PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 20??, PHP 7.0.0 <<<<<<< HEAD - CLI server: . Refactor MIME type handling to use a hash table instead of linear search. (Adam) . Update the MIME type list from the one shipped by Apache HTTPD. (Adam) ======= - Core: . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). (Laruence) . Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net) . Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike) . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). (nayana at ddproperty dot com) . Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus) . Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). (kostyantyn dot lysyy at oracle dot com) - cURL: . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). (Grant Pannell) . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. (Linus Unneback) - ODBC: . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol) - Opcache: . Fixed bug #69125 (Array numeric string as key). (Laruence) . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence) - OpenSSL: . Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence) . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). (Brad Broerman) - pgsql: . Fixed bug #68638 (pg_update() fails to store infinite values). (william dot welter at 4linux dot com dot br, Laruence) - Readline: . Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters). (Laruence) - SOAP: . Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (andrea dot palazzo at truel dot it, Laruence) - SPL: . Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). (Laruence) . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). (Julien) - CGI: . Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence) - CLI: . Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia) - FPM: . Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com) 19 Feb 2015, PHP 5.6.6 - Core: . Removed support for multi-line headers, as the are deprecated by RFC 7230. (Stas) . Fixed bug #67068 (getClosure returns somethings that's not a closure). (Danack at basereality dot com) . Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273) (Stas) . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). (Stas) . Fixed Bug #67988 (htmlspecialchars() does not respect default_charset specified by ini_set) (Yasuo) . Added NULL byte protection to exec, system and passthru. (Yasuo) - Dba: . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info) - Enchant: . Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()). (Antony) - Fileinfo: . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers) . Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files correctly). (Anatol) . Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some gifs). (Anatol) - FPM: . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle) . Fixed bug #68571 (core dump when webserver close the socket). (redfoxli069 at gmail dot com, Laruence) - JSON: . Fixed bug #50224 (json_encode() does not always encode a float as a float) by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso) - LIBXML: . Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads). (Martin Jansen) - Mysqli: . Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande) . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors) (Keyur Govande) - Opcache: . Fixed bug with try blocks being removed when extended_info opcode generation is turned on. (Laruence) - PDO_mysql: . Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes). (steffenb198 at aol dot com) - Phar: . Fixed bug #68901 (use after free). (bugreports at internot dot info) - Pgsql: . Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo) - Session: . Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo) . Fixed Bug #66623 (no EINTR check on flock) (Yasuo) . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo) - Sqlite3: . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args). (Julien) - Standard: . Fixed bug #65272 (flock() out parameter not set correctly in windows). (Daniel Lowrey) . Fixed bug #69033 (Request may get env. variables from previous requests if PHP works as FastCGI). (Anatol) - Streams: . Fixed bug which caused call after final close on streams filter. (Bob) 22 Jan 2015, PHP 5.6.5 >>>>>>> PHP-5.6 - Core: . Fixed bug #68933 (Invalid read of size 8 in zend_std_read_property). (Laruence, arjen at react dot com) . Fixed bug #68868 (Segfault in clean_non_persistent_constants() in SugarCRM 6.5.20). (Laruence) . Fixed bug #68104 (Segfault while pre-evaluating a disabled function). (Laruence) . Fixed bug #68252 (segfault in Zend/zend_hash.c in function _zend_hash_del_el). (Laruence) . Added PHP_INT_MIN constant. (Andrea) . Added Closure::call() method. (Andrea) . Implemented FR #38409 (parse_ini_file() looses the type of booleans). (Tjerk) . Fixed bug #67959 (Segfault when calling phpversion('spl')). (Florian) . Implemented the RFC `Catchable "Call to a member function bar() on a non-object"`. (Timm) . Added options parameter for unserialize allowing to specify acceptable classes (https://wiki.php.net/rfc/secure_unserialize). (Stas) . Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly triggered). (Julien) . Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien) . Fixed bug #65576 (Constructor from trait conflicts with inherited constructor). (dunglas at gmail dot com) . Removed ZEND_ACC_FINAL_CLASS, promoting ZEND_ACC_FINAL as final class modifier. (Guilherme Blanco) . is_long() & is_integer() is now an alias of is_int(). (Kalle) . Implemented FR #55467 (phpinfo: PHP Variables with $ and single quotes). (Kalle) . Fixed bug #55415 (php_info produces invalid anchor names). (Kalle, Johannes) . Added ?? operator. (Andrea) . Added <=> operator. (Andrea) . Added \u{xxxxx} Unicode Codepoint Escape Syntax. (Andrea) . Fixed oversight where define() did not support arrays yet const syntax did. (Andrea, Dmitry) . Use "integer" and "float" instead of "long" and "double" in ZPP, type hint and conversion error messages. (Andrea) . Implemented FR #55428 (E_RECOVERABLE_ERROR when output buffering in output buffering handler). (Kalle) . Removed scoped calls of non-static methods from an incompatible $this context. (Nikita) . Removed support for #-style comments in ini files. (Nikita) . Removed support for assigning the result of new by reference. (Nikita) . Invalid octal literals in source code now produce compile errors, fixes PHPSadness #31. (Andrea) . Removed dl() function on fpm-fcgi. (Nikita) . Removed support for hexadecimal numeric strings. (Nikita) . Removed obsolete extensions and SAPIs. See the full list in UPGRADING. (Anatol) . Added NULL byte protection to exec, system and passthru. (Yasuo) - Curl: . Fixed bug #68937 (Segfault in curl_multi_exec). (Laruence) - Date: . Fixed day_of_week function as it could sometimes return negative values internally. (Derick) . Removed $is_dst parameter from mktime() and gmmktime(). (Nikita) . Removed date.timezone warning (https://wiki.php.net/rfc/date.timezone_warning_removal). (Bob) - DBA: . Fixed bug #62490 (dba_delete returns true on missing item (inifile)). (Mike) . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info) - DOM: . Made DOMNode::textContent writeable. (Tjerk) - GD: . Made fontFetch's path parser thread-safe. (Sara) - Fileinfo: . Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB) - Filter: . New FILTER_VALIDATE_DOMAIN and better RFC conformance for FILTER_VALIDATE_URL. (Kevin Dunglas) - FPM: . Fixed bug #68945 (Unknown admin values segfault pools). (Laruence) . Fixed bug #65933 (Cannot specify config lines longer than 1024 bytes). (Chris Wright) . Implement request #67106 (Split main fpm config). (Elan Ruusamäe, Remi) - JSON . Replace non-free JSON parser with a parser from Jsond extension, fixes #63520 (JSON extension includes a problematic license statement). (Jakub Zelenka) . Fixed bug #68938 (json_decode() decodes empty string without error). (jeremy at bat-country dot us) - LiteSpeed: . Updated LiteSpeed SAPI code from V5.5 to V6.6. (George Wang) - Mcrypt: . Fixed possible read after end of buffer and use after free. (Dmitry) - Opcache: . Fixed bug with try blocks being removed when extended_info opcode generation is turned on. (Laruence) . Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8 + Opcache). (Laruence) - OpenSSL: . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). (Brad Broerman) - pcntl: . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL). (Julien) - PCRE: . Removed support for the /e (PREG_REPLACE_EVAL) modifier. (Nikita) - PDO: . Fixed bug #59450 (./configure fails with "Cannot find php_pdo_driver.h"). (maxime dot besson at smile dot fr) - PDO_mysql: . Fixed bug #68424 (Add new PDO mysql connection attr to control multi statements option). (peter dot wolanin at acquia dot com) - Reflection . Fixed inheritance chain of Reflector interface. (Tjerk) - Session: . Fixed bug #67694 (Regression in session_regenerate_id()). (Tjerk) . Fixed bug #68941 (mod_files.sh is a bash-script). (bugzilla at ii.nl, Yasuo) - SOAP: . Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes). (Laruence) - SPL: . Implemented #67886 (SplPriorityQueue/SplHeap doesn't expose extractFlags nor curruption state). (Julien) . Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME breaks the RecursiveIterator). (Paul Garvin) . Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv). (Salathe) - Sqlite3: . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args). (Julien) - Standard: . Removed call_user_method() and call_user_method_array() functions. (Kalle) . Fixed user session handlers (See rfc:session.user.return-value). (Sara) . Added intdiv() function. (Andrea) . Improved precision of log() function for base 2 and 10. (Marc Bennewitz) . Remove string category support in setlocale(). (Nikita) . Remove set_magic_quotes_runtime() and its alias magic_quotes_runtime(). (Nikita) . Fixed bug #65272 (flock() out parameter not set correctly in windows). (Daniel Lowrey) - Streams: . Fixed bug #68532 (convert.base64-encode omits padding bytes). (blaesius at krumedia dot de) . Removed set_socket_blocking() in favor of its alias stream_set_blocking(). (Nikita) - XSL: . Fixed bug #64776 (The XSLT extension is not thread safe). (Mike) <<< NOTE: Insert NEWS from last stable release here prior to actual release! >>>