PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? Feb 2015, PHP 5.6.7
+?? ??? 20??, PHP 7.0.0
++<<<<<<< HEAD
+- CLI server:
+ . Refactor MIME type handling to use a hash table instead of linear search.
+ (Adam)
+ . Update the MIME type list from the one shipped by Apache HTTPD. (Adam)
++=======
+ - Core:
+ . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
+ (Laruence)
+ . Fixed bug #69121 (Segfault in get_current_user when script owner is not
+ in passwd with ZTS build). (dan at syneto dot net)
+ . Fixed bug #65593 (Segfault when calling ob_start from output buffering
+ callback). (Mike)
+ . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file
+ not validated in memory.c). (nayana at ddproperty dot com)
+ . Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
+ . Fixed bug #69141 (Missing arguments in reflection info for some builtin
+ functions). (kostyantyn dot lysyy at oracle dot com)
+
+ - cURL:
+ . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on
+ Win32). (Grant Pannell)
+ . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported
+ by libcurl. (Linus Unneback)
+
+ - ODBC:
+ . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)
+
+ - Opcache:
+ . Fixed bug #69125 (Array numeric string as key). (Laruence)
+ . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)
+
+ - OpenSSL:
+ . Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence)
+ . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe
+ socket timeouts). (Brad Broerman)
+
+ - pgsql:
+ . Fixed bug #68638 (pg_update() fails to store infinite values).
+ (william dot welter at 4linux dot com dot br, Laruence)
+
+ - Readline:
+ . Fixed bug #69054 (Null dereference in readline_(read|write)_history() without
+ parameters). (Laruence)
+
+ - SOAP:
+ . Fixed bug #69085 (SoapClient's __call() type confusion through
+ unserialize()). (andrea dot palazzo at truel dot it, Laruence)
+
+ - SPL:
+ . Fixed bug #69108 ("Segmentation fault" when (de)serializing
+ SplObjectStorage). (Laruence)
+ . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
+ calling getChildren()). (Julien)
+
+ - CGI:
+ . Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)
+
+ - CLI:
+ . Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)
+
+ - FPM:
+ . Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)
+
+ 19 Feb 2015, PHP 5.6.6
+
+ - Core:
+ . Removed support for multi-line headers, as the are deprecated by RFC 7230.
+ (Stas)
+ . Fixed bug #67068 (getClosure returns somethings that's not a closure).
+ (Danack at basereality dot com)
+ . Fixed bug #68942 (Use after free vulnerability in unserialize() with
+ DateTimeZone). (CVE-2015-0273) (Stas)
+ . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
+ buffer overflow). (Stas)
+ . Fixed Bug #67988 (htmlspecialchars() does not respect default_charset
+ specified by ini_set) (Yasuo)
+ . Added NULL byte protection to exec, system and passthru. (Yasuo)
+
+ - Dba:
+ . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
+
+ - Enchant:
+ . Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).
+ (Antony)
+
+ - Fileinfo:
+ . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
+ . Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files
+ correctly). (Anatol)
+ . Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some
+ gifs). (Anatol)
+
+ - FPM:
+ . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
+ . Fixed bug #68571 (core dump when webserver close the socket).
+ (redfoxli069 at gmail dot com, Laruence)
+
+ - JSON:
+ . Fixed bug #50224 (json_encode() does not always encode a float as a float)
+ by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso)
+
+ - LIBXML:
+ . Fixed bug #64938 (libxml_disable_entity_loader setting is shared
+ between threads). (Martin Jansen)
+
+ - Mysqli:
+ . Fixed bug #68114 (linker error on some OS X machines with fixed
+ width decimal support) (Keyur Govande)
+ . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
+ has rounding errors) (Keyur Govande)
+
+ - Opcache:
+ . Fixed bug with try blocks being removed when extended_info opcode
+ generation is turned on. (Laruence)
+
+ - PDO_mysql:
+ . Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
+ named pipes). (steffenb198 at aol dot com)
+
+ - Phar:
+ . Fixed bug #68901 (use after free). (bugreports at internot dot info)
+
+ - Pgsql:
+ . Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)
+
+ - Session:
+ . Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
+ . Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
+ . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
+
+ - Sqlite3:
+ . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
+ required_num_args). (Julien)
+
+ - Standard:
+ . Fixed bug #65272 (flock() out parameter not set correctly in windows).
+ (Daniel Lowrey)
+ . Fixed bug #69033 (Request may get env. variables from previous requests
+ if PHP works as FastCGI). (Anatol)
+
+ - Streams:
+ . Fixed bug which caused call after final close on streams filter. (Bob)
+
+ 22 Jan 2015, PHP 5.6.5
++>>>>>>> PHP-5.6
- Core:
- . Upgraded crypt_blowfish to version 1.3. (Leigh)
- . Fixed bug #60704 (unlink() bug with some files path).
+ . Fixed bug #68933 (Invalid read of size 8 in zend_std_read_property).
+ (Laruence, arjen at react dot com)
+ . Fixed bug #68868 (Segfault in clean_non_persistent_constants() in SugarCRM
+ 6.5.20). (Laruence)
+ . Fixed bug #68104 (Segfault while pre-evaluating a disabled function).
+ (Laruence)
+ . Fixed bug #68252 (segfault in Zend/zend_hash.c in function
+ _zend_hash_del_el). (Laruence)
+ . Added PHP_INT_MIN constant. (Andrea)
+ . Added Closure::call() method. (Andrea)
+ . Implemented FR #38409 (parse_ini_file() looses the type of booleans). (Tjerk)
+ . Fixed bug #67959 (Segfault when calling phpversion('spl')). (Florian)
+ . Implemented the RFC `Catchable "Call to a member function bar() on a
+ non-object"`. (Timm)
+ . Added options parameter for unserialize allowing to specify acceptable
+ classes (https://wiki.php.net/rfc/secure_unserialize). (Stas)
+ . Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly triggered). (Julien)
. Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien)
- . Fixed bug #68536 (pack for 64bits integer is broken on bigendian). (Remi)
- . Fixed bug #55541 (errors spawn MessageBox, which blocks test automation).
- (Anatol)
- . Fixed bug #68297 (Application Popup provides too few information). (Anatol)
- . Fixed bug #65769 (localeconv() broken in TS builds). (Anatol)
- . Fixed bug #65230 (setting locale randomly broken). (Anatol)
- . Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR
- correctly). (Ferenc)
- . Fixed bug #68583 (Crash in timeout thread). (Anatol)
. Fixed bug #65576 (Constructor from trait conflicts with inherited
constructor). (dunglas at gmail dot com)
- . Fixed bug #68676 (Explicit Double Free). (CVE-2014-9425) (Kalle)
- . Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()).
- (CVE-2015-0231) (Stefan Esser)
+ . Removed ZEND_ACC_FINAL_CLASS, promoting ZEND_ACC_FINAL as final class
+ modifier. (Guilherme Blanco)
+ . is_long() & is_integer() is now an alias of is_int(). (Kalle)
+ . Implemented FR #55467 (phpinfo: PHP Variables with $ and single quotes). (Kalle)
+ . Fixed bug #55415 (php_info produces invalid anchor names). (Kalle, Johannes)
+ . Added ?? operator. (Andrea)
+ . Added <=> operator. (Andrea)
+ . Added \u{xxxxx} Unicode Codepoint Escape Syntax. (Andrea)
+ . Fixed oversight where define() did not support arrays yet const syntax did. (Andrea, Dmitry)
+ . Use "integer" and "float" instead of "long" and "double" in ZPP, type hint and conversion error messages. (Andrea)
+ . Implemented FR #55428 (E_RECOVERABLE_ERROR when output buffering in output buffering handler). (Kalle)
+ . Removed scoped calls of non-static methods from an incompatible $this
+ context. (Nikita)
+ . Removed support for #-style comments in ini files. (Nikita)
+ . Removed support for assigning the result of new by reference. (Nikita)
+ . Invalid octal literals in source code now produce compile errors, fixes PHPSadness #31. (Andrea)
+ . Removed dl() function on fpm-fcgi. (Nikita)
+ . Removed support for hexadecimal numeric strings. (Nikita)
+ . Removed obsolete extensions and SAPIs. See the full list in UPGRADING. (Anatol)
+ . Added NULL byte protection to exec, system and passthru. (Yasuo)
-- CGI:
- . Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427)
- (Stas)
+- Curl:
+ . Fixed bug #68937 (Segfault in curl_multi_exec). (Laruence)
-- CLI server:
- . Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam)
+- Date:
+ . Fixed day_of_week function as it could sometimes return negative values
+ internally. (Derick)
+ . Removed $is_dst parameter from mktime() and gmmktime(). (Nikita)
+ . Removed date.timezone warning (https://wiki.php.net/rfc/date.timezone_warning_removal). (Bob)
-- cURL:
- . Fixed bug #67643 (curl_multi_getcontent returns '' when
- CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)
+- DBA:
+ . Fixed bug #62490 (dba_delete returns true on missing item (inifile)). (Mike)
+ . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
-- Date:
- . Implemented FR #68268 (DatePeriod: Getter for start date, end date and
- interval). (Marc Bennewitz)
+- DOM:
+ . Made DOMNode::textContent writeable. (Tjerk)
-- EXIF:
- . Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232)
- (Stas)
+- GD:
+ . Made fontFetch's path parser thread-safe. (Sara)
- Fileinfo:
- . Fixed bug #68398 (msooxml matches too many archives). (Anatol)
- . Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol Belski)
- . Fixed bug #68671 (incorrect expression in libmagic).
- (Joshua Rogers, Anatol Belski)
- . Removed readelf.c and related code from libmagic sources
- (Remi, Anatol)
- . Fixed bug #68735 (fileinfo out-of-bounds memory access).
- (Anatol)
+ . Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB)
+
+- Filter:
+ . New FILTER_VALIDATE_DOMAIN and better RFC conformance for FILTER_VALIDATE_URL. (Kevin Dunglas)
- FPM:
- . Fixed request #68526 (Implement POSIX Access Control List for UDS). (Remi)
- . Fixed bug #68751 (listen.allowed_clients is broken). (Remi)
+ . Fixed bug #68945 (Unknown admin values segfault pools). (Laruence)
+ . Fixed bug #65933 (Cannot specify config lines longer than 1024 bytes). (Chris Wright)
+ . Implement request #67106 (Split main fpm config). (Elan Ruusamäe, Remi)
-- GD:
- . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi)
- . Fixed request #68656 (Report gd library version). (Remi)
+- JSON
+ . Replace non-free JSON parser with a parser from Jsond extension, fixes #63520
+ (JSON extension includes a problematic license statement). (Jakub Zelenka)
+ . Fixed bug #68938 (json_decode() decodes empty string without error).
+ (jeremy at bat-country dot us)
-- mbstring:
- . Fixed bug #68504 (--with-libmbfl configure option not present on Windows).
- (Ashesh Vashi)
+- LiteSpeed:
+ . Updated LiteSpeed SAPI code from V5.5 to V6.6. (George Wang)
+
+- Mcrypt:
+ . Fixed possible read after end of buffer and use after free. (Dmitry)
- Opcache:
+ . Fixed bug with try blocks being removed when extended_info opcode
+ generation is turned on. (Laruence)
. Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8
+ Opcache). (Laruence)
- . Fixed bug #67111 (Memory leak when using "continue 2" inside two foreach
- loops). (Nikita)
- OpenSSL:
- . Improved handling of OPENSSL_KEYTYPE_EC keys. (Dominic Luechinger)
+ . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe
+ socket timeouts). (Brad Broerman)
- pcntl:
. Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler
encodePtr enc = NULL;
HashTable *ht = Z_OBJPROP_P(data);
- if ((ztype = zend_hash_str_find(ht, "enc_type", sizeof("enc_type")-1)) == NULL) {
- if (zend_hash_find(ht, "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE ||
- Z_TYPE_PP(ztype) != IS_LONG) {
++ if ((ztype = zend_hash_str_find(ht, "enc_type", sizeof("enc_type")-1)) == NULL ||
++ Z_TYPE_P(ztype) != IS_LONG) {
soap_error0(E_ERROR, "Encoding: SoapVar has no 'enc_type' property");
}
- if ((zstype = zend_hash_str_find(ht, "enc_stype", sizeof("enc_stype")-1)) != NULL) {
- if ((zns = zend_hash_str_find(ht, "enc_ns", sizeof("enc_ns")-1)) != NULL) {
- if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS &&
- Z_TYPE_PP(zstype) == IS_STRING) {
- if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS &&
- Z_TYPE_PP(zns) == IS_STRING) {
- enc = get_encoder(SOAP_GLOBAL(sdl), Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype));
++ if ((zstype = zend_hash_str_find(ht, "enc_stype", sizeof("enc_stype")-1)) != NULL &&
++ Z_TYPE_P(zstype) == IS_STRING) {
++ if ((zns = zend_hash_str_find(ht, "enc_ns", sizeof("enc_ns")-1)) != NULL &&
++ Z_TYPE_P(zns) == IS_STRING) {
+ enc = get_encoder(SOAP_GLOBAL(sdl), Z_STRVAL_P(zns), Z_STRVAL_P(zstype));
} else {
zns = NULL;
- enc = get_encoder_ex(SOAP_GLOBAL(sdl), Z_STRVAL_PP(zstype), Z_STRLEN_PP(zstype));
+ enc = get_encoder_ex(SOAP_GLOBAL(sdl), Z_STRVAL_P(zstype), Z_STRLEN_P(zstype));
}
if (enc == NULL && SOAP_GLOBAL(typemap)) {
- encodePtr *new_enc;
smart_str nscat = {0};
if (zns != NULL) {
enc = encode;
}
- if (zend_hash_find(ht, "enc_value", sizeof("enc_value"), (void **)&zdata) == FAILURE) {
- node = master_to_xml(enc, NULL, style, parent TSRMLS_CC);
- } else {
- node = master_to_xml(enc, *zdata, style, parent TSRMLS_CC);
- }
+ zdata = zend_hash_str_find(ht, "enc_value", sizeof("enc_value")-1);
+ node = master_to_xml(enc, zdata, style, parent);
if (style == SOAP_ENCODED || (SOAP_GLOBAL(sdl) && encode != enc)) {
- if ((ztype = zend_hash_str_find(ht, "enc_stype", sizeof("enc_stype")-1)) != NULL) {
- if ((zns = zend_hash_str_find(ht, "enc_ns", sizeof("enc_ns")-1)) != NULL) {
- if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS &&
- Z_TYPE_PP(zstype) == IS_STRING) {
- if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS &&
- Z_TYPE_PP(zns) == IS_STRING) {
- set_ns_and_type_ex(node, Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype));
++ if ((zstype = zend_hash_str_find(ht, "enc_stype", sizeof("enc_stype")-1)) != NULL &&
++ Z_TYPE_P(zstype) == IS_STRING) {
++ if ((zns = zend_hash_str_find(ht, "enc_ns", sizeof("enc_ns")-1)) != NULL &&
++ Z_TYPE_P(zns) == IS_STRING) {
+ set_ns_and_type_ex(node, Z_STRVAL_P(zns), Z_STRVAL_P(zstype));
} else {
- set_ns_and_type_ex(node, NULL, Z_STRVAL_PP(zstype));
+ set_ns_and_type_ex(node, NULL, Z_STRVAL_P(zstype));
}
}
}
- if ((zname = zend_hash_str_find(ht, "enc_name", sizeof("enc_name")-1)) != NULL) {
- if (zend_hash_find(ht, "enc_name", sizeof("enc_name"), (void **)&zname) == SUCCESS &&
- Z_TYPE_PP(zname) == IS_STRING) {
- xmlNodeSetName(node, BAD_CAST(Z_STRVAL_PP(zname)));
++ if ((zname = zend_hash_str_find(ht, "enc_name", sizeof("enc_name")-1)) != NULL &&
++ Z_TYPE_P(zname) == IS_STRING) {
+ xmlNodeSetName(node, BAD_CAST(Z_STRVAL_P(zname)));
}
- if ((znamens = zend_hash_str_find(ht, "enc_namens", sizeof("enc_namens")-1)) != NULL) {
- if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS &&
- Z_TYPE_PP(zname) == IS_STRING) {
- xmlNsPtr nsp = encode_add_ns(node, Z_STRVAL_PP(znamens));
++ if ((znamens = zend_hash_str_find(ht, "enc_namens", sizeof("enc_namens")-1)) != NULL &&
++ Z_TYPE_P(znamens) == IS_STRING) {
+ xmlNsPtr nsp = encode_add_ns(node, Z_STRVAL_P(znamens));
xmlSetNs(node, nsp);
}
} else {
}
if (version == SOAP_1_1) {
- if ((tmp = zend_hash_str_find(prop, "faultcode", sizeof("faultcode")-1)) != NULL) {
- if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS &&
- Z_TYPE_PP(tmp) == IS_STRING) {
- size_t new_len;
++ if ((tmp = zend_hash_str_find(prop, "faultcode", sizeof("faultcode")-1)) != NULL &&
++ Z_TYPE_P(tmp) == IS_STRING) {
xmlNodePtr node = xmlNewNode(NULL, BAD_CAST("faultcode"));
- char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC);
+ zend_string *str = php_escape_html_entities((unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp), 0, 0, NULL);
xmlAddChild(param, node);
if (fault_ns) {
xmlNsPtr nsptr = encode_add_ns(node, fault_ns);
}
detail_name = "detail";
} else {
- if ((tmp = zend_hash_str_find(prop, "faultcode", sizeof("faultcode")-1)) != NULL) {
- if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS &&
- Z_TYPE_PP(tmp) == IS_STRING) {
- size_t new_len;
++ if ((tmp = zend_hash_str_find(prop, "faultcode", sizeof("faultcode")-1)) != NULL &&
++ Z_TYPE_P(tmp) == IS_STRING) {
xmlNodePtr node = xmlNewChild(param, ns, BAD_CAST("Code"), NULL);
- char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC);
+ zend_string *str = php_escape_html_entities((unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp), 0, 0, NULL);
node = xmlNewChild(node, ns, BAD_CAST("Value"), NULL);
if (fault_ns) {
xmlNsPtr nsptr = encode_add_ns(node, fault_ns);
projects / php / commitdiff