PHP

5.3.6

Released on 17 Mar 2011
Project description.
PHP is a popular general-purpose scripting language that is especially suited to web development
PHP 5.3.6 Changelog
  • Upgraded bundled Sqlite3 to version 3.7.4. (Ilia)
  • Upgraded bundled PCRE to version 8.11. (Ilia)
  • Zend Engine:
    • Indirect reference to $this fails to resolve if direct $this is never used in method. (Scott)
    • Fixed bug numerous crashes due to setlocale (crash on error, pcre, mysql etc.) on Windows in thread safe mode. (Pierre)
    • Added options to debug backtrace functions. (Stas)
    • Fixed bug #53971 (isset() and empty() produce apparently spurious runtime error). (Dmitry)
    • Fixed bug #53958 (Closures can't 'use' shared variables by value and by reference). (Dmitry)
    • Fixed bug #53629 (memory leak inside highlight_string()). (Hannes, Ilia)
    • Fixed bug #51458 (Lack of error context with nested exceptions). (Stas)
    • Fixed bug #47143 (Throwing an exception in a destructor causes a fatal error). (Stas)
    • Fixed bug #43512 (same parameter name can be used multiple times in method/function definition). (Felipe)
  • Core:
    • Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/Proxy-Authorization (Dmitry)
    • Changed default value of ini directive serialize_precision from 100 to 17. (Gustavo)
    • Fixed bug #54055 (buffer overrun with high values for precision ini setting). (Gustavo)
    • Fixed bug #53959 (reflection data for fgetcsv out-of-date). (Richard)
    • Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a trailing forward slash). (lekensteyn at gmail dot com, Pierre)
    • Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos)
    • Fixed bug #48484 (array_product() always returns 0 for an empty array). (Ilia)
    • Fixed bug #48607 (fwrite() doesn't check reply from ftp server before exiting). (Ilia)
  • Calendar extension:
    • Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to segfault). (Gustavo)
  • DOM extension:
    • Implemented FR #39771 (Made DOMDocument::saveHTML accept an optional DOMNode like DOMDocument::saveXML). (Gustavo)
  • DateTime extension:
    • Fixed a bug in DateTime->modify() where absolute date/time statements had no effect. (Derick)
    • Fixed bug #53729 (DatePeriod fails to initialize recurrences on 64bit big-endian systems). (Derick, rein@basefarm.no)
    • Fixed bug #52808 (Segfault when specifying interval as two dates). (Stas)
    • Fixed bug #52738 (Can't use new properties in class extended from DateInterval). (Stas)
    • Fixed bug #52290 (setDate, setISODate, setTime works wrong when DateTime created from timestamp). (Stas)
    • Fixed bug #52063 (DateTime constructor's second argument doesn't have a null default value). (Gustavo, Stas)
  • Exif extension:
    • Fixed bug #54002 (crash on crafted tag, reported by Luca Carettoni). (Pierre) (CVE-2011-0708)
  • Filter extension:
    • Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number). (Ilia, Gustavo)
    • Fixed bug #53150 (FILTER_FLAG_NO_RES_RANGE is missing some IP ranges). (Ilia)
    • Fixed bug #52209 (INPUT_ENV returns NULL for set variables (CLI)). (Ilia)
    • Fixed bug #47435 (FILTER_FLAG_NO_RES_RANGE don't work with ipv6). (Ilia, valli at icsurselva dot ch)
  • Fileinfo extension:
    • Fixed bug #54016 (finfo_file() Cannot determine filetype in archives). (Hannes)
  • Gettext
    • Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE environment variable are set). (Pierre)
  • IMAP extension:
    • Implemented FR #53812 (get MIME headers of the part of the email). (Stas)
    • Fixed bug #53377 (imap_mime_header_decode() doesn't ignore \t during long MIME header unfolding). (Adam)
  • Intl extension:
    • Fixed bug #53612 (Segmentation fault when using cloned several intl objects). (Gustavo)
    • Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values). (Felipe)
    • Implemented clone functionality for number, date & message formatters. (Stas).
  • JSON extension:
    • Fixed bug #53963 (Ensure error_code is always set during some failed decodings). (Scott)
  • mysqlnd
    • Fixed problem with always returning 0 as num_rows for unbuffered sets. (Andrey, Ulf)
  • MySQL Improved extension:
    • Added 'db' and 'catalog' keys to the field fetching functions (FR #39847). (Kalle)
    • Fixed buggy counting of affected rows when using the text protocol. The collected statistics were wrong when multi_query was used with mysqlnd (Andrey)
    • Fixed bug #53795 (Connect Error from MySqli (mysqlnd) when using SSL). (Kalle)
    • Fixed bug #53503 (mysqli::query returns false after successful LOAD DATA query). (Kalle, Andrey)
    • Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to call libmysql). (Kalle, tre-php-net at crushedhat dot com)
  • OpenSSL extension:
    • Fixed stream_socket_enable_crypto() not honoring the socket timeout in server mode. (Gustavo)
    • Fixed bug #54060 (Memory leaks when openssl_encrypt). (Pierre)
    • Fixed bug #54061 (Memory leaks when openssl_decrypt). (Pierre)
    • Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode). (Gustavo)
    • Implemented FR #53447 (Cannot disable SessionTicket extension for servers that do not support it) by adding a no_ticket SSL context option. (Adam, Tony)
  • PDO MySQL driver:
    • Fixed bug #53551 (PDOStatement execute segfaults for pdo_mysql driver). (Johannes)
    • Implemented FR #47802 (Support for setting character sets in DSN strings). (Kalle)
  • PDO Oracle driver:
    • Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on ORACLE 10). (spatar at mail dot nnov dot ru)
  • PDO PostgreSQL driver:
    • Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu)
  • Phar extension:
    • Fixed bug #54247 (format-string vulnerability on Phar). (Felipe) (CVE-2011-1153)
    • Fixed bug #53541 (format string bug in ext/phar). (crrodriguez at opensuse dot org, Ilia)
    • Fixed bug #53898 (PHAR reports invalid error message, when the directory does not exist). (Ilia)
  • PHP-FPM SAPI:
    • Enforce security in the fastcgi protocol parsing. (ef-lists at email dotde)
    • Fixed bug #53777 (php-fpm log format now match php_error log format). (fat)
    • Fixed bug #53527 (php-fpm --test doesn't set a valuable return value). (fat)
    • Fixed bug #53434 (php-fpm slowlog now also logs the original request). (fat)
  • Readline extension:
    • Fixed bug #53630 (Fixed parameter handling inside readline() function). (jo at feuersee dot de, Ilia)
  • Reflection extension:
    • Fixed bug #53915 (ReflectionClass::getConstant(s) emits fatal error on constants with self::). (Gustavo)
  • Shmop extension:
    • Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe) Reported by Jose Carlos Norte (CVE-2011-1092)
  • SNMP extension:
    • Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly). (Boris Lytochkin)
  • SOAP extension:
    • Fixed possible crash introduced by the NULL poisoning patch. (Mateusz Kocielski, Pierre)
  • SPL extension:
    • Fixed memory leak in DirectoryIterator::getExtension() and SplFileInfo::getExtension(). (Felipe)
    • Fixed bug #53914 (SPL assumes HAVE_GLOB is defined). (Chris Jones)
    • Fixed bug #53515 (property_exists incorrect on ArrayObject null and 0 values). (Felipe)
    • Added SplFileInfo::getExtension(). FR #48767. (Peter Cowburn)
  • SQLite3 extension:
    • Fixed memory leaked introduced by the NULL poisoning patch. (Mateusz Kocielski, Pierre)
    • Fixed memory leak on SQLite3Result and SQLite3Stmt when assigning to a reference. (Felipe)
    • Add SQlite3_Stmt::readonly() for checking if a statement is read only. (Scott)
    • Implemented FR #53466 (SQLite3Result::columnType() should return false after all of the rows have been fetched). (Scott)
  • Streams:
    • Fixed bug #54092 (Segmentation fault when using HTTP proxy with the FTP wrapper). (Gustavo)
    • Fixed bug #53913 (Streams functions assume HAVE_GLOB is defined). (Chris Jones)
    • Fixed bug #53903 (userspace stream stat callback does not separate the elements of the returned array before converting them). (Gustavo)
    • Implemented FR #26158 (open arbitrary file descriptor with fopen). (Gustavo)
  • Tokenizer Extension
    • Fixed bug #54089 (token_get_all() does not stop after __halt_compiler). (Ilia)
  • XSL extension:
    • Fixed memory leaked introduced by the NULL poisoning patch. (Mateusz Kocielski, Pierre)
  • Zip extension:
    • Added the filename into the return value of stream_get_meta_data(). (Hannes)
    • Fixed bug #53923 (Zip functions assume HAVE_GLOB is defined). (Adam)
    • Fixed bug #53893 (Wrong return value for ZipArchive::extractTo()). (Pierre)
    • Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (Stas, Maksymilian Arciemowicz). (CVE-2011-0421)
    • Fixed bug #53854 (Missing constants for compression type). (Richard, Adam)
    • Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle at gmail dot com, Gustavo)
    • Fixed bug #53579 (stream_get_contents() segfaults on ziparchive streams). (Hannes)
    • Fixed bug #53568 (swapped memset arguments in struct initialization). (crrodriguez at opensuse dot org)
    • Fixed bug #53166 (Missing parameters in docs and reflection definition). (Richard)
    • Fixed bug #49072 (feof never returns true for damaged file in zip). (Gustavo, Richard Quadling)