PHP

5.3.9

Released on 10 Jan 2012
Project description.
PHP is a popular general-purpose scripting language that is especially suited to web development
PHP 5.3.9 Changelog
  • Core:
    • Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry).
    • Fixed bug #60205 (possible integer overflow in content_length). (Laruence)
    • Fixed bug #60139 (Anonymous functions create cycles not detected by the GC). (Dmitry)
    • Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator) (Dmitry).
    • Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when the data exceeds or is equal to 2048 bytes). (Pierre, Pascal Borreli)
    • Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe)
    • Fixed bug #60019 (Function time_nanosleep() is undefined on OS X). (Ilia)
    • Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs). (klightspeed at netspace dot net dot au)
    • Fixed bug #55798 (serialize followed by unserialize with numeric object prop. gives integer prop). (Gustavo)
    • Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds). (Pierre)
    • Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux parisc). (Felipe)
    • Fixed bug #55674 (fgetcsv & str_getcsv skip empty fields in some tab-separated records). (Laruence)
    • Fixed bug #55649 (Undefined function Bug()). (Laruence)
    • Fixed bug #55622 (memory corruption in parse_ini_string). (Pierre)
    • Fixed bug #55576 (Cannot conditionally move uploaded file without race condition). (Gustavo)
    • Fixed bug #55510: $_FILES 'name' missing first character after upload. (Arpad)
    • Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)
    • Fixed bug #55504 (Content-Type header is not parsed correctly on HTTP POST request). (Hannes)
    • Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of). (alan_k)
    • Fixed bug #52461 (Incomplete doctype and missing xmlns). (virsacer at web dot de, Pierre)
    • Fixed bug #55366 (keys lost when using substr_replace an array). (Arpad)
    • Fixed bug #55273 (base64_decode() with strict rejects whitespace after pad). (Ilia)
    • Fixed bug #52624 (tempnam() by-pass open_basedir with nonnexistent directory). (Felipe)
    • Fixed bug #50982 (incorrect assumption of PAGE_SIZE size). (Dmitry)
    • Fixed invalid free in call_user_method() function. (Felipe)
    • Fixed bug #43200 (Interface implementation / inheritence not possible in abstract classes). (Felipe)
  • BCmath:
    • Fixed bug #60377 (bcscale related crashes on 64bits platforms). (shm)
  • Calendar:
    • Fixed bug #55797 (Integer overflow in SdnToGregorian leads to segfault (in optimized builds). (Gustavo)
  • cURL:
    • Fixed bug #60439 (curl_copy_handle segfault when used with CURLOPT_PROGRESSFUNCTION). (Pierrick)
    • Fixed bug #54798 (Segfault when CURLOPT_STDERR file pointer is closed before calling curl_exec). (Hannes)
    • Fixed issues were curl_copy_handle() would sometimes lose copied preferences. (Hannes)
  • DateTime:
    • Fixed bug #60373 (Startup errors with log_errors on cause segfault). (Derick)
    • Fixed bug #60236 (TLA timezone dates are not converted properly from timestamp). (Derick)
    • Fixed bug #55253 (DateTime::add() and sub() result -1 hour on objects with time zone type 2). (Derick)
    • Fixed bug #54851 (DateTime::createFromFormat() doesn't interpret "D"). (Derick)
    • Fixed bug #53502 (strtotime with timezone memory leak). (Derick)
    • Fixed bug #52062 (large timestamps with DateTime::getTimestamp and DateTime::setTimestamp). (Derick)
    • Fixed bug #51994 (date_parse_from_format is parsing invalid date using 'yz' format). (Derick)
    • Fixed bug #52113 (Seg fault while creating (by unserialization) DatePeriod). (Derick)
    • Fixed bug #48476 (cloning extended DateTime class without calling parent::__constr crashed PHP). (Hannes)
  • EXIF:
    • Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (Stas, flolechaud at gmail dot com)
  • Fileinfo:
    • Fixed bug #60094 (C++ comment fails in c89). (Laruence)
    • Fixed possible memory leak in finfo_open(). (Felipe)
    • Fixed memory leak when calling the Finfo constructor twice. (Felipe)
  • Filter:
    • Fixed bug #55478 (FILTER_VALIDATE_EMAIL fails with internationalized domain name addresses containing >1 -). (Ilia)
  • FTP:
    • Fixed bug #60183 (out of sync ftp responses). (bram at ebskamp dot me, rasmus)
  • Gd:
    • Fixed bug #60160 (imagefill() doesn't work correctly for small images). (Florian)
  • Intl:
    • Fixed bug #60192 (SegFault when Collator not constructed properly). (Florian)
    • Fixed memory leak in several Intl locale functions. (Felipe)
  • JSON:
    • Fixed bug #55543 (json_encode() with JSON_NUMERIC_CHECK fails on objects with numeric string properties). (Ilia, dchurch at sciencelogic dot com)
  • mbstring:
    • Fixed possible crash in mb_ereg_search_init() using empty pattern. (Felipe)
  • MS SQL:
    • Fixed bug #60267 (Compile failure with freetds 0.91). (Felipe)
  • MySQL:
    • Fixed bug #55550 (mysql.trace_mode miscounts result sets). (Johannes)
  • MySQLi extension:
    • Fixed bug #55859 (mysqli->stat property access gives error). (Andrey)
    • Fixed bug #55582 (mysqli_num_rows() returns always 0 for unbuffered, when mysqlnd is used). (Andrey)
    • Fixed bug #55703 (PHP crash when calling mysqli_fetch_fields). (eran at zend dot com, Laruence)
  • mysqlnd:
    • Fixed bug #55609 (mysqlnd cannot be built shared). (Johannes)
    • Fixed bug #55067 (MySQL doesn't support compression - wrong config option). (Andrey)
  • NSAPI SAPI:
    • Don't set $_SERVER['HTTPS'] on unsecure connection (bug #55403). (Uwe Schindler)
  • OpenSSL:
    • Fixed bug #60279 (Fixed NULL pointer dereference in stream_socket_enable_crypto, case when ssl_handle of session_stream is not initialized.) (shm)
    • Fix segfault with older versions of OpenSSL. (Scott)
  • Oracle Database extension (OCI8):
    • Fixed bug #59985 (show normal warning text for OCI_NO_DATA). (Chris Jones)
    • Increased maximum Oracle error message buffer length for new 11.2.0.3 size. (Chris Jones)
    • Improve internal initalization failure error messages. (Chris Jones)
  • PDO
    • Fixed bug #55776 (PDORow to session bug). (Johannes)
  • PDO Firebird:
    • Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO Firebird). (Mariuz)
    • Fixed bug #47415 (PDO_Firebird segfaults when passing lowercased column name to bindColumn).
    • Fixed bug #53280 (PDO_Firebird segfaults if query column count less than param count). (Mariuz)
  • PDO MySQL driver:
    • Fixed bug #60155 (pdo_mysql.default_socket ignored). (Johannes)
    • Fixed bug #55870 (PDO ignores all SSL parameters when used with mysql native driver). (Pierre)
    • Fixed bug #54158 (MYSQLND+PDO MySQL requires #define MYSQL_OPT_LOCAL_INFILE). (Andrey)
  • PDO OCI driver:
    • Fixed bug #55768 (PDO_OCI can't resume Oracle session after it's been killed). (mikhail dot v dot gavrilov at gmail dot com, Chris Jones, Tony)
  • Phar:
    • Fixed bug #60261 (NULL pointer dereference in phar). (Felipe)
    • Fixed bug #60164 (Stubs of a specific length break phar_open_from_fp scanning for __HALT_COMPILER). (Ralph Schindler)
    • Fixed bug #53872 (internal corruption of phar). (Hannes)
    • Fixed bug #52013 (Unable to decompress files in a compressed phar). (Hannes)
  • PHP-FPM SAPI:
    • Fixed bug #60659 (FPM does not clear auth_user on request accept). (bonbons at linux-vserver dot org)
    • Fixed bug #60629 (memory corruption when web server closed the fcgi fd). (fat)
    • Fixed bug #60179 (php_flag and php_value does not work properly). (fat)
    • Fixed bug #55526 (Heartbeat causes a lot of unnecessary events). (fat)
    • Fixed bug #55533 (The -d parameter doesn't work). (fat)
    • Implemented FR #52569 (Add the "ondemand" process-manager to allow zero children). (fat)
    • Fixed bug #55486 (status show BIG processes number). (fat)
    • Fixed bug #55577 (status.html does not install). (fat)
    • Backported from 5.4 branch (Dropped restriction of not setting the same value multiple times, the last one holds). (giovanni at giacobbi dot net, fat)
    • Backported FR #55166 from 5.4 branch (Added process.max to control the number of process FPM can fork). (fat)
    • Backported FR #55181 from 5.4 branch (Enhance security by limiting access to user defined extensions). (fat)
    • Backported FR #54098 from 5.4 branch (Lowered process manager default value). (fat)
    • Backported FR #52052 from 5.4 branch (Added partial syslog support). (fat)
    • Implemented FR #54577 (Enhanced status page with full status and details about each processes. Also provide a web page (status.html) for real-time FPM status. (fat)
    • Enhance error log when the primary script can't be open. FR #60199. (fat)
    • Added .phar to default authorized extensions. (fat)
  • Postgres:
    • Fixed bug #60244 (pg_fetch_* functions do not validate that row param is >0). (Ilia)
  • Reflection:
    • Fixed bug #60367 (Reflection and Late Static Binding). (Laruence)
  • Session:
    • Fixed bug #55267 (session_regenerate_id fails after header sent). (Hannes)
  • SimpleXML:
    • Reverted the SimpleXML->query() behaviour to returning empty arrays instead of false when no nodes are found as it was since 5.3.3 (bug #48601). (chregu, rrichards)
  • SOAP
    • Fixed bug #54911 (Access to a undefined member in inherit SoapClient may cause Segmentation Fault). (Dmitry)
    • Fixed bug #48216 (PHP Fatal error: SOAP-ERROR: Parsing WSDL: Extra content at the end of the doc, when server uses chunked transfer encoding with spaces after chunk size). (Dmitry)
    • Fixed bug #44686 (SOAP-ERROR: Parsing WSDL with references). (Dmitry)
  • Sockets:
    • Fixed bug #60048 (sa_len a #define on IRIX). (china at thewrittenword dot com)
  • SPL:
    • Fixed bug #60082 (Crash in ArrayObject() when using recursive references). (Tony)
    • Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY). (jgotti at modedemploi dot fr, Hannes)
    • Fixed bug #54304 (RegexIterator::accept() doesn't work with scalar values). (Hannes)
  • Streams:
    • Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read). (Gustavo)
  • Tidy:
    • Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference). (Maksymilian Arciemowicz, Felipe)
  • XSL:
    • Added xsl.security_prefs ini option to define forbidden operations within XSLT stylesheets, default is not to enable write operations. This option won't be in 5.4, since there's a new method. Fixes Bug #54446. (Chregu, Nicolas Gregoire)