Fixed bug #70958 (Invalid opcode while using ::class as trait method paramater default value).
Fixed bug #70957 (self::class can not be resolved with reflection for abstract class).
Fixed bug #70944 (try{ } finally{} can create infinite chains of exceptions).
Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol: php_register_internal_extensions).
FPM:
Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (CVE-2016-5114)
GD:
Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). (CVE-2016-1903)
Mysqlnd:
Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
SOAP:
Fixed bug #70900 (SoapClient systematic out of memory error).
Standard:
Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number of parameters).
PDO_Firebird:
Fixed bug #60052 (Integer returned as a 64bit integer on X64_86).
WDDX:
Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability).
XMLRPC:
Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).
Version 5.6.16
Core:
Fixed bug #70828 (php-fpm 5.6 with opcache crashes when referencing a non-existent constant).
Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l).
Mysqlnd:
Fixed bug #68344 (MySQLi does not provide way to disable peer certificate validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT connection flag.
Made calls from incompatible context issue an E_DEPRECATED warning instead of E_STRICT (phase 1 of RFC: https://wiki.php.net/rfc/incompat_ctx).
Uploads equal or greater than 2GB in size are now accepted.
Reduced POST data memory usage by 200-300%. Changed INI setting always_populate_raw_post_data to throw a deprecation warning when enabling and to accept -1 for never populating the $HTTP_RAW_POST_DATA global variable, which will be the default in future PHP versions.
Implemented dedicated syntax for variadic functions (RFC: https://wiki.php.net/rfc/variadics).
Fixed bug #50333 Improving multi-threaded scalability by using emalloc/efree/estrdup (Anatol, Dmitry)
Implemented constant scalar expressions (with support for constants) (RFC: https://wiki.php.net/rfc/const_scalar_exprs).
Peer name verification matches SAN DNS names for certs using the Subject Alternative Name x509 extension.
Fixed segfault when built against OpenSSL>=1.0.1 (Daniel Lowrey)
Added SPKAC support.
Fallback to Windows CA cert store for peer verification if no openssl.cafile ini directive or "cafile" SSL context option specified in Windows.
The openssl.cafile and openssl.capath ini directives introduced in alpha2 now have PHP_INI_PERDIR accessibility (was PHP_INI_ALL).
New "peer_name" SSL context option replaces "CN_match" (which still works as before but triggers E_DEPRECATED).
Fixed segfault when accessing non-existent context for client SNI use (Daniel Lowrey)
Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
Fixed bug #47030 (add new boolean "verify_peer_name" SSL context option allowing clients to verify cert names separately from the cert itself). "verify_peer_name" is enabled by default for client streams.
New openssl_get_cert_locations() function to aid CA file and peer verification debugging.
Encrypted stream wrappers now disable TLS compression by default.
New "capture_session_meta" SSL context option allows encrypted client and server streams access to negotiated protocol/cipher information.
New "honor_cipher_order" SSL context option allows servers to prioritize cipher suites of their choosing when negotiating SSL/TLS handshakes.
New "single_ecdh_use" and "single_dh_use" SSL context options allow for improved forward secrecy in encrypted stream servers.
New "dh_param" SSL context option allows stream servers control over the parameters when negotiating DHE cipher suites.
New "ecdh_curve" SSL context option allowing stream servers to specify the curve to use when negotiating ephemeral ECDHE ciphers (defaults to NIST P-256).
New "rsa_key_size" SSL context option gives stream servers control over the key size (in bits) used for RSA key agreements.
Crypto methods for encrypted client and server streams now use bitwise flags for fine-grained protocol support.
Added new tlsv1.0 stream wrapper to specify TLSv1 client/server method. tls wrapper now negotiates TLSv1, TLSv1.1 or TLSv1.2.
Encrypted client streams now enable SNI by default.
Encrypted streams now prioritize ephemeral key agreement and high strength ciphers by default.
New OPENSSL_DEFAULT_STREAM_CIPHERS constant exposes default cipher list.
New STREAM_CRYPTO_METHOD_* constants for enhanced control over the crypto methods negotiated encrypted server/client sessions.
Encrypted stream servers now automatically mitigate potential DoS vector arising from client-initiated TLS renegotiation. New "reneg_limit", "reneg_window" and "reneg_limit_callback" SSL context options for custom renegotiation limiting control.
Fixed memory leak in windows cert verification on verify failure.
Peer certificate capturing via SSL context options now functions even if peer verification fails.
Encrypted TLS servers now support the server name indication TLS extension via the new "SNI_server_certs" SSL context option.
Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1).
Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault happen) (Dmitry, Laruence)
PCRE:
Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream).
Upgraded to PCRE 8.34.
Added support for (*MARK) backtracking verbs.
pgsql:
Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756), which affected builds against libpq < 7.3.
pg_insert()/pg_select()/pg_update()/pg_delete() are no longer EXPERIMENTAL.
Implemented FR #25854 (Return value for pg_insert should be resource instead of bool).
Implemented FR #41146 (Add "description" with exteneded flag pg_meta_data(). pg_meta_data(resource $conn, string $table [, bool extended]) It also made pg_meta_data() return "is enum" always).
Read-only access to the socket stream underlying database connections is exposed via a new pg_socket() function to allow read/write polling when establishing asynchronous connections and executing queries in non-blocking applications.
Asynchronous connections are now possible using the PGSQL_CONNECT_ASYNC flag in conjunction with a new pg_connect_poll() function and connection polling status constants.
New pg_flush() and pg_consume_input() functions added to manually complete non-blocking reads/writes to underlying connection sockets.
pg_version() returns full report which obtained by PQparameterStatus().
Added pg_lo_truncate().
Added 64bit large object support for PostgreSQL 9.3 and later.
Fixed bug #67555 (Cannot build against libpq 7.3).
phpdbg:
Fixed bug #67575 (Compilation fails for phpdbg when the build directory != src directory).
Fixed bug #67499 (readline feature not enabled when build with libedit).
Fixed issue GH-94 (List behavior is inconsistent).
Fixed issue GH-97 (The prompt should always ensure it is on a newline).
Fixed issue GH-98 (break if does not seem to work).
Fixed issue GH-99 (register function has the same behavior as run).
Fixed issue GH-100 (No way to list the current stack/frames) (Help entry was missing).
Fixed bug which caused phpdbg to fail immediately on startup in non-debug builds.
Fixed bug #63657 (pgsqlCopyFromFile, pgsqlCopyToArray use Postgres < 7.3 syntax).
Cleaned up code by increasing the requirements to libpq versions providing PQexecParams, PQprepare, PQescapeStringConn, PQescapeByteaConn. According to the release notes that means 8.0.8+ or 8.1.4+.
Deprecated PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT, an undocument constant effectively equivalent to PDO::ATTR_EMULATE_PREPARES.
Added PDO::PGSQL_ATTR_DISABLE_PREPARES constant to execute the queries without preparing them, while still passing parameters separately from the command text using PQexecParams.
PDO_firebird:
Fixed bug #66071 (memory corruption in error handling) (Popa)
Phar:
Fixed bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name).
Fixed bug #67587 (Redirection loop on nginx with FPM).
readline:
Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt).
Fixed bug #67496 (Save command history when exiting interactive shell with control-c).
Reflection:
Implemented FR #67713 (loosen the restrictions on ReflectionClass::newInstanceWithoutConstructor()).
Session:
Fixed bug #67694 (Regression in session_regenerate_id()).
Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
Fixed bug #66827 (Session raises E_NOTICE when session name variable is array).
Fixed bug #65315 (session.hash_function silently fallback to default md5) (Yasuo)
Implemented FR #17860 (Session write short circuit).
Implemented FR #20421 (session_abort() and session_reset() function).
Remove session_gc() and session_serializer_name() wich were introduced in the first 5.6.0 alpha.
Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions) which protects against session fixation attacks and session collisions (CVE-2011-4718).
Fixed possible buffer overflow under Windows. Note: Not a security fix.
Changed session.auto_start to PHP_INI_PERDIR.
SOAP:
Fixed bug #65018 (SoapHeader problems with SoapServer).
SPL:
Fixed bug #65328 (Segfault when getting SplStack object Value).
Added RecursiveTreeIterator setPostfix and getPostifx methods.
Fixed bug #61828Memleak when calling Directory(Recursive)Iterator/Spl(Temp)FileObject ctor twice.
CGI/FastCGI SAPI:
Added PHP_FCGI_BACKLOG, overrides the default listen backlog.
Version 5.5.0
Drop support for bison < 2.4 when building PHP from GIT source
Improved Zend Engine:
Added ARMv7/v8 versions of various Zend arithmetic functions that are implemented using inline assembler
Added systemtap support by enabling systemtap compatible dtrace probes on linux
Optimized access to temporary and compiled VM variables. 8% less memory reads
The VM stacks for passing function arguments and syntaticaly nested calls
were merged into a single stack. The stack size needed for op_array
execution is calculated at compile time and preallocated at once. As result
all the stack push operations don't require checks for stack overflow
any more
General improvements:
Added generators and coroutines.
Added "finally" keyword.
Added simplified password hashing API.
Added support for constant array/string dereferencing.
Added Class Name Resolution As Scalar Via "class" Keyword
Added support for using empty() on the result of function calls and other expressions
Added support for non-scalar Iterator keys in foreach
Added support for list in foreach
Core:
Added Zend Opcache extension and enable building it by default.
Added array_column function which returns a column in a multidimensional array
Added boolval()
Added "Z" option to pack/unpack
Added optional second argument for assert() to specify custom message
Added support for changing the process's title in CLI/CLI-Server SAPIs. The implementation is more robust that the proctitle PECL module
Improve set_exception_handler while doing reset
Return previous handler when passing NULL to set_error_handler and set_exception_handler
Implemented FR #64175 (Added HTTP codes as of RFC 6585)
Implemented FR #60738 (Allow 'set_error_handler' to handle NULL)
Implemented FR #60524 (specify temp dir by php.ini)
Implemented FR #46487 (Dereferencing process-handles no longer waits on those processes)
Fixed bug #65051 (count() off by one inside unset())
Fixed bug #64988 (Class loading order affects E_STRICT warning)
Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC)
Fixed bug #64960 (Segfault in gc_zval_possible_root)
Fixed bug #64936 (doc comments picked up from previous scanner run)
Fixed bug #64934 (Apache2 TS crash with get_browser())
Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE 2013-2110)
Fixed bug #64853 (Use of no longer available ini directives causes crash on TS build)
Fixed bug #64821 (Custom Exceptions crash when internal properties overridden)
Fixed bug #49348 (Uninitialized ++$foo->bar; does not cause a notice)
Fixed bug #23955 allow specifying Max-Age attribute in setcookie()
Fixed bug #18556 (Engine uses locale rules to handle class names)
Fix undefined behavior when converting double variables to integers. The double is now always rounded towards zero, the remainder of its division by 2^32 or 2^64 (depending on sizeof(long)) is calculated and it's made signed assuming a two's complement representation
Fixed bug #53437 (Crash when using unserialized DatePeriod instance)
dba:
Fixed bug #62489 (dba_insert not working as expected)
Filter:
Implemented FR #49180 (added MAC address validation)
Fileinfo:
Upgraded libmagic to 5.14.
Fixed bug #64830 (mimetype detection segfaults on mp3 file)
Fixed bug #63590 (Different results in TS and NTS under Windows)
Fixed bug #63248 (Load multiple magic files from a directory under Windows)
FPM:
Add --with-fpm-systemd option to report health to systemd, and
systemd_interval option to configure this. The service can now use
Type=notify in the systemd unit file.
Ignore QUERY_STRING when sent in SCRIPT_FILENAME
Log a warning when a syscall fails
Implemented FR #64764 (add support for FPM init.d script)
Fixed bug #64915 (error_log ignored when daemonize=0)
Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11)
Fixed some possible memory or resource leaks and possible null dereference
detected by code coverity scan
Fixed bug #64961 (segfault in imagesetinterpolation)
Fix build with system libgd >= 2.1 which is now the minimal
version required (as build with previous version is broken).
No change when bundled libgd is used
Upgraded libgd to 2.1
hash:
Added support for PBKDF2 via hash_pbkdf2().
Fixed bug #64745 (hash_pbkdf2() truncates data when using default length
and hex output)
intl:
Added UConverter wrapper.
The intl extension now requires ICU 4.0+
Added intl.use_exceptions INI directive, which controls what happens when
global errors are set together with intl.error_level
MessageFormatter::format() and related functions now accepted named
arguments and mixed numeric/named arguments in ICU 4.8+
MessageFormatter::format() and related functions now don't error out when
an insufficient argument count is provided. Instead, the placeholders will
remain unsubstituted
MessageFormatter::parse() and MessageFormat::format() (and their static
equivalents) don't throw away better than second precision in the arguments
IntlDateFormatter::__construct and datefmt_create() now accept for the
$timezone argument time zone identifiers, IntlTimeZone objects, DateTimeZone
objects and NULL
IntlDateFormatter::__construct and datefmt_create() no longer accept invalid
timezone identifiers or empty strings
The default time zone used in IntlDateFormatter::__construct and
datefmt_create() (when the corresponding argument is not passed or NULL is
passed) is now the one given by date_default_timezone_get(), not the
default ICU time zone
The time zone passed to the IntlDateFormatter is ignored if it is NULL and
if the calendar passed is an IntlCalendar object -- in this case, the
IntlCalendar's time zone will be used instead. Otherwise, the time zone
specified in the $timezone argument is used instead. This does not affect
old code, as IntlCalendar was introduced in this version
IntlDateFormatter::__construct and datefmt_create() now accept for the
$calendar argument also IntlCalendar objects
IntlDateFormatter::getCalendar() and datefmt_get_calendar() return false
if the IntlDateFormatter was set up with an IntlCalendar instead of the
constants IntlDateFormatter::GREGORIAN/TRADITIONAL. IntlCalendar did not
exist before this version
IntlDateFormatter::setCalendar() and datefmt_set_calendar() now also accept
an IntlCalendar object, in which case its time zone is taken. Passing a
constant is still allowed, and still keeps the time zone
IntlDateFormatter::setTimeZoneID() and datefmt_set_timezone_id() are
deprecated. Use IntlDateFormatter::setTimeZone() or datefmt_set_timezone()
instead
IntlDateFormatter::format() and datefmt_format() now also accept an
IntlCalendar object for formatting
Added the classes: IntlCalendar, IntlGregorianCalendar, IntlTimeZone,
IntlBreakIterator, IntlRuleBasedBreakIterator and
IntlCodePointBreakIterator
Added the methods: IntlDateFormatter::formatObject(),
IntlDateFormatter::getCalendarObject(), IntlDateFormatter::getTimeZone(),
IntlDateFormatter::setTimeZone()
Added the functions: datefmt_format_object(), datefmt_get_calendar_object(),
datefmt_get_timezone(), datefmt_set_timezone(),
datefmt_get_calendar_object(), intlcal_create_instance()
mbstring:
Fixed bug #64769 (mbstring PHPTs crash on Windows x64).
MCrypt:
mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb() and mcrypt_ofb() now throw E_DEPRECATED.
mysql:
This extension is now deprecated, and deprecation warnings will be generated
when connections are established to databases via mysql_connect(),
mysql_pconnect(), or through implicit connection: use MySQLi or PDO_MySQL
instead
Dropped support for LOAD DATA LOCAL INFILE handlers when using libmysql.
Known for stability problems
Added support for SHA256 authentication available with MySQL 5.6.6+
mysqli:
Added mysqli_begin_transaction()/mysqli::begin_transaction(). Implemented
all options, per MySQL 5.6, which can be used with START TRANSACTION, COMMIT
and ROLLBACK through options to mysqli_commit()/mysqli_rollback() and their
respective OO counterparts. They work in libmysql and mysqlnd mode
Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB
pointer has closed)
Fixed bug #64394 (MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS undeclared when
using Connector/C)
mysqlnd:
Add new begin_transaction() call to the connection object. Implemented all
options, per MySQL 5.6, which can be used with START TRANSACTION, COMMIT
and ROLLBACK
Fixed bug #64660 (Segfault on memory exhaustion within function definition).
Calendar:
Fixed bug #64895 (Integer overflow in SndToJewish).
Fileinfo:
Fixed bug #64830 (mimetype detection segfaults on mp3 file).
FPM:
Ignore QUERY_STRING when sent in SCRIPT_FILENAME.
Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan.
Log a warning when a syscall fails.
Add --with-fpm-systemd option to report health to systemd, and systemd_interval option to configure this. The service can now use Type=notify in the systemd unit file.
MySQLi
Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB pointer has closed).
Phar:
Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir).
SNMP:
Fixed bug #64765 (Some IPv6 addresses get interpreted wrong).
Fixed bug #62146 com_dotnet cannot be built shared
Fileinfo
Fixed bug #61812 (Uninitialised value used in libmagic)
FPM
Fixed bug #61812 (Uninitialised value used in libmagic)
Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a directory descriptor under windows
Fixed bug #61566 failure caused by the posix lseek and read versions under windows in cdf_read()
Iconv
Fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail
Intl
Fixed bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()
Fixed bug #60222 (time_nanosleep() does validate input params).
Fixed bug #60106 (stream_socket_server silently truncates long unix socket
paths).
Version 5.4.0
autoconf 2.59+ is now supported (and required) for generating the
configure script with ./buildconf. Autoconf 2.60+ is desirable
otherwise the configure help order may be incorrect.
Removed legacy features
break/continue $var syntax.
Safe mode and all related ini options.
register_globals and register_long_arrays ini options.
import_request_variables().
allow_call_time_pass_reference.
define_syslog_variables ini option and its associated function.
highlight.bg ini option.
Session bug compatibility mode (session.bug_compat_42 and
session.bug_compat_warn ini options).
session_is_registered(), session_register() and session_unregister()
functions.
y2k_compliance ini option.
magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase
ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept
but always return false, set_magic_quotes_runtime raises an
E_CORE_ERROR.
Removed support for putenv("TZ=..") for setting the timezone.
Removed the timezone guessing algorithm in case the timezone isn't set with
date.timezone or date_default_timezone_set(). Instead of a guessed
timezone, "UTC" is now used instead.
Moved extensions to PECL
ext/sqlite. (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are
not affected)
General improvements
Added short array syntax support ([1,2,3]), see UPGRADING guide for full
details.
Added binary numbers format (0b001010).
Added support for Class::{expr}() syntax.
Added multibyte support by default. Previously php had to be compiled
with --enable-zend-multibyte. Now it can be enabled or disabled through
zend.multibyte directive in php.ini.
Removed compile time dependency from ext/mbstring.
Added class member access on instantiation (e.g. (new foo)->bar()) support.
<?= is now always available regardless of the short_open_tag setting.
Implemented Zend Signal Handling (configurable option --enable-zend-signals,
off by default).
Improved output layer, see README.NEW-OUTPUT-API for internals.
Improved unix build system to allow building multiple PHP binary SAPIs and
one SAPI module the same time. #53271, #52419.
Implemented closure rebinding as parameter to bindTo.
Improved the warning message of incompatible arguments.
Improved ternary operator performance when returning arrays.
Changed error handlers to only generate docref links when the docref_root
INI setting is not empty.
Changed silent conversion of array to string to produce a notice.
Changed default value of "default_charset" php.ini option from ISO-8859-1 to
UTF-8.
Changed silent casting of null/''/false into an Object when adding
a property into a warning.
Changed E_ALL to include E_STRICT.
Disabled windows CRT warning by default, can be enabled again using the ini
directive windows_show_crt_warnings.
Fixed bug #55378: Binary number literal returns float number though its
value is small enough.
Improved Zend Engine memory usage
Improved parse error messages.
Replaced zend_function.pass_rest_by_reference by
ZEND_ACC_PASS_REST_BY_REFERENCE in zend_function.fn_flags.
Replaced zend_function.return_reference by ZEND_ACC_RETURN_REFERENCE
in zend_function.fn_flags.
Removed zend_arg_info.required_num_args as it was only needed for internal
functions. Now the first arg_info for internal functions (which has special
meaning) is represented by zend_internal_function_info structure.
Moved zend_op_array.size, size_var, size_literal, current_brk_cont,
backpatch_count into CG(context) as they are used only during compilation.
Moved zend_op_array.start_op into EG(start_op) as it's used only for
'interactive' execution of single top-level op-array.
Replaced zend_op_array.done_pass_two by ZEND_ACC_DONE_PASS_TWO in
zend_op_array.fn_flags.
op_array.vars array is trimmed (reallocated) during pass_two.
Replaced zend_class_entry.constants_updated by ZEND_ACC_CONSTANTS_UPDATED
in zend_class_entry.ce_flags.
Reduced the size of zend_class_entry by sharing the same memory space
by different information for internal and user classes.
See zend_class_entry.info union.
Reduced size of temp_variable.
Improved Zend Engine, performance tweaks and optimizations
Inlined most probable code-paths for arithmetic operations directly into
executor.
Eliminated unnecessary iterations during request startup/shutdown.
Changed $GLOBALS into a JIT autoglobal, so it's initialized only if used.
(this may affect opcode caches!)
Improved performance of @ (silence) operator.
Simplified string offset reading. $str[1][0] is now a legal construct.
Added caches to eliminate repeatable run-time bindings of functions,
classes, constants, methods and properties.
Added concept of interned strings. All strings constants known at compile
time are allocated in a single copy and never changed.
ZEND_RECV now always has IS_CV as its result.
ZEND_CATCH now has to be used only with constant class names.
ZEND_FETCH_DIM_? may fetch array and dimension operands in different order.
Simplified ZEND_FETCH_*_R operations. They can't be used with the
EXT_TYPE_UNUSED flag any more. This is a very rare and useless case.
ZEND_FREE might be required after them instead.
Split ZEND_RETURN into two new instructions ZEND_RETURN and
ZEND_RETURN_BY_REF.
Optimized access to global constants using values with pre-calculated
hash_values from the literals table.
Optimized access to static properties using executor specialization.
A constant class name may be used as a direct operand of ZEND_FETCH_*
instruction without previous ZEND_FETCH_CLASS.
zend_stack and zend_ptr_stack allocation is delayed until actual usage.
Other improvements to Zend Engine
Added an optimization which saves memory and emalloc/efree calls for empty
HashTables.
Added ability to reset user opcode handlers.
Changed the structure of op_array.opcodes. The constant values are moved from
opcode operands into a separate literal table.
Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods.
Fixed bug #43200 (Interface implementation / inheritence not possible in
abstract classes).
Improved core functions
Added optional argument to debug_backtrace() and debug_print_backtrace()
to limit the amount of stack frames returned.
Added hex2bin() function.
number_format() no longer truncates multibyte decimal points and thousand
separators to the first byte. #53457.
Added support for object references in recursive serialize() calls.
#36424.
Added support for SORT_NATURAL and SORT_FLAG_CASE in array
sort functions (sort, rsort, ksort, krsort, asort, arsort and
array_multisort). #55158.
Added stream metadata API support and stream_metadata() stream class
handler.
User wrappers can now define a stream_truncate() method that responds
to truncation, e.g. through ftruncate(). #53888.
Improved unserialize() performance.
Changed array_combine() to return empty array instead of FALSE when both
parameter arrays are empty. #34857.
Fixed invalid free in call_user_method() function.
Fixed crypt_blowfish handling of 8-bit characters. (CVE-2011-2483).
Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>).
Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
$double=false).
Fixed bug #60895 (Possible invalid handler usage in windows random
functions).
Fixed bug #60879 (unserialize() Does not invoke __wakeup() on object).
Fixed bug #60825 (Segfault when running symfony 2 tests).
Sanitized return values of existing functions. Now it returns FALSE on
failure.
Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to max_oids
upon request.
Introducing unit tests for extension with ~full coverage.
IPv6 support. (#42918)
Way of representing OID value can now be changed when SNMP_VALUE_OBJECT
is used for value output mode. Use or'ed SNMP_VALUE_LIBRARY(default if
not specified) or SNMP_VALUE_PLAIN. (#54502)
Fixed bug #60749 (SNMP module should not strip non-standard SNMP port
from hostname).
Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support
is disabled).
Fixed bug #53862 (snmp_set_oid_output_format does not allow returning to default).
Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly).
Fixed bug #46065 (snmp_set_quick_print() persists between requests).
Fixed bug #45893 (Snmp buffer limited to 2048 char).
Fixed bug #54089 (token_get_all with regards to __halt_compiler is
not binary safe).
Improved XSL extension
Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs() to
define forbidden operations within XSLT stylesheets, default is not to
enable write operations from XSLT. Fixed bug #54446.
XSL doesn't stop transformation anymore, if a PHP function can't be called
Improved ZLIB extension
Re-implemented non-file related functionality.
Fixed bug #55544 (ob_gzhandler always conflicts with zlib.output_compression).
Version 5.3.29
Core:
Fixed bug #66127 (Segmentation fault with ArrayObject unset).
Fixed bug #62146 com_dotnet cannot be built shared
Fileinfo
Fixed bug #61812 (Uninitialised value used in libmagic)
Iconv
Fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail
Intl
Fixed bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()
Fixed memory leak when calling SplFileInfo's constructor twice.
Fixed bug #61418 (Segmentation fault when DirectoryIterator's or
FilesystemIterator's iterators are requested more than once without
having had its dtor callback called in between).
Fixed bug #61347 (inconsistent isset behavior of Arrayobject).
Fixed bug #61371 (stream_context_create() causes memory leaks on use
streams_socket_create).
Fixed bug #61253 (Wrappers opened with errors concurrency problem on ZTS).
Fixed bug #61115 (stream related segfault on fatal error in
php_stream_context_link).
Fixed bug #60817 (stream_get_line() reads from stream even when there is
already sufficient data buffered). stream_get_line() now behaves more like
fgets(), as is documented.
Further fix for bug Fixed bug #60455 (stream_get_line misbehaves if EOF is not
detected together with the last read).
Fixed bug #60106 (stream_socket_server silently truncates long unix
socket paths).
Implemented FR #54577 (Enhanced status page with full status and details
about each processes. Also provide a web page (status.html) for
real-time FPM status. (fat)
Enhance error log when the primary script can't be open. FR #60199. (fat)
Added .phar to default authorized extensions. (fat)
Postgres:
Fixed bug #60244 (pg_fetch_* functions do not validate that row param
is >0). (Ilia)
Reflection:
Fixed bug #60367 (Reflection and Late Static Binding). (Laruence)
Session:
Fixed bug #55267 (session_regenerate_id fails after header sent). (Hannes)
SimpleXML:
Reverted the SimpleXML->query() behaviour to returning empty arrays
instead of false when no nodes are found as it was since 5.3.3
(bug #48601). (chregu, rrichards)
SOAP
Fixed bug #54911 (Access to a undefined member in inherit SoapClient may
cause Segmentation Fault). (Dmitry)
Fixed bug #48216 (PHP Fatal error: SOAP-ERROR: Parsing WSDL:
Extra content at the end of the doc, when server uses chunked transfer
encoding with spaces after chunk size). (Dmitry)
Fixed bug #44686 (SOAP-ERROR: Parsing WSDL with references). (Dmitry)
Sockets:
Fixed bug #60048 (sa_len a #define on IRIX). (china at thewrittenword dot
com)
SPL:
Fixed bug #60082 (Crash in ArrayObject() when using recursive references).
(Tony)
Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
(jgotti at modedemploi dot fr, Hannes)
Fixed bug #54304 (RegexIterator::accept() doesn't work with scalar values).
(Hannes)
Streams:
Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together
with the last read). (Gustavo)
Added xsl.security_prefs ini option to define forbidden operations within
XSLT stylesheets, default is not to enable write operations. This option
won't be in 5.4, since there's a new method. Fixes Bug #54446. (Chregu,
Nicolas Gregoire)
Version 5.3.8
Core:
Fixed bug #55439 (crypt() returns only the salt for MD5). (Stas)
OpenSSL:
Reverted a change in timeout handling restoring PHP 5.3.6 behavior,
as the new behavior caused mysqlnd SSL connections to hang (
bug #55283).
(Pierre, Andrey, Johannes)
Version 5.3.7
Upgraded bundled SQLite to version 3.7.7.1. (Scott)
Upgraded bundled PCRE to version 8.12. (Scott)
Zend Engine:
Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even though the class has none). (Felipe)
Fixed bug #55007 (compiler fail after previous fail). (Felipe)
Fixed bug #54910 (Crash when calling call_user_func with unknown function name). (Dmitry)
Fixed bug #54804 (__halt_compiler and imported namespaces). (Pierrick, Felipe)
Fixed bug #54624 (class_alias and type hint). (Felipe)
Fixed bug #55014 (Compile failure due to improper use of ctime_r()). (Ilia)
Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). (Felipe) Reported by Krzysztof Kotowicz. (CVE-2011-2202)
Fixed bug #54935 php_win_err can lead to crash. (Pierre)
Fixed bug #54924 (assert.* is not being reset upon request shutdown). (Ilia)
Fixed bug #54895 (Fix compiling with older gcc version without need for membar_producer macro). (mhei at heimpold dot de)
Fixed bug #54866 (incorrect accounting for realpath_cache_size). (Dustin Ward)
Fixed bug #54723 (getimagesize() doesn't check the full ico signature). (Scott)
Fixed bug #54721 (Different Hashes on Windows, BSD and Linux on wrong Salt size). (Pierre, os at irj dot ru)
Fixed bug #54580 (get_browser() segmentation fault when browscap ini directive is set through php_admin_value). (Gustavo)
Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption). (Dmitry)
Fixed bug #54305 (Crash in gc_remove_zval_from_buffer). (Dmitry)
Fixed bug #54238 (use-after-free in substr_replace()). (Stas) (CVE-2011-1148)
Fixed bug #54204 (Can't set a value with a PATH section in php.ini). (Pierre)
Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment). (tomas dot brastavicius at quantum dot lt, Pierrick)
Fixed bug #54137 (file_get_contents POST request sends additional line break). (maurice-php at mertinkat dot net, Ilia)
Fixed bug #53848 (fgetcsv() ignores spaces at beginnings of fields). (Ilia)
Alternative fix for bug Fixed bug #52550, as applied to the round() function (signed overflow), as the old fix impacted the algorithm for numbers with magnitude smaller than 0. (Gustavo)
Fixed bug #53727 (Inconsistent behavior of is_subclass_of with interfaces) (Ralph Schindler, Dmitry)
Fixed bug #52935 (call exit in user_error_handler cause stream relate core). (Gustavo)
Fixed bug #51997 (SEEK_CUR with 0 value, returns a warning). (Ilia)
Fixed bug #50816 (Using class constants in array definition fails). (Pierrick, Dmitry)
Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode filter). (slusarz at curecanti dot org)
Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using TMPDIR on Windows). (Pierre)
Apache2 Handler SAPI:
Fixed bug #54529 (SAPI crashes on apache_config.c:197). (hebergement at riastudio dot fr)
Fixed bug #51458 (Lack of error context with nested exceptions). (Stas)
Fixed bug #47143 (Throwing an exception in a destructor causes a fatal error). (Stas)
Fixed bug #43512 (same parameter name can be used multiple times in method/function definition). (Felipe)
Core:
Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/Proxy-Authorization (Dmitry)
Changed default value of ini directive serialize_precision from 100 to 17. (Gustavo)
Fixed bug #54055 (buffer overrun with high values for precision ini setting). (Gustavo)
Fixed bug #53959 (reflection data for fgetcsv out-of-date). (Richard)
Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a trailing forward slash). (lekensteyn at gmail dot com, Pierre)
Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos)
Fixed bug #48484 (array_product() always returns 0 for an empty array). (Ilia)
Fixed bug #48607 (fwrite() doesn't check reply from ftp server before exiting). (Ilia)
Calendar extension:
Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to segfault). (Gustavo)
DOM extension:
Implemented FR #39771 (Made DOMDocument::saveHTML accept an optional DOMNode like DOMDocument::saveXML). (Gustavo)
DateTime extension:
Fixed a bug in DateTime->modify() where absolute date/time statements had no effect. (Derick)
Fixed bug #53729 (DatePeriod fails to initialize recurrences on 64bit big-endian systems). (Derick, rein@basefarm.no)
Fixed bug #52808 (Segfault when specifying interval as two dates). (Stas)
Fixed bug #52738 (Can't use new properties in class extended from DateInterval). (Stas)
Fixed bug #52290 (setDate, setISODate, setTime works wrong when DateTime created from timestamp). (Stas)
Fixed bug #52063 (DateTime constructor's second argument doesn't have a null default value). (Gustavo, Stas)
Exif extension:
Fixed bug #54002 (crash on crafted tag, reported by Luca Carettoni). (Pierre) (CVE-2011-0708)
Filter extension:
Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number). (Ilia, Gustavo)
Fixed bug #53150 (FILTER_FLAG_NO_RES_RANGE is missing some IP ranges). (Ilia)
Fixed bug #52209 (INPUT_ENV returns NULL for set variables (CLI)). (Ilia)
Fixed bug #47435 (FILTER_FLAG_NO_RES_RANGE don't work with ipv6). (Ilia, valli at icsurselva dot ch)
Fileinfo extension:
Fixed bug #54016 (finfo_file() Cannot determine filetype in archives). (Hannes)
Gettext
Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE environment variable are set). (Pierre)
IMAP extension:
Implemented FR #53812 (get MIME headers of the part of the email). (Stas)
Fixed bug #53377 (imap_mime_header_decode() doesn't ignore \t during long MIME header unfolding). (Adam)
Intl extension:
Fixed bug #53612 (Segmentation fault when using cloned several intl objects). (Gustavo)
Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values). (Felipe)
Implemented clone functionality for number, date & message formatters. (Stas).
JSON extension:
Fixed bug #53963 (Ensure error_code is always set during some failed decodings). (Scott)
mysqlnd
Fixed problem with always returning 0 as num_rows for unbuffered sets. (Andrey, Ulf)
MySQL Improved extension:
Added 'db' and 'catalog' keys to the field fetching functions (FR #39847). (Kalle)
Fixed buggy counting of affected rows when using the text protocol. The collected statistics were wrong when multi_query was used with mysqlnd (Andrey)
Fixed bug #53795 (Connect Error from MySqli (mysqlnd) when using SSL). (Kalle)
Fixed bug #53503 (mysqli::query returns false after successful LOAD DATA query). (Kalle, Andrey)
Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to call libmysql). (Kalle, tre-php-net at crushedhat dot com)
OpenSSL extension:
Fixed stream_socket_enable_crypto() not honoring the socket timeout in server mode. (Gustavo)
Fixed bug #54060 (Memory leaks when openssl_encrypt). (Pierre)
Fixed bug #54061 (Memory leaks when openssl_decrypt). (Pierre)
Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode). (Gustavo)
Implemented FR #53447 (Cannot disable SessionTicket extension for servers that do not support it) by adding a no_ticket SSL context option. (Adam, Tony)
PDO MySQL driver:
Fixed bug #53551 (PDOStatement execute segfaults for pdo_mysql driver). (Johannes)
Implemented FR #47802 (Support for setting character sets in DSN strings). (Kalle)
PDO Oracle driver:
Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on ORACLE 10). (spatar at mail dot nnov dot ru)
PDO PostgreSQL driver:
Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu)
Phar extension:
Fixed bug #54247 (format-string vulnerability on Phar). (Felipe) (CVE-2011-1153)
Fixed bug #53541 (format string bug in ext/phar). (crrodriguez at opensuse dot org, Ilia)
Fixed bug #53898 (PHAR reports invalid error message, when the directory does not exist). (Ilia)
PHP-FPM SAPI:
Enforce security in the fastcgi protocol parsing. (ef-lists at email dotde)
Fixed bug #53777 (php-fpm log format now match php_error log format). (fat)
Fixed bug #53527 (php-fpm --test doesn't set a valuable return value). (fat)
Fixed bug #53434 (php-fpm slowlog now also logs the original request). (fat)
Readline extension:
Fixed bug #53630 (Fixed parameter handling inside readline() function). (jo at feuersee dot de, Ilia)
Reflection extension:
Fixed bug #53915 (ReflectionClass::getConstant(s) emits fatal error on constants with self::). (Gustavo)
Shmop extension:
Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe) Reported by Jose Carlos Norte (CVE-2011-1092)
SNMP extension:
Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly). (Boris Lytochkin)
SOAP extension:
Fixed possible crash introduced by the NULL poisoning patch. (Mateusz Kocielski, Pierre)
SPL extension:
Fixed memory leak in DirectoryIterator::getExtension() and SplFileInfo::getExtension(). (Felipe)
Fixed bug #53914 (SPL assumes HAVE_GLOB is defined). (Chris Jones)
Fixed bug #53515 (property_exists incorrect on ArrayObject null and 0 values). (Felipe)
Fixed symbolic resolution support when the target is a DFS share. (Pierre)
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data) (CVE-2010-3710). (Adam)
General improvements:
Added stat support for zip stream. (Pierre)
Added follow_location (enabled by default) option for the http stream
support. (Pierre)
Improved support for is_link and related functions on Windows. (Pierre)
Added a 3rd parameter to get_html_translation_table. It now takes a charset
hint, like htmlentities et al. (Gustavo)
Implemented feature requests:
Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect
zend multibyte at runtime. (Kalle)
Implemented FR #52173, added functions pcntl_get_last_error() and
pcntl_strerror(). (nick dot telford at gmail dot com, Arnaud)
Implemented symbolic links support for open_basedir checks. (Pierre)
Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre)
Implemented FR #50692, not uploaded files don't count towards
max_file_uploads limit. As a side improvement, temporary files are not opened
for empty uploads and, in debug mode, 0-length uploads. (Gustavo)
Improved MySQLnd:
Added new character sets to mysqlnd, which are available in MySQL 5.5
(Andrey)
Improved PHP-FPM SAPI:
Added '-p/--prefix' to php-fpm to use a custom prefix and run multiple
instances. (fat)
Added custom process title for FPM. (fat)
Added '-t/--test' to php-fpm to check and validate FPM conf file. (fat)
Added statistics about listening socket queue length for FPM.
(andrei dot nigmatulin at gmail dot com, fat)
Core:
Fixed extract() to do not overwrite $GLOBALS and $this when using
EXTR_OVERWRITE. (jorto at redhat dot com)
Fixed bug in the Windows implementation of dns_get_record, where the two
last parameters wouldn't be filled unless the type were DNS_ANY (Gustavo).
Changed the $context parameter on copy() to actually have an effect. (Kalle)
Fixed htmlentities/htmlspecialchars accepting certain ill-formed UTF-8
sequences. (Gustavo)
Fixed bug #53409 (sleep() returns NULL on Windows). (Pierre)
Fixed bug #53319 (strip_tags() may strip '<br />' incorrectly). (Felipe)
Fixed bug #53304 (quot_print_decode does not handle lower-case hex digits).
(Ilia, daniel dot mueller at inexio dot net)
Fixed bug #53226 (file_exists fails on big filenames). (Adam)
Fixed bug #53198 (changing INI setting "from" with ini_set did not have any
effect). (Gustavo)
Fixed bug #53180 (post_max_size=0 not disabling the limit when the content
type is application/x-www-form-urlencoded or is not registered with PHP).
(gm at tlink dot de, Gustavo)
Fixed bug #53141 (autoload misbehaves if called from closing session).
(ladislav at marek dot su)
Fixed bug #53021 (In html_entity_decode, failure to convert numeric entities
with ENT_NOQUOTES and ISO-8859-1). Fixed and extended the fix of ENT_NOQUOTES
in html_entity_decode that had introduced the bug (rev #185591) to other
encodings. Additionaly, html_entity_decode() now doesn't decode " if
ENT_NOQUOTES is given. (Gustavo)
Fixed bug #52931 (strripos not overloaded with function overloading enabled).
(Felipe)
Fixed bug #52772 (var_dump() doesn't check for the existence of
get_class_name before calling it). (Kalle, Gustavo)
Fixed bug #52534 (var_export array with negative key). (Felipe)
Fixed bug #52327 (base64_decode() improper handling of leading padding in
strict mode). (Ilia)
Fixed bug #52260 (dns_get_record fails with non-existing domain on Windows).
(a_jelly_doughnut at phpbb dot com, Pierre)
Fixed bug #50953 (socket will not connect to IPv4 address when the host has
both IPv4 and IPv6 addresses, on Windows). (Gustavo, Pierre)
Fixed bug #50524 (proc_open on Windows does not respect cwd as it does on
other platforms). (Pierre)
Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number
of reported malformed sequences). (CVE-2010-3870) (Gustavo)
Fixed bug #50410 (curl extension slows down PHP on Windows). (Pierre)
DateTime extension:
Fixed bug #53297 (gettimeofday implementation in php/win32/time.c can return
1 million microsecs). (ped at 7gods dot org)
Fixed bug #52668 (Iterating over a dateperiod twice is broken). (Derick)
Fixed bug #52454 (Relative dates and getTimestamp increments by one day).
(Derick)
Fixed bug #52430 (date_parse parse 24:xx:xx as valid time). (Derick)
Added support for the ( and ) delimiters/separators to
DateTime::createFromFormat(). (Derick)
DBA extension:
Added Berkeley DB 5.1 support to the DBA extension. (Oracle Corp.)
DOM extension:
Fixed bug #52656 (DOMCdataSection does not work with splitText). (Ilia)
Filter extension:
Fixed the filter extension accepting IPv4 octets with a leading 0 as that
belongs to the unsupported "dotted octal" representation. (Gustavo)
Fixed bug #53236 (problems in the validation of IPv6 addresses with leading
and trailing :: in the filter extension). (Gustavo)
Fixed bug #50117 (problems in the validation of IPv6 addresses with IPv4
addresses and ::). (Gustavo)
GD extension:
Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre)
GMP extension:
Fixed bug #52906 (gmp_mod returns negative result when non-negative is
expected). (Stas)
Fixed bug #52849 (GNU MP invalid version match). (Adam)
Hash extension:
Fixed bug #51003 (unaligned memory access in ext/hash/hash_tiger.c).
(Mike, Ilia)
Iconv extension:
Fixed bug #52941 (The 'iconv_mime_decode_headers' function is skipping
headers). (Adam)
Fixed bug #52599 (iconv output handler outputs incorrect content type
when flags are used). (Ilia)
Fixed bug #51250 (iconv_mime_decode() does not ignore malformed Q-encoded
words). (Ilia)
Intl extension:
Fixed crashes on invalid parameters in intl extension. (CVE-2010-4409). (Stas, Maksymilian
Arciemowicz)
Added support for formatting the timestamp stored in a DateTime object.
(Stas)
Fixed bug #50590 (IntlDateFormatter::parse result is limited to the integer
range). (Stas)
Mbstring extension:
Fixed bug #53273 (mb_strcut() returns garbage with the excessive length
parameter). (CVE-2010-4156) (Mateusz Kocielski, Pierre, Moriyoshi)
Fixed bug #52981 (Unicode casing table was out-of-date. Updated with
UnicodeData-6.0.0d7.txt and included the source of the generator program with
the distribution) (Gustavo).
Fixed bug #52681 (mb_send_mail() appends an extra MIME-Version header).
(Adam)
MSSQL extension:
Fixed possible crash in mssql_fetch_batch(). (Kalle)
Fixed bug #52843 (Segfault when optional parameters are not passed in to
mssql_connect). (Felipe)
MySQL extension:
Fixed bug #52636 (php_mysql_fetch_hash writes long value into int).
(Kalle, rein at basefarm dot no)
MySQLi extension:
Fixed bug #52891 (Wrong data inserted with mysqli/mysqlnd when using
mysqli_stmt_bind_param and value> PHP_INT_MAX). (Andrey)
Fixed bug #52686 (mysql_stmt_attr_[gs]et argument points to incorrect type).
(rein at basefarm dot no)
Fixed bug #52654 (mysqli doesn't install headers with structures it uses).
(Andrey)
Fixed bug #52433 (Call to undefined method mysqli::poll() - must be static).
(Andrey)
Fixed bug #52417 (MySQLi build failure with mysqlnd on MacOS X). (Andrey)
Fixed bug #52413 (MySQLi/libmysql build failure on OS X, FreeBSD). (Andrey)
Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle)
Fixed bug #52302 (mysqli_fetch_all does not work with MYSQLI_USE_RESULT).
(Andrey)
Fixed bug #52221 (Misbehaviour of magic_quotes_runtime (get/set)). (Andrey)
Fixed bug #45921 (Can't initialize character set hebrew). (Andrey)
MySQLnd:
Fixed bug #52613 (crash in mysqlnd after hitting memory limit). (Andrey)
ODBC extension:
Fixed bug #52512 (Broken error handling in odbc_execute).
(mkoegler at auto dot tuwien dot ac dot at)
Openssl extension:
Fixed possible blocking behavior in openssl_random_pseudo_bytes on Windows.
(Pierre)
Fixed bug #53136 (Invalid read on openssl_csr_new()). (Felipe)
Fixed bug #53284 (Valgrind warnings in oci_set_* functions) (Oracle Corp.)
Fixed bug #51610 (Using oci_connect causes PHP to take a long time to
exit). Requires Oracle 11.2.0.2 client libraries (or Oracle bug fix
9891199) for this patch to have an effect. (Oracle Corp.)
PCNTL extension:
Fixed bug #52784 (Race condition when handling many concurrent signals).
(nick dot telford at gmail dot com, Arnaud)
PCRE extension:
Fixed bug #52971 (PCRE-Meta-Characters not working with utf-8). (Felipe)
Fixed bug #52732 (Docs say preg_match() returns FALSE on error, but it
returns int(0)). (slugonamission at gmail dot com)
PHAR extension:
Fixed bug #50987 (unaligned memory access in phar.c).
(geissert at debian dot org, Ilia)
Fixed bug #53463 (sqlite3 columnName() segfaults on bad column_number).
(Felipe)
Streams:
Fixed forward stream seeking emulation in streams that don't support seeking
in situations where the read operation gives back less data than requested
and when there was data in the buffer before the emulation started. Also made
more consistent its behavior -- should return failure every time less data
than was requested was skipped. (Gustavo)
Fixed bug #53241 (stream casting that relies on fdopen/fopencookie fails
with streams opened with, inter alia, the 'xb' mode). (Gustavo)
Fixed bug #53006 (stream_get_contents has an unpredictable behavior when the
underlying stream does not support seeking). (Gustavo)
Fixed bug #52944 (Invalid write on second and subsequent reads with an
inflate filter fed invalid data). (Gustavo)
Fixed bug #52820 (writes to fopencookie FILE* not commited when seeking the
stream). (Gustavo)
WDDX extension:
Fixed bug #52468 (wddx_deserialize corrupts integer field value when left
empty). (Felipe)
Zlib extension:
Fixed bug #52926 (zlib fopen wrapper does not use context). (Gustavo)
Version 5.3.3
Upgraded bundled sqlite to version 3.6.23.1. (Ilia)
Upgraded bundled PCRE to version 8.02. (Ilia)
Added support for JSON_NUMERIC_CHECK option in json_encode() that converts numeric strings to integers. (Ilia)
Added stream_set_read_buffer, allows to set the buffer for read operation. (Pierre)
Added stream filter support to mcrypt extension (ported from mcrypt_filter). (Stas)
Added full_special_chars filter to ext/filter. (Rasmus)
Added backlog socket context option for stream_socket_server(). (Mike)
Added fifth parameter to openssl_encrypt()/openssl_decrypt() (string $iv) to use non-NULL IV.
Made implicit use of NULL IV a warning. (Sara)
Added openssl_cipher_iv_length(). (Sara)
Added FastCGI Process Manager (FPM) SAPI. (Tony)
Added recent Windows versions to php_uname and fix undefined windows version support. (Pierre)
Added Berkeley DB 5 support to the DBA extension. (Johannes, Chris Jones)
Added support for copy to/from array/file for pdo_pgsql extension. (Denis Gasparin, Ilia)
Added inTransaction() method to PDO, with specialized support for Postgres. (Ilia, Denis Gasparin)
Changed namespaced classes so that the ctor can only be named __construct now. (Stas)
Reset error state in PDO::beginTransaction() reset error state. (Ilia)
Implemented FR #51295 (SQLite3::busyTimeout not existing). (Mark)
Implemented FR #35638 (Adding udate to imap_fetch_overview results). (Charles_Duffy at dell dot com )
Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531). (Scott)
Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. (Andrey)
Fixed possible buffer overflows when handling error packets in mysqlnd. Reported by Stefan Esser. (Andrey)
Fixed very rare memory leak in mysqlnd, when binding thousands of columns. (Andrey)
Fixed a crash when calling an inexistent method of a class that inherits PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe)
Fixed memory leak on error in mcrypt_create_iv on Windows. (Pierre)
Fixed a possible crash because of recursive GC invocation. (Dmitry)
Fixed a possible resource destruction issues in shm_put_var(). Reported by Stefan Esser. (Dmitry)
Fixed a possible information leak because of interruption of XOR operator. Reported by Stefan Esser. (Dmitry)
Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
Reported by Stefan Esser. (Dmitry)
Fixed a possible memory corruption in ArrayObject::uasort(). Reported by Stefan Esser. (Dmitry)
Fixed a possible memory corruption in parse_str(). Reported by Stefan Esser. (Dmitry)
Fixed a possible memory corruption in pack(). Reported by Stefan Esser. (Dmitry)
Fixed a possible memory corruption in substr_replace(). Reported by Stefan Esser. (Dmitry)
Fixed a possible memory corruption in addcslashes(). Reported by Stefan Esser. (Dmitry)
Fixed a possible stack exhaustion inside fnmatch(). Reported by Stefan Esser. (Ilia)
Fixed a possible dechunking filter buffer overflow. Reported by Stefan Esser. (Pierre)
Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia)
Fixed string format validation inside phar extension. Reported by Stefan Esser. (Ilia)
Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser. (Ilia)
Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas)
Fixed bug #47409 (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com)
Fixed bug #47281 ($php_errormsg is limited in size of characters) (Oracle Corp.)
Fixed bug #46478 (htmlentities() uses obsolete mapping table for character entity references). (Moriyoshi)
Fixed bug #45599 (strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke)
Fixed bug #45120 (PDOStatement->execute() returns true then false for same statement). (Pierrick)
Fixed bug #44827 (define() allows :: in constant names). (Ilia)
Fixed bug #44098 (imap_utf8() returns only capital letters). (steffen at dislabs dot de, Pierre)
Fixed bug #34852 (Failure in odbc_exec() using oracle-supplied odbc driver). (tim dot tassonis at trivadis dot com)
Version 5.3.1
Security Fixes
Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia)
Added missing sanity checks around exif processing. (Ilia)
Fixed a safe_mode bypass in tempnam(). (Rasmus)
Fixed a open_basedir bypass in posix_mkfifo(). (Rasmus)
Fixed bug #50063 (safe_mode_include_dir fails). (Johannes, christian at elmerot dot se)
Added error constant when json_encode() detects an invalid UTF-8 sequence. (Scott)
Added support for ACL on Windows for thread safe SAPI (Apache2 for example) and fix its support on NTS. (Pierre)
Upgraded bundled sqlite to version 3.6.19. (Scott)
Updated timezone database to version 2009.17 (2009q). (Derick)
Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (Rasmus)
Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (Rasmus)
Fixed bug #40013 (php_uname() does not return nodename on Netware (Guenter Knauf)
Fixed bug #38091 (Mail() does not use FQDN when sending SMTP helo). (Kalle, Rick Yorgason)
Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett)
Fixed bug #27051 (Impersonation with FastCGI does not exec process as impersonated user). (Pierre)
Fixed PECL bug #16842 (oci_error return false when NO_DATA_FOUND is raised). (Chris Jones)
Version 5.3.0
Upgraded bundled PCRE to version 7.9. (Nuno)
Upgraded bundled sqlite to version 3.6.15. (Scott)
Moved extensions to PECL (Derick, Lukas, Pierre, Scott):
ext/dbase
ext/fbsql
ext/fdf
ext/ncurses
ext/mhash (BC layer is now entirely within ext/hash)
ext/ming
ext/msql
ext/sybase (not maintained anymore, sybase_ct has to be used instead)
Removed the experimental RPL (master/slave) functions from mysqli. (Andrey)
Removed zend.ze1_compatibility_mode. (Dmitry)
Removed all zend_extension_* php.ini directives. Zend extensions are now
always loaded using zend_extension directive. (Derick)
Removed special treatment of "/tmp" in sessions for open_basedir.
Note: This undocumented behaviour was introduced in 5.2.2. (Alexey)
Removed shebang line check from CGI sapi (checked by scanner). (Dmitry)
Changed PCRE, Reflection and SPL extensions to be always enabled. (Marcus)
Changed md5() to use improved implementation. (Solar Designer, Dmitry)
Changed HTTP stream wrapper to accept any code between and including
200 to 399 as successful. (Mike, Noah Fontes)
Changed __call() to be invoked on private/protected method access, similar to
properties and __get(). (Andrei)
Changed dl() to be disabled by default. Enabled only when explicitly
registered by the SAPI. Currently enabled with cli, cgi and embed SAPIs.
(Dmitry)
Changed opendir(), dir() and scandir() to use default context when no context
argument is passed. (Sara)
Changed open_basedir to allow tightening in runtime contexts. (Sara)
Changed PHP/Zend extensions to use flexible build IDs. (Stas)
Changed error level E_ERROR into E_WARNING in Soap extension methods
parameter validation. (Felipe)
Changed openssl info to show the shared library version number. (Scott)
Changed floating point behaviour to consistently use double precision on all
platforms and with all compilers. (Christian Seiler)
Changed round() to act more intuitively when rounding to a certain precision
and round very large and very small exponents correctly. (Christian Seiler)
Changed session_start() to return false when session startup fails. (Jani)
Changed property_exists() to check the existence of a property independent of
accessibility (like method_exists()). (Felipe)
Changed array_reduce() to allow mixed $initial (Christian Seiler)
Improved PHP syntax and semantics:
Added lambda functions and closures. (Christian Seiler, Dmitry)
Added HEREDOC syntax with double quotes. (Lars Strojny, Felipe)
Added support for using static HEREDOCs to initialize static variables and
class members or constants. (Matt)
Improved syntax highlighting and consistency for variables in double-quoted
strings and literal text in HEREDOCs and backticks. (Matt)
Added "?:" operator. (Marcus)
Added support for namespaces. (Dmitry, Stas, Gregory, Marcus)
Added support for Late Static Binding. (Dmitry, Etienne Kneuss)
Added support for __callStatic() magic method. (Sara)
Added forward_static_call(_array) to complete LSB. (Mike Lively)
Added support for dynamic access of static members using $foo::myFunc().
(Etienne Kneuss)
Improved checks for callbacks. (Marcus)
Added __DIR__ constant. (Lars Strojny)
Added new error modes E_USER_DEPRECATED and E_DEPRECATED.
E_DEPRECATED is used to inform about stuff being scheduled for removal
in future PHP versions. (Lars Strojny, Felipe, Marcus)
Added "request_order" INI variable to control specifically $_REQUEST
behavior. (Stas)
Added support for exception linking. (Marcus)
Added ability to handle exceptions in destructors. (Marcus)
Improved PHP runtime speed and memory usage:
Substitute global-scope, persistent constants with their values at compile
time. (Matt)
Optimized ZEND_SIGNED_MULTIPLY_LONG(). (Matt)
Removed direct executor recursion. (Dmitry)
Use fastcall calling convention in executor on x86. (Dmitry)
Use IS_CV for direct access to $this variable. (Dmitry)
Use ZEND_FREE() opcode instead of ZEND_SWITCH_FREE(IS_TMP_VAR). (Dmitry)
Optimized ZEND_RETURN opcode to not allocate and copy return value if it is
not used. (Dmitry)
Replaced all flex based scanners with re2c based scanners.
(Marcus, Nuno, Scott)
Added garbage collector. (David Wang, Dmitry).
Improved PHP binary size and startup speed with GCC4 visibility control.
(Nuno)
Improved engine stack implementation for better performance and stability.
(Dmitry)
Improved memory usage by moving constants to read only memory.
(Dmitry, Pierre)
Changed exception handling. Now each op_array doesn't contain
ZEND_HANDLE_EXCEPTION opcode in the end. (Dmitry)
Optimized require_once() and include_once() by eliminating fopen(3) on
second usage. (Dmitry)
Optimized ZEND_FETCH_CLASS + ZEND_ADD_INTERFACE into single
ZEND_ADD_INTERFACE opcode. (Dmitry)
Optimized string searching for a single character.
(Michal Dziemianko, Scott)
Optimized interpolated strings to use one less opcode. (Matt)
Improved php.ini handling: (Jani)
Added ".htaccess" style user-defined php.ini files support for CGI/FastCGI.
Added support for special [PATH=/opt/httpd/www.example.com/] and
[HOST=www.example.com] sections. Directives set in these sections can
not be overridden by user-defined ini-files or during runtime.
Added better error reporting for php.ini syntax errors.
Allowed using full path to load modules using "extension" directive.
Allowed "ini-variables" to be used almost everywhere ini php.ini files.
Allowed using alphanumeric/variable indexes in "array" ini options.
Added 3rd optional parameter to parse_ini_file() to specify the scanning
mode of INI_SCANNER_NORMAL or INI_SCANNER_RAW. In raw mode option values
and section values are treated as-is.
Fixed get_cfg_var() to be able to return "array" ini options.
Added optional parameter to ini_get_all() to only retrieve the current
value. (Hannes)
Improved Windows support:
Update all libraries to their latest stable version. (Pierre, Rob, Liz,
Garrett).
Added Windows support for stat(), touch(), filemtime(), filesize() and
related functions. (Pierre)
Re-added socket_create_pair() for Windows in sockets extension. (Kalle)
Added inet_pton() and inet_ntop() also for Windows platforms.
(Kalle, Pierre)
Added mcrypt_create_iv() for Windows platforms. (Pierre)
Added ACL Cache support on Windows.
(Kanwaljeet Singla, Pierre, Venkat Raman Don)
Added constants based on Windows' GetVersionEx information.
PHP_WINDOWS_VERSION_* and PHP_WINDOWS_NT_*. (Pierre)
Added support for ACL (is_writable, is_readable, reports now correct
results) on Windows. (Pierre, Venkat Raman Don, Kanwaljeet Singla)
Added support for fnmatch() on Windows. (Pierre)
Added support for time_nanosleep() and time_sleep_until() on Windows.
(Pierre)
Added support for symlink(), readlink(), linkinfo() and link() on Windows.
They are available only when the running platform supports them. (Pierre)
the GMP extension now relies on MPIR instead of the GMP library. (Pierre)
Added Windows support for stream_socket_pair(). (Kalle)
Drop all external dependencies for the core features. (Pierre)
Drastically improve the build procedure (Pierre, Kalle, Rob):
VC9 (Visual C++ 2008) or later support
Initial experimental x64 support
MSI installer now supports all recent Windows versions, including
Windows 7. (John, Kanwaljeet Singla)
Improved and cleaned CGI code:
FastCGI is now always enabled and cannot be disabled.
See sapi/cgi/CHANGES for more details. (Dmitry)
Added CGI SAPI -T option which can be used to measure execution
time of script repeated several times. (Dmitry)
Improved streams:
Fixed confusing error message on failure when no errors are logged. (Greg)
Added context parameter for copy() function. (Sara)
Added "glob://" stream wrapper. (Marcus)
Added "params" as optional parameter for stream_context_create(). (Sara)
Added ability to use stream wrappers in include_path. (Gregory, Dmitry)
Improved DNS API
Added Windows support for dns_check_record(), dns_get_mx(), checkdnsrr() and
getmxrr(). (Pierre)
Added support for old style DNS functions (supports OSX and FBSD). (Scott)
Added a new "entries" array in dns_check_record() containing the TXT
elements. (Felipe, Pierre)
Improved hash extension:
Changed mhash to be a wrapper layer around the hash extension. (Scott)
Added hash_copy() function. (Tony)
Added sha224 hash algorithm to the hash extension. (Scott)
Improved IMAP support (Pierre):
Added imap_gc() to clear the imap cache
Added imap_utf8_to_mutf7() and imap_mutf7_to_utf8()
Improved mbstring extension:
Added "mbstring.http_output_conv_mimetypes" INI directive that allows
common non-text types such as "application/xhtml+xml" to be converted
by mb_output_handler(). (Moriyoshi)
Added "compact" handler for Zend MM storage. (Dmitry)
Added "+" and "*" specifiers to zend_parse_parameters(). (Andrei)
Added concept of "delayed early binding" that allows opcode caches to
perform class declaration (early and/or run-time binding) in exactly
the same order as vanilla PHP. (Dmitry)
Improved crypt() function: (Pierre)
Added Blowfish and extended DES support. (Using Blowfish implementation
from Solar Designer).
Made crypt features portable by providing our own implementations
for crypt_r and the algorithms which are used when OS does not provide
them. PHP implementations are always used for Windows builds.
Deprecated session_register(), session_unregister() and
session_is_registered(). (Hannes)
Deprecated define_syslog_variables(). (Kalle)
Deprecated ereg extension. (Felipe)
Added new extensions:
Added Enchant extension as a way to access spell checkers. (Pierre)
Added fileinfo extension as replacement for mime_magic extension. (Derick)
Added intl extension for Internationalization. (Ed B., Vladimir I.,
Dmitry L., Stanislav M., Vadim S., Kirti V.)
Added mysqlnd extension as replacement for libmysql for ext/mysql, mysqli
and PDO_mysql. (Andrey, Johannes, Ulf)
Added phar extension for handling PHP Archives. (Greg, Marcus, Steph)
Added SQLite3 extension. (Scott)
Added new date/time functionality: (Derick)
date_parse_from_format(): Parse date/time strings according to a format.
date_create_from_format()/DateTime::createFromFormat(): Create a date/time
object by parsing a date/time string according to a given format.
date_get_last_errors()/DateTime::getLastErrors(): Return a list of warnings
and errors that were found while parsing a date/time string through:
support for abbreviation and offset based timezone specifiers for
the 'e' format specifier, DateTime::__construct(), DateTime::getTimeZone()
and DateTimeZone::getName().
support for selectively listing timezone identifiers by continent or
country code through timezone_identifiers_list() / DateTimezone::listIdentifiers().
timezone_location_get() / DateTimezone::getLocation() for retrieving
location information from timezones.
date_timestamp_set() / DateTime::setTimestamp() to set a Unix timestamp
without invoking the date parser. (Scott, Derick)
date_timestamp_get() / DateTime::getTimestamp() to retrieve the Unix
timestamp belonging to a date object.
two optional parameters to timezone_transitions_get() /
DateTimeZone::getTranstions() to limit the range of transitions being
returned.
support for "first/last day of <month>" style texts.
support for date/time strings returned by MS SQL.
support for serialization and unserialization of DateTime objects.
support for diffing date/times through date_diff() / DateTime::diff().
support for adding/subtracting weekdays with strtotime() and
DateTime::modify().
DateInterval class to represent the difference between two date/times.
support for parsing ISO intervals for use with DateInterval.
date_add() / DateTime::add(), date_sub() / DateTime::sub() for applying an
interval to an existing date/time.
proper support for "this week", "previous week"/"last week" and "next week"
phrases so that they actually mean the week and not a seven day period
around the current day.
support for "<xth> <weekday> of" and "last <weekday> of" phrases to be used
with months - like in "last saturday of februari 2008".
support for "back of <hour>" and "front of <hour>" phrases that are used in
Scotland.
DatePeriod class which supports iterating over a DateTime object applying
DateInterval on each iteration, up to an end date or limited by maximum
number of occurences.
Added compatibility mode in GD, imagerotate, image(filled)ellipse
imagefilter, imageconvolution and imagecolormatch are now always enabled.
(Pierre)
Added array_replace() and array_replace_recursive() functions. (Matt)
Added ReflectionProperty::setAccessible() method that allows non-public
property's values to be read through ::getValue() and set through
::setValue(). (Derick, Sebastian)
Added msg_queue_exists() function to sysvmsg extension. (Benjamin Schulz)
Added Firebird specific attributes that can be set via PDO::setAttribute()
to control formatting of date/timestamp columns: PDO::FB_ATTR_DATE_FORMAT,
PDO::FB_ATTR_TIME_FORMAT and PDO::FB_ATTR_TIMESTAMP_FORMAT. (Lars W)
Added gmp_testbit() function. (Stas)
Added icon format support to getimagesize(). (Scott)
Added LDAP_OPT_NETWORK_TIMEOUT option for ldap_set_option() to allow
setting network timeout (FR #42837). (Jani)
Added optional escape character parameter to fgetcsv(). (David Soria Parra)
Added an optional parameter to strstr() and stristr() for retrieval of either
the part of haystack before or after first occurrence of needle.
(Johannes, Felipe)
Added xsl->setProfiling() for profiling stylesheets. (Christian)
Added long-option feature to getopt() and made getopt() available also on
win32 systems by adding a common getopt implementation into core.
(David Soria Parra, Jani)
Added support for optional values, and = as separator, in getopt(). (Hannes)
Added lcfirst() function. (David C)
Added PREG_BAD_UTF8_OFFSET_ERROR constant. (Nuno)
Added native support for asinh(), acosh(), atanh(), log1p() and expm1().
(Kalle)
Added LIBXML_LOADED_VERSION constant (libxml2 version currently used). (Rob)
Added JSON_FORCE_OBJECT flag to json_encode(). (Scott, Richard Quadling)
Added timezone_version_get() to retrieve the version of the used timezone
database. (Derick)
Added 'n' flag to fopen to allow passing O_NONBLOCK to the underlying
open(2) system call. (Mikko)
Added "dechunk" filter which can decode HTTP responses with chunked
transfer-encoding. HTTP streams use this filter automatically in case
"Transfer-Encoding: chunked" header is present in response. It's possible to
disable this behaviour using "http"=>array("auto_decode"=>0) in stream
context. (Dmitry)
Added support for CP850 encoding in mbstring extension.
(Denis Giffeler, Moriyoshi)
Added stream_cast() and stream_set_options() to user-space stream wrappers,
allowing stream_select(), stream_set_blocking(), stream_set_timeout() and
stream_set_write_buffer() to work with user-space stream wrappers. (Arnaud)
Added header_remove() function. (chsc at peytz dot dk, Arnaud)
Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser (Ilia)
Reset error state in PDO::beginTransaction() reset error state. (Ilia)
Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser (Ilia)
Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia)
Fixed a crash when calling an inexistent method of a class that inherits PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe)
Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64 bit)). (Adam)
Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). (Johannes)
Fixed bug #52237 (Crash when passing the reference of the property of a non-object). (Dmitry)
Fixed bug #52163 (SplFileObject::fgetss() fails due to parameter that can't be set). (Felipe)
Fixed bug #52162 (custom request header variables with numbers are removed). (Sriram Natarajan)
Fixed bug #48667 (Implementing Iterator and IteratorAggregate). (Etienne)
Fixed bug #48590 (SoapClient does not honor max_redirects). (Sriram)
Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive in HTTP uploads). (Ilia)
Fixed bug #47601 (defined() requires class to exist when testing for class constants). (Ilia)
Fixed bug #47409 (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com)
Fixed bug #47002 (Field truncation when reading from dbase dbs with more then 1024 fields). (Ilia, sjoerd-php at linuxonly dot nl)
Fixed bug #45599 (strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke)
Fixed bug #44827 (define() allows :: in constant names). (Ilia)
Version 5.2.12
Security Fixes
Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (Rasmus)
Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (Rasmus)
Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia)
Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (Stas)
Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (Moriyoshi, hello at iwamot dot com)
Updated timezone database to version 2009.19 (2009s). (Derick)
Added LIBXML_PARSEHUGE constant to overrides the maximum text size of a single text node when using libxml2.7.3+. (Kalle)
Changed "post_max_size" php.ini directive to allow unlimited post size by setting it to 0. (Rasmus)
Fixed error_log() to be binary safe when using message_type 3. (Jani)
Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)
Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe)
Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
Fixed bug #50445 (PDO-ODBC stored procedure call from Solaris 64-bit causes seg fault). (davbrown4 at yahoo dot com, Felipe)
Fixed bug #50345 (nanosleep not detected properly on some solaris versions). (Jani)
Fixed bug #50323 (Allow use of ; in values via ;; in PDO DSN). (Ilia, Pierrick)
Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays). (Felipe)
Fixed bug #50282 (xmlrpc_encode_request() changes object into array in calling function). (Felipe)
Fixed bug #50266 (conflicting types for llabs). (Jani)
Fixed bug #50255 (isset() and empty() silently casts array to object). (Felipe)
Fixed bug #50219 (soap call Segmentation fault on a redirected url). (Pierrick)
Fixed bug #50209 (Compiling with libedit cannot find readline.h). (tcallawa at redhat dot com)
Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia)
Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia)
Fixed bug #50185 (ldap_get_entries() return false instead of an empty array when there is no error). (Jani)
Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett)
Version 5.2.10
Security Fixes
Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
Updated timezone database to version 2009.9 (2009i) (Derick)
Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara)
Added new CURL options CURLOPT_REDIR_PROTOCOLS, CURLOPT_PROTOCOLS, and CURLPROTO_* for redirect fixes in CURL 7.19.4. (Yoram Bar Haim, Stas)
Added support for Sun CC (FR #46595 and FR #46513). (David Soria Parra)
Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)
Fixed memory corruptions while reading properties of zip files. (Ilia)
Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
Fixed segfault on invalid session.save_path. (Hannes)
Fixed leaks in imap when a mail_criteria is used. (Pierre)
Fixed missing erealloc() in fix for bug #40091 in spl_autoload_register. (Greg)
Fixed bug #48562 (Reference recursion causes segfault when used in wddx_serialize_vars()). (Felipe)
Fixed bug #48557 (Numeric string keys in Apache Hashmaps are not cast to integers). (David Zuelke)
Fixed bug #48518 (curl crashes when writing into invalid file handle). (Tony)
Fixed bug #48514 (cURL extension uses same resource name for simple and multi APIs). (Felipe)
Fixed bug #48416 (Force a cache limit in ereg() to stop excessive memory usage). (Scott)
Fixed bug #48409 (Crash when exception is thrown while passing function arguments). (Arnaud)
Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
Fixed bug #48359 (Script hangs on snmprealwalk if OID is not increasing). (Ilia, simonov at gmail dot com)
Fixed bug #48336 (ReflectionProperty::getDeclaringClass() does not work with redeclared property). (patch by Markus dot Lidel at shadowconnect dot com)
Fixed bug #48326 (constant MSG_DONTWAIT not defined). (Arnaud)
Fixed bug #48313 (fgetcsv() does not return null for empty rows). (Ilia)
Fixed bug #48309 (stream_copy_to_stream() and fpasstru() do not update stream position of plain files). (Arnaud)
Fixed bug #48307 (stream_copy_to_stream() copies 0 bytes when $source is a socket). (Arnaud)
Fixed bug #48273 (snmp*_real_walk() returns SNMP errors as values). (Ilia, lytboris at gmail dot com)
Fixed bug #48256 (Crash due to double-linking of history.o). (tstarling at wikimedia dot org)
Fixed bug #48248 (SIGSEGV when access to private property via &__get). (Felipe)
Fixed bug #48247 (Crash on errors during startup). (Stas)
Fixed bug #45622 (isset($arrayObject->p) misbehaves with ArrayObject:: ARRAY_AS_PROPS set). (robin_fernandes at uk dot ibm dot com, Arnaud)
Fixed bug #45614 (ArrayIterator::current(), ::key() can show 1st private prop of wrapped object). (robin_fernandes at uk dot ibm dot com, Arnaud)
Fixed bug #45540 (stream_context_create creates bad http request). (Arnaud)
Fixed bug #45202 (zlib.output_compression can not be set with ini_set()). (Jani)
Fixed bug #45191 (error_log ignores date.timezone php.ini val when setting logging timestamps). (Derick)
Fixed bug #45092 (header HTTP context option not being used when compiled using --with-curlwrappers). (Jani)
Fixed bug #44996 (xmlrpc_decode() ignores time zone on iso8601.datetime). (Ilia, kawai at apache dot org)
Fixed bug #44827 (define() is missing error checks for class constants). (Ilia)
Fixed bug #44214 (Crash using preg_replace_callback() and global variables). (Nuno, Scott)
Fixed bug #43073 (TrueType bounding box is wrong for angle<>0). (Martin McNickle)
Fixed bug #42663 (gzinflate() try to allocate all memory with truncated data). (Arnaud)
Fixed bug #42414 (some odbc_*() functions incompatible with Oracle ODBC driver). (jhml at gmx dot net)
Fixed bug #42362 (HTTP status codes 204 and 304 should not be gzipped). (Scott, Edward Z. Yang)
Fixed bug #42143 (The constant NAN is reported as 0 on Windows) (Kanwaljeet Singla, Venkat Raman Don)
Fixed bug #38805 (PDO truncates text from SQL Server text data type field). (Steph)
Version 5.2.9
Security Fixes
Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott)
Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)
Fixed explode() behavior with empty string to respect negative limit. (Shire)
Fixed a segfault when malformed string is passed to json_decode(). (Scott)
Fixed bug in xml_error_string() which resulted in messages being off by one. (Scott)
Changed __call() to be invoked on private/protected method access, similar to properties and __get(). (Andrei)
Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei)
Fixed zip filename property read. (Pierre)
Fixed error conditions handling in stream_filter_append(). (Arnaud)
Fixed bug #47422 (modulus operator returns incorrect results on 64 bit linux). (Matt)
Fixed bug #47399 (mb_check_encoding() returns true for some illegal SJIS characters). (for-bugs at hnw dot jp, Moriyoshi)
Fixed bug #47353 (crash when creating a lot of objects in object destructor). (Tony)
Updated timezone database to version 2008.9. (Derick)
Upgraded bundled libzip to 0.9.0. (Pierre)
Added logging option for error_log to send directly to SAPI. (Stas)
Added PHP_MAJOR_VERSION, PHP_MINOR_VERSION, PHP_RELEASE_VERSION,PHP_EXTRA_VERSION, PHP_VERSION_ID, PHP_ZTS and PHP_DEBUG constants. (Pierre)
Added "PHP_INI_SCAN_DIR" environment variable which can be used to either disable or change the compile time ini scan directory (FR Fixed bug #45114). (Jani)
Fixed bug #43452 (strings containing a weekday, or a number plus weekday behaved incorrect of the current day-of-week was the same as the one in the phrase).(Derick)
Fixed bug #43353 (wrong detection of 'data' wrapper causes notice). (gk at gknw dot de, Arnaud)
Fixed bug #43053 (Regression: some numbers shown in scientific notation). (int-e at gmx dot de)
Fixed bug #43045 (SOAP encoding violation on "INF" for type double/float). (Dmitry)
Fixed bug #42855 (dns_get_record() doesn't return all text from TXT record). (a dot u dot savchuk at gmail dot com)
Fixed bug #42737 (preg_split('//u') triggers a E_NOTICE with newlines). (Nuno)
Fixed bug #42718 (FILTER_UNSAFE_RAW not applied when configured as default filter). (Arnaud)
Fixed bug #42604 ("make test" fails with --with-config-file-scan-dir=path). (Jani)
Fixed bug #42473 (ob_start php://output and headers). (Arnaud)
Fixed bug #42318 (problem with nm on AIX, not finding object files). (Dmitry)
Fixed bug #42294 (Unified solution for round() based on C99 round). (Ilia)
Fixed bug #42078 (pg_meta_data mix tables metadata from different schemas). (Felipe)
Fixed bug #40013 (php_uname() does not return nodename on Netware (Guenter Knauf)
Fixed bug #38468 (Unexpected creation of cycle). (Dmitry)
Fixed bug #32979 (OpenSSL stream->fd casts broken in 64-bit build) (stotty at tvnet dot hu)
Version 5.2.5
Security Fixes
Fixed dl() to only accept filenames. reported by Laurent Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences.
Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications reported by SecurityReason.
Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).
Upgraded PCRE to version 7.3 (Nuno)
Added optional parameter $provide_object to debug_backtrace(). (Sebastian)
Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre)
Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. (Dmitry)
Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc(). (Dmitry)
Fixed move_uploaded_file() to always set file permissions of resulting file according to UMASK. (Andrew Sitnikov)
Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf)
Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing '*'. (Ilia)
Fixed PDO crash when driver returns empty LOB stream. (Stas)
Fixed iconv_*() functions to limit argument sizes as workaround to libc bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas)
Fixed missing brackets leading to build warning and error in the log. Win32 code. (Andrey)
Fixed leaks with multiple connects on one mysqli object. (Andrey)
Fixed endianness detection on MacOS when building universal binary. (Uwe Schindler, Christian Speich, Tony)
Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre)
Fixed bug #43196 (array_intersect_assoc() crashes with non-array input). (Jani)
Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()). (Ilia)
Fixed bug #43137 (rmdir() and rename() do not clear statcache). (Jani)
Fixed bug #43130 (Bound parameters cannot have - in their name). (Ilia)
Fixed bug #43099 (XMLWriter::endElement() does not check # of params). (Ilia)
Fixed bug #43020 (Warning message is missing with shuffle() and more than one argument). (Scott)
Fixed bug #42976 (Crash when constructor for newInstance() or newInstanceArgs() fails) (Ilia)
Fixed bug #42943 (ext/mssql: Move *timeout initialization from RINIT to connect time). (Ilia)
Fixed bug #42917 (PDO::FETCH_KEY_PAIR doesn't work with setFetchMode). (Ilia)
Fixed bug #42890 (Constant "LIST" defined by mysqlclient and c-client). (Andrey)
Fixed bug #42139 (XMLReader option constants are broken using XML()). (Rob)
Fixed bug #42086 (SoapServer return Procedure '' not present for WSIBasic compliant wsdl). (Dmitry)
Fixed bug #41822 (Relative includes broken when getcwd() fails). (Ab5602, Jani)
Fixed bug #39651 (proc_open() append mode doesn't work on windows). (Nuno)
Version 5.2.4
Security Fixes
Fixed "Floating point exception" inside wordwrap(). (Mattias Bengtsson, Ilia)
Fixed several integer overflows in ImageCreate(), ImageCreateTrueColor(), ImageCopyResampled() and ImageFilledPolygon() reported by Mattias Bengtsson. (Tony)
Fixed size calculation in chunk_split(). (Stas)
Fixed integer overflow in str[c]spn(). (Stas)
Fixed money_format() not to accept multiple %i or %n tokens. (Stas, Ilia)
Updated timezone database to version 2007.6. (Derick)
Improved openssl_x509_parse() to return extensions in readable form. (Dmitry)
Enabled changing the size of statement cache for non-persistent OCI8 connections. (Chris Jones, Tony)
Changed display_errors php.ini option to accept stderr as value which makes the error messages to be outputted to STDERR instead of STDOUT with CGI and CLI SAPIs (#22839). (Jani)
Changed error handler to send HTTP 500 instead of blank page on PHP errors. (Dmitry, Andrei Nigmatulin)
Changed mail() function to be always available. (Johannes)
Added check for unknown options passed to configure. (Jani)
Added persistent connection status checker to pdo_pgsql. (Elvis Pranskevichus, Ilia)
Added support for ATTR_TIMEOUT inside pdo_pgsql driver. (Ilia)
Added php_ini_loaded_file() function which returns the path to the actual php.ini in use. (Jani)
Added GD version constants GD_MAJOR_VERSION, GD_MINOR_VERSION GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre)
Added missing open_basedir checks to CGI. (anight at eyelinkmedia dot com, Tony)
Added missing format validator to unpack() function. (Ilia)
Made RecursiveFilterIterator::accept() abstract as stated in documentation.
Improved SOAP
Added ability to encode arrays with "SOAP-ENC:Array" type instead of WSDL type. To activate the ability use "feature"=>SOAP_USE_XSI_ARRAY_TYPE option in SoapClient/SoapServer constructors. (Rob, Dmitry)
Added GMP_VERSION constant. (Tony)
Added --ri switch to CLI which allows to check extension information. (Marcus)
Added tidyNode::getParent() method (John, Nuno)
Added openbasedir and safemode checks in zip:// stream wrapper and ZipArchive::open (Pierre)
Added php_pdo_sqlite_external.dll, a version of the PDO SQLite driver that links against an external sqlite3.dll. This provides Windows users to upgrade their sqlite3 version outside of the PHP release cycle. (Wez, Edin)
Added linenumbers to array returned by token_get_all(). (Johannes)
Implemented FR #40947, allow a single filter as argument for filter_var_array (Pierre)
Fixed bug #33664 Console window appears when using exec() (Richard Quadling, Stas)
Fixed PECL bug #10194 (crash in Oracle client when memory limit reached in the callback). (Tony)
Version 5.2.1
Added CURLOPT_TCP_NODELAY constant to Curl extension. (Sara)
Added support for hex numbers of any size. (Matt)
Added function stream_socket_shutdown(). It is a wrapper for system shutdown() function, that shut downs part of a full-duplex connection. (Dmitry)
Added internal heap protection (Dmitry)
memory-limit is always enabled (--enable-memory-limit removed)
default value if memory-limit is set to 128M
safe unlinking
cookies
canary protection (debug build only)
random generation of cookies and canaries
Added forward support for 'b' prefix in front of string literals. (Andrei)
Added three new functions to ext/xmlwriter (Rob, Ilia)
xmlwriter_start_dtd_entity()
xmlwriter_end_dtd_entity()
xmlwriter_write_dtd_entity()
Added a meta tag to phpinfo() output to prevent search engines from indexing the page. (Ilia)
Added new function, sys_get_temp_dir(). (Hartmut)
Added missing object support to file_put_contents(). (Ilia)
Added support for md2, ripemd256 and ripemd320 algos to hash(). (Sara)
Added forward support for (binary) cast. (Derick)
Added optimization for imageline with horizontal and vertical lines (Pierre)
Removed dependency from SHELL32.DLL. (Dmitry)
Removed double "wrong parameter count" warnings in various functions. (Hannes)
Moved extensions to PECL:
ext/informix (Derick, Tony)
Changed double-to-string utilities to use BSD implementation. (Dmitry, Tony)
Updated bundled libcURL to version 7.16.0 in the Windows distro. (Edin)
Updated timezone database to version 2006.16. (Derick)
cgi.* and fastcgi.* directives are moved to INI subsystem. The new directive cgi.check_shebang_line can be used to omitting check for "#! /usr/bin/php" line. (Dmitry).
Improved proc_open(). Now on Windows it can run external commands not through CMD.EXE. (Dmitry)
VCWD_REALPATH() is improved to use realpath cache without VIRTUAL_DIR. (Dmitry)
ext/bcmath initialization code is moved from request startup to module startup. (Dmitry)
Zend Memory Manager Improvements (Dmitry)
use HeapAlloc() instead of VirtualAlloc()
use "win32" storage manager (instead of "malloc") on Windows by default
Zip Extension Improvements (Pierre)
Fixed leak in statName and stateIndex
Fixed return setComment (Hannes)
Added addEmptyDir method
Filter Extension Improvements (Ilia, Pierre)
Fixed a bug when callback function returns a non-modified value.
Added filter support for $_SERVER in cgi/apache2 sapis.
Make sure PHP_SELF is filtered in Apache 1 sapi.
Fixed bug #39358 (INSTALL_HEADERS contains incorrect reference to php_filter.h).
Added "default" option that allows a default value to be set for an invalid or missing value.
Invalid filters fails instead of returning unsafe value
Fixed possible double encoding problem with sanitizing filters
Make use of space-strict strip_tags() function
Fixed whitespace trimming
Added support for FastCGI environment variables. (Dmitry)
PDO_MySQL Extension Improvements (Ilia)
Enabled buffered queries by default.
Enabled prepared statement emulation by default.
Small optimization of the date() function. (Matt,Ilia)
Optimized the internal is_numeric_string() function. (Matt,Ilia)
COM initialization/deinitialization are done only if necessary
removed unnecessary checks for ISREG file and corresponding stat() calls
opendir() is reimplementation using GetFirstFile/GetNextFile those are faster then _findfirst/_findnext
implemented registry cache that prevent registry lookup on each request. In case of modification of corresponding registry-tree PHP will reload it automatic
start timeout thread only if necessary
stat() is reimplementation using GetFileAttributesEx(). The new implementation is faster then implementation in MS VC CRT, but it doesn't support Windows 95.
Streams optimization (Dmitry)
removed unnecessary ftell() calls (one call for each included PHP file)
disabled calls to read() after EOF
Fixed incorrect function names on FreeBSD where inet_pton() was named __inet_pton() and inet_ntop() was named __inet_ntop(). (Hannes)
Fixed FastCGI impersonation for persistent connections on Windows. (Dmitry)
Fixed wrong signature initialization in imagepng (Takeshi Abe)
Fixed ftruncate() with negative size on FreeBSD. (Hannes)
Fixed segfault in RegexIterator when given invalid regex. (Hannes)
Fixed segfault in SplFileObject->openFile()->getPathname(). (Hannes)
Fixed segfault in ZTS mode when OCI8 statements containing sub-statements are destroyed in wrong order. (Tony)
Fixed the validate email filter so that the letter "v" can also be used in the user part of the email address. (Derick)
Fixed bug #40297 (compile failure in ZTS mode when collections support is missing). (Tony)
Fixed bug #40285 (The PDO prepare parser goes into an infinite loop in some instances). (Ilia)
Fixed bug #40274 (Sessions fail with numeric root keys). (Ilia)
Fixed bug #40259 (ob_start call many times - memory error). (Dmitry)
Fixed bug #39673 (file_get_contents causes bus error on certain offsets). (Tony)
Fixed bug #39663 (Memory leak in pg_get_notify() and a possible memory corruption on Windows in pgsql and pdo_pgsql extensions). (Ilia, matteo at beccati dot com)
Fixed bug #39662 (Segfault when calling asXML() of a cloned SimpleXMLElement). (Rob, Tony)
Fixed bug #39656 (crash when calling fetch() on a PDO statment object after closeCursor()). (Ilia, Tony)
Fixed bug #39653 (ext/dba doesn't check for db-4.5 and db-4.4 when db4 support is enabled). (Tony)
Fixed bug #39652 (Wrong negative results from memory_get_usage()). (Dmitry)
Fixed bug #39648 (Implementation of PHP functions chown() and chgrp() are not thread safe). (Ilia, wharmby at uk dot ibm dot com)
Fixed bug #39640 (Segfault with "Allowed memory size exhausted"). (Dmitry)
Fixed bug #39625 (Apache crashes on importStylesheet call). (Rob)
Fixed bug #39623 (thread safety fixes on *nix for putenv() & mime_magic). (Ilia, wharmby at uk dot ibm dot com)
Fixed bug #39621 (str_replace() is not binary safe on strings with equal length). (Tony)
Fixed bug #39613 (Possible segfault in imap initialization due to missing module dependency). (wharmby at uk dot ibm dot com, Tony)
Fixed bug #39606 (Use of com.typelib_file in PHP.ini STILL causes A/V). (Rob)
Fixed bug #33734 (Something strange with COM Object). (Rob)
Fixed bug #33386 (ScriptControl only sees last function of class). (Rob)
Fixed bug #33282 (Re-assignment by reference does not clear the is_ref flag) (Ilia, Dmitry, Matt Wilmas)
Fixed bug #30074 (apparent symbol table error with extract($blah, EXTR_REFS)) (Brian)
Fixed bug #29840 (is_executable() does not honor safe_mode_exec_dir setting). (Ilia)
Fixed PECL bug #7295 (ORA-01405: fetched column value is NULL on LOB fields). (Tony)
Version 5.2.0
Updated bundled OpenSSL to version 0.9.8d in the Windows distro. (Edin)
Updated Postgresql client libraries to 8.1.4 in the Windows distro. (Edin)
Updated PCRE to version 6.7. (Ilia)
Updated libsqlite in ext/pdo_sqlite to 3.3.7. (Ilia)
Updated bundled MySQL client library to version 5.0.22 in the Windows distribution. (Edin)
Updated timezonedb to version 2006.14. (Derick)
Added ability to make SOAP call userspace PHP<->XML converters. (Dmitry)
Added support for character sets in pg_escape_string() for PostgreSQL 8.1.4 and higher. (Ilia)
Added support for character sets in PDO quote() method for PostgreSQL 8.1.4 and higher. (Ilia)
Added DSA key generation support to openssl_pkey_new(), FR #38731 (marci at balabit dot hu, Tony)
Added SoapServer::setObject() method (it is a simplified version of SoapServer::setClass() method). (Dmitry)
Added support for hexadecimal entity in imagettftext() for the bundled GD. (Pierre)
Added support for httpOnly flag for session extension and cookie setting functions. (Scott MacVicar, Ilia)
Added version specific registry keys to allow different configurations for different php version. (Richard, Dmitry)
Added "PHPINIDir" Apache directive to apache and apache_hooks SAPIs. (Dmitry)
Added an optional boolean parameter to memory_get_usage() and memory_get_peak_usage() to get memory size allocated by emalloc() or real size of memory allocated from system. (Dmitry)
Added Zip Archive extension. (Pierre)
Added RFC1867 fileupload processing hook. (Stefan E.)
Added JSON and Filter extensions. (Derick, Rasmus, Pierre, Ilia)
Added error messages to disk_free_space() and disk_total_space() functions. FR #37971 (Tony)
Added PATHINFO_FILENAME option to pathinfo() to get the filename. (Toby S. and Christian S.)
Added array_fill_keys() function. (Marcus, Matt Wilmas)
Added posix_initgroups() function. (Ilia)
Added optional parameter to http_build_query() to allow specification of string separator. (Ilia)
Added "--enable-malloc-mm" configure option which is enabled by default in debug builds to allow using internal and external memory debuggers.
Allow tweaking the memory manager with ZEND_MM_MEM_TYPE and ZEND_MM_SEG_SIZE environment variables.
For more information: Zend/README.ZEND_MM
Improved safe_mode check for the error_log() function. (Ilia)
Improved the error reporting in SOAP extension on request failure. (Ilia)
Improved crypt() on win32 to be about 10 times faster and to have friendlier license. (Frank, Dmitry)
Improved performance of the implode() function on associated arrays. (Ilia)
Improved performance of str_replace() when doing 1 char to 1 char or 1 char to many chars replacement. (Ilia)
Improved apache2filter SAPI:
Allowed PHP to be an arbitrary filter in the chain and read the script from the Apache stream. (John)
Added support for apache2filter in the Windows build including binary support for both Apache 2.0.x (php5apache2_filter.dll) and Apache 2.2.x (php5apache2_2_filter.dll). (Edin)
Improved apache2handler SAPI:
Changed ap_set_content_type() to be called only once. (Mike)
Added support for Apache 2.2 handler in the Windows distribution. (Edin)
Improved FastCGI SAPI: (Dmitry)
Removed source compatibility with libfcgi.
Optimized access to FastCGI environment variables by using HashTable instead of linear search.
Allowed PHP_FCGI_MAX_REQUESTS=0 that assumes no limit.
Allowed PHP_FCGI_CHILDREN=0 that assumes no worker children. (FastCGI requests are handled by main process itself)
Improved CURL:
Added control character checks for "open_basedir" and "safe_mode" checks. (Ilia)
Added implementation of curl_multi_info_read(). (Brian)
Changed to passing libxml options when loading reader.
Fixed invalid read in imagecreatefrompng when an empty file is given (Pierre, Tony)
Fixed infinite loop when a wrong color index is given to imagefill (Pierre)
Fixed mess with CGI/CLI -d option (now it works with cgi; constants are working exactly like in php.ini; with FastCGI -d affects all requests). (Dmitry)
Fixed bug #38543 shutdown_executor() may segfault when memory_limit is too low). (Dmitry)
Fixed bug #38535 memory corruption in pdo_pgsql driver on error retrieval inside a failed query executed via query() method). (Ilia)
Fixed bug #38534 segfault when calling setlocale() in userspace session handler). (Tony)
Fixed bug #38524 strptime() does not initialize the internal date storage structure). (Ilia)
Fixed bugs #38511, #38473, #38263 (Fixed session extension request shutdown order to ensure it is shutdown before the extensions it may depend on). (Ilia)
Fixed bug #38488 Access to "php://stdin" and family crashes PHP on win32). (Dmitry)
Fixed bug #38474 getAttribute select attribute by order, even when prefixed). (Rob)
Fixed bug #38467 --enable-versioning causes make fail on OS X). (Tony)
Fixed bug #38465 ReflectionParameter fails if default value is an access to self::). (Johannes)
Fixed bug #36629 (SoapServer::handle() exits on SOAP faults). (Dmitry)
Fixed bug #36625 (pg_trace() does not work). (iakio at mono-space dot net)
Fixed bug #36614 (Segfault when using Soap). (Dmitry)
Fixed bug #36611 (assignment to SimpleXML object attribute changes argument type to string). (Tony)
Fixed bug #36606 (pg_query_params() changes arguments type to string). (Tony)
Fixed bug #36599 (DATE_W3C format constant incorrect). (Derick)
Fixed bug #36575 (SOAP: Incorrect complex type instantiation with hierarchies). (Dmitry)
Fixed bug #36572 (Added PDO::MYSQL_ATTR_DIRECT_QUERY constant that should be set when executing internal queries like "show master status" via MySQL). (Ilia)
Fixed bug #36568 (memory_limit setting on win32 has no effect). (Dmitry)
Fixed bug #36513 (comment will be outputted in last line). (Dmitry)
Fixed bug #36510 (strtotime() fails to parse date strings with tabs). (Ilia, Derick)
Fixed bug #36459 (Incorrect adding PHPSESSID to links, which contains \r\n). (Ilia)
Fixed bug #28899 (mb_substr() and substr() behave differently when "mbstring.func_overload" is enabled). (Rui)
Fixed bug #27678 (number_format() crashes with large numbers). (Marcus)
Version 5.1.1
Disabled native date class to prevent pear::date conflict. (Ilia)
Improved safe_mode/open_basedir checks in cURL extension. (Ilia, Jani)
Changed reflection constants be both PHP and class constants. (Johannes)
Added an additional field $frame['object'] to the result array of debug_backtrace() that contains a reference to the respective object when the frame was called from an object. (Sebastian)
Fixed bug #35423 (RecursiveDirectoryIterator doesnt appear to recurse with RecursiveFilterIterator). (Marcus)
Fixed bug #35413 (Removed -dev flag from Zend Engine version). (Ilia)
Fixed bug #35411 (Regression with \{$ handling). (Ilia)
Fixed bug #35406 (eval hangs when evall'ed code ends with comment w/o newline). (Marcus)
Fixed bug #35391 (pdo_mysql::exec does not return number of affected rows). (Tony)
Fixed bug #35382 (Comment in end of file produces fatal error). (Ilia)
Fixed bug #35360 (exceptions in interactive mode (php -a) may cause crash). (Dmitry)
Fixed bug #35358 (Incorrect error messages for PDO class constants). (Ilia)
Fixed bug #35338 (pdo_pgsql does not handle binary bound params). (Wez)
Fixed bug #35316 (Application exception trying to create COM object). (Rob)
Fixed bug #35170 (PHP_AUTH_DIGEST differs under Apache 1.x and 2.x). (Ilia)
Version 5.1.0
Added support for class constants and static members for internal classes. (Dmitry, Michael Wallner)
Added "new_link" parameter to mssql_connect() (Bug #34369). (Frank)
Added missing safe_mode checks for image* functions and cURL. (Ilia)
Added missing safe_mode/open_basedir checks for file uploads. (Ilia)
Added PDO_MYSQL_ATTR_USE_BUFFERED_QUERY parameter for pdo_mysql. (Ilia)
Added date_timezone_set() function to set the timezone that the date functions will use. (Derick)
Added pg_fetch_all_columns() function to fetch all values of a column from a result cursor. (Ilia)
Added support for LOCK_EX flag for file_put_contents(). (Ilia)
Added bindto socket context option. (Ilia)
Added offset parameter to the stream_copy_to_stream() function. (Ilia)
Added offset & length parameters to substr_count() function. (Ilia)
Added man pages for "phpize" and "php-config" scripts. (Jakub Vrana)
Added support for .cc files in extensions. (Brian)
Added PHP_INT_MAX and PHP_INT_SIZE as predefined constants. (Andrey)
Added user opcode API that allow overloading of opcode handlers. (Dmitry)
Added an optional remove old session parameter to session_regenerate_id(). (Ilia)
Added array type hinting. (Dmitry)
Added the tidy_get_opt_doc() function to return documentation for configuration options in tidy. (Patch by: nlopess@php.net)
Added support for .cc files in extensions. (Brian)
Added imageconvolution() function which can be used to apply a custom 3x3 matrix convolution to an image. (Pierre)
Added optional first parameter to XsltProcessor::registerPHPFunctions to only allow certain functions to be called from XSLT. (Christian)
Added the ability to override the autotools executables used by the buildconf script via the PHP_AUTOCONF and PHP_AUTOHEADER environmental variables. (Jon)
Added several new functions to support the PostgreSQL v3 protocol introduced in PostgreSQL 7.4. (Christopher)
pg_transaction_status() - in-transaction status of a database connection.
pg_query_params() - execution of parameterized queries.
pg_prepare() - prepare named queries.
pg_execute() - execution of named prepared queries.
pg_send_query_params() - async equivalent of pg_query_params().
pg_send_prepare() - async equivalent of pg_prepare().
pg_send_execute() - async equivalent of pg_execute().
pg_result_error_field() - highly detailed error information, most importantly the SQLSTATE error code.
pg_set_error_verbosity() - set verbosity of errors.
Added optional fifth parameter "count" to preg_replace_callback() and preg_replace() to count the number of replacements made. FR #32275. (Andrey)
Added optional third parameter "charlist" to str_word_count() which contains characters to be considered as word part. FR #31560. (Andrey, Ilia)
Added interface Serializable. (Stanislav, Marcus)
Added pg_field_type_oid() PostgreSQL function. (mauroi at digbang dot com)
Added zend_declare_property_...() and zend_update_property_...() API functions for bool, double and binary safe strings. (Hartmut)
Added possibility to access INI variables from within .ini file. (Andrei)
Added DomDocument::$recover property for parsing not well-formed XML Documents. (Christian)
Added Cursor support for MySQL 5.0.x in mysqli (Georg)
Added proxy support to ftp wrapper via http. (Sara)
Added MDTM support to ftp_url_stat. (Sara)
Added zlib stream filter support. (Sara)
Added bz2 stream filter support. (Sara)
Added max_redirects context option that specifies how many HTTP redirects to follow. (Ilia)
Added support of parameter=>value arrays to xsl_xsltprocessor_set_parameter(). (Tony)
Improved PHP extension loading mechanism with support for module dependencies and conflicts. (Jani, Dmitry)
Improved interactive mode of PHP CLI (php -a). (Johannes, Marcus)
Improved performance of:
general execution/compilation. (Andi, Thies, Sterling, Dmitry, Marcus)
switch() statement. (Dmitry)
several array functions. (Marcus)
virtual path handling by adding a realpath() cache. (Andi)
variable fetches. (Andi)
magic method invocations. (Marcus)
Improved support for embedded server in mysqli. (Georg)
Improved mysqli extension. (Georg)
added constructor for mysqli_stmt and mysqli_result classes
added new function mysqli_get_charset()
added new function mysqli_set_charset()
added new class mysqli_driver
added new class mysqli_warning
added new class mysqli_exception
added new class mysqli_sql_exception
Improved SPL extension. (Marcus)
Moved RecursiveArrayIterator from examples into extension
Moved RecursiveFilterIterator from examples into extension
Added SplObjectStorage
Made all SPL constants class constants
Renamed CachingRecursiveIterator to RecursiveCachingIterator to follow Recursive<*>Iterator naming scheme.
added standard hierarchy of Exception classes
added interface Countable
added interfaces Subject and SplObserver
added spl_autoload*() functions
converted several 5.0 examples into c code
added class SplFileObject
added possibility to use a string with class_parents() and class_implements(). (Andrey)
Changed type hints to allow "null" as default value for class and array. (Marcus, Derick, Dmitry)
Changed SQLite extension to be a shared module in Windows distribution. (Edin)
Changed "instanceof" and "catch" operators, is_a() and is_subclass_of() functions to not call __autoload(). (Dmitry)
Changed sha1_file() and md5_file() functions to use streams instead of low level IO. (Uwe)
Changed abstract private methods to be not allowed anymore. (Stas)
Changed stream_filter_(ap|pre)pend() to return resource. (Sara)
Changed mysqli_exception and sqlite_exception to use RuntimeException as base if SPL extension is present. (Georg, Marcus)
Upgraded bundled libraries:
PCRE library to version 6.2. (Andrei)
SQLite 3 library in ext/pdo_sqlite to 3.2.7. (Ilia)
SQLite 2 library in ext/sqlite to 2.8.16. (Ilia)
Upgraded bundled libraries in Windows distribution. (Edin)
zlib 1.2.3
curl 7.14.0
openssl 0.9.8
ming 0.3b
libpq (PostgreSQL) 8.0.1
Implemented FR #33452 (Year belonging to ISO week). (Derick)
Allowed return by reference from internal functions. (Marcus, Andi, Dmitry)
Rewrote strtotime() with support for timezones and many new formats. Implements feature requests #21399, #26694, #28088, #29150, #29585 and #29595. (Derick)
Moved extensions to PECL:
ext/cpdf (Tony, Derick)
ext/dio (Jani, Derick)
ext/fam (Jani, Derick)
ext/ingres_ii (Jani, Derick)
ext/mnogosearch (Jani, Derick)
ext/w32api (Jani, Derick)
ext/yp (Jani, Derick)
ext/mcve (Jani, Derick, Pierre)
ext/oracle (Jani, Derick)
ext/ovrimos (Jani, Derick, Pierre)
ext/pfpro (Jani, Derick, Pierre)
ext/dbx (Jani, Derick)
ext/ircg (Jani, Derick)
Removed php_check_syntax() function which never worked properly. (Ilia)
Removed garbage manager in Zend Engine which results in more aggressive freeing of data. (Dmitry, Andi)
Fixed "make test" to work for phpized extensions. (Hartmut, Jani)
Fixed Apache 2 regression with sub-request handling on non-linux systems. (Ilia, Tony)
Fixed PDO shutdown problem (possible infinite loop running rollback on shutdown). (Wez)
Fixed PECL bug #3714 (PDO: beginTransaction doesn't work if you're in auto-commit mode). (Wez)
Fixed ZTS destruction. (Marcus)
Fixed __get/__set to allow recursive calls for different properties. (Dmitry)
Fixed a bug where stream_get_meta_data() did not return the "uri" element for files opened with tmpname(). (Derick)
Fixed a problem with SPL iterators aggregating the inner iterator. (Marcus)
Fixed an error in mysqli_fetch_fields (returned NULL instead of an array when row number > field_count). (Georg)
Fixed bug in mysql::client_version(). (Georg)
Fixed bug in mysqli extension with unsigned int(11) being represented as signed integer in PHP instead of string in 32bit systems. (Andrey)
Fixed bug with $HTTP_RAW_POST_DATA not getting set. (Brian)
Fixed crash inside stream_get_line() when length parameter equals 0. (Ilia)
Fixed ext/mysqli to allocate less memory when fetching bound params of type (MEDIUM|LONG)BLOB/(MEDIUM|LONG)TEXT. (Andrey)
Fixed extension initialization to respect dependencies between extensions. (Wez)
Fixed failing queries (FALSE returned) with mysqli_query() on 64 bit systems. (Andrey)
Fixed fgetcsv() and fputcsv() inconsistency. (Dmitry)
Fixed inheritance check to control return by reference and pass by reference correctly (ArrayAccess can no longer support references correctly). (Marcus, Andi, Dmitry)
Fixed initializing and argument checking for posix_mknod(). (Derick)
Fixed memory corruption in ImageTTFText() with 64bit systems. (Andrey)
Fixed memory corruption in pg_copy_from() in case the as_null parameter was passed. (Derick)
Fixed memory corruption in stristr(). (Derick)
Fixed possible GLOBALS variable override when register_globals are ON. (Ilia, Stefan)
Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia)
Fixed possible register_globals toggle via parse_str(). (Ilia, Stefan)
Fixed potential GLOBALS overwrite via import_request_variables() and possible crash and/or memory corruption. (Ilia)
Fixed segfaults when CURL callback functions throw exception. (Tony)
Fixed support for shared extensions on AIX. (Dmitry)
Fixed bug #29944 (Function defined in switch, crashes). (Dmitry)
Fixed bug #29896 (Backtrace argument list out of sync). (Dmitry)
Fixed bug #29728 (Reflection API Feature: Default parameter value). (Marcus)
Fixed bug #29689 (default value of protected member overrides default value of private and other private variable problems in inherited classes). (Stas)
Fixed bug #26456 (Wrong results from Reflection-API getDocComment() when
called via STDIN). (Dmitry)
Fixed bug #25922 (In error handler, modifying 5th arg (errcontext) may result
in seg fault). (Dmitry)
Fixed bug #22836 (returning reference to uninitialized variable). (Dmitry)
Fixed bug #29689 (default value of protected member overrides default value of private)
and other private variable problems in inherited classes (Stas)
Fixed bug #29253 (array_diff with $GLOBALS argument fails). (Dmitry)
Abstract private methods are no longer allowed (Stas)
Fixed bug #26737 (private/protected properties not serialized when user declared method __sleep() exists). E_NOTICE thrown when __sleep() returns name of non-existing member. (Andrey, Curt)
Version 5.0.1
Changed destructor mechanism so that destructors are called prior to request shutdown. (Marcus)
Rewritten UNIX and Windows install help files. (Documentation Team)
Updated several libraries bundled with the windows release which now includes libxml2-2.6.11, libxslt-1.1.7 and iconv-1.9.1. (Rob, Edin)
Improved and moved ActiveScript SAPI to PECL. (Wez)
Fixed unloading of dynamically loaded extensions. (Marcus, kameshj at fastmail dot fm)
Fixed ReflectionClass::getMethod() and ReflectionClass::getProperty() to raise an ReflectionException instead of returning NULL on failure. (Sebastian)
Fixed convert.* filters to consume remaining buckets_in on flush. (Sara)
Fixed bug in mysqli->client_version. (Georg)
Fixed bug #29606 (php_strip_whitespace() prints to stdout rather then returning the value). (Ilia)
Fixed bug #27929 (SPL: change visibility of ArrayIterator::__construct). (Marcus)
Fixed bug #27640 (memory leak of registered_zend_ini_directives). (Dmitry)
Fixed bug #27063 (SPL: ArrayObject does not handle PPP correctly). (Marcus)
Version 5.0.0 Release Candidate 2
Implementing an interface/abstract method with the wrong prototype is now
a fatal error. (Zeev)
Reimplemented zend.ze1_compatibility_mode to have better PHP 4 compliance.
(Dmitry, Andi)
Under CLI, fclose() on php://stdin, php://stdout and php://stderr will now
close the real stream. Please update your CLI scripts to use STDIN, STDOUT
and STDERR constants instead of fopen()/fclose(). (Wez)
Moved yaz extension to PECL. (Wez)
Added pty support to proc_open(). (Wez)
Added possibility to check in which extension an internal class was defined
in using reflection API. (Marcus)
Changed tidy error handling to no longer use exceptions and
renamed the "error_buf" property to errorBuffer. (John)
Changed class and method names to use studlyCaps convention. (Marcus)
Changed language parser to throw errors when a non-empty signature is used in
a destructor definition. (Marcus)
Changed HTTP file uploads not to throw E_WARNINGs and E_NOTICEs. The error
value in the $_FILES global should be used for error handling. (Derick)
Changed __construct() to always take precedence over old style constructor.
(Dmitry)
Fixed handling of return values from storred procedures in mssql_execute()
with multiple result sets returned. (Frank)
Fixed bug #28096 (stream_socket_accept() doesn't work with ssl). (Wez)
Fixed bug #28007 (compile mssql extension with old versions of FreeTDS
fails). (Frank)
Fixed bug #27997 (SPL: Crash with getInnerIterator()). (Marcus)
Fixed bug #27469 (serialize() objects of incomplete class). (Dmitry)
Fixed bug #27457 (handling of numeric indexes in strtr()). (Dmitry)
Fixed bug #27397 (debug_backtrace() not showing function arguments). (Zeev)
Fixed bug #27283 (The last catch statement was sometimes skipped). (Andi)
Fixed bug #26441 (When __set() returned a value it corrupted it). (Andi)
Fixed bug #19749 (shouldn't mmap() files larger than memory_limit). (Wez)
Version 5.0.0 Release Candidate 1
Fixed numerous bugs with the just-in-time auto-global initialization, that
could cause $_SERVER, $argv/$argc and other variables not to work properly.
(Zeev)
Fixed data corruption with constant assignments to object properties. (Zeev)
Changed __toString() to be called automatically only with print and echo
statements. (Andi)
Replaced the exec_finished hook by the zend_post_deactive hook for
extensions. The new hook will be run after the symbol table and destructors
are run. (Derick)
Fixed possible crash when internal get_method() is not defined. (Andi)
Fixed calling methods using call_user_func() in conjunction with
the array("Class","Method") syntax to use the scope of the PHP user function.
(Dmitry)
Fixed php-cgi to not ignore command-line switches when run in a web context.
This fixes our test cases allowing INI with GET sections to work. (Rasmus)
Fixed getopt() so it works without $_SERVER. (Rasmus, bfrance)
Added support for PHP 4 style object comparisons which is enabled in
ze1_compatiblity_mode. (Andi)
Added support for PHP 4 style object conversion to long, double, and boolean
values which is enabled in ze1_compatibility_mode. (Andi, Stas)
Allow object oriented extensions to overload comparison functions and other
operations. Solves problems using SimpleXML values. (Andi, Zeev)
Fixed crash when accessing a class constant with a value which in turn is
also a constant. (Dmitry)
Fixed object's truth value conversion. It is always true unless
ze1_compatibility_mode is on in which it behaves like in PHP 4. (Stas)
Improved out of memory handling in new memory manager. (Stas)
Fixed crash when an object references itself during destructor call. (Andi)
Fixed crash in foreach() when iterating over object properties or a method's
return values. (Andi)
Fixed crash when an exception is thrown in a destructor. Such exceptions are
now ignored as destruction happens out of context at no definite time. (Andi)
Fixed crashes in exception handling. (Dmitry, Andi)
Changed prototype checks so that they aren't done on constructors. (Andi)
Changed prototype checks to output an E_STRICT message instead of
an E_COMPILE_ERROR. (Andi)
Changed Iterator::has_more() to Iterator::valid(). (Marcus)
Upgraded bundled oniguruma library to version 2.2.2. (Rui, Moriyoshi)
Added mb_list_encoding() to return an array with all mbstring supported
encodings. (Derick)
Added support for more ISO8601 datetime formats in strtotime(). (Moriyoshi)
Renamed php.ini option "zend2.implicit_clone" to
"zend.ze1_compatibility_mode" as it doesn't only affect implicit cloning.
(Andi, Zeev)
Methods that override parent methods are now subject to prototype checking,
and have to be compatible with the method they're overriding - this check is
disabled in compatibility mode. (Andi, Zeev)
Fixed crash in php_ini_scanned_files() when no additional INI files were
actually parsed. (Jon)
Fixed bug in gdImageFilledRectangle in the bundled GD library, that required
x1 < x2 and y1 < y2 for coordinates. (Derick)
Fixed crash with foreach() and temporary objects($obj->method()->a ...) where
method returns a non-referenced object. (Andi, Zeev)
Fixed problem preventing startup errors from being displayed. (Marcus)
Fixed start-up problem if both SPL and SimpleXML were enabled. The double
initialization of apache 1.3 was causing problems here. (Marcus, Derick)
Fixed bug #27606 (Expression must be a modifiable lvalue compiler error).
(Derick)
Fixed bug #27597 (pg_fetch_array not returning false). (Marcus)
Fixed bug #27586 (ArrayObject::getIterator crashes with [] assignment).
(Marcus)
Fixed bug #27537 (Objects pointing to each other segfaults). (Dmitry)
Fixed bug #27535 (Problem with object freeing mechanism). (Dmitry)
Fixed bug #27504 (Visibility bugs in call_user_function()). (Dmitry)
Fixed bug #27457 (handling of numeric indexes in strtr()). (Dmitry)
Fixed bug #27338 (memory leak inside tsrm_virtual_cwd.c on win32). (Ilia)
Fixed bug #25724 (argv and argc not defined). (Zeev)
Version 5.0.0 Beta 4
Changed exceptions so that they must now inherit from the built-in Exception
class. This allows for a general catch(Exception $e) statement to catch all
exceptions. (Andi, Zeev)
Added SPL extension. (Marcus, Derick)
Added checks for invalid characters in a cookie name and cookie data
into set[raw]cookie(). (Brian)
Added support for ++ and += (and similar) to SimpleXML. (Andi, Zeev)
Added infrastructure for ++ and += (and similar) to object overloading
modules. (Andi, Zeev)
Added error message when trying to re-assign to $this variable. (Zeev, Andi)
Added support for an interface to extend another interface. (Zeev)
Added new pspell functions: (Brian)
pspell_config_dict_dir()
pspell_config_data_dir()
Added new Interbase functions: (Ard)
ibase_service_attach() and ibase_service_detach().
ibase_backup() and ibase_restore().
ibase_maintain_db(), ibase_db_info() and ibase_server_info().
Added context option "http"/"request_fulluri" to send entire URI in request
which is required format for some proxies. (Sara)
Added optional third parameter 'strict' to array_keys(). (Andrey)
Added stream_lock() method to userspace streams interface. (Hartmut, Wez)
Readded support for using classes before they are declared according to
the behavior in PHP 4. This won't work with classes who are using PHP 5
features such as interfaces. (Zeev, Andi)
Upgraded bundled SQLite library to version 2.8.11. (Ilia, Wez)
Improved destructor implementation to always call destructors on clean
shutdown. An order of destruction is not guaranteed. (Zeev, Andi)
Redesigned exception support. This fixes many bugs in the previous design
such as nested try's and problems with overloaded extensions. (Zeev, Andi)
Redesigned clone by adding a clone keyword (clone $obj) and copying all
properties before __clone() is called. Also allows calling parent __clone
function by using parent::__clone(). (Zeev, Andi)
Fixed interfaces to check for function return-by-reference equality when
inheriting and implementing interfaces. (Andi, Zeev)
Fixed foreach() to respect property visibility. (Marcus)
Fixed problem with parse error in include() file not stopping PHP's
execution. (Ilia)
Fixed var_export() to show public, protected and private modifiers properly.
(Derick)
Fixed problems with longlong values in mysqli. (Georg)
Fixed class name case preserving of user defined classes. (Marcus)
Fixed bug #27145 (Unmangle private/protected property names before printing
them inside error messages). (Ilia)
Improved the speed of internal functions that use callbacks by 40% due to a
new internal fast_call_user_function() function. (Sterling)
Completely Overhauled XML support (Rob, Sterling, Chregu, Marcus)
Brand new Simplexml extension
New DOM extension
New XSL extension
Moved the old DOM-XML and XSLT extensions to PECL
ext/xml can now use both libxml2 and expat to parse XML
Removed bundled expat
Removed the bundled MySQL client library. (Sterling)
New php.ini options:
"session.hash_function" and "session.hash_bits_per_character". (Sascha)
"mail.force_extra_paramaters". (Derick)
"register_long_arrays". (Zeev)
Improved the streams support: (Wez, Sara, Ilia)
Improved performance of readfile(), fpassthru() and some internal streams
operations under Win32.
stream_socket_client() - similar to fsockopen(), but more powerful.
stream_socket_server() - Creates a server socket.
stream_socket_accept() - Accept a client connection.
stream_socket_get_name() - Get local or remote name of socket.
stream_copy_to_stream()
stream_get_line() - Reads either the specified number of bytes or until
the ending string is found.
Added context property to userspace streams object.
Added generic crypto interface for streams (supports dynamic loading of
OpenSSL)
Added lightweight streaming input abstraction to the Zend Engine scanners
to provide uniform support for include()'ing data from PHP streams across
all platforms.
Added 'string.base64' stream filter.
Renamed stream_register_wrapper() to stream_wrapper_register().
Added "ftp://" wrapper support to opendir(), stat() and unlink().
Added context options 'method', 'header' and 'content' for "http://" fopen
wrapper.
Improved the GD extension: (Pierre-Alain Joye, Ilia)
imagefilter() - Apply different filters to image. (Only available
with bundled GD library)
Antialiased drawing support:
imageantialias() - (de)active antialias
imageline() and imagepolygon() antialias support
Changed the length parameter in fgetss() to be optional. (Moriyoshi)
Changed ini parser to allow for handling of quoted multi-line values. (Ilia)
Changed get_extension_funcs() to return list of the built-in Zend Engine
functions if "zend" is specified as the module name. (Ilia)
Changed array_search() to accept also objects as a needle. (Moriyoshi)
Changed ext/mcrypt to require libmcrypt version 2.5.6 or greater. (Derick)
Changed uniqid() parameters to be optional and allow any prefix length. (Marcus)
Added new iconv functions. (Moriyoshi)
iconv_strlen()
iconv_substr()
iconv_strpos()
iconv_strrpos()
iconv_mime_decode()
iconv_mime_encode()
Added misc. new functions:
ldap_sasl_bind(). (peter_c60@hotmail.com, Jani)
imap_getacl(). (Dan, Holger Burbach)
file_put_contents(). (Sterling)
proc_nice() - Changes priority of the current process. (Ilia)
pcntl_getpriority() and pcntl_setpriority(). (Ilia)
idate(), date_sunrise() and date_sunset(). (Moshe Doron)
strpbrk() - Searches a string for a list of characters. (Ilia)
get_headers() - Returns headers sent by the server of the specified URL. (Ilia)
str_split() - Breaks down a string into an array of elements based on length. (Ilia)
array_walk_recursive(). (Ilia)
array_combine(). (Andrey)
Added optional parameter to get_browser() to make it return an array. (Jay)
Added optional parameter to openssl_sign() to specify the hashing algorithm.(scott@planetscott.ca, Derick)
Added optional parameter to sha1(), sha1_file(), md5() and md5_file() which
makes them return the digest as binary data. (Michael Bretterklieber, Derick)
Added optional parameter to mkdir() to make directory creation recursive. (Ilia)
Added optional parameter to file() which makes the result array not contain
the line endings and to skip empty lines. (Ilia)
Added new range() functionality:
Support for float modifier. (Ilia)
Detection of numeric values inside strings passed as high & low. (Ilia)
Proper handle the situations where high == low. (Ilia)
Added an optional step parameter. (Jon)
Added encoding detection feature for expat XML parser. (Adam Dickmeiss, Moriyoshi)
Added missing multibyte (unicode) support and numeric entity support to
html_entity_decode(). (Moriyoshi)
Added IPv6 support to ext/sockets. (Sara)
Added input filter support. See README.input_filter for more info. (Rasmus)
Added a replace count for str_[i]replace(), see #8218. (Sara)
Fixed is_executable() to be available also on Windows. (Shane)
Fixed dirname() and strip_tags() to be binary-safe. (Moriyoshi)
