PHP

5.2.2

Released on 3 May 2007
Project description.
PHP is a popular general-purpose scripting language that is especially suited to web development
PHP 5.2.2 Changelog
  • Security Fixes
    • Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
    • Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
    • Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
    • Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
    • Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
    • Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
    • Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
    • Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-20, MOPB-21 by Stefan Esser). (Ilia)
    • Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia)
    • Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser) (Stas)
    • Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team) (Ilia)
    • Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser) (Ilia)
    • Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (Ilia)
    • Fixed a buffer overflow inside user_filter_factory_create(). (Ilia)
    • Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (Stas)
  • Improved bundled GD
    • Sync to 2.0.35
    • Added imagegrabwindow and imagegrabscreen, capture a screen or a window using its handle (Pierre)
    • colors allocated henceforth from the resulting image overwrite the palette colors (Rob Leslie)
    • Improved thread safety of the gif support (Roman Nemecek, Nuno, Pierre)
      • Use the dimension of the GIF frame to create the destination image (Pierre)
      • Load only once the local color map from a GIF data (Pierre)
  • Improved thread safety of the freetype cache (Scott MacVicar, Nuno, Pierre)
    • imagearc huge CPU usage with large angles, libgd bug #74 (Pierre)
  • Improved FastCGI SAPI to support external pipe and socket servers on win32. (Dmitry)
  • Improved Zend Memory Manager
    • guarantee of reasonable time for worst cases of best-fit free block searching algorithm. (Dmitry)
    • better cache usage and less fragmentation on erealloc() (Tony, Dmitry)
  • Improved SPL (Marcus)
    • Added SplFileInfo::getBasename(), DirectoryIterator::getBasename().
    • Added SplFileInfo::getLinkTarget(), SplFileInfo::getRealPath().
    • Made RecursiveFilterIterator::accept() abstract as stated in documentation.
  • Improved SOAP
    • Added ability to encode arrays with "SOAP-ENC:Array" type instead of WSDL type. To activate the ability use "feature"=>SOAP_USE_XSI_ARRAY_TYPE option in SoapClient/SoapServer constructors. (Rob, Dmitry)
  • Added GMP_VERSION constant. (Tony)
  • Added --ri switch to CLI which allows to check extension information. (Marcus)
  • Added tidyNode::getParent() method (John, Nuno)
  • Added openbasedir and safemode checks in zip:// stream wrapper and ZipArchive::open (Pierre)
  • Added php_pdo_sqlite_external.dll, a version of the PDO SQLite driver that links against an external sqlite3.dll. This provides Windows users to upgrade their sqlite3 version outside of the PHP release cycle. (Wez, Edin)
  • Added linenumbers to array returned by token_get_all(). (Johannes)
  • Implement #40947, allow a single filter as argument for filter_var_array (Pierre)
  • Implement #39867 (openssl PKCS#12 support) (Marc Delling, Pierre)
  • Upgraded SQLite 3 to version 3.3.16 (Ilia)
  • Upgraded libraries bundled in the Windows distribution. (Edin)
    • c-client (imap) to version 2006e
    • libpq (PostgreSQL) to version 8.2.3
    • libmysql (MySQL) to version 5.0.37
    • openssl to version 0.9.8e
  • Upgraded PCRE to version 7.0 (Nuno)
  • Updated timezone database to version 2007.5. (Derick)
  • Fixed commandline handling for CLI and CGI. (Marcus, Johannes)
  • Fixed iterator_apply() with a callback using __call(). (Johannes)
  • Fixed possible multi bytes issues in openssl csr parser (Pierre)
  • Fixed shmop_open() with IPC_CREAT|IPC_EXCL flags on Windows. (Vladimir Kamaev, Tony).
  • Fixed possible leak in ZipArchive::extractTo when safemode checks fails (Ilia)
  • Fixed possible relative path issues in zip_open and TS mode (old API) (Pierre)
  • Fixed zend_llist_remove_tail (Michael Wallner, Dmitry)
  • Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek)
  • Fixed crash on op-assign where argument is string offset (Brian, Stas)
  • Fixed bug #41215 (setAttribute return code reversed). (Ilia)
  • Fixed bug #41192 (Per Directory Values only work for one key). (Dmitry)
  • Fixed bug #41175 (addAttribute() fails to add an attribute with an empty value). (Ilia)
  • Fixed bug #41159 (mysql_pconnect() hash does not account for connect flags). (Ilia)
  • Fixed bug #41121 (range() overflow handling for large numbers on 32bit machines). (Ilia)
  • Fixed bug #41118 (PHP does not handle overflow of octal integers). (Tony)
  • Fixed bug #41109 (recursiveiterator.inc says "implements" Iterator instead of "extends"). (Marcus)
  • Fixed bug #40130 (TTF usage doesn't work properly under Netware). (Scott, gk at gknw dot de)
  • Fixed bug #41093 (magic_quotes_gpc ignores first arrays keys). (Arpad, Ilia)
  • Fixed bug #41075 (memleak when creating default object caused exception). (Dmitry)
  • Fixed bug #41067 (json_encode() problem with UTF-16 input). (jp at df5ea dot net. Ilia)
  • Fixed bug #41063 (chdir doesn't like root paths). (Dmitry)
  • Fixed bug #41061 ("visibility error" in ReflectionFunction::export()). (Johannes)
  • Fixed bug #41043 (pdo_oci crash when freeing error text with persistent connection). (Tony)
  • Fixed bug #41037 (unregister_tick_function() inside the tick function crash PHP). (Tony)
  • Fixed bug #41034 (json_encode() ignores null byte started keys in arrays). (Ilia)
  • Fixed bug #41026 (segfault when calling "self::method()" in shutdown functions). (Tony)
  • Fixed bug #40999 (mcrypt_create_iv() not using random seed). (Ilia)
  • Fixed bug #40998 (long session array keys are truncated). (Tony)
  • Fixed bug #40935 (pdo_mysql does not raise an exception on empty fetchAll()). (Ilia)
  • Fixed bug #40931 (open_basedir bypass via symlink and move_uploaded_file()). (Tony)
  • Fixed bug #40921 (php_default_post_reader crashes when post_max_size is exceeded). (trickie at gmail dot com, Ilia)
  • Fixed bug #40915 (addcslashes unexpected behavior with binary input). (Tony)
  • Fixed bug #40899 (memory leak when nesting list()). (Dmitry)
  • Fixed bug #40897 (error_log file not locked). (Ilia)
  • Fixed bug #40883 (mysql_query() is allocating memory incorrectly). (Tony)
  • Fixed bug #40872 (inconsistency in offsetSet, offsetExists treatment of string enclosed integers). (Marcus)
  • Fixed bug #40861 (strtotime() doesn't handle double negative relative time units correctly). (Derick, Ilia)
  • Fixed bug #40854 (imap_mail_compose() creates an invalid terminator for multipart e-mails). (Ilia)
  • Fixed bug #40848 (sorting issue on 64-bit Solaris). (Wez)
  • Fixed bug #40836 (Segfault in ext/dom). (Rob)
  • Fixed bug #40833 (Crash when using unset() on an ArrayAccess object retrieved via __get()). (Dmitry)
  • Fixed bug #40822 (pdo_mysql does not return rowCount() on select). (Ilia)
  • Fixed bug #40815 (using strings like "class::func" and static methods in set_exception_handler() might result in crash). (Tony)
  • Fixed bug #40809 (Poor performance of ".="). (Dmitry)
  • Fixed bug #40805 (Failure executing function ibase_execute()). (Tony)
  • Fixed bug #40800 (cannot disable memory_limit with -1). (Dmitry, Tony)
  • Fixed bug #40794 (ReflectionObject::getValues() may crash when used with dynamic properties). (Tony)
  • Fixed bug #40784 (Case sensitivity in constructor's fallback). (Tony)
  • Fixed bug #40770 (Apache child exits when PHP memory limit reached). (Dmitry)
  • Fixed bug #40764 (line thickness not respected for horizontal and vertical lines). (Pierre)
  • Fixed bug #40758 (Test fcgi_is_fastcgi() is wrong on windows). (Dmitry)
  • Fixed bug #40754 (added substr() & substr_replace() overflow checks). (Ilia)
  • Fixed bug #40752 (parse_ini_file() segfaults when a scalar setting is redeclared as an array). (Tony)
  • Fixed bug #40750 (openssl stream wrapper ignores default_stream_timeout). (Tony)
  • Fixed bug #40727 (segfault in PDO when failed to bind parameters). (Tony)
  • Fixed bug #40709 (array_reduce() behaves strange with one item stored arrays). (Ilia)
  • Fixed bug #40703 (Resolved a possible namespace conflict between libxmlrpc and MySQL's NDB table handler). (Ilia)
  • Fixed bug #40961 (Incorrect results of DateTime equality check). (Mike)
  • Fixed bug #40678 (Cross compilation fails). (Tony)
  • Fixed bug #40621 (Crash when constructor called inappropriately). (Tony)
  • Fixed bug #40609 (Segfaults when using more than one SoapVar in a request). (Rob, Dmitry)
  • Fixed bug #40606 (umask is not being restored when request is finished). (Tony)
  • Fixed bug #40598 (libxml segfault). (Rob)
  • Fixed bug #40591 (list()="string"; gives invalid opcode). (Dmitry)
  • Fixed bug #40578 (imagettftext() multithreading issue). (Tony, Pierre)
  • Fixed bug #40576 (double values are truncated to 6 decimal digits when encoding). (Tony)
  • Fixed bug #40560 (DIR functions do not work on root UNC path). (Dmitry)
  • Fixed bug #40548 (SplFileInfo::getOwner/getGroup give a warning on broken symlink). (Marcus)
  • Fixed bug #40546 (SplFileInfo::getPathInfo() throws an exception if directory is in root dir). (Marcus)
  • Fixed bug #40545 (multithreading issue in zend_strtod()). (Tony)
  • Fixed bug #40503 (json_encode() value corruption on 32bit systems with overflown values). (Ilia)
  • Fixed bug #40467 (Partial SOAP request sent when XSD sequence or choice include minOccurs=0). (Dmitry)
  • Fixed bug #40465 (Ensure that all PHP elements are printed by var_dump). (wharmby at uk dot ibm dot com, Ilia)
  • Fixed bug #40464 (session.save_path wont use default-value when safe_mode or open_basedir is enabled). (Ilia)
  • Fixed bug #40455 (proc_open() uses wrong command line when safe_mode_exec_dir is set). (Tony)
  • Fixed bug #40432 (strip_tags() fails with greater than in attribute). (Ilia)
  • Fixed bug #40431 (dynamic properties may cause crash in ReflectionProperty methods). (Tony)
  • Fixed bug #40451 (addAttribute() may crash when used with non-existent child node). (Tony)
  • Fixed bug #40442 (ArrayObject::offsetExists broke in 5.2.1, works in 5.2.0). (olivier at elma dot fr, Marcus)
  • Fixed bug #40428 (imagepstext() doesn't accept optional parameter). (Pierre)
  • Fixed bug #40417 (Allow multiple instances of the same named PDO token in prepared statement emulation code). (Ilia)
  • Fixed bug #40414 (possible endless fork() loop when running fastcgi). (Dmitry)
  • Fixed bug #40410 (ext/posix does not compile on MacOS 10.3.9). (Tony)
  • Fixed bug #40392 (memory leaks in PHP milter SAPI). (tuxracer69 at gmail dot com, Tony)
  • Fixed bug #40371 (pg_client_encoding() not working on Windows). (Edin)
  • Fixed bug #40352 (FCGI_WEB_SERVER_ADDRS function get lost). (Dmitry)
  • Fixed bug #40290 (strtotime() returns unexpected result with particular timezone offset). (Derick)
  • Fixed bug #40286 (PHP fastcgi with PHP_FCGI_CHILDREN don't kill children when parent is killed). (Dmitry)
  • Fixed bug #40261 (Extremely slow data handling due to memory fragmentation). (Dmitry)
  • Fixed bug #40236 (php -a function allocation eats memory). (Dmitry)
  • Fixed bug #40109 (iptcembed fails on non-jfif jpegs). (Tony)
  • Fixed bug #39965 (Latitude and longitude are backwards in date_sun_info()). (Derick)
  • Fixed bug #39836 (SplObjectStorage empty after unserialize). (Marcus)
  • Fixed bug #39416 (Milliseconds in date()). (Derick)
  • Fixed bug #39396 (stream_set_blocking crashes on Win32). (Ilia, maurice at iceblog dot de)
  • Fixed bug #39351 (relative include fails on Solaris). (Dmitry, Tony)
  • Fixed bug #39322 (proc_terminate() destroys process resource). (Nuno)
  • Fixed bug #38406 (crash when assigning objects to SimpleXML attributes). (Tony)
  • Fixed bug #37799 (ftp_ssl_connect() falls back to non-ssl connection). (Nuno)
  • Fixed bug #36496 (SSL support in imap_open() not working on Windows). (Edin)
  • Fixed bug #36226 (Inconsistent handling when passing nillable arrays). (Dmitry)
  • Fixed bug #35872 (Avoid crash caused by object store being referenced during RSHUTDOWN). (Andy)
  • Fixed bug #34794 (proc_close() hangs when used with two processes). (jdolecek at netbsd dot org, Nuno)
  • Fixed bug #38710 (data leakage because of nonexisting boundary checking in statements in mysqli) (Stas)
  • Fixed bug #37386 (autocreating element doesn't assign value to first node). (Rob)
  • Fixed bug #37013 (server hangs when returning circular object references). (Dmitry)
  • Fixed bug #33664 Console window appears when using exec() (Richard Quadling, Stas)
  • Fixed PECL bug #10194 (crash in Oracle client when memory limit reached in the callback). (Tony)