1PHP NEWS 2||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 320 Oct 2011, PHP 5.4.0 beta2 4- General improvements: 5 . Improve the warning message of incompatible arguments. (Laruence) 6 . Improve ternary operator performance when returning arrays. (Arnaud, Dmitry) 7 8- Core: 9 . Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds). (Pierre) 10 . Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux 11 parisc). (Felipe) 12 . Fixed bug #55705 (Omitting a callable typehinted argument causes a segfault). 13 (Felipe, Laruence) 14 . Fixed bug #55758 (Digest Authenticate missed in 5.4) . (Laruence) 15 . Fixed bug #55622 (memory corruption in parse_ini_string). (Pierre) 16 . Fixed bug #55825 (Missing initial value of static locals in trait methods). 17 (Laruence) 18 . Fixed bug #60038 (SIGALRM cause segfault in php_error_cb). (Laruence) 19 20- Openssl 21 . Revert r313616 (When we have a blocking SSL socket, respect the timeout 22 option, scottmac), breaks ssl support as described in bugs #55283 and #55848 23 24- PDO DBlib driver: 25 . Fixed bug #60033 (Incorrectly merged PDO dblib patches break 26 uniqueidentifier column type). (warezthebeef at gmail dot com) 27 28- Sysvshm 29 . Fixed bug #55750 (memory copy issue in sysvshm extension). 30 (Ilia, jeffhuang9999 at gmail dot com) 31 32- Zlib: 33 . Fixed bug #55544 (ob_gzhandler always conflicts with 34 zlib.output_compression). (Mike) 35 36- SPL: 37 . FilesystemIterator, GlobIterator and (Recursive)DirectoryIterator now use 38 the default stream context. (Hannes) 39 . Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY). 40 (jgotti at modedemploi dot fr, Hannes) 41 42- CLI SAPI: 43 . Fixed bug #55726 (Changing the working directory makes router script 44 inaccessible). (Laruence) 45 . Fixed bug #55747 (request headers missed in $_SERVER). (Laruence) 46 . Fixed bug #55755 (SegFault when outputting header WWW-Authenticate). (Laruence) 47 48- Litespeed SAPI: 49 . Fixed bug #55769 (Make Fails with "Missing Separator" error). (Adam) 50 51- Fileinfo: 52 . Fixed bug #60094 (C++ comment fails in c89). (Laruence) 53 5415 Sep 2011, PHP 5.4.0 Beta1 55- General improvements: 56 . Added callable typehint. (Hannes) 57 . Implemented closure rebinding as parameter to bindTo. (Gustavo Lopes) 58 . Turn on html_errors by default again in php.ini-production like it was in 59 PHP 5.3, but only generate docref links when the docref_root INI setting is 60 not empty. (Derick) 61 . Fixed bug #55378: Binary number literal returns float number though its 62 value is small enough. (Derick) 63 . Added support for SORT_NATURAL and SORT_FLAG_CASE in array 64 sort functions (sort, rsort, ksort, krsort, asort, arsort and 65 array_multisort). FR#55158 (Arpad) 66 . Disable windows CRT warning by default, can be enabled again using the ini 67 directive windows_show_crt_warnings. (Pierre) 68 . Removed support for putenv("TZ=..") for setting the timezone. (Derick) 69 . Removed the timezone guessing algorithm in case the timezone isn't set with 70 date.timezone or date_default_timezone_set(). Instead of a guessed 71 timezone, "UTC" is now used instead. (Derick) 72 73- Improved MySQL extensions: 74 . ext/mysql, mysqli and pdo_mysql now use mysqlnd by default. (Johannes) 75 76- Improved mbstring extension: 77 . Added Shift_JIS/UTF-8 Emoji (pictograms) support. (Rui) 78 . Added JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004) 79 support. (Rui) 80 . Ill-formed UTF-8 check for security enhancements. (Rui) 81 . Added MacJapanese (Shift_JIS) and gb18030 encoding support. (Rui) 82 . Added encode/decode in hex format to mb_[en|de]code_numericentity(). (Rui) 83 . Added user JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004) 84 support. (Rui) 85 . Added the user user defined area for CP936 and CP950 (Rui). 86 87- Improved Reflection extension: 88 . Added ReflectionClass::newInstanceWithoutConstructor() to create a new 89 instance of a class without invoking its constructor. FR #55490. 90 (Sebastian) 91 92- Improved intl extension: 93 . Fixed bug #55562 (grapheme_substr() returns false on big length). (Stas) 94 95- Improved JSON extension: 96 . Added new json_encode() option JSON_UNESCAPED_UNICODE. FR #53946. 97 (Alexander, Gwynne) 98 99- Improved CLI SAPI: 100 . Added friendly log messages - FR #55109 (Arpad) 101 102- Improved readline extension: 103 . Fixed bug #54450 (Enable callback support when built against libedit). 104 (fedora at famillecollet dot com, Hannes) 105 106- Improved Session extension: 107 . Expose session status via new function, session_status (FR #52982) (Arpad) 108 . Added support for object-oriented session handlers. (Arpad) 109 110- Improved SPL extension: 111 . Immediately reject wrong usages of directories under Spl(Temp)FileObject 112 and friends. (Etienne, Pierre) 113 114- Improved XSL extension: 115 . XSL doesn't stop transformation anymore, if a PHP function can't be called 116 (Christian) 117 11804 Aug 2011, PHP 5.4.0 Alpha 3 119- Added features: 120 . Short array syntax, see UPGRADING guide for full details 121 (rsky0711 at gmail . com, sebastian.deutsch at 9elements . com, Pierre) 122 . Binary numbers format (0b001010). (Jonah dot Harris at gmail dot com) 123 . Support for Class::{expr}() syntax (Pierrick) 124 125- Removed features: 126 . Removed magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase 127 ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept 128 but always return false, set_magic_quotes_runtime raises an 129 E_CORE_ERROR. (Pierrick, Pierre) 130 131- Changed E_ALL to include E_STRICT. (Stas) 132 133- Improved core functions 134 . Fixed bug #55124 (recursive mkdir fails with current (dot) directory in path). 135 (Pierre) 136 137- Improved PHP-FPM SAPI: 138 . Added process.max to control the number of process FPM can fork. FR #55166. 139 (fat) 140 . Dropped restriction of not setting the same value multiple times, the last 141 one holds. (giovanni at giacobbi dot net, fat) 142 143- SPL extension: 144 . Added missing class_uses(..) as pointed out by #55266 (Stefan) 145 . Fixed bug #55287 (spl_classes() not includes CallbackFilter classes) 146 (sasezaki at gmail dot com, salathe) 147 148 14914 Jul 2011, PHP 5.4.0 Alpha 2 150- General improvements: 151 . Zend Signal Handling. (Lucas Nealan,Arnaud Le Blanc,Brian Shire, Ilia) 152 153- Improved Zend Engine 154 . Improved parse error messages. (Felipe) 155 156- Improved CLI SAPI: 157 . Added built-in web server that is intended for testing purpose. 158 (Moriyoshi) 159 160- Improved PHP-FPM SAPI: 161 . Added partial syslog support (on error_log only). FR #52052. (fat) 162 . Lowered default value for Process Manager. FR #54098. (fat) 163 . Enhance security by limiting access to user defined extensions. 164 FR #55181. (fat) 165 166- Improved core functions: 167 . Changed http_response_code() to be able to set a response code. (Kalle) 168 . Fixed crypt_blowfish handling of 8-bit characters. (Stas) (CVE-2011-2483) 169 . Fixed bug#55084 (Function registered by header_register_callback is 170 called only once per process). (Hannes) 171 172- Improved DOM extension: 173 . Added the ability to pass options to loadHTML (Chregu, fxmulder at gmail dot com) 174 175- OpenSSL extension: 176 . Use php's implementation for Windows Crypto API in 177 openssl_random_pseudo_bytes. (Pierre) 178 17920 Jun 2011, PHP 5.4.0 Alpha 1 180- autoconf 2.59+ is now supported (and required) for generating the 181 configure script with ./buildconf. Autoconf 2.60+ is desirable 182 otherwise the configure help order may be incorrect. (Rasmus, Chris Jones) 183 184- Removed legacy features: 185 . break/continue $var syntax. (Dmitry) 186 . Safe mode and all related ini options. (Kalle) 187 . register_globals and register_long_arrays ini options. (Kalle) 188 . import_request_variables(). (Kalle) 189 . allow_call_time_pass_reference. (Pierrick) 190 . define_syslog_variables ini option and its associated function. (Kalle) 191 . highlight.bg ini option. (Kalle) 192 . Session bug compatibility mode (session.bug_compat_42 and 193 session.bug_compat_warn ini options). (Kalle) 194 . session_is_registered(), session_register() and session_unregister() 195 functions. (Kalle) 196 . y2k_compliance ini option. (Kalle) 197 198- Moved extensions to PECL: (Johannes) 199 . ext/sqlite. (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are 200 not affected) 201 202- Changed $_SERVER['REQUEST_TIME'] to include microsecond precision. (Ilia) 203- Changed default value of "default_charset" php.ini option from ISO-8859-1 to 204 UTF-8. (Rasmus) 205- Changed array_combine() to return empty array instead of FALSE when both 206 parameter arrays are empty. FR #34857. (joel.perras@gmail.com) 207- Changed third parameter of preg_match_all() to optional. FR #53238. (Adam) 208- Changed silent casting of null/''/false into an Object when adding 209 a property into a warning. (Scott) 210- <?= is now always available regardless of the short_open_tag setting (Rasmus) 211 212- General improvements: 213 . Added multibyte support by default. Previously php had to be compiled 214 with --enable-zend-multibyte. Now it can be enabled or disabled through 215 zend.multibyte directive in php.ini. (Dmitry) 216 . Removed compile time dependency from ext/mbstring (Dmitry) 217 . Added support for Traits. (Stefan) 218 . Added closure $this support back. (Stas) 219 . Added array dereferencing support. (Felipe) 220 . Added indirect method call through array. FR #47160. (Felipe) 221 . Added support for object references in recursive serialize() calls. 222 FR #36424. (Mike) 223 . Added http_response_code() function. FR #52555. (Paul Dragoonis, Kalle) 224 . Added header_register_callback() which is invoked immediately 225 prior to the sending of headers and after default headers have 226 been added. (Scott) 227 . Added DTrace support. (David Soria Parra) 228 . Improved output layer, see README.NEW-OUTPUT-API for internals. (Mike) 229 . Improved unserialize() performance. 230 (galaxy dot mipt at gmail dot com, Kalle) 231 . Improved unix build system to allow building multiple PHP binary SAPIs and 232 one SAPI module the same time. FR #53271, FR #52410. (Jani) 233 . Added optional argument to debug_backtrace() and debug_print_backtrace() 234 to limit the amount of stack frames returned. (Sebastian, Patrick) 235 . Added stream metadata API support and stream_metadata() stream class 236 handler. (Stas) 237 238- Improved Zend Engine memory usage: (Dmitry) 239 . Replaced zend_function.pass_rest_by_reference by 240 ZEND_ACC_PASS_REST_BY_REFERENCE in zend_function.fn_flags. 241 . Replaced zend_function.return_reference by ZEND_ACC_RETURN_REFERENCE 242 in zend_function.fn_flags. 243 . Removed zend_arg_info.required_num_args as it was only needed for internal 244 functions. Now the first arg_info for internal functions (which has special 245 meaning) is represented by zend_internal_function_info structure. 246 . Moved zend_op_array.size, size_var, size_literal, current_brk_cont, 247 backpatch_count into CG(context) as they are used only during compilation. 248 . Moved zend_op_array.start_op into EG(start_op) as it's used only for 249 'interactive' execution of single top-level op-array. 250 . Replaced zend_op_array.done_pass_two by ZEND_ACC_DONE_PASS_TWO in 251 zend_op_array.fn_flags. 252 . op_array.vars array is trimmed (reallocated) during pass_two. 253 . Replaced zend_class_entry.constants_updated by ZEND_ACC_CONSTANTS_UPDATED 254 in zend_class_entry.ce_flags. 255 . Reduced the size of zend_class_entry by sharing the same memory space 256 by different information for internal and user classes. 257 See zend_class_entry.info union. 258 . Reduced size of temp_variable. 259 260- Changed the structure of op_array.opcodes. The constant values are moved from 261 opcode operands into a separate literal table. (Dmitry) 262 263- Improved Zend Engine, performance tweaks and optimizations: (Dmitry) 264 . Inlined most probable code-paths for arithmetic operations directly into 265 executor. 266 . Eliminated unnecessary iterations during request startup/shutdown. 267 . Changed $GLOBALS into a JIT autoglobal, so it's initialized only if used. 268 (this may affect opcode caches!) 269 . Improved performance of @ (silence) operator. 270 . Simplified string offset reading. $str[1][0] is now a legal construct. 271 . Added caches to eliminate repeatable run-time bindings of functions, 272 classes, constants, methods and properties. 273 . Added concept of interned strings. All strings constants known at compile 274 time are allocated in a single copy and never changed. 275 . Added an optimization which saves memory and emalloc/efree calls for empty 276 HashTables. (Stas, Dmitry) 277 . ZEND_RECV now always has IS_CV as its result. 278 . ZEND_CATCH now has to be used only with constant class names. 279 . ZEND_FETCH_DIM_? may fetch array and dimension operands in different order. 280 . Simplified ZEND_FETCH_*_R operations. They can't be used with the 281 EXT_TYPE_UNUSED flag any more. This is a very rare and useless case. 282 ZEND_FREE might be required after them instead. 283 . Split ZEND_RETURN into two new instructions ZEND_RETURN and 284 ZEND_RETURN_BY_REF. 285 . Optimized access to global constants using values with pre-calculated 286 hash_values from the literals table. 287 . Optimized access to static properties using executor specialization. 288 A constant class name may be used as a direct operand of ZEND_FETCH_* 289 instruction without previous ZEND_FETCH_CLASS. 290 . zend_stack and zend_ptr_stack allocation is delayed until actual usage. 291 292- Improved CLI SAPI: (Johannes, Moriyoshi) 293 . Added command line option --rz <name> which shows information of the 294 named Zend extension. (Johannes) 295 . Interactive readline shell improvements: (Johannes) 296 . Added "cli.pager" php.ini setting to set a pager for output. 297 . Added "cli.prompt" php.ini setting to configure the shell prompt. 298 . Added shortcut #inisetting=value to change ini settings at run-time. 299 . Changed shell not to terminate on fatal errors. 300 . Interactive shell works with shared readline extension. FR #53878. 301 302- Improved FastCGI SAPI: (Dmitry) 303 . Added apache compatible functions: apache_child_terminate(), 304 getallheaders(), apache_request_headers() and apache_response_headers() 305 . Improved performance of FastCGI request parsing. 306 307- Improved core functions: 308 . number_format() no longer truncates multibyte decimal points and thousand 309 separators to the first byte. FR #53457. (Adam) 310 . Added hex2bin() function. (Scott) 311 312- Improved CURL extension: 313 . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and 314 CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick) 315 316- Improved Date extension: 317 . Added the + modifier to parseFromFormat to allow trailing text in the 318 string to parse without throwing an error. (Stas, Derick) 319 320- Improved DBA extension: 321 . Added Tokyo Cabinet abstract DB support. (Michael Maclean) 322 . Added Berkeley DB 5 support. (Johannes, Chris Jones) 323 324- Improved filesystem functions: 325 . scandir() now accepts SCANDIR_SORT_NONE as a possible sorting_order value. 326 FR #53407. (Adam) 327 328- Improved HASH extension: 329 . Added Jenkins's one-at-a-time hash support. (Martin Jansen) 330 . Added FNV-1 hash support. (Michael Maclean) 331 . Made Adler32 algorithm faster. FR #53213. (zavasek at yandex dot ru) 332 333- Improved intl extension: 334 . Added Spoofchecker, allows checking for visibly confusable characters and 335 other security issues. (Scott) 336 337- Improved JSON extension: 338 . Added JsonSerializable interface. (Sara) 339 . Added JSON_BIGINT_AS_STRING, extended json_decode() sig with $options. 340 (Sara) 341 . Added support for JSON_NUMERIC_CHECK option in json_encode() that converts 342 numeric strings to integers. (Ilia) 343 . Added new json_encode() option JSON_PRETTY_PRINT. FR #44331. (Adam) 344 . Added new json_encode() option JSON_UNESCAPED_SLASHES. FR #49366. (Adam) 345 346- Improved LDAP extension: 347 . Added paged results support. FR #42060. (ando@OpenLDAP.org, 348 iarenuno@eteo.mondragon.edu, jeanseb@au-fil-du.net, remy.saissy@gmail.com) 349 350- Improved MySQL extensions: 351 . MySQL: Deprecated mysql_list_dbs(). FR #50667. (Andrey) 352 . mysqlnd: Added named pipes support. FR #48082. (Andrey) 353 . MySQLi: Added iterator support in MySQLi. mysqli_result implements 354 Traversable. (Andrey, Johannes) 355 . PDO_mysql: Removed support for linking with MySQL client libraries older 356 than 4.1. (Johannes) 357 358- Improved OpenSSL extension: 359 . Added AES support. FR #48632. (yonas dot y at gmail dot com, Pierre) 360 . Added a "no_ticket" SSL context option to disable the SessionTicket TLS 361 extension. FR #53447. (Adam) 362 . Added no padding option to openssl_encrypt()/openssl_decrypt(). (Scott) 363 364- Improved PDO DB-LIB: (Stanley) 365 . Added nextRowset support. 366 . Fixed bug #50755 (PDO DBLIB Fails with OOM). 367 368- Improved PostgreSQL extension: 369 . Added support for "extra" parameter for PGNotify(). 370 (r dot i dot k at free dot fr, Ilia) 371 372- Improved Reflection extension: (Johannes) 373 . Added ReflectionExtension::isTemporary() and 374 ReflectionExtension::isPersistent() methods. 375 . Added ReflectionZendExtension class. 376 . Added ReflectionClass::isCloneable(). (Felipe) 377 378- Improved Session extension: 379 . Added support for storing upload progress feedback in session data. (Arnaud) 380 . Changed session.entropy_file to default to /dev/urandom or /dev/arandom if 381 either is present at compile time. (Rasmus) 382 383- Improved SPL extension: 384 . Added RegexIterator::getRegex() method. (Joshua Thijssen) 385 . Added SplObjectStorage::getHash() hook. (Etienne) 386 . Added CallbackFilterIterator and RecursiveCallbackFilterIterator. (Arnaud) 387 388- Improved XSL extension: 389 . Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs() to 390 define forbidden operations within XSLT stylesheets, default is not to 391 enable write operations from XSLT. Bug #54446 (Chregu, Nicolas Gregoire) 392 393- Improved ZLIB extension: 394 . Re-implemented non-file related functionality. (Mike) 395 396- Improved SNMP extension (Boris Lytochkin): 397 . Added OO API. FR #53594 (php-snmp rewrite). 398 . Sanitized return values of existing functions. Now it returns FALSE on 399 failure. 400 . Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to max_oids 401 upon request. 402 . Introducing unit tests for extension with ~full coverage. 403 IPv6 support. (FR #42918) 404 . Way of representing OID value can now be changed when SNMP_VALUE_OBJECT 405 is used for value output mode. Use or'ed SNMP_VALUE_LIBRARY(default if 406 not specified) or SNMP_VALUE_PLAIN. (FR #54502) 407 . Fixed bugs 408 . #44193 (snmp v3 noAuthNoPriv doesn't work) 409 . #45893 (Snmp buffer limited to 2048 char) 410 . #46065 (snmp_set_quick_print() persists between requests) 411 . #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly) 412 . #53862 (snmp_set_oid_output_format does not allow returning to default) 413 414## UNSORTED ## 415 416- Fixed PDO objects binary incompatibility. (Dmitry) 417- Fixed bug #52211 (iconv() returns part of string on error). (Felipe) 418- Fixed bug #55450 (Built in web server not accepting file uploads). (Laruence) 419- Fixed bug #55471 (ZTS build broken with dtrace). (Laruence) 420- Fixed bug #55463 (cli-server missing _SERVER[REMOTE_ADDR]). (Laruence) 421- Fixed bug #55473 (mysql_pconnect leaks file descriptors on reconnect). (Andrey, Laruence) 422- Fixed bug #55423 (cli-server could not output correctly in some case). (Laruence, chobieee at gmail dot com) 423- Fixed bug #55653 (PS crash with libmysql when binding same variable as param and out). (Laruence) 424 425?? ??? 2011, PHP 5.3.9 426 427- Core: 428 . Fixed Bug #55649 (Undefined function Bug()). (Laruence) 429 . Fixed bug #55576: Cannot conditionally move uploaded file without race 430 condition. (Gustavo) 431 . Fixed bug #55366: keys lost when using substr_replace an array. (Arpad) 432 . Fixed bug #55273 (base64_decode() with strict rejects whitespace after 433 pad). (Ilia) 434 . Fixed bug #55510: $_FILES 'name' missing first character after upload. 435 (Arpad) 436 . Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence) 437 . Fixed bug #55504 (Content-Type header is not parsed correctly on 438 HTTP POST request). (Hannes) 439 . Fixed bug #52461 (Incomplete doctype and missing xmlns). 440 (virsacer at web dot de, Pierre) 441 442- Curl: 443 . Fixed bug #54798 (Segfault when CURLOPT_STDERR file pointer is closed 444 before calling curl_exec). (Hannes) 445 . Fixed issues were curl_copy_handle() would sometimes lose copied 446 preferences. (Hannes) 447 448- DateTime: 449 . Fixed bug #48476 (cloning extended DateTime class without calling 450 parent::__constr crashed PHP). (Hannes) 451 452- MySQL: 453 . Fixed bug #55550 (mysql.trace_mode miscounts result sets). (Johannes) 454 455- MySQLi extension: 456 . Fixed bug #55582 (mysqli_num_rows() returns always 0 for unbuffered, when 457 mysqlnd is used). (Andrey) 458 459- mysqlnd 460 . Fixed bug #55609 (mysqlnd cannot be built shared). (Johannes) 461 . Fixed bug #55067 (MySQL doesn't support compression - wrong config option). 462 (Andrey) 463 464- PDO MySQL driver: 465 . Fixed bug #54158 (MYSQLND+PDO MySQL requires #define MYSQL_OPT_LOCAL_INFILE) 466 (Andrey) 467 468- Phar: 469 . Fixed bug#52013 (Unable to decompress files in a compressed phar). (Hannes) 470 . Fixed bug#53872 (internal corruption of phar). (Hannes) 471 472- Session: 473 . Fixed bug #55267 (session_regenerate_id fails after header sent). (Hannes) 474 475- NSAPI SAPI: 476 . Don't set $_SERVER['HTTPS'] on unsecure connection (bug #55403). (Uwe 477 Schindler) 478 479- SimpleXML: 480 . Reverted the SimpleXML->query() behaviour to returning empty arrays 481 instead of false when no nodes are found as it was since 5.3.3 482 (bug #48601). (chregu, rrichards) 483 484- String: 485 . Fixed bug #55674 (fgetcsv & str_getcsv skip empty fields in some tab-separated 486 records). (Laruence) 487 48823 Aug 2011, PHP 5.3.8 489 490- Core: 491 . Fixed bug #55439 (crypt() returns only the salt for MD5). (Stas) 492 493- OpenSSL: 494 . Reverted a change in timeout handling restoring PHP 5.3.6 behavior, 495 as the new behavior caused mysqlnd SSL connections to hang (#55283). 496 (Pierre, Andrey, Johannes) 497 49818 Aug 2011, PHP 5.3.7 499- Upgraded bundled SQLite to version 3.7.7.1. (Scott) 500- Upgraded bundled PCRE to version 8.12. (Scott) 501 502- Zend Engine: 503 . Fixed bug #55156 (ReflectionClass::getDocComment() returns comment even 504 though the class has none). (Felipe) 505 . Fixed bug #55007 (compiler fail after previous fail). (Felipe) 506 . Fixed bug #54910 (Crash when calling call_user_func with unknown function 507 name). (Dmitry) 508 . Fixed bug #54804 (__halt_compiler and imported namespaces). 509 (Pierrick, Felipe) 510 . Fixed bug #54624 (class_alias and type hint). (Felipe) 511 . Fixed bug #54585 (track_errors causes segfault). (Dmitry) 512 . Fixed bug #54423 (classes from dl()'ed extensions are not destroyed). 513 (Tony, Dmitry) 514 . Fixed bug #54372 (Crash accessing global object itself returned from its 515 __get() handle). (Dmitry) 516 . Fixed bug #54367 (Use of closure causes problem in ArrayAccess). (Dmitry) 517 . Fixed bug #54358 (Closure, use and reference). (Dmitry) 518 . Fixed bug #54262 (Crash when assigning value to a dimension in a non-array). 519 (Dmitry) 520 . Fixed bug #54039 (use() of static variables in lambda functions can break 521 staticness). (Dmitry) 522 523- Core 524 . Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer) 525 . Removed warning when argument of is_a() or is_subclass_of() is not 526 a known class. (Stas) 527 . Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski. 528 . Added PHP_MANDIR constant telling where the manpages were installed into, 529 and an --man-dir argument to php-config. (Hannes) 530 . Fixed a crash inside dtor for error handling. (Ilia) 531 . Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas) 532 . Implemented FR #54459 (Range function accuracy). (Adam) 533 534 . Fixed bug #55399 (parse_url() incorrectly treats ':' as a valid path). 535 (Ilia) 536 . Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off). 537 (Dmitry) 538 . Fixed bug #55295 [NEW]: popen_ex on windows, fixed possible heap overflow 539 (Pierre) 540 . Fixed bug #55258 (Windows Version Detecting Error). 541 ( xiaomao5 at live dot com, Pierre) 542 . Fixed bug #55187 (readlink returns weird characters when false result). 543 (Pierre) 544 . Fixed bug #55082 (var_export() doesn't escape properties properly). 545 (Gustavo) 546 . Fixed bug #55014 (Compile failure due to improper use of ctime_r()). (Ilia) 547 . Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload 548 filename). (Felipe) Reported by Krzysztof Kotowicz. (CVE-2011-2202) 549 . Fixed bug #54935 php_win_err can lead to crash. (Pierre) 550 . Fixed bug #54924 (assert.* is not being reset upon request shutdown). (Ilia) 551 . Fixed bug #54895 (Fix compiling with older gcc version without need for 552 membar_producer macro). (mhei at heimpold dot de) 553 . Fixed bug #54866 (incorrect accounting for realpath_cache_size). 554 (Dustin Ward) 555 . Fixed bug #54723 (getimagesize() doesn't check the full ico signature). 556 (Scott) 557 . Fixed bug #54721 (Different Hashes on Windows, BSD and Linux on wrong Salt 558 size). (Pierre, os at irj dot ru) 559 . Fixed bug #54580 (get_browser() segmentation fault when browscap ini 560 directive is set through php_admin_value). (Gustavo) 561 . Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption). (Dmitry) 562 . Fixed bug #54305 (Crash in gc_remove_zval_from_buffer). (Dmitry) 563 . Fixed bug #54238 (use-after-free in substr_replace()). (Stas) 564 (CVE-2011-1148) 565 . Fixed bug #54204 (Can't set a value with a PATH section in php.ini). 566 (Pierre) 567 . Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment). 568 (tomas dot brastavicius at quantum dot lt, Pierrick) 569 . Fixed bug #54137 (file_get_contents POST request sends additional line 570 break). (maurice-php at mertinkat dot net, Ilia) 571 . Fixed bug #53848 (fgetcsv() ignores spaces at beginnings of fields). (Ilia) 572 . Alternative fix for bug #52550, as applied to the round() function (signed 573 overflow), as the old fix impacted the algorithm for numbers with magnitude 574 smaller than 0. (Gustavo) 575 . Fixed bug #53727 (Inconsistent behavior of is_subclass_of with interfaces) 576 (Ralph Schindler, Dmitry) 577 . Fixed bug #52935 (call exit in user_error_handler cause stream relate 578 core). (Gustavo) 579 . Fixed bug #51997 (SEEK_CUR with 0 value, returns a warning). (Ilia) 580 . Fixed bug #50816 (Using class constants in array definition fails). 581 (Pierrick, Dmitry) 582 . Fixed bug #50363 (Invalid parsing in convert.quoted-printable-decode 583 filter). (slusarz at curecanti dot org) 584 . Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using 585 TMPDIR on Windows). (Pierre) 586 587- Apache2 Handler SAPI: 588 . Fixed bug #54529 (SAPI crashes on apache_config.c:197). 589 (hebergement at riastudio dot fr) 590 591- CLI SAPI: 592 . Fixed bug #52496 (Zero exit code on option parsing failure). (Ilia) 593 594- cURL extension: 595 . Added ini option curl.cainfo (support for custom cert db). (Pierre) 596 . Added CURLINFO_REDIRECT_URL support. (Daniel Stenberg, Pierre) 597 . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and 598 CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick) 599 600- DateTime extension: 601 . Fixed bug where the DateTime object got changed while using date_diff(). 602 (Derick) 603 . Fixed bug #54340 (DateTime::add() method bug). (Adam) 604 . Fixed bug #54316 (DateTime::createFromFormat does not handle trailing '|' 605 correctly). (Adam) 606 . Fixed bug #54283 (new DatePeriod(NULL) causes crash). (Felipe) 607 . Fixed bug #51819 (Case discrepancy in timezone names cause Uncaught 608 exception and fatal error). (Hannes) 609 610- DBA extension: 611 . Supress warning on non-existent file open with Berkeley DB 5.2 (Chris Jones) 612 . Fixed bug #54242 (dba_insert returns true if key already exists). (Felipe) 613 614- Exif extesion: 615 . Fixed bug #54121 (error message format string typo). (Ilia) 616 617- Fileinfo extension: 618 . Fixed bug #54934 (Unresolved symbol strtoull in HP-UX 11.11). (Felipe) 619 620- Filter extension: 621 . Added 3rd parameter to filter_var_array() and filter_input_array() 622 functions that allows disabling addition of empty elements. (Ilia) 623 . Fixed bug #53037 (FILTER_FLAG_EMPTY_STRING_NULL is not implemented). (Ilia) 624 625- Interbase extension: 626 . Fixed bug #54269 (Short exception message buffer causes crash). (Felipe) 627 628- intl extension: 629 . Implemented FR #54561 (Expose ICU version info). (David Zuelke, Ilia) 630 . Implemented FR #54540 (Allow loading of arbitrary resource bundles when 631 fallback is disabled). (David Zuelke, Stas) 632 633- Imap extension: 634 . Fixed bug #55313 (Number of retries not set when params specified). 635 (kevin at kevinlocke dot name) 636 637- json extension: 638 . Fixed bug #54484 (Empty string in json_decode doesn't reset 639 json_last_error()). (Ilia) 640 641- LDAP extension: 642 . Fixed bug #53339 (Fails to build when compilng with gcc 4.5 and DSO 643 libraries). (Clint Byrum, Raphael) 644 645- libxml extension: 646 . Fixed bug #54601 (Removing the doctype node segfaults). (Hannes) 647 . Fixed bug #54440 (libxml extension ignores default context). (Gustavo) 648 649- mbstring extension: 650 . Fixed bug #54494 (mb_substr() mishandles UTF-32LE and UCS-2LE). (Gustavo) 651 652- MCrypt extension: 653 . Change E_ERROR to E_WARNING in mcrypt_create_iv when not enough data 654 has been fetched (Windows). (Pierre) 655 . Fixed bug #55169 (mcrypt_create_iv always fails to gather sufficient random 656 data on Windows). (Pierre) 657 658- mysqlnd 659 . Fixed crash when using more than 28,000 bound parameters. Workaround is to 660 set mysqlnd.net_cmd_buffer_size to at least 9000. (Andrey) 661 . Fixed bug #54674 mysqlnd valid_sjis_(head|tail) is using invalid operator 662 and range). (nihen at megabbs dot com, Andrey) 663 664- MySQLi extension: 665 . Fixed bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi 666 persistent connections). (Andrey) 667 . Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries). 668 (Andrey) 669 670- OpenSSL extension: 671 . openssl_encrypt()/openssl_decrypt() truncated keys of variable length 672 ciphers to the OpenSSL default for the algorithm. (Scott) 673 . On blocking SSL sockets respect the timeout option where possible. 674 (Scott) 675 . Fixed bug #54992 (Stream not closed and error not returned when SSL 676 CN_match fails). (Gustavo, laird_ngrps at dodo dot com dot au) 677 678- Oracle Database extension (OCI8): 679 . Added oci_client_version() returning the runtime Oracle client library 680 version (Chris Jones) 681 682. PCRE extension: 683 . Increased the backtrack limit from 100000 to 1000000 (Rasmus) 684 685- PDO extension: 686 . Fixed bug #54929 (Parse error with single quote in sql comment). (Felipe) 687 . Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE 688 settings). (Ilia) 689 690- PDO DBlib driver: 691 . Fixed bug #54329 (MSSql extension memory leak). 692 (dotslashpok at gmail dot com) 693 . Fixed bug #54167 (PDO_DBLIB returns null on SQLUNIQUE field). 694 (mjh at hodginsmedia dot com, Felipe) 695 696- PDO ODBC driver: 697 . Fixed data type usage in 64bit. (leocsilva at gmail dot com) 698 699- PDO MySQL driver: 700 . Fixed bug #54644 (wrong pathes in php_pdo_mysql_int.h). (Tony, Johannes) 701 . Fixed bug #53782 (foreach throws irrelevant exception). (Johannes, Andrey) 702 . Implemented FR #48587 (MySQL PDO driver doesn't support SSL connections). 703 (Rob) 704 705- PDO PostgreSQL driver: 706 . Fixed bug #54318 (Non-portable grep option used in PDO pgsql 707 configuration). (bwalton at artsci dot utoronto dot ca) 708 709- PDO Oracle driver: 710 . Fixed bug #44989 (64bit Oracle RPMs still not supported by pdo-oci). 711 (jbnance at tresgeek dot net) 712 713- Phar extension: 714 . Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters). 715 (Felipe) 716 717- PHP-FPM SAPI: 718 . Implemented FR #54499 (FPM ping and status_path should handle HEAD request). (fat) 719 . Implemented FR #54172 (Overriding the pid file location of php-fpm). (fat) 720 . Fixed missing Expires and Cache-Control headers for ping and status pages. 721 (fat) 722 . Fixed memory leak. (fat) Reported and fixed by Giovanni Giacobbi. 723 . Fixed wrong value of log_level when invoking fpm with -tt. (fat) 724 . Added xml format to the status page. (fat) 725 . Removed timestamp in logs written by children processes. (fat) 726 . Fixed exit at FPM startup on fpm_resources_prepare() errors. (fat) 727 . Added master rlimit_files and rlimit_core in the global configuration 728 settings. (fat) 729 . Removed pid in debug logs written by chrildren processes. (fat) 730 . Added custom access log (also added per request %CPU and memory 731 mesurement). (fat) 732 . Added a real scoreboard and several improvements to the status page. (fat) 733 734- Reflection extension: 735 . Fixed bug #54347 (reflection_extension does not lowercase module function 736 name). (Felipe, laruence at yahoo dot com dot cn) 737 738- SOAP extension: 739 . Fixed bug #55323 (SoapClient segmentation fault when XSD_TYPEKIND_EXTENSION 740 contains itself). (Dmitry) 741 . Fixed bug #54312 (soap_version logic bug). (tom at samplonius dot org) 742 743- Sockets extension: 744 . Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938) 745 Found by Mateusz Kocielski, Marek Kroemeke and Filip Palian. (Felipe) 746 . Changed socket_set_block() and socket_set_nonblock() so they emit warnings 747 on error. (Gustavo) 748 . Fixed bug #51958 (socket_accept() fails on IPv6 server sockets). (Gustavo) 749 750- SPL extension: 751 . Fixed bug #54971 (Wrong result when using iterator_to_array with use_keys 752 on true). (Pierrick) 753 . Fixed bug #54970 (SplFixedArray::setSize() isn't resizing). (Felipe) 754 . Fixed bug #54609 (Certain implementation(s) of SplFixedArray cause hard 755 crash). (Felipe) 756 . Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and 757 SplTempFileObject crash when user-space classes don't call the paren 758 constructor). (Gustavo) 759 . Fixed bug #54292 (Wrong parameter causes crash in 760 SplFileObject::__construct()). (Felipe) 761 . Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting 762 with \0). (Gustavo) 763 . Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator). 764 (Felipe) 765 766- Streams: 767 . Fixed bug #54946 (stream_get_contents infinite loop). (Hannes) 768 . Fixed bug #54623 (Segfault when writing to a persistent socket after 769 closing a copy of the socket). (Gustavo) 770 . Fixed bug #54681 (addGlob() crashes on invalid flags). (Felipe) 771 772 77317 Mar 2011, PHP 5.3.6 774- Upgraded bundled Sqlite3 to version 3.7.4. (Ilia) 775- Upgraded bundled PCRE to version 8.11. (Ilia) 776 777- Zend Engine: 778 . Indirect reference to $this fails to resolve if direct $this is never used 779 in method. (Scott) 780 . Added options to debug backtrace functions. (Stas) 781 . Fixed bug numerous crashes due to setlocale (crash on error, pcre, mysql 782 etc.) on Windows in thread safe mode. (Pierre) 783 . Fixed Bug #53971 (isset() and empty() produce apparently spurious runtime 784 error). (Dmitry) 785 . Fixed Bug #53958 (Closures can't 'use' shared variables by value and by 786 reference). (Dmitry) 787 . Fixed Bug #53629 (memory leak inside highlight_string()). (Hannes, Ilia) 788 . Fixed Bug #51458 (Lack of error context with nested exceptions). (Stas) 789 . Fixed Bug #47143 (Throwing an exception in a destructor causes a fatal 790 error). (Stas) 791 . Fixed bug #43512 (same parameter name can be used multiple times in 792 method/function definition). (Felipe) 793 794- Core: 795 . Added ability to connect to HTTPS sites through proxy with basic 796 authentication using stream_context/http/header/Proxy-Authorization (Dmitry) 797 . Changed default value of ini directive serialize_precision from 100 to 17. 798 (Gustavo) 799 . Fixed bug #54055 (buffer overrun with high values for precision ini 800 setting). (Gustavo) 801 . Fixed bug #53959 (reflection data for fgetcsv out-of-date). (Richard) 802 . Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a 803 trailing forward slash). (lekensteyn at gmail dot com, Pierre) 804 . Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos) 805 . Fixed bug #48484 (array_product() always returns 0 for an empty array). 806 (Ilia) 807 . Fixed bug #48607 (fwrite() doesn't check reply from ftp server before 808 exiting). (Ilia) 809 810 811- Calendar extension: 812 . Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to 813 segfault). (Gustavo) 814 815- DOM extension: 816 . Implemented FR #39771 (Made DOMDocument::saveHTML accept an optional DOMNode 817 like DOMDocument::saveXML). (Gustavo) 818 819- DateTime extension: 820 . Fixed a bug in DateTime->modify() where absolute date/time statements had 821 no effect. (Derick) 822 . Fixed bug #53729 (DatePeriod fails to initialize recurrences on 64bit 823 big-endian systems). (Derick, rein@basefarm.no) 824 . Fixed bug #52808 (Segfault when specifying interval as two dates). (Stas) 825 . Fixed bug #52738 (Can't use new properties in class extended from 826 DateInterval). (Stas) 827 . Fixed bug #52290 (setDate, setISODate, setTime works wrong when DateTime 828 created from timestamp). (Stas) 829 . Fixed bug #52063 (DateTime constructor's second argument doesn't have a 830 null default value). (Gustavo, Stas) 831 832- Exif extension: 833 . Fixed bug #54002 (crash on crafted tag, reported by Luca Carettoni). 834 (Pierre) (CVE-2011-0708) 835 836- Filter extension: 837 . Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number). 838 (Ilia, Gustavo) 839 . Fixed bug #53150 (FILTER_FLAG_NO_RES_RANGE is missing some IP ranges). 840 (Ilia) 841 . Fixed bug #52209 (INPUT_ENV returns NULL for set variables (CLI)). (Ilia) 842 . Fixed bug #47435 (FILTER_FLAG_NO_RES_RANGE don't work with ipv6). 843 (Ilia, valli at icsurselva dot ch) 844 845- Fileinfo extension: 846 . Fixed bug #54016 (finfo_file() Cannot determine filetype in archives). 847 (Hannes) 848 849- Gettext 850 . Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE 851 environment variable are set). (Pierre) 852 853- IMAP extension: 854 . Implemented FR #53812 (get MIME headers of the part of the email). (Stas) 855 . Fixed bug #53377 (imap_mime_header_decode() doesn't ignore \t during long 856 MIME header unfolding). (Adam) 857 858- Intl extension: 859 . Fixed bug #53612 (Segmentation fault when using cloned several intl 860 objects). (Gustavo) 861 . Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values). 862 (Felipe) 863 . Implemented clone functionality for number, date & message formatters. 864 (Stas). 865 866- JSON extension: 867 . Fixed bug #53963 (Ensure error_code is always set during some failed 868 decodings). (Scott) 869 870- mysqlnd 871 . Fixed problem with always returning 0 as num_rows for unbuffered sets. 872 (Andrey, Ulf) 873 874- MySQL Improved extension: 875 . Added 'db' and 'catalog' keys to the field fetching functions (FR #39847). 876 (Kalle) 877 . Fixed buggy counting of affected rows when using the text protocol. The 878 collected statistics were wrong when multi_query was used with mysqlnd 879 (Andrey) 880 . Fixed bug #53795 (Connect Error from MySqli (mysqlnd) when using SSL). 881 (Kalle) 882 . Fixed bug #53503 (mysqli::query returns false after successful LOAD DATA 883 query). (Kalle, Andrey) 884 . Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to 885 call libmysql). (Kalle, tre-php-net at crushedhat dot com) 886 887- OpenSSL extension: 888 . Fixed stream_socket_enable_crypto() not honoring the socket timeout in 889 server mode. (Gustavo) 890 . Fixed bug #54060 (Memory leaks when openssl_encrypt). (Pierre) 891 . Fixed bug #54061 (Memory leaks when openssl_decrypt). (Pierre) 892 . Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode). 893 (Gustavo) 894 . Implemented FR #53447 (Cannot disable SessionTicket extension for servers 895 that do not support it) by adding a no_ticket SSL context option. (Adam, 896 Tony) 897 898- PDO MySQL driver: 899 . Fixed bug #53551 (PDOStatement execute segfaults for pdo_mysql driver). 900 (Johannes) 901 . Implemented FR #47802 (Support for setting character sets in DSN strings). 902 (Kalle) 903 904- PDO Oracle driver: 905 . Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on 906 ORACLE 10). (spatar at mail dot nnov dot ru) 907 908- PDO PostgreSQL driver: 909 . Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). 910 (gyp at balabit dot hu) 911 912- Phar extension: 913 . Fixed bug #54247 (format-string vulnerability on Phar). (Felipe) 914 (CVE-2011-1153) 915 . Fixed bug #53541 (format string bug in ext/phar). 916 (crrodriguez at opensuse dot org, Ilia) 917 . Fixed bug #53898 (PHAR reports invalid error message, when the directory 918 does not exist). (Ilia) 919 920- PHP-FPM SAPI: 921 . Enforce security in the fastcgi protocol parsing. 922 (ef-lists at email dotde) 923 . Fixed bug #53777 (php-fpm log format now match php_error log format). (fat) 924 . Fixed bug #53527 (php-fpm --test doesn't set a valuable return value). (fat) 925 . Fixed bug #53434 (php-fpm slowlog now also logs the original request). (fat) 926 927- Readline extension: 928 . Fixed bug #53630 (Fixed parameter handling inside readline() function). 929 (jo at feuersee dot de, Ilia) 930 931- Reflection extension: 932 . Fixed bug #53915 (ReflectionClass::getConstant(s) emits fatal error on 933 constants with self::). (Gustavo) 934 935- Shmop extension: 936 . Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe) 937 Reported by Jose Carlos Norte <jose at eyeos dot org> (CVE-2011-1092) 938 939- SNMP extension: 940 . Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree 941 correctly). (Boris Lytochkin) 942 943- SOAP extension: 944 . Fixed possible crash introduced by the NULL poisoning patch. 945 (Mateusz Kocielski, Pierre) 946 947- SPL extension: 948 . Fixed memory leak in DirectoryIterator::getExtension() and 949 SplFileInfo::getExtension(). (Felipe) 950 . Fixed bug #53914 (SPL assumes HAVE_GLOB is defined). (Chris Jones) 951 . Fixed bug #53515 (property_exists incorrect on ArrayObject null and 0 952 values). (Felipe) 953 . Fixed bug #49608 (Using CachingIterator on DirectoryIterator instance 954 segfaults). (Felipe) 955 956 . Added SplFileInfo::getExtension(). FR #48767. (Peter Cowburn) 957 958- SQLite3 extension: 959 . Fixed memory leaked introduced by the NULL poisoning patch. 960 (Mateusz Kocielski, Pierre) 961 . Fixed memory leak on SQLite3Result and SQLite3Stmt when assigning to a 962 reference. (Felipe) 963 . Add SQlite3_Stmt::readonly() for checking if a statement is read only. 964 (Scott) 965 . Implemented FR #53466 (SQLite3Result::columnType() should return false after 966 all of the rows have been fetched). (Scott) 967 968- Streams: 969 . Fixed bug #54092 (Segmentation fault when using HTTP proxy with the FTP 970 wrapper). (Gustavo) 971 . Fixed bug #53913 (Streams functions assume HAVE_GLOB is defined). (Chris 972 Jones) 973 . Fixed bug #53903 (userspace stream stat callback does not separate the 974 elements of the returned array before converting them). (Gustavo) 975 . Implemented FR #26158 (open arbitrary file descriptor with fopen). (Gustavo) 976 977- Tokenizer Extension 978 . Fixed bug #54089 (token_get_all() does not stop after __halt_compiler). 979 (Ilia) 980 981- XSL extension: 982 . Fixed memory leaked introduced by the NULL poisoning patch. 983 (Mateusz Kocielski, Pierre) 984 985- Zip extension: 986 . Added the filename into the return value of stream_get_meta_data(). (Hannes) 987 . Fixed bug #53923 (Zip functions assume HAVE_GLOB is defined). (Adam) 988 . Fixed bug #53893 (Wrong return value for ZipArchive::extractTo()). (Pierre) 989 . Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). 990 (Stas, Maksymilian Arciemowicz). (CVE-2011-0421) 991 . Fixed bug #53854 (Missing constants for compression type). (Richard, Adam) 992 . Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle at 993 gmail dot com, Gustavo) 994 . Fixed bug #53579 (stream_get_contents() segfaults on ziparchive streams). 995 (Hannes) 996 . Fixed bug #53568 (swapped memset arguments in struct initialization). 997 (crrodriguez at opensuse dot org) 998 . Fixed bug #53166 (Missing parameters in docs and reflection definition). 999 (Richard) 1000 . Fixed bug #49072 (feof never returns true for damaged file in zip). 1001 (Gustavo, Richard Quadling) 1002 100306 Jan 2011, PHP 5.3.5 1004- Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, 1005 Rasmus) 1006 100709 Dec 2010, PHP 5.3.4 1008- Upgraded bundled Sqlite3 to version 3.7.3. (Ilia) 1009- Upgraded bundled PCRE to version 8.10. (Ilia) 1010 1011- Security enhancements: 1012 . Fixed crash in zip extract method (possible CWE-170). 1013 (Maksymilian Arciemowicz, Pierre) 1014 . Paths with NULL in them (foo\0bar.txt) are now considered as invalid. 1015 (Rasmus) 1016 . Fixed a possible double free in imap extension (Identified by Mateusz 1017 Kocielski). (CVE-2010-4150). (Ilia) 1018 . Fixed NULL pointer dereference in ZipArchive::getArchiveComment. 1019 (CVE-2010-3709). (Maksymilian Arciemowicz) 1020 . Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) 1021 . Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre) 1022 . Fixed symbolic resolution support when the target is a DFS share. (Pierre) 1023 . Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with 1024 large amount of data) (CVE-2010-3710). (Adam) 1025 1026- General improvements: 1027 . Added stat support for zip stream. (Pierre) 1028 . Added follow_location (enabled by default) option for the http stream 1029 support. (Pierre) 1030 . Improved support for is_link and related functions on Windows. (Pierre) 1031 . Added a 3rd parameter to get_html_translation_table. It now takes a charset 1032 hint, like htmlentities et al. (Gustavo) 1033 1034- Implemented feature requests: 1035 . Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect 1036 zend multibyte at runtime. (Kalle) 1037 . Implemented FR #52173, added functions pcntl_get_last_error() and 1038 pcntl_strerror(). (nick dot telford at gmail dot com, Arnaud) 1039 . Implemented symbolic links support for open_basedir checks. (Pierre) 1040 . Implemented FR #51804, SplFileInfo::getLinkTarget on Windows. (Pierre) 1041 . Implemented FR #50692, not uploaded files don't count towards 1042 max_file_uploads limit. As a side improvement, temporary files are not 1043 opened for empty uploads and, in debug mode, 0-length uploads. (Gustavo) 1044 1045- Improved MySQLnd: 1046 . Added new character sets to mysqlnd, which are available in MySQL 5.5 1047 (Andrey) 1048 1049- Improved PHP-FPM SAPI: 1050 . Added '-p/--prefix' to php-fpm to use a custom prefix and run multiple 1051 instances. (fat) 1052 . Added custom process title for FPM. (fat) 1053 . Added '-t/--test' to php-fpm to check and validate FPM conf file. (fat) 1054 . Added statistics about listening socket queue length for FPM. 1055 (andrei dot nigmatulin at gmail dot com, fat) 1056 1057- Core: 1058 . Fixed extract() to do not overwrite $GLOBALS and $this when using 1059 EXTR_OVERWRITE. (jorto at redhat dot com) 1060 . Fixed bug in the Windows implementation of dns_get_record, where the two 1061 last parameters wouldn't be filled unless the type were DNS_ANY (Gustavo). 1062 . Changed the $context parameter on copy() to actually have an effect. (Kalle) 1063 . Fixed htmlentities/htmlspecialchars accepting certain ill-formed UTF-8 1064 sequences. (Gustavo) 1065 . Fixed bug #53409 (sleep() returns NULL on Windows). (Pierre) 1066 . Fixed bug #53319 (strip_tags() may strip '<br />' incorrectly). (Felipe) 1067 . Fixed bug #53304 (quot_print_decode does not handle lower-case hex digits). 1068 (Ilia, daniel dot mueller at inexio dot net) 1069 . Fixed bug #53248 (rawurlencode RFC 3986 EBCDIC support misses tilde char). 1070 (Justin Martin) 1071 . Fixed bug #53226 (file_exists fails on big filenames). (Adam) 1072 . Fixed bug #53198 (changing INI setting "from" with ini_set did not have any 1073 effect). (Gustavo) 1074 . Fixed bug #53180 (post_max_size=0 not disabling the limit when the content 1075 type is application/x-www-form-urlencoded or is not registered with PHP). 1076 (gm at tlink dot de, Gustavo) 1077 . Fixed bug #53141 (autoload misbehaves if called from closing session). 1078 (ladislav at marek dot su) 1079 . Fixed bug #53021 (In html_entity_decode, failure to convert numeric entities 1080 with ENT_NOQUOTES and ISO-8859-1). Fixed and extended the fix of 1081 ENT_NOQUOTES in html_entity_decode that had introduced the bug (rev 1082 #185591) to other encodings. Additionaly, html_entity_decode() now doesn't 1083 decode " if ENT_NOQUOTES is given. (Gustavo) 1084 . Fixed bug #52931 (strripos not overloaded with function overloading 1085 enabled). (Felipe) 1086 . Fixed bug #52772 (var_dump() doesn't check for the existence of 1087 get_class_name before calling it). (Kalle, Gustavo) 1088 . Fixed bug #52534 (var_export array with negative key). (Felipe) 1089 . Fixed bug #52327 (base64_decode() improper handling of leading padding in 1090 strict mode). (Ilia) 1091 . Fixed bug #52260 (dns_get_record fails with non-existing domain on Windows). 1092 (a_jelly_doughnut at phpbb dot com, Pierre) 1093 . Fixed bug #50953 (socket will not connect to IPv4 address when the host has 1094 both IPv4 and IPv6 addresses, on Windows). (Gustavo, Pierre) 1095 . Fixed bug #50524 (proc_open on Windows does not respect cwd as it does on 1096 other platforms). (Pierre) 1097 . Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number 1098 of reported malformed sequences). (CVE-2010-3870) (Gustavo) 1099 . Fixed bug #49407 (get_html_translation_table doesn't handle UTF-8). 1100 (Gustavo) 1101 . Fixed bug #48831 (php -i has different output to php --ini). (Richard, 1102 Pierre) 1103 . Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4). 1104 (Felipe) 1105 . Fixed bug #47168 (printf of floating point variable prints maximum of 40 1106 decimal places). (Ilia) 1107 . Fixed bug #46587 (mt_rand() does not check that max is greater than min). 1108 (Ilia) 1109 . Fixed bug #29085 (bad default include_path on Windows). (Pierre) 1110 . Fixed bug #25927 (get_html_translation_table 1111