"FIXME")); function bugfix($number) { echo "Fixed bug "; bugl($number); } function bugl($number) { echo "#$number"; } function peclbugfix($number) { echo "Fixed PECL bug "; bugl($number); } function peclbugl($number) { echo "#$number"; } ?>

PHP 5 ChangeLog

Version 5.3.6

17-Mar-2011

Upgraded bundled Sqlite3 to version 3.7.4. (Ilia)
Upgraded bundled PCRE to version 8.11. (Ilia)
Zend Engine:
- Indirect reference to $this fails to resolve if direct $this is never used in method. (Scott)
- Fixed bug numerous crashes due to setlocale (crash on error, pcre, mysql etc.) on Windows in thread safe mode. (Pierre)
- Added options to debug backtrace functions. (Stas)
- (isset() and empty() produce apparently spurious runtime error). (Dmitry)
- (Closures can't 'use' shared variables by value and by reference). (Dmitry)
- (memory leak inside highlight_string()). (Hannes, Ilia)
- (Lack of error context with nested exceptions). (Stas)
- (Throwing an exception in a destructor causes a fatal error). (Stas)
- (same parameter name can be used multiple times in method/function definition). (Felipe)
Core:
- Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/Proxy-Authorization (Dmitry)
- Changed default value of ini directive serialize_precision from 100 to 17. (Gustavo)
- (buffer overrun with high values for precision ini setting). (Gustavo)
- (reflection data for fgetcsv out-of-date). (Richard)
- (Regression introduced in 5.3.4 in open_basedir with a trailing forward slash). (lekensteyn at gmail dot com, Pierre)
- (Fix compile on the VAX). (Rasmus, jklos)
- (array_product() always returns 0 for an empty array). (Ilia)
- (fwrite() doesn't check reply from ftp server before exiting). (Ilia)
Calendar extension:
- (Integer overflow in SdnToJulian, sometimes leading to segfault). (Gustavo)
DOM extension:
- Implemented FR (Made DOMDocument::saveHTML accept an optional DOMNode like DOMDocument::saveXML). (Gustavo)
DateTime extension:
- Fixed a bug in DateTime->modify() where absolute date/time statements had no effect. (Derick)
- (DatePeriod fails to initialize recurrences on 64bit big-endian systems). (Derick, rein@basefarm.no)
- (Segfault when specifying interval as two dates). (Stas)
- (Can't use new properties in class extended from DateInterval). (Stas)
- (setDate, setISODate, setTime works wrong when DateTime created from timestamp). (Stas)
- (DateTime constructor's second argument doesn't have a null default value). (Gustavo, Stas)
Exif extension:
- (crash on crafted tag, reported by Luca Carettoni). (Pierre) (CVE-2011-0708)
Filter extension:
- (FILTER_VALIDATE_URL doesn't validate port number). (Ilia, Gustavo)
- (FILTER_FLAG_NO_RES_RANGE is missing some IP ranges). (Ilia)
- (INPUT_ENV returns NULL for set variables (CLI)). (Ilia)
- (FILTER_FLAG_NO_RES_RANGE don't work with ipv6). (Ilia, valli at icsurselva dot ch)
Fileinfo extension:
- (finfo_file() Cannot determine filetype in archives). (Hannes)
Gettext
- (_() crashes on Windows when no LANG or LANGUAGE environment variable are set). (Pierre)
IMAP extension:
- Implemented FR (get MIME headers of the part of the email). (Stas)
- (imap_mime_header_decode() doesn't ignore \t during long MIME header unfolding). (Adam)
Intl extension:
- (Segmentation fault when using cloned several intl objects). (Gustavo)
- (NumberFormatter::setSymbol crash on bogus $attr values). (Felipe)
- Implemented clone functionality for number, date & message formatters. (Stas).
JSON extension:
- (Ensure error_code is always set during some failed decodings). (Scott)
mysqlnd
- Fixed problem with always returning 0 as num_rows for unbuffered sets. (Andrey, Ulf)
MySQL Improved extension:
- Added 'db' and 'catalog' keys to the field fetching functions (FR ). (Kalle)
- Fixed buggy counting of affected rows when using the text protocol. The collected statistics were wrong when multi_query was used with mysqlnd (Andrey)
- (Connect Error from MySqli (mysqlnd) when using SSL). (Kalle)
- (mysqli::query returns false after successful LOAD DATA query). (Kalle, Andrey)
- (mysqli_real_connect() ignores client flags when built to call libmysql). (Kalle, tre-php-net at crushedhat dot com)
OpenSSL extension:
- Fixed stream_socket_enable_crypto() not honoring the socket timeout in server mode. (Gustavo)
- (Memory leaks when openssl_encrypt). (Pierre)
- (Memory leaks when openssl_decrypt). (Pierre)
- (stream_socket_enable_crypto() busy-waits in client mode). (Gustavo)
- Implemented FR (Cannot disable SessionTicket extension for servers that do not support it) by adding a no_ticket SSL context option. (Adam, Tony)
PDO MySQL driver:
- (PDOStatement execute segfaults for pdo_mysql driver). (Johannes)
- Implemented FR (Support for setting character sets in DSN strings). (Kalle)
PDO Oracle driver:
- (Cannot load Lob data with more than 4000 bytes on ORACLE 10). (spatar at mail dot nnov dot ru)
PDO PostgreSQL driver:
- (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu)
Phar extension:
- (format-string vulnerability on Phar). (Felipe) (CVE-2011-1153)
- (format string bug in ext/phar). (crrodriguez at opensuse dot org, Ilia)
- (PHAR reports invalid error message, when the directory does not exist). (Ilia)
PHP-FPM SAPI:
- Enforce security in the fastcgi protocol parsing. (ef-lists at email dotde)
- (php-fpm log format now match php_error log format). (fat)
- (php-fpm --test doesn't set a valuable return value). (fat)
- (php-fpm slowlog now also logs the original request). (fat)
Readline extension:
- (Fixed parameter handling inside readline() function). (jo at feuersee dot de, Ilia)
Reflection extension:
- (ReflectionClass::getConstant(s) emits fatal error on constants with self::). (Gustavo)
Shmop extension:
- (Integer overflow in shmop_read()). (Felipe) Reported by Jose Carlos Norte (CVE-2011-1092)
SNMP extension:
- (snmprealwalk (snmp v1) does not handle end of OID tree correctly). (Boris Lytochkin)
SOAP extension:
- Fixed possible crash introduced by the NULL poisoning patch. (Mateusz Kocielski, Pierre)
SPL extension:
- Fixed memory leak in DirectoryIterator::getExtension() and SplFileInfo::getExtension(). (Felipe)
- (SPL assumes HAVE_GLOB is defined). (Chris Jones)
- (property_exists incorrect on ArrayObject null and 0 values). (Felipe)
- Added SplFileInfo::getExtension(). FR . (Peter Cowburn)
SQLite3 extension:
- Fixed memory leaked introduced by the NULL poisoning patch. (Mateusz Kocielski, Pierre)
- Fixed memory leak on SQLite3Result and SQLite3Stmt when assigning to a reference. (Felipe)
- Add SQlite3_Stmt::readonly() for checking if a statement is read only. (Scott)
- Implemented FR (SQLite3Result::columnType() should return false after all of the rows have been fetched). (Scott)
Streams:
- (Segmentation fault when using HTTP proxy with the FTP wrapper). (Gustavo)
- (Streams functions assume HAVE_GLOB is defined). (Chris Jones)
- (userspace stream stat callback does not separate the elements of the returned array before converting them). (Gustavo)
- Implemented FR (open arbitrary file descriptor with fopen). (Gustavo)
Tokenizer Extension
- (token_get_all() does not stop after __halt_compiler). (Ilia)
XSL extension:
- Fixed memory leaked introduced by the NULL poisoning patch. (Mateusz Kocielski, Pierre)
Zip extension:
- Added the filename into the return value of stream_get_meta_data(). (Hannes)
- (Zip functions assume HAVE_GLOB is defined). (Adam)
- (Wrong return value for ZipArchive::extractTo()). (Pierre)
- (ZipArchive segfault with FL_UNCHANGED on empty archive). (Stas, Maksymilian Arciemowicz). (CVE-2011-0421)
- (Missing constants for compression type). (Richard, Adam)
- (ZipArchive should quiet stat errors). (brad dot froehle at gmail dot com, Gustavo)
- (stream_get_contents() segfaults on ziparchive streams). (Hannes)
- (swapped memset arguments in struct initialization). (crrodriguez at opensuse dot org)
- (Missing parameters in docs and reflection definition). (Richard)
- (feof never returns true for damaged file in zip). (Gustavo, Richard Quadling)

Version 5.3.5

06-Jan-2011

(PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645) (Rasmus, Scott)

Version 5.2.17

06-Jan-2011

(PHP hangs on numeric value 2.2250738585072011e-308). (CVE-2010-4645) (Rasmus, Scott)

Version 5.2.16

16-Dec-2010

(segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu)
(Regression in open_basedir handling). (Ilia)

Version 5.3.4

09-Dec-2010

Upgraded bundled Sqlite3 to version 3.7.3. (Ilia)
Upgraded bundled PCRE to version 8.10. (Ilia)
Security enhancements:
- Fixed crash in zip extract method (possible CWE-170). (Maksymilian Arciemowicz, Pierre)
- Paths with NULL in them (foo\0bar.txt) are now considered as invalid. (Rasmus)
- Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia)
- Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz)
- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
- Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). (Pierre)
- Fixed symbolic resolution support when the target is a DFS share. (Pierre)
- (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710). (Adam)
General improvements:
- Added stat support for zip stream. (Pierre)
- Added follow_location (enabled by default) option for the http stream support. (Pierre)
- Improved support for is_link and related functions on Windows. (Pierre)
- Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. (Gustavo)
Implemented feature requests:
- Implemented FR , added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. (Kalle)
- Implemented FR , added functions pcntl_get_last_error() and pcntl_strerror(). (nick dot telford at gmail dot com, Arnaud)
- Implemented symbolic links support for open_basedir checks. (Pierre)
- Implemented FR , SplFileInfo::getLinkTarget on Windows. (Pierre)
- Implemented FR , not uploaded files don't count towards max_file_uploads limit. As a side improvement, temporary files are not opened for empty uploads and, in debug mode, 0-length uploads. (Gustavo)
Improved MySQLnd:
- Added new character sets to mysqlnd, which are available in MySQL 5.5 (Andrey)
Improved PHP-FPM SAPI:
- Added '-p/--prefix' to php-fpm to use a custom prefix and run multiple instances. (fat)
- Added custom process title for FPM. (fat)
- Added '-t/--test' to php-fpm to check and validate FPM conf file. (fat)
- Added statistics about listening socket queue length for FPM. (andrei dot nigmatulin at gmail dot com, fat)
Core:
- Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. (jorto at redhat dot com)
- Fixed bug in the Windows implementation of dns_get_record, where the two last parameters wouldn't be filled unless the type were DNS_ANY (Gustavo).
- Changed the $context parameter on copy() to actually have an effect. (Kalle)
- Fixed htmlentities/htmlspecialchars accepting certain ill-formed UTF-8 sequences. (Gustavo)
- (sleep() returns NULL on Windows). (Pierre)
- (strip_tags() may strip '<br />' incorrectly). (Felipe)
- (quot_print_decode does not handle lower-case hex digits). (Ilia, daniel dot mueller at inexio dot net)
- (rawurlencode RFC 3986 EBCDIC support misses tilde char). (Justin Martin)
- (file_exists fails on big filenames). (Adam)
- (changing INI setting "from" with ini_set did not have any effect). (Gustavo)
- (post_max_size=0 not disabling the limit when the content type is application/x-www-form-urlencoded or is not registered with PHP). (gm at tlink dot de, Gustavo)
- (autoload misbehaves if called from closing session). (ladislav at marek dot su)
- (In html_entity_decode, failure to convert numeric entities with ENT_NOQUOTES and ISO-8859-1). Fixed and extended the fix of ENT_NOQUOTES in html_entity_decode that had introduced the bug (rev #185591) to other encodings. Additionaly, html_entity_decode() now doesn't decode " if ENT_NOQUOTES is given. (Gustavo)
- (strripos not overloaded with function overloading enabled). (Felipe)
- (var_dump() doesn't check for the existence of get_class_name before calling it). (Kalle, Gustavo)
- (var_export array with negative key). (Felipe)
- (base64_decode() improper handling of leading padding in strict mode). (Ilia)
- (dns_get_record fails with non-existing domain on Windows). (a_jelly_doughnut at phpbb dot com, Pierre)
- (socket will not connect to IPv4 address when the host has both IPv4 and IPv6 addresses, on Windows). (Gustavo, Pierre)
- (proc_open on Windows does not respect cwd as it does on other platforms). (Pierre)
- (utf8_decode vulnerabilities and deficiencies in the number of reported malformed sequences). (CVE-2010-3870) (Gustavo)
- (get_html_translation_table doesn't handle UTF-8). (Gustavo)
- (php -i has different output to php --ini). (Richard, Pierre)
- (array_diff() takes over 3000 times longer than php 5.2.4). (Felipe)
- (printf of floating point variable prints maximum of 40 decimal places). (Ilia)
- (mt_rand() does not check that max is greater than min). (Ilia)
- (bad default include_path on Windows). (Pierre)
- (get_html_translation_table calls the ' ' instead of '). (Gustavo)
Zend engine:
- Reverted fix for bug (Static calling in non-static method behaves like $this->). (Felipe)
- Changed deprecated ini options on startup from E_WARNING to E_DEPRECATED. (Kalle)
- Fixed NULL dereference in lex_scan on zend multibyte builds where the script had a flex incompatible encoding and there was no converter. (Gustavo)
- Fixed covariance of return-by-ref constraints. (Etienne)
- (E_NOTICE when defining a constant starts with __COMPILER_HALT_OFFSET__). (Felipe)
- (zend_call_function does not respect ZEND_SEND_PREFER_REF). (Dmitry)
- (Objects unreferenced in __get, __set, __isset or __unset can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
- (PHP should reset section to [PHP] after ini sections). (Fedora at famillecollet dot com)
- (newline problem with parse_ini_file+INI_SCANNER_RAW). (Felipe)
- (__set() ignores setting properties with empty names). (Felipe)
- (Throwing an exception in a destructor causes invalid catching). (Dmitry)
- (Zend/tests/bug45877.phpt fails). (Dmitry)
Build issues:
- (Compile error if systems do not have stdint.h) (Sriram Natarajan)
- (nanosleep not detected properly on some solaris versions). (Ulf, Tony)
- (make fails on glob_wrapper). (Felipe)
Calendar extension:
- (cal_days_in_month incorrect for December 1 BCE). (gpap at internet dot gr, Adam)
cURL extension:
- (curl_setopt does not accept persistent streams). (Gustavo, Ilia)
- (cURL leaks handle and causes assertion error (CURLOPT_STDERR)). (Gustavo)
- (CURLOPT_PRIVATE gets corrupted). (Ilia)
- (curl extension slows down PHP on Windows). (Pierre)
DateTime extension:
- (gettimeofday implementation in php/win32/time.c can return 1 million microsecs). (ped at 7gods dot org)
- (Iterating over a dateperiod twice is broken). (Derick)
- (Relative dates and getTimestamp increments by one day). (Derick)
- (date_parse parse 24:xx:xx as valid time). (Derick)
- Added support for the ( and ) delimiters/separators to DateTime::createFromFormat(). (Derick)
DBA extension:
- Added Berkeley DB 5.1 support to the DBA extension. (Oracle Corp.)
DOM extension:
- (DOMCdataSection does not work with splitText). (Ilia)
Filter extension:
- Fixed the filter extension accepting IPv4 octets with a leading 0 as that belongs to the unsupported "dotted octal" representation. (Gustavo)
- (problems in the validation of IPv6 addresses with leading and trailing :: in the filter extension). (Gustavo)
- (problems in the validation of IPv6 addresses with IPv4 addresses and ::). (Gustavo)
GD extension:
- (fix crash if anti-aliasing steps are invalid). (Pierre)
GMP extension:
- (gmp_mod returns negative result when non-negative is expected). (Stas)
- (GNU MP invalid version match). (Adam)
Hash extension:
- (unaligned memory access in ext/hash/hash_tiger.c). (Mike, Ilia)
Iconv extension:
- (The 'iconv_mime_decode_headers' function is skipping headers). (Adam)
- (iconv output handler outputs incorrect content type when flags are used). (Ilia)
- (iconv_mime_decode() does not ignore malformed Q-encoded words). (Ilia)
Intl extension:
- Fixed crashes on invalid parameters in intl extension. (CVE-2010-4409). (Stas, Maksymilian Arciemowicz)
- Added support for formatting the timestamp stored in a DateTime object. (Stas)
- (IntlDateFormatter::parse result is limited to the integer range). (Stas)
Mbstring extension:
- (mb_strcut() returns garbage with the excessive length parameter). (CVE-2010-4156) (Mateusz Kocielski, Pierre, Moriyoshi)
- (Unicode casing table was out-of-date. Updated with UnicodeData-6.0.0d7.txt and included the source of the generator program with the distribution) (Gustavo).
- (mb_send_mail() appends an extra MIME-Version header). (Adam)
MSSQL extension:
- Fixed possible crash in mssql_fetch_batch(). (Kalle)
- (Segfault when optional parameters are not passed in to mssql_connect). (Felipe)
MySQL extension:
- (php_mysql_fetch_hash writes long value into int). (Kalle, rein at basefarm dot no)
MySQLi extension:
- (Wrong data inserted with mysqli/mysqlnd when using mysqli_stmt_bind_param and value> PHP_INT_MAX). (Andrey)
- (mysql_stmt_attr_[gs]et argument points to incorrect type). (rein at basefarm dot no)
- (mysqli doesn't install headers with structures it uses). (Andrey)
- (Call to undefined method mysqli::poll() - must be static). (Andrey)
- (MySQLi build failure with mysqlnd on MacOS X). (Andrey)
- (MySQLi/libmysql build failure on OS X, FreeBSD). (Andrey)
- (mysqli_report() should be per-request setting). (Kalle)
- (mysqli_fetch_all does not work with MYSQLI_USE_RESULT). (Andrey)
- (Misbehaviour of magic_quotes_runtime (get/set)). (Andrey)
- (Can't initialize character set hebrew). (Andrey)
MySQLnd:
- (crash in mysqlnd after hitting memory limit). (Andrey)
ODBC extension:
- (Broken error handling in odbc_execute). (mkoegler at auto dot tuwien dot ac dot at)
Openssl extension:
- Fixed possible blocking behavior in openssl_random_pseudo_bytes on Windows. (Pierre)
- (Invalid read on openssl_csr_new()). (Felipe)
- (segfault when ssl stream option capture_peer_cert_chain used). (Felipe)
Oracle Database extension (OCI8):
- (Valgrind warnings in oci_set_* functions) (Oracle Corp.)
- (Using oci_connect causes PHP to take a long time to exit). Requires Oracle 11.2.0.2 client libraries (or Oracle bug fix 9891199) for this patch to have an effect. (Oracle Corp.)
PCNTL extension:
- (Race condition when handling many concurrent signals). (nick dot telford at gmail dot com, Arnaud)
PCRE extension:
- (PCRE-Meta-Characters not working with utf-8). (Felipe)
- (Docs say preg_match() returns FALSE on error, but it returns int(0)). (slugonamission at gmail dot com)
PHAR extension:
- (unaligned memory access in phar.c). (geissert at debian dot org, Ilia)
PHP-FPM SAPI:
- (segfault when using -y). (fat)
- Fixed inconsistent backlog default value (-1) in FPM on many systems. (fat)
- (libevent made FPM crashed when forking - libevent has been removed). (fat)
- (gcc builtin atomic functions were sometimes used when they were not available). (fat)
- (configuration file errors are not logged to stderr). (fat)
- (FPM Status page returns inconsistent Content-Type headers). (fat)
- (libevent was not only linked to php-fpm). (fat)
PDO:
- (PDO bindValue writes long int 32bit enum). (rein at basefarm dot no)
- (PDO::FETCH_INTO leaks memory). (Felipe)
PDO DBLib driver:
- (pdo_dblib segmentation fault when iterating MONEY values). (Felipe)
PDO Firebird driver:
- Restored firebird support (VC9 builds only). (Pierre)
- (pdo_firebird did not implement rowCount()). (preeves at ibphoenix dot com)
- (pdo_firebird getAttribute() crash). (preeves at ibphoenix dot com)
PDO MySQL driver:
- (Binding params doesn't work when selecting a date inside a CASE-WHEN). (Andrey)
PostgreSQL extension:
- (pg_delete() fails on NULL). (ewgraf at gmail dot com)
Reflection extension:
- Fixed ReflectionProperty::isDefault() giving a wrong result for properties obtained with ReflectionClass::getProperties(). (Gustavo)
- (Reflection doesnt get dynamic property value from getProperty()). (Felipe)
- (ReflectionClass::newInstanceArgs does not work for classes without constructors). (Johannes)
SOAP extension:
- (RFC2616 transgression while HTTPS request through proxy with SoapClient object). (Dmitry)
SPL extension:
- (Segmentation fault when extending SplFixedArray). (Felipe)
- (SplFileObject doesn't initialise default CSV escape character). (Adam)
- (Segfault in SplObjectStorage::removeAll()). (Felipe)
- (SPLObjectStorage defeats gc_collect_cycles). (Gustavo)
- (SplFileObject::fscanf Segmentation fault). (Felipe)
- (SplFileInfo::getType() does not work symbolic link and directory). (Pierre)
- (Storing many SPLFixedArray in an array crashes). (Felipe)
- (RegexIterator::REPLACE doesn't work). (Felipe)
SQLite3 extension:
- (sqlite3 columnName() segfaults on bad column_number). (Felipe)
Streams:
- Fixed forward stream seeking emulation in streams that don't support seeking in situations where the read operation gives back less data than requested and when there was data in the buffer before the emulation started. Also made more consistent its behavior -- should return failure every time less data than was requested was skipped. (Gustavo)
- (stream casting that relies on fdopen/fopencookie fails with streams opened with, inter alia, the 'xb' mode). (Gustavo)
- (stream_get_contents has an unpredictable behavior when the underlying stream does not support seeking). (Gustavo)
- (Invalid write on second and subsequent reads with an inflate filter fed invalid data). (Gustavo)
- (writes to fopencookie FILE* not commited when seeking the stream). (Gustavo)
WDDX extension:
- (wddx_deserialize corrupts integer field value when left empty). (Felipe)
Zlib extension:
- (zlib fopen wrapper does not use context). (Gustavo)

Version 5.2.15

08-Dec-2010

Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. (jorto at redhat dot com)
Fixed crash in zip extract method (possible CWE-170). (Maksymilian Arciemowicz, Pierre)
Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia)
Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
Fixed possible crash in mssql_fetch_batch(). (Kalle)
Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz)
(fix crash if anti-aliasing steps are invalid). (Pierre)
(pdo_firebird getAttribute() crash). (preeves at ibphoenix dot com)
(Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). (CVE-2010-3709). (Adam)
(Objects unreferenced in __get, __set, __isset or __unset can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
(var_dump() doesn't check for the existence of get_class_name before calling it). (Kalle, Gustavo)
(pdo_dblib segmentation fault when iterating MONEY values). (Felipe, Adam)
(Compile error if systems do not have stdint.h) (Sriram Natarajan)
(mysqli_report() should be per-request setting). (Kalle)
(Zend/tests/bug45877.phpt fails). (Dmitry)
(array_diff() takes over 3000 times longer than php 5.2.4). (Felipe)
(RFC2616 transgression while HTTPS request through proxy with SoapClient object). (Dmitry)

Version 5.3.3

22-Jul-2010

Upgraded bundled sqlite to version 3.6.23.1. (Ilia)
Upgraded bundled PCRE to version 8.02. (Ilia)

Added support for JSON_NUMERIC_CHECK option in json_encode() that converts numeric strings to integers. (Ilia)
Added stream_set_read_buffer, allows to set the buffer for read operation. (Pierre)
Added stream filter support to mcrypt extension (ported from mcrypt_filter). (Stas)
Added full_special_chars filter to ext/filter. (Rasmus)
Added backlog socket context option for stream_socket_server(). (Mike)
Added fifth parameter to openssl_encrypt()/openssl_decrypt() (string $iv) to use non-NULL IV. Made implicit use of NULL IV a warning. (Sara)
Added openssl_cipher_iv_length(). (Sara)
Added FastCGI Process Manager (FPM) SAPI. (Tony)
Added recent Windows versions to php_uname and fix undefined windows version support. (Pierre)
Added Berkeley DB 5 support to the DBA extension. (Johannes, Chris Jones)
Added support for copy to/from array/file for pdo_pgsql extension. (Denis Gasparin, Ilia)
Added inTransaction() method to PDO, with specialized support for Postgres. (Ilia, Denis Gasparin)

Changed namespaced classes so that the ctor can only be named __construct now. (Stas)
Reset error state in PDO::beginTransaction() reset error state. (Ilia)

Implemented FR (SQLite3::busyTimeout not existing). (Mark)
Implemented FR (Adding udate to imap_fetch_overview results). (Charles_Duffy at dell dot com )
Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531). (Scott)
Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. (Andrey)
Fixed possible buffer overflows when handling error packets in mysqlnd. Reported by Stefan Esser. (Andrey)
Fixed very rare memory leak in mysqlnd, when binding thousands of columns. (Andrey)
Fixed a crash when calling an inexistent method of a class that inherits PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe)

Fixed memory leak on error in mcrypt_create_iv on Windows. (Pierre)
Fixed a possible crash because of recursive GC invocation. (Dmitry)
Fixed a possible resource destruction issues in shm_put_var(). Reported by Stefan Esser. (Dmitry)
Fixed a possible information leak because of interruption of XOR operator. Reported by Stefan Esser. (Dmitry)
Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks. Reported by Stefan Esser. (Dmitry)
Fixed a possible memory corruption in ArrayObject::uasort(). Reported by Stefan Esser. (Dmitry)
Fixed a possible memory corruption in parse_str(). Reported by Stefan Esser. (Dmitry)
Fixed a possible memory corruption in pack(). Reported by Stefan Esser. (Dmitry)
Fixed a possible memory corruption in substr_replace(). Reported by Stefan Esser. (Dmitry)
Fixed a possible memory corruption in addcslashes(). Reported by Stefan Esser. (Dmitry)
Fixed a possible stack exhaustion inside fnmatch(). Reported by Stefan Esser. (Ilia)
Fixed a possible dechunking filter buffer overflow. Reported by Stefan Esser. (Pierre)
Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia)
Fixed string format validation inside phar extension. Reported by Stefan Esser. (Ilia)
Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser. (Ilia)
Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug ). (Raphael Geissert)
Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas)
Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas)
Fixed the mail.log ini setting when no filename was given. (Johannes)

(Segmentation fault when using mail() on a rhel 4.x (only 64 bit)). (Adam)
(json_decode() shows no errors on invalid UTF-8). (Scott)
(hash_copy() does not copy the HMAC key, causes wrong results and PHP crashes). (Felipe)
(Crash when an Exception occured in iterator_to_array). (Johannes)
(converting closure to array yields empty array). (Felipe)
(Reflectionfunction reports invalid number of arguments for function aliases). (Felipe)
(custom request header variables with numbers are removed). (Sriram Natarajan)
(Invalid E_STRICT redefined constructor error). (Felipe)
(Constants are parsed into the ini file for section names). (Felipe)
(mysqli_result::fetch_all returns null, not an empty array). (Andrey)
(dns_get_record() garbage in 'ipv6' field on Windows). (Pierre)
(character_set_client & character_set_connection reset after mysqli_change_user()). (Andrey)
(GD doesn't recognize latest libJPEG versions). (php at group dot apple dot com, Pierre)
(Memory leak when writing on uninitialized variable returned from function). (Dmitry)
(Memory leak when passing a closure to method_exists()). (Felipe)
(ReflectionClass fails on Closure class). (Felipe)
(handling of case sensitivity of old-style constructors changed in 5.3+). (Felipe)
(Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle)
(make lcov doesn't support TESTS variable anymore). (Patrick)
(open_basedir restrictions mismatch on vacuum command). (Ilia)
(Memory allocation problems after using variable variables). (Dmitry)
(spl_autoload and *nix support with namespace). (Felipe)
(AIX: Several files are out of ANSI spec). (Kalle, coreystup at gmail dot com)
(ReflectionParameter::getDefaultValue() memory leaks with constant array). (Felipe)
(ReflectionParameter fails if default value is an array with an access to self::). (Felipe)
(Parse error in parse_ini_file() function when empy value followed by no newline). (Felipe)
(checkdnsrr does not support types other than MX). (Pierre)
(Bad warning when register_shutdown_function called with wrong num of parameters). (Felipe)
(Segfault with strange __destruct() for static class variables). (Dmitry)
(constant() aborts execution when fail to check undefined constant). (Felipe)
(Fileinfo __construct or open does not work with NULL). (Pierre)
(xmlrpc_get_type() returns true on invalid dates). (Mike)
(Content-length header is limited to 32bit integer with Apache2 on Windows). (Pierre)
(mark DOMNodeList and DOMNamedNodeMap as Traversable). (David Zuelke)
(Test mysql_mysqlnd_read_timeout_long must fail on MySQL4). (Andrey)
(Unsafe operations in free_storage of SPL iterators, causes crash during shutdown). (Etienne)
(Phar::setStub looks for case-sensitive __HALT_COMPILER()). (Ilia)
(ini per dir crashes when invalid document root are given). (Pierre)
(imagefill does not work correctly for small images). (Pierre)
(getColumnMeta causes segfault when re-executing query after calling nextRowset). (Pierrick)
Certificate file without private key (pk in another file) doesn't work. (Andrey)
(CURLOPT_FOLLOWLOCATION error message is misleading). (Pierre)
(script path not correctly evaluated). (russell dot tempero at rightnow dot com)
(Crash when calling mysqli_options()). (Felipe)
(PHP crash with wrong HTML in SimpleXML). (Felipe)
(pg_copy_to: Invalid results when using fourth parameter). (Felipe)
(pg_copy_to: WARNING: nonstandard use of \\ in a string literal). (cbandy at jbandy dot com)
(pg_copy_from does not allow schema in the tablename argument). (cbandy at jbandy dot com)
(Mysqli - zombie links). (Andrey)
(newline in end of header is shown in start of message). (Daniel Egeberg)
(JSON_ERROR_UTF8 is undefined). (Felipe)
(Bus error due to wrong alignment in mysqlnd). (Rainer Jung)
(Don't assume UINT64_C it's ever available). (reidrac at usebox dot net, Pierre)
(Uninitialized memory reference with oci_bind_array_by_name) (Oracle Corp.)
(query timeout in mssql can not be changed per query). (ejsmont dot artur at gmail dot com)
(debug_backtrace() causes segmentation fault and/or memory issues). (Dmitry)
(var_dump() invalid/slow *RECURSION* detection). (Felipe)
(Missing ifdefs / logic bug in crypt code cause compile errors). (Felipe)
(crypt() function hangs after 3rd call). (Pierre, Sriram)
(Error line reported incorrectly if error handler throws an exception). (Stas)
(DateTime::createFromFormat() fails if format string contains timezone). (Adam)
(mysqli_close / connection memory leak). (Andrey, Johannes)
(URL-Rewriter is still enabled if use_only_cookies is on). (Ilia, j dot jeising at gmail dot com)
(oci_error doesn't report last error when called two times) (Oracle Corp.)
(php_load_extension() is missing when HAVE_LIBDL is undefined). (Tony)
(Faultstring property does not exist when the faultstring is empty) (Ilia, dennis at transip dot nl)
(zlib.output_compression Overwrites Vary Header). (Adam)
(CURL_VERSION_LARGEFILE incorrectly used after libcurl version 7.10.1). (aron dot ujvari at microsec dot hu)
(Empty mysql.default_port does not default to 3306 anymore, but 0). (Adam)
(milter SAPI crash on startup). (igmar at palsenberg dot com)
(pdo_mssql is trimming value of the money column). (Ilia, alexr at oplot dot com)
(ftp_put() returns false when transfer was successful). (Ilia)
(ext/date/php_date.c fails to compile with Sun Studio). (Sriram Natarajan)
(Static calling in non-static method behaves like $this->). (Felipe)
(curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia)
(imagefill() doesn't work with large images). (Pierre)
('last day' and 'first day' are handled incorrectly when parsing date strings). (Derick)
(DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones)
(DBA DB4 uses mismatched headers and libraries). (Chris Jones)
(mysqli_ssl_set not working). (Andrey)
(filter doesn't detect int overflows with GCC 4.4). (Raphael Geissert)
(unaligned memory access in dba_fetch()). (Felipe)
(Soap headers Authorization not allowed). (Brain France, Dmitry)
(DOMNotation is not subclass of DOMNode). (Rob)
(property_exists does not work for private). (Felipe)
(in WSDL mode Soap Header handler function only being called if defined in WSDL). (mephius at gmail dot com)
(Inconsistent namespaces sent to functions registered with spl_autoload_register). (Felipe)
(removing E_WARNING from parse_url). (ralph at smashlabs dot com, Pierre)
(incorrect shebang in phar.phar). (Fedora at FamilleCollet dot com)
(date_create_from_format enforces 6 digits for 'u' format character). (Derick)
(Exceptions thrown in __call / __callStatic do not include file and line in trace). (Felipe)
(Compile failure compiling ext/phar/util.lo). (Felipe)
(name clash between global and local variable). (patch by yoarvi at gmail dot com)
(DateTime::sub() allows 'relative' time modifications). (Derick)
(fix possible memory corruption with very long names). (Pierre)
(Crash while creating an instance of Zend_Mail_Storage_Pop3). (Dmitry)
(STDOUT losing data with posix_isatty()). (Mike)
(DateInterval::format("%a") is always zero when an interval is created from an ISO string). (Derick)
(memory leaks in php_date.c if garbage collector is enabled). (Dmitry)
(FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus)
(XPath namespace prefix conflict). (Rob)
(odbc_autocommit doesn't work). (Felipe)
(PDO returns null when SQLite connection fails). (Felipe)
(mysqli_ssl_set not found). (Andrey)
(Reflection doesn't seem to work properly on MySqli). (Andrey)
(PHP crashes when GC invoked on COM object). (Stas)
(DateTime::diff() mistake if start in January and interval > 28 days). (Derick)
(DateTime::diff() repeats previous sub() operation). (yoarvi@gmail.com, Derick)
(DomDocument : saveHTMLFile wrong charset). (Rob)
(__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3). (Felipe)
(Timezone database fallback map is outdated). (Derick)
(Cyclical garbage collector memory leak). (Dmitry)
(xpath() returns FALSE for legitimate query). (Rob)
(SplFileInfo::getPathInfo should return the parent dir). (Etienne)
(iconv_mime_encode() quoted-printable scheme is broken). (Adam, patch from hiroaki dot kawai at gmail dot com).
(sscanf() does not support 64-bit values). (Mike)
(Some timezone identifiers can not be parsed). (Derick)
(stream_socket_enable_crypto() blocks and eats CPU). (vincent at optilian dot com)
(sasl support for ldap on Windows). (Pierre)
(formatOutput does not work with saveHTML). (Rob)
(getimagesize() fails to detect width/height on certain JPEGs). (Ilia)

Version 5.2.14

22-Jul-2010

Reverted bug fix #49521 (PDO fetchObject sets values before calling constructor). (Felipe)

Updated timezone database to version 2010.5. (Derick)
Upgraded bundled PCRE to version 8.02. (Ilia)

Rewrote var_export() to use smart_str rather than output buffering, revents data disclosure if a fatal error occurs (CVE-2010-2531). (Scott)
Fixed a possible interruption array leak in strrchr(). Reported by Péter Veres. (CVE-2010-2484) (Felipe)
Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe)
Fixed a possible memory corruption in substr_replace() (Dmitry)
Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas)
Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser (Ilia)
Reset error state in PDO::beginTransaction() reset error state. (Ilia)
Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug ). (Raphael Geissert)
Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser (Ilia)
Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia)
Fixed a crash when calling an inexistent method of a class that inherits PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe)

(Segmentation fault when using mail() on a rhel 4.x (only 64 bit)). (Adam)
(Crash when an Exception occured in iterator_to_array). (Johannes)
(Crash when passing the reference of the property of a non-object). (Dmitry)
(SplFileObject::fgetss() fails due to parameter that can't be set). (Felipe)
(custom request header variables with numbers are removed). (Sriram Natarajan)
(Invalid E_STRICT redefined constructor error). (Felipe)
(memory_limit above 2G). (Felipe)
(Memory leak when writing on uninitialized variable returned from function). (Dmitry)
(Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle)
(make lcov doesn't support TESTS variable anymore). (Patrick)
(open_basedir restrictions mismatch on vacuum command). (Ilia, Felipe)
(AIX: Several files are out of ANSI spec). (Kalle, coreystup at gmail dot com)
(ReflectionParameter::getDefaultValue() memory leaks with constant array). (Felipe)
(ReflectionParameter fails if default value is an array with an access to self::). (Felipe)
(Segfault with strange __destruct() for static class variables). (Dmitry)
(imagefill does not work correctly for small images). (Pierre)
(getColumnMeta causes segfault when re-executing query after calling nextRowset). (Pierrick)
(CURLOPT_FOLLOWLOCATION error message is misleading). (Pierre)
(PDO PGSQL still broken against PostGreSQL <7.4). (Felipe, wdierkes at 5dollarwhitebox dot org)
(PHP crash with wrong HTML in SimpleXML). (Felipe)
(pg_copy_to: Invalid results when using fourth parameter). (Felipe)
(pg_copy_to: WARNING: nonstandard use of \\ in a string literal). (cbandy at jbandy dot com)
(pg_copy_from does not allow schema in the tablename argument). (cbandy at jbandy dot com)
(newline in end of header is shown in start of message). (Daniel Egeberg)
(query timeout in mssql can not be changed per query). (ejsmont dot artur at gmail dot com)
(debug_backtrace() causes segmentation fault and/or memory issues). (Dmitry)
(Wrong prototype for SplFileObject::fscanf()). (Etienne)
(var_dump() invalid/slow *RECURSION* detection). (Felipe)
(DateTime::createFromFormat() fails if format string contains timezone). (Adam)
(Wrongly initialized object properties). (Etienne)
(URL-Rewriter is still enabled if use_only_cookies is on). (Ilia, j dot jeising at gmail dot com)
(Faultstring property does not exist when the faultstring is empty) (Ilia, dennis at transip dot nl)
(zlib.output_compression Overwrites Vary Header). (Adam)
(imagettftext and rotated text uses wrong baseline) (cschneid at cschneid dot com, Takeshi Abe)
(milter SAPI crash on startup). (igmar at palsenberg dot com)
(pdo_mssql is trimming value of the money column). (Ilia, alexr at oplot dot com)
(FILTER_VALIDATE_URL will invalidate a hostname that includes '-'). (Adam, solar at azrael dot ws).
(ftp_put() returns false when transfer was successful). (Ilia)
(ext/date/php_date.c fails to compile with Sun Studio). (Sriram Natarajan)
(curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia)
(imagefill() doesn't work with large images). (Pierre)
(DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones)
(DBA DB4 uses mismatched headers and libraries). (Chris Jones)
(filter doesn't detect int overflows with GCC 4.4). (Raphael Geissert)
(in WSDL mode Soap Header handler function only being called if defined in WSDL). (mephius at gmail dot com)
(SoapClient should handle wsdls with some incompatiable endpoints). (Justin Dearing)
(Exceptions thrown in __call() / __callStatic() do not include file and line in trace). (Felipe)
(Firebird - new PDO() returns NULL). (Felipe)
(LimitIterator with empty SeekableIterator). (Etienne)
(FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus)
(PDO returns null when SQLite connection fails). (Felipe)
(Linking fails for iconv). (Moriyosh)
(xpath() returns FALSE for legitimate query). (Rob)
(iconv_mime_encode() quoted-printable scheme is broken). (Adam, patch from hiroaki dot kawai at gmail dot com).
(iconv_mime_encode(), broken Q scheme). (Rasmus)
(getimagesize() fails to detect width/height on certain JPEGs). (Ilia)
(syslog() truncates messages). (Adam)

Version 5.3.2

04-Mar-2010

Security Fixes
- Improved LCG entropy. (Rasmus, Samy Kamkar)
- Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
Upgraded bundled sqlite to version 3.6.22. (Ilia)
Upgraded bundled libmagic to version 5.03. (Mikko)
Upgraded bundled PCRE to version 8.00. (Scott)
Updated timezone database to version 2010.3. (Derick)
Improved LCG entropy. (Rasmus, Samy Kamkar)
Improved crypt support for edge cases (UFC compatibility). (Solar Designer, Joey, Pierre)
Changed gmp_strval() to use full range from 2 to 62, and -2 to -36. FR (David Soria Parra)
Changed "post_max_size" php.ini directive to allow unlimited post size by setting it to 0. (Rasmus)
Changed tidyNode class to disallow manual node creation. (Pierrick)
Removed automatic file descriptor unlocking happening on shutdown and/or stream close (on all OSes). (Tony, Ilia)
Added libpng 1.4.0 support. (Pierre)
Added support for DISABLE_AUTHENTICATOR for imap_open. (Pierre)
Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL. (Ilia)
Added stream_resolve_include_path(). (Mikko)
Added INTERNALDATE support to imap_append. (nick at mailtrust dot com)
Added support for SHA-256 and SHA-512 to php's crypt. (Pierre)
Added realpath_cache_size() and realpath_cache_get() functions. (Stas)
Added FILTER_FLAG_STRIP_BACKTICK option to the filter extension. (Ilia)
Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check. (Stas)
Added LIBXML_PARSEHUGE constant to override the maximum text size of a single text node when using libxml2.7.3+. (Kalle)
Added ReflectionMethod::setAccessible() for invoking non-public methods through the Reflection API. (Sebastian)
Added Collator::getSortKey for intl extension. (Stas)
Added support for CURLOPT_POSTREDIR. FR . (Sriram Natarajan)
Added support for CURLOPT_CERTINFO. FR . (Linus Nielsen Feltzing <linus@haxx.se>)
Added client-side server name indication support in openssl. (Arnaud)
Improved fix for bug (Segfault caused by uksort()). (Stas)
Fixed mysqlnd hang when queries exactly 16777214 bytes long are sent. (Andrey)
Fixed incorrect decoding of 5-byte BIT sequences in mysqlnd. (Andrey)
Fixed error_log() to be binary safe when using message_type 3. (Jani)
Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)
Fixed memory leak in extension loading when an error occurs on Windows. (Pierre)
Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia)
Fixed possible crash when a error/warning is raised during php startup. (Pierre)
Fixed possible bad behavior of rename on windows when used with symbolic links or invalid paths. (Pierre)
Fixed error output to stderr on Windows. (Pierre)
Fixed memory leaks in is_writable/readable/etc on Windows. (Pierre)
Fixed memory leaks in the ACL function on Windows. (Pierre)
Fixed memory leak in the realpath cache on Windows. (Pierre)
Fixed memory leak in zip_close. (Pierre)
Fixed crypt's blowfish sanity check of the "setting" string, to reject iteration counts encoded as 36 through 39. (Solar Designer, Joey, Pierre)
(crypt crashes when invalid salt are given). (Pierre)
(allow underscore _ in constants parsed in php.ini files). (Jani)
(Custom content-length set incorrectly in Apache SAPIs). (Brian France, Rasmus)
(Wrong date by php_date.c patch with ancient gcc/glibc versions). (Derick)
(X-PHP-Originating-Script adding two new lines in *NIX). (Ilia)
(build fails with openssl 1.0 due to md2 deprecation). (Ilia, hanno at hboeck dot de)
(strip_tags() removes all tags greater then 1023 bytes long). (Ilia)
(php.ini directive pdo_mysql.default_socket is ignored). (Ilia)
(HTTP fopen wrapper does not support passwordless HTTP authentication). (Jani)
(stream_set_write_buffer() has no effect on socket streams). (vnegrier at optilian dot com, Ilia)
(system.multiCall crashes in xmlrpc extension). (hiroaki dot kawai at gmail dot com, Ilia)
(CURLOPT_FTP_SKIP_PASV_IP does not exist). (Sriram)
(exec() adds single byte twice to $output array). (Ilia)
(All PDOExceptions hardcode 'code' property to 0). (Joey, Ilia)
(Bug in garbage collector causes crash). (Dmitry)
(putenv does not set ENV when the value is only one char). (Pierre)
(strtotime() does not support eighth ordinal number). (Ilia)
(DOMDocument::loadXML does not allow UTF-16). (Rob)
(copy() with an empty (zero-byte) HTTP source succeeds but returns false). (Ilia)
(filter_input() does not return default value if the variable does not exist). (Ilia)
(XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick)
(Broken object model when extending tidy). (Pierrick)
(Crash while running ldap_next_reference test cases). (Sriram)
(segfault in garbage collection when using set_error_handler and DomDocument). (Dmitry)
(compile failure: Conflicting HEADER type declarations). (Jani)
(Use of <stdbool.h> is valid only in a c99 compilation environment. (Sriram)
(declare encoding doesn't work within an included file). (Felipe)
(PDO::FETCH_FUNC fails with Closures). (Felipe, Pierrick)
(PDO-ODBC stored procedure call from Solaris 64-bit causes seg fault). (davbrown4 at yahoo dot com, Felipe)
(PROCEDURE db.myproc can't return a result set in the given context). (Andrey)
(Reference argument converted to value in __call). (Stas)
(performance regression handling objects, ten times slowerin 5.3 than in 5.2). (Dmitry)
(date_create_from_format() enforces 6 digits for 'u' format character). (Ilia)
(nanosleep not detected properly on some solaris versions). (Jani)
(php.ini parser does not allow spaces in ini keys). (Jani)
(crypt ignores sha512 prefix). (Pierre)
(Allow use of ; in values via ;; in PDO DSN). (Ilia, Pierrick)
(xmlrpc does not preserve keys in encoded indexed arrays). (Felipe)
(xmlrpc_encode_request() changes object into array in calling function). (Felipe)
(get_browser(null) does not use HTTP_USER_AGENT). (Jani)
(conflicting types for llabs). (Jani)
(Crash When Calling Parent Constructor with call_user_func()). (Dmitry)
(isset() and empty() silently casts array to object). (Felipe)
(pdo_mysql.default_socket in php.ini shouldn't used if it is empty). (foutrelis at gmail dot com, Ilia)
(Socket path passed using --with-mysql-sock is ignored when mysqlnd is enabled). (Jani)
(soap call Segmentation fault on a redirected url). (Pierrick)
(crash by ldap_get_option() with LDAP_OPT_NETWORK_TIMEOUT). (Ilia, shigeru_kitazaki at cybozu dot co dot jp)
(Compiling with libedit cannot find readline.h). (tcallawa at redhat dot com)
(segmentation fault when concatenating very large strings on 64bit linux). (Ilia)
(stream_copy_to_stream() produces warning when source is not file). (Stas)
(pg_copy_to() fails when table name contains schema. (Ilia)
(ldap_get_entries() return false instead of an empty array when there is no error). (Jani)
(Incorrectly matched docComment). (Felipe)
(FastCGI fails with wrong error on HEAD request to non-existant file). (Dmitry)
(Memory leak when fetching timestamp column from Oracle database). (Felipe)
(wrong working directory in symlinked files). (Dmitry)
(FILTER_VALIDATE_EMAIL fails with valid addresses containing = or ?). (Pierrick)
(ReflectionClass::hasProperty behaves like isset() not property_exists). (Felipe)
(property_exists: Closure object cannot have properties). (Felipe)
(crash while running bug35634.phpt). (Felipe)
(With default compilation option, php symbols are unresolved for nsapi). (Uwe Schindler)
(NSAPI performance improvements). (Uwe Schindler)
(parse_url() incorrect when ? in fragment). (Ilia)
(pdo_mysql doesn't use PHP_MYSQL_UNIX_SOCK_ADDR). (Ilia)
(Throwing through Reflection modified Exception object makes segmentation fault). (Felipe)
(SNMP3 warning message about security level printed twice). (Jani)
(pdo_pgsql prepare() re-use previous aborted transaction). (ben dot pineau at gmail dot com, Ilia, Matteo)
(Phar::isBuffering() returns inverted value). (Greg)
(crash with ftp stream in php_stream_context_get_option()). (Pierrick)
(Curl post upload functions changed). (Ilia)
(Making reference on string offsets crashes PHP). (Dmitry)
(import_request_variables() always returns NULL). (Ilia, sjoerd at php dot net)
, #50451 (http wrapper breaks on 1024 char long headers). (Ilia)
(SimpleXML allow (un)serialize() calls without warning). (Ilia, wmeler at wp-sa dot pl)
(ReflectionClass::hasProperty returns true for a private property in base class). (Felipe)
(ini parser crashes with apache2 and using ${something} ini variables). (Jani)
(libxml 2.7.3+ limits text nodes to 10MB). (Felipe)
(DOMUserData does not exist). (Rob)
(imageTTFText text shifted right). (Takeshi Abe)
(date_format buffer not long enough for >4 digit years). (Derick, Adam)
(oci8: using LOBs causes slow PHP shutdown). (Oracle Corp.)
(PDO fetchObject sets values before calling constructor). (Pierrick)
(Constants defined in Interfaces can be overridden). (Felipe)
(setAttributeNS fails setting default namespace). (Rob)
(Floating point NaN cause garbage characters). (Sjoerd)
(Compile error due to old DNS functions on AIX systems). (Scott)
(crash when extending PDOStatement and trying to set queryString property). (Felipe)
(Directives in PATH section do not get applied to subdirectories). (Patch by: ct at swin dot edu dot au)
(SoapClient does not honor max_redirects). (Sriram)
(Content-type parameter "boundary" is not case-insensitive in HTTP uploads). (Ilia)
(importNode doesn't preserve attribute namespaces). (Rob)
(extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com)
($php_errormsg is limited in size of characters) (Oracle Corp.)
(htmlentities() uses obsolete mapping table for character entity references). (Moriyoshi)
(strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke)
(PDOStatement->execute() returns true then false for same statement). (Pierrick)
(define() allows :: in constant names). (Ilia)
(imap_utf8() returns only capital letters). (steffen at dislabs dot de, Pierre)
(Failure in odbc_exec() using oracle-supplied odbc driver). (tim dot tassonis at trivadis dot com)

Version 5.2.13

25-Feb-2010

Security Fixes
- Improved LCG entropy. (Rasmus, Samy Kamkar)
- Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
Updated timezone database to version 2010.2. (Derick)
Upgraded bundled PCRE to version 7.9. (Ilia)
Removed automatic file descriptor unlocking happening on shutdown and/or stream close (on all OSes excluding Windows). (Tony, Ilia)
Changed tidyNode class to disallow manual node creation. (Pierrick)
Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL. (Ilia)
Fixed bug in bundled libgd causing spurious horizontal lines drawn by gdImageFilledPolygon (libgd #100). (Takeshi Abe)
Fixed build of mysqli with MySQL 5.5.0-m2. (Andrey)
(Custom content-length set incorrectly in Apache sapis). (Brian France, Rasmus)
(Wrong date by php_date.c patch with ancient gcc/glibc versions). (Derick)
(build fails with openssl 1.0 due to md2 deprecation). (Ilia, hanno at hboeck dot de)
(strip_tags() removes all tags greater then 1023 bytes long). (Ilia)
(HTTP fopen wrapper does not support passwordless HTTP authentication). (Jani)
(ReflectionFunction::isDeprecated producing "cannot be called statically" error). (Jani, Felipe)
(Compile failure: Bad logic in defining fopencookie emulation). (Jani)
(stream_set_write_buffer() has no effect on socket streams). (vnegrier at optilian dot com, Ilia)
(mysqli constructor without parameters does not return a working mysqli object). (Andrey)
(system.multiCall crashes in xmlrpc extension). (hiroaki dot kawai at gmail dot com, Ilia)
(exec() adds single byte twice to $output array). (Ilia)
(All PDOExceptions hardcode 'code' property to 0). (Joey, Ilia)
(Accessing mysqli->affected_rows on no connection causes segfault). (Andrey, Johannes)
(strtotime() does not support eighth ordinal number). (Ilia)
(DOMDocument::loadXML does not allow UTF-16). (Rob)
(copy() with an empty (zero-byte) HTTP source succeeds but returns false). (Ilia)
(MySQLi_Result sets values before calling constructor). (Pierrick)
(filter_input() does not return default value if the variable does not exist). (Ilia)
(XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick)
(PDO_PGSQL LOBs are not compatible with PostgreSQL 8.5). (Matteo)
(Broken object model when extending tidy). (Pierrick)
(Crash while running ldap_next_reference test cases). (Sriram)
(compile failure: Conflicting HEADER type declarations). (Jani)
(Reference argument converted to value in __call). (Stas)
(http wrapper breaks on 1024 char long headers). (Ilia)
(imageTTFText text shifted right). (Takeshi Abe)
(date_format buffer not long enough for >4 digit years). (Derick, Adam)
(setAttributeNS fails setting default namespace). (Rob)
(Implementing Iterator and IteratorAggregate). (Etienne)
(SoapClient does not honor max_redirects). (Sriram)
(Content-type parameter "boundary" is not case-insensitive in HTTP uploads). (Ilia)
(defined() requires class to exist when testing for class constants). (Ilia)
(extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com)
(Field truncation when reading from dbase dbs with more then 1024 fields). (Ilia, sjoerd-php at linuxonly dot nl)
(strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke)
(define() allows :: in constant names). (Ilia)

Version 5.3.1

19-Nov-2009

Security Fixes
- Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia)
- Added missing sanity checks around exif processing. (Ilia)
- Fixed a safe_mode bypass in tempnam(). (Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo(). (Rasmus)
- (safe_mode_include_dir fails). (Johannes, christian at elmerot dot se)
Added error constant when json_encode() detects an invalid UTF-8 sequence. (Scott)
Added support for ACL on Windows for thread safe SAPI (Apache2 for example) and fix its support on NTS. (Pierre)
Upgraded bundled sqlite to version 3.6.19. (Scott)
Updated timezone database to version 2009.17 (2009q). (Derick)
Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (Rasmus)
Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (Rasmus)
Fixed certificate validation inside php_openssl_apply_verification_policy (Ryan Sleevi, Ilia)
Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe)
Fixed sanity check for the color index in imagecolortransparent. (Pierre)
Fixed scandir/readdir when used mounted points on Windows. (Pierre)
Fixed zlib.deflate compress filter to actually accept level parameter. (Jani)
Fixed leak on error in popen/exec (and related functions) on Windows. (Pierre)
Fixed possible bad caching of symlinked directories in the realpath cache on Windows. (Pierre)
Fixed atime and mtime in stat related functions on Windows. (Pierre)
Fixed spl_autoload_unregister/spl_autoload_functions wrt. Closures and Functors. (Christian Seiler)
Fixed open_basedir circumvention for "mail.log" ini directive. (Maksymilian Arciemowicz, Stas)
Fixed signature generation/validation for zip archives in ext/phar. (Greg)
Fixed memory leak in stream_is_local(). (Felipe, Tony)
Fixed BC break in mime_content_type(), removes the content encoding. (Scott)
Changed ini file directives [PATH=](on Win32) and [HOST=](on all) to be case insensitive (garretts)
Restored shebang line check to CGI sapi (not checked by scanner anymore). (Jani)
Improve symbolic, mounted volume and junctions support for realpath on Windows. (Pierre)
Improved readlink on Windows, suppress \??\ and use the drive syntax only. (Pierre)
Improved dns_get_record() AAAA support on windows. Always available when IPv6 is support is installed, format is now the same than on unix. (Pierre)
Improved the DNS functions on OSX to use newer APIs, also use Bind 9 API where available on other platforms. (Scott)
Improved shared extension loading on OSX to use the standard Unix dlopen() API. (Scott)
(safe_mode_include_dir fails). (Johannes, christian at elmerot dot se)
(Different Hashes on Windows and Linux on wrong Salt size). (Pierre)
(no support for ././@LongLink for long filenames in phar tar support). (Greg)
(throwing exception in __autoload crashes when interface is not defined). (Felipe)
(exec() fails to return data inside 2nd parameter, given output lines >4095 bytes). (Ilia)
(time_sleep_until() is not available on OpenSolaris). (Jani)
(long2ip() can return wrong value in a multi-threaded applications). (Ilia, Florian Anderiasch)
(calling mcrypt after mcrypt_generic_deinit crashes). (Sriram Natarajan)
(crashes when using fileinfo when timestamp conversion fails). (Pierre)
(Unexpected change in strnatcasecmp()). (Rasmus)
(imap_listscan function missing). (Felipe)
(use of C++ style comments causes build failure). (Sriram Natarajan)
(CURLOPT_INFILESIZE sometimes causes warning "CURLPROTO_FILE cannot be set"). (Felipe)
(cURL's CURLOPT_FILE prevents file from being deleted after fclose). (Ilia)
(FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia)
(php engine need to correctly check for socket API return status on windows). (Sriram Natarajan)
(ldap.c utilizing deprecated ldap_modify_s). (Ilia)
(wordwrap() wraps incorrectly on end of line boundaries). (Ilia, code-it at mail dot ru)
(segfault in php_curl_option_curl). (Pierre)
(inside pdo_mysql default socket settings are ignored). (Ilia)
(bcmath module doesn't compile with phpize configure). (Jani)
(php://input (php_stream_input_read) is broken). (Jani)
(Ternary operator fails on Iterator object when used inside foreach declaration). (Etienne, Dmitry)
(Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani)
(Inconsistency using get_defined_constants). (Garrett)
(gdJpegGetVersionString() inside gd_compact identifies wrong type in declaration). (Ilia)
(dns_get_record does not return NAPTR records). (Pierre)
(Import of schema from different host transmits original authentication details). (Dmitry)
(crash when exception thrown from __tostring()). (David Soria Parra)
(Missing ICU DLLs on windows package). (Pierre)
(posix_times returns false without error). (phpbugs at gunnu dot us)
(Error in dba_exists C code). (jdornan at stanford dot edu)
(undefined reference to mysqlnd_stmt_next_result on compile with --with-mysqli and MySQL 6.0). (Jani)
(2nd scan_dir produces segfault). (Felipe)
(mysqli segfault on error). (Rasmus)
(proc_get_status['exitcode'] fails on win32). (Felipe)
(ReflectionFunction fails to work with functions in fully qualified namespaces). (Kalle, Jani)
(private class static fields can be modified by using reflection). (Jani)
(feof never returns true for damaged file in zip). (Pierre)
("disable_functions" php.ini option does not work on Zend extensions). (Stas)
(--enable-session=shared does not work: undefined symbol: php_url_scanner_reset_vars). (Jani)
(parse_ini_file() regression in 5.3.0 when using non-ASCII strings as option keys). (Jani)
(context option headers freed too early when using --with-curlwrappers). (Jani)
(The function touch() fails on directories on Windows). (Pierre)
(SplFileObject::fscanf() variables passed by reference). (Jani)
(mysqli_options() doesn't work when using mysqlnd). (Andrey)
(proc_open() can bypass safe_mode_protected_env_vars restrictions). (Ilia)
(phar tar signature algorithm reports as Unknown (0) in getSignature() call). (Greg)
(phar misinterprets ustar long filename standard). (Greg)
(phar tar stores long filenames wit prefix/name reversed). (Greg)
(dechunked filter broken when serving more than 8192 bytes in a chunk). (andreas dot streichardt at globalpark dot com, Ilia)
(PHP CLI in Interactive mode (php -a) crashes when including files from function). (Stas)
(zlib.output_compression does not output HTTP headers when set to a string value). (Jani)
(Crash when compiling with pdo_firebird). (Felipe)
(cURL does not upload files with specified filename). (Ilia)
(Double \r\n after HTTP headers when "header" context option is an array). (David Zülke)
(Too long error code strings in pdo_odbc driver). (naf at altlinux dot ru, Felipe)
(Namespace causes unexpected strict behaviour with extract()). (Dmitry)
(Segmentation fault in mysqli_stmt_execute()). (Andrey)
(is_callable returns true even if method does not exist in parent class). (Felipe)
(Problems compiling with Curl). (Felipe)
(string.c: errors: duplicate case values). (Kalle)
(array_merge_recursive modifies arrays after first one). (Felipe)
(IPv6 socket transport is not working). (Ilia)
(printf() returns incorrect outputted length). (Jani)
(Random Appearing open_basedir problem). (Rasmus, Gwynne)
(open office files always reported as corrupted). (Greg)
(RecursiveDirectoryIterator doesn't descend into symlinked directories). (Ilia)
(make install will fail saying phar file exists). (Greg)
(SIGSEGVs when using curl_copy_handle()). (Sriram Natarajan)
(rename() between volumes fails and reports no error on Windows). (Pierre)
(parse_ini_*() crash with INI_SCANNER_RAW). (Jani)
(ZipArchive produces corrupt archive). (dani dot church at gmail dot com, Pierre)
(IPv6 address filter still rejects valid address). (Felipe)
(ReflectionFunction::invoke() parameter issues). (Kalle)
(mysql_close() crash php when no handle specified). (Johannes, Andrey)
(Crash during date parsing with invalid date). (Pierre)
(Unable to browse directories within Junction Points). (Pierre, Kanwaljeet Singla)
(mysqlnd: mysql_num_fields returns wrong column count for mysql_list_fields). (Andrey)
(PHAR install fails when INSTALL_ROOT is not the final install location). (james dot cohen at digitalwindow dot com, Greg)
(CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on files that have been opened with r+). (Ilia)
(parse_ini_*(): scanner_mode parameter is not checked for sanity). (Jani)
(FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia)
(openssl signature verification for tar archives broken). (Greg)
(parse_ini_*(): dollar sign as last character of value fails). (Jani)
(mb_convert_encoding() doesn't understand hexadecimal html-entities). (Moriyoshi)
("file" fopen wrapper is overwritten when using --with-curlwrappers). (Jani)
(Invalid libreadline version not detected during configure). (Jani)
(imap crashes when closing stream opened with OP_PROTOTYPE flag). (Jani)
(error message unclear on converting phar with existing file). (Greg)
(Infinite loop and possible crash during startup with errors when errors are logged). (Jani)
error: 'MYSQLND_LLU_SPEC' undeclared. Cause for #48780 and #46952 - both fixed too. (Andrey)
(ibase_execute error in return param). (Kalle)
(ssl handshake fails during asynchronous socket connection). (Sriram Natarajan)
(Fixed build with Openssl 1.0). (Pierre, Al dot Smith at aeschi dot ch dot eu dot org)
(Only the date fields of the first row are fetched, others are empty). (info at programmiernutte dot net)
(natcasesort() does not sort extended ASCII characters correctly). (Herman Radtke)
(Memory leak in DateTime). (Derick, Tobias John)
(Encoding bug in SoapServer->fault). (Dmitry)
(touch() afield returns different values on windows). (Pierre)
(Extended MySQLi class gives incorrect empty() result). (Andrey)
(with Sun Java System Web Server 7.0 on HPUX, #define HPUX). (Uwe Schindler)
(imagefilledrectangle() clipping error). (markril at hotmail dot com, Pierre)
(Inconsistent behavior of the u format char). (Derick)
(setcookie will output expires years of >4 digits). (Ilia)
(popen crashes when an invalid mode is passed). (Pierre)
(stream_get_meta_data() does not return same mode as used in fopen). (Jani)
(ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot com, Kalle)
(php_uname() does not return nodename on Netware (Guenter Knauf)
(Mail() does not use FQDN when sending SMTP helo). (Kalle, Rick Yorgason)
(Sent incorrect RCPT TO commands to SMTP server) (Garrett)
(Impersonation with FastCGI does not exec process as impersonated user). (Pierre)
(oci_error return false when NO_DATA_FOUND is raised). (Chris Jones)

Version 5.3.0

30-Jun-2009

Upgraded bundled PCRE to version 7.9. (Nuno)
Upgraded bundled sqlite to version 3.6.15. (Scott)
Moved extensions to PECL (Derick, Lukas, Pierre, Scott):
- ext/dbase
- ext/fbsql
- ext/fdf
- ext/ncurses
- ext/mhash (BC layer is now entirely within ext/hash)
- ext/ming
- ext/msql
- ext/sybase (not maintained anymore, sybase_ct has to be used instead)
Removed the experimental RPL (master/slave) functions from mysqli. (Andrey)
Removed zend.ze1_compatibility_mode. (Dmitry)
Removed all zend_extension_* php.ini directives. Zend extensions are now always loaded using zend_extension directive. (Derick)
Removed special treatment of "/tmp" in sessions for open_basedir. Note: This undocumented behaviour was introduced in 5.2.2. (Alexey)
Removed shebang line check from CGI sapi (checked by scanner). (Dmitry)
Changed PCRE, Reflection and SPL extensions to be always enabled. (Marcus)
Changed md5() to use improved implementation. (Solar Designer, Dmitry)
Changed HTTP stream wrapper to accept any code between and including 200 to 399 as successful. (Mike, Noah Fontes)
Changed __call() to be invoked on private/protected method access, similar to properties and __get(). (Andrei)
Changed dl() to be disabled by default. Enabled only when explicitly registered by the SAPI. Currently enabled with cli, cgi and embed SAPIs. (Dmitry)
Changed opendir(), dir() and scandir() to use default context when no context argument is passed. (Sara)
Changed open_basedir to allow tightening in runtime contexts. (Sara)
Changed PHP/Zend extensions to use flexible build IDs. (Stas)
Changed error level E_ERROR into E_WARNING in Soap extension methods parameter validation. (Felipe)
Changed openssl info to show the shared library version number. (Scott)
Changed floating point behaviour to consistently use double precision on all platforms and with all compilers. (Christian Seiler)
Changed round() to act more intuitively when rounding to a certain precision and round very large and very small exponents correctly. (Christian Seiler)
Changed session_start() to return false when session startup fails. (Jani)
Changed property_exists() to check the existence of a property independent of accessibility (like method_exists()). (Felipe)
Changed array_reduce() to allow mixed $initial (Christian Seiler)
Improved PHP syntax and semantics:
- Added lambda functions and closures. (Christian Seiler, Dmitry)
- Added "jump label" operator (limited "goto"). (Dmitry, Sara)
- Added NOWDOC syntax. (Gwynne Raskind, Stas, Dmitry)
- Added HEREDOC syntax with double quotes. (Lars Strojny, Felipe)
- Added support for using static HEREDOCs to initialize static variables and class members or constants. (Matt)
- Improved syntax highlighting and consistency for variables in double-quoted strings and literal text in HEREDOCs and backticks. (Matt)
- Added "?:" operator. (Marcus)
- Added support for namespaces. (Dmitry, Stas, Gregory, Marcus)
- Added support for Late Static Binding. (Dmitry, Etienne Kneuss)
- Added support for __callStatic() magic method. (Sara)
- Added forward_static_call(_array) to complete LSB. (Mike Lively)
- Added support for dynamic access of static members using $foo::myFunc(). (Etienne Kneuss)
- Improved checks for callbacks. (Marcus)
- Added __DIR__ constant. (Lars Strojny)
- Added new error modes E_USER_DEPRECATED and E_DEPRECATED. E_DEPRECATED is used to inform about stuff being scheduled for removal in future PHP versions. (Lars Strojny, Felipe, Marcus)
- Added "request_order" INI variable to control specifically $_REQUEST behavior. (Stas)
- Added support for exception linking. (Marcus)
- Added ability to handle exceptions in destructors. (Marcus)
Improved PHP runtime speed and memory usage:
- Substitute global-scope, persistent constants with their values at compile time. (Matt)
- Optimized ZEND_SIGNED_MULTIPLY_LONG(). (Matt)
- Removed direct executor recursion. (Dmitry)
- Use fastcall calling convention in executor on x86. (Dmitry)
- Use IS_CV for direct access to $this variable. (Dmitry)
- Use ZEND_FREE() opcode instead of ZEND_SWITCH_FREE(IS_TMP_VAR). (Dmitry)
- Lazy EG(active_symbol_table) initialization. (Dmitry)
- Optimized ZEND_RETURN opcode to not allocate and copy return value if it is not used. (Dmitry)
- Replaced all flex based scanners with re2c based scanners. (Marcus, Nuno, Scott)
- Added garbage collector. (David Wang, Dmitry).
- Improved PHP binary size and startup speed with GCC4 visibility control. (Nuno)
- Improved engine stack implementation for better performance and stability. (Dmitry)
- Improved memory usage by moving constants to read only memory. (Dmitry, Pierre)
- Changed exception handling. Now each op_array doesn't contain ZEND_HANDLE_EXCEPTION opcode in the end. (Dmitry)
- Optimized require_once() and include_once() by eliminating fopen(3) on second usage. (Dmitry)
- Optimized ZEND_FETCH_CLASS + ZEND_ADD_INTERFACE into single ZEND_ADD_INTERFACE opcode. (Dmitry)
- Optimized string searching for a single character. (Michal Dziemianko, Scott)
- Optimized interpolated strings to use one less opcode. (Matt)
Improved php.ini handling: (Jani)
- Added ".htaccess" style user-defined php.ini files support for CGI/FastCGI.
- Added support for special [PATH=/opt/httpd/www.example.com/] and [HOST=www.example.com] sections. Directives set in these sections can not be overridden by user-defined ini-files or during runtime.
- Added better error reporting for php.ini syntax errors.
- Allowed using full path to load modules using "extension" directive.
- Allowed "ini-variables" to be used almost everywhere ini php.ini files.
- Allowed using alphanumeric/variable indexes in "array" ini options.
- Added 3rd optional parameter to parse_ini_file() to specify the scanning mode of INI_SCANNER_NORMAL or INI_SCANNER_RAW. In raw mode option values and section values are treated as-is.
- Fixed get_cfg_var() to be able to return "array" ini options.
- Added optional parameter to ini_get_all() to only retrieve the current value. (Hannes)
Improved Windows support:
- Update all libraries to their latest stable version. (Pierre, Rob, Liz, Garrett).
- Added Windows support for stat(), touch(), filemtime(), filesize() and related functions. (Pierre)
- Re-added socket_create_pair() for Windows in sockets extension. (Kalle)
- Added inet_pton() and inet_ntop() also for Windows platforms. (Kalle, Pierre)
- Added mcrypt_create_iv() for Windows platforms. (Pierre)
- Added ACL Cache support on Windows. (Kanwaljeet Singla, Pierre, Venkat Raman Don)
- Added constants based on Windows' GetVersionEx information. PHP_WINDOWS_VERSION_* and PHP_WINDOWS_NT_*. (Pierre)
- Added support for ACL (is_writable, is_readable, reports now correct results) on Windows. (Pierre, Venkat Raman Don, Kanwaljeet Singla)
- Added support for fnmatch() on Windows. (Pierre)
- Added support for time_nanosleep() and time_sleep_until() on Windows. (Pierre)
- Added support for symlink(), readlink(), linkinfo() and link() on Windows. They are available only when the running platform supports them. (Pierre)
- the GMP extension now relies on MPIR instead of the GMP library. (Pierre)
- Added Windows support for stream_socket_pair(). (Kalle)
- Drop all external dependencies for the core features. (Pierre)
- Drastically improve the build procedure (Pierre, Kalle, Rob):
  - VC9 (Visual C++ 2008) or later support
  - Initial experimental x64 support
- MSI installer now supports all recent Windows versions, including Windows 7. (John, Kanwaljeet Singla)
Improved and cleaned CGI code:
- FastCGI is now always enabled and cannot be disabled. See sapi/cgi/CHANGES for more details. (Dmitry)
- Added CGI SAPI -T option which can be used to measure execution time of script repeated several times. (Dmitry)
Improved streams:
- Fixed confusing error message on failure when no errors are logged. (Greg)
- Added stream_supports_lock() function. (Benjamin Schulz)
- Added context parameter for copy() function. (Sara)
- Added "glob://" stream wrapper. (Marcus)
- Added "params" as optional parameter for stream_context_create(). (Sara)
- Added ability to use stream wrappers in include_path. (Gregory, Dmitry)
Improved DNS API
- Added Windows support for dns_check_record(), dns_get_mx(), checkdnsrr() and getmxrr(). (Pierre)
- Added support for old style DNS functions (supports OSX and FBSD). (Scott)
- Added a new "entries" array in dns_check_record() containing the TXT elements. (Felipe, Pierre)
Improved hash extension:
- Changed mhash to be a wrapper layer around the hash extension. (Scott)
- Added hash_copy() function. (Tony)
- Added sha224 hash algorithm to the hash extension. (Scott)
Improved IMAP support (Pierre):
- Added imap_gc() to clear the imap cache
- Added imap_utf8_to_mutf7() and imap_mutf7_to_utf8()
Improved mbstring extension:
- Added "mbstring.http_output_conv_mimetypes" INI directive that allows common non-text types such as "application/xhtml+xml" to be converted by mb_output_handler(). (Moriyoshi)
Improved OCI8 extension (Chris Jones/Oracle Corp.):
- Added Database Resident Connection Pooling (DRCP) and Fast Application Notification (FAN) support.
- Added support for Oracle External Authentication (not supported on Windows).
- Improve persistent connection handling of restarted DBs.
- Added SQLT_AFC (aka CHAR datatype) support to oci_bind_by_name.
- (Numeric keys for associative arrays are not handled properly)
- (Segmentation fault with query over DB link).
- Fixed define of SQLT_BDOUBLE and SQLT_BFLOAT constants with Oracle 10g ORACLE_HOME builds.
- Changed default value of oci8.default_prefetch from 10 to 100.
- (OCI8: oci_connect without ORACLE_HOME defined causes segfault) (Chris Jones/Oracle Corp.)
- (OCI8: sqlnet.ora isn't read with older Oracle libraries) (Chris Jones/Oracle Corp.)
- (Allow "pecl install oci8" command to "autodetect" an Instant Client RPM install) (Chris Jones/Oracle Corp.)
- (OCI8 ping functionality is broken).
- Allow building (e.g from PECL) the PHP 5.3-based OCI8 code with PHP 4.3.9 onwards.
- Provide separate extensions for Oracle 11g and 10g on Windows. (Pierre, Chris)
Improved OpenSSL extension:
- Added support for OpenSSL digest and cipher functions. (Dmitry)
- Added access to internal values of DSA, RSA and DH keys. (Dmitry)
- Fixed a memory leak on openssl_decrypt(). (Henrique)
- Fixed segfault caused by openssl_pkey_new(). (Henrique)
- Fixed bug caused by uninitilized variables in openssl_pkcs7_encrypt() and openssl_pkcs7_sign(). (Henrique)
- Fixed error message in openssl_seal(). (Henrique)
Improved pcntl extension: (Arnaud)
- Added pcntl_signal_dispatch().
- Added pcntl_sigprocmask().
- Added pcntl_sigwaitinfo().
- Added pcntl_sigtimedwait().
Improved SOAP extension:
- Added support for element names in context of XMLSchema's <any>. (Dmitry)
- Added ability to use Traversable objects instead of plain arrays. (Joshua Reese, Dmitry)
- Fixed possible crash bug caused by an uninitialized value. (Zdash Urf)
Improved SPL extension:
- Added SPL to list of standard extensions that cannot be disabled. (Marcus)
- Added ability to store associative information with objects in SplObjectStorage. (Marcus)
- Added ArrayAccess support to SplObjectStorage. (Marcus)
- Added SplDoublyLinkedList, SplStack, SplQueue classes. (Etienne)
- Added FilesystemIterator. (Marcus)
- Added GlobIterator. (Marcus)
- Added SplHeap, SplMinHeap, SplMaxHeap, SplPriorityQueue classes. (Etienne)
- Added new parameter $prepend to spl_autoload_register(). (Etienne)
- Added SplFixedArray. (Etienne, Tony)
- Added delaying exceptions in SPL's autoload mechanism. (Marcus)
- Added RecursiveTreeIterator. (Arnaud, Marcus)
- Added MultipleIterator. (Arnaud, Marcus, Johannes)
Improved Zend Engine:
- Added "compact" handler for Zend MM storage. (Dmitry)
- Added "+" and "*" specifiers to zend_parse_parameters(). (Andrei)
- Added concept of "delayed early binding" that allows opcode caches to perform class declaration (early and/or run-time binding) in exactly the same order as vanilla PHP. (Dmitry)
Improved crypt() function: (Pierre)
- Added Blowfish and extended DES support. (Using Blowfish implementation from Solar Designer).
- Made crypt features portable by providing our own implementations for crypt_r and the algorithms which are used when OS does not provide them. PHP implementations are always used for Windows builds.
Deprecated session_register(), session_unregister() and session_is_registered(). (Hannes)
Deprecated define_syslog_variables(). (Kalle)
Deprecated ereg extension. (Felipe)
Added new extensions:
- Added Enchant extension as a way to access spell checkers. (Pierre)
- Added fileinfo extension as replacement for mime_magic extension. (Derick)
- Added intl extension for Internationalization. (Ed B., Vladimir I., Dmitry L., Stanislav M., Vadim S., Kirti V.)
- Added mysqlnd extension as replacement for libmysql for ext/mysql, mysqli and PDO_mysql. (Andrey, Johannes, Ulf)
- Added phar extension for handling PHP Archives. (Greg, Marcus, Steph)
- Added SQLite3 extension. (Scott)
Added new date/time functionality: (Derick)
- date_parse_from_format(): Parse date/time strings according to a format.
- date_create_from_format()/DateTime::createFromFormat(): Create a date/time object by parsing a date/time string according to a given format.
- date_get_last_errors()/DateTime::getLastErrors(): Return a list of warnings and errors that were found while parsing a date/time string through:
  - strtotime() / new DateTime
  - date_create_from_format() / DateTime::createFromFormat()
  - date_parse_from_format().
- support for abbreviation and offset based timezone specifiers for the 'e' format specifier, DateTime::__construct(), DateTime::getTimeZone() and DateTimeZone::getName().
- support for selectively listing timezone identifiers by continent or country code through timezone_identifiers_list() / DateTimezone::listIdentifiers().
- timezone_location_get() / DateTimezone::getLocation() for retrieving location information from timezones.
- date_timestamp_set() / DateTime::setTimestamp() to set a Unix timestamp without invoking the date parser. (Scott, Derick)
- date_timestamp_get() / DateTime::getTimestamp() to retrieve the Unix timestamp belonging to a date object.
- two optional parameters to timezone_transitions_get() / DateTimeZone::getTranstions() to limit the range of transitions being returned.
- support for "first/last day of <month>" style texts.
- support for date/time strings returned by MS SQL.
- support for serialization and unserialization of DateTime objects.
- support for diffing date/times through date_diff() / DateTime::diff().
- support for adding/subtracting weekdays with strtotime() and DateTime::modify().
- DateInterval class to represent the difference between two date/times.
- support for parsing ISO intervals for use with DateInterval.
- date_add() / DateTime::add(), date_sub() / DateTime::sub() for applying an interval to an existing date/time.
- proper support for "this week", "previous week"/"last week" and "next week" phrases so that they actually mean the week and not a seven day period around the current day.
- support for "<xth> <weekday> of" and "last <weekday> of" phrases to be used with months - like in "last saturday of februari 2008".
- support for "back of <hour>" and "front of <hour>" phrases that are used in Scotland.
- DatePeriod class which supports iterating over a DateTime object applying DateInterval on each iteration, up to an end date or limited by maximum number of occurences.
Added compatibility mode in GD, imagerotate, image(filled)ellipse imagefilter, imageconvolution and imagecolormatch are now always enabled. (Pierre)
Added array_replace() and array_replace_recursive() functions. (Matt)
Added ReflectionProperty::setAccessible() method that allows non-public property's values to be read through ::getValue() and set through ::setValue(). (Derick, Sebastian)
Added msg_queue_exists() function to sysvmsg extension. (Benjamin Schulz)
Added Firebird specific attributes that can be set via PDO::setAttribute() to control formatting of date/timestamp columns: PDO::FB_ATTR_DATE_FORMAT, PDO::FB_ATTR_TIME_FORMAT and PDO::FB_ATTR_TIMESTAMP_FORMAT. (Lars W)
Added gmp_testbit() function. (Stas)
Added icon format support to getimagesize(). (Scott)
Added LDAP_OPT_NETWORK_TIMEOUT option for ldap_set_option() to allow setting network timeout (FR ). (Jani)
Added optional escape character parameter to fgetcsv(). (David Soria Parra)
Added an optional parameter to strstr() and stristr() for retrieval of either the part of haystack before or after first occurrence of needle. (Johannes, Felipe)
Added xsl->setProfiling() for profiling stylesheets. (Christian)
Added long-option feature to getopt() and made getopt() available also on win32 systems by adding a common getopt implementation into core. (David Soria Parra, Jani)
Added support for optional values, and = as separator, in getopt(). (Hannes)
Added lcfirst() function. (David C)
Added PREG_BAD_UTF8_OFFSET_ERROR constant. (Nuno)
Added native support for asinh(), acosh(), atanh(), log1p() and expm1(). (Kalle)
Added LIBXML_LOADED_VERSION constant (libxml2 version currently used). (Rob)
Added JSON_FORCE_OBJECT flag to json_encode(). (Scott, Richard Quadling)
Added timezone_version_get() to retrieve the version of the used timezone database. (Derick)
Added 'n' flag to fopen to allow passing O_NONBLOCK to the underlying open(2) system call. (Mikko)
Added "dechunk" filter which can decode HTTP responses with chunked transfer-encoding. HTTP streams use this filter automatically in case "Transfer-Encoding: chunked" header is present in response. It's possible to disable this behaviour using "http"=>array("auto_decode"=>0) in stream context. (Dmitry)
Added support for CP850 encoding in mbstring extension. (Denis Giffeler, Moriyoshi)
Added stream_cast() and stream_set_options() to user-space stream wrappers, allowing stream_select(), stream_set_blocking(), stream_set_timeout() and stream_set_write_buffer() to work with user-space stream wrappers. (Arnaud)
Added header_remove() function. (chsc at peytz dot dk, Arnaud)
Added stream_context_get_params() function. (Arnaud)
Added optional parameter "new" to sybase_connect(). (Timm)
Added parse_ini_string() function. (grange at lemonde dot fr, Arnaud)
Added str_getcsv() function. (Sara)
Added openssl_random_pseudo_bytes() function. (Scott)
Added ability to send user defined HTTP headers with SOAP request. (Brian J.France, Dmitry)
Added concatenation option to bz2.decompress stream filter. (Keisial at gmail dot com, Greg)
Added support for using compressed connections with PDO_mysql. (Johannes)
Added the ability for json_decode() to take a user specified depth. (Scott)
Added support for the mysql_stmt_next_result() function from libmysql. (Andrey)
Added function preg_filter() that does grep and replace in one go. (Marcus)
Added system independent realpath() implementation which caches intermediate directories in realpath-cache. (Dmitry)
Added optional clear_realpath_cache and filename parameters to clearstatcache(). (Jani, Arnaud)
Added litespeed SAPI module. (George Wang)
Added ext/hash support to ext/session's ID generator. (Sara)
Added quoted_printable_encode() function. (Tony)
Added stream_context_set_default() function. (Davey Shafik)
Added optional "is_xhtml" parameter to nl2br() which makes the function output <br> when false and <br /> when true (FR ). (Kalle)
Added PHP_MAXPATHLEN constant (maximum length of a path). (Pierre)
Added support for SSH via libssh2 in cURL. (Pierre)
Added support for gray levels PNG image with alpha in GD extension. (Pierre)
Added support for salsa hashing functions in HASH extension. (Scott)
Added DOMNode::getLineNo to get line number of parsed node. (Rob)
Added table info to PDO::getColumnMeta() with SQLite. (Martin Jansen, Scott)
Added mail logging functionality that allows logging of mail sent via mail() function. (Ilia)
Added json_last_error() to return any error information from json_decode(). (Scott)
Added gethostname() to return the current system host name. (Ilia)
Added shm_has_var() function. (Mike)
Added depth parameter to json_decode() to lower the nesting depth from the maximum if required. (Scott)
Added pixelation support in imagefilter(). (Takeshi Abe, Kalle)
Added SplObjectStorage::addAll/removeAll. (Etienne)
Implemented FR (curl progress callback: CURLOPT_PROGRESSFUNCTION). (sdteffen[at]gmail[dot].com, Pierre)
Implemented FR (Missing cURL option do disable IPv6). (Pierre)
Implemented FR (Missing cURL option CURLOPT_FTP_FILEMETHOD). (Pierre)
Fixed an issue with ReflectionProperty::setAccessible(). (Sebastian, Roman Borschel)
Fixed html_entity_decode() incorrectly converting numeric html entities to different characters with cp1251 and cp866. (Scott)
Fixed an issue in date() where a : was printed for the O modifier after a P modifier was used. (Derick)
Fixed exec() on Windows to not eat the first and last double quotes. (Scott)
Fixed readlink on Windows in thread safe SAPI (apache2.x etc.). (Pierre)
Fixed a bug causing miscalculations with the "last <weekday> of <n> month" relative time string. (Derick)
Fixed bug causing the algorithm parameter of mhash() to be modified. (Scott)
Fixed invalid calls to free when internal fileinfo magic file is used. (Scott)
Fixed memory leak inside wddx_add_vars() function. (Felipe)
Fixed check in recode extension to allow builing of recode and mysql extensions when using a recent libmysql. (Johannes)
(PDOStatement->nextRowset() doesn't work). (Johannes)
(Add support for ATTR_FETCH_TABLE_NAMES). (Johannes)
(ldap_read() segfaults with invalid parameters). (Felipe)
(String functions memory issue). (Dmitry)
(tmpfile() uses old parameter parsing). (crrodriguez at opensuse dot org)
(.user.ini never gets parsed). (Pierre)
(X-PHP-Originating-Script assumes no trailing CRLF in existing headers). (Ilia)
(Can't build 5.3 on FBSD 4.11). (Rasmus)
(file_exists returns false when impersonate is used). (Kanwaljeet Singla, Venkat Raman Don)
(spl_autoload_register() doesn't work correctly when prepending functions). (Scott)
(Calling a method with the same name as the parent class calls the constructor). (Scott)
(compile failure with mbstring.c when --enable-zend-multibyte is used). (Jani)
(Cannot execute a scrollable cursors twice with PDO_PGSQL). (Matteo)
(warning: value computed is not used in pdo_sqlite_stmt_get_col line 271). (Matteo)
(call_user_method() invalid free of arguments). (Felipe)
(pdo_pgsql - large objects are returned as empty). (Matteo)
(PHP crashes when script is 8192 (8KB) bytes long). (Dmitry)
(Error handler prevents creation of default object). (Dmitry)
(crashes in call_user_func_array()). (Dmitry)
(stristr() converts needle to lower-case). (Ilia)
(is_callable throws fatal error). (Dmitry)
(pcntl tests failing on NetBSD). (Matteo)
(Wrong value for SIG_UNBLOCK and SIG_SETMASK constants). (Matteo)
(Exception during object construction from arg call calls object's destructor). (Dmitry)
(include_once does not resolve windows symlinks or junctions) (Kanwaljeet Singla, Venkat Raman Don)
(rename JPG to JPEG in phpinfo). (Pierre)
(FILTER_VALIDATE_INT doesn't allow minimum integer). (Dmitry)
(autoloading classes inside exception_handler leads to crashes). (Dmitry)
(Cloning SplObjectStorage instances). (Etienne)
(get_class returns NULL instead of FALSE). (Dmitry)
(Support more than 127 subpatterns in preg_match). (Nuno)
(Bus error on parsing file). (Dmitry)
(Undefined constant causes segmentation fault). (Felipe)
(explode()'s limit parameter odd behaviour). (Matt)
(get_defined_constants() return array with broken array categories). (Ilia)
(Compilation failure in ps_fetch_from_1_to_8_bytes()). (Johannes)
(RecursiveDiteratoryIterator::getChildren ignoring CURRENT_AS_PATHNAME). (Etienne)
(metaphone('scratch') returns wrong result). (Felipe)
(mysql_fetch_field ignores zero offset). (Johannes)
(PDO_Firebird doesn't implements quoter correctly). (Felipe)
(odbc_fetch_into - BC in php 5.3.0). (Felipe)
(Use the expected unofficial mimetype for bmp files). (Scott)
(gc_collect_cycles causes a segfault when called within a destructor in one case). (Dmitry)
($php_errormsg out of scope in functions). (Dmitry)
(UMR when trying to activate user config). (Pierre)
(OCI8: Crash at shutdown on Windows) (Chris Jones/Oracle Corp.)
(offsetGet error using incorrect offset). (Etienne)
(preg_quote() should escape the '-' char). (Nuno)
(Possible memory corruption when passing return value by reference). (Dmitry)
(Second parameter of mssql_fetch_array()). (Felipe)
(rename() returns true even if the file in PHAR does not exist). (Greg)
(mysqli_poll() modifies improper variables). (Johannes)
(SplObjectStorage instances compared with ==). (Etienne)
(Memory leak in include). (Dmitry)
(Fix constants in DualIterator example). (Etienne)
(SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked"). (Dmitry)
(OCI8: CLOB size does not update when using CLOB IN OUT param in stored procedure) (Chris Jones/Oracle Corp.)
(use with non-compound name *has* effect). (Dmitry)
(The tokenizer returns deprecated values). (Felipe)
(UTF-8 characters outside the BMP aren't encoded correctly). (Scott)
(ob_flush() should fail to flush unerasable buffers). (David C.)
(Cloning DOMDocument doesn't clone the properties). (Rob)
(phpinfo() is missing some settings). (Hannes)
(php scripts or included files with first line starting with # have the 1st line missed from the output). (Ilia)
(tokenizer misses last single-line comment (PHP 5.3+, with re2c lexer)). (Matt, Shire)
(ini_set() doesn't return false on failure). (Hannes)
(mb_stristr() wrong output when needle does not exist). (Henrique M. Decaria)
(warning: use statement with non-compound name). (Dmitry)
(xmlrpc_decode_request outputs non-suppressable error when given bad data). (Ilia)
(Segfault when mb_detect_encoding() fails). (Scott)
(Missing validation for the options parameter of the imap_fetch_overview() function). (Ilia)
(cURL curl_setopt leaks memory in foreach loops). (magicaltux [at] php [dot] net)
(Creating associative array with long values in the key fails on 32bit linux). (Shire)
(mkdir() fails silently on PHP 5.3). (Hannes)
(can't extend mysqli). (Johannes)
(Restrict serialization on some internal classes like Closure and SplFileInfo using exceptions). (Etienne)
(OCI8: phpinfo doesn't show compile time ORACLE_HOME with phpize) (Chris Jones/Oracle Corp.)
(strip_tags() does not honor end-of-comment when it encounters a single quote). (Felipe)
(Segmentation fault when using declare statement with non-string value). (Felipe)
(Extending PDO class with a __call() function doesn't work as expected). (Johannes)
(SplFileInfo not correctly handling /). (Etienne)
(parse_ini_file() doesn't support * in keys). (Nuno)
(DateTime::modify() does not reset relative time values). (Derick)
(stacked error handlers, internal error handling in general). (Etienne)
(Segmentation fault on static call with empty string method). (Felipe)
(ArrayObject with objects as storage serialization). (Etienne)
(importNode changes the namespace of an XML element). (Rob)
(memory leak in ext/phar). (Greg)
(SPL - Memory leak when exception is thrown in offsetSet). (Felipe)
(after stream seek, appending stream filter reads incorrect data). (Greg)
(php_openssl_tcp_sockop_accept forgets to set context on accepted stream) (Mark Karpeles, Pierre)
(Memory leak when calling a method using Reflection). (Dmitry)
(XMLWriter - openmemory() and openuri() leak memory on multiple calls). (Ilia)
(DateTime - Memory leak when unserializing). (Felipe)
(Memory leaks when using global statement). (Dmitry)
(Xsltprocessor::setProfiling - memory leak). (Felipe, Rob).
(DOMXPath - segfault on destruction of a cloned object). (Ilia)
(SimpleXML top-level @attributes not part of iterator). (David C.)
(Mysqli - wrong error message). (Johannes)
(memory leaks with reflection of mb_convert_encoding()). (Ilia)
(ArrayObject iteration is slow). (Arnaud)
(Direct instantiation of SQLite3stmt and SQLite3result cause a segfault.) (Scott)
(Ini files with the UTF-8 BOM are treated as invalid). (Scott)
(json_decode() doesn't return NULL on certain invalid strings). (magicaltux, Scott)
(Moved SXE from SPL to SimpleXML). (Etienne)
(large scripts from stdin are stripped at 16K border). (Christian Schneider, Arnaud)
(Cannot disable ext/hash). (Arnaud)
(undefined reference to 'PHP_SHA512Init'). (Greg)
(custom ArrayObject serialization). (Etienne)
(Allow empty keys in ArrayObject). (Etienne)
(json_decode() doesn't convert 0e0 to a double). (Scott)
(FastCGI process exited unexpectedly). (Dmitry)
(FreeBSD4.11 build failure: failed include; stdint.h). (Hannes)
(property_exists fails to find static protected member in child class). (Felipe)
(Fileinfo/libmagic build fails, missing err.h and getopt.h). (Derick)
(Unserialization of classes derived from ArrayIterator fails). (Etienne, Dmitry)
(Not all DateTime methods allow method chaining). (Derick)
(Unable to var_dump(DateInterval)). (Derick)
(Filesystem time functions on Vista and server 2008). (Pierre)
(PDO: persistent connection leak). (Felipe)
(ob_start()/ob_end_clean() and memory_limit). (Ilia)
(parse_ini_file will result in parse error with no trailing newline). (Arnaud)
(timeout bug in stream_socket_enable_crypto). (vnegrier at optilian dot com, Ilia)
(relative paths not resolved correctly). (Dmitry)
(scrollable cursor don't work with pgsql). (Matteo)
(parse_ini_file keys that start/end with underscore). (Arnaud)
(parse_ini_file comment # line problems). (Arnaud)
(PDO::FETCH_SERIALIZE calls __construct()). (Matteo)
(PDO->query() parameter parsing/checking needs an update). (Matteo)
(pdo->errorInfo() always have three elements in the returned array). (David C.)
(pdo->errorCode() returns NULL when there are no errors). (David C.)
(PDO MySQL does not support CLIENT_FOUND_ROWS). (Johannes, chx1975 at gmail dot com)
(Inconsistent handling of static array declarations with duplicate keys). (Dmitry)
($this gets mangled when extending PDO with persistent connection). (Felipe)
(opendir() fails on Windows directories with parent directory unaccessible). (Dmitry)
(SoapClient causes 505 HTTP Version not supported error message). (Dmitry)
(php://filter uris ignore url encoded filternames and can't handle slashes). (Arnaud)
(HTTP status codes 204 and 304 should not be gzipped). (Scott, Edward Z. Yang)
(separate STDOUT and STDERR in exec functions). (Kanwaljeet Singla, Venkat Raman Don, Pierre)
(SoapClient over HTTPS fails to reestablish connection). (Dmitry)
(max_redirects and ignore_errors). (patch by datibbaw@php.net)
(touch() works on files but not on directories). (Pierre)

Version 5.2.12

17-Dec-2009

Security Fixes
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (Rasmus)
- Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia)
- Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (Stas)
- (insufficient input string validation of htmlspecialchars()). (Moriyoshi, hello at iwamot dot com)
Updated timezone database to version 2009.19 (2009s). (Derick)
Added LIBXML_PARSEHUGE constant to overrides the maximum text size of a single text node when using libxml2.7.3+. (Kalle)
Changed "post_max_size" php.ini directive to allow unlimited post size by setting it to 0. (Rasmus)
Fixed error_log() to be binary safe when using message_type 3. (Jani)
Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)
Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe)
Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
(PDO-ODBC stored procedure call from Solaris 64-bit causes seg fault). (davbrown4 at yahoo dot com, Felipe)
(nanosleep not detected properly on some solaris versions). (Jani)
(Allow use of ; in values via ;; in PDO DSN). (Ilia, Pierrick)
(xmlrpc does not preserve keys in encoded indexed arrays). (Felipe)
(xmlrpc_encode_request() changes object into array in calling function). (Felipe)
(conflicting types for llabs). (Jani)
(isset() and empty() silently casts array to object). (Felipe)
(soap call Segmentation fault on a redirected url). (Pierrick)
(Compiling with libedit cannot find readline.h). (tcallawa at redhat dot com)
(segmentation fault when concatenating very large strings on 64bit linux). (Ilia)
(pg_copy_to() fails when table name contains schema. (Ilia)
(ldap_get_entries() return false instead of an empty array when there is no error). (Jani)
(Incorrectly matched docComment). (Felipe)
(FastCGI fails with wrong error on HEAD request to non-existent file). (Dmitry)
(Memory leak when fetching timestamp column from Oracle database). (Felipe)
(FILTER_VALIDATE_EMAIL fails with valid addresses containing = or ?). (Pierrick)
(parse_url() incorrect when ? in fragment). (Ilia)
(Segfault caused by uksort()). (Felipe)
(Throwing through Reflection modified Exception object makes segmentation fault). (Felipe)
(SNMP3 warning message about security level printed twice). (Jani)
(pdo_pgsql prepare() re-use previous aborted transaction). (ben dot pineau at gmail dot com, Ilia, Matteo)
(AppendIterator undefined function crash). (Johannes)
(Curl post upload functions changed). (Ilia)
(import_request_variables() always returns NULL). (Ilia, sjoerd at php dot net)
(exec() fails to return data inside 2nd parameter, given output lines >4095 bytes). (Ilia)
(time_sleep_until() is not available on OpenSolaris). (Jani)
(long2ip() can return wrong value in a multi-threaded applications). (Ilia, Florian Anderiasch)
(calling mcrypt() after mcrypt_generic_deinit() crashes). (Sriram Natarajan)
(ReflectionClass::hasProperty returns true for a private property in base class). (Felipe)
(Unexpected change in strnatcasecmp()). (Rasmus)
(ini parser crashes with apache2 and using ${something} ini variables). (Jani)
(libxml 2.7.3+ limits text nodes to 10MB). (Felipe)
(DOMUserData does not exist). (Rob)
(imap_listscan() function missing). (Felipe)
(error_log to specified file does not log time according to date.timezone). (Dmitry)
(make install-pear fails). (Hannes)
(mb_detect_encoding() returns incorrect results when mbstring.strict_mode is turned on). (Moriyoshi)
(CURLOPT_INFILESIZE sometimes causes warning "CURLPROTO_FILE cannot be set"). (Felipe)
(UTF-16 strings prefixed by BOMs wrongly converted). (Moriyoshi)
(PDO fetchObject sets values before calling constructor). (Pierrick)
(cURL's CURLOPT_FILE prevents file from being deleted after fclose()). (Ilia)
(Constants defined in Interfaces can be overridden). (Felipe)
(mb_strcut() cuts wrong length when offset is in the middle of a multibyte character). (Moriyoshi)
(Build error with Snow Leopard). (Scott)
(Floating point NaN cause garbage characters). (Sjoerd)
(crash when extending PDOStatement and trying to set queryString property). (Felipe)
(mysqli segfault on error). (Rasmus)
(IPv6 socket transport is not working). (Ilia)
(PDO_pgsql::query() always uses implicit prepared statements if v3 proto available). (Matteo, Mark Kirkwood)
(importNode doesn't preserve attribute namespaces). (Rob)
(PDOStatement->execute() returns true then false for same statement). (Pierrick)
(Failure in odbc_exec() using oracle-supplied odbc driver). (tim dot tassonis at trivadis dot com)

Version 5.2.11

16-Sep-2009

Security Fixes
- Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
- Added missing sanity checks around exif processing. (Ilia)
- Fixed sanity check for the color index in imagecolortransparent. (Pierre)
- (popen crashes when an invalid mode is passed). (Pierre)
Updated timezone database to version 2009.13 (2009m) (Derick)
Fixed zlib.deflate compress filter to actually accept level parameter. (Jani)
Fixed leak on error in popen/exec (and related functions) on Windows. (Pierre)
Fixed regression in cURL extension that prevented flush of data to output defined as a file handle. (Ilia)
Fixed memory leak in stream_is_local(). (Felipe, Tony)
(FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia)
(php engine needs to correctly check for socket API return status on windows). (Sriram Natarajan)
(segfault in php_curl_option_curl). (Pierre)
(wordwrap() wraps incorrectly on end of line boundaries). (Ilia, code-it at mail dot ru)
(bcmath module doesn't compile with phpize configure). (Jani)
(php://input (php_stream_input_read) is broken). (Jani)
(Ternary operator fails on Iterator object when used inside foreach declaration). (Etienne, Dmitry)
(Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani)
(Import of schema from different host transmits original authentication details). (Dmitry)
(posix_times returns false without error). (phpbugs at gunnu dot us)
(Error in dba_exists C code). (jdornan at stanford dot edu)
(proc_get_status['exitcode'] fails on win32). (Felipe)
(private class static fields can be modified by using reflection). (Jani)
(feof never returns true for damaged file in zip). (Pierre)
(context option headers freed too early when using --with-curlwrappers). (Jani)
(SplFileObject::fscanf() variables passed by reference). (Jani)
(proc_open() can bypass safe_mode_protected_env_vars restrictions). (Ilia)
(PHP CLI in Interactive mode (php -a) crashes when including files from function). (Stas)
(zlib.output_compression does not output HTTP headers when set to a string value). (Jani)
(Crash when compiling with pdo_firebird). (Felipe)
(cURL does not upload files with specified filename). (Ilia)
(Double \r\n after HTTP headers when "header" context option is an array). (David Zülke)
(Too long error code strings in pdo_odbc driver). (naf at altlinux dot ru, Felipe)
(printf() returns incorrect outputted length). (Jani)
(Problem with imagettfbbox). (Takeshi Abe)
(RecursiveDirectoryIterator doesn't descend into symlinked directories). (Ilia)
(SIGSEGVs when using curl_copy_handle()). (Sriram Natarajan)
(ZipArchive produces corrupt archive). (dani dot church at gmail dot com, Pierre)
(IPv6 address filter still rejects valid address). (Felipe)
(CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on files that have been opened with r+). (Ilia)
(TTF Bounding box wrong for letters below baseline). (Takeshi Abe)
(FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia)
(metaphone and 'wh'). (brettz9 at yahoo dot com, Felipe)
(mb_internal_encoding() value gets reset by parse_str()). (Moriyoshi)
(ldap_read() segfaults with invalid parameters). (Felipe)
(Double declaration of __lambda_func when lambda wrongly formatted). (peter at lvp-media dot com, Felipe)
(phpize is broken with non-bash shells). (Jani)
(mb_convert_encoding() doesn't understand hexadecimal html-entities). (Moriyoshi)
("file" fopen wrapper is overwritten when using --with-curlwrappers). (Jani)
(Error compiling of ext/date on netware). (guenter at php.net, Ilia)
(get_defined_constants() ignores categorize parameter). (Felipe)
(imap_search ALL segfaults). (Pierre)
(Invalid libreadline version not detected during configure). (Jani)
(ImageFTBBox() differs from previous versions for texts with new lines) (Takeshi Abe)
(pdo_dblib fails to connect, throws empty PDOException "SQLSTATE[] (null)"). (Felipe)
(sys_get_temp_dir() possibly inconsistent when using TMPDIR). (Ilia)
(Compile failure under IRIX 6.5.30 building gd.c). (Kalle)
(imap crashes when closing stream opened with OP_PROTOTYPE flag). (Jani)
(hash "adler32" byte order is reversed). (Scott)
(date("Y") on big endian machines produces the wrong result). (Scott)
(Infinite loop and possible crash during startup with errors when errors are logged). (Jani)
(ssl handshake fails during asynchronous socket connection). (Sriram Natarajan)
(Fixed build with Openssl 1.0). (Pierre, Al dot Smith at aeschi dot ch dot eu dot org)
(pdo_pgsql - large objects are returned as empty). (Matteo)
(Only the date fields of the first row are fetched, others are empty). (info at programmiernutte dot net)
(natcasesort() does not sort extended ASCII characters correctly). (Herman Radtke)
(Memory leak in DateTime). (Derick, Tobias John)
(Encoding bug in SoapServer->fault). (Dmitry)
(with Sun Java System Web Server 7.0 on HPUX, #define HPUX). (Uwe Schindler)
(imagefilledrectangle() clipping error). (markril at hotmail dot com, Pierre)
(Reflection of instantiated COM classes causes PHP to crash) (Paul Richards, Kalle)
(setcookie will output expires years of >4 digits). (Ilia)
(spl_autoload_functions() should return object instance when appropriate). (Hannes, Etienne)
(stream_get_meta_data() does not return same mode as used in fopen). (Jani)
(ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot com, Kalle)
(Sent incorrect RCPT TO commands to SMTP server) (Garrett)

Version 5.2.10

18-Jun-2009

Security Fixes
- (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
Updated timezone database to version 2009.9 (2009i) (Derick)
Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara)
Added new CURL options CURLOPT_REDIR_PROTOCOLS, CURLOPT_PROTOCOLS, and CURLPROTO_* for redirect fixes in CURL 7.19.4. (Yoram Bar Haim, Stas)
Added support for Sun CC (FR and FR ). (David Soria Parra)
Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)
Fixed memory corruptions while reading properties of zip files. (Ilia)
Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
Fixed segfault on invalid session.save_path. (Hannes)
Fixed leaks in imap when a mail_criteria is used. (Pierre)
Fixed missing erealloc() in fix for bug in spl_autoload_register. (Greg)
(Reference recursion causes segfault when used in wddx_serialize_vars()). (Felipe)
(Numeric string keys in Apache Hashmaps are not cast to integers). (David Zuelke)
(curl crashes when writing into invalid file handle). (Tony)
(cURL extension uses same resource name for simple and multi APIs). (Felipe)
(ldap_get_entries() leaks memory on empty search results). (Patrick)
(CPPFLAGS not restored properly in phpize.m4). (Jani, spisek at kerio dot com)
(Compile failure under IRIX 6.5.30 building cast.c). (Kalle)
(ldap_search() sizelimit, timelimit and deref options persist). (Patrick)
(Improve memory_get_usage() accuracy). (Arnaud)
(Force a cache limit in ereg() to stop excessive memory usage). (Scott)
(Crash when exception is thrown while passing function arguments). (Arnaud)
(exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
(Script hangs on snmprealwalk if OID is not increasing). (Ilia, simonov at gmail dot com)
(ReflectionProperty::getDeclaringClass() does not work with redeclared property). (patch by Markus dot Lidel at shadowconnect dot com)
(constant MSG_DONTWAIT not defined). (Arnaud)
(fgetcsv() does not return null for empty rows). (Ilia)
(stream_copy_to_stream() and fpasstru() do not update stream position of plain files). (Arnaud)
(stream_copy_to_stream() copies 0 bytes when $source is a socket). (Arnaud)
(snmp*_real_walk() returns SNMP errors as values). (Ilia, lytboris at gmail dot com)
(Crash due to double-linking of history.o). (tstarling at wikimedia dot org)
(SIGSEGV when access to private property via &__get). (Felipe)
(Crash on errors during startup). (Stas)
(DBA Segmentation fault dba_nextkey). (Felipe)
(Incorrect shuffle in array_rand). (Etienne)
(memory leak when passing invalid xslt parameter). (Felipe)
(CURLOPT_(FILE|WRITEHEADER options do not error out when working with a non-writable stream). (Ilia)
(Iterating over an invalid data structure with RecursiveIteratorIterator leads to a segfault). (Scott)
(xmlwriter_open_uri() does not emit warnings on invalid paths). (Ilia)
(Crash when CURLOPT_STDERR is set to regular file). (Jani)
(Out of Memory error message when passing invalid file path) (Pierre)
(Added support for lcov v1.7). (Ilia)
(configure check for curl ssl support fails with --disable-rpath). (Jani)
(Don't try to bind ipv4 addresses to ipv6 ips via bindto). (Ilia)
(PDO_OCI: Segfault when using persistent connection). (Pierre, Matteo, jarismar dot php at gmail dot com)
(Year formatter goes wrong with out-of-int range). (Derick)
(odbc_execute changes variables used to form params array). (Felipe)
(stream_copy_to_stream returns 1 on empty streams). (Arnaud)
(SSL streams fail if error stack contains items). (Mikko)
(error handler not called regardless). (Hannes)
(ezmlm_hash() returns different values depend on OS). (Ilia)
(ImageConvolution overwrites background). (Ilia)
(memory leaks in imap_body). (Pierre, Jake Levitt)
(system() calls sapi_flush() regardless of output buffering). (Ilia)
("@" operator does not work with string offsets). (Felipe)
(CLI aborts on non blocking stdout). (Arnaud)
(Non-deep import loses the namespace). (Rob)
(PDO_Firebird omits first row from query). (Lars W)
(array operator [] inconsistency when the array has PHP_INT_MAX index value). (Matt)
(Compile warning for strnlen() in main/spprintf.c). (Ilia, rainer dot jung at kippdata dot de)
(openssl_x509_parse() segfaults when a UTF-8 conversion fails). (Scott, Kees Cook, Pierre)
(Segfault due to bound callback param). (Felipe)
(__call() accessed via parent:: operator is provided incorrect method name). (Felipe)
(Strange extends PDO). (Felipe)
(FILTER_VALIDATE_INT doesn't allow minimum integer). (Dmitry)
(Alignment issues in mbstring and sysvshm extension) (crrodriguez at opensuse dot org, Ilia)
(PHP crashes on some "bad" operations with string offsets). (Dmitry)
(build error when xmlrpc and iconv are compiled against different iconv versions). (Scott)
(ZipArchive::OVERWRITE seems to have no effect). (Mikko, Pierre)
(Valid integers are truncated with json_decode()). (Scott)
(pg_copy_from() WARNING: nonstandard use of \\ in a string literal). (Ilia)
(curl keeps crashing). (Felipe)
(FILTER_VALIDATE_EMAIL is locale aware). (Ilia)
(pcntl_wexitstatus() returns signed status). (patch by james at jamesreno dot com)
(unpacking unsigned long 32bit bit endian returns wrong result). (Ilia)
(performance degraded when reading large chunks after fix of bug ). (Arnaud)
(enable cli|cgi-only extensions for embed sapi). (Jani)
(FILTER_FLAG_NO_PRIV_RANGE does not work with ipv6 addresses in the filter extension). (Ilia)
(Errors after writing to nodeValue parameter of an absent previousSibling). (Rob)
(ip2long() may allow some invalid values on certain 64bit systems). (Ilia)
(Wrong Reflection for extends class). (Felipe)
(cgi sapi is incorrectly removing SCRIPT_FILENAME). (Sriram Natarajan, David Soria Parra)
(Serialize / Unserialize misbehaviour under OS with different bit numbers). (Matt)
(get_class_vars() does not include visible private variable looking at subclass). (Arnaud)
(Digest authentication with SOAP module fails against MSSQL SOAP services). (Ilia, lordelph at gmail dot com)
(Memory leak when mysqli::init() is called multiple times). (Andrey)
(safe_mode bypass with exec/system/passthru (windows only)). (Pierre)
(Array key '2147483647' left as string). (Matt)
(Near infinite-loops while parsing huge relative offsets). (Derick, Mike Sullivan)
(imagepng() crashes on empty image). (Martin McNickle, Takeshi Abe)
(isset($arrayObject->p) misbehaves with ArrayObject:: ARRAY_AS_PROPS set). (robin_fernandes at uk dot ibm dot com, Arnaud)
(ArrayIterator::current(), ::key() can show 1st private prop of wrapped object). (robin_fernandes at uk dot ibm dot com, Arnaud)
(stream_context_create creates bad http request). (Arnaud)
(zlib.output_compression can not be set with ini_set()). (Jani)
(error_log ignores date.timezone php.ini val when setting logging timestamps). (Derick)
(header HTTP context option not being used when compiled using --with-curlwrappers). (Jani)
(xmlrpc_decode() ignores time zone on iso8601.datetime). (Ilia, kawai at apache dot org)
(define() is missing error checks for class constants). (Ilia)
(Crash using preg_replace_callback() and global variables). (Nuno, Scott)
(TrueType bounding box is wrong for angle<>0). (Martin McNickle)
(gzinflate() try to allocate all memory with truncated data). (Arnaud)
(some odbc_*() functions incompatible with Oracle ODBC driver). (jhml at gmx dot net)
(HTTP status codes 204 and 304 should not be gzipped). (Scott, Edward Z. Yang)
(The constant NAN is reported as 0 on Windows) (Kanwaljeet Singla, Venkat Raman Don)
(PDO truncates text from SQL Server text data type field). (Steph)

Version 5.2.9

26-Feb-2009

Security Fixes
- Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott)
- Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)
- Fixed explode() behavior with empty string to respect negative limit. (Shire)
- Fixed a segfault when malformed string is passed to json_decode(). (Scott)
- Fixed bug in xml_error_string() which resulted in messages being off by one. (Scott)
Changed __call() to be invoked on private/protected method access, similar to properties and __get(). (Andrei)
Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei)
Fixed zip filename property read. (Pierre)
Fixed error conditions handling in stream_filter_append(). (Arnaud)
(modulus operator returns incorrect results on 64 bit linux). (Matt)
(mb_check_encoding() returns true for some illegal SJIS characters). (for-bugs at hnw dot jp, Moriyoshi)
(crash when creating a lot of objects in object destructor). (Tony)
(sscanf %d doesn't work). (Felipe)
(FILTER_VALIDATE_EMAIL is marking valid email addresses as invalid). (Ilia)
(segfault in dom_document_parser in recovery mode). (Rob)
(content-type is not set properly for file uploads). (Ilia)
(base64_decode() interprets pad char in mid string as terminator). (Ilia)
(Possible memory corruption when passing return value by reference). (Dmitry)
(gzseek/fseek using SEEK_END produces strange results). (Felipe)
(SOAP Extension ignores "user_agent" ini setting). (Ilia)
(Memory leak on $a->{"a"."b"} when $a is not an object). (Etienne, Dmitry)
(Linking shared extensions fails with icc). (Jani)
(SoapClient::__soapCall causes a segmentation fault). (Dmitry)
(Segfault with new pg_meta_data). (Felipe)
(PHP cgi sapi is removing SCRIPT_FILENAME for non apache). (Sriram Natarajan)
(No error when using fopen with empty string). (Cristian Rodriguez R., Felipe)
(dns_get_record returns a garbage byte at the end of a TXT record). (Felipe)
(var_export doesn't show numeric indices on ArrayObject). (Derick)
(OVERWRITE and binary mode does not work, regression introduced in 5.2.8). (Pierre)
(IPv6 address filter rejects valid address). (Felipe)
(Fixed pdo_mysql build with older version of MySQL). (Ilia)
(Unable to disable PCRE). (Scott)
(imap_rfc822_parse_adrlist host part not filled in correctly). (Felipe)
(Memory leak in strtotime()). (Derick)
(Invalid calls to php_error_docref()). (oeriksson at mandriva dot com, Ilia)
(extract($foo) crashes if $foo['foo'] exists). (Arnaud)
(CP936 euro symbol is not converted properly). (ty_c at cybozuy dot co dot jp, Moriyoshi)
(Crash in mssql extension when retrieving a NULL value inside a binary or image column type). (Ilia)
(fastcgi.c parse error). (Matt)
(SoapClient doRequest fails when proxy is used). (Felipe)
(Segfault when an SSL error has more than one error). (Scott)
(array returned by curl_getinfo should contain content_type key). (Mikko)
(xml_parse crash when parser is namespace aware). (Rob)
(Elements of associative arrays with NULL value are lost). (Dmitry)
(Corrupt DBF When Using DATE). (arne at bukkie dot nl)
(bz2.decompress/zlib.inflate filter tries to decompress after end of stream). (Greg)
(User not consistently logged under Apache2). (admorten at umich dot edu, Stas)
(libxml2 2.7 causes breakage with character data in xml_parse()). (Rob)
(MySQLI OO does not populate connect_error property on failed connect). (Johannes)
(mb_st[r]ripos() offset not handled correctly). (Moriyoshi)
(memory leak if offsetGet throws exception). (Greg)
(Encoding detector hangs with mbstring.strict_detection enabled). (Moriyoshi)
(Reusing a curl handle leaks memory). (Mark Karpeles, Jani)
(Improve pcre UTF-8 string matching performance). (frode at coretrek dot com, Nuno)
(mb_strrpos() offset is byte count for negative values). (Moriyoshi)
(mssql_execute with non fatal errors). (Kalle)
(Session cookie expires date format isn't the most compatible. Now matches that of setcookie()). (Scott)

Version 5.2.8

08-Dec-2008

Reverted bug fix that broke magic_quotes_gpc (Scott)

Version 5.2.7

04-Dec-2008

Security Fixes
- Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371) (Ilia)
- Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz. (Stas)
- Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz. (Stas)
- Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). (Pierre)
- Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). (Laurent Gaffie)
- Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666. (Christian Hoffmann)
- (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660) (Dmitry)
- (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829) (Dmitry)
Updated timezone database to version 2008.9. (Derick)
Upgraded bundled libzip to 0.9.0. (Pierre)
Added logging option for error_log to send directly to SAPI. (Stas)
Added PHP_MAJOR_VERSION, PHP_MINOR_VERSION, PHP_RELEASE_VERSION,PHP_EXTRA_VERSION, PHP_VERSION_ID, PHP_ZTS and PHP_DEBUG constants. (Pierre)
Added "PHP_INI_SCAN_DIR" environment variable which can be used to either disable or change the compile time ini scan directory (FR ). (Jani)
Fixed memory leak inside sqlite_create_aggregate(). (Felipe)
Fixed memory leak inside PDO sqlite's sqliteCreateAggregate() method. (Felipe)
Fixed memory leak inside readline_callback_handler_remove() function. (Felipe)
Fixed sybase_fetch_*() to continue reading after CS_ROW_FAIL status (Timm)
Fixed a bug inside dba_replace() that could cause file truncation with invalid keys. (Ilia)
Fixed memory leak inside readline_callback_handler_install() function. (Ilia)
Fixed memory leak inside readline_completion_function() function. (Felipe)
Fixed stream_get_contents() when using $maxlength and socket is not closed. indeyets [at] php [dot] net on . (Arnaud)
Fixed stream_get_line() to behave as documented on non-blocking streams. (Arnaud)
Fixed endless loop in PDOStatement::debugDumpParams().(jonah.harris at gmail dot com)
Fixed ability to use "internal" heaps in extensions. (Arnaud, Dmitry)
Fixed weekdays adding/subtracting algorithm. (Derick)
Fixed some ambiguities in the date parser. (Derick)
Fixed a bug with the YYYY-MM format not resetting the day correctly. (Derick)
Fixed a bug in the DateTime->modify() methods, it would not use the advanced relative time strings. (Derick)
Fixed extraction of zip files or directories when the entry name is a relative path. (Pierre)
Fixed read or write errors for large zip archives. (Pierre)
Fixed simplexml asXML() not to lose encoding when dumping entire document to file. (Ilia)
Fixed a crash inside PDO when trying instantiate PDORow manually. (Felipe)
Fixed build failure of ext/mysqli with libmysql 6.0 - missing rpl functions. (Andrey)
Fixed a regression when using strip_tags() and < is within an attribute. (Scott)
Fixed a crash on invalid method in ReflectionParameter constructor. (Christian Seiler)
Reverted fix for bug due to behaviour change in minor version. (Felipe)
(mktime.year description is wrong). (Derick)
(cURL fails in upload files with specified content-type). (Ilia)
(stream_lock call with wrong parameter). (Arnaud)
(Setting array element with that same array produces inconsistent results). (Arnaud)
(mb_convert_case does not handle apostrophe correctly). (Ilia)
(ibase_trans() memory leaks when using wrong parameters). (Felipe)
(Curl ZTS OpenSSL, error in config.m4 fragment). (jd at cpanel dot net)
(wddx_serialize treats input as ISO-8859-1). (Mark Karpeles)
(SoapClient() stumbles over its "stream_context" parameter). (Dmitry, Herman Radtke)
(offset parameter of stream_get_contents() does not workfor "0"). (Felipe)
(Unregistering nodeclass throws E_FATAL). (Rob)
(NetWare needs small patch for _timezone). (patch by guenter@php.net)
(stream_notification_callback inside of object destroys object variables). (Felipe)
(wrong $this passed to internal methods causes segfault). (Tony)
(Infinite loop when parsing '#' in one line file). (Arnaud)
(bad cwd with / as pathinfo). (Dmitry)
(TCP_NODELAY constant for socket_{get,set}_option). (bugs at trick dot vanstaveren dot us)
(IPv6 address filter accepts invalid address). (Ilia)
(DOMText::splitText doesn't handle multibyte characters). (Rob)
(compilation of simplexml for NetWare breaks). (Patch by guenter@php.net)
(PHP sets default Content-Type header for HTTP 304 response code, in cgi sapi). (Ilia)
(Magic quotes broke $_FILES). (Arnaud)
(Invalid write when changing property from inside getter). (Dmitry)
(PDO::setFetchMode() shouldn't requires the 2nd arg when using FETCH_CLASSTYPE). (Felipe)
Fixed bugs , (pdo_pgsql always fill in NULL for empty BLOB and segfaults when returned by SELECT). (Felipe)
(local_cert option is not resolved to full path). (Ilia)
(ibase_set_event_handler() is allowing to pass callback without event). (Felipe)
(difference between call_user_func(array($this, $method))and $this->$method()). (Dmitry)
(ArrayObject EG(uninitialized_var_ptr) overwrite). (Etienne)
(json_encode mutates its parameter and has some class-specific state). (Felipe)
(pg_query_params/pg_execute convert passed values to strings). (Ilia)
(BC break: DOMDocument saveXML() doesn't accept null). (Rob)
(stream_filter_remove() closes the stream). (Arnaud)
(PDOStatement::fetchObject prototype error). (Felipe)
(after stream seek, appending stream filter reads incorrect data). (Greg)
(PDOStatement->setFetchMode() forgets FETCH_PROPS_LATE). (chsc at peytz dot dk, Felipe)
(php_openssl_tcp_sockop_accept forgets to set context on accepted stream). (Mark Karpeles, Pierre)
(XMLWriter - openmemory() and openuri() leak memory on multiple calls). (Ilia)
(RegexIterator::accept - segfault). (Felipe)
(stream_set_blocking() can cause a crash in some circumstances). (Felipe)
(Exception when creating ReflectionProperty object on dynamicly created property). (Felipe)
(Compile failure under IRIX 6.5.30 building posix.c). (Arnaud)
(SplFileObject::seek - Endless loop). (Arnaud)
(SplFileInfo::openFile - memory overlap). (Arnaud)
(SimpleXML converts empty nodes into object with nested array). (Rob)
(Segfault in AppendIterator::next). (Arnaud)
(Segfault in DOMText when using with Reflection). (Rob)
(bzip2.decompress/zlib.inflate filter tries to decompress after end of stream). (Keisial at gmail dot com, Greg)
(stream_select() doesn't return the correct number).(Arnaud)
(warnings incorrectly generated for iv in ecb mode). (Felipe)
(isset on nonexisting node return unexpected results). (Rob)
(parse_ini_file() does not return false with syntax errors in parsed file). (Jani)
(wddx_serialize_value crash with SimpleXMLElement object).(Rob)
(get_class_vars is inconsistent with 'protected' and 'private' variables). (ilewis at uk dot ibm dot com, Felipe)
(header() function fails to correctly replace all Status lines). (Dmitry)
(Crash on throwing exception from error handler). (Dmitry)
(ReflectionObject with default parameters of self::xxx cause an error). (Felipe)
(Using auto_prepend_file crashes (out of scope stack address use)). (basant dot kukreja at sun dot com)
(mb_check_encoding() crashes). (Moriyoshi)
(rfc822_parse_adrlist() modifies passed address parameter). (Jani)
(Some per-dir or runtime settings may leak into other requests). (Moriyoshi)
(htmlspecialchars() double encoding &#x hex items). (Arnaud)
(levenshtein() crashes with invalid argument). (Ilia)
(Segfault with invalid non-string as event handler callback). (Christian Seiler)
(ISAPI doesn't properly clear auth_digest in header). (Patch by: navara at emclient dot com)
(Return value from callback isn't freed). (Felipe)
(Segfault with invalid non-string as register_introspection_callback). (Christian Seiler)
(Using XPath to return values for attributes with a namespace does not work). (Rob)
(new DateTimeZone() and date_create()->getTimezone() behave different). (Derick)
(FCGI_GET_VALUES request does not return supplied values). (Arnaud)
(mb_send_mail(); header 'Content-Type: text/plain; charset=' parsing incorrect). (Felipe)
(strip_tags and <?XML tag). (Felipe)
(imap patch for fromlength fix in imap_headerinfo doesn't accept lengths of 1024). (Felipe, andrew at lifescale dot com)
(filesize() regression using ftp wrapper). (crrodriguez at suse dot de)
(fastcgi parent process doesn't invoke php_module_shutdown before shutdown). (basant dot kukreja at sun dot com)
(session.serialize_handler declared by shared extension fails). (Kalle, oleg dot grenrus at dynamoid dot com)
(snmp extension memory leak). (Federico Cuello, Rodrigo Campos)
(ob_start()/ob_end_clean() and memory_limit). (Arnaud)
(timeout bug in stream_socket_enable_crypto). (Ilia)
(php crash on query with errors in params). (Felipe)
(Segmentation fault because of tick function on second request). (Dmitry)
(Segmentation fault on second request for array functions). (Dmitry)
(Opening php:// wrapper in append mode results in a warning). (Arnaud)
(double free or corruption with setAttributeNode()). (Rob)
Fixed bugs , (xmlrpc_set_type() segfaults and wrong behavior with valid ISO8601 date string). (Jeff Lawsons)
(curl_read callback returns -1 when needs to return size_t (unsigned)). (Felipe)
(chdir() should clear relative entries in stat cache). (Arnaud)
(memory corruption on assignment result of "new" by reference). (Dmitry)
(substr() overflow changes). (Felipe)
(ReflectionProperty returns incorrect declaring class).(Felipe)
($_FILES['upload']['size'] sometimes return zero and sometimes the filesize). (Arnaud)
(CRC32 output endianness is different between crc32() and hash()). (Tony)
(pg_insert() does not accept 4 digit timezone format). (Ilia)
(Compile Failure With freetds0.82). (jklowden at freetds dot org, matthias at dsx dot at)
(gettext functions crash with overly long domain). (Christian Schneider, Ilia)
(preg_grep() modifies input array). (Nuno)
(OpenSSL extension fails to link with OpenSSL 0.9.6). (jd at cpanel dot net, Pierre)
Memory leak using registerPHPFunctions and XSLT Variable as function parameter. (Rob)
(SOAP extension object decoding bug). (Dmitry)
(Very minor issue with backslash in heredoc). (Matt)
(php://memory writeable when opened read only). (Arnaud)
(Improve error message when creating a new SoapClient that contains invalid data). (Markus Fischer, David C)
(Memory leak assigning value to attribute). (Ilia)
(Progress notifications incorrect). (Hannes)
(stream_context_set_params segfaults on invalid arguments). (Hannes)
(wrong HTML entity output when substitute_character=entity). (Moriyoshi)
(stream_get_line unable to correctly identify the "ending" in the stream content). (Arnaud)
(Extending PDO/MySQL class with a __call() function doesn'twork). (Johannes)
(PDORow::queryString property & numeric offsets / Crash). (Felipe)
Fixed bugs , (PDO + quote() + prepare() can result in segfault). (tsteiner at nerdclub dot net)
(closedir() accepts a file resource opened by fopen()). (Dmitry, Tony)
(extract($a, EXTR_REFS) can fail to split copy-on-write references). (robin_fernandes at uk dot ibm dot com)
(extract($a, EXTR_OVERWRITE|EXTR_REFS) can fail to create references to $a). (robin_fernandes at uk dot ibm dot com)
(UNIX abstract namespace socket connect does not work). (Jani)
(mb_substr_count() behaves differently to substr_count() with overlapping needles). (Moriyoshi)
(class name added into the error message). (Dmitry)
(json_encode silently cuts non-UTF8 strings). (Stas)
(Incorrect argument counter in prepared statements with pgsql). (Felipe)
(socket_getpeername: cannot use on stdin with inetd). (Arnaud)
(SOAP not sent properly from client for <choice>). (Dmitry)
(Added odbc.default_cursortype to control the ODBCcursor model). (Patrick)
(Fixed code to use ODBC 3.52 datatypes for 64bit systems). (Patrick)
(rfc1867 handler newlength problem). (Arnaud)
(strings containing a weekday, or a number plus weekday behaved incorrect of the current day-of-week was the same as the one in the phrase).(Derick)
(wrong detection of 'data' wrapper causes notice). (gk at gknw dot de, Arnaud)
(Regression: some numbers shown in scientific notation). (int-e at gmx dot de)
(SOAP encoding violation on "INF" for type double/float). (Dmitry)
(dns_get_record() doesn't return all text from TXT record). (a dot u dot savchuk at gmail dot com)
(preg_split('//u') triggers a E_NOTICE with newlines). (Nuno)
(FILTER_UNSAFE_RAW not applied when configured as default filter). (Arnaud)
("make test" fails with --with-config-file-scan-dir=path). (Jani)
(ob_start php://output and headers). (Arnaud)
(problem with nm on AIX, not finding object files). (Dmitry)
(Unified solution for round() based on C99 round). (Ilia)
(pg_meta_data mix tables metadata from different schemas). (Felipe)
(OCI8: allow compilation with Oracle 8.1). (Chris Jones)
(enable signing with DSA keys. (gordyf at google dot com, Pierre)
(data is returned truncated with BINARY CURSOR). (Tony)
(crash in sybase_unbuffered_query() function). (Timm)
(pg_* functions doesn't work using schema). (Felipe)
(::extractTo 2nd argument is not really optional). (Mark van Der Velden)
(Mail() always returns false but mail is sent). (Mikko)

Version 5.2.6

01-May-2008

Security Fixes
- Fixed possible stack buffer overflow in FastCGI SAPI. (Andrei Nigmatulin)
- Properly address incomplete multibyte chars inside escapeshellcmd() (Ilia, Stefan Esser)
- Fixed security issue detailed in CVE-2008-0599. (Rasmus)
- Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. (Ilia)
- Upgraded PCRE to version 7.6 (Nuno)
Fixed two possible crashes inside posix extension (Tony)
Fixed incorrect heredoc handling when label is used within the block. (Matt)
Fixed sending of uninitialized paddings which may contain some information. (Andrei Nigmatulin)
Fixed a bug in formatting timestamps when DST is active in the default timezone (Derick)
Fix integer overflow in printf(). (Stas, Maksymilian Aciemowicz)
Fixed potential memleak in stream filter parameter for zlib filter. (Greg)
Added Reflection API metadata for the methods of the DOM classes. (Sebastian)
Fixed weird behavior in CGI parameter parsing. (Dmitry, Hannes Magnusson)
Fixed a bug with PDO::FETCH_COLUMN|PDO::FETCH_GROUP mode when a column # by which to group by data is specified. (Ilia)
Fixed segfault in filter extension when using callbacks. (Arnar Mar Sig, Felipe)
Fixed faulty fix for bug (endless loop in zlib.inflate stream filter). (Greg)
(timezone_offset_get() causes segmentation faults). (Derick)
(Prevent crash within session_register()). (Scott)
(htmlspecialchars() does not detect bad character set argument). (Andy Wharmby)
(With CGI argv/argc starts from arguments, not from script) (Dmitry)
(proc_open() does not handle pipes with the mode 'wb' correctly). (Jani)
(Crash in imap_mail_compose if "body" parameter invalid). (Ilia)
(escapeshellscmd() does not check arg count). (Ilia)
(Crash inside imap_headerinfo()). (Ilia, jmessa)
(Order issues with Content-Type/Length headers on POST). (Ilia)
(imap_open() does not validate # of retries parameter). (Ilia)
(imagegif's filename parameter). (Felipe)
(Crash in imap_setacl when supplied integer as username) (Thomas Jarosch)
(call_user_method_array issues a warning when throwing an exception). (David Soria Parra)
(Inconsistent behaviour when assigning new nodes). (Rob, Felipe)
(email validator does not handle domains starting/ending with a -). (Ilia)
(st_blocks undefined under BeOS). (Felipe)
(Last two bytes missing from output). (Felipe)
(Crash inside exif_read_data() on invalid images) (Ilia)
(PDO_OCI extension compile failed). (Felipe)
(SEGFAULT when using mysql_pconnect() with client_flags). (Felipe)
(Better detection of MIPS processors on Windows). (Ilia)
(metaphone('CMXFXM') crashes PHP). (Felipe)
(MSG_PEEK undefined under BeOS R5). (jonathonfreeman at gmail dot com, Ilia)
(strftime segfaults on large negative value). (Derick)
(strtotime() doesn't support 64 bit timestamps on 64 bit platforms). (Derick)
(OCI8 selecting ref cursors leads to ORA-1000 maximum open cursors reached). (Oracle Corp.)
(A crash in PDO when no bound targets exists and yet bound parameters are present). (Ilia)
(socket array keys lost on socket_select). (Felipe)
(preg_grep messes up array index). (Felipe)
(PDO setAttribute() does not properly validate values for native numeric options). (Ilia)
(Double free of loop-variable on exception). (Dmitry)
(Invalid FETCH_COLUMN index does not raise an error). (Ilia)
(Parameter handling flaw in PDO::getAvailableDrivers()). (Ilia)
(Crash: $pdo->setAttribute(PDO::STATEMENT_ATTR_CLASS, NULL)). (Felipe)
(Possible crash with syslog logging on ZTS builds). (Ilia)
(private parent constructor callable through static function). (Dmitry)
(OCI8 new collection creation can fail with OCI-22303). (Oracle Corp.)
(Huge memory usage with concatenation using . instead of .=). (Dmitry)
(crash inside array_slice() function with an invalid by-ref offset). (Ilia)
(crash inside stream_socket_enable_crypto() when enabling encryption without crypto type). (Ilia)
(RecursiveDirectoryIterator options inconsistancy). (Marcus)
(OCI8 incorrect usage of OCI-Lob->close crashes PHP). (Oracle Corp.)
(Two error messages returned for incorrect encoding for mb_strto[upper|lower]). (Rui)
(mb_ereg 'successfully' matching incorrect). (Rui)
(Memory leak when sending the same HTTP status code multiple times). (Scott)
(koi8r is missing from html_entity_decode()). (andy at demos dot su, Tony)
(Interbase column names are truncated to 31 characters). (Ilia)
(Two error messages returned for $new and $flag argument in mysql_connect()). (Hannes)
(str_word_count() breaks on cyrillic "ya" in locale cp1251). (phprus at gmail dot com, Tony)
(mb_strrpos offset is byte count for negative values). (Rui)
(mb_strpos bounds check is byte count rather than a character count). (Rui)
(date_create never fails (even when it should)). (Derick)
(zlib filter is unable to auto-detect gzip/zlib file headers). (Greg)
(Signature compatibility check broken). (Dmitry)
(Inconsistent behaviour of include_path set with php_value). (manuel at mausz dot at)
(Extending PDO class with a __call() function doesn't work). (David Soria Parra)
(Make FindFile use PATH_SEPARATOR instead of ";"). (Ilia)
(mysql extension ingores INI settings on NULL values passed to mysql_connect()). (Ilia)
(Workaround for a bug inside libcurl 7.16.2 that can result in a crash). (Ilia)
(incorrect processing of numerical string keys of array in arbitrary serialized data). (Dmitriy Buldakov, Felipe)
(define missing depencies of the exif extension). (crrodriguez at suse dot de)
(a possible infinite loop in bz2_filter.c). (Greg)
(removed bogus declaration of a non-existent php_is_url() function). (Ilia)
(array_merge_recursive() doesn't behave as expected with duplicate NULL values). (Felipe, Tony)
(escapeshellarg('') returns null). (Ilia)
(DateTime created from a timestamp reports environment timezone). (Derick)
(stream_get_line() eats additional characters). (Felipe, Ilia, Tony)
(SOAPFault HTTP Status 500 - would like to be able to set the HTTP Status). (Dmitry)
(Assign by reference bug). (Dmitry)
(file_exists() on a proftpd server got SIZE not allowed in ASCII mode). (Ilia, crrodriguez at suse dot de)
(OCI8 XML/getClobVal aka temporary LOBs leak UGA memory). (Chris)
(array_merge_recursive() crashes with recursive arrays). (Ilia)
(pdo_pgsql does not send username on connect when password is not available). (Ilia)
(Under certain conditions, file_exists() never returns). (Dmitry)
(get_class_methods() does not list all visible methods). (Dmitry)
(array_pad() does not warn on very small pad numbers). (Ilia)
(Prepared statement with incorrect parms doesn't throw exception with pdo_pgsql driver). (Ilia)
(Memory leak on some functions with implicit object __toString() call). (David C.)
(array_globals not reset to 0 properly on init). (Ilia)
(PHP crashes with invalid argument for DateTimeZone). (Ilia)
(pcntl_fork() should not raise E_ERROR on error). (Ilia)
(recursive xincludes don't remove internal xml nodes properly). (Rob, patch from ddb@bitxtender.de)
(mb_ereg*_replace() crashes when replacement string is invalid PHP expression and 'e' option is used). (Jani)
(crash because of uninitialized SG(sapi_headers).mimetype). (Dmitry)
(Multiple segfaults in getopt()). (Hannes)
(pg_send_query_params() converts all elements in 'params' to strings). (Ilia)
(Incomplete fix for bug , mkdir() under safe_mode). (Ilia)
(backward compatibility break in realpath()). (Dmitry)
(SimpleXML adding default namespace in addAttribute). (Rob)
(stream_is_local() returns false on "file://"). (Dmitry)
(Crash on using uninitialized vals and __get/__set). (Dmitry)
(file_put_contents() LOCK_EX does not work properly on file truncation). (Ilia)
(__destruct() throwing an exception with __call() causes segfault). (Dmitry)
(Very long class name causes segfault). (Dmitry)
(PHP seems to fail to close open files). (Hannes)
(curl_copy_handle() crashes with > 32 chars long URL). (Jani)
(Invalid timezone reported for DateTime objects constructed using a timestamp). (Derick)
(mismatch between number of bound params and values causes a crash in pdo_pgsql). (Ilia)
(preg_split() swallows part of the string). (Nuno)
(__call() method not invoked when methods are called on parent from child class). (Dmitry)
(REF CURSOR and oci_new_cursor() crash PHP). (Chris)
(Wrong results in array_diff_uassoc) (Felipe)
(Incorrect forcing from HTTP/1.0 request to HTTP/1.1 response). (Ilia)
(xmlrpc_server_call_method() crashes). (Tony)
(Procedure 'int1' not present with doc/lit SoapServer). (Dmitry)
(mysqli PROCEDURE calls can't return result sets). (Hartmut)
(new sendmail default breaks on Netware platform) (Guenter Knauf)
(Implicit conversion to string leaks memory). (David C., Rob).
(var_export() incorrectly escapes char(0)). (Derick)
(Incorrect lengths for date and boolean data types). (Ilia)
(Constructing DateTime with TimeZone Indicator invalidates DateTimeZone). (Derick)
(Warning "array_merge_recursive(): recursion detected" comes again...). (Felipe)
(oci8 extension not lib64 savvy). (Chris)
(Failing to call RecursiveIteratorIterator::__construct() causes a sefault). (Etienne)
(setTime() fails after modify() is used). (Derick)
(SimpleXML memory issue). (Rob)
(php_uname() does not return nodename on Netware (Guenter Knauf)
(Unexpected creation of cycle). (Dmitry)
(OpenSSL stream->fd casts broken in 64-bit build) (stotty at tvnet dot hu)

Version 5.2.5

08-Nov-2007

Security Fixes
- Fixed dl() to only accept filenames. reported by Laurent Gaffie.
- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
- Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences.
- Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
- Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications reported by SecurityReason.
- (automatic session id insertion adds sessions id to non-local forms).
- (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).
Upgraded PCRE to version 7.3 (Nuno)
Added optional parameter $provide_object to debug_backtrace(). (Sebastian)
Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre)
Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. (Dmitry)
Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc(). (Dmitry)
Fixed move_uploaded_file() to always set file permissions of resulting file according to UMASK. (Andrew Sitnikov)
Fixed possible crash in ext/soap because of uninitialized value. (Zdash Urf)
Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing '*'. (Ilia)
Fixed PDO crash when driver returns empty LOB stream. (Stas)
Fixed iconv_*() functions to limit argument sizes as workaround to libc bug (CVE-2007-4783, CVE-2007-4840 by Laurent Gaffie). (Christian Hoffmann, Stas)
Fixed missing brackets leading to build warning and error in the log. Win32 code. (Andrey)
Fixed leaks with multiple connects on one mysqli object. (Andrey)
Fixed endianness detection on MacOS when building universal binary. (Uwe Schindler, Christian Speich, Tony)
Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre)
(array_intersect_assoc() crashes with non-array input). (Jani)
(PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()). (Ilia)
(rmdir() and rename() do not clear statcache). (Jani)
(Bound parameters cannot have - in their name). (Ilia)
(XMLWriter::endElement() does not check # of params). (Ilia)
(Warning message is missing with shuffle() and more than one argument). (Scott)
(Crash when constructor for newInstance() or newInstanceArgs() fails) (Ilia)
(ext/mssql: Move *timeout initialization from RINIT to connect time). (Ilia)
(PDO::FETCH_KEY_PAIR doesn't work with setFetchMode). (Ilia)
(Constant "LIST" defined by mysqlclient and c-client). (Andrey)
($foo = clone(array()); leaks memory). (Dmitry)
(clone() on a non-object does not result in a fatal error). (Ilia)
(json_encode() formats doubles according to locale rather then following standard syntax). (Ilia)
(pg_insert() does not accept an empty list for insertion). (Ilia)
(WSDL error causes HTTP 500 Response). (Dmitry)
(Storing $this in a static var fails while handling a cast to string). (Dmitry)
(highlight_string() truncates trailing comment). (Ilia)
(mkdir() doesn't like a trailing slash when safe_mode is enabled). (Ilia)
(Exception raised in an iterator::current() causes segfault in FilterIterator) (Marcus)
(PHP_SELF duplicates path). (Dmitry)
(RecursiveIteratorIterator modifies only part of leaves) (Marcus)
(CLI segfaults if using ATTR_PERSISTENT). (Ilia)
(SoapFault : Only http and https are allowed). (Bill Moran)
(Dynamically loaded PHP extensions need symbols exported on MacOSX). (jdolecek at NetBSD dot org)
(bz2 extension fails to build with -fno-common). (dolecek at netbsd dot org)
(session.save_path MODE option does not work). (Ilia)
(Make the engine recognize \v and \f escape sequences). (Ilia)
(behavior change regarding symlinked .php files). (Dmitry)
(apache_reset_timeout() does not exist). (Jani)
(ext/mysql failed to compile with libmysql 3.23). (Scott)
(PHP_SELF duplicates path). (Dmitry)
(ip2long('255.255.255.255') should return 4294967295 on 64-bit PHP). (Derick)
(php_pgsql_convert() timezone parse bug) (nonunnet at gmail dot com, Ilia)
(Segmentation when trying to set an attribute in a DOMElement). (Rob)
(CGI SAPI does not shut down cleanly with -i/-m/-v cmdline options). (Dmitry)
(PDO classes do not expose Reflection API information). (Hannes)
(Write lock on file_get_contents fails when using a compression stream). (Ilia)
(SoapServer reports an encoding error and the error itself breaks). (Dmitry)
(mysqli_stmt_bind_result memory exhaustion). (Andrey)
(xsd:list type not parsed). (Dmitry)
(SoapServer crash). (Dmitry)
(SoapServer sends clients internal PHP errors). (Dmitry)
(xmlrpc_set_type() crashes php on invalid datetime values). (Ilia)
(XMLReader option constants are broken using XML()). (Rob)
(SoapServer return Procedure '' not present for WSIBasic compliant wsdl). (Dmitry)
(Relative includes broken when getcwd() fails). (Ab5602, Jani)
(proc_open() append mode doesn't work on windows). (Nuno)

Version 5.2.4

30-Aug-2007

Security Fixes
- Fixed "Floating point exception" inside wordwrap(). (Mattias Bengtsson, Ilia)
- Fixed several integer overflows in ImageCreate(), ImageCreateTrueColor(), ImageCopyResampled() and ImageFilledPolygon() reported by Mattias Bengtsson. (Tony)
- Fixed size calculation in chunk_split(). (Stas)
- Fixed integer overflow in str[c]spn(). (Stas)
- Fixed money_format() not to accept multiple %i or %n tokens. (Stas, Ilia)
- Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Ilia)
- Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Stas)
- Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Stas, Maksymilian Arciemowicz)
- Fixed possible invalid read in glob() win32 implementation (CVE-2007-3806). (Tony)
- Improved fix for MOPB-03-2007. (Ilia)
- Corrected fix for CVE-2007-2872. (Ilia)
Removed --enable-versioning configure option. (Jani)
Upgraded PCRE to version 7.2 (Nuno)
Updated timezone database to version 2007.6. (Derick)
Improved openssl_x509_parse() to return extensions in readable form. (Dmitry)
Enabled changing the size of statement cache for non-persistent OCI8 connections. (Chris Jones, Tony)
Changed display_errors php.ini option to accept stderr as value which makes the error messages to be outputted to STDERR instead of STDOUT with CGI and CLI SAPIs (). (Jani)
Changed error handler to send HTTP 500 instead of blank page on PHP errors. (Dmitry, Andrei Nigmatulin)
Changed mail() function to be always available. (Johannes)
Added check for unknown options passed to configure. (Jani)
Added persistent connection status checker to pdo_pgsql. (Elvis Pranskevichus, Ilia)
Added support for ATTR_TIMEOUT inside pdo_pgsql driver. (Ilia)
Added php_ini_loaded_file() function which returns the path to the actual php.ini in use. (Jani)
Added GD version constants GD_MAJOR_VERSION, GD_MINOR_VERSION GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre)
Added missing open_basedir checks to CGI. (anight at eyelinkmedia dot com, Tony)
Added missing format validator to unpack() function. (Ilia)
Added missing error check inside bcpowmod(). (Ilia)
Added CURLOPT_PRIVATE & CURLINFO_PRIVATE constants. (Andrey A. Belashkov, Tony)
Added missing MSG_EOR and MSG_EOF constants to sockets extension. (Jani)
Added PCRE_VERSION constant. (Tony)
Added ReflectionExtension::info() function to print the phpinfo() block for an extension. (Johannes)
Implemented FR (ReflectionClass::getDefaultProperties() does not handle static attributes). (Tony)
Fixed possible crash in imagepsloadfont(), work around a bug in the pslib on Windows. (Pierre)
Fixed oci8 and PDO_OCI extensions to allow configuring with Oracle 11g client libraries. (Chris Jones)
Fixed EOF handling in case of reading from file opened in write only mode. (Dmitry)
Fixed var_export() to use the new H modifier so that it can generate parseable PHP code for floats, independent of the locale. (Derick)
Fixed regression introduced by the fix for the libgd bug #74. (Pierre)
Fixed SimpleXML's behavior when used with empty(). (Sara)
Fixed crash in OpenSSL extension because of non-string passphrase. (Dmitry)
(PDO_OCI crash after National language Support "NLS" environment initialization error). (Chris Jones)
(crash in ZipArchive::addEmptyDir when a directory already exists). (Pierre)
(Incorrect error message displayed by pg_escape_string). (Ilia)
(glob() crashes and/or accepts way too many flags). (Jani)
(Crash when using getRealPath with DirectoryIterator). (Johannes)
($PHP_CONFIG not set for phpized builds). (Jani)
(header wrong for date field). (roberto at spadim dot com dot br, Ilia)
(SimpleXMLIterator loses ancestry). (Rob)
(ldap_parse_result() not defined under win32). (Jani)
(copy() does not output an error when the first arg is a dir). (Ilia)
(sybase_connect() crashes). (Ilia)
(stream_copy_to_stream returns invalid values for mmaped streams). (andrew dot minerd at sellingsource dot com, Ilia)
(Problems with æøå in extract()). (Jani)
(possible buffer overflow in php_openssl_make_REQ). (Pierre)
(property_exists() fails to find protected properties from a parent class). (Dmitry)
(substr_replace() crashes when the same array is passed more than once). (crrodriguez at suse dot de, Ilia)
(SCRIPT_NAME and PHP_SELF truncated when inside a userdir and using PATH_INFO). (Dmitry)
(C++ compiler required always). (Jani)
(classmap causes crash in non-wsdl mode). (Dmitry)
(oci8 INTERVAL and TIMESTAMP type fixes). (Chris)
(__destruct functions not called after catching a SoapFault exception). (Dmitry)
(substr_replace() returns FALSE when length > string length). (Ilia)
(Second call of session_start() causes creation of SID). (Ilia)
(oci_error() returns false after oci_new_collection() fails). (Tony)
(array_push($arr,&$obj) doesn't work with zend.ze1_compatibility_mode On). (Dmitry)
(bzip2.compress loses data in internal buffer). (Philip, Ilia)
(deleting a node produces memory corruption). (Rob)
(sscanf broken when using %2$s format parameters). (Jani)
(json_decode causes segmentation fault). (Hannes)
(NodeList length zero should be empty). (Hannes)
(No warning message for clearstatcache() with arguments). (Ilia)
(ini scanner allows using NULL as option name). (Jani)
(is_file() / is_dir() matches file/dirnames with wildcard char or trailing slash in Windows). (Dmitry)
(configure option --with-adabas=DIR does not work). (Jani)
(ldap_rename(): server error "DSA is unwilling to perform"). (bob at mroczka dot com, Jani)
(is_a() and is_subclass_of() should NOT call autoload, in the same way as "instanceof" operator). (Dmitry)
(move_uploaded_file() & relative path in ZTS mode). (Tony)
(Hangs on large SoapClient requests). (Dmitry)
(Error Fetching http headers terminated by '\n'). (Dmitry)
(--with-ldap=shared fails with LDFLAGS="-Wl,--as-needed"). (Nuno)
(PDOStatement::fetch and PDOStatement::setFetchMode causes unexpected behavior). (Ilia)
(strtotime returns a timestamp for non-time string of pattern '(A|a) .+'). (Derick)
(Ensure search for hidden private methods does not stray from class hierarchy). (robin_fernandes at uk dot ibm dot com)
(SimpleXML incorrectly registers empty strings as namespaces). (Rob)
(Foreach on object does not iterate over all visible properties). (Dmitry)
(crash in string to array conversion). (judas dot iscariote at gmail dot com, Ilia)
(var_export() is locale sensitive when exporting float values). (Derick)
(CFLAGS="-Os" ./configure --enable-debug fails). (christian at hoffie dot info, Tony)
(proc_open(): empty env array should cause empty environment to be passed to process). (Jani)
(SimpleXML: getName is broken). (Rob)
(fputcsv(): 2nd parameter is not optional). (Jani)
(SimpleXML: getNamespaces() returns the namespaces of a node's siblings). (Rob)
(pgsql extension does not compile with PostgreSQL <7.4). (Ilia)
(Format returns incorrect number of digits for negative years -0001 to -0999). (Derick)
(Cannot create years < 0100 & negative years with date_create or new DateTime). (Derick)
(addChild() on a non-existent node, no node created, getName() segfaults). (Rob)
(pdo_sqlite prepared statements convert resources to strings). (Ilia)
(Concurrent read/write fails when EOF is reached). (Sascha)
(segmentation fault when using string offset as an object). (judas dot iscariote at gmail dot com, Tony)
(checkdnsrr does not support DNS_TXT type). (lucas at facebook dot com, Tony)
(php_strip_whitespace() sends headers with errors suppressed). (Tony)
(SSL: fatal protocol error due to buffer issues). (Ilia)
(Recode crashes/does not work on amd64). (nexus at smoula dot net, Stas)
(libxml_get_last_error() - errors service request scope). (thekid at php dot net, Ilia)
(imagepolygon does not respect thickness). (Pierre)
(Persistent memory consumption on win32 since 5.2). (Dmitry)
(NULL temporary lobs not supported in OCI8). (Chris Jones, Tony)
(strtotime() does not handle 00.00.0000). (Derick)
(float parameters truncated to integer in prepared statements). (Ilia)
(ArrayObject shows weird behavior in respect to inheritance). (Tony)
(ArrayObject::exchangeArray hangs Apache). (Tony)
(Omitting length param in array_slice not possible). (Ilia)
(array_push() fails to warn when next index is already occupied). (Ilia)
(open_basedir bypass via glob()). (Ilia)
(get_class_vars produces error on class constants). (Johannes)
(SoapServer and zlib.output_compression with FastCGI result in major slowdown). (Dmitry)
(Crash instantiating classes with self-referencing constants). (Dmitry)
(segfault when an invalid color index is present in the image data). (Reported by Elliot wccoder@gmail dot com) (Pierre)
(PHP settings leak between Virtual Hosts in Apache 1.3). (Scott, manuel at mausz dot at)
(segfault on a weird code with objects and switch()). (Tony)
(url rewriter tags doesn't work with namespaced tags). (Ilia)
(Fixed a crash inside pdo_pgsql on some non-well-formed SQL queries). (Ilia)
(OCI8 statement cache is flushed too frequently). (Tony)
(SimpleXML crashes when accessing newly created element). (Tony)
(configure failure when using --without-apxs or some other SAPIs disabling options). (Jani)
(json_encode() double conversion is inconsistent with PHP). (Lucas, Ilia)
(SOAP Server not properly generating href attributes). (Dmitry)
(configure failure: regression caused by fix for ). (Jani)
(WDDX deserialize numeric string array key). (Matt, Ilia)
(strtotime('0000-00-00 00:00:00') is parsed as 1999-11-30). (Derick)
(file_exists() warns of open_basedir restriction on non-existent file). (Tony)
(parse_ini_file() has a problem with certain types of integer as sections). (Tony)
(DBA: configure fails to include correct db.h for db4). (Jani)
(Internal pointer of source array resets during array copying). (Dmitry)
(my_thread_global_end() error during request shutdown on Windows). (Scott, Andrey)
(get_loaded_extensions() should list Zend extensions). (Johannes)
(Memory leak in ldap_{first|next}_attribute functions). (Jani)
(get_object_vars get nothing in child class). (Dmitry)
(Iterating within function moves original array pointer). (Dmitry)
(key() function changed behaviour if global array is used within function). (Dmitry)
(Trailing slash in CGI request does not work). (Dmitry)
(apache2handler does not call shutdown actions before apache child die). (isk at ecommerce dot com, Gopal, Tony)
(ldap_sasl_bind() misses the sasl_authc_id parameter). (diafour at gmail dot com, Jani)
(array pointers resetting on copy). (Dmitry)
(Symlinks and mod_files session handler allow open_basedir bypass). (Ilia)
(Userfilters can leak buckets). (Sara)
Fixed bugs , , (stream_set_blocking() does not work). (Jani)
(pdo-pgsql should not use pkg-config when not present). (Jani)
(PHP_SELF incorrect without cgi.fix_pathinfo, but turning on screws up PATH_INFO). (Dmitry)
(socket_read() outputs error with PHP_NORMAL_READ). (Nuno, Jani)

Version 5.2.3

31-May-2007

Security Fixes
- Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
- Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
- Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)
- (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)
- Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
- Added mysql_set_charset() to allow runtime altering of connection encoding.
Changed CGI install target to php-cgi and 'make install' to install CLI when CGI is selected. (Jani)
Changed JSON maximum nesting depth from 20 to 128. (Rasmus)
Improved compilation of heredocs and interpolated strings. (Matt, Dmitry)
Optimized out a couple of per-request syscalls. (Rasmus)
Optimized digest generation in md5() and sha1() functions. (Ilia)
Upgraded bundled SQLite 3 to version 3.3.17. (Ilia)
Added "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007. (Stas)
Added a 4th parameter flag to htmlspecialchars() and htmlentities() that makes the function not encode existing html entities. (Ilia)
Added PDO::FETCH_KEY_PAIR mode that will fetch a 2 column result set into an associated array. (Ilia)
Added CURLOPT_TIMEOUT_MS and CURLOPT_CONNECTTIMEOUT_MS cURL constants. (Sara)
Added --ini switch to CLI that prints out configuration file names. (Marcus)
Implemented FR (getColumnMeta() should also return table name). (Tony)
Fixed filetype() and linkinfo() processing of symlinks on ZTS systems. (Oliver Block, Tony, Dmitry)
Fixed SOAP extension's handler() to work even when "always_populate_raw_post_data" is off. (Ilia)
Fixed altering $this via argument named "this". (Dmitry)
Fixed PHP CLI usage of php.ini from the binary location. (Hannes)
Fixed segfault in strripos(). (Tony, Joxean Koret)
Fixed gd build when used with freetype 1.x (Pierre, Tony)
(ReflectionParameter::getPosition() not available). (Marcus)
(Compile failure under IRIX 6.5.30 building md5.c). (Jani)
(json_decode() incorrectly decodes JSON arrays with empty string keys). (Ilia)
(no arginfo about SoapClient::__soapCall()). (Ilia)
(ext/dba/config.m4 pollutes global $LIBS and $LDFLAGS). (mmarek at suse dot cz, Tony)
(imagegd2() under output control). (Tony)
(Fatal error with negative values of maxlen parameter of file_get_contents()). (Tony)
(PHP assumes wrongly that certain ciphers are enabled in OpenSSL). (Pierre)
(Uncaught exception from a stream wrapper segfaults). (Tony, Dmitry)
(json_decode cannot decode floats if localeconv decimal_point is not '.'). (Tony)
(wrong unary operator precedence). (Stas)
(dbase_create creates file with corrupted header). (Tony)
(Clarify error message with invalid protocol scheme). (Scott)
(fastcgi protocol lacks support for Reason-Phrase in "Status:" header). (anight at eyelinkmedia dot com, Dmitry)
(whole text concats values of wrong nodes). (Rob)
(configure cannot determine SSL lib with libcurl >= 7.16.2). (Mike)
(crash in openssl_pkcs12_read() on invalid input). (Ilia)
(Invalid opcode with foreach ($a[] as $b)). (Dmitry, Tony)
(checkdnsrr() segfaults on empty hostname). (Scott)
(WSDL parsing doesn't ignore non soap bindings). (Dmitry)
(Writing empty tags with Xmlwriter::WriteElement[ns]) (Pierre)
(downgrade read errors in getimagesize() to E_NOTICE). (Ilia)
(compress.zlib temp files left). (Dmitry)
(Fixed creation of HTTP_RAW_POST_DATA when there is no default post handler). (Ilia)
(FastCGI does not set SO_REUSEADDR). (fmajid at kefta dot com, Dmitry)
(Namespace functions don't allow xmlns definition to be optional). (Rob)
(Bug with deserializing array key that are doubles or floats in wddx). (Ilia)
(lookupNamespaceURI does not work as expected). (Rob)
(Regression in timeout handling of non-blocking SSL connections during reads and writes). (Ilia)
(zend_ts_hash_clean not thread-safe). (marco dot cova at gmail dot com, Tony)
(ext/soap returning associative array as indexed without using WSDL). (Dmitry)
(minOccurs="0" and null class member variable). (Dmitry)
(Behavior of require/include different to < 5.2.0). (Dmitry)

Version 5.2.2

03-May-2007

Security Fixes
- Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
- Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
- Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
- Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
- Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
- Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
- Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
- Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-20, MOPB-21 by Stefan Esser). (Ilia)
- Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia)
- Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser) (Stas)
- Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team) (Ilia)
- Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser) (Ilia)
- Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (Ilia)
- Fixed a buffer overflow inside user_filter_factory_create(). (Ilia)
- Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (Stas)
Improved bundled GD
- Sync to 2.0.35
- Added imagegrabwindow and imagegrabscreen, capture a screen or a window using its handle (Pierre)
- colors allocated henceforth from the resulting image overwrite the palette colors (Rob Leslie)
- Improved thread safety of the gif support (Roman Nemecek, Nuno, Pierre)
  - Use the dimension of the GIF frame to create the destination image (Pierre)
  - Load only once the local color map from a GIF data (Pierre)
Improved thread safety of the freetype cache (Scott MacVicar, Nuno, Pierre)
- imagearc huge CPU usage with large angles, libgd bug #74 (Pierre)
Improved FastCGI SAPI to support external pipe and socket servers on win32. (Dmitry)
Improved Zend Memory Manager
- guarantee of reasonable time for worst cases of best-fit free block searching algorithm. (Dmitry)
- better cache usage and less fragmentation on erealloc() (Tony, Dmitry)
Improved SPL (Marcus)
- Added SplFileInfo::getBasename(), DirectoryIterator::getBasename().
- Added SplFileInfo::getLinkTarget(), SplFileInfo::getRealPath().
- Made RecursiveFilterIterator::accept() abstract as stated in documentation.
Improved SOAP
- Added ability to encode arrays with "SOAP-ENC:Array" type instead of WSDL type. To activate the ability use "feature"=>SOAP_USE_XSI_ARRAY_TYPE option in SoapClient/SoapServer constructors. (Rob, Dmitry)
Added GMP_VERSION constant. (Tony)
Added --ri switch to CLI which allows to check extension information. (Marcus)
Added tidyNode::getParent() method (John, Nuno)
Added openbasedir and safemode checks in zip:// stream wrapper and ZipArchive::open (Pierre)
Added php_pdo_sqlite_external.dll, a version of the PDO SQLite driver that links against an external sqlite3.dll. This provides Windows users to upgrade their sqlite3 version outside of the PHP release cycle. (Wez, Edin)
Added linenumbers to array returned by token_get_all(). (Johannes)
Implement #40947, allow a single filter as argument for filter_var_array (Pierre)
Implement #39867 (openssl PKCS#12 support) (Marc Delling, Pierre)
Upgraded SQLite 3 to version 3.3.16 (Ilia)
Upgraded libraries bundled in the Windows distribution. (Edin)
- c-client (imap) to version 2006e
- libpq (PostgreSQL) to version 8.2.3
- libmysql (MySQL) to version 5.0.37
- openssl to version 0.9.8e
Upgraded PCRE to version 7.0 (Nuno)
Updated timezone database to version 2007.5. (Derick)
Fixed commandline handling for CLI and CGI. (Marcus, Johannes)
Fixed iterator_apply() with a callback using __call(). (Johannes)
Fixed possible multi bytes issues in openssl csr parser (Pierre)
Fixed shmop_open() with IPC_CREAT|IPC_EXCL flags on Windows. (Vladimir Kamaev, Tony).
Fixed possible leak in ZipArchive::extractTo when safemode checks fails (Ilia)
Fixed possible relative path issues in zip_open and TS mode (old API) (Pierre)
Fixed zend_llist_remove_tail (Michael Wallner, Dmitry)
Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek)
Fixed crash on op-assign where argument is string offset (Brian, Stas)
(setAttribute return code reversed). (Ilia)
(Per Directory Values only work for one key). (Dmitry)
(addAttribute() fails to add an attribute with an empty value). (Ilia)
(mysql_pconnect() hash does not account for connect flags). (Ilia)
(range() overflow handling for large numbers on 32bit machines). (Ilia)
(PHP does not handle overflow of octal integers). (Tony)
(recursiveiterator.inc says "implements" Iterator instead of "extends"). (Marcus)
(TTF usage doesn't work properly under Netware). (Scott, gk at gknw dot de)
(magic_quotes_gpc ignores first arrays keys). (Arpad, Ilia)
(memleak when creating default object caused exception). (Dmitry)
(json_encode() problem with UTF-16 input). (jp at df5ea dot net. Ilia)
(chdir doesn't like root paths). (Dmitry)
("visibility error" in ReflectionFunction::export()). (Johannes)
(pdo_oci crash when freeing error text with persistent connection). (Tony)
(unregister_tick_function() inside the tick function crash PHP). (Tony)
(json_encode() ignores null byte started keys in arrays). (Ilia)
(segfault when calling "self::method()" in shutdown functions). (Tony)
(mcrypt_create_iv() not using random seed). (Ilia)
(long session array keys are truncated). (Tony)
(pdo_mysql does not raise an exception on empty fetchAll()). (Ilia)
(open_basedir bypass via symlink and move_uploaded_file()). (Tony)
(php_default_post_reader crashes when post_max_size is exceeded). (trickie at gmail dot com, Ilia)
(addcslashes unexpected behavior with binary input). (Tony)
(memory leak when nesting list()). (Dmitry)
(error_log file not locked). (Ilia)
(mysql_query() is allocating memory incorrectly). (Tony)
(inconsistency in offsetSet, offsetExists treatment of string enclosed integers). (Marcus)
(strtotime() doesn't handle double negative relative time units correctly). (Derick, Ilia)
(imap_mail_compose() creates an invalid terminator for multipart e-mails). (Ilia)
(sorting issue on 64-bit Solaris). (Wez)
(Segfault in ext/dom). (Rob)
(Crash when using unset() on an ArrayAccess object retrieved via __get()). (Dmitry)
(pdo_mysql does not return rowCount() on select). (Ilia)
(using strings like "class::func" and static methods in set_exception_handler() might result in crash). (Tony)
(Poor performance of ".="). (Dmitry)
(Failure executing function ibase_execute()). (Tony)
(cannot disable memory_limit with -1). (Dmitry, Tony)
(ReflectionObject::getValues() may crash when used with dynamic properties). (Tony)
(Case sensitivity in constructor's fallback). (Tony)
(Apache child exits when PHP memory limit reached). (Dmitry)
(line thickness not respected for horizontal and vertical lines). (Pierre)
(Test fcgi_is_fastcgi() is wrong on windows). (Dmitry)
(added substr() & substr_replace() overflow checks). (Ilia)
(parse_ini_file() segfaults when a scalar setting is redeclared as an array). (Tony)
(openssl stream wrapper ignores default_stream_timeout). (Tony)
(segfault in PDO when failed to bind parameters). (Tony)
(array_reduce() behaves strange with one item stored arrays). (Ilia)
(Resolved a possible namespace conflict between libxmlrpc and MySQL's NDB table handler). (Ilia)
(Incorrect results of DateTime equality check). (Mike)
(Cross compilation fails). (Tony)
(Crash when constructor called inappropriately). (Tony)
(Segfaults when using more than one SoapVar in a request). (Rob, Dmitry)
(umask is not being restored when request is finished). (Tony)
(libxml segfault). (Rob)
(list()="string"; gives invalid opcode). (Dmitry)
(imagettftext() multithreading issue). (Tony, Pierre)
(double values are truncated to 6 decimal digits when encoding). (Tony)
(DIR functions do not work on root UNC path). (Dmitry)
(SplFileInfo::getOwner/getGroup give a warning on broken symlink). (Marcus)
(SplFileInfo::getPathInfo() throws an exception if directory is in root dir). (Marcus)
(multithreading issue in zend_strtod()). (Tony)
(json_encode() value corruption on 32bit systems with overflown values). (Ilia)
(Partial SOAP request sent when XSD sequence or choice include minOccurs=0). (Dmitry)
(Ensure that all PHP elements are printed by var_dump). (wharmby at uk dot ibm dot com, Ilia)
(session.save_path wont use default-value when safe_mode or open_basedir is enabled). (Ilia)
(proc_open() uses wrong command line when safe_mode_exec_dir is set). (Tony)
(strip_tags() fails with greater than in attribute). (Ilia)
(dynamic properties may cause crash in ReflectionProperty methods). (Tony)
(addAttribute() may crash when used with non-existent child node). (Tony)
(ArrayObject::offsetExists broke in 5.2.1, works in 5.2.0). (olivier at elma dot fr, Marcus)
(imagepstext() doesn't accept optional parameter). (Pierre)
(Allow multiple instances of the same named PDO token in prepared statement emulation code). (Ilia)
(possible endless fork() loop when running fastcgi). (Dmitry)
(ext/posix does not compile on MacOS 10.3.9). (Tony)
(memory leaks in PHP milter SAPI). (tuxracer69 at gmail dot com, Tony)
(pg_client_encoding() not working on Windows). (Edin)
(FCGI_WEB_SERVER_ADDRS function get lost). (Dmitry)
(strtotime() returns unexpected result with particular timezone offset). (Derick)
(PHP fastcgi with PHP_FCGI_CHILDREN don't kill children when parent is killed). (Dmitry)
(Extremely slow data handling due to memory fragmentation). (Dmitry)
(php -a function allocation eats memory). (Dmitry)
(iptcembed fails on non-jfif jpegs). (Tony)
(Latitude and longitude are backwards in date_sun_info()). (Derick)
(SplObjectStorage empty after unserialize). (Marcus)
(Milliseconds in date()). (Derick)
(stream_set_blocking crashes on Win32). (Ilia, maurice at iceblog dot de)
(relative include fails on Solaris). (Dmitry, Tony)
(proc_terminate() destroys process resource). (Nuno)
(crash when assigning objects to SimpleXML attributes). (Tony)
(ftp_ssl_connect() falls back to non-ssl connection). (Nuno)
(SSL support in imap_open() not working on Windows). (Edin)
(Inconsistent handling when passing nillable arrays). (Dmitry)
(Avoid crash caused by object store being referenced during RSHUTDOWN). (Andy)
(proc_close() hangs when used with two processes). (jdolecek at netbsd dot org, Nuno)
(data leakage because of nonexisting boundary checking in statements in mysqli) (Stas)
(autocreating element doesn't assign value to first node). (Rob)
(server hangs when returning circular object references). (Dmitry)
Console window appears when using exec() (Richard Quadling, Stas)
(crash in Oracle client when memory limit reached in the callback). (Tony)

Version 5.2.1

08-Feb-2007

Added CURLOPT_TCP_NODELAY constant to Curl extension. (Sara)
Added support for hex numbers of any size. (Matt)
Added function stream_socket_shutdown(). It is a wrapper for system shutdown() function, that shut downs part of a full-duplex connection. (Dmitry)
Added internal heap protection (Dmitry)
- memory-limit is always enabled (--enable-memory-limit removed)
- default value if memory-limit is set to 128M
- safe unlinking
- cookies
- canary protection (debug build only)
- random generation of cookies and canaries
Added forward support for 'b' prefix in front of string literals. (Andrei)
Added three new functions to ext/xmlwriter (Rob, Ilia)
- xmlwriter_start_dtd_entity()
- xmlwriter_end_dtd_entity()
- xmlwriter_write_dtd_entity()
Added a meta tag to phpinfo() output to prevent search engines from indexing the page. (Ilia)
Added new function, sys_get_temp_dir(). (Hartmut)
Added missing object support to file_put_contents(). (Ilia)
Added support for md2, ripemd256 and ripemd320 algos to hash(). (Sara)
Added forward support for (binary) cast. (Derick)
Added optimization for imageline with horizontal and vertical lines (Pierre)
Removed dependency from SHELL32.DLL. (Dmitry)
Removed double "wrong parameter count" warnings in various functions. (Hannes)
Moved extensions to PECL:
- ext/informix (Derick, Tony)
Changed double-to-string utilities to use BSD implementation. (Dmitry, Tony)
Updated bundled libcURL to version 7.16.0 in the Windows distro. (Edin)
Updated timezone database to version 2006.16. (Derick)
cgi.* and fastcgi.* directives are moved to INI subsystem. The new directive cgi.check_shebang_line can be used to omitting check for "#! /usr/bin/php" line. (Dmitry).
Improved proc_open(). Now on Windows it can run external commands not through CMD.EXE. (Dmitry)
VCWD_REALPATH() is improved to use realpath cache without VIRTUAL_DIR. (Dmitry)
ext/bcmath initialization code is moved from request startup to module startup. (Dmitry)
Zend Memory Manager Improvements (Dmitry)
- use HeapAlloc() instead of VirtualAlloc()
- use "win32" storage manager (instead of "malloc") on Windows by default
Zip Extension Improvements (Pierre)
- Fixed leak in statName and stateIndex
- Fixed return setComment (Hannes)
- Added addEmptyDir method
Filter Extension Improvements (Ilia, Pierre)
- Fixed a bug when callback function returns a non-modified value.
- Added filter support for $_SERVER in cgi/apache2 sapis.
- Make sure PHP_SELF is filtered in Apache 1 sapi.
- (INSTALL_HEADERS contains incorrect reference to php_filter.h).
- Added "default" option that allows a default value to be set for an invalid or missing value.
- Invalid filters fails instead of returning unsafe value
- Fixed possible double encoding problem with sanitizing filters
- Make use of space-strict strip_tags() function
- Fixed whitespace trimming
- Added support for FastCGI environment variables. (Dmitry)
PDO_MySQL Extension Improvements (Ilia)
- Enabled buffered queries by default.
- Enabled prepared statement emulation by default.
Small optimization of the date() function. (Matt,Ilia)
Optimized the internal is_numeric_string() function. (Matt,Ilia)
Optimized array functions utilizing php_splice(). (Ilia)
Windows related optimizations (Dmitry, Stas)
- COM initialization/deinitialization are done only if necessary
- removed unnecessary checks for ISREG file and corresponding stat() calls
- opendir() is reimplementation using GetFirstFile/GetNextFile those are faster then _findfirst/_findnext
- implemented registry cache that prevent registry lookup on each request. In case of modification of corresponding registry-tree PHP will reload it automatic
- start timeout thread only if necessary
- stat() is reimplementation using GetFileAttributesEx(). The new implementation is faster then implementation in MS VC CRT, but it doesn't support Windows 95.
Streams optimization (Dmitry)
- removed unnecessary ftell() calls (one call for each included PHP file)
- disabled calls to read() after EOF
Fixed incorrect function names on FreeBSD where inet_pton() was named __inet_pton() and inet_ntop() was named __inet_ntop(). (Hannes)
Fixed FastCGI impersonation for persistent connections on Windows. (Dmitry)
Fixed wrong signature initialization in imagepng (Takeshi Abe)
Fixed ftruncate() with negative size on FreeBSD. (Hannes)
Fixed segfault in RegexIterator when given invalid regex. (Hannes)
Fixed segfault in SplFileObject->openFile()->getPathname(). (Hannes)
Fixed segfault in ZTS mode when OCI8 statements containing sub-statements are destroyed in wrong order. (Tony)
Fixed the validate email filter so that the letter "v" can also be used in the user part of the email address. (Derick)
(compile failure in ZTS mode when collections support is missing). (Tony)
(The PDO prepare parser goes into an infinite loop in some instances). (Ilia)
(Sessions fail with numeric root keys). (Ilia)
(ob_start call many times - memory error). (Dmitry)
(file_exists incorrectly reports false). (Dmitry)
(ZipArchive::extractTo does create empty directories recursively). (Pierre)
(The FastCgi version has different realpath results than thread safe version). (Dmitry)
(use of array_unique() with objects triggers segfault). (Tony)
(possible endless loop in zlib.inflate stream filter). (Greg, Tony)
(CURLOPT_TCP_NODELAY only available in curl >= 7.11.2). (Tony)
(iconv extension doesn't compile with CodeWarrior on Netware). (gk at gknw dot de, Tony)
(apache2handler doesn't compile on Netware). (gk at gknw dot de)
(PDO_DBLIB driver wont free statements). (Ilia)
(php_fopen_primary_script() not thread safe). (Ilia)
(chroot() doesn't clear realpath cache). (Dmitry)
(spl_autoload_register with 2 instances of the same class). (Ilia)
(milter SAPI functions always return false/null). (Tony)
(php_get_current_user() not thread safe). (Ilia, wharmby at uk dot ibm dot com)
(ORA-01405 when fetching NULL values using oci_bind_array_by_name()). (Tony)
(zend_alloc.c: Value of enumeration constant must be in range of signed integer). (Dmitry)
(exif_read_data dies on certain images). (Tony, Marcus)
(empty() does not work correctly with ArrayObject when using ARRAY_AS_PROPS). (Ilia)
(php_date.c doesn't compile on Netware). (gk at gknw dot de, Derick)
(http_build_query(array()) returns NULL). (Ilia)
(Try/Catch performs poorly). (Dmitry)
(tr_TR.UTF-8 locale has problems with PHP). (Ilia)
(Cannot "foreach" over overloaded properties). (Dmitry)
(type argument of oci_define_by_name() is ignored). (Chris Jones, Tony)
(redirect response code in header() could be ignored in CGI sapi). (Ilia)
(PGSQL_CONNECT_FORCE_NEW will causes next connect to establish a new connection). (Ilia)
(pg_insert/pg_update do not allow now() to be used for timestamp fields). (Ilia)
(ini setting short_open_tag has no effect when using --enable-maintainer-zts). (Dmitry)
(zip ignoring --with-libdir on zlib checks) (judas dot iscariote at gmail dot com)
(References broken). (Dmitry)
(Extensions tidy,mcrypt,mhash,pdo_sqlite ignores --with-libdir). (judas dot iscariote at gmail dot com, Derick)
(Notice message when executing __halt_compiler() more than once). (Tony)
(FILTER_VALIDATE_URL validates \r\n\t etc). (Ilia)
(using autoconf 2.6x and --with-layout=GNU breaks PEAR install path). (Tony)
(ReflectionParameter::getClass() throws exception for type hint self). (thekid at php dot net)
(CURL doesn't compile on Sun Studio Pro). (Ilia)
(number_format() breaks with locale & decimal points). (Ilia)
(safe_read does not initialize errno). (michiel at boland dot org, Dmitry)
(SplFileObject throws contradictory/wrong error messages when trying to open "php://wrong"). (Tony)
(Invalid IPv4 treated as valid). (Ilia)
(Persistent connections generate a warning in pdo_pgsql). (Ilia)
(SOAP Server: parameter not matching the WSDL specified type are set to 0). (Dmitry)
(foreach produces memory error). (Dmitry)
(apxs2filter ignores httpd.conf & .htaccess php config settings). (Ilia)
(SOAP double encoding is not locale-independent). (Dmitry)
(virtual() does not reset changed INI settings). (Ilia)
(build fails on AIX because crypt_r() uses different data struct). (Tony)
(Crash in strtotime() on overly long relative date multipliers). (Ilia)
(PHP doesn't work with Apache 2.3). (mv at binarysec dot com).
(setTime() on a DateTime constructed with a Weekday yields incorrect results). (Ilia)
(PNG image with CRC/data error raises fatal error) (Pierre)
(Enable AUTH PLAIN mechanism in underlying libc-client). (michael dot heimpold at s2000 dot tu-chemnitz dot de, Ilia)
("Indirect modification ..." message is not shown). (Dmitry)
(magic quotes are applied twice by ext/filter in parse_str()). (Ilia)
(cloning fails on nested SimpleXML-Object). (Rob)
(Can't use stored procedures fetching multiple result sets in pdo_mysql). (Ilia)
(Some POSIX extension functions not thread safe). (Ilia, wharmby at uk dot ibm dot com)
(putenv crash on Windows). (KevinJohnHoffman at gmail.com)
(oci_bind_array_by_name doesn't work on Solaris 64bit). (Tony)
(Broken build due to spl/filter usage of pcre extension). (Tony, Ilia)
(possible crash if assert.callback is set in ini). (Ilia)
(php crashes in the allocator on linux-m68k). (Dmitry)
(iconv() - undefined function). (Hannes)
(file_get_contents causes bus error on certain offsets). (Tony)
(Memory leak in pg_get_notify() and a possible memory corruption on Windows in pgsql and pdo_pgsql extensions). (Ilia, matteo at beccati dot com)
(Segfault when calling asXML() of a cloned SimpleXMLElement). (Rob, Tony)
(crash when calling fetch() on a PDO statment object after closeCursor()). (Ilia, Tony)
(ext/dba doesn't check for db-4.5 and db-4.4 when db4 support is enabled). (Tony)
(Wrong negative results from memory_get_usage()). (Dmitry)
(Implementation of PHP functions chown() and chgrp() are not thread safe). (Ilia, wharmby at uk dot ibm dot com)
(Segfault with "Allowed memory size exhausted"). (Dmitry)
(Apache crashes on importStylesheet call). (Rob)
(thread safety fixes on *nix for putenv() & mime_magic). (Ilia, wharmby at uk dot ibm dot com)
(str_replace() is not binary safe on strings with equal length). (Tony)
(Possible segfault in imap initialization due to missing module dependency). (wharmby at uk dot ibm dot com, Tony)
(Use of com.typelib_file in PHP.ini STILL causes A/V). (Rob)
(Invalid session.save_handler crashes PHP). (Dmitry)
(Creating Variant of type VT_ARRAY). (Rob)
(ftp_put() does not change transfer mode to ASCII). (Tony)
(array_walk() doesn't separate user data zval). (Tony)
(move_uploaded_file() no longer working (safe mode related)). (Tony)
(timeout ssl:// connections). (Ilia)
(PDO::errorInfo() returns inconsistent information when sqlite3_step() fails). (Tony)
(ZMSG_LOG_SCRIPT_NAME not routed to OutputDebugString() on Windows). (Dmitry)
(fgetcsv can't handle starting newlines and trailing odd number of backslashes). (David Soria Parra, Pierre)
(Error in maths to calculate of ZEND_MM_ALIGNED_MIN_HEADER_SIZE). (wharmby at uk dot ibm dot com, Dmitry)
(Failure to retrieve results when multiple unbuffered, prepared statements are used in pdo_mysql). (Ilia)
(imagefill crashes with small images 3 pixels or less). (Pierre)
(Archive corrupt with ZipArchive::addFile method). (Pierre)
(xmlwriter_write_dtd_entity() creates Attlist tag, not entity). (Hannes)
(Problem with handling of \ char in prepared statements). (Ilia, suhachov at gmail dot com)
(ftp_nlist() returns false on empty dirs). (Nuno)
(Returning a SOAP array segfaults PHP). (Dmitry)
(getenv() fills other super-globals). (Ilia, Tony)
(Overloaded array properties do not work correctly). (Dmitry)
(Calling debug_backtrace() in the __toString() function produces a crash). (Dmitry)
(Fatal error: Out of memory). (Dmitry)
('foo' instanceof bar gives invalid opcode error). (Sara)
(Syntax error while compiling with Sun Workshop Complier). (Johannes)
(Booleans are not automatically translated to integers). (Ilia)
(Missing check for older variants of openssl). (Ilia)
(clearstatcache() doesn't clear realpath cache). (j at pureftpd dot org, Dmitry)
(imagerotate does not use alpha with angle > 45 degrees) (Pierre)
(Removed warning on empty haystack inside mb_strstr()). (Ilia)
(Added an option to imap_open/imap_reopen to control the number of connection retries). (Ilia)
Fixed bugs , (mbstring function overloading problem). (Seiji)
(Allow building of curl extension against libcurl 7.16.0). (Ilia)
(crash with implode("\n", array(false))). (Ilia)
(Unnecessary calls to OnModify callback routine for an extension INI directive). (wharmby at uk dot ibm dot com, Dmitry)
(ZEND_HASH_APPLY_STOP causes deletion). (Marcus)
(spl_autoload triggers Fatal error). (Marcus)
(make install fails if wget is not available). (Tony)
(Memory corruption because of indirect modification of overloaded array). (Dmitry)
(misleading error message when invalid dimensions are given) (Pierre)
(imagecopyresized may ignore alpha channel) (Pierre)
(Fixed path handling inside mod_files.sh). (michal dot taborsky at gmail dot com, Ilia)
(serialNumber might be -1 when the value is too large). (Pierre, Tony)
(Inappropriate close of stdin/stdout/stderr). (Wez, Ilia)
(Possible crash in Apache 2 with 413 ErrorHandler). (Ilia)
(Parse error in recursiveiteratoriterator.php). (Marcus)
(Incorrect return array handling in non-wsdl soap client). (Dmitry)
(DirectoryFilterDots doxygen docs and example is wrong). (Marcus)
(XML-RPC Breaks iconv). (Hannes)
(unpack() broken with longs on 64 bit machines). (Ilia, David Soria Parra).
(for some keys cdbmake creates corrupted db and cdb can't read valid db). (Marcus)
(Added missing handling of basic types in json_decode). (Ilia)
(Fixed request time leak inside foreach() when iterating through virtual properties). (Dmitry)
(header( "HTTP/1.0 ..." ) does not change proto version). (Ilia)
(proc_get_status() returns wrong PID on windows). (Nuno)
(SOAP returns an array of values instead of an object). (Dmitry)
(Apache2 segfaults when virtual() is called in .php ErrorDocument). (Ilia)
(spl_autoload_register() gives wrong line for "class not found"). (Ilia)
(Remove bogus warnings from persistent PDO connections). (Ilia)
(Memlimit fatal error sent to "wrong" stderr when using fastcgi). (Dmitry)
(Incorrect PDO error message on invalid default fetch mode). (Ilia)
(Prevent trap when COM extension processes argument of type VT_DISPATCH|VT_REF) (Andy)
(iconv_substr() gives "Unknown error" when string length = 1"). (Ilia)
(session save_path check checks the parent directory). (Ilia)
(proc_open() closes stdin on fork() failure). (jdolecek at NetBSD dot org, Nuno)
(COM Property propputref converts to PHP function and can't be accesed). (Rob)
(natcasesort() causes array_pop() to misbehave). (Hannes)
(pg_execute() modifies input array). (Ilia)
(Error parsing named parameters with queries containing high-ascii chars). (Ilia)
(possible crash in variant_date_from_timestamp()). (Ilia)
(proc_open() / proc_close() leak handles on windows). (jdolecek at NetBSD dot org, Nuno)
(wrong number of decimal digits with %e specifier in sprintf). (Matt,Ilia)
(__get method works properly only when conditional operator is used). (Dmitry)
(Erroneous "Class declarations may not be nested" error raised). (Carl P. Corliss, Dmitry)
(nested foreach fails when array variable has a reference). (Dmitry)
(COM extension not returning modified "out" argument) (Andy)
(Something strange with COM Object). (Rob)
(ScriptControl only sees last function of class). (Rob)
(Re-assignment by reference does not clear the is_ref flag) (Ilia, Dmitry, Matt Wilmas)
(apparent symbol table error with extract($blah, EXTR_REFS)) (Brian)
(is_executable() does not honor safe_mode_exec_dir setting). (Ilia)
(ORA-01405: fetched column value is NULL on LOB fields). (Tony)

Version 5.2.0

02-Nov-2006

Updated bundled OpenSSL to version 0.9.8d in the Windows distro. (Edin)
Updated Postgresql client libraries to 8.1.4 in the Windows distro. (Edin)
Updated PCRE to version 6.7. (Ilia)
Updated libsqlite in ext/pdo_sqlite to 3.3.7. (Ilia)
Updated bundled MySQL client library to version 5.0.22 in the Windows distribution. (Edin)
Updated timezonedb to version 2006.14. (Derick)
Added ability to make SOAP call userspace PHP<->XML converters. (Dmitry)
Added support for character sets in pg_escape_string() for PostgreSQL 8.1.4 and higher. (Ilia)
Added support for character sets in PDO quote() method for PostgreSQL 8.1.4 and higher. (Ilia)
Added DSA key generation support to openssl_pkey_new(), FR (marci at balabit dot hu, Tony)
Added SoapServer::setObject() method (it is a simplified version of SoapServer::setClass() method). (Dmitry)
Added support for hexadecimal entity in imagettftext() for the bundled GD. (Pierre)
Added support for httpOnly flag for session extension and cookie setting functions. (Scott MacVicar, Ilia)
Added version specific registry keys to allow different configurations for different php version. (Richard, Dmitry)
Added "PHPINIDir" Apache directive to apache and apache_hooks SAPIs. (Dmitry)
Added an optional boolean parameter to memory_get_usage() and memory_get_peak_usage() to get memory size allocated by emalloc() or real size of memory allocated from system. (Dmitry)
Added Zip Archive extension. (Pierre)
Added RFC1867 fileupload processing hook. (Stefan E.)
Added JSON and Filter extensions. (Derick, Rasmus, Pierre, Ilia)
Added error messages to disk_free_space() and disk_total_space() functions. FR (Tony)
Added PATHINFO_FILENAME option to pathinfo() to get the filename. (Toby S. and Christian S.)
Added array_fill_keys() function. (Marcus, Matt Wilmas)
Added posix_initgroups() function. (Ilia)
Added an optional parameter to parse_url() to allow retrieval of distinct URL components. (Ilia)
Added optional parameter to http_build_query() to allow specification of string separator. (Ilia)
Added image_type_to_extension() function. (Hannes, Ilia)
Added allow_url_include ini directive to complement allow_url_fopen. (Rasmus)
Added automatic module globals management. (Dmitry)
Added RFC2397 (data: stream) support. (Marcus)
Added new error mode E_RECOVERABLE_ERROR. (Derick, Marcus, Tony)
Added support for getenv() input filtering. (Rasmus)
Added support for constructors in interfaces to force constructor signature checks in implementations. (Marcus)
Added memory_get_peak_usage() function for retrieving peak memory usage of a PHP script. (Ilia)
Added pg_field_table() function. (Edin)
Added SimpleXMLElement::saveXML() as an alias for SimpleXMLElement::asXML(). (Hannes)
Added DOMNode::getNodePath() for getting an XPath for a node. (Christian)
Added gmp_nextprime() function. (ants dot aasma at gmail dot com, Tony)
Added error_get_last() function. (Mike)
Removed current working directory from the php.ini search path for CLI and re-added it for other SAPIs (restore to pre 5.1.x behavior). (Edin)
Moved extensions to PECL:
- ext/filepro (Derick, Tony)
- ext/hwapi (Derick, Tony)
Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled. (Stefan E., Ilia)
Increased default memory limit to 16 megabytes to accommodate for a more accurate memory utilization measurement.
In addition to path to php.ini, PHPRC now may specify full file name. (Dmitry)
Optimized array/HashTable copying. (Matt Wilmas, Dmitry)
Optimized zend_try/zend_catch macros by eliminating memcpy(3). (Dmitry)
Optimized require_once() and include_once() by eliminating fopen(3) on second usage. (Dmitry)
Optimized request shutdown sequence. Restoring ini directives now iterates only over modified directives instead of all. (Dmitry)
Changed priority of PHPRC environment variable on win32 to be higher then value from registry. (Dmitry)
Changed __toString() to be called wherever applicable. (Marcus)
Changed E_ALL error reporting mode to include E_RECOVERABLE_ERROR. (Marcus)
Changed realpath cache to be disabled when "open_basedir" or "safe_mode" are enabled on per-request basis. (Ilia)
Improved SNMP extension: (Jani)
- Renamed snmp_set_oid_numeric_print() to snmp_set_oid_output_format().
- Added 2 new constants: SNMP_OID_OUTPUT_FULL and SNMP_OID_OUTPUT_NUMERIC
- (AES privacy encryption not possible due to net-snmp 5.2 compatibility issue). (Patch: scott dot moynes+php at gmail dot com)
Improved OpenSSL extension: (Pierre)
- Added support for all supported algorithms in openssl_verify
- Added openssl_pkey_get_details, returns the details of a key
- Added x509 v3 extensions support
- Added openssl_csr_get_subject() and openssl_csr_get_public_key()
- Added 3 new constants OPENSSL_VERSION_TEXT and OPENSSL_VERSION_NUMBER and OPENSSL_KEYTYPE_EC
Improved the Zend memory manager: (Dmitry)
- Removed unnecessary "--disable-zend-memory-manager" configure option.
- Added "--enable-malloc-mm" configure option which is enabled by default in debug builds to allow using internal and external memory debuggers.
- Allow tweaking the memory manager with ZEND_MM_MEM_TYPE and ZEND_MM_SEG_SIZE environment variables.
- For more information: Zend/README.ZEND_MM
Improved safe_mode check for the error_log() function. (Ilia)
Improved the error reporting in SOAP extension on request failure. (Ilia)
Improved crypt() on win32 to be about 10 times faster and to have friendlier license. (Frank, Dmitry)
Improved performance of the implode() function on associated arrays. (Ilia)
Improved performance of str_replace() when doing 1 char to 1 char or 1 char to many chars replacement. (Ilia)
Improved apache2filter SAPI:
- Allowed PHP to be an arbitrary filter in the chain and read the script from the Apache stream. (John)
- Added support for apache2filter in the Windows build including binary support for both Apache 2.0.x (php5apache2_filter.dll) and Apache 2.2.x (php5apache2_2_filter.dll). (Edin)
Improved apache2handler SAPI:
- Changed ap_set_content_type() to be called only once. (Mike)
- Added support for Apache 2.2 handler in the Windows distribution. (Edin)
Improved FastCGI SAPI: (Dmitry)
- Removed source compatibility with libfcgi.
- Optimized access to FastCGI environment variables by using HashTable instead of linear search.
- Allowed PHP_FCGI_MAX_REQUESTS=0 that assumes no limit.
- Allowed PHP_FCGI_CHILDREN=0 that assumes no worker children. (FastCGI requests are handled by main process itself)
Improved CURL:
- Added control character checks for "open_basedir" and "safe_mode" checks. (Ilia)
- Added implementation of curl_multi_info_read(). (Brian)
Improved PCRE: (Andrei)
- Added run-time configurable backtracking/recursion limits.
- Added preg_last_error(). (Andrei)
Improved PDO:
- Added new attribute ATTR_DEFAULT_FETCH_MODE. (Pierre)
- Added FETCH_PROPS_LATE. (Marcus)
Improved SPL: (Marcus)
- Made most iterator code exception safe.
- Added RegExIterator and RecursiveRegExIterator.
- Added full caching support and ArrayAccess to CachingIterator.
- Added array functions to ArrayObject/ArrayIterator and made them faster.
- Added support for reading csv and skipping empty lines in SplFileObject.
- Added CachingIterator::TOSTRING_USE_INNER, calls inner iterator __toString.
- Added ability to set the CSV separator per SplFileObject.
Improved xmlReader: (Rob)
- Added readInnerXml(), xmlReader::setSchema().
- Added readInnerXML(), readOuterXML(), readString(), setSchema(). (2.6.20+)
- Changed to passing libxml options when loading reader.
Fixed invalid read in imagecreatefrompng when an empty file is given (Pierre, Tony)
Fixed infinite loop when a wrong color index is given to imagefill (Pierre)
Fixed mess with CGI/CLI -d option (now it works with cgi; constants are working exactly like in php.ini; with FastCGI -d affects all requests). (Dmitry)
Fixed missing open_basedir check inside chdir() function. (Ilia)
Fixed overflow on 64bit systems in str_repeat() and wordwrap(). (Stefan E.)
Fixed XSLTProcessor::importStylesheet() to return TRUE on success (Christian)
Fixed leaks in openssl_csr_sign and openssl_csr_new (Pierre)
Fixed phpinfo() cutoff of variables at \0. (Ilia)
Fixed a bug in the filter extension that prevented magic_quotes_gpc from being applied when RAW filter is used. (Ilia)
Fixed memory leaks in openssl streams context options. (Pierre)
Fixed handling of extremely long paths inside tempnam() function. (Ilia)
Segmentation fault with list unpacking of string offset). (Dmitry)
Not including nsapi.h properly with SJSWS 7). This will make PHP 5.2 compatible to new Sun Webserver. (Uwe)
Uncaught exception may cause crash). (Dmitry)
Memleak when reflecting non-existing class/method). (Tony)
getDeclaringClass() and private properties). (Tony)
SSL: fatal protocol error when fetching HTTPS from servers running Google web server). (Ilia)
Compatibility issue between DOM and zend.ze1_compatibility_mode). (Rob)
curl_exec() with return transfer returns TRUE on empty files). (Ilia)
strcspn() stops on null character). (Tony)
PHP in FastCGI server mode crashes). (Dmitry)
foreach(($obj = new myClass) as $v); echo $obj; segfaults). (Dmitry)
Fixed generation of config.nice with autoconf 2.60). (Ilia)
__autoload() is called for type hinting). (Dmitry, Tony)
ReflectionProperty returns incorrect declaring class for protected properties). (Tony)
PDO_MYSQL doesn't check connections for liveness). (Tony)
Fixed safe_mode/open_basedir checks for session.save_path, allowing them to account for extra parameters). (Ilia)
Absolute path with slash at beginning doesn't work on win). (Dmitry)
Can't cast COM objects). (Wez)
using FTP URLs in get_headers() causes crash). (Tony)
Fixed a possible open_basedir bypass in tempnam()). (Ilia)
metaphone() results in segmentation fault on NetBSD). (Tony)
Cannot get xmlns value attribute). (Rob)
Double old-style-ctor inheritance). (Dmitry)
imap extension does not compile against new version of the imap library). (Ilia)
move_uploaded_file() cannot read uploaded file outside of open_basedir). (Ilia)
apache2filter changes cwd to /). (Ilia, Hannes)
get_headers() do not work with curl-wrappers). (Ilia)
ldap_connect causes segfault with newer versions of OpenLDAP). (Tony)
parse_url() fails if passing '@' in passwd). (Tony)
lookupNamespaceURI doesn't return default namespace). (Rob)
curl_easy_strerror() is defined only since cURL 7.12.0). (Tony)
DOMEntityReference->__construct crashes when called explicitly). (Rob)
"maybe ref" issue for current() and others). (Dmitry)
engine crashes when require()'ing file with syntax error through userspace stream wrapper). (Tony, Dmitry)
inconsistent overriding of methods in different visibility contexts). (Dmitry)
PDO sqlite2 empty query causes segfault). (Tony)
Invalid memory read in date_parse()). (Tony, Derick)
SoapClient::__getTypes never returns). (Dmitry)
curl_multi_add_handle() set curl handle to null). (Ilia)
sockaddr local storage insufficient for all sock families). (Sara)
mixed-case URL breaks url-wrappers). (Ilia)
memory leak in ReflectionClass::getConstant()). (Tony)
uninit'd optional arg in stream_socket_sendto()). (Sara)
curl_copy_handle() fails to fully copy the cURL handle). (Tony, Ilia)
Strange warning when incrementing an object property and exception is thrown from __get method). (Tony)
leaks in a tricky code with switch() and exceptions). (Dmitry)
include_once() may include the same file twice). (Dmitry)
missing curl constants and improper constant detection). (Ilia)
shutdown_executor() may segfault when memory_limit is too low). (Dmitry)
memory corruption in pdo_pgsql driver on error retrieval inside a failed query executed via query() method). (Ilia)
segfault when calling setlocale() in userspace session handler). (Tony)
strptime() does not initialize the internal date storage structure). (Ilia)
Fixed bugs , , (Fixed session extension request shutdown order to ensure it is shutdown before the extensions it may depend on). (Ilia)
Access to "php://stdin" and family crashes PHP on win32). (Dmitry)
getAttribute select attribute by order, even when prefixed). (Rob)
--enable-versioning causes make fail on OS X). (Tony)
ReflectionParameter fails if default value is an access to self::). (Johannes)
array_count_values() mishandles numeric strings). (Matt Wilmas, Ilia)
setting private attribute with __set() produces segfault). (Tony)
, (error retrieving columns after long/text columns with PDO_ODBC). (Wez)
warning upon disabling handler via xml_set_element_handler). (dtorop933 at gmail dot com, Rob)
PDO_MYSQL doesn't compile on Solaris). (Tony)
constructor is not called for classes used in userspace stream wrappers). (Tony)
DOMNodeList->item(0) segfault on empty NodeList). (Ilia)
xmlrpc_get_type() crashes PHP on objects). (Tony)
unicode causes xml_parser to misbehave). (Rob)
Different attribute assignment if new or existing). (Rob)
Use of com.typelib_file may cause a crash). (Ilia)
PDO fails to recover from failed prepared statement execution). (Ilia)
session_destroy() gives warning after session_regenerate_id()). (Ilia)
dbase_open can't open DBase 3 dbf file). (rodrigo at fabricadeideias dot com, Mike)
Unwanted reformatting of XML when using AsXML). (Christian)
Segmentation fault when using foreach with an unknown/empty SimpleXMLElement). (Tony)
reading past array in sscanf() leads to arbitrary code execution). (Tony)
Constructing in the destructor causes weird behavior). (Dmitry)
spl_autoload_register() suppress all errors silently). (Ilia)
configure script ignores --without-cdb,inifile,flatfile). (Marcus)
segfault in session_decode() when _SESSION is NULL). (Tony)
static variables mess up global vars). (Dmitry)
session_cache_expire()'s value does not match phpinfo's session.cache_expire). (Tony)
file_exists() works incorrectly with long filenames on Windows). (Ilia, Tony)
fopen wrapper doesn't fail on invalid hostname with curlwrappers enabled). (Tony)
heap corruption). (Dmitry)
openssl_x509_parse() leaks with invalid cert) (Pierre)
openssl possible leaks while passing keys) (Pierre)
PDO produces segfault with default fetch mode). (Tony)
socket_select() and invalid arguments). (Tony)
Binary data gets corrupted on multipart/formdata POST). (Ilia)
Exception in __clone makes memory leak). (Dmitry, Nuno)
strtotime() does not parse YYYY-MM format). (Ilia)
session extension can't handle broken cookies). (Ilia)
Crash on some object operations). (Dmitry)
ReflectionClass::newInstanceArgs() tries to allocate too much memory). (Tony)
gif interlace output cannot work). (Pierre)
Fixed bugs , , (wddx encoding fails to handle certain characters). (Ilia)
Segfault on invalid imagecreatefromgd2part() parameters). (Pierre)
variable name and cookie name match breaks script execution). (Dmitry)
fclose() unable to close STDOUT and STDERR). (Tony)
possible crash when COM reports an exception). (Ilia)
ReflectionClass::isSubclassOf() returns TRUE for the class itself). (Ilia)
disable_classes=Foobar causes disabled class to be called Foo). (Jani)
imagecopy from a palette to a truecolor image loose alpha channel) (Pierre)
Freeing nested cursors causes OCI8 to segfault). (Tony)
Crash in pdo_pgsql on missing bound parameters). (Ilia)
oci_bind_by_name() returns garbage when Oracle didn't set the variable). (Tony)
Cannot use array returned from foo::__get('bar') in write context). (Dmitry)
ReflectionClass::getStaticProperties() retains \0 in key names). (Ilia)
undefined reference to spl_dual_it_free_storage). (Marcus)
corrupted gif segfaults) (Pierre)
large timeout values ignored on 32bit machines in stream_socket_accept() and stream_socket_client()). (Ilia)
stream_copy_to_stream() returns 0 when maxlen is bigger than the actual length). (Tony)
boolean arg for mysqli_autocommit() is always true on Solaris). (Tony)
Parameters are not decoded from utf-8 when using encoding option). (Dmitry)
ignored constructor visibility). (Marcus)
Wrong interpretation of boolean parameters). (Dmitry)
"file" and "line" sometimes not set in backtrace from inside error handler). (Dmitry)
segfault extending mysqli class). (Dmitry)
SoapFault faultstring doesn't follow encoding rules). (Dmitry)
Parameters in SoapServer are decoded twice). (Dmitry)
in classes inherited from MySQLi it's possible to call private constructors from invalid context). (Tony)
invalid return of file_exists() in safe mode). (Ilia)
zend_ptr_stack reallocation problem). (Dmitry)
pathinfo() cannot handle argument with special characters like German "Umlaut"). (Mike)
possible crash in OCI8 after database restart when using persistent connections). (Tony)
Display constant value in reflection::export). (Johannes)
compilation problems on z/OS). (Tony)
pgo_pgsql tries to de-allocate unused statements). (Ilia, ce at netage dot bg)
file_get_contents() leaks on empty file). (Hannes)
Integer pointer comparison to numeric value). (bugs-php at thewrittenword dot com)
wordwrap() wraps incorrectly). (ddk at krasn dot ru, Tony)
ReflectionProperty does not throw exception when accessing protected attribute). (Marcus)
define not using toString on objects). (Marcus)
segmentation fault during SOAP schema import). (Tony)
weird behavior of object type and comparison). (Marcus)
memory leak trying to execute a non existing file (CLI)). (Mike)
empty include_path leads to search for files inside /). (jr at terragate dot net, Ilia)
strtotime segfaults when given "nextyear"). (Derick)
merge_php_config scrambles values). (Mike, pumuckel at metropolis dot de)
Possible crash in PDO::errorCode()). (Ilia)
clone without assigning leaks memory). (Ilia, Nuno, Dmitri)
Semaphore constants not available). (Ilia)
MySQLi extension fails to recognize BIT column). (Ilia)
Object is not added into array returned by __get). (Marcus)
parameter of pcntl signal handler is trashed). (Mike)
Protected method access problem). (Marcus)
MySQL extensions should link against thread safe client libs if built with ZTS). (Mike)
mysqli_ssl_set validation is inappropriate). (Georg)
DATE_RFC822 does not product RFC 822 dates). (Hannes Magnusson, Derick)
Class name lowercased in error message). (Johannes)
var without attribute causes segfault). (Marcus)
Bumped minimum PCRE version to 6.6, needed for recursion limit support). (Ilia)
oci_bind_array_by_name clobbers input array when using SQLT_AFC, AVC). (Tony)
WDDX incorrectly encodes high-ascii characters). (Ilia)
Using reflection::export with simplexml causing a crash). (Marcus)
AES privacy encryption not possible due to net-snmp 5.2 compatibility issue). (Jani, patch by scott dot moynes+php at gmail dot com)
array_key_exists performance is poor for &$array). (Ilia)
timeout functionality doesn't work after a second PHP start-up on the same thread). (p dot desarnaud at wanadoo dot fr)
oci8 persistent connection corruption). (Tony)
namespaces added too late, leads to missing xsi:type attributes. incompatibility with libxml2-2.6.24). (Dmitry)
strtotime doesn't assume year correctly). (Derick)
session_regenerate_id changes session_id() even on failure). (Hannes)
touch() truncates large files). (Ilia)
CLI segmentation faults during cleanup with sybase-ct extension enabled). (Tony)
FastCGI output buffer overrun). (Piotr, Dmitry)
oci_fetch_array() array-type should always default to OCI_BOTH). (Tony)
Crash when an exception is thrown in accept() method of FilterIterator). (Marcus)
DOMElement->setAttribute() loops forever). (Rob)
Fixed crash in pdo_mysql resulting from premature object destruction). (Ilia)
PHP crashes on windows if there are start-up errors and event log is used for logging them). (Edin)
tidy module crashes on shutdown). (Tony)
iterator_to_array() hides exceptions thrown in rewind() method). (Tony)
Rejected versions of flex that don't work). (Ilia)
recursive mkdir() fails to create nonexistent directories in root dir). (Tony)
substr_compare() returns an error when offset equals string length). (Ilia)
Unnecessary call to OCITransRollback() at the end of request). (Tony)
fastcgi.c compile fail with gcc 2.95.4). (Ilia)
Incorrect timestamp returned for strtotime()). (Derick)
PDO_MYSQL does not build if no other mysql extension is enabled). (Mike)
make PEAR install ignore open_basedir). (Ilia)
$_SERVER in included file is shortened to two entries, if $_ENV gets used). (Dmitry)
sigemptyset() used without including <signal.h>). (jdolecek)
max_execution_time = max_input_time). (Dmitry)
SOAP not respecting uri in __soapCall). (Dmitry)
Added missing safe_mode & open_basedir checks to imap_body()). (Ilia)
var_export() does not escape \0 character). (Ilia)
php-fastcgi doesn't handle connection abort). (Dmitry)
Added strict flag to base64_decode() that enforces RFC3548 compliance). (Ilia)
PHP crashes trying to assign into property of dead object). (Dmitry)
invalid internal mysqli objects dtor). (Mike)
req/x509 extensions support for openssl_csr_new and openssl_csr_sign) (ben at psc dot edu, Pierre)
Objects destructors are invoked in wrong order when script is finished). (Dmitry)
pdo_pgsql driver incorrectly ignored some errors). (Wez, Ilia)
umask not reset at the end of the request). (Ilia)
Unlinking buckets from non-existent brigades). (Sara)
Error ORA-24806 occurs when trying to fetch a NCLOB field). (Tony)
file_get_contents() fails with some combinations of offset & maxlen). (Nuno)
Lack of read permission on main script results in E_WARNING rather then E_ERROR). (Ilia)
--with-curlwrappers causes PHP to disregard some HTTP stream context options). (Mike)
recursive array_walk causes segfault). (Tony)
throw in foreach causes memory leaks). (Dmitry)
oci_password_change() fails). (pholdaway at technocom-wireless dot com, Tony)
Missing math constants). (Hannes)
https:// or ftps:// do not work when --with-curlwrappers is used and ssl certificate is not verifiable). (Ilia)
number_format and problem with 0). (Matt Wilmas)
openssl_x509_parse() extensions support) (Pierre)
(oci8 might reuse wrong persistent connection). (Tony)
(issue in php_oci_statement_fetch with more than one piecewise column) (jeff at badtz-maru dot com, Tony)
(OCI8 persistent connections misbehave when Apache process times out). (Tony)
(error selecting DOUBLE fields with PDO_ODBC). ("slaws", Wez)

Version 5.1.6

24-Aug-2006

Fixed memory_limit on 64bit systems. (Stefan E.)
(Access to "php://stdin" and family crashes PHP on win32). (Dmitry)

Version 5.1.5

17-Aug-2006

Fixed overflow on 64bit systems in str_repeat() and wordwrap(). (Stefan E.)
Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled. (Stefan E., Ilia)
(reading past array in sscanf() leads to arbitrary code execution). (Tony)
(undefined reference to spl_dual_it_free_storage). (Marcus)
(corrupted gif segfaults) (Pierre)
(var without attribute causes segfault). (Marcus)
(FastCGI env (cgi vars) table overflow). (Piotr)
(FastCGI output buffer overrun). (Piotr, Dmitry)
(oci_fetch_array() array-type should always default to OCI_BOTH). (Tony)
(iterator_to_array() hides exceptions thrown in rewind() method). (Tony)
(Unnecessary call to OCITransRollback() at the end of request). (Tony)
($_SERVER in included file is shortened to two entries, if $_ENV gets used). (Dmitry)
(sigemptyset() used without including <signal.h>). (jdolecek)
(invalid colormap format) (Pierre)
(invalid gif size) (Pierre)
(max_execution_time = max_input_time). (Dmitry)
(SOAP not respecting uri in __soapCall). (Dmitry)
(Added missing safe_mode & open_basedir checks to imap_body()). (Ilia)
(php-fastcgi doesn't handle connection abort). (Dmitry)

Version 5.1.4

04-May-2006

Added "capture_peer_cert" and "capture_peer_cert_chain" context options for SSL streams. (Wez).
Added PDO::PARAM_EVT_* family of constants. (Sara)
Fixed possible crash in highlight_string(). (Dmitry)
(FastCGI now longer works with isapi_fcgi.dll). (Dmitry)
(cloning Dom Documents or Nodes does not work). (Rob)
(problems with $_POST array). (Dmitry)
(bad error reporting for pdo_odbc exec UPDATE). (Wez).
(crash when pdo_odbc prepare fails). (Wez).

Version 5.1.3

02-May-2006

Updated bundled PCRE library to version 6.6. (Andrei)
Moved extensions to PECL:
- ext/msession (Derick)
Reimplemented FastCGI interface. (Dmitry)
Improved SPL: (Marcus)
- Fixed issues with not/double calling of constructors of SPL iterators.
- Fixed issues with info-class/file-class in SPL directory handling classes.
- Fixed ArrayIterator::seek().
- Added SimpleXMLIterator::count().
- Dropped erroneous RecursiveDirectoryIterator::getSubPathInfo().
Improved SimpleXML: (Marcus, Rob)
- Added SimpleXMLElement::getName() to retrieve name of element.
- Added ability to create elements on the fly.
- Added addChild() method for element creation supporting namespaces.
- Added addAttribute() method for attribute creation supporting namespaces.
- Added ability to delete specific elements and attributes by offset.
Improved Reflection API: (Marcus)
- Added ReflectionClass::newInstanceArgs($args).
- Added ability to analyze extension dependency.
- Added ReflectionFunction::isDeprecated() and constant IS_DEPRECATED.
- Added ReflectionParameter::getDeclaringClass().
- Changed reflection constants to be prefixed with IS_. (Johannes)
Improved cURL extension: (Ilia)
- Added curl_setopt_array() function that allows setting of multiple options via an associated array.
- Added the ability to retrieve the request message sent to the server.
Improved GD extension: (Pierre)
- Added a weak/tolerant mode to the JPEG loader.
- Added filtering mode option to imagepng() to allow reducing file size.
- Fixed imagecolorallocate() and imagecolorallocatelapha() to return FALSE on error.
Changed get_headers() to retrieve headers also from non-200 responses. (Ilia)
Changed get_headers() to use the default context. (Ilia)
Changed SOAP extension to cache WSDL structure in memory and thus speed up SoapClient/SoapServer construction. (Andrei, Dmitry)
Added lchown() and lchgrp() to change user/group ownership of symlinks. (Derick)
Added support for exif date format in strtotime(). (Derick)
Added a check for special characters in the session name. (Ilia)
Added "consumed" stream filter. (Marcus)
Added new mysqli constants for BIT and NEW_DECIMAL field types: MYSQLI_TYPE_NEWDECIMAL and MYSQLI_TYPE_BIT. FR . (Georg)
Added imap_savebody() that allows message body to be written to a file. (Mike)
Added overflow checks to wordwrap() function. (Ilia)
Added support for BINARY_DOUBLE and BINARY_FLOAT to PDO_OCI and OCI8 (also fixes bug ). (Tony)
Eliminated run-time constant fetching for TRUE, FALSE and NULL. (Dmitry)
Removed the E_STRICT deprecation notice from "var". (Ilia)
Fixed reading stream filters never notified about EOF. (Mike)
Fixed tempnam() 2nd parameter to be checked against path components. (Ilia)
Fixed a bug that would not fill in the fifth argument to preg_replace() properly, if the variable was not declared previously. (Andrei)
Fixed safe_mode check for source argument of the copy() function. (Ilia)
Fixed mysqli bigint conversion under Windows (Georg)
Fixed XSS inside phpinfo() with long inputs. (Ilia)
Fixed Apache2 SAPIs header handler modifying header strings. (Mike)
Fixed 'auto_globals_jit' to work together with 'register_argc_argv'. (Dmitry)
Fixed offset/length parameter validation in substr_compare() function. (Ilia)
Fixed debug_zval_dump() to support private and protected members. (Dmitry)
Fixed SoapFault::getMessage(). (Dmitry)
Fixed issue with iconv_mime_decode where the "encoding" would only allow upper case specifiers. (Derick)
Fixed tiger hash algorithm generating wrong results on big endian platforms. (Mike)
Fixed crash with DOMImplementation::createDocumentType("name:"). (Mike)
(Serving binary content/images fails with "comm with server aborted" FastCGI err). (Dmitry)
(cc may complain about non-constant initializers in hash_adler.c). (Mike)
(chmod takes off sticky bit when safe_mode is On). (Tony)
(PDO segfaults when throwing exception from the fetch handler). (Tony)
(wddx does not build as a shared extension). (jdolecek at NetBSD dot org, Ilia)
(fread behavior changes after calling stream_wrapper_register). (Wez)
(__autoload tries to load callback'ed self and parent). (Dmitry)
(libmbfl headers not installed). (Jani)
(Frequent crashes in SOAP extension with new WSDL caching code in multithread WS). (Andrei, Dmitry)
(compile failure on ARM architecture). (Tony)
(curl_exec() doesn't zero-terminate binary strings). (Tony)
(Type of retval of Countable::count() is not checked). (Johannes)
(oci_bind_by_name() doesn't support RAW and LONG RAW fields). (Tony)
(xmlrpc_decode() may produce arrays with numeric strings, which are unaccessible). (Tony)
(incorrect reference counting for persistent OCI8 connections). (Tony)
(SoapClient Error Fetching http headers). (Dmitry)
(html_errors with internal classes produces wrong links). (Tony)
(foreach breaks static scope). (Dmitry)
(Fixed check for special chars for http redirects). (Ilia)
(strtotime fails before 13:00:00 with some time zones identifiers). (Derick)
(Have to quote literals in INI when concatenating with vars). (Dmitry)
(mktime freezes on long numbers). (Derick)
(SplFileObject->fgets() ignores max_length). (Tony)
(serialize() does not handle recursion). (Ilia)
(strncmp & strncasecmp do not return false on negative string length). (Tony)
(ArrayIterator does not clone itself). (Marcus)
(OCILob->read() doesn't move internal pointer when reading 0's). (Tony)
(wsdl default value overrides value in soap request). (Dmitry)
(__set() leaks in classes extending internal ones). (Tony, Dmitry)
(User filters can leak buckets in some situations). (Ilia)
(error messages are printed even though an exception has been thrown). (Tony)
(is_*() functions do not account for open_basedir). (Ilia)
(session_destroy() fails after call to session_regenerate_id(true)). (Ilia)
(memory leak in output buffering when using chunked output). (Tony)
(DOMElement crashes when calling __construct when cloning). (Tony)
(Added support for partial content fetching to the HTTP streams wrapper). (Ilia)
(Documentation and code discrepancies for NULL data in oci_fetch_*() functions). (Tony)
(Exceptions thrown in ArrayObject::offsetGet cause segfault). (Tony)
(Privileged connection with an Oracle password file fails). (Tony)
(__FILE__ behavior changed). (Dmitry)
(syslog ident becomes garbage between requests). (Tony)
(mysqli_set_charset() crash with a non-open connection). (Ilia)
(DOMDocument::removeChild corrupts node). (Rob)
(SOAP: 'Error Fetching http body' when using HTTP Proxy). (Dmitry)
(No error message when load data local file isn't found). (Georg)
(In a class extending XMLReader array properties are not writable). (Tony)
(segfault in pdo_pgsql bindValue() when no parameters are defined). (Tony)
(The SoapServer is not able to send a header that it didn't receive). (Dmitry)
(Transparency is lost when using imagecreatetruecolor). (Pierre)
(Removed arbitrary limit on the length of syslog messages). (Ilia)
(http_build_query generates invalid URIs due to use of square brackets). (Mike)
(strtotime() returns false when 2nd argument < 1). (Derick)
(SoapServer::handle() exits on SOAP faults). (Dmitry)
(pg_trace() does not work). (iakio at mono-space dot net)
(Segfault when using Soap). (Dmitry)
(assignment to SimpleXML object attribute changes argument type to string). (Tony)
(pg_query_params() changes arguments type to string). (Tony)
(DATE_W3C format constant incorrect). (Derick)
(SOAP: Incorrect complex type instantiation with hierarchies). (Dmitry)
(Added PDO::MYSQL_ATTR_DIRECT_QUERY constant that should be set when executing internal queries like "show master status" via MySQL). (Ilia)
(memory_limit setting on win32 has no effect). (Dmitry)
(comment will be outputted in last line). (Dmitry)
(strtotime() fails to parse date strings with tabs). (Ilia, Derick)
(Incorrect adding PHPSESSID to links, which contains \r\n). (Ilia)
(sleep() accepts negative values). (Ilia)
(DBA problem with Berkeley DB4). (Marcus)
(Improper resolution of declaring class name of an inherited property). (Ilia)
(segfault when access result->num_rows after calling result->close()). (Ilia,Tony)
(oci_execute() no longer supports OCI_DESCRIBE_ONLY). (Tony)
(Custom 5xx error does not return correct HTTP response error code). (Tony)
(strtotime() fails to parse dates in dd-mm-yyyy format). (Derick)
(ext/soap crashes when throwing exception and session persistence). (David)
(PDO/PgSQL's getColumnMeta() crashes). (Derick)
(splFileObject::fwrite() doesn't write when no data length specified). (Tony)
(parse_url() does not parse numeric paths properly). (Ilia)
(PDO/MySQL problem loading BLOB over 1MB). (Ilia)
(ReflectionProperty fails to return correct visibility). (Ilia)
(Added missing documentation about realpath cache INI settings). (Ilia)
(ReflectionProperty::getDocComment() does not reflect extended class commentary). (Ilia)
(crc32() differ on 32-bit and 64-bit platforms) (anight@eyelinkmedia dot com, Pierre)
(foreach on error_zval produces segfault). (Dmitry)
(typo in SplFileObject::flock() parameter name). (Tony)
(Segfault with SplFileInfo conversion). (Marcus)
(SOAPClient Compression Broken). (Dmitry)
(Object destructors called even after fatal errors). (Dmitry)
(SplFileObject::getPath() may lead to segfault). (Tony)
(PHP causes ORA-07445 core dump in Oracle server 9.2.x). (Tony)
(Possible memory corruption in stream_select()). (Tony)
(ocicolumnname returns false before a successful fetch). (Tony)
(Inconsistent handling when passing potential arrays). (Dmitry)
(date(DATE_ATOM) gives wrong results). (Derick, Hannes Magnusson)
(errorInfo in PDOException is always NULL). (Ilia)
(symbol namespace conflicts using bundled gd). (Jakub Moc)
(Memory leaks on duplicate cookies). (Dmitry)
(str_rot13() crash on non-string parameter). (Pierre)
(PDO_PGSQL - PDO::exec() does not return number of rows affected by the operation). (Ilia)
(SIGTERM is not handled correctly when running as a FastCGI server). (Dmitry)
(problems with curl+ssl and pgsql+ssl in same PHP). (Mike)
(unpack("H*hex", $data) is adding an extra character to the end of the string). (Ilia)
(DirectoryIterator constructor failed to detect empty directory names). (Ilia)
(Reading records of unsupported type causes segfault). (Tony)
(oci_result() returns garbage after oci_fetch() failed). (Tony)
(SoapClient waits for responses on one-way operations). (Dmitry)
(Engine Crash related with 'clone'). (Dmitry)
(possible OCI8 crash in multi-threaded environment). (Tony)
(parse_ini_file() miscounts lines in multi-line values). (Ilia)
(ext/hash compile failure on Mac OSX). (Tony)
(heredoc adds extra line number). (Dmitry)
(realpath cache memleaks). (Dmitry, Nuno)
(Strict errormsg wrong for call_user_func() and the likes). (Marcus)
(Segfault when re-creating and re-executing statements with bound parameters). (Tony)
(Problem with $this in __destruct()). (Dmitry)
(recursive mkdir() does not work with relative path like "foo/bar"). (Tony)
(SplFileInfo::getPathname() returns unix style filenames in win32). (Marcus)
(Unknown persistent list entry type in module shutdown). (Dmitry)
(Fatal com_exception casting object). (Rob)
(stream_select() should warning when tv_sec is negative). (Ilia)
(SimpleXML causes memory read error zend engine). (Marcus)
(empty array onto COM object blows up). (Rob)
(sqlite_fetch_column_types() locks the database forever). (Ilia)

Version 5.1.2

12-Jan-2006

Updated libsqlite in ext/sqlite to 2.8.17. (Ilia)
Updated libsqlite in ext/pdo_sqlite to 3.2.8. (Ilia)
Updated to libxml2-2.6.22 and libxslt-1.1.15 in the win32 bundle. (Rob)
Added new extensions: (Ilia, Wez)
- XMLWriter
- Hash
Added PNG compression support to GD extension. (Pierre)
Added reflection constants as class constants. (Johannes)
Added --enable-gcov configure option to enable C-level code coverage. (John, Jani, Ilia, Marcus)
Added missing support for 'B' format identifier to date() function. (Ilia)
Changed reflection to be an extension. (Marcus)
Improved SPL extension: (Marcus)
- Added class SplFileInfo as root class for DirectoryIterator and SplFileObject
- Added SplTempFileObject
Improved SimpleXML extension: (Marcus)
- Fixed memleaks
- Fixed var_dump()
- Fixed isset/empty/(bool) behavior
- Fixed iterator edge cases
- Added methods getNamespaces(), getDocNamespaces()
Upgraded pear to version 1.4.6. (Greg)
Added constants for libxslt and libexslt versions: LIBXSLT_VERSION, LIBXSLT_DOTTED_VERSION, LIBEXSLT_VERSION and LIBEXSLT_DOTTED_VERSION. (Pierre)
Fixed possible crash in apache_getenv()/apache_setenv() on invalid parameters. (Ilia)
Changed errors to warnings in imagecolormatch(). (Pierre)
Fixed segfault/leak in imagecolormatch(). (Pierre)
Fixed small leak in mysqli_stmt_fetch() when bound variable was empty string. (Andrey)
Fixed prepared statement name conflict handling in PDO_PGSQL. (Thies, Ilia)
Fixed memory corruption when PDO::FETCH_LAZY mode is being used. (Ilia)
Fixed possible leaks in imagecreatefromstring() with invalid data. (Pierre)
Fixed possible memory corruption inside mb_strcut(). (Ilia)
Fixed possible header injection by limiting each header to a single line. (Ilia)
Fixed possible XSS inside error reporting functionality. (Ilia)
Fixed many bugs in OCI8. (Tony)
Fixed crash and leak in mysqli when using 4.1.x client libraries and connecting to 5.x server. (Andrey)
(Duplicate calls to stream_bucket_append() lead to a crash). (Ilia)
(curl extension uses undefined GCRY_THREAD_OPTIONS_USER). (Ilia)
(PDO_OCI uses hardcoded lib path $ORACLE_HOME/lib). (Tony)
(wddx_deserialize not parsing dateTime fields properly). (Derick)
(strtotime("NOW") no longer works). (Derick)
(array_map() segfaults when exception is throwed from the callback). (Tony)
(unpack() does not decode odd number of hexadecimal values). (Ilia)
(segfault on PDOStatement::execute() with zend.ze1_compatibility_mode = On). (Tony, Ilia)
(stream_filter_append() can cause segfault). (Tony)
(sybase_ct doesn't compile on Solaris using old gcc). (Tony)
(mysqli_stmt_bind_result() makes huge allocation when column empty). (Andrey)
(using date with a timestamp makes httpd segfault). (Derick)
(memory leak when including a directory). (Tony)
(ext/mssql + freetds: Use correct character encoding and allow setting it). (Frank)
(xmlrpc_introspection.c fails compile per C99 std). (Jani)
(A final constructor can be overwritten). (Marcus)
(getopt() returns array with numeric strings when passed options like '-1'). (Tony)
(strtotime() fails to parse soap date format without TZ). (Ilia)
(date() can't handle leap years before 1970). (Derick)
(Improved error message for invalid fetch mode). (Ilia)
(iconv_mime_decode() segmentation fault; with libiconv only). (Tony)
(pack() tries to allocate huge memory block when packing float values to strings). (Tony)
(imap_mail_compose() crashes with multipart-multiboundary-email). (Ilia)
(AIX TZ variable format not understood, yields UTC timezone). (Derick)
(whitespace following end of heredoc is lost). (Ilia)
(strtotime() crashes on certain relative identifiers). (Ilia)
(crash in http:// wrapper on multiple redirects). (Ilia)
(strtotime() does not handle 3 character weekdays). (Ilia)
(iis6 Access Violation crash). (Dmitry, alacn.uhahaa)
(Multiple calls to getopt() may result in a crash). (rabbitt at gmail dot com, Ilia)
(Fixed crash in Apache 2 SAPI when more then one php script is loaded via SSI include). (Ilia)
(segfault when re-using soap client object). (Dmitry)
(mktime() interpreting 3 digit years incorrectly). (Ilia)
(php crash when calling non existing method of a class that extends PDO). (Tony)
(typo in error message for ErrorException). (Tony)
(mysql_field_type() doesn't handle NEWDECIMAL). (Tony)
(mysql_stmt_fetch returns NULL on data truncation). (Georg)
(string constant as array key has different behavior inside object). (Dmitry)
(PDO fails when unknown fetch mode specified). (Tony)
(strtotime() does not handle whitespace around the date string). (Ilia)
(Crash in mcrypt_generic()/mdecrypt_generic() without proper init). (Ilia)
(socket_sendto() unable to handle IPv6 addresses). (Tony)
(Ming extension fails to compile with ming 0.3beta1). (Jani)
(Segfault or Invalid Opcode 137/1/4). (Dmitry)
(Assigning global using variable name from array doesn't function). (Dmitry)
(+ 1 [time unit] format did not work). (Ilia)
(xml_parse_into_struct() chokes on the UTF-8 BOM). (Rob)
(PDO crashes when using LAZY fetch with fetchAll). (Wez)
(PDO crashes on incorrect FETCH_FUNC use). (Tony)
(str_word_count() handles '-' incorrectly). (Ilia)
(idate() function ignores timezone settings). (Ilia)
(strtotime() does not parse times with UTC as timezone). (Ilia)
(strtotime() no longer works with ordinal suffix). (Ilia)
(wddx_deserialize() doesn't handle large ints as keys properly). (Ilia)
(undefined reference to 'rl_completion_matches'). (Jani)
(Since fix of bug SOAP decoding of soapenc:base64binary fails). (Dmitry)
(changing static protected members from outside the class, one more reference issue). (Dmitry)
(ssl library is not initialized properly). (Alan)
(PDO_SQLITE: undefined reference to "fdatasync"). (Nuno, Jani)
(HP-UX "alias not allowed in this configuration"). (Dmitry)
(iconv() function defined as libiconv()). (Nuno)
(mysqli handles bad unsigned (big)int incorrectly).(Andrey)
(socket_read() produces warnings on non blocking sockets). (Nuno, Ilia)
(SimpleXML object fails FALSE test). (Marcus)
(Crash in ZTS mode under Apache). (Dmitry, Zeev)
(Output buffering cannot be turned off with FastCGI). (Dmitry, Ilya)
(Possible crash inside fopen http wrapper). (Ilia, Sara, Nuno)
(Many Problems with SunFuncs). (Derick)
(sun_rise and sun_set don't return a GMT timestamp if one passes an offset). (Derick)
(date_sunrise and date_sunset don't handle GMT offset well). (Derick)
(is_dir and is_file (incorrectly) return true for any string greater then 255 characters). (Nuno, Ilia)
(date_sunrise() & date_sunset() don't handle endless day/night at high latitudes). (Derick)
(Remove MessageBox on win32 for E_CORE errors if display_startup_error is off). (Ilia)
(mb_strtoupper() / lower() broken with Turkish encoding). (Rui)
(mb_substr() and substr() behave differently when "mbstring.func_overload" is enabled). (Rui)
(number_format() crashes with large numbers). (Marcus)

Version 5.1.1

28-Nov-2005

Disabled native date class to prevent pear::date conflict. (Ilia)
Improved safe_mode/open_basedir checks in cURL extension. (Ilia, Jani)
Changed reflection constants be both PHP and class constants. (Johannes)
Added an additional field $frame['object'] to the result array of debug_backtrace() that contains a reference to the respective object when the frame was called from an object. (Sebastian)
(RecursiveDirectoryIterator doesnt appear to recurse with RecursiveFilterIterator). (Marcus)
(Removed -dev flag from Zend Engine version). (Ilia)
(Regression with \{$ handling). (Ilia)
(eval hangs when evall'ed code ends with comment w/o newline). (Marcus)
(pdo_mysql::exec does not return number of affected rows). (Tony)
(Comment in end of file produces fatal error). (Ilia)
(exceptions in interactive mode (php -a) may cause crash). (Dmitry)
(Incorrect error messages for PDO class constants). (Ilia)
(pdo_pgsql does not handle binary bound params). (Wez)
(Application exception trying to create COM object). (Rob)
(PHP_AUTH_DIGEST differs under Apache 1.x and 2.x). (Ilia)

Version 5.1.0

24-Nov-2005

Added support for class constants and static members for internal classes. (Dmitry, Michael Wallner)
Added "new_link" parameter to mssql_connect() (Bug ). (Frank)
Added missing safe_mode checks for image* functions and cURL. (Ilia)
Added missing safe_mode/open_basedir checks for file uploads. (Ilia)
Added PDO_MYSQL_ATTR_USE_BUFFERED_QUERY parameter for pdo_mysql. (Ilia)
Added date_timezone_set() function to set the timezone that the date functions will use. (Derick)
Added pg_fetch_all_columns() function to fetch all values of a column from a result cursor. (Ilia)
Added support for LOCK_EX flag for file_put_contents(). (Ilia)
Added bindto socket context option. (Ilia)
Added offset parameter to the stream_copy_to_stream() function. (Ilia)
Added offset & length parameters to substr_count() function. (Ilia)
Added man pages for "phpize" and "php-config" scripts. (Jakub Vrana)
Added support for .cc files in extensions. (Brian)
Added PHP_INT_MAX and PHP_INT_SIZE as predefined constants. (Andrey)
Added user opcode API that allow overloading of opcode handlers. (Dmitry)
Added an optional remove old session parameter to session_regenerate_id(). (Ilia)
Added array type hinting. (Dmitry)
Added the tidy_get_opt_doc() function to return documentation for configuration options in tidy. (Patch by: nlopess@php.net)
Added support for .cc files in extensions. (Brian)
Added imageconvolution() function which can be used to apply a custom 3x3 matrix convolution to an image. (Pierre)
Added optional first parameter to XsltProcessor::registerPHPFunctions to only allow certain functions to be called from XSLT. (Christian)
Added the ability to override the autotools executables used by the buildconf script via the PHP_AUTOCONF and PHP_AUTOHEADER environmental variables. (Jon)
Added several new functions to support the PostgreSQL v3 protocol introduced in PostgreSQL 7.4. (Christopher)
- pg_transaction_status() - in-transaction status of a database connection.
- pg_query_params() - execution of parameterized queries.
- pg_prepare() - prepare named queries.
- pg_execute() - execution of named prepared queries.
- pg_send_query_params() - async equivalent of pg_query_params().
- pg_send_prepare() - async equivalent of pg_prepare().
- pg_send_execute() - async equivalent of pg_execute().
- pg_result_error_field() - highly detailed error information, most importantly the SQLSTATE error code.
- pg_set_error_verbosity() - set verbosity of errors.
Added optional fifth parameter "count" to preg_replace_callback() and preg_replace() to count the number of replacements made. FR . (Andrey)
Added optional third parameter "charlist" to str_word_count() which contains characters to be considered as word part. FR . (Andrey, Ilia)
Added interface Serializable. (Stanislav, Marcus)
Added pg_field_type_oid() PostgreSQL function. (mauroi at digbang dot com)
Added zend_declare_property_...() and zend_update_property_...() API functions for bool, double and binary safe strings. (Hartmut)
Added possibility to access INI variables from within .ini file. (Andrei)
Added variable $_SERVER['REQUEST_TIME'] containing request start time. (Ilia)
Added optional float parameter to gettimeofday(). (Ilia)
Added apache_reset_timeout() Apache1 function. (Rasmus)
Added sqlite_fetch_column_types() 3rd argument for arrays. (Ilia)
Added optional offset parameter to stream_get_contents() and file_get_contents(). (Ilia)
Added optional maxlen parameter to file_get_contents(). (Ilia)
Added SAPI hook to get the current request time. (Rasmus)
Added new functions:
- array_diff_key() (Andrey)
- array_diff_ukey() (Andrey)
- array_intersect_key() (Christiano Duarte)
- array_intersect_ukey() (Christiano Duarte)
- array_product() (Andrey)
- DomDocumentFragment::appendXML() (Christian)
- fputcsv() (David Sklar)
- htmlspecialchars_decode() (Ilia)
- inet_pton() (Sara)
- inet_ntop() (Sara)
- mysqli::client_info property (Georg)
- posix_access() (Magnus)
- posix_mknod() (Magnus)
- SimpleXMLElement::registerXPathNamespace() (Christian)
- stream_context_get_default() (Wez)
- stream_socket_enable_crypto() (Wez)
- stream_wrapper_unregister() (Sara)
- stream_wrapper_restore() (Sara)
- stream_filter_remove() (Sara)
- time_sleep_until() (Ilia)
Added DomDocument::$recover property for parsing not well-formed XML Documents. (Christian)
Added Cursor support for MySQL 5.0.x in mysqli (Georg)
Added proxy support to ftp wrapper via http. (Sara)
Added MDTM support to ftp_url_stat. (Sara)
Added zlib stream filter support. (Sara)
Added bz2 stream filter support. (Sara)
Added max_redirects context option that specifies how many HTTP redirects to follow. (Ilia)
Added support of parameter=>value arrays to xsl_xsltprocessor_set_parameter(). (Tony)
Improved PHP extension loading mechanism with support for module dependencies and conflicts. (Jani, Dmitry)
Improved interactive mode of PHP CLI (php -a). (Johannes, Marcus)
Improved performance of:
- general execution/compilation. (Andi, Thies, Sterling, Dmitry, Marcus)
- switch() statement. (Dmitry)
- several array functions. (Marcus)
- virtual path handling by adding a realpath() cache. (Andi)
- variable fetches. (Andi)
- magic method invocations. (Marcus)
Improved support for embedded server in mysqli. (Georg)
Improved mysqli extension. (Georg)
- added constructor for mysqli_stmt and mysqli_result classes
- added new function mysqli_get_charset()
- added new function mysqli_set_charset()
- added new class mysqli_driver
- added new class mysqli_warning
- added new class mysqli_exception
- added new class mysqli_sql_exception
Improved SPL extension. (Marcus)
- Moved RecursiveArrayIterator from examples into extension
- Moved RecursiveFilterIterator from examples into extension
- Added SplObjectStorage
- Made all SPL constants class constants
- Renamed CachingRecursiveIterator to RecursiveCachingIterator to follow Recursive<*>Iterator naming scheme.
- added standard hierarchy of Exception classes
- added interface Countable
- added interfaces Subject and SplObserver
- added spl_autoload*() functions
- converted several 5.0 examples into c code
- added class SplFileObject
- added possibility to use a string with class_parents() and class_implements(). (Andrey)
Changed type hints to allow "null" as default value for class and array. (Marcus, Derick, Dmitry)
Changed SQLite extension to be a shared module in Windows distribution. (Edin)
Changed "instanceof" and "catch" operators, is_a() and is_subclass_of() functions to not call __autoload(). (Dmitry)
Changed sha1_file() and md5_file() functions to use streams instead of low level IO. (Uwe)
Changed abstract private methods to be not allowed anymore. (Stas)
Changed stream_filter_(ap|pre)pend() to return resource. (Sara)
Changed mysqli_exception and sqlite_exception to use RuntimeException as base if SPL extension is present. (Georg, Marcus)
Upgraded bundled libraries:
- PCRE library to version 6.2. (Andrei)
- SQLite 3 library in ext/pdo_sqlite to 3.2.7. (Ilia)
- SQLite 2 library in ext/sqlite to 2.8.16. (Ilia)
Upgraded bundled libraries in Windows distribution. (Edin)
- zlib 1.2.3
- curl 7.14.0
- openssl 0.9.8
- ming 0.3b
- libpq (PostgreSQL) 8.0.1
Implemented feature request (Year belonging to ISO week). (Derick)
Allowed return by reference from internal functions. (Marcus, Andi, Dmitry)
Rewrote strtotime() with support for timezones and many new formats. Implements feature requests , , , , and . (Derick)
Moved extensions to PECL:
- ext/cpdf (Tony, Derick)
- ext/dio (Jani, Derick)
- ext/fam (Jani, Derick)
- ext/ingres_ii (Jani, Derick)
- ext/mnogosearch (Jani, Derick)
- ext/w32api (Jani, Derick)
- ext/yp (Jani, Derick)
- ext/mcve (Jani, Derick, Pierre)
- ext/oracle (Jani, Derick)
- ext/ovrimos (Jani, Derick, Pierre)
- ext/pfpro (Jani, Derick, Pierre)
- ext/dbx (Jani, Derick)
- ext/ircg (Jani, Derick)
Removed php_check_syntax() function which never worked properly. (Ilia)
Removed garbage manager in Zend Engine which results in more aggressive freeing of data. (Dmitry, Andi)
Fixed "make test" to work for phpized extensions. (Hartmut, Jani)
Fixed Apache 2 regression with sub-request handling on non-linux systems. (Ilia, Tony)
Fixed PDO shutdown problem (possible infinite loop running rollback on shutdown). (Wez)
(PDO: beginTransaction doesn't work if you're in auto-commit mode). (Wez)
Fixed ZTS destruction. (Marcus)
Fixed __get/__set to allow recursive calls for different properties. (Dmitry)
Fixed a bug where stream_get_meta_data() did not return the "uri" element for files opened with tmpname(). (Derick)
Fixed a problem with SPL iterators aggregating the inner iterator. (Marcus)
Fixed an error in mysqli_fetch_fields (returned NULL instead of an array when row number > field_count). (Georg)
Fixed bug in mysql::client_version(). (Georg)
Fixed bug in mysqli extension with unsigned int(11) being represented as signed integer in PHP instead of string in 32bit systems. (Andrey)
Fixed bug with $HTTP_RAW_POST_DATA not getting set. (Brian)
Fixed crash inside stream_get_line() when length parameter equals 0. (Ilia)
Fixed ext/mysqli to allocate less memory when fetching bound params of type (MEDIUM|LONG)BLOB/(MEDIUM|LONG)TEXT. (Andrey)
Fixed extension initialization to respect dependencies between extensions. (Wez)
Fixed failing queries (FALSE returned) with mysqli_query() on 64 bit systems. (Andrey)
Fixed fgetcsv() and fputcsv() inconsistency. (Dmitry)
Fixed inheritance check to control return by reference and pass by reference correctly (ArrayAccess can no longer support references correctly). (Marcus, Andi, Dmitry)
Fixed initializing and argument checking for posix_mknod(). (Derick)
Fixed memory corruption in ImageTTFText() with 64bit systems. (Andrey)
Fixed memory corruption in pg_copy_from() in case the as_null parameter was passed. (Derick)
Fixed memory corruption in stristr(). (Derick)
Fixed possible GLOBALS variable override when register_globals are ON. (Ilia, Stefan)
Fixed possible INI setting leak via virtual() in Apache 2 sapi. (Ilia)
Fixed possible register_globals toggle via parse_str(). (Ilia, Stefan)
Fixed potential GLOBALS overwrite via import_request_variables() and possible crash and/or memory corruption. (Ilia)
Fixed segfaults when CURL callback functions throw exception. (Tony)
Fixed support for shared extensions on AIX. (Dmitry)
(isset(DOMNodeList->length) returns false). (Rob)
(Fix for bug breaks build with older curl). (Tony)
(crash on PDO::FETCH_CLASS + __set()). (Tony)
(PDO prepare() crashes with invalid parameters). (Ilia)
(PDO segfaults when using persistent connections). (Tony)
(Multiple virtual() calls crash Apache 2 php module). (Ilia)
(Error in mapping soap - java types). (Dmitry)
(compile failure when ext/readline is compiled as shared). (Jani)
(sqlite_query() doesn't set error_msg when return value is being used). (Ilia)
(php_mblen() crashes when compiled with thread-safety on Linux). (Patch: shulmanb at il dot ibm dot com, Jani)
(Objects can lose references). (Dmitry)
(call_user_func() crashes when argument_stack is nearly full). (Dmitry)
(Destructor is not called). (Tony)
(tokenizer extension needs T_HALT_COMPILER). (Greg)
(include()/require()/*_once() produce wrong error messages about main()). (Dmitry)
(__HALT_COMPILER() breaks with --enable-zend-multibyte). (Dmitry, Moriyoshi)
(gettimeofday() ignores current time zone). (Derick)
(SOAP Client/Server Complex Object Support). (Dmitry)
(PDOStatment without related PDO object may crash). (Ilia)
(SoapClient leaks memory). (Dmitry)
(stream_set_blocking(true) toggles, not enables blocking). (askalski at gmail dot com, Tony)
(configure does not find ldap_start_tls_s). (Jani)
(phpinfo() uses improper css enclosure). (Ilia)
Fixed bugs , (Regression in the behavior of key() and current() functions). (Ilia)
(Exception thrown in error handler may cause unexpected behavior). (Dmitry)
(array_product() always returns 0). (Ilia)
(ZTS: Persistent resource destruct crashes when extension is compiled as shared). (Dmitry)
(ImageTrueColorToPalette() crashes when ncolors is zero). (Tony)
(array_walk_recursive() modifies elements outside function scope). (Dmitry)
(Compile failure on MacOSX due to use of varargs.h). (Tony)
(bz2 extension fails on to build on some win32 setups). (Ilia)
(tidy is not binary safe). (Mike)
(PHP doesn't respect ACLs for access checks). (Wez)
(Unable to get WSDL through proxy). (Dmitry)
(dns_get_record() doesn't resolve long hostnames and leaks). (Tony)
(Digest authentication does not work with Apache 1). (Ilia)
(mysqli::character_set_name() - undefined method). (Tony)
(Fixed sqlite extension compile failure). (Ilia)
(PHP5.1 overloading, Cannot access private property). (Dmitry)
(Possible crash in ext/sqlite when sqlite.assoc_case is being used). (Tony, Ilia)
(str_replace, array_map corrupt negative array indexes on 64-bit platforms). (Dmitry)
(Segmentation Fault on foreach in object). (Dmitry)
(configure fails to detect libiconv's type). (Tony)
(ibase_service_attach() segfault on AMD64). (irie at gmx dot de, Tony)
(SO_RECVTIMEO and SO_SNDTIMEO socket options expect integer parameter on Windows). (Mike)
(--program-suffix and --program-prefix not included in man page names). (Jani)
(zlib encoders fail on widely varying binary data on windows). (Mike, Ilia)
(several functions crash when invalid mysqli_link object is passed). (Tony)
(mysqli::init() and others use wrong $this pointer without checks). (Tony)
(FETCH_INTO in PDO crashes without a destination object). (Ilia)
(Fixed crash on object instantiation failure). (Ilia)
(missing SSL linking in ext/ftp when configured as shared). (Jani)
(preg_match_all(), named capturing groups, variable assignment/return => crash). (Dmitry)
(SOAP Client not applying correct namespace to generated values). (Dmitry)
(SOAP Client not handling boolean types correctly). (Dmitry)
(2 @ results in change to error_reporting() to random value) (Dmitry, Tony)
(subclassing of mysqli_stmt does not work). (Georg)
(token_get_all() gives wrong result). (Dmitry)
(Crash in dblib when fetching non-existent error info). (Ilia)
(strtotime() fails with 1-12am/pm). (Derick)
(Zend Engine 1 Compatibility not copying objects correctly). (Dmitry)
(PDO_DBLIB did not implement rowCount()). (Ilia)
(iconv_substr() gives "Unknown error" when offset > string length). (Tony)
(ftp wrapper failures caused from segmented command transfer). (Ilia)
(CLI segmentation faults during cleanup). (Dmitry)
(array_count_values() strips leading zeroes). (Tony)
(zend.ze1_compatibility_mode = on segfault). (Dmitry)
(Infinite recursion due to corrupt JPEG). (Marcus)
(__call(), is_callable() and static methods). (Dmitry)
(missing support for strtotime("midnight") and strtotime("noon")). (Derick)
(ctype corrupts memory when validating large numbers). (Ilia)
(wsdl default value has no effect). (Dmitry)
(Crash in pdo_mysql on longtext fields). (Ilia)
(zend_deactivate: objects_store used after zend_objects_store_destroy is called). (Dmitry)
(User defined PDOStatement class can't implement methods). (Marcus)
(Segfault with SPL autoload handler). (Marcus)
(crash with mod_rewrite). (Tony, Ilia)
(mb_send_mail does not fetch mail.force_extra_parameters). (Marco, Ilia)
(php -m exits with "error" 1). (Johannes)
(Unset doesn't separate container in CV). (Dmitry)
(Possible memory corruption when unmangling properties with empty names). (Tony)
(Incorrect parsing of url's fragment (#...)). (Dmitry)
(foreach + __get + __set inconsistency). (Dmitry)
(Possible crash inside pspell extension). (Ilia)
(parsing http://www.w3.org/2001/xml.xsd exception). (Dmitry)
(Segfault when calling mysqli_close() in destructor). (Tony)
(ext/soap: XSD_ANYXML functionality not exposed). (Dmitry)
(Possible crash inside curl_multi_remove_handle()). (Ilia)
(Fatal error: Cannot re-assign $this). (Dmitry)
(php crashes when variables_order is empty). (Ilia)
(Possible crash in filter code). (Ilia)
(unserialize() crashes with chars above 191 dec). (Nuno)
(foreach($arr as $c->d => $x) crashes). (Dmitry)
(on_modify handler not called to set the default value if setting from php.ini was invalid). (Andrei)
(wddx_serialize_value() crashes with long array keys). (Jani)
(date() doesn't have a modifier for ISO Week Day). (Derick)
(date('W') do not return leading zeros for week 1 to 9). (Derick)
(ReflectionClass::isInstantiable() returns true for abstract classes). (Marcus)
(CLI phpinfo showing html on _SERVER["argv"]). (Jani)
(array_filter() crashes with references and objects). (Dmitry)
(setAttributeNS doesn't work with default namespace). (Rob)
(Segfault with callbacks (array_map) + overloading). (Dmitry)
(lib64 not handled correctly in ming extension). (Marcus)
(Compiling xmlrpc as shared fails other parts). (Jani)
(Segfault with autoload). (Marcus)
(if($obj)/if(!$obj) inconsistency because of cast handler). (Dmitry, Alex)
(ob_gzhandler does not enforce trailing \0). (Ilia)
(memory usage remains elevated after memory limit is reached). (Ilia)
(+,- and . not supported as parts of scheme). (Ilia)
(assigning array element by reference causes binary mess). (Dmitry)
(line numbering not maintained in dom document). (Rob)
(Reflection API problems in methods with boolean or null default values). (Tony)
(Numeric string as array key not cast to integer in wddx_deserialize()). (Ilia)
(arr[] as param to function in class gives invalid opcode). (Dmitry)
(Crash in catch block when many arguments are used). (Dmitry)
(date('U') returns %ld not unix timestamp). (Nuno)
(Buffer overflow with serialized object). (Dmitry)
(pdo_mysql truncates numeric fields at 4 chars). (Ilia)
(object remains object when cast to int). (Dmitry)
(No information given for fatal error on passing invalid value to typed argument). (Dmitry)
(extract($GLOBALS,EXTR_REFS) crashes PHP). (Dmitry)
(php script as ErrorDocument causes crash in Apache 2). (Ilia)
(misuse of Exception constructor doesn't display errorfile). (Jani)
(Wrong use of reflectionproperty causes a segfault). (Tony)
(mssql_bind() fails on input parameters). (Frank)
(duplicate cookies and magic_quotes=off may cause a crash). (Ilia)
(gmdate('W')/date('W') sometimes returns wrong week number). (Derick)
(array_map() fails to pass by reference when called recursively). (Dmitry)
(number_format() output with > 1 char separators). (Jani)
(input array keys being escaped when magic quotes is off). (Ilia)
(spl_autoload_register class method). (Marcus)
(CLI: setting extension_dir=some/path extension=foobar.so does not work). (Jani)
(CLI was looking for php.ini in wrong path). (Hartmut)
(strtotime() problem with "+1days" format). (Ilia)
(pdo sqlite driver forgets to update affected column count on execution of prepared statments). (Ilia)
(Informix ESQL version numbering schema changed). (Jani)
(mime_content_type() returns text/plain for gzip and bzip files). (Derick)
(throw Exception in error handler causes crash). (Dmitry)
(error_reporting falls to 0 when @ was used inside try/catch block). (Tony)
(cURL needs to implement CRYPTO_callback functions to prevent locking). (Mike, Ilia)
(Wrong behavior of constants in class and interface extending). (Dmitry)
(php_value overrides php_admin_value). (Dmitry)
(mb_encode_mimeheader does not work for multibyte chars). (Rui)
(ArrayAccess objects does not initialize $this). (Dmitry)
(Crash setting some ini directives in httpd.conf). (Rasmus)
(Added detection for partially uploaded files). (Ilia)
(substr_compare() crashes with negative offset and length). (Tony)
(setcookie() "expires" date format doesn't comply with RFC). (Tony)
(LDAP: RootDSE query not possible). (Jani)
(strtotime() problem with "Oct17" format). (Derick)
(strtotime() doesn't understand "11 Oct" format). (Derick)
(date("") crashes). (Derick)
(warning with nested calls to functions returning by reference). (Dmitry)
(strtotime() defaults to now even on non time string). (Derick)
(Different output for strftime() and date()). (Derick)
(Memory leak in xmlrpc_encode_request()). (Ilia)
(crash if safe_mode is on and session.save_path is changed). (Dmitry)
(Add missing support for isset()/unset() overloading to complement the property get/set methods). (Dmitry)
(crash after extending MySQLi internal class). (Tony)
(cURL handle is not closed on curl_close(). (Ilia)
(Compile error undefined reference to ifx_checkAPI). (Jani)
(strtoll not available on Tru64). (Jani, Derick)
(ext/odbc: check if unixODBC header file exists). (Jani)
(strtotime() related bugs). (Derick)
(Comprehensive list of incorrect days returned after strtotime() / date() tests). (Derick)
(double free() when exporting a ReflectionClass). (Marcus)
(crash when retrieving empty LOBs). (Tony)
(array_reverse() fails after *sort()), introduced by zend_hash_sort() optimizations in HEAD. (Tony)
(CLI Crash when calling php:function from XSLT). (Rob)
(Cannot build extensions with phpize on Macosx). (Jani)
(throw 1; results in Invalid opcode 108/1/8). (Dmitry)
(ReflectionParameter methods do not work correctly). (Dmitry)
(php:function no longer handles returned dom objects). (Rob, Joe Orton)
(nested array_walk() calls and user array compare functions broken; FCI cache). (Andrei, patch from m.bretz@metropolis-ag.de)
(private method accessed by child class). (Dmitry)
(iconv_strlen() works only with a parameter of < 3 in length). (Ilia)
(array_splice() inconsistent when passed function instead of variable). (Dmitry)
(ze1_compatibility_mode does not work as expected). (Dmitry)
(Mangled error message when stream fails). (Derick)
(segfault when CURL handle is closed in a callback). (Tony)
(odbc_next_result does not signal SQL errors with 2-statement SQL batches). (rich at kastle dot com, Tony)
([GCC 4]: 'zend_error_noreturn' aliased to external symbol 'zend_error'). (Dmitry)
(relax jpeg recursive loop protection). (Ilia)
(Crash when fetching some data types). (Frank)
(preg_replace(): magic_quotes_sybase=On makes 'e' modifier misbehave). (Jani)
(--enable-session=shared does not build). (Jani)
(foreach enumerates private fields declared in base classes). (Dmitry)
(Possible crash inside pg_fetch_array()). (Ilia)
(Soap extension incorrectly detects HTTP/1.1). (Ilia)
(cygwin version of setitimer doesn't accept ITIMER_PROF). (Nuno)
(crash in mssql_next result). (Frank)
(shtool: insecure temporary file creation). (Jani)
(method offsetSet in class extended from ArrayObject crash PHP). (Marcus)
(imagecopymergegray() produces mosaic rainbow effect). (Pierre)
(crash when assigning class name to global variable in __autoload). (Dmitry)
(mysqli_prepare() doesn't return an error). (Georg)
(str_ireplace() incorrectly counts result string length and may cause segfault). (Tony)
(Add a safemode/open_basedir check for runtime "session.save_path" change using session_save_path() function). (Rasmus)
(Improved performance of bzdecompress() by several orders of magnitude). (Ilia)
(crash when moving xml attribute set in dtd). (Ilia)
(Don't send extraneous entity-headers on a 304 as per RFC 2616 section 10.3.5) (Rasmus, Choitel)
(socket errors cause memory leaks in php_strerror()). (jwozniak23 at poczta dot onet dot pl, Tony).
("make distclean" gives an error with VPATH build). (Jani)
("next month" was handled wrong while parsing dates). (Derick)
(implemented Iterator function current() don't throw exception). (Dmitry)
(ReflectionMethod::getStaticVariables() causes apache2.0.54 seg fault). (Dmitry)
(mysql_bind_result() doesn't support MYSQL_TYPE_NULL). (Georg)
(Incorrect option for mysqli default password). (Georg)
(Disabling session.use_cookies doesn't prevent reading session cookies). (Jani, Tony)
(Sending structured SOAP fault kills a php). (Dmitry)
(open_basedir looses trailing / in the limiter). (Adam Conrad)
(http redirects URLs are not checked for control chars). (Ilia)
(Cannot extend class "SQLiteDatabase"). (Marcus)
(Oracle LDAP: ldap_get_entries(), invalid pointer). (Jani)
(class extending DOMDocument doesn't clone properly). (Rob)
(file included with "auto_prepend_file" can be included with require_once() or include_once()). (Stas)
(pg_get_notify() ignores result_type parameter). (Tony)
(Crash with singleton and __destruct when zend.ze1_compatibility_mode = On). (Dmitry)
(Invalid opcode). (Dmitry)
(parse_url() does not handle scheme-only urls properly). (Ilia)
(temporary files not using plain file wrapper). (Ilia)
(Missing T1LIB support on Windows). (Edin)
(General cookie overrides more specific cookie). (Ilia)
Fixed bugs , (ext/odbc: Problems with 64bit systems). (Jani)
(crash: calling the corresponding global var during the destruct). (Dmitry)
(SOAP doesn't support one-way operations). (Dmitry)
(GMP functions break when second parameter is 0). (Stas)
(incorrect determination of default value (COM)). (Wez)
(Cannot access safearray properties in VB6 objects). (Wez)
(Segfault in replaceChild() when DocumentFragment has no children). (Rob)
(Undefined constant SQLITE_NOTADB). (Ilia)
(segmentation fault when the stream with a wrapper is not closed). (Tony, Dmitry)
(pg_affected_rows() was defined when it was not available). (Derick)
(Require/include file in destructor causes segfault). (Marcus)
(ext/mssql: Error on module shutdown when called from activescript). (Frank)
(exception in iterator causes crash). (Dmitry)
(Assignment by reference causes crash when field access is overloaded (__get)). (Dmitry)
(Using register_shutdown_function() with invalid callback can crash PHP). (Jani)
(Segfault in replaceChild() using fragment when previousSibling is NULL). (Rob)
(ext/snmp: use of snmp_shutdown() causes snmpapp.conf access errors). (Jani, ric at arizona dot edu)
(html_entity_decode() converts single quotes even if ENT_NOQUOTES is given). (Ilia)
(Segfault/Memory Leak by getClass (etc) in __destruct). (Dmitry)
(ext/mysql: Unsatisfied symbol: ntohs with HP-UX). (Jani)
(possible crash inside imap_mail_compose() function). (Ilia)
(Possible crash inside imap_mail_compose, with charsets). (Ilia)
(Apache2: errors sent to error_log do not include timestamps). (Jani)
(configure looks for incorrect db2 library). (Tony)
(mmap loads only the 1st 2000000 bytes on Win32). (Ilia)
(proc_get_status() returns the incorrect process status). (Ilia)
(chunk_split() does not append endstr if chunklen is longer then the original string). (Ilia)
(File upload error - unable to create a temporary file). (Uwe Schindler)
(wrong setting property to unset value). (Dmitry)
(method_exists() always return TRUE if __call method exists). (Dmitry)
(The @ warning error suppression operator is broken). (Dmitry)
(Interfaces are not allowed 'static' access modifier). (Dmitry)
(mysqli::fetch() returns bad data - 64bit problem). (Andrey)
(get_class_methods() output has changed between 5.0.2 and 5.0.3). (Dmitry)
(Segfault in mysqli_fetch_array on 64-bit). (Georg)
(xml_parser_free() in a function assigned to the xml parser gives a segfault). (Rob)
(xmlrpc_encode() segfaults with recursive references). (Tony)
(Userspace stream wrapper crashes PHP). (Tony, Dmitry)
(copying a file into itself leads to data loss). (Ilia)
(SOAP client does not auto-handle base64 encoding). (Ilia)
($_POST is not populated in multi-threaded environment). (Moriyoshi)
(segfault when assigning object to itself with zend.ze1_compatibility_mode=On). (Dmitry)
(Crash caused by range('', 'z')). (Derick)
(ext/mysqli bind_result causes fatal error: memory limit). (Andrey)
(Memory leak in mssql_fetch_batch). (fmk)
(crash when mssql_bind() is called more than once). (Frank)
(ftp_login fails on some SSL servers). (frantisek at augusztin dot com)
(ISAPI: Custom 5xx error does not return correct HTTP response message). (Jani)
(Crash with zend.ze1_compatibility_mode=On). (Dmitry)
(multi_query works exactly every other time - multi query d/e flag global and not per connection). (Andrey)
(another crash when echoing a COM object). (Wez)
(php_std_date() uses short day names in non-y2k_compliance mode). (mike at php dot net)
(object reference being dropped. $this getting lost). (Stas, Dmitry)
(Wrong deserialization from session when using WDDX serializer). (Dmitry)
(segfault with empty() / isset()). (Moriyoshi)
(False warning in unpack() when working with *). (Ilia)
(broken non-blocking flock()). (ian at snork dot net)
(Older GCC versions do not provide portable va_copy()). (Jani)
(escape on curly inconsistent). (Dmitry)
(PHP_EVAL_LIBLINE configure macro does not handle -pthread). (Jani)
(Side effects caused by fix of bug ). (Dmitry)
(memory leaks and corruption because of incorrect refcounting). (Dmitry)
(array_splice on $GLOBALS crashes). (Dmitry)
(safe_mode & open_basedir checks only check first include_path value). (Ilia)
(php:function(string, nodeset) with xsl:key crashes PHP). (Rob)
(Wrong line number in ReflectionClass getStartLine()). (Dmitry)
(Conflict between __get/__set and ++ operator). (Dmitry)
(array_count_values() modifying input array). (Tony)
(debug_backtrace() reports incorrect class in overridden methods). (Dmitry)
(static member conflict with $this->member silently ignored). (Dmitry)
(Better support for LDAP SASL bind). (Jani)
(magic methods (__sleep/__wakeup/__toString) call __call if object is overloaded). (Dmitry)
(Segmentation fault on exception in method). (Stas, Dmitry)
(cannot initialize class variable from class constant). (Dmitry)
(Output buffers flushed before calling __destruct() functions). (Jani)
(Interface not existing says Class not found). (Dmitry)
(Strange behavior of default arguments). (Dmitry)
(Assignment operators yield wrong result with __get/__set). (Dmitry)
(zend.ze1_compatibility_mode isn't fully compatible with array_push()). (Dmitry)
(Catching exception in constructor causes lose of $this). (Dmitry)
(Problem with array in static properties). (Dmitry)
(Enhancement for error message for abstract classes). (Marcus)
(gmmktime does not return the current time). (Derick)
(Passing array or non array of objects). (Dmitry)
(Crash on shutdown after odbc_pconnect()). (Edin)
(PHP does not explicitly set mime type & charset). (Ilia)
(memory leaks when set_error_handler() is used inside error handler). (Tony)
(variables_order behavior). (Dmitry)
(Function defined in switch, crashes). (Dmitry)
(Backtrace argument list out of sync). (Dmitry)
(Reflection API Feature: Default parameter value). (Marcus)
(default value of protected member overrides default value of private and other private variable problems in inherited classes). (Stas)
(headers_list() returns empty array). (Tony)
(crash when echoing a COM object). (M.Sisolak, Wez)
(accessing properties without connection). (Georg)
(var_export() producing invalid code). (Derick)
(unencoded spaces get ignored after certain tags). (Ilia)
(fetch functions now use MYSQLI_BOTH as default). (Georg)
(win32 mail() provides incorrect Date: header). (Jani)
(calling parent constructor in mysqli). (Georg)
(__autoload() not called with Reflection->getClass()). (Dmitry)
(SOAP HTTP Error when envelop size is more than 24345 bytes). (Dmitry, Wez)
(array_diff with $GLOBALS argument fails). (Dmitry)
(memory error when wsdl-cache is enabled). (Dmitry)
(Function: is_callable - no support for private and protected classes). (Dmitry)
(SoapFault exception: [WSDL] Out of memory). (Dmitry)
(Function declaration in method doesn't work). (Dmitry)
(soap extension segfaults). (Dmitry)
(Incorrect behavior of member vars(non string ones)-numeric mem vars and others). (Dmitry)
(__getTypes() returning nothing on complex WSDL). (Dmitry)
(Wrong data encoding of special characters). (Dmitry)
(SIGSEGV in interactive mode (php -a)). (kameshj at fastmail dot fm)
(Need to use -[m]ieee option for Alpha CPUs). (Jani)
(SAPI::known_post_content_types is not thread safe). (Moriyoshi)
(debug_backtrace is intermittently passing args). (Dmitry)
(glob wont error if dir is not readable). (Hartmut)
(static array with some constant keys will be incorrectly ordered). (Dmitry)
(xml default_handlers not being called). (Rob)
(list() array key assignment causes HUGE memory leak). (Dmitry)
(Bad references accentuated by clone). (Dmitry)
(Wrong results from Reflection-API getDocComment() when called via STDIN). (Dmitry)
(In error handler, modifying 5th arg (errcontext) may result in seg fault). (Dmitry)
(array_multisort() doesn't work in a function if array is global or reference). (Dmitry)
(returning reference to uninitialized variable). (Dmitry)
(ext/sesssion: catch bailouts of write handler during RSHUTDOWN). (Jani, Xuefer at 21cn dot com)
(boolean ini options may be incorrectly displayed as Off when they are On). (Tony)
Fixed bugs , , , , , , , , , , (strtotime() related bugs). (Derick)

Version 5.0.5

05-Sep-2005

Upgraded PCRE library to version 5.0. (Andrei)
Removed php_check_syntax() function which never worked properly. (Ilia)
Added new function mysqli_set_charset(). (Georg)
Added man pages for "phpize" and "php-config" scripts. (Jakub Vrana)
Added support for .cc files in extensions. (Brian)
Added PHP_INT_MAX and PHP_INT_SIZE as predefined constants. (Andrey)
Changed sha1_file() and md5_file() functions to use streams instead of low level IO. (Uwe)
Changed ming to support official 0.2a and 0.3 library versions. (Marcus)
Fixed failing queries problem (FALSE returned) with mysqli_query() on 64 bit. (Andrey)
Fixed memory corruption in pg_copy_from() in case the as_null parameter was passed. (Derick)
Fixed ext/mysqli to allocate less memory when fetching bound params of type (MEDIUM|LONG)BLOB/(MEDIUM|LONG)TEXT. (Andrey)
Fixed memory corruption in ImageTTFText() with 64bit systems. (Andrey)
Fixed memory corruption in stristr(). (Derick)
Fixed segfaults when CURL callback functions throw exception. (Tony)
Fixed various reentrancy bugs in user-sort functions, solves bugs and . (Mike Bretz)
(on_modify handler not called to set the default value if setting from php.ini was invalid). (Andrei)
(date('W') do not return leading zeros for week 1 to 9). (Derick)
(ReflectionClass::isInstantiable() returns true for abstract classes). (Marcus)
(array_filter() crashes with references and objects). (Dmitry)
(Segfault with callbacks (array_map) + overloading). (Dmitry)
(assigning array element by reference causes binary mess). (Dmitry)
(Reflection API problems in methods with boolean or null default values). (Tony)
(arr[] as param to function is allowed only if function receives argument by reference). (Dmitry)
(Crash in catch block when many arguments are used). (Dmitry)
(extract($GLOBALS,EXTR_REFS) crashes PHP). (Dmitry)
(array_map() fails to pass by reference when called recursively). (Dmitry)
(php:function call __autoload with lowercase param). (Marcus)
(throw Exception in error handler causes crash). (Dmitry)
(php_value overrides php_admin_value). (Dmitry)
(ArrayAccess objects doen't initialize $this). (Dmitry)
(LDAP: RootDSE query not possible). (Jani)
(warning with nested calls to functions returning by reference). (Dmitry)
(crash if safe_mode is on and session.save_path is changed). (Dmitry)
(crash after extending MySQLi internal class). (Tony)
(CLI Crash when calling php:function from XSLT). (Rob)
(private method accessed by child class). (Dmitry)
(iconv_strlen() works only with a parameter of < 3 in length). (Ilia)
(mysqli_real_escape doesn't work in __construct) (Georg)
(array_splice() inconsistent when passed function instead of variable). (Dmitry)
(ze1_compatibility_mode does not work as expected). (Dmitry)
(Mangled error message when stream fails). (Derick)
(segfault when CURL handle is closed in a callback). (Tony)
(odbc_next_result does not signal SQL errors with 2-statement SQL batches). (rich at kastle dot com, Tony)
(relax jpeg recursive loop protection). (Ilia)
(preg_replace(): magic_quotes_sybase=On makes 'e' modifier misbehave). (Jani)
(--enable-session=shared does not build). (Jani)
(foreach enumerates private fields declared in base classes). (Dmitry)
(Soap extension incorrectly detects HTTP/1.1). (Ilia)
(cygwin version of setitimer doesn't accept ITIMER_PROF). (Nuno)
(crash when assigning class name to global variable in __autoload). (Dmitry)
(mysqli_prepare() doesn't return an error). (Georg)
(str_ireplace() incorrectly counts result string length and may cause segfault). (Tony)
(Add a safemode/open_basedir check for runtime "session.save_path" change using session_save_path() function). (Rasmus)
(Improved performance of bzdecompress() by several orders of magnitude). (Ilia)
(crash when moving xml attribute set in dtd). (Ilia)
(Don't send extraneous entity-headers on a 304 as per RFC 2616 section 10.3.5) (Rasmus, Choitel)
(socket errors cause memory leaks in php_strerror()). (jwozniak23 at poczta dot onet dot pl, Tony).
("make distclean" gives an error with VPATH build). (Jani)
("next month" was handled wrong while parsing dates). (Derick)
(ReflectionMethod::getStaticVariables() causes apache2.0.54 seg fault). (Dmitry)
(mysql_bind_result() doesn't support MYSQL_TYPE_NULL). (Georg)
(Incorrect option for mysqli default password). (Georg)
(Disabling session.use_cookies doesn't prevent reading session cookies). (Jani, Tony)
(Sending structured SOAP fault kills a php). (Dmitry)
(http redirects URLs are not checked for control chars). (Ilia)
(Cannot extend class "SQLiteDatabase"). (Marcus)
(Oracle LDAP: ldap_get_entries(), invalid pointer). (Jani)
(class extending DOMDocument doesn't clone properly). (Rob)
(pg_get_notify() ignores result_type parameter). (Tony)
(Crash with singleton and __destruct when zend.ze1_compatibility_mode = On). (Dmitry)
(parse_url() does not handle scheme-only urls properly). (Ilia)
(temporary files not using plain file wrapper). (Ilia)
(Missing T1LIB support on Windows). (Edin)
(General cookie overrides more specific cookie). (Ilia)
Fixed bugs , (ext/odbc: Problems with 64bit systems). (Jani)
(crash: calling the corresponding global var during the destruct). (Dmitry)
(SOAP doesn't support one-way operations). (Dmitry)
(GMP functions break when second parameter is 0). (Stas)
(incorrect determination of default value (COM)). (Wez)
(Cannot access safearray properties in VB6 objects). (Wez)
(Segfault in replaceChild() when DocumentFragment has no children). (Rob)
(Undefined constant SQLITE_NOTADB). (Ilia)
(segmentation fault when the stream with a wrapper is not closed). (Tony, Dmitry)
(pg_affected_rows() was defined when it was not available). (Derick)
(Require/include file in destructor causes segfault). (Marcus)
(ext/mssql: Error on module shutdown when called from activescript). (Frank)
(exception in iterator causes crash). (Dmitry)
(Assignment by reference causes crash when field access is overloaded (__get)). (Dmitry)
(Using register_shutdown_function() with invalid callback can crash PHP). (Jani)
(Segfault in replaceChild() using fragment when previousSibling is NULL). (Rob)
(ext/snmp: use of snmp_shutdown() causes snmpapp.conf access errors). (Jani, ric at arizona dot edu)
(html_entity_decode() converts single quotes even if ENT_NOQUOTES is given). (Ilia)
(Segfault/Memory Leak by getClass (etc) in __destruct). (Dmitry)
(ext/mysql: Unsatisfied symbol: ntohs with HP-UX). (Jani)
(Possible crash inside imap_mail_compose, with charsets). (Ilia)
(Apache2: errors sent to error_log do not include timestamps). (Jani)
(configure looks for incorrect db2 library). (Tony)
(mmap loads only the 1st 2000000 bytes on Win32). (Ilia)
(proc_get_status() returns the incorrect process status). (Ilia)
(chunk_split() does not append endstr if chunklen is longer then the original string). (Ilia)
(File upload error - unable to create a temporary file). (Uwe Schindler)
(mysqli::fetch() returns bad data - 64bit problem). (Andrey)
(Segfault in mysqli_fetch_array on 64-bit). (Georg)
(get_class_methods() output has changed between 5.0.2 and 5.0.3). (Dmitry)
(xml_parser_free() in a function assigned to the xml parser gives a segfault). (Rob)
(Userspace stream wrapper crashes PHP). (Tony, Dmitry)
(segfault when assigning object to itself with zend.ze1_compatibility_mode=On). (Dmitry)
(ext/mysqli bind_result causes fatal error: memory limit). (Andrey)
(ISAPI: Custom 5xx error does not return correct HTTP response message). (Jani)
(Crash with zend.ze1_compatibility_mode=On). (Dmitry)
(multi_query works exactly every other time - multi query d/e flag global and not per connection). (Andrey)
(another crash when echoing a COM object). (Wez)
(php_std_date() uses short day names in non-y2k_compliance mode). (mike at php dot net)
(object reference being dropped. $this getting lost). (Stas, Dmitry)
(Wrong deserialization from session when using WDDX serializer). (Dmitry)
(False warning in unpack() when working with *). (Ilia)
(broken non-blocking flock()). ian at snork dot net
(Sideeffects caused by fix of bug . (Dmitry)
(array_splice on $GLOBALS crashes). (Dmitry)
(Wrong linenumber in ReflectionClass getStartLine()). (Dmitry)
(Conflict between __get/__set and ++ operator). (Dmitry)
(array_count_values() modifying input array). (Tony)
(debug_backtrace() reports incorrect class in overridden methods). (Dmitry)
(static member conflict with $this->member silently ignored). (Dmitry)
(Better support for LDAP SASL bind). (Jani)
(magic methods (__sleep/__wakeup/__toString) call __call if object is overloaded). (Dmitry)
(Segmentation fault on exception in method). (Stas, Dmitry)
(cannot initialize class variable from class constant). (Dmitry)
(Interface not existing says Class not found). (Dmitry)
(Assignment operators yield wrong result with __get/__set). (Dmitry)
(zend.ze1_compatibility_mode isnt fully compatable with array_push()). (Dmitry)
(Catching exception in constructor causes lose of $this). (Dmitry)
(Problem with array in static properties). (Dmitry)
(Enhancement for error message for abstract classes). (Marcus)
(Passing array or non array of objects). (Dmitry)
(memory leaks when set_error_handler() is used inside error handler). (Tony)
(variables_order behaviour). (Dmitry)
(Function defined in switch, crashes). (Dmitry)
(Backtrace argument list out of sync). (Dmitry)
(headers_list() returns empty array). (Tony)
(crash when echoing a COM object). (M.Sisolak, Wez)
(unencoded spaces get ignored after certain tags). (Ilia)
(Function: is_callable - no support for private and protected classes). (Dmitry)
(Function declaration in method doesn't work). (Dmitry)
(Incorrect behavior of member vars(non string ones)-numeric mem vars und others). (Dmitry)
(SIGSEGV in interactive mode (php -a)). (kameshj at fastmail dot fm)
(Need to use -[m]ieee option for Alpha CPUs). (Jani)
(debug_backtrace is intermittently passing args). (Dmitry)
(list() array key assignment causes HUGE memory leak). (Dmitry)
(Wrong results from Reflection-API getDocComment() when called via STDIN). (Dmitry)
(In error handler, modifying 5th arg (errcontext) may result in seg fault). (Dmitry)
(returning reference to uninitialized variable). (Dmitry)
(default value of protected member overrides default value of private) and other private variable problems in inherited classes (Stas)
(array_diff with $GLOBALS argument fails). (Dmitry)
Abstract private methods are no longer allowed (Stas)

Version 5.0.4

31-Mar-2005

Added SNMPv2 support. (harrie)
Added Oracle Instant Client support. (cjbj at hotmail dot com, Tony)
Added length and charsetnr for field array and object in mysqli. (Georg)
Added checks for negative values to gmp_sqrt(), gmp_powm(), gmp_sqrtrem() and gmp_fact() to prevent SIGFPE. (Tony)
Changed foreach() to throw an exception if IteratorAggregate::getIterator() does not return an Iterator. (Marcus)
Changed phpize not to require libtool. (Jani)
Updated bundled oniguruma library (used for multibyte regular expression) to 3.7.0. (Moriyoshi)
Updated bundled libmbfl library (used for multibyte functions). (Moriyoshi)
Fixed bugs:
- Bug (mb_convert_encoding ignores named entity 'alpha')
- Bug (mb_decode_mimeheader() is case-sensitive to hex escapes)
- Bug (compiler warnings in libmbfl due to invalid type cast)
- Bug (incorrect character translations for some ISO8859 charsets)
Fixed bug preventing from building oci8 as shared. (stanislav dot voroniy at portavita dot nl, Tony)
Fixed a bug in mysql_affected_rows and mysql_stmt_affected_rows when the api function returns -1 (Georg)
Fixed several leaks in ext/browscap and sapi/embed. (Andrei)
Fixed several leaks in ext/filepro. (Tony)
Fixed build system to always use bundled libtool files. (Jani)
Fixed a bug in mysqli_stmt_execute() (type conversion with NULL values). (Georg)
Fixed segfault in mysqli_fetch_field_direct() when invalid field offset is passed. (Tony)
Fixed posix_getsid() & posix_getpgid() to return sid & pgid instead of true. (Tony)
(offsetUnset() segfaults in a foreach). (Marcus)
(segfault in bzopen() if supplied path to non-existent file). (Tony)
(Check values of Connection/Transfer-Encoding case-incentively in SOAP extension). (Ilia)
(call_user_func_array() calls wrong class method within child class). (Marcus)
(spl_array.c: void function cannot return value). (Johannes)
(proc_get_status() sets "running" always to true). (Ilia)
(Prevent using both --with-apxs2 and --with-apxs2filter). (Jani)
(Overloading offsetGet/offsetSet). (Marcus)
(ArrayIterator::seek() does not throw an Exception on invalid index). (Marcus)
(dateTime SOAP encoding of timezone incorrect). (Dmitry)
(in mysqli default socket value is not being used). (Ilia)
(Crash caused by range('', 'z')). (Derick)
(Fragments which replaced Nodes are not globaly useable). (Rob)
(xml_parse_into_struct() function exceeds maximum execution time). (Rob, Moriyoshi)
(Unicode exif data not available on Windows). (Edin)
(getrusage() does not provide ru_nswap value). (Ilia)
(msql_fetch_row() and msql_fetch_array() dropping columns with NULL values). (Daniel Convissor)
(Segmentation fault using clone keyword on nodes). (Rob)
(--disable-cli does not force --without-pear). (Jani)
(*date('r') does not return RFC2822 conforming date string). (Jani)
(SOAP encoding problem with complex types in WSDL mode with multiple parts). (Dmitry)
(exif_read_data() uses too low nesting limit). (Ilia)
(readline completion handler does not handle empty return values). (Ilia)
(Cannot create SOAP header in no namespace). (Dmitry)
(dbase_open() fails for mode = 1). (Mehdi, Derick)
(pg_parameter_status() missing on Windows). (Edin)
(SOAP Digest Authentication doesn't work with "HTTP/1.1 100 Continue" response). (Dmitry)
(mb_get_info() causes segfault when no parameters specified). (Tony)
(Wrong return values for mysqli_autocommit/commit/rollback). (Georg)
(parse_url() does not recognize http://foo.com#bar). (Ilia)
(Cannot redefine endpoint when using WSDL). (Dmitry)
(dio_tcsetattr(): misconfigured termios settings). (elod at itfais dot com)
(changes to $name in __get($name) override future parameters). (Dmitry)
(unserialize() float problem on non-English locales). (Ilia)
(__autoload() problem with static variables). (Marcus)
(ReflectionClass::getDefaultProperties segfaults with arrays). (Marcus)
(OCILogin does not support password grace period). (daniel dot beet at accuratesoftware dot com, Tony)
(crash in msg_send() when non-string is stored without being serialized). (Ilia)
(Improve performance of scandir() by factor of 10 or so). (Ilia)
(open_basedir uses path_translated rather then cwd for . translation). (Ilia)
(Possible infinite loop in imap_mail_compose()). (Ilia)
(Fixed crash in chunk_split(), when chunklen > strlen). (Ilia)
(False warning in unpack() when working with *). (Ilia)
(session_set_save_handler crashes PHP when supplied non-existent object ref). (Tony)
(Memory leak in zend_language_scanner.c). (hexer at studentcenter dot org)
(unserialize broken on 64-bit systems). (Marcus)
($GLOBALS can be overwritten via GPC when register_globals is enabled). (Ilia)
(No Error-Logging on SoapServer-Side). (Dmitry)
(curl POSTFIELDS crashes on 64-bit platforms). (Joe)
(compile fails with gd 2.0.33 without freetype). (Jani)
(highlight_file() trims new line after heredoc). (Ilia)
(simplexml/domxml segfault when adding node twice). (Rob)
(CachingIterator::rewind() leaks). (Marcus)
(ArrayIterator::next segfaults). (Marcus)
(Unexpected warning then exception is thrown from call_user_func_array()). (phpbugs at domain51 dot net, Dmitry)
(imap_mail_compose() fails to generate correct output). (Ilia)
(XML Parser Functions seem to drop & when parsing). (Rob)
(When magic_guotes_gpc are enabled filenames with ' get cutoff). (Ilia)
(Possible crash in mysql_fetch_field(), if mysql_list_fields() was not called previously). (Ilia)
, , , (Compile failure of zend_strtod.c). (Jani)
(PHP 4.3.10 does not compile on Tru64 UNIX 5.1B). (Derick)
(Compile failure on Solaris 9 (Intel) and gcc 3.4.3). (Derick)
(Better error message when c-client cannot be found). (Ilia)
(missing kerberos header file path with --with-openssl). (Jani)
(isset() / empty() incorrectly return true in dereference of a string type). (Moriyoshi)
(broken php_url_encode_hash macro). (Ilia)
(var_export() does not output an array element with an empty string key). (Derick)
(imageftbbox() does not use linespacing parameter). (Jani)
(php_std_date() returns invalid formatted date if y2k_compliance is On). (Ilia)
(apache2filter: per request leak proportional to the full path of the request URI). (kameshj at fastmail dot fm)
(can't send cookies with soap envelop). (Dmitry)
(Misleading warning message for array_combine()). (Andrey)
(evaluated pointer comparison in mbregex causes compile failure). (Moriyoshi)
(Static array with boolean indexes). (Marcus)
(-.1 like numbers are not being handled correctly). (Ilia)
(PHP segfaults when an exception is thrown in getIterator() within foreach). (Marcus)
(cURL functions bypass open_basedir). (Jani)
(apache2handler: virtual() includes files out of sequence)
(odbc_next_result() doesn't bind values and that results in segfault). (pdan-php at esync dot org, Tony)
(Invalid opcode 137/1/8). (Marcus)
(imagettftext() and imagettfbbox() accept too many parameters). (Jani)
(SOAP cannot not parse 'ref' element. Causes Uncaught SoapFault exception). (Dmitry)
(type re_registers redefined in oniguruma.h). (Moriyoshi)
(enabled debug causes bailout errors with CLI on AIX because of fflush() called on already closed filedescriptor). (Tony)
(Weird behaviour of __set($name, $value)). (Dmitry)
(printf() handles repeated placeholders wrong). (bugs dot php dot net at bluetwanger dot de, Ilia)
(width and height inverted for JPEG2000 files). (Ilia)
(configure for mysqli with shared doesn't work). (Georg)
(make test libtool failure on MacOSX). (Jani)
(mail(): use "From:" from headers if sendmail_from is empty). (Jani)
(PHP sources pick wrong header files generated by bison). (eggert at gnu dot org, Jani)
(__destruct of a class that extends mysqli not called). (Marcus)
(ini-file section parsing pattern is buggy). (wendland at scan-plus dot de)
(corrupt EXIF headers have unlimited recursive IFD directory entries). (Andrei)
(Cannot access undefined property for object with overloaded property access). (Dmitry)
(Changing a static variables in a class changes it across sub/super classes.) (Marcus)
(HTTP_SESSION_VARS appear when register_long_arrays is Off). (Tony)
(FastCGI: stderr should be written in a FCGI stderr stream). (chris at ex-parrot dot com)
(partially incorrect utf8 to htmlentities mapping). (Derick, Benjamin Greiner)
(SOAP HTTP Digest Access Authentication). (Dmitry)
(Double \r problem on ftp_get in ASCII mode on Win32). (Ilia)
(Multiple OUs in x509 certificate not handled properly). (Jani)

Version 5.0.3

15-Dec-2004

Added the %F modifier to *printf to render a non-locale-aware representation of a float with the . as decimal seperator. (Derick)
Fixed error handling in mysqli_multi_query. (Georg)
Extended the functionality of is_subclass_of() to accept either a class name or an object as first parameter. (Andrey)
Fixed potential problems with unserializing invalid serialize data. (Marcus)
(Problem with non-existing iconv header file). (Derick)
(snmp extension does not build with net-snmp 5.2). (Ilia)
(SOAP server unable to handle request with references). (Dmitry)
(allow popen() on *NIX to accept 'b' flag). (Ilia)
(properties in extended mysqli classes don't work). (Georg)
(When Using WSDL, SoapServer doesn't handle private or protected properties). (Dmitry)
(reflective functions crash PHP when interfaces extend themselves). (Tony, Dmitry)
(segfault when recording soapclient into session). (Tony, Dmitry)
(MySQLi testsuite)
(ReflectionClass::getStaticProperties segfaults). (Marcus)
("!" stripped off comments in xml parser). (Rob)
(SoapServer doesn't handle private or protected properties). (Dmitry)
(Apache crash when using ReflectionFunction:: getStaticVariables()). (Marcus)
(Meaningful error message when upload directory is not accessible). (Ilia)
(Malformed SOAPClient http header reequest). (Dmitry)
(Problem handling exif data in jpeg images at unusual places). (Marcus)
(Ensure that temporary files created by GD are removed). (Ilia)
(def. multi result set support for mysql_connect). (Georg)
(compile with pear error). (Antony)
(array_multisort doesn't separate zvals before changing them). (Tony)
(crash when comparing SimpleXML attribute to a boolean). (Andi)
(attribute namespace URIs are inconsistent when parsing). (Rob)
(PEAR installation fails). (Antony)
(curl_getinfo() may crash in some situations). (Ilia)
(segfault when parsing ?getvariable[][ ). (Tony)
(rename across filesystems loses ownership and permission info). (Tony)
(stream_socket_client async connect was broken). (vnegrier at esds dot com, Wez).
(Strange results with get_class_vars()). (Marcus)
(cal_info() does not work without a parameter). (Ilia)
(stream_get_line() not handling end string correctly). (Ilia)
(SOAP client requests have no port in "Host" field). (Dmitry)
(str_ireplace() does not work on all strings). (Ilia)
(Reflection::getModifierNames() returns too long strings). (Marcus)
(Error Fetching http body, No Content-Length, connection closed or chunked data). (Dmitry)
(segfault when using unknown/unsupported session.save_handler and/or session.serialize_handler). (Tony)
(Prevent non-wbmp images from being detected as such). (Ilia)
(Possible crash in ctype_digit on large numbers). (Ilia)
(exception handler not working with objects). (Marcus)
(Sybase date strings are sometimes not null terminated). (Ilia)
(SOAP results aren't parsed correctly). (Dmitry)
(OO sqlite_fetch_object did not reset error handler). (Wez)
(get_current_user() crashes on Windows). (Edin)
(xml_set_start_namespace_decl_handler not called). (Rob)
(did not detect IPV6 on FreeBSD 4.1). (Wez)
(strtotime does not use second param). (Derick)
(Possible crash inside ftp_get()). (cfield at affinitysolutions dot com)
(array_reduce segfaults when initial value is array). (Tony)
(isset gives invalid values on strings). (Tony, Dmitry)
(Set limit on the size of mmapable data). (Ilia)
(strtotime error). (Derick)
(double free when openssl_csr_new fails). (Kamesh Jayachandran).
(Soapserver always uses std class). (David, Dmitry)
(SoapClient doesn't request wsdl through proxy). (Rob)
(Var problem when extending domDocument). (Georg)
(strtotime fails with zero base time). (Derick)
(Lost support for MS Symbol fonts). (Pierre)
(mb_strwidth() returns wrong width values for some hangul characters). (Moriyoshi)
(NULL decimal separator is not being handled correctly). (Ilia)
(strtotime("now")). (Derick)
(private / protected variables not exposed by get_object_vars() inside class). (Marcus)
(Can't return within a zend_try {} block or the previous bailout state isn't restored. (Andi)
(Userland stream wrapper segfaults on stream_write). (Christian)

Version 5.0.2

23-Sep-2004

Added new boolean (fourth) parameter to array_slice() that turns on the preservation of keys in the returned array. (Derick)
Added the sorting flag SORT_LOCALE_STRING to the sort() functions which makes them sort based on the current locale. (Derick)
Added interface_exists() and make class_exists() only return true for real classes. (Andrey)
Added PHP_EOL constant that contains the OS way of representing newlines. (Paul Hudson, Derick)
Implemented periodic PCRE compiled regexp cache cleanup, to avoid memory exhaustion. (Andrei)
Renamed SoapClient->__call() to SoapClinet->__soapCall(). (Dmitry)
Fixed bug with raw_post_data not getting set (Brian)
Fixed a file-descriptor leak with phpinfo() and other 'special' URLs (Zeev)
(ReflectionClass::getMethod() lowercases attribute). (Marcus)
(SOAP module processing WSDL file dumps core). (Dmitry)
(Cannot pass big integers (> 2147483647) in SOAP requests). (Dmitry)
(unserialize()/ __PHP_Incomplete_class does not report correctly class name). (Marcus, Tony)
(simplexml_load_file URL limitation 255 char). (Rob)
(No defines around pcntl_*priority definitions). (Derick)
(SOAP doesn't return the result of a valid SOAP request). (Dmitry)
(soapclient return null value). (Dmitry)
(incorrect convert (xml:lang to lang)). (Dmitry)
(SoapServer::setClass() should not export non-public methods). (Dmitry)
(Interfaces no longer work). (Marcus)
(Fixed possible crashes in convert_uudecode() on invalid data). (Ilia)
(array_count_values() breaks with numeric strings). (Ilia)
(HTTP Authentication Issues). (Uwe Schindler)
(SegFault with Soap and Amazon's Web Services). (Dmitry)
(ip2long should return -1 if IP is 255.255.255.255 and FALSE on error). (Tony)
(Changed ext/xml to default to UTF-8 output). (Rob)
(opendir() with ftp:// wrapper segfaults if path does not have trailing slash). (Ilia)
(xml_* functions throw non descriptive error). (Christian, Rob)
(segfault on result and statement properties). (Georg)
(foreach/string handling strangeness (crash)). (Dmitry)
(Reflection API issues). (Marcus)
(Added sslv2 and sslv3 transports). (Wez)
(Invalid statement handle in mysqli on execute). (Georg)
(parse_url() is now binary safe). (Ilia)
(segfault with Soapserver when WSDL-Cache is enabled). (Dmitry)
(Apache 2.0 SAPI build against Apache 2 HEAD). (Joe Orton, Derick)
(private/protected properties not serialized when user declared method __sleep() exists). E_NOTICE thrown when __sleep() returns name of non-existing member. (Andrey, Curt)

Version 5.0.1

12-Aug-2004

Changed destructor mechanism so that destructors are called prior to request shutdown. (Marcus)
Rewritten UNIX and Windows install help files. (Documentation Team)
Updated several libraries bundled with the windows release which now includes libxml2-2.6.11, libxslt-1.1.7 and iconv-1.9.1. (Rob, Edin)
Improved and moved ActiveScript SAPI to PECL. (Wez)
Fixed unloading of dynamically loaded extensions. (Marcus, kameshj at fastmail dot fm)
Fixed ReflectionClass::getMethod() and ReflectionClass::getProperty() to raise an ReflectionException instead of returning NULL on failure. (Sebastian)
Fixed convert.* filters to consume remaining buckets_in on flush. (Sara)
Fixed bug in mysqli->client_version. (Georg)
(php_strip_whitespace() prints to stdout rather then returning the value). (Ilia)
(MYSQLI_CLIENT_FOUND_ROWS undefined) (Georg)
(Segmentation fault, when exception thrown within PHP function called from XSLT). (Christian)
(accessing properties without connection) (Georg)
(get_class_vars() severely broken when used with arrays). (Marcus)
(.Net object instantiation failed). (Michael Sisolak).
(win32: usleep() doesn't work). (Wez)
(win32: feof() hangs on empty tcp stream). (Wez)
(Possible crash inside array_walk_recursive()). (Ilia)
(crash when parsing invalid address; invalid address returned by stream_socket_recvfrom(), stream_socket_getname()). (Wez)
(Segfault in PHP functions called from XSLT). (Rob)
(sqlite_escape_string() returns bogus data on empty strings). (Ilia, Tony)
(com_dotnet crashes when echo'ing an object). (Wez)
(The destructor is called when an exception is thrown from the constructor). (Marcus)
(Exception constructor marked as both public and protected). (Marcus)
(strtotime() does not handle empty date string properly). (Ilia)
(win32 build produces invalid php_ifx.dll). (Edin)
(fetch functions now use MYSQLI_BOTH as default) (Georg)
(get_class_vars() return names with NULLs). (Marcus)
(gettext extension not working). (Edin)
(variant_date_from_timestamp() does not honour timezone). (Wez)
(error when sending large packets on a socket). (Dmitry)
(memory error when wsdl-cache is enabled). (Dmitry)
(Compile Error in mnoGoSearch functions). (Sergey, Antony)
($_SERVER["PHP_AUTH_USER"] isn't defined). (Stefan)
(html_entity_decode() misbehaves with UTF-8). (Moriyoshi)
(SoapFault exception: [WSDL] Out of memory). (Dmitry)
(soap extension segfaults). (Dmitry)
(__getTypes() returning nothing on complex WSDL). (Dmitry)
(Wrong data encoding of special characters). (Dmitry)
(ReflectionClass::isAbstract always returns false). (Marcus)
(Thread-unsafety in bcmath elementary values). (Sara)
(catch() does not catch exceptions by interfaces). (Marcus)

Version 5.0.0

13-Jul-2004

Updated PCRE to provide better error handling in certain cases. (Andrei)
Changed doc comments to require a single white space after '/**'. (Marcus)
Fixed strip_tags() to correctly handle '\0' characters. (Stefan)
(Database not closing). (Marcus)
(array_combine() does not handle non-numeric/string keys). (Ilia)
(fixed behaviour of exec() to work as it did in 4.X). (Ilia)
(ReflectionClass::isAbstract always returns false). (Marcus)
(Internal filter registry not thread safe). (Sara)
(call_user_func_array has typo in error message). (Marcus)
(ArrayObject::offsetGet() does the work of offsetUnset()). (Marcus)
(ArrayObject::offsetExists() works inverted). (Marcus)
(ReflectionProperty getValue() fails on public static members). (Marcus)
(Segfault when using xslt and clone). (Rob)
(SoapServer does not call _autoload()). (Dmitry)
(array_*diff() and array_*intersect() not clearing the fci cache before work). (Andrey)
(appendChild() and insertBefore() unset DOMText).(Rob)
(SOAP does not parse WSDL service address correctly). (Dmitry)
(Reflection api bugs). (Marcus)
(ReflectionExtension::getFunctions() crashes PHP). (Marcus)
(Allocate enough space to store MSSQL data). (Frank)
(Circular references not properly serialised). (Moriyoshi)

Version 5.0.0 Release Candidate 3

8-Jun-2004

Moved the PDFLib extension to PECL. (Wez)
Added MySQL 4.1.2-alpha and 4.1.3-beta support to MySQLI extension. (Georg)
Added support for dumping private/protected properties to var_dump(). (Andrey)
Added count() support for COM arrays. (Wez)
Added Firebird/InterBase UDF source that allows PHP functions to be called from SQL (Ard)
Changed user error handler mechanism to relay to built-in error handler if it returns false. (Andrei)
Changed class type hints for function parameters to not allow the passing of NULL values. (Andi)
Changed tidy_node to tidyNode and removed tidy_exception. (John)
Fixed ip2long() to return FALSE if an IP address passed to this function is not valid. (Derick)
Fixed memory leak in memory manager. (Andi)
Fixed problem with exceptions returning from include(). (Dmitry)
(Instance of Interface). (Marcus)
(Extending mysqli class). (Georg)
(Transparency detection code is off by 1). (Ilia, pikeman at pikeman dot sytes dot net)
(Missing bounds check inside imagefilter()). (Ilia)
(Userspace stream/filter names forced to lowercase). (Sara)
(stream_*_register() not calling __autoload()). (Sara)
(php_image_filter_contrast calls gdImageBrightness). (Ilia)
(No results returned on SOAP call, no error given). (Dmitry)
(num_rows property for statement object). (Georg)
(COM: Array style properties could not be accessed). (Wez)
(ArrayObject leaks when accessing elements). (Marcus)
(NULL parameter support for mysqli_ssl_set). (Georg)
(ArrayObject doesn't implement ArrayAccess). (Marcus)
(SPL: change visibility of ArrayIterator::__construct). (Marcus)
(memory leak of registered_zend_ini_directives). (Dmitry)
(SPL: ArrayObject does not handle PPP correctly). (Marcus)

Version 5.0.0 Release Candidate 2

25-Apr-2004

Implementing an interface/abstract method with the wrong prototype is now a fatal error. (Zeev)
Reimplemented zend.ze1_compatibility_mode to have better PHP 4 compliance. (Dmitry, Andi)
Under CLI, fclose() on php://stdin, php://stdout and php://stderr will now close the real stream. Please update your CLI scripts to use STDIN, STDOUT and STDERR constants instead of fopen()/fclose(). (Wez)
Moved yaz extension to PECL. (Wez)
Added pty support to proc_open(). (Wez)
Added possibility to check in which extension an internal class was defined in using reflection API. (Marcus)
Changed tidy error handling to no longer use exceptions and renamed the "error_buf" property to errorBuffer. (John)
Changed class and method names to use studlyCaps convention. (Marcus)
Changed language parser to throw errors when a non-empty signature is used in a destructor definition. (Marcus)
Changed HTTP file uploads not to throw E_WARNINGs and E_NOTICEs. The error value in the $_FILES global should be used for error handling. (Derick)
Changed __construct() to always take precedence over old style constructor. (Dmitry)
Fixed handling of return values from storred procedures in mssql_execute() with multiple result sets returned. (Frank)
(stream_socket_accept() doesn't work with ssl). (Wez)
(compile mssql extension with old versions of FreeTDS fails). (Frank)
(SPL: Crash with getInnerIterator()). (Marcus)
(COM doesn't pass array parameters). (Wez)
(sqlite incorrectly handles invalid filenames). (Ilia)
(in some cases using foreach() to iterate over values led to a false error message about the key being a reference). (Adam)
(STDIN, STDOUT, STDERR are dup()d under CLI). (Wez)
(xml_parse() segfaults when xml_set_object() is called from class method). (Andi, Rob)
(WDSL SOAP Parsing Schema bug). (Dmitry)
(Segfault on schema without targetNamespace). (Dmitry)
(mktime issues on and around DST changeover). (Rasmus)
(soap extension fails without HAVE_TM_GMTOFF). (Dmitry)
(Object cloning in ze1_compatibility_mode was reimplemented) (Dmitry, Andi)
(Simplify the process of making a POST request via stream context). (Ilia)
(filters not applied to pre-buffered stream data). (Sara)
(Reflection_Function constructor crashes with non-existant function's name). (Marcus)
(serialize() objects of incomplete class). (Dmitry)
(handling of numeric indexes in strtr()). (Dmitry)
(debug_backtrace() not showing function arguments). (Zeev)
(The last catch statement was sometimes skipped). (Andi)
(When __set() returned a value it corrupted it). (Andi)
(shouldn't mmap() files larger than memory_limit). (Wez)

Version 5.0.0 Release Candidate 1

18-Mar-2004

Fixed numerous bugs with the just-in-time auto-global initialization, that could cause $_SERVER, $argv/$argc and other variables not to work properly. (Zeev)
Fixed data corruption with constant assignments to object properties. (Zeev)
Changed __toString() to be called automatically only with print and echo statements. (Andi)
Replaced the exec_finished hook by the zend_post_deactive hook for extensions. The new hook will be run after the symbol table and destructors are run. (Derick)
Fixed possible crash when internal get_method() is not defined. (Andi)
Fixed calling methods using call_user_func() in conjunction with the array("Class","Method") syntax to use the scope of the PHP user function. (Dmitry)
Fixed php-cgi to not ignore command-line switches when run in a web context. This fixes our test cases allowing INI with GET sections to work. (Rasmus)
Fixed getopt() so it works without $_SERVER. (Rasmus, bfrance)
Added support for PHP 4 style object comparisons which is enabled in ze1_compatiblity_mode. (Andi)
Added support for PHP 4 style object conversion to long, double, and boolean values which is enabled in ze1_compatibility_mode. (Andi, Stas)
Allow object oriented extensions to overload comparison functions and other operations. Solves problems using SimpleXML values. (Andi, Zeev)
Fixed crash when accessing a class constant with a value which in turn is also a constant. (Dmitry)
Fixed object's truth value conversion. It is always true unless ze1_compatibility_mode is on in which it behaves like in PHP 4. (Stas)
Improved out of memory handling in new memory manager. (Stas)
Fixed crash when an object references itself during destructor call. (Andi)
Fixed crash in foreach() when iterating over object properties or a method's return values. (Andi)
Fixed crash when an exception is thrown in a destructor. Such exceptions are now ignored as destruction happens out of context at no definite time. (Andi)
Fixed crashes in exception handling. (Dmitry, Andi)
Changed prototype checks so that they aren't done on constructors. (Andi)
Changed prototype checks to output an E_STRICT message instead of an E_COMPILE_ERROR. (Andi)
Changed Iterator::has_more() to Iterator::valid(). (Marcus)
Upgraded bundled oniguruma library to version 2.2.2. (Rui, Moriyoshi)
Added mb_list_encoding() to return an array with all mbstring supported encodings. (Derick)
Added support for more ISO8601 datetime formats in strtotime(). (Moriyoshi)
- Timezone specifier (ex. "20040301T02:00:00+19:00")
- Week specifier (ex. "1997W021")
Renamed php.ini option "zend2.implicit_clone" to "zend.ze1_compatibility_mode" as it doesn't only affect implicit cloning. (Andi, Zeev)
Methods that override parent methods are now subject to prototype checking, and have to be compatible with the method they're overriding - this check is disabled in compatibility mode. (Andi, Zeev)
Fixed crash in php_ini_scanned_files() when no additional INI files were actually parsed. (Jon)
Fixed bug in gdImageFilledRectangle in the bundled GD library, that required x1 < x2 and y1 < y2 for coordinates. (Derick)
Fixed crash with foreach() and temporary objects($obj->method()->a ...) where method returns a non-referenced object. (Andi, Zeev)
Fixed problem preventing startup errors from being displayed. (Marcus)
Fixed start-up problem if both SPL and SimpleXML were enabled. The double initialization of apache 1.3 was causing problems here. (Marcus, Derick)
(Expression must be a modifiable lvalue compiler error). (Derick)
(pg_fetch_array not returning false). (Marcus)
(ArrayObject::getIterator crashes with [] assignment). (Marcus)
(Objects pointing to each other segfaults). (Dmitry)
(Problem with object freeing mechanism). (Dmitry)
(Visibility bugs in call_user_function()). (Dmitry)
(handling of numeric indexes in strtr()). (Dmitry)
(memory leak inside tsrm_virtual_cwd.c on win32). (Ilia)
(get_browser matches browscap.ini patterns incorrectly). (Jay)
(wddx segfaults during deserialization). (Moriyoshi)
(session extension crashes when unserializing referenced values / objects). (Moriyoshi)
(Working with simplexml crashes apache2). (Rob)
(Mixed case class names causes Fatal Error in Constructor call). (Marcus)
(strval() doesn't work for objects with __toString()). (Marcus)
(Fix crash caused by bug in get_object_vars()). (Andi)
(mbstring compile errors with IRIX compiler). (K.Kosako <kosako at sofnec dot co dot jp>, Rui, Moriyoshi)
(register_long_arrays breaks superglobals). (Zeev)
(argv and argc not defined). (Zeev)

Version 5.0.0 Beta 4

12-Feb-2004

Changed exceptions so that they must now inherit from the built-in Exception class. This allows for a general catch(Exception $e) statement to catch all exceptions. (Andi, Zeev)
Added SPL extension. (Marcus, Derick)
Added checks for invalid characters in a cookie name and cookie data into set[raw]cookie(). (Brian)
Added support for ++ and += (and similar) to SimpleXML. (Andi, Zeev)
Added infrastructure for ++ and += (and similar) to object overloading modules. (Andi, Zeev)
Added error message when trying to re-assign to $this variable. (Zeev, Andi)
Added support for an interface to extend another interface. (Zeev)
Added new pspell functions: (Brian)
- pspell_config_dict_dir()
- pspell_config_data_dir()
Added new Interbase functions: (Ard)
- ibase_service_attach() and ibase_service_detach().
- ibase_backup() and ibase_restore().
- ibase_maintain_db(), ibase_db_info() and ibase_server_info().
Added context option "http"/"request_fulluri" to send entire URI in request which is required format for some proxies. (Sara)
Added optional third parameter 'strict' to array_keys(). (Andrey)
Added stream_lock() method to userspace streams interface. (Hartmut, Wez)
Added xsltprocessor->registerPHPFunctions(). (Christian)
Readded support for using classes before they are declared according to the behavior in PHP 4. This won't work with classes who are using PHP 5 features such as interfaces. (Zeev, Andi)
Completely overhauled SimpleXML extension. (Marcus, Rob, Sterling)
Upgraded bundled SQLite library to version 2.8.11. (Ilia, Wez)
Improved destructor implementation to always call destructors on clean shutdown. An order of destruction is not guaranteed. (Zeev, Andi)
Redesigned exception support. This fixes many bugs in the previous design such as nested try's and problems with overloaded extensions. (Zeev, Andi)
Redesigned clone by adding a clone keyword (clone $obj) and copying all properties before __clone() is called. Also allows calling parent __clone function by using parent::__clone(). (Zeev, Andi)
Fixed interfaces to check for function return-by-reference equality when inheriting and implementing interfaces. (Andi, Zeev)
Fixed foreach() to respect property visibility. (Marcus)
Fixed problem with parse error in include() file not stopping PHP's execution. (Ilia)
Fixed var_export() to show public, protected and private modifiers properly. (Derick)
Fixed problems with longlong values in mysqli. (Georg)
Fixed class name case preserving of user defined classes. (Marcus)
(Unmangle private/protected property names before printing them inside error messages). (Ilia)
(preg_split('//u') incorrectly splits UTF-8 strings into octets). (Moriyoshi)
(SPL: SeekableIterator seek() broken). (Marcus)
(Every class method can be called as static). (Marcus)
(exec() has problems reading long lines). (Ilia, runekl[at]opoint[dot]com
(ext/dom: Crash when using DomDocument::getElementById()). (Christian)
(crash in sqlite extension when fetching data from empty queries). (Ilia)
(ext/mime_magic: magic file validation broken). (Jani)
(http_build_query() crashes on NULL output). (Ilia)
(http_build_query() does not handle private & protected object properties correctly). (Ilia)
(foreach of (DOM) childnodes crashes when Xinclude is used). (Rob)
(SQLite causes crashes with other extensions *connect() calls). (Marcus)
(unserialize() produces lowercase classnames). (Marcus)
(getElementsByTagName doesn't work properly). (Rob)
(__autoload not invoked for parent classes). (Marcus)
(domNode::appendChild() changes child node namespace). (Rob)
(calling class_exists() on a nonexistent class in __autoload results in segfault). (Marcus)
(string index in a switch() crashes with multiple matches). (Andi)
(Reflection API does not recognize mixed-case class hints). (Marcus)
(make xsltProcessor->transformToUri use streams wrappers). (Ilia)
(Added version check in mysqli_report_index). (Georg)
(Segfault on ArrayAccess use). (Marcus)
(__autoload() not invoked by Reflection classes). (Jani)
(call_user_func() broken for self, parent). (Stanislav)
(memory leak when new() result is not assigned and no constructor is defined). (Stanislav)
(Crash when nesting classes). (Marcus)
(disallow arrays in class constants). (Stanislav)
(sqlite_create_function with method and reference to $this). (Marcus)
(call_user_func() issues a warning if function throws an exception). (Marcus)
(__set not triggered when overloading with array). (Stanislav)
(enabling browscap causes segfault). (Wez)

Version 5.0.0 Beta 3

21-Dec-2003

Bundled new tidy extension (John, Wez)
Upgraded PCRE library to version 4.5. (Andrei)
Dropped Windows 95 support. (Andi)
Moved extensions to PECL:
- ext/crack (Jani, Derick)
- ext/db (Jani, Derick)
- ext/mcal (Jani, Derick)
- ext/qtdom (Jani, Derick)
- ext/notes (Wez)
Added 'c' modifier to date() which returns the date in the ISO 8601 format. (Derick, Manuzhai)
Added an optional parameter to microtime() to get the time as float. (Andrey)
Added MacRoman encoding support to htmlentities(). (Derick, Marcus Bointon)
Added possibility to call PHP functions as XSLT-functions. (Christian)
Added possibility to prevent PHP from registering variables when input filter. support is used. (Derick)
Added iconv stream filter (convert.iconv.*). (Moriyoshi)
Added EXSLT support in ext/xsl. (Christian)
Added qdbm handler for dba extension. (mg at iceni dot pl, Marcus)
Added new functions:
- dba_key_split() to split inifile keys in an array. (Marcus)
- time_nanosleep() signal safe sleep (Magnus, Ilia)
- headers_list(). (Sara)
- php_strip_whitespace(). strip whitespace & comments from a script. (Ilia)
- php_check_syntax(). check php script for parse errors. (Ilia)
- image_type_to_extension(). return extension based on image type. (Ilia)
- stream_socket_sendto() and stream_socket_recvfrom(). (Wez)
- iconv_mime_decode_headers(). (Moriyoshi)
- get_declared_interfaces(). (Andrey, Marcus)
- sqlite_fetch_column_types(). (Ilia)
Added proxy support to http:// wrapper. (Sara)
Added rename(), rmdir() and mkdir() support to userstreams. (Sara)
Added rename(), rmdir() and mkdir() support to ftp:// wrapper. (Sara)
Changed rename(), rmdir() and mkdir() to be routed via streams API. (Sara)
Changed stat() and family to be routed via streams API. (Sara)
Fixed include_once() / require_once() on Windows to honor case-insensitivity; of files. (Andi)
Fixed get_declared_classes() to return only classes. (Andrey, Marcus)
Fixed __autoload() to preserve case of the passed class name. (Andi)
() (runekl at opoint dot com, Derick)
("__autoload threw an exception" during an uncaught). (Marcus)
(stream_get_meta_data() -> Access Violation). (Wez)
(HTML entities are not being decoded by xml_parse()/xml_parse_into_struct()). (Ilia)
(Object properties created redundantly). (Andi)
(REPLACE_ZVAL_VALUE works on uninit stack-based zvals). (Moriyoshi)
(Non-working write support in ext/dom). (Ilia)
(--disable-libxml does not work). (Jani)
(serialize crashes when accessing an overloaded object that has no properties (NULL hashtable)). (Wez)
(COM crashes when calling a Delphi implementations of ITypeInfo). (Wez)
(Incorrect behaviour of PPP using foreach). (Marcus)
(Allow session.use_trans_sid to be enabled/disabled from inside the script). (Ilia)
(Serializing cross-referenced objects causes segfault). (Moriyoshi)

Version 5.0.0 Beta 2

30-Oct-2003

Lots and lots of changes in the Zend Engine 2 since beta 1:
- Added Iterators
- Improved memory manager
- Added Reflection API
- Removed the not so working namespaces support
- Removed support for expressions within constant declerations.
- You can read about most changes in ZEND_CHANGES under the Zend directory.
Improved the DBX extension: (Marc)
- Added DBX_RESULT_UNBUFFERED flag for dbx_query().
- Added dbx_fetch_row()
- Added SQLite support.
Improved the Interbase extension: (Ard Biesheuvel)
- Added support for multiple databases into ibase_trans()
- Added support for CREATE DATABASE, SET TRANSACTION and EXECUTE PROCEDURE statements into ibase_query()
- Added ibase_commit_ret() and ibase_rollback_ret()
- Added ibase_drop_db()
- Added ibase_gen_id()
- Added ibase_name_result()
- Added ibase_errcode()
- Added ibase_affected_rows() and ibase_num_params()
- Added ibase_param_info()
- Added ibase_wait_event()
- Added ibase_set_event_handler() and ibase_free_event_handler()
Added new COM extension with integrated .Net support. (Wez)
Added new functions:
- setrawcookie(). (Brian)
- pg_version(). (Marcus)
- dbase_get_header_info(). (Zak)
- snmp_read_mib(). (Jani)
- http_build_query(). (Sara)
- ftp_alloc(). (Sara)
- array_udiff(). (Andrey)
- array_udiff_assoc(). (Andrey)
- array_udiff_uassoc(). (Andrey)
- array_diff_uassoc(). (Andrey)
- convert_uuencode(). (Ilia)
- convert_uudecode(). (Ilia)
- substr_compare(). (Ilia)
- pcntl_wait(). (GeorgeS)
Added "resume_pos" context option to "ftp://" wrapper. (Sara)
Added optional parameter to OCIWriteTemporaryLob() to specify the type of LOB (Patch by Novicky Marek <novicky@aarongroup.cz>). (Thies)
Added reflection API. (Andrei, George, Timm)
Changed length parameter in fgetcsv() to be optional. (Moriyoshi)
Fixed IPv6 support in MacOSX Panther. (Dan, Marko)
Fixed fgetcsv() to correctly handle international (non-ascii) characters. (Moriyoshi)
Fixed support for <![CDATA[]]> fields within XML documents in ext/xml. (Sterling)
Fixed visibility of __construct and __clone. (Marcus)
(fgetcsv() not binary-safe on null bytes). (Moriyoshi)
(SimpleXML's validate_schema_file() broken). (Moriyoshi)
(getimagesize() returns incorrect values on bitmap (os2) files). (Marcus)
(array_merge*() allows non-arrays as argument). (Jay)
(strange result array from unpack()). (Moriyoshi)
($obj = new $className; causes crash when $className is not set). (Marcus)
(cannot read array elements received via $_REQUEST). (Zeev)
(get_parent_class() returns different values). (Sterling, Stanislav)
(preg_replace() problem: Using $this when not in object context). (Zeev)
(PEAR DB isError crash [instanceof_function fault?]). (Sterling, Marcus)
(foreach ($k=>$v), the key $k is missing). (Zeev)
(__get() crash when no value is returned). (Ilia)
(undefined variable has a value). (Zeev)
(allow fast_call_user_function to support __call). (Stanislav)
(Warning when switch() and reference are combined). (Zeev)
(strtotime failed to parse postgresql timestamp). (Derick)

Version 5.0.0 Beta 1

29-Jun-2003

Switch to using Zend Engine 2, which includes numerous engine level improvements. A full list is available at http://www.php.net/zend-engine-2.php.
The SQLite (http://www.hwaci.com/sw/sqlite/) extension is now bundled and enabled by default. (Wez, Marcus, Tal)
Improved the speed of internal functions that use callbacks by 40% due to a new internal fast_call_user_function() function. (Sterling)
Completely Overhauled XML support (Rob, Sterling, Chregu, Marcus)
- Brand new Simplexml extension
- New DOM extension
- New XSL extension
- Moved the old DOM-XML and XSLT extensions to PECL
- ext/xml can now use both libxml2 and expat to parse XML
- Removed bundled expat
Removed the bundled MySQL client library. (Sterling)
New php.ini options:
- "session.hash_function" and "session.hash_bits_per_character". (Sascha)
- "mail.force_extra_paramaters". (Derick)
- "register_long_arrays". (Zeev)
Improved the streams support: (Wez, Sara, Ilia)
- Improved performance of readfile(), fpassthru() and some internal streams operations under Win32.
- stream_socket_client() - similar to fsockopen(), but more powerful.
- stream_socket_server() - Creates a server socket.
- stream_socket_accept() - Accept a client connection.
- stream_socket_get_name() - Get local or remote name of socket.
- stream_copy_to_stream()
- stream_get_line() - Reads either the specified number of bytes or until the ending string is found.
- Added context property to userspace streams object.
- Added generic crypto interface for streams (supports dynamic loading of OpenSSL)
- Added lightweight streaming input abstraction to the Zend Engine scanners to provide uniform support for include()'ing data from PHP streams across all platforms.
- Added 'string.base64' stream filter.
- Renamed stream_register_wrapper() to stream_wrapper_register().
- Added "ftp://" wrapper support to opendir(), stat() and unlink().
- Added context options 'method', 'header' and 'content' for "http://" fopen wrapper.
Improved the GD extension: (Pierre-Alain Joye, Ilia)
- imagefilter() - Apply different filters to image. (Only available with bundled GD library)
- Antialiased drawing support:
  - imageantialias() - (de)active antialias
  - imageline() and imagepolygon() antialias support
Changed the length parameter in fgetss() to be optional. (Moriyoshi)
Changed ini parser to allow for handling of quoted multi-line values. (Ilia)
Changed get_extension_funcs() to return list of the built-in Zend Engine functions if "zend" is specified as the module name. (Ilia)
Changed array_search() to accept also objects as a needle. (Moriyoshi)
Changed ext/mcrypt to require libmcrypt version 2.5.6 or greater. (Derick)
Changed uniqid() parameters to be optional and allow any prefix length. (Marcus)
Added new iconv functions. (Moriyoshi)
- iconv_strlen()
- iconv_substr()
- iconv_strpos()
- iconv_strrpos()
- iconv_mime_decode()
- iconv_mime_encode()
Added misc. new functions:
- ldap_sasl_bind(). (peter_c60@hotmail.com, Jani)
- imap_getacl(). (Dan, Holger Burbach)
- file_put_contents(). (Sterling)
- proc_nice() - Changes priority of the current process. (Ilia)
- pcntl_getpriority() and pcntl_setpriority(). (Ilia)
- idate(), date_sunrise() and date_sunset(). (Moshe Doron)
- strpbrk() - Searches a string for a list of characters. (Ilia)
- get_headers() - Returns headers sent by the server of the specified URL. (Ilia)
- str_split() - Breaks down a string into an array of elements based on length. (Ilia)
- array_walk_recursive(). (Ilia)
- array_combine(). (Andrey)
Added optional parameter to get_browser() to make it return an array. (Jay)
Added optional parameter to openssl_sign() to specify the hashing algorithm.(scott@planetscott.ca, Derick)
Added optional parameter to sha1(), sha1_file(), md5() and md5_file() which makes them return the digest as binary data. (Michael Bretterklieber, Derick)
Added optional parameter to mkdir() to make directory creation recursive. (Ilia)
Added optional parameter to file() which makes the result array not contain the line endings and to skip empty lines. (Ilia)
Added new range() functionality:
- Support for float modifier. (Ilia)
- Detection of numeric values inside strings passed as high & low. (Ilia)
- Proper handle the situations where high == low. (Ilia)
- Added an optional step parameter. (Jon)
Added encoding detection feature for expat XML parser. (Adam Dickmeiss, Moriyoshi)
Added missing multibyte (unicode) support and numeric entity support to html_entity_decode(). (Moriyoshi)
Added IPv6 support to ext/sockets. (Sara)
Added input filter support. See README.input_filter for more info. (Rasmus)
Added a replace count for str_[i]replace(), see . (Sara)
Fixed is_executable() to be available also on Windows. (Shane)
Fixed dirname() and strip_tags() to be binary-safe. (Moriyoshi)
(crash in pathinfo()). (Ilia)
and (various mb_send_mail() issues). (Moriyoshi)
(Assign by reference function call changes variable contents). (Zeev)