PHP 5.2 Combined Changelog

PHP 5.2.17

PHP 5.2.16

PHP 5.2.15

PHP 5.2.14

PHP 5.2.13

  • core
    • Improved LCG entropy. (Rasmus, Samy Kamkar)
    • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
    • Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)

PHP 5.2.12

  • core
    • Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (Rasmus)
    • Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (Rasmus)
    • Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia)
    • Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (Stas)
    • Fix 49785 (insufficient input string validation of htmlspecialchars()). (Moriyoshi, hello at iwamot dot com)

PHP 5.2.11

  • core
    • Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
    • Added missing sanity checks around exif processing. (Ilia)
    • Fixed sanity check for the color index in imagecolortransparent. (Pierre)
    • Fix 44683 (popen crashes when an invalid mode is passed). (Pierre)

PHP 5.2.10

  • core
    • Fix 48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)

PHP 5.2.9

  • core
    • CVE-2008-5498 Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott)
    • Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)
    • Fixed explode() behavior with empty string to respect negative limit. (Shire)
    • Fixed a segfault when malformed string is passed to json_decode(). (Scott)
    • Fixed bug in xml_error_string() which resulted in messages being off by one. (Scott)

PHP 5.2.8

PHP 5.2.6

  • core
    • Fixed possible stack buffer overflow in FastCGI SAPI. (Andrei Nigmatulin)
    • Properly address incomplete multibyte chars inside escapeshellcmd() (Ilia, Stefan Esser)
    • CVE-2008-0599 Fixed security issue detailed in CVE-2008-0599. (Rasmus)
    • Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. (Ilia)
    • Upgraded PCRE to version 7.6 (Nuno)

PHP 5.2.5

  • core
    • Fixed dl() to only accept filenames. reported by Laurent Gaffie.
    • CVE-2007-4887 Fixed dl() to limit argument size to MAXPATHLEN
    • Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences.
    • Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
    • Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications reported by SecurityReason.
    • Fix 42869 (automatic session id insertion adds sessions id to non-local forms).
    • Fix 41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).

PHP 5.2.4

  • core
    • Fixed "Floating point exception" inside wordwrap(). (Mattias Bengtsson, Ilia)
    • Fixed several integer overflows in ImageCreate(), ImageCreateTrueColor(), ImageCopyResampled() and ImageFilledPolygon() reported by Mattias Bengtsson. (Tony)
    • Fixed size calculation in chunk_split(). (Stas)
    • Fixed integer overflow in str[c]spn(). (Stas)
    • Fixed money_format() not to accept multiple %i or %n tokens. (Stas, Ilia)
    • Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Ilia)
    • Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Stas)
    • CVE-2007-3378 Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Stas, Maksymilian Arciemowicz)
    • CVE-2007-3806 Fixed possible invalid read in glob() win32 implementation (Tony)
    • Improved fix for MOPB-03-2007. (Ilia)
    • CVE-2007-2872 Corrected fix for CVE-2007-2872. (Ilia)

PHP 5.2.3

  • core
    • CVE-2007-2872 Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
    • CVE-2007-2756 Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
    • CVE-2007-1900 Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)
    • Fix 41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)
    • CVE-2007-1887 Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
    • Added mysql_set_charset() to allow runtime altering of connection encoding.

PHP 5.2.2

  • core
    • CVE-2007-1001 Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) (Pierre)
    • Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) (Ilia)
    • Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) (Ilia)
    • Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) (Stas)
    • Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) (Ilia)
    • Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas)
    • Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) (Ilia)
    • Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia)
    • Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser) (Stas)
    • Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team) (Ilia)
    • Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser) (Ilia)
    • Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (Ilia)
    • Fixed a buffer overflow inside user_filter_factory_create(). (Ilia)
    • Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (Stas)
  • improved bundled gd
    • Sync to 2.0.35
    • Added imagegrabwindow and imagegrabscreen, capture a screen or a window using its handle (Pierre)
    • colors allocated henceforth from the resulting image overwrite the palette colors (Rob Leslie)
    • Improved thread safety of the gif support (Roman Nemecek, Nuno, Pierre)
  • improved thread safety of the freetype cache (scott macvicar, nuno, pierre)
    • imagearc huge CPU usage with large angles, libgd bug #74 (Pierre)
  • improved zend memory manager
    • guarantee of reasonable time for worst cases of best-fit free block searching algorithm. (Dmitry)
    • better cache usage and less fragmentation on erealloc() (Tony, Dmitry)
  • improved spl (marcus)
    • Added SplFileInfo::getBasename(), DirectoryIterator::getBasename().
    • Added SplFileInfo::getLinkTarget(), SplFileInfo::getRealPath().
    • Made RecursiveFilterIterator::accept() abstract as stated in documentation.
  • improved soap
    • Added ability to encode arrays with "SOAP-ENC:Array" type instead of WSDL type. To activate the ability use "feature"=>SOAP_USE_XSI_ARRAY_TYPE option in SoapClient/SoapServer constructors. (Rob, Dmitry)
  • upgraded libraries bundled in the windows distribution. (edin)
    • c-client (imap) to version 2006e
    • libpq (PostgreSQL) to version 8.2.3
    • libmysql (MySQL) to version 5.0.37
    • openssl to version 0.9.8e

PHP 5.2.1

  • added internal heap protection (dmitry)
    • memory-limit is always enabled (--enable-memory-limit removed)
    • default value if memory-limit is set to 128M
    • safe unlinking
    • cookies
    • canary protection (debug build only)
    • random generation of cookies and canaries
  • added three new functions to ext/xmlwriter (rob, ilia)
    • xmlwriter_start_dtd_entity()
    • xmlwriter_end_dtd_entity()
    • xmlwriter_write_dtd_entity()
  • moved extensions to pecl
    • ext/informix (Derick, Tony)
  • zend memory manager improvements (dmitry)
    • use HeapAlloc() instead of VirtualAlloc()
    • use "win32" storage manager (instead of "malloc") on Windows by default
  • zip extension improvements (pierre)
    • Fixed leak in statName and stateIndex
    • Fixed return setComment (Hannes)
    • Added addEmptyDir method
  • filter extension improvements (ilia, pierre)
    • Fixed a bug when callback function returns a non-modified value.
    • Added filter support for $_SERVER in cgi/apache2 sapis.
    • Make sure PHP_SELF is filtered in Apache 1 sapi.
    • Fix 39358 (INSTALL_HEADERS contains incorrect reference to php_filter.h).
    • Added "default" option that allows a default value to be set for an invalid or missing value.
    • Invalid filters fails instead of returning unsafe value
    • Fixed possible double encoding problem with sanitizing filters
    • Make use of space-strict strip_tags() function
    • Fixed whitespace trimming
    • Added support for FastCGI environment variables. (Dmitry)
  • pdo_mysql extension improvements (ilia)
    • Enabled buffered queries by default.
    • Enabled prepared statement emulation by default.
  • windows related optimizations (dmitry, stas)
    • COM initialization/deinitialization are done only if necessary
    • removed unnecessary checks for ISREG file and corresponding stat() calls
    • opendir() is reimplementation using GetFirstFile/GetNextFile those are faster then _findfirst/_findnext
    • implemented registry cache that prevent registry lookup on each request. In case of modification of corresponding registry-tree PHP will reload it automatic
    • start timeout thread only if necessary
    • stat() is reimplementation using GetFileAttributesEx(). The new implementation is faster then implementation in MS VC CRT, but it doesn't support Windows 95.
  • streams optimization (dmitry)
    • removed unnecessary ftell() calls (one call for each included PHP file)
    • disabled calls to read() after EOF

PHP 5.2.0

  • moved extensions to pecl
    • ext/filepro (Derick, Tony)
    • ext/hwapi (Derick, Tony)
  • improved snmp extension: (jani)
    • Renamed snmp_set_oid_numeric_print() to snmp_set_oid_output_format().
    • Added 2 new constants: SNMP_OID_OUTPUT_FULL and SNMP_OID_OUTPUT_NUMERIC
    • Fix 37564 (AES privacy encryption not possible due to net-snmp 5.2 compatibility issue). (Patch: scott dot moynes+php at gmail dot com)
  • improved openssl extension: (pierre)
    • Added support for all supported algorithms in openssl_verify
    • Added openssl_pkey_get_details, returns the details of a key
    • Added x509 v3 extensions support
    • Added openssl_csr_get_subject() and openssl_csr_get_public_key()
    • Added 3 new constants OPENSSL_VERSION_TEXT and OPENSSL_VERSION_NUMBER and OPENSSL_KEYTYPE_EC
  • improved the zend memory manager: (dmitry)
    • Removed unnecessary "--disable-zend-memory-manager" configure option.
    • Added "--enable-malloc-mm" configure option which is enabled by default in debug builds to allow using internal and external memory debuggers.
    • Allow tweaking the memory manager with ZEND_MM_MEM_TYPE and ZEND_MM_SEG_SIZE environment variables.
    • For more information: Zend/README.ZEND_MM
  • improved apache2filter sapi
    • Allowed PHP to be an arbitrary filter in the chain and read the script from the Apache stream. (John)
    • Added support for apache2filter in the Windows build including binary support for both Apache 2.0.x (php5apache2_filter.dll) and Apache 2.2.x (php5apache2_2_filter.dll). (Edin)
  • improved apache2handler sapi
    • Changed ap_set_content_type() to be called only once. (Mike)
    • Added support for Apache 2.2 handler in the Windows distribution. (Edin)
  • improved fastcgi sapi: (dmitry)
    • Removed source compatibility with libfcgi.
    • Optimized access to FastCGI environment variables by using HashTable instead of linear search.
    • Allowed PHP_FCGI_MAX_REQUESTS=0 that assumes no limit.
    • Allowed PHP_FCGI_CHILDREN=0 that assumes no worker children. (FastCGI requests are handled by main process itself)
  • improved curl
    • Added control character checks for "open_basedir" and "safe_mode" checks. (Ilia)
    • Added implementation of curl_multi_info_read(). (Brian)
  • improved pcre: (andrei)
    • Added run-time configurable backtracking/recursion limits.
    • Added preg_last_error(). (Andrei)
  • improved pdo
    • Added new attribute ATTR_DEFAULT_FETCH_MODE. (Pierre)
    • Added FETCH_PROPS_LATE. (Marcus)
  • improved spl: (marcus)
    • Made most iterator code exception safe.
    • Added RegExIterator and RecursiveRegExIterator.
    • Added full caching support and ArrayAccess to CachingIterator.
    • Added array functions to ArrayObject/ArrayIterator and made them faster.
    • Added support for reading csv and skipping empty lines in SplFileObject.
    • Added CachingIterator::TOSTRING_USE_INNER, calls inner iterator __toString.
    • Added ability to set the CSV separator per SplFileObject.
  • improved xmlreader: (rob)
    • Added readInnerXml(), xmlReader::setSchema().
    • Added readInnerXML(), readOuterXML(), readString(), setSchema(). (2.6.20+)
    • Changed to passing libxml options when loading reader.
To Top