- Fixed bug #42773 (WSDL error causes HTTP 500 Response). (Dmitry)- Fixed bug #42772 (Storing $this in a static var fails while handling a cast to string). (Dmitry)- Fixed bug #42767 (highlight_string() truncates trailing comment). (Ilia)- Fixed bug #42739 (mkdir() doesn't like a trailing slash when safe_mode is enabled). (Ilia)- Fixed bug #42703 (Exception raised in an iterator::current() causes segfault in FilterIterator) (Marcus)- Fixed bug #42699 (PHP_SELF duplicates path). (Dmitry)- Fixed bug #42654 (RecursiveIteratorIterator modifies only part of leaves) (Marcus)- Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia)- Fixed bug #42637 (SoapFault : Only http and https are allowed). (Bill Moran)- Fixed bug #42629 (Dynamically loaded PHP extensions need symbols exported on MacOSX). (jdolecek at NetBSD dot org)- Fixed bug #42627 (bz2 extension fails to build with -fno-common). (dolecek at netbsd dot org)- Fixed Bug #42596 (session.save_path MODE option does not work). (Ilia)- Fixed bug #42590 (Make the engine recognize \v and \f escape sequences). (Ilia)- Fixed bug #42587 (behavior change regarding symlinked .php files). (Dmitry)- Fixed bug #42579 (apache_reset_timeout() does not exist). (Jani)- Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23). (Scott)- Fixed bug #42523 (PHP_SELF duplicates path). (Dmitry)- Fixed bug #42512 (ip2long('255.255.255.255') should return 4294967295 on 64-bit PHP). (Derick)- Fixed bug #42506 (php_pgsql_convert() timezone parse bug) (nonunnet at gmail dot com, Ilia)- Fixed bug #42496 (OCI8 cursor is not closed when using 2 clobs in a select query). (Oracle Corp.)- Fixed bug #42462 (Segmentation when trying to set an attribute in a DOMElement). (Rob)- Fixed bug #42453 (CGI SAPI does not shut down cleanly with -i/-m/-v cmdline options). (Dmitry)- Fixed bug #42452 (PDO classes do not expose Reflection API information). (Hannes)- Fixed bug #42468 (Write lock on file_get_contents fails when using a compression stream). (Ilia)- Fixed bug #42488 (SoapServer reports an encoding error and the error itself breaks). (Dmitry)- Fixed bug #42378 (mysqli_stmt_bind_result memory exhaustion). (Andrey)- Fixed bug #42359 (xsd:list type not parsed). (Dmitry)- Fixed bug #42326 (SoapServer crash). (Dmitry)- Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry)- Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime values). (Ilia)- Fixed bug #42139 (XMLReader option constants are broken using XML()). (Rob)- Fixed bug #42086 (SoapServer return Procedure '' not present for WSIBasic compliant wsdl). (Dmitry)- Fixed bug #41822 (Relative includes broken when getcwd() fails). (Ab5602, Jani)- Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()). (Stas, Jani)- Fixed bug #39651 (proc_open() append mode doesn't work on windows). (Nuno)30 Aug 2007, PHP 5.2.4- Removed --enable-versioning configure option. (Jani)- Upgraded PCRE to version 7.2 (Nuno)- Updated timezone database to version 2007.6. (Derick)- Improved openssl_x509_parse() to return extensions in readable form. (Dmitry)- Enabled changing the size of statement cache for non-persistent OCI8 connections. (Chris Jones, Tony)- Changed "display_errors" php.ini option to accept "stderr" as value which makes the error messages to be outputted to STDERR instead of STDOUT with CGI and CLI SAPIs (FR #22839). (Jani)- Changed error handler to send HTTP 500 instead of blank page on PHP errors. (Dmitry, Andrei Nigmatulin)- Changed mail() function to be always available. (Johannes)- Added check for unknown options passed to configure. (Jani)- Added persistent connection status checker to pdo_pgsql. (Elvis Pranskevichus, Ilia)- Added support for ATTR_TIMEOUT inside pdo_pgsql driver. (Ilia)- Added php_ini_loaded_file() function which returns the path to the actual php.ini in use. (Jani)- Added GD version constants GD_MAJOR_VERSION, GD_MINOR_VERSION, GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre)- Added missing open_basedir checks to CGI. (anight at eyelinkmedia dot com, Tony)- Added missing format validator to unpack() function. (Ilia)- Added missing error check inside bcpowmod(). (Ilia)- Added CURLOPT_PRIVATE & CURLINFO_PRIVATE constants. (Andrey A. Belashkov, Tony)- Added missing MSG_EOR and MSG_EOF constants to sockets extension. (Jani)- Added PCRE_VERSION constant. (Tony)- Added ReflectionExtension::info() function to print the phpinfo() block for an extension. (Johannes)- Implemented FR #41884 (ReflectionClass::getDefaultProperties() does not handle static attributes). (Tony)- Fixed "Floating point exception" inside wordwrap(). (Mattias Bengtsson, Ilia)- Fixed several integer overflows in ImageCreate(), ImageCreateTrueColor(), ImageCopyResampled() and ImageFilledPolygon() reported by Mattias Bengtsson. (Tony)- Fixed size calculation in chunk_split(). (Stas)- Fixed integer overflow in str[c]spn(). (Stas)- Fixed money_format() not to accept multiple %i or %n tokens. (Stas, Ilia)- Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Ilia)- Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Stas)- Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Stas, Maksymilian Arciemowicz)- Fixed possible invalid read in glob() win32 implementation (CVE-2007-3806). (Tony)- Improved fix for MOPB-03-2007. (Ilia)- Corrected fix for CVE-2007-2872. (Ilia)- Fixed possible crash in imagepsloadfont(), work around a bug in the pslib on Windows. (Pierre)- Fixed oci8 and PDO_OCI extensions to allow configuring with Oracle 11g client libraries. (Chris Jones)- Fixed EOF handling in case of reading from file opened in write only mode. (Dmitry)- Fixed var_export() to use the new H modifier so that it can generate parseable PHP code for floats, independent of the locale. (Derick)- Fixed regression introduced by the fix for the libgd bug #74. (Pierre)- Fixed SimpleXML's behavior when used with empty(). (Sara)- Fixed crash in OpenSSL extension because of non-string passphrase. (Dmitry)- Fixed PECL Bug #11345 (PDO_OCI crash after National language Support "NLS" environment initialization error). (Chris Jones)- Fixed PECL bug #11216 (crash in ZipArchive::addEmptyDir when a directory already exists). (Pierre)- Fixed bug #42848 (Status: header incorrect under FastCGI). (Dmitry)- Fixed bug #42368 (Incorrect error message displayed by pg_escape_string). (Ilia)- Fixed bug #42365 (glob() crashes and/or accepts way too many flags). (Jani)- Fixed Bug #42364 (Crash when using getRealPath with DirectoryIterator). (Johannes)- Fixed bug #42292 ($PHP_CONFIG not set for phpized builds). (Jani)- Fixed bug #42261 (header wrong for date field). (roberto at spadim dot com dot br, Ilia)- Fixed bug #42259 (SimpleXMLIterator loses ancestry). (Rob)- Fixed bug #42247 (ldap_parse_result() not defined under win32). (Jani)- Fixed bug #42243 (copy() does not output an error when the first arg is a dir). (Ilia)- Fixed bug #42242 (sybase_connect() crashes). (Ilia)- Fixed bug #42237 (stream_copy_to_stream returns invalid values for mmaped streams). (andrew dot minerd at sellingsource dot com, Ilia)- Fixed bug #42233 (Problems with in extract()). (Jani)- Fixed bug #42222 (possible buffer overflow in php_openssl_make_REQ). (Pierre)- Fixed bug #42211 (property_exists() fails to find protected properties from a parent class). (Dmitry)- Fixed bug #42208 (substr_replace() crashes when the same array is passed more than once). (crrodriguez at suse dot de, Ilia)- Fixed bug #42198 (SCRIPT_NAME and PHP_SELF truncated when inside a userdir and using PATH_INFO). (Dmitry)- Fixed bug #42195 (C++ compiler required always). (Jani)- Fixed bug #42183 (classmap causes crash in non-wsdl mode). (Dmitry)- Fixed bug #42173 (oci8 INTERVAL and TIMESTAMP type fixes). (Chris)- Fixed bug #42151 (__destruct functions not called after catching a SoapFault exception). (Dmitry)- Fixed bug #42142 (substr_replace() returns FALSE when length > string length). (Ilia)- Fixed bug #42135 (Second call of session_start() causes creation of SID). (Ilia)- Fixed bug #42134 (oci_error() returns false after oci_new_collection() fails). (Tony)- Fixed bug #42119 (array_push($arr,&$obj) doesn't work with zend.ze1_compatibility_mode On). (Dmitry)- Fixed bug #42117 (bzip2.compress loses data in internal buffer). (Philip, Ilia)- Fixed bug #42112 (deleting a node produces memory corruption). (Rob)- Fixed bug #42107 (sscanf broken when using %2$s format parameters). (Jani)- Fixed bug #42090 (json_decode causes segmentation fault). (Hannes)- Fixed bug #42082 (NodeList length zero should be empty). (Hannes)- Fixed bug #42072 (No warning message for clearstatcache() with arguments). (Ilia)- Fixed bug #42071 (ini scanner allows using NULL as option name). (Jani)- Fixed bug #42027 (is_file() / is_dir() matches file/dirnames with wildcard char or trailing slash in Windows). (Dmitry)- Fixed bug #42019 (configure option --with-adabas=DIR does not work). (Jani)- Fixed bug #42015 (ldap_rename(): server error "DSA is unwilling to perform"). (bob at mroczka dot com, Jani)- Fixed bug #42009 (is_a() and is_subclass_of() should NOT call autoload, in the same way as "instanceof" operator). (Dmitry)- Fixed bug #41989 (move_uploaded_file() & relative path in ZTS mode). (Tony)- Fixed bug #41984 (Hangs on large SoapClient requests). (Dmitry)- Fixed bug #41983 (Error Fetching http headers terminated by '\n'). (Dmitry)- Fixed bug #41973 (--with-ldap=shared fails with LDFLAGS="-Wl,--as-needed"). (Nuno)- Fixed bug #41971 (PDOStatement::fetch and PDOStatement::setFetchMode causes unexpected behavior). (Ilia)- Fixed bug #41964 (strtotime returns a timestamp for non-time string of pattern '(A|a) .+'). (Derick)- Fixed bug #41961 (Ensure search for hidden private methods does not stray from class hierarchy). (robin_fernandes at uk dot ibm dot com)- Fixed bug #41947 (SimpleXML incorrectly registers empty strings asnamespaces). (Rob)- Fixed bug #41929 (Foreach on object does not iterate over all visible properties). (Dmitry)- Fixed bug #41919 (crash in string to array conversion). (judas dot iscariote at gmail dot com, Ilia)- Fixed bug #41909 (var_export() is locale sensitive when exporting float values). (Derick)- Fixed bug #41908 (CFLAGS="-Os" ./configure --enable-debug fails). (christian at hoffie dot info, Tony)- Fixed bug #41904 (proc_open(): empty env array should cause empty environment to be passed to process). (Jani)- Fixed bug #41867 (SimpleXML: getName is broken). (Rob)- Fixed bug #41865 (fputcsv(): 2nd parameter is not optional). (Jani)- Fixed bug #41861 (SimpleXML: getNamespaces() returns the namespaces of a node's siblings). (Rob)- Fixed bug #41845 (pgsql extension does not compile with PostgreSQL = 7.16.2). (Mike)- Fixed bug #41353 (crash in openssl_pkcs12_read() on invalid input). (Ilia)- Fixed bug #41351 (Invalid opcode with foreach ($a[] as $b)). (Dmitry, Tony)- Fixed bug #41347 (checkdnsrr() segfaults on empty hostname). (Scott)- Fixed bug #41337 (WSDL parsing doesn't ignore non soap bindings). (Dmitry)- Fixed bug #41326 (Writing empty tags with Xmlwriter::WriteElement[ns]) (Pierre)- Fixed bug #41321 (downgrade read errors in getimagesize() to E_NOTICE). (Ilia)- Fixed bug #41304 (compress.zlib temp files left). (Dmitry)- Fixed bug #41293 (Fixed creation of HTTP_RAW_POST_DATA when there is no default post handler). (Ilia)- Fixed bug #41291 (FastCGI does not set SO_REUSEADDR). (fmajid at kefta dot com, Dmitry)- Fixed gd build when used with freetype 1.x (Pierre, Tony)- Fixed bug #41287 (Namespace functions don't allow xmlns definition to be optional). (Rob)- Fixed bug #41285 (Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib). (Ilia)- Fixed bug #41283 (Bug with deserializing array key that are doubles or floats in wddx). (Ilia)- Fixed bug #41257 (lookupNamespaceURI does not work as expected). (Rob)- Fixed bug #41236 (Regression in timeout handling of non-blocking SSL connections during reads and writes). (Ilia)- Fixed bug #41134 (zend_ts_hash_clean not thread-safe). (marco dot cova at gmail dot com, Tony)- Fixed bug #41097 (ext/soap returning associative array as indexed without using WSDL). (Dmitry)- Fixed bug #41004 (minOccurs="0" and null class member variable). (Dmitry)- Fixed bug #39542 (Behavior of require/include different to < 5.2.0). (Dmitry)03 May 2007, PHP 5.2.2- Improved bundled GD . Sync to 2.0.35 . Added imagegrabwindow and imagegrabscreen, capture a screen or a window using its handle (Pierre) . colors allocated henceforth from the resulting image overwrite the palette colors (Rob Leslie) . Improved thread safety of the gif support (Roman Nemecek, Nuno, Pierre) . Use the dimension of the GIF frame to create the destination image (Pierre) . Load only once the local color map from a GIF data (Pierre) . Improved thread safety of the freetype cache (Scott MacVicar, Nuno, Pierre) . imagearc huge CPU usage with large angles, libgd bug #74 (Pierre)- Improved FastCGI SAPI to support external pipe and socket servers on win32. (Dmitry)- Improved Zend Memory Manager . guarantee of reasonable time for worst cases of best-fit free block searching algorithm. (Dmitry) . better cache usage and less fragmentation on erealloc() (Tony, Dmitry)- Improved SPL (Marcus) . Added SplFileInfo::getBasename(), DirectoryIterator::getBasename(). . Added SplFileInfo::getLinkTarget(), SplFileInfo::getRealPath(). . Made RecursiveFilterIterator::accept() abstract as stated in documentation.- Improved SOAP . Added ability to encode arrays with "SOAP-ENC:Array" type instead of WSDL type. To activate the ability use "feature"=>SOAP_USE_XSI_ARRAY_TYPE option in SoapClient/SoapServer constructors. (Rob, Dmitry)- Added GMP_VERSION constant. (Tony)- Added --ri switch to CLI which allows to check extension information. (Marcus)- Added tidyNode::getParent() method (John, Nuno)- Added openbasedir and safemode checks in zip:// stream wrapper and ZipArchive::open (Pierre)- Added php_pdo_sqlite_external.dll, a version of the PDO SQLite driver that links against an external sqlite3.dll. This provides Windows users to upgrade their sqlite3 version outside of the PHP release cycle. (Wez, Edin)- Added linenumbers to array returned by token_get_all(). (Johannes)- Upgraded SQLite 3 to version 3.3.16 (Ilia)- Upgraded libraries bundled in the Windows distribution. (Edin) . c-client (imap) to version 2006e . libpq (PostgreSQL) to version 8.2.3 . libmysql (MySQL) to version 5.0.37 . openssl to version 0.9.8e- Upgraded PCRE to version 7.0 (Nuno)- Updated timezone database to version 2007.5. (Derick)- Fixed commandline handling for CLI and CGI. (Marcus, Johannes)- Fixed iterator_apply() with a callback using __call(). (Johannes)- Fixed possible multi bytes issues in openssl csr parser (Pierre)- Fixed shmop_open() with IPC_CREAT|IPC_EXCL flags on Windows. (Vladimir Kamaev, Tony).- Fixed possible leak in ZipArchive::extractTo when safemode checks fails (Ilia)- Fixed possible relative path issues in zip_open and TS mode (old API) (Pierre)- Fixed zend_llist_remove_tail (Michael Wallner, Dmitry)- Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek)- Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre)- Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)- Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)- Fixed bug #41215 (setAttribute return code reversed). (Ilia)- Fixed bug #41192 (Per Directory Values only work for one key). (Dmitry)- Fixed bug #41175 (addAttribute() fails to add an attribute with an empty value). (Ilia)- Fixed bug #41159 (mysql_pconnect() hash does not account for connect flags). (Ilia)- Fixed bug #41121 (range() overflow handling for large numbers on 32bit machines). (Ilia)- Fixed bug #41118 (PHP does not handle overflow of octal integers). (Tony)- Fixed bug #41109 (recursiveiterator.inc says "implements" Iterator instead of "extends"). (Marcus)- Fixed bug #40130 (TTF usage doesn't work properly under Netware). (Scott, gk at gknw dot de)- Fixed bug #41093 (magic_quotes_gpc ignores first arrays keys). (Arpad, Ilia)- Fixed bug #41075 (memleak when creating default object caused exception). (Dmitry)- Fixed bug #41067 (json_encode() problem with UTF-16 input). (jp at df5ea dot net. Ilia)- Fixed bug #41063 (chdir doesn't like root paths). (Dmitry)- Fixed bug #41061 ("visibility error" in ReflectionFunction::export()). (Johannes)- Fixed bug #41043 (pdo_oci crash when freeing error text with persistent connection). (Tony)- Fixed bug #41037 (unregister_tick_function() inside the tick function crash PHP). (Tony)- Fixed bug #41034 (json_encode() ignores null byte started keys in arrays). (Ilia)- Fixed bug #41026 (segfault when calling "self::method()" in shutdown functions). (Tony)- Fixed bug #40999 (mcrypt_create_iv() not using random seed). (Ilia)- Fixed bug #40998 (long session array keys are truncated). (Tony)- Implement feature request #40947, allow a single filter as argument for filter_var_array (Pierre)- Fixed bug #40935 (pdo_mysql does not raise an exception on empty fetchAll()). (Ilia)- Fixed bug #40931 (open_basedir bypass via symlink and move_uploaded_file()). (Tony)- Fixed bug #40921 (php_default_post_reader crashes when post_max_size is exceeded). (trickie at gmail dot com, Ilia)- Fixed bug #40915 (addcslashes unexpected behavior with binary input). (Tony)- Fixed bug #40899 (memory leak when nesting list()). (Dmitry)- Fixed bug #40897 (error_log file not locked). (Ilia)- Fixed bug #40883 (mysql_query() is allocating memory incorrectly). (Tony)- Fixed bug #40872 (inconsistency in offsetSet, offsetExists treatment of string enclosed integers). (Marcus)- Fixed bug #40861 (strtotime() doesn't handle double negative relative time units correctly). (Derick, Ilia)- Fixed bug #40854 (imap_mail_compose() creates an invalid terminator for multipart e-mails). (Ilia)- Fixed bug #40848 (sorting issue on 64-bit Solaris). (Wez)- Fixed bug #40836 (Segfault in ext/dom). (Rob)- Fixed bug #40833 (Crash when using unset() on an ArrayAccess object retrieved via __get()). (Dmitry)- Fixed bug #40822 (pdo_mysql does not return rowCount() on select). (Ilia)- Fixed bug #40815 (using strings like "class::func" and static methods in set_exception_handler() might result in crash). (Tony)- Fixed bug #40809 (Poor performance of ".="). (Dmitry)- Fixed bug #40805 (Failure executing function ibase_execute()). (Tony)- Fixed bug #40800 (cannot disable memory_limit with -1). (Dmitry, Tony)- Fixed bug #40794 (ReflectionObject::getValues() may crash when used with dynamic properties). (Tony)- Fixed bug #40784 (Case sensitivity in constructor's fallback). (Tony)- Fixed bug #40770 (Apache child exits when PHP memory limit reached). (Dmitry)- Fixed bug #40764 (line thickness not respected for horizontal and vertical lines). (Pierre)- Fixed bug #40758 (Test fcgi_is_fastcgi() is wrong on windows). (Dmitry)- Fixed bug #40754 (added substr() & substr_replace() overflow checks). (Ilia)- Fixed bug #40752 (parse_ini_file() segfaults when a scalar setting is redeclared as an array). (Tony)- Fixed bug #40750 (openssl stream wrapper ignores default_stream_timeout). (Tony)- Fixed bug #40727 (segfault in PDO when failed to bind parameters). (Tony)- Fixed bug #40709 (array_reduce() behaves strange with one item stored arrays). (Ilia)- Fixed bug #40703 (Resolved a possible namespace conflict between libxmlrpc and MySQL's NDB table handler). (Ilia)- Fixed bug #40961 (Incorrect results of DateTime equality check). (Mike)- Fixed bug #40678 (Cross compilation fails). (Tony)- Fixed bug #40621 (Crash when constructor called inappropriately). (Tony)- Fixed bug #40609 (Segfaults when using more than one SoapVar in a request). (Rob, Dmitry)- Fixed bug #40606 (umask is not being restored when request is finished). (Tony)- Fixed bug #40598 (libxml segfault). (Rob)- Fixed bug #40591 (list()="string"; gives invalid opcode). (Dmitry)- Fixed bug #40578 (imagettftext() multithreading issue). (Tony, Pierre)- Fixed bug #40576 (double values are truncated to 6 decimal digits when encoding). (Tony)- Fixed bug #40560 (DIR functions do not work on root UNC path). (Dmitry)- Fixed bug #40548 (SplFileInfo::getOwner/getGroup give a warning on broken symlink). (Marcus)- Fixed bug #40546 (SplFileInfo::getPathInfo() throws an exception if directory is in root dir). (Marcus)- Fixed bug #40545 (multithreading issue in zend_strtod()). (Tony)- Fixed bug #40503 (json_encode() value corruption on 32bit systems with overflown values). (Ilia)- Fixed bug #40467 (Partial SOAP request sent when XSD sequence or choice include minOccurs=0). (Dmitry)- Fixed bug #40465 (Ensure that all PHP elements are printed by var_dump). (wharmby at uk dot ibm dot com, Ilia)- Fixed bug #40464 (session.save_path wont use default-value when safe_mode or open_basedir is enabled). (Ilia)- Fixed bug #40455 (proc_open() uses wrong command line when safe_mode_exec_dir is set). (Tony)- Fixed bug #40432 (strip_tags() fails with greater than in attribute). (Ilia)- Fixed bug #40431 (dynamic properties may cause crash in ReflectionProperty methods). (Tony)- Fixed bug #40451 (addAttribute() may crash when used with non-existent child node). (Tony)- Fixed bug #40442 (ArrayObject::offsetExists broke in 5.2.1, works in 5.2.0). (olivier at elma dot fr, Marcus)- Fixed bug #40428 (imagepstext() doesn't accept optional parameter). (Pierre)- Fixed bug #40417 (Allow multiple instances of the same named PDO token in prepared statement emulation code). (Ilia)- Fixed bug #40414 (possible endless fork() loop when running fastcgi). (Dmitry)- Fixed bug #40410 (ext/posix does not compile on MacOS 10.3.9). (Tony)- Fixed bug #40392 (memory leaks in PHP milter SAPI). (tuxracer69 at gmail dot com, Tony)- Fixed bug #40371 (pg_client_encoding() not working on Windows). (Edin)- Fixed bug #40352 (FCGI_WEB_SERVER_ADDRS function get lost). (Dmitry)- Fixed bug #40290 (strtotime() returns unexpected result with particular timezone offset). (Derick)- Fixed bug #40286 (PHP fastcgi with PHP_FCGI_CHILDREN don't kill children when parent is killed). (Dmitry)- Fixed bug #40261 (Extremely slow data handling due to memory fragmentation). (Dmitry)- Fixed bug #40236 (php -a function allocation eats memory). (Dmitry)- Fixed bug #40109 (iptcembed fails on non-jfif jpegs). (Tony)- Fixed bug #39965 (Latitude and longitude are backwards in date_sun_info()). (Derick)- Implement #39867 (openssl PKCS#12 support) (Marc Delling, Pierre)- Fixed bug #39836 (SplObjectStorage empty after unserialize). (Marcus)- Fixed bug #39416 (Milliseconds in date()). (Derick)- Fixed bug #39396 (stream_set_blocking crashes on Win32). (Ilia, maurice at iceblog dot de)- Fixed bug #39351 (relative include fails on Solaris). (Dmitry, Tony)- Fixed bug #39322 (proc_terminate() destroys process resource). (Nuno)- Fixed bug #38406 (crash when assigning objects to SimpleXML attributes). (Tony)- Fixed bug #37799 (ftp_ssl_connect() falls back to non-ssl connection). (Nuno)- Fixed bug #36496 (SSL support in imap_open() not working on Windows). (Edin)- Fixed bug #36226 (Inconsistent handling when passing nillable arrays). (Dmitry)- Fixed bug #35872 (Avoid crash caused by object store being referenced during RSHUTDOWN). (Andy)- Fixed bug #34794 (proc_close() hangs when used with two processes). (jdolecek at netbsd dot org, Nuno)- Fixed PECL bug #10194 (crash in Oracle client when memory limit reached in the callback). (Tony)- Fixed substr_compare and substr_count information leak (MOPB-14) (Stas, Ilia)- Fixed crash on op-assign where argument is string offset (Brian, Stas)- Fixed bug #38710 (data leakage because of nonexisting boundary checking in statements in mysqli) (Stas)- Fixed bug #37386 (autocreating element doesn't assign value to first node). (Rob)- Fixed bug #37013 (server hangs when returning circular object references). (Dmitry)- Fixed bug #33664 Console window appears when using exec() (Richard Quadling, Stas)08 Feb 2007, PHP 5.2.1- Added read-timeout context option "timeout" for HTTP streams. (Hannes, Ilia).- Added CURLOPT_TCP_NODELAY constant to Curl extension. (Sara)- Added support for hex numbers of any size. (Matt)- Added function stream_socket_shutdown(). It is a wrapper for system shutdown() function, that shut downs part of a full-duplex connection. (Dmitry)- Added internal heap protection (Dmitry) . memory-limit is always enabled (--enable-memory-limit removed) . default value if memory-limit is set to 128M . safe unlinking . cookies . canary protection (debug build only) . random generation of cookies and canaries- Added forward support for 'b' prefix in front of string literals. (Andrei)- Added three new functions to ext/xmlwriter (Rob, Ilia) . xmlwriter_start_dtd_entity() . xmlwriter_end_dtd_entity() . xmlwriter_write_dtd_entity()- Added a meta tag to phpinfo() output to prevent search engines from indexing the page. (Ilia)- Added new function, sys_get_temp_dir(). (Hartmut)- Added missing object support to file_put_contents(). (Ilia)- Added support for md2, ripemd256 and ripemd320 algos to hash(). (Sara)- Added forward support for (binary) cast. (Derick)- Added optimization for imageline with horizontal and vertical lines (Pierre)- Removed dependency from SHELL32.DLL. (Dmitry)- Removed double "wrong parameter count" warnings in various functions. (Hannes)- Moved extensions to PECL: . ext/informix (Derick, Tony)- Changed double-to-string utilities to use BSD implementation. (Dmitry, Tony)- Updated bundled libcURL to version 7.16.0 in the Windows distro. (Edin)- Updated timezone database to version 2006.16. (Derick)- cgi.* and fastcgi.* directives are moved to INI subsystem. The new directive cgi.check_shebang_line can be used to omitting check for "#! /usr/bin/php" line. (Dmitry).- Improved proc_open(). Now on Windows it can run external commands not through CMD.EXE. (Dmitry)- VCWD_REALPATH() is improved to use realpath cache without VIRTUAL_DIR. (Dmitry)- ext/bcmath initialization code is moved from request startup to module startup. (Dmitry)- Zend Memory Manager Improvements (Dmitry) . use HeapAlloc() instead of VirtualAlloc() . use "win32" storage manager (instead of "malloc") on Windows by default- Zip Extension Improvements (Pierre) . Fixed leak in statName and stateIndex . Fixed return setComment (Hannes) . Added addEmptyDir method- Filter Extension Improvements (Ilia, Pierre) . Fixed a bug when callback function returns a non-modified value. . Added filter support for $_SERVER in cgi/apache2 sapis. . Make sure PHP_SELF is filtered in Apache 1 sapi. . Fixed bug #39358 (INSTALL_HEADERS contains incorrect reference to php_filter.h). . Added "default" option that allows a default value to be set for an invalid or missing value. . Invalid filters fails instead of returning unsafe value . Fixed possible double encoding problem with sanitizing filters . Make use of space-strict strip_tags() function . Fixed whitespace trimming . Added support for FastCGI environment variables. (Dmitry)- PDO_MySQL Extension Improvements (Ilia) . Enabled buffered queries by default. . Enabled prepared statement emulation by default.- Small optimization of the date() function. (Matt,Ilia)- Optimized the internal is_numeric_string() function. (Matt,Ilia)- Optimized array functions utilizing php_splice(). (Ilia)- Windows related optimizations (Dmitry, Stas) . COM initialization/deinitialization are done only if necessary . removed unnecessary checks for ISREG file and corresponding stat() calls . opendir() is reimplementation using GetFistFile/GetNextFile those are faster then _findfirst/_findnext . implemented registry cache that prevent registry lookup on each request. In case of modification of corresponding registry-tree PHP will reload it automatic . start timeout thread only if necessary . stat() is reimplementation using GetFileAttributesEx(). The new implementation is faster then implementation in MS VC CRT, but it doesn't support Windows 95.- Streams optimization (Dmitry) . removed unnecessary ftell() calls (one call for each included PHP file) . disabled calls to read() after EOF- Fixed incorrect function names on FreeBSD where inet_pton() was named __inet_pton() and inet_ntop() was named __inet_ntop(). (Hannes)- Fixed FastCGI impersonation for persistent connections on Windows. (Dmitry)- Fixed wrong signature initialization in imagepng (Takeshi Abe)- Fixed ftruncate() with negative size on FreeBSD. (Hannes)- Fixed segfault in RegexIterator when given invalid regex. (Hannes)- Fixed segfault in SplFileObject->openFile()->getPathname(). (Hannes)- Fixed segfault in ZTS mode when OCI8 statements containing sub-statements are destroyed in wrong order. (Tony)- Fixed the validate email filter so that the letter "v" can also be used in the user part of the email address. (Derick)- Fixed bug #40297 (compile failure in ZTS mode when collections support is missing). (Tony)- Fixed bug #40285 (The PDO prepare parser goes into an infinite loop in some instances). (Ilia)- Fixed bug #40274 (Sessions fail with numeric root keys). (Ilia)- Fixed bug #40259 (ob_start call many times - memory error). (Dmitry)- Fixed bug #40231 (file_exists incorrectly reports false). (Dmitry)- Fixed bug #40228 (ZipArchive::extractTo does create empty directories recursively). (Pierre)- Fixed bug #40200 (The FastCgi version has different realpath results than thread safe version). (Dmitry)- Fixed bug #40191 (use of array_unique() with objects triggers segfault). (Tony)- Fixed bug #40189 (possible endless loop in zlib.inflate stream filter). (Greg, Tony)- Fixed bug #40169 (CURLOPT_TCP_NODELAY only available in curl >= 7.11.2). (Tony)- Fixed bug #40129 (iconv extension doesn't compile with CodeWarrior on Netware). (gk at gknw dot de, Tony)- Fixed bug #40127 (apache2handler doesn't compile on Netware). (gk at gknw dot de)- Fixed bug #40121 (PDO_DBLIB driver wont free statements). (Ilia)- Fixed bug #40098 (php_fopen_primary_script() not thread safe). (Ilia)- Fixed bug #40092 (chroot() doesn't clear realpath cache). (Dmitry)- Fixed bug #40091 (spl_autoload_register with 2 instances of the same class). (Ilia)- Fixed bug #40083 (milter SAPI functions always return false/null). (Tony)- Fixed bug #40079 (php_get_current_user() not thread safe). (Ilia, wharmby at uk dot ibm dot com)- Fixed bug #40078 (ORA-01405 when fetching NULL values using oci_bind_array_by_name()). (Tony)- Fixed bug #40076 (zend_alloc.c: Value of enumeration constant must be in range of signed integer). (Dmitry)- Fixed bug #40073 (exif_read_data dies on certain images). (Tony, Marcus)- Fixed bug #40036 (empty() does not work correctly with ArrayObject when using ARRAY_AS_PROPS). (Ilia)- Fixed bug #40012 (php_date.c doesn't compile on Netware). (gk at gknw dot de, Derick)- Fixed bug #40009 (http_build_query(array()) returns NULL). (Ilia)- Fixed bug #40002 (Try/Catch performs poorly). (Dmitry)- Fixed bug #39993 (tr_TR.UTF-8 locale has problems with PHP). (Ilia)- Fixed bug #39990 (Cannot "foreach" over overloaded properties). (Dmitry)- Fixed bug #39988 (type argument of oci_define_by_name() is ignored). (Chris Jones, Tony)- Fixed bug #39984 (redirect response code in header() could be ignored in CGI sapi). (Ilia)- Fixed bug #39979 (PGSQL_CONNECT_FORCE_NEW will causes next connect to establish a new connection). (Ilia)- Fixed bug #39971 (pg_insert/pg_update do not allow now() to be used for timestamp fields). (Ilia)- Fixed bug #39969 (ini setting short_open_tag has no effect when using --enable-maintainer-zts). (Dmitry)- Fixed bug #39952 (zip ignoring --with-libdir on zlib checks) (judas dot iscariote at gmail dot com)- Fixed bug #39944 (References broken). (Dmitry)- Fixed bug #39935 (Extensions tidy,mcrypt,mhash,pdo_sqlite ignores --with-libdir). (judas dot iscariote at gmail dot com, Derick)- Fixed bug #39903 (Notice message when executing __halt_compiler() more than once). (Tony)- Fixed bug #39898 (FILTER_VALIDATE_URL validates \r\n\t etc). (Ilia)- Fixed bug #39890 (using autoconf 2.6x and --with-layout=GNU breaks PEAR install path). (Tony)- Fixed bug #39884 (ReflectionParameter::getClass() throws exception for type hint self). (thekid at php dot net)- Fixed bug #39878 (CURL doesn't compile on Sun Studio Pro). (Ilia)- Fixed bug #39873 (number_format() breaks with locale & decimal points). (Ilia)- Fixed bug #39869 (safe_read does not initialize errno). (michiel at boland dot org, Dmitry)- Fixed bug #39850 (SplFileObject throws contradictory/wrong error messages when trying to open "php://wrong"). (Tony)- Fixed bug #39846 (Invalid IPv4 treated as valid). (Ilia)- Fixed bug #39845 (Persistent connections generate a warning in pdo_pgsql). (Ilia)- Fixed bug #39832 (SOAP Server: parameter not matching the WSDL specified type are set to 0). (Dmitry)- Fixed bug #39825 (foreach produces memory error). (Dmitry)- Fixed bug #39816 (apxs2filter ignores httpd.conf & .htaccess php config settings). (Ilia)- Fixed bug #39815 (SOAP double encoding is not locale-independent). (Dmitry)- Fixed bug #39797 (virtual() does not reset changed INI settings). (Ilia)- Fixed bug #39795 (build fails on AIX because crypt_r() uses different data struct). (Tony)- Fixed bug #39791 (Crash in strtotime() on overly long relative date multipliers). (Ilia)- Fixed bug #39787 (PHP doesn't work with Apache 2.3). (mv at binarysec dot com).- Fixed bug #39782 (setTime() on a DateTime constructed with a Weekday yields incorrect results). (Ilia)- Fixed bug #39780 (PNG image with CRC/data error raises fatal error) (Pierre)- Fixed bug #39779 (Enable AUTH PLAIN mechanism in underlying libc-client). (michael dot heimpold at s2000 dot tu-chemnitz dot de, Ilia)- Fixed bug #39775 ("Indirect modification ..." message is not shown). (Dmitry)- Fixed bug #39763 (magic quotes are applied twice by ext/filter in parse_str()). (Ilia)- Fixed bug #39760 (cloning fails on nested SimpleXML-Object). (Rob)- Fixed bug #39759 (Can't use stored procedures fetching multiple result sets in pdo_mysql). (Ilia)- Fixed bug #39754 (Some POSIX extension functions not thread safe). (Ilia, wharmby at uk dot ibm dot com)- Fixed bug #39751 (putenv crash on Windows). (KevinJohnHoffman at gmail.com)- Fixed bug #39732 (oci_bind_array_by_name doesn't work on Solaris 64bit). (Tony)- Fixed bug #39724 (Broken build due to spl/filter usage of pcre extension). (Tony, Ilia)- Fixed bug #39718 (possible crash if assert.callback is set in ini). (Ilia)- Fixed bug #39702 (php crashes in the allocator on linux-m68k). (Dmitry)- Fixed bug #39685 (iconv() - undefined function). (Hannes)- Fixed bug #39673 (file_get_contents causes bus error on certain offsets). (Tony)- Fixed bug #39663 (Memory leak in pg_get_notify() and a possible memory corruption on Windows in pgsql and pdo_pgsql extensions). (Ilia, matteo at beccati dot com)- Fixed bug #39662 (Segfault when calling asXML() of a cloned SimpleXMLElement). (Rob, Tony)- Fixed bug #39656 (crash when calling fetch() on a PDO statment object after closeCursor()). (Ilia, Tony)- Fixed bug #39653 (ext/dba doesn't check for db-4.5 and db-4.4 when db4 support is enabled). (Tony)- Fixed bug #39652 (Wrong negative results from memory_get_usage()). (Dmitry)- Fixed bug #39648 (Implementation of PHP functions chown() and chgrp() are not thread safe). (Ilia, wharmby at uk dot ibm dot com)- Fixed bug #39640 (Segfault with "Allowed memory size exhausted"). (Dmitry)- Fixed bug #39625 (Apache crashes on importStylesheet call). (Rob)- Fixed bug #39623 (thread safety fixes on *nix for putenv() & mime_magic). (Ilia, wharmby at uk dot ibm dot com)- Fixed bug #39621 (str_replace() is not binary safe on strings with equal length). (Tony)- Fixed bug #39613 (Possible segfault in imap initialization due to missing module dependency). (wharmby at uk dot ibm dot com, Tony)- Fixed bug #39606 (Use of com.typelib_file in PHP.ini STILL causes A/V). (Rob)- Fixed bug #39602 (Invalid session.save_handler crashes PHP). (Dmitry)- Fixed bug #39596 (Creating Variant of type VT_ARRAY). (Rob)- Fixed bug #39583 (ftp_put() does not change transfer mode to ASCII). (Tony)- Fixed bug #39576 (array_walk() doesn't separate user data zval). (Tony)- Fixed bug #39575 (move_uploaded_file() no longer working (safe mode related)). (Tony)- Fixed bug #39571 (timeout ssl:// connections). (Ilia)- Fixed bug #39564 (PDO::errorInfo() returns inconsistent information when sqlite3_step() fails). (Tony)- Fixed bug #39548 (ZMSG_LOG_SCRIPT_NAME not routed to OutputDebugString() on Windows). (Dmitry)- Fixed bug #39538 (fgetcsv can't handle starting newlines and trailing odd number of backslashes). (David Soria Parra, Pierre)- Fixed bug #39534 (Error in maths to calculate of ZEND_MM_ALIGNED_MIN_HEADER_SIZE). (wharmby at uk dot ibm dot com, Dmitry)- Fixed bug #39527 (Failure to retrieve results when multiple unbuffered, prepared statements are used in pdo_mysql). (Ilia)- Fixed bug #39508 (imagefill crashes with small images 3 pixels or less). (Pierre)- Fixed bug #39506 (Archive corrupt with ZipArchive::addFile method). (Pierre)- Fixed bug #39504 (xmlwriter_write_dtd_entity() creates Attlist tag, not entity). (Hannes)- Fixed bug #39483 (Problem with handling of \ char in prepared statements). (Ilia, suhachov at gmail dot com)- Fixed bug #39458 (ftp_nlist() returns false on empty dirs). (Nuno)- Fixed bug #39454 (Returning a SOAP array segfaults PHP). (Dmitry)- Fixed bug #39450 (getenv() fills other super-globals). (Ilia, Tony)- Fixed bug #39449 (Overloaded array properties do not work correctly). (Dmitry)- Fixed bug #39445 (Calling debug_backtrace() in the __toString() function produces a crash). (Dmitry)- Fixed bug #39438 (Fatal error: Out of memory). (Dmitry)- Fixed bug #39435 ('foo' instanceof bar gives invalid opcode error). (Sara)- Fixed bug #39414 (Syntax error while compiling with Sun Workshop Complier). (Johannes)- Fixed bug #39398 (Booleans are not automatically translated to integers). (Ilia)- Fixed bug #39394 (Missing check for older variants of openssl). (Ilia)- Fixed bug #39367 (clearstatcache() doesn't clear realpath cache). (j at pureftpd dot org, Dmitry)- Fixed bug #39366 (imagerotate does not use alpha with angle > 45 degrees) (Pierre)- Fixed bug #39364 (Removed warning on empty haystack inside mb_strstr()). (Ilia)- Fixed bug #39362 (Added an option to imap_open/imap_reopen to control the number of connection retries). (Ilia)- Fixed bugs #39361 & #39400 (mbstring function overloading problem). (Seiji)- Fixed bug #39354 (Allow building of curl extension against libcurl 7.16.0). (Ilia)- Fixed bug #39350 (crash with implode("\n", array(false))). (Ilia)- Fixed bug #39344 (Unnecessary calls to OnModify callback routine for an extension INI directive). (wharmby at uk dot ibm dot com, Dmitry)- Fixed bug #39320 (ZEND_HASH_APPLY_STOP causes deletion). (Marcus)- Fixed bug #39313 (spl_autoload triggers Fatal error). (Marcus)- Fixed bug #39300 (make install fails if wget is not available). (Tony)- Fixed bug #39297 (Memory corruption because of indirect modification of overloaded array). (Dmitry)- Fixed bug #39286 (misleading error message when invalid dimensions are given) (Pierre)- Fixed bug #39273 (imagecopyresized may ignore alpha channel) (Pierre)- Fixed bug #39265 (Fixed path handling inside mod_files.sh). (michal dot taborsky at gmail dot com, Ilia)- Fixed bug #39217 (serialNumber might be -1 when the value is too large). (Pierre, Tony)- Fixed bug #39215 (Inappropriate close of stdin/stdout/stderr). (Wez, Ilia)- Fixed bug #39201 (Possible crash in Apache 2 with 413 ErrorHandler). (Ilia)- Fixed bug #39151 (Parse error in recursiveiteratoriterator.php). (Marcus)- Fixed bug #39121 (Incorrect return array handling in non-wsdl soap client). (Dmitry)- Fixed bug #39090 (DirectoryFilterDots doxygen docs and example is wrong). (Marcus)- Fixed bug #38852 (XML-RPC Breaks iconv). (Hannes)- Fixed bug #38770 (unpack() broken with longs on 64 bit machines). (Ilia, David Soria Parra).- Fixed bug #38698 (for some keys cdbmake creates corrupted db and cdb can't read valid db). (Marcus)- Fixed bug #38680 (Added missing handling of basic types in json_decode). (Ilia)- Fixed bug #38604 (Fixed request time leak inside foreach() when iterating through virtual properties). (Dmitry)- Fixed bug #38602 (header( "HTTP/1.0 ..." ) does not change proto version). (Ilia)- Fixed bug #38542 (proc_get_status() returns wrong PID on windows). (Nuno)- Fixed bug #38536 (SOAP returns an array of values instead of an object). (Dmitry)- Fixed bug #38456 (Apache2 segfaults when virtual() is called in .php ErrorDocument). (Ilia)- Fixed bug #38325 (spl_autoload_register() gives wrong line for "class not found"). (Ilia)- Fixed bug #38319 (Remove bogus warnings from persistent PDO connections). (Ilia)- Fixed bug #38274 (Memlimit fatal error sent to "wrong" stderr when using fastcgi). (Dmitry)- Fixed bug #38252 (Incorrect PDO error message on invalid default fetch mode). (Ilia)- Fixed bug #37927 (Prevent trap when COM extension processes argument of type VT_DISPATCH|VT_REF) (Andy)- Fixed bug #37773 (iconv_substr() gives "Unknown error" when string length = 1"). (Ilia)- Fixed bug #37627 (session save_path check checks the parent directory). (Ilia)- Fixed bug #37619 (proc_open() closes stdin on fork() failure). (jdolecek at NetBSD dot org, Nuno)- Fixed bug #37588 (COM Property propputref converts to PHP function and can't be accesed). (Rob)- Fixed bug #36975 (natcasesort() causes array_pop() to misbehave). (Hannes)- Fixed bug #36812 (pg_execute() modifies input array). (Ilia)- Fixed bug #36798 (Error parsing named parameters with queries containing high-ascii chars). (Ilia)- Fixed bug #36644 (possible crash in variant_date_from_timestamp()). (Ilia)- Fixed bug #36427 (proc_open() / proc_close() leak handles on windows). (jdolecek at NetBSD dot org, Nuno)- Fixed bug #36392 (wrong number of decimal digits with %e specifier in sprintf). (Matt,Ilia)- Fixed bug #36214 (__get method works properly only when conditional operator is used). (Dmitry)- Fixed bug #35634 (Erroneous "Class declarations may not be nested" error raised). (Carl P. Corliss, Dmitry)- Fixed bug #35106 (nested foreach fails when array variable has a reference). (Dmitry)- Fixed bug #34564 (COM extension not returning modified "out" argument) (Andy)- Fixed bug #33734 (Something strange with COM Object). (Rob)- Fixed bug #33386 (ScriptControl only sees last function of class). (Rob)- Fixed bug #33282 (Re-assignment by reference does not clear the is_ref flag) (Ilia, Dmitry, Matt Wilmas)- Fixed bug #30074 (apparent symbol table error with extract($blah, EXTR_REFS)) (Brian)- Fixed bug #29840 (is_executable() does not honor safe_mode_exec_dir setting). (Ilia)- Fixed PECL bug #7295 (ORA-01405: fetched column value is NULL on LOB fields). (Tony)02 Nov 2006, PHP 5.2.0- Updated bundled OpenSSL to version 0.9.8d in the Windows distro. (Edin)- Updated Postgresql client libraries to 8.1.4 in the Windows distro. (Edin)- Updated PCRE to version 6.7. (Ilia)- Updated libsqlite in ext/pdo_sqlite to 3.3.7. (Ilia)- Updated bundled MySQL client library to version 5.0.22 in the Windows distribution. (Edin)- Updated timezonedb to version 2006.7. (Derick)- Added ability to make SOAP call userspace PHPXML converters. (Dmitry)- Added support for character sets in pg_escape_string() for PostgreSQL 8.1.4 and higher. (Ilia)- Added support for character sets in PDO quote() method for PostgreSQL 8.1.4 and higher. (Ilia)- Added DSA key generation support to openssl_pkey_new(), FR #38731 (marci at balabit dot hu, Tony)- Added SoapServer::setObject() method (it is a simplified version of SoapServer::setClass() method). (Dmitry)- Added support for hexadecimal entity in imagettftext() for the bundled GD. (Pierre)- Added support for httpOnly flag for session extension and cookie setting functions. (Scott MacVicar, Ilia)- Added version specific registry keys to allow different configurations for different php version. (Richard, Dmitry)- Added "PHPINIDir" Apache directive to apache and apache_hooks SAPIs. (Dmitry)- Added an optional boolean parameter to memory_get_usage() and memory_get_peak_usage() to get memory size allocated by emalloc() or real size of memory allocated from system. (Dmitry)- Added Zip Archive extension. (Pierre)- Added RFC1867 fileupload processing hook. (Stefan E.)- Added JSON and Filter extensions. (Derick, Rasmus)- Added error messages to disk_free_space() and disk_total_space() functions. FR #37971 (Tony)- Added PATHINFO_FILENAME option to pathinfo() to get the filename. (Toby S. and Christian S.)- Added array_fill_keys() function. (Marcus, Matt Wilmas)- Added posix_initgroups() function. (Ilia)- Added an optional parameter to parse_url() to allow retrieval of distinct URL components. (Ilia)- Added optional parameter to http_build_query() to allow specification of string separator. (Ilia)- Added image_type_to_extension() function. (Hannes, Ilia)- Added allow_url_include ini directive to complement allow_url_fopen. (Rasmus)- Added automatic module globals management. (Dmitry)- Added RFC2397 (data: stream) support. (Marcus)- Added new error mode E_RECOVERABLE_ERROR. (Derick, Marcus, Tony)- Added support for getenv() input filtering. (Rasmus)- Added support for constructors in interfaces to force constructor signature checks in implementations. (Marcus)- Added memory_get_peak_usage() function for retrieving peak memory usage of a PHP script. (Ilia)- Added pg_field_table() function. (Edin)- Added SimpleXMLElement::saveXML() as an alias for SimpleXMLElement::asXML(). (Hannes)- Added DOMNode::getNodePath() for getting an XPath for a node. (Christian)- Added gmp_nextprime() function. (ants dot aasma at gmail dot com, Tony)- Added error_get_last() function. (Mike)- Removed current working directory from the php.ini search path for CLI and re-added it for other SAPIs (restore to pre 5.1.x behavior). (Edin)- Moved extensions to PECL: . ext/filepro (Derick, Tony) . ext/hwapi (Derick, Tony)- Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled. (Stefan E., Ilia)- Increased default memory limit to 16 megabytes to accommodate for a more accurate memory utilization measurement.- In addition to path to php.ini, PHPRC now may specify full file name. (Dmitry)- Optimized array/HashTable copying. (Matt Wilmas, Dmitry)- Optimized zend_try/zend_catch macros by eliminating memcpy(3). (Dmitry)- Optimized require_once() and include_once() by eliminating fopen(3) on second usage. (Dmitry)- Optimized request shutdown sequence. Restoring ini directives now iterates only over modified directives instead of all. (Dmitry)- Changed priority of PHPRC environment variable on win32 to be higher then value from registry. (Dmitry)- Changed __toString() to be called wherever applicable. (Marcus)- Changed E_ALL error reporting mode to include E_RECOVERABLE_ERROR. (Marcus)- Changed realpath cache to be disabled when "open_basedir" or "safe_mode" are enabled on per-request basis. (Ilia)- Improved SNMP extension: (Jani) . Renamed snmp_set_oid_numeric_print() to snmp_set_oid_output_format(). . Added 2 new constants: SNMP_OID_OUTPUT_FULL and SNMP_OID_OUTPUT_NUMERIC . Fixed bug #37564 (AES privacy encryption not possible due to net-snmp 5.2 compatibility issue). (Patch: scott dot moynes+php at gmail dot com)- Improved OpenSSL extension: (Pierre) . Added support for all supported algorithms in openssl_verify . Added openssl_pkey_get_details, returns the details of a key . Added x509 v3 extensions support . Added openssl_csr_get_subject() and openssl_csr_get_public_key() . Added 3 new constants OPENSSL_VERSION_TEXT and OPENSSL_VERSION_NUMBER and OPENSSL_KEYTYPE_EC- Improved the Zend memory manager: (Dmitry) . Removed unnecessary "--disable-zend-memory-manager" configure option. . Added "--enable-malloc-mm" configure option which is enabled by default in debug builds to allow using internal and external memory debuggers. . Allow tweaking the memory manager with ZEND_MM_MEM_TYPE and ZEND_MM_SEG_SIZE environment variables. . For more information: Zend/README.ZEND_MM- Improved safe_mode check for the error_log() function. (Ilia)- Improved the error reporting in SOAP extension on request failure. (Ilia)- Improved crypt() on win32 to be about 10 times faster and to have friendlier license. (Frank, Dmitry)- Improved performance of the implode() function on associated arrays. (Ilia)- Improved performance of str_replace() when doing 1 char to 1 char or 1 char to many chars replacement. (Ilia)- Improved apache2filter SAPI: . Allowed PHP to be an arbitrary filter in the chain and read the script from the Apache stream. (John) . Added support for apache2filter in the Windows build including binary support for both Apache 2.0.x (php5apache2_filter.dll) and Apache 2.2.x (php5apache2_2_filter.dll). (Edin)- Improved apache2handler SAPI: . Changed ap_set_content_type() to be called only once. (Mike) . Added support for Apache 2.2 handler in the Windows distribution. (Edin)- Improved FastCGI SAPI: (Dmitry) . Removed source compatibility with libfcgi. . Optimized access to FastCGI environment variables by using HashTable instead of linear search. . Allowed PHP_FCGI_MAX_REQUESTS=0 that assumes no limit. . Allowed PHP_FCGI_CHILDREN=0 that assumes