PHP

5.2.12

Released on 17 Dec 2009
Project description.
PHP is a popular general-purpose scripting language that is especially suited to web development
PHP 5.2.12 Changelog
  • Security Fixes
    • Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (Rasmus)
    • Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (Rasmus)
    • Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia)
    • Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (Stas)
    • Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (Moriyoshi, hello at iwamot dot com)
  • Updated timezone database to version 2009.19 (2009s). (Derick)
  • Added LIBXML_PARSEHUGE constant to overrides the maximum text size of a single text node when using libxml2.7.3+. (Kalle)
  • Changed "post_max_size" php.ini directive to allow unlimited post size by setting it to 0. (Rasmus)
  • Fixed error_log() to be binary safe when using message_type 3. (Jani)
  • Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)
  • Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
  • Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
  • Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe)
  • Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
  • Fixed bug #50445 (PDO-ODBC stored procedure call from Solaris 64-bit causes seg fault). (davbrown4 at yahoo dot com, Felipe)
  • Fixed bug #50345 (nanosleep not detected properly on some solaris versions). (Jani)
  • Fixed bug #50323 (Allow use of ; in values via ;; in PDO DSN). (Ilia, Pierrick)
  • Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays). (Felipe)
  • Fixed bug #50282 (xmlrpc_encode_request() changes object into array in calling function). (Felipe)
  • Fixed bug #50266 (conflicting types for llabs). (Jani)
  • Fixed bug #50255 (isset() and empty() silently casts array to object). (Felipe)
  • Fixed bug #50219 (soap call Segmentation fault on a redirected url). (Pierrick)
  • Fixed bug #50209 (Compiling with libedit cannot find readline.h). (tcallawa at redhat dot com)
  • Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia)
  • Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia)
  • Fixed bug #50185 (ldap_get_entries() return false instead of an empty array when there is no error). (Jani)
  • Fixed bug #50174 (Incorrectly matched docComment). (Felipe)
  • Fixed bug #50168 (FastCGI fails with wrong error on HEAD request to non-existent file). (Dmitry)
  • Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe)
  • Fixed bug #50158 (FILTER_VALIDATE_EMAIL fails with valid addresses containing = or ?). (Pierrick)
  • Fixed bug #50073 (parse_url() incorrect when ? in fragment). (Ilia)
  • Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
  • Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe)
  • Fixed bug #49990 (SNMP3 warning message about security level printed twice). (Jani)
  • Fixed bug #49985 (pdo_pgsql prepare() re-use previous aborted transaction). (ben dot pineau at gmail dot com, Ilia, Matteo)
  • Fixed bug #49972 (AppendIterator undefined function crash). (Johannes)
  • Fixed bug #49921 (Curl post upload functions changed). (Ilia)
  • Fixed bug #49855 (import_request_variables() always returns NULL). (Ilia, sjoerd at php dot net)
  • Fixed bug #49847 (exec() fails to return data inside 2nd parameter, given output lines >4095 bytes). (Ilia)
  • Fixed bug #49809 (time_sleep_until() is not available on OpenSolaris). (Jani)
  • Fixed bug #49757 (long2ip() can return wrong value in a multi-threaded applications). (Ilia, Florian Anderiasch)
  • Fixed bug #49738 (calling mcrypt() after mcrypt_generic_deinit() crashes). (Sriram Natarajan)
  • Fixed bug #49719 (ReflectionClass::hasProperty returns true for a private property in base class). (Felipe)
  • Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)
  • Fixed bug #49677 (ini parser crashes with apache2 and using ${something} ini variables). (Jani)
  • Fixed bug #49660 (libxml 2.7.3+ limits text nodes to 10MB). (Felipe)
  • Fixed bug #49647 (DOMUserData does not exist). (Rob)
  • Fixed bug #49630 (imap_listscan() function missing). (Felipe)
  • Fixed bug #49627 (error_log to specified file does not log time according to date.timezone). (Dmitry)
  • Fixed bug #49578 (make install-pear fails). (Hannes)
  • Fixed bug #49536 (mb_detect_encoding() returns incorrect results when mbstring.strict_mode is turned on). (Moriyoshi)
  • Fixed bug #49531 (CURLOPT_INFILESIZE sometimes causes warning "CURLPROTO_FILE cannot be set"). (Felipe)
  • Fixed bug #49528 (UTF-16 strings prefixed by BOMs wrongly converted). (Moriyoshi)
  • Fixed bug #49521 (PDO fetchObject sets values before calling constructor). (Pierrick)
  • Fixed bug #49517 (cURL's CURLOPT_FILE prevents file from being deleted after fclose()). (Ilia)
  • Fixed bug #49472 (Constants defined in Interfaces can be overridden). (Felipe)
  • Fixed bug #49354 (mb_strcut() cuts wrong length when offset is in the middle of a multibyte character). (Moriyoshi)
  • Fixed bug #49332 (Build error with Snow Leopard). (Scott)
  • Fixed bug #49244 (Floating point NaN cause garbage characters). (Sjoerd)
  • Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe)
  • Fixed bug #49098 (mysqli segfault on error). (Rasmus)
  • Fixed bug #48805 (IPv6 socket transport is not working). (Ilia)
  • Fixed bug #48764 (PDO_pgsql::query() always uses implicit prepared statements if v3 proto available). (Matteo, Mark Kirkwood)
  • Fixed bug #47848 (importNode doesn't preserve attribute namespaces). (Rob)
  • Fixed bug #45120 (PDOStatement->execute() returns true then false for same statement). (Pierrick)
  • Fixed bug #34852 (Failure in odbc_exec() using oracle-supplied odbc driver). (tim dot tassonis at trivadis dot com)