PHP

5.3.1

Released on 19 Nov 2009
Project description.
PHP is a popular general-purpose scripting language that is especially suited to web development
PHP 5.3.1 Changelog
  • Security Fixes
    • Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia)
    • Added missing sanity checks around exif processing. (Ilia)
    • Fixed a safe_mode bypass in tempnam(). (Rasmus)
    • Fixed a open_basedir bypass in posix_mkfifo(). (Rasmus)
    • Fixed bug #50063 (safe_mode_include_dir fails). (Johannes, christian at elmerot dot se)
  • Added error constant when json_encode() detects an invalid UTF-8 sequence. (Scott)
  • Added support for ACL on Windows for thread safe SAPI (Apache2 for example) and fix its support on NTS. (Pierre)
  • Upgraded bundled sqlite to version 3.6.19. (Scott)
  • Updated timezone database to version 2009.17 (2009q). (Derick)
  • Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
  • Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (Rasmus)
  • Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (Rasmus)
  • Fixed certificate validation inside php_openssl_apply_verification_policy (Ryan Sleevi, Ilia)
  • Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
  • Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe)
  • Fixed sanity check for the color index in imagecolortransparent. (Pierre)
  • Fixed scandir/readdir when used mounted points on Windows. (Pierre)
  • Fixed zlib.deflate compress filter to actually accept level parameter. (Jani)
  • Fixed leak on error in popen/exec (and related functions) on Windows. (Pierre)
  • Fixed possible bad caching of symlinked directories in the realpath cache on Windows. (Pierre)
  • Fixed atime and mtime in stat related functions on Windows. (Pierre)
  • Fixed spl_autoload_unregister/spl_autoload_functions wrt. Closures and Functors. (Christian Seiler)
  • Fixed open_basedir circumvention for "mail.log" ini directive. (Maksymilian Arciemowicz, Stas)
  • Fixed signature generation/validation for zip archives in ext/phar. (Greg)
  • Fixed memory leak in stream_is_local(). (Felipe, Tony)
  • Fixed BC break in mime_content_type(), removes the content encoding. (Scott)
  • Changed ini file directives [PATH=](on Win32) and [HOST=](on all) to be case insensitive (garretts)
  • Restored shebang line check to CGI sapi (not checked by scanner anymore). (Jani)
  • Improve symbolic, mounted volume and junctions support for realpath on Windows. (Pierre)
  • Improved readlink on Windows, suppress \??\ and use the drive syntax only. (Pierre)
  • Improved dns_get_record() AAAA support on windows. Always available when IPv6 is support is installed, format is now the same than on unix. (Pierre)
  • Improved the DNS functions on OSX to use newer APIs, also use Bind 9 API where available on other platforms. (Scott)
  • Improved shared extension loading on OSX to use the standard Unix dlopen() API. (Scott)
  • Fixed bug #50063 (safe_mode_include_dir fails). (Johannes, christian at elmerot dot se)
  • Fixed bug #50052 (Different Hashes on Windows and Linux on wrong Salt size). (Pierre)
  • Fixed bug #49910 (no support for ././@LongLink for long filenames in phar tar support). (Greg)
  • Fixed bug #49908 (throwing exception in __autoload crashes when interface is not defined). (Felipe)
  • Fixed bug #49847 (exec() fails to return data inside 2nd parameter, given output lines >4095 bytes). (Ilia)
  • Fixed bug #49809 (time_sleep_until() is not available on OpenSolaris). (Jani)
  • Fixed bug #49757 (long2ip() can return wrong value in a multi-threaded applications). (Ilia, Florian Anderiasch)
  • Fixed bug #49738 (calling mcrypt after mcrypt_generic_deinit crashes). (Sriram Natarajan)
  • Fixed bug #49732 (crashes when using fileinfo when timestamp conversion fails). (Pierre)
  • Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)
  • Fixed bug #49630 (imap_listscan function missing). (Felipe)
  • Fixed bug #49572 (use of C++ style comments causes build failure). (Sriram Natarajan)
  • Fixed bug #49531 (CURLOPT_INFILESIZE sometimes causes warning "CURLPROTO_FILE cannot be set"). (Felipe)
  • Fixed bug #49517 (cURL's CURLOPT_FILE prevents file from being deleted after fclose). (Ilia)
  • Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia)
  • Fixed bug #49447 (php engine need to correctly check for socket API return status on windows). (Sriram Natarajan)
  • Fixed bug #49391 (ldap.c utilizing deprecated ldap_modify_s). (Ilia)
  • Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries). (Ilia, code-it at mail dot ru)
  • Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre)
  • Fixed bug #49306 (inside pdo_mysql default socket settings are ignored). (Ilia)
  • Fixed bug #49289 (bcmath module doesn't compile with phpize configure). (Jani)
  • Fixed bug #49286 (php://input (php_stream_input_read) is broken). (Jani)
  • Fixed bug #49269 (Ternary operator fails on Iterator object when used inside foreach declaration). (Etienne, Dmitry)
  • Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani)
  • Fixed bug #49223 (Inconsistency using get_defined_constants). (Garrett)
  • Fixed bug #49193 (gdJpegGetVersionString() inside gd_compact identifies wrong type in declaration). (Ilia)
  • Fixed bug #49183 (dns_get_record does not return NAPTR records). (Pierre)
  • Fixed bug #49144 (Import of schema from different host transmits original authentication details). (Dmitry)
  • Fixed bug #49142 (crash when exception thrown from __tostring()). (David Soria Parra)
  • Fixed bug #49986 (Missing ICU DLLs on windows package). (Pierre)
  • Fixed bug #49132 (posix_times returns false without error). (phpbugs at gunnu dot us)
  • Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu)
  • Fixed bug #49122 (undefined reference to mysqlnd_stmt_next_result on compile with --with-mysqli and MySQL 6.0). (Jani)
  • Fixed bug #49108 (2nd scan_dir produces segfault). (Felipe)
  • Fixed bug #49098 (mysqli segfault on error). (Rasmus)
  • Fixed bug #49095 (proc_get_status['exitcode'] fails on win32). (Felipe)
  • Fixed bug #49092 (ReflectionFunction fails to work with functions in fully qualified namespaces). (Kalle, Jani)
  • Fixed bug #49074 (private class static fields can be modified by using reflection). (Jani)
  • Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre)
  • Fixed bug #49065 ("disable_functions" php.ini option does not work on Zend extensions). (Stas)
  • Fixed bug #49064 (--enable-session=shared does not work: undefined symbol: php_url_scanner_reset_vars). (Jani)
  • Fixed bug #49056 (parse_ini_file() regression in 5.3.0 when using non-ASCII strings as option keys). (Jani)
  • Fixed bug #49052 (context option headers freed too early when using --with-curlwrappers). (Jani)
  • Fixed bug #49047 (The function touch() fails on directories on Windows). (Pierre)
  • Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference). (Jani)
  • Fixed bug #49027 (mysqli_options() doesn't work when using mysqlnd). (Andrey)
  • Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars restrictions). (Ilia)
  • Fixed bug #49012 (phar tar signature algorithm reports as Unknown (0) in getSignature() call). (Greg)
  • Fixed bug #49020 (phar misinterprets ustar long filename standard). (Greg)
  • Fixed bug #49018 (phar tar stores long filenames wit prefix/name reversed). (Greg)
  • Fixed bug #49014 (dechunked filter broken when serving more than 8192 bytes in a chunk). (andreas dot streichardt at globalpark dot com, Ilia)
  • Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes when including files from function). (Stas)
  • Fixed bug #48994 (zlib.output_compression does not output HTTP headers when set to a string value). (Jani)
  • Fixed bug #48980 (Crash when compiling with pdo_firebird). (Felipe)
  • Fixed bug #48962 (cURL does not upload files with specified filename). (Ilia)
  • Fixed bug #48929 (Double \r\n after HTTP headers when "header" context option is an array). (David Z├╝lke)
  • Fixed bug #48913 (Too long error code strings in pdo_odbc driver). (naf at altlinux dot ru, Felipe)
  • Fixed bug #48912 (Namespace causes unexpected strict behaviour with extract()). (Dmitry)
  • Fixed bug #48909 (Segmentation fault in mysqli_stmt_execute()). (Andrey)
  • Fixed bug #48899 (is_callable returns true even if method does not exist in parent class). (Felipe)
  • Fixed bug #48893 (Problems compiling with Curl). (Felipe)
  • Fixed bug #48872 (string.c: errors: duplicate case values). (Kalle)
  • Fixed bug #48854 (array_merge_recursive modifies arrays after first one). (Felipe)
  • Fixed bug #48805 (IPv6 socket transport is not working). (Ilia)
  • Fixed bug #48802 (printf() returns incorrect outputted length). (Jani)
  • Fixed bug #48880 (Random Appearing open_basedir problem). (Rasmus, Gwynne)
  • Fixed bug #48791 (open office files always reported as corrupted). (Greg)
  • Fixed bug #48788 (RecursiveDirectoryIterator doesn't descend into symlinked directories). (Ilia)
  • Fixed bug #48783 (make install will fail saying phar file exists). (Greg)
  • Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()). (Sriram Natarajan)
  • Fixed bug #48771 (rename() between volumes fails and reports no error on Windows). (Pierre)
  • Fixed bug #48768 (parse_ini_*() crash with INI_SCANNER_RAW). (Jani)
  • Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at gmail dot com, Pierre)
  • Fixed bug #48762 (IPv6 address filter still rejects valid address). (Felipe)
  • Fixed bug #48757 (ReflectionFunction::invoke() parameter issues). (Kalle)
  • Fixed bug #48754 (mysql_close() crash php when no handle specified). (Johannes, Andrey)
  • Fixed bug #48752 (Crash during date parsing with invalid date). (Pierre)
  • Fixed bug #48746 (Unable to browse directories within Junction Points). (Pierre, Kanwaljeet Singla)
  • Fixed bug #48745 (mysqlnd: mysql_num_fields returns wrong column count for mysql_list_fields). (Andrey)
  • Fixed bug #48740 (PHAR install fails when INSTALL_ROOT is not the final install location). (james dot cohen at digitalwindow dot com, Greg)
  • Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on files that have been opened with r+). (Ilia)
  • Fixed bug #48719 (parse_ini_*(): scanner_mode parameter is not checked for sanity). (Jani)
  • Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia)
  • Fixed bug #48681 (openssl signature verification for tar archives broken). (Greg)
  • Fixed bug #48660 (parse_ini_*(): dollar sign as last character of value fails). (Jani)
  • Fixed bug #48645 (mb_convert_encoding() doesn't understand hexadecimal html-entities). (Moriyoshi)
  • Fixed bug #48637 ("file" fopen wrapper is overwritten when using --with-curlwrappers). (Jani)
  • Fixed bug #48608 (Invalid libreadline version not detected during configure). (Jani)
  • Fixed bug #48400 (imap crashes when closing stream opened with OP_PROTOTYPE flag). (Jani)
  • Fixed bug #48377 (error message unclear on converting phar with existing file). (Greg)
  • Fixed bug #48247 (Infinite loop and possible crash during startup with errors when errors are logged). (Jani)
  • Fixed bug #48198 error: 'MYSQLND_LLU_SPEC' undeclared. Cause for #48780 and #46952 - both fixed too. (Andrey)
  • Fixed bug #48189 (ibase_execute error in return param). (Kalle)
  • Fixed bug #48182 (ssl handshake fails during asynchronous socket connection). (Sriram Natarajan)
  • Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre, Al dot Smith at aeschi dot ch dot eu dot org)
  • Fixed bug #48057 (Only the date fields of the first row are fetched, others are empty). (info at programmiernutte dot net)
  • Fixed bug #47481 (natcasesort() does not sort extended ASCII characters correctly). (Herman Radtke)
  • Fixed bug #47351 (Memory leak in DateTime). (Derick, Tobias John)
  • Fixed bug #47273 (Encoding bug in SoapServer->fault). (Dmitry)
  • Fixed bug #46682 (touch() afield returns different values on windows). (Pierre)
  • Fixed bug #46614 (Extended MySQLi class gives incorrect empty() result). (Andrey)
  • Fixed bug #46020 (with Sun Java System Web Server 7.0 on HPUX, #define HPUX). (Uwe Schindler)
  • Fixed bug #45905 (imagefilledrectangle() clipping error). (markril at hotmail dot com, Pierre)
  • Fixed bug #45554 (Inconsistent behavior of the u format char). (Derick)
  • Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia)
  • Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
  • Fixed bug #43510 (stream_get_meta_data() does not return same mode as used in fopen). (Jani)
  • Fixed bug #42434 (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot com, Kalle)
  • Fixed bug #40013 (php_uname() does not return nodename on Netware (Guenter Knauf)
  • Fixed bug #38091 (Mail() does not use FQDN when sending SMTP helo). (Kalle, Rick Yorgason)
  • Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett)
  • Fixed bug #27051 (Impersonation with FastCGI does not exec process as impersonated user). (Pierre)
  • Fixed PECL bug #16842 (oci_error return false when NO_DATA_FOUND is raised). (Chris Jones)