php-4.4.7-Win32.zip

PHP 4 NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 04 May 2007, Version 4.4.7 - Fixed MOPB-33-2007 (PHP mail() Message ASCIIZ Byte Truncation). (Ilia) - Fixed MOPB-32-2007 (Double free inside session_decode()). (Ilia) - Fixed MOPB-26-2007 (mb_parse_str() can be used to activate register_globals). (Ilia) - Fixed MOPB-24-2007 (Fixed unallocated memory access/double free in in array_user_key_compare()). (Stas) - Fixed MOPB-22-2007 (PHP session_regenerate_id() Double Free Vulnerability). (Ilia) - Fixed MOPB-21-2007 (An open_basedir/safe_mode bypass inside the compress.bzip2 wraper). (Ilia) - Fixed MOPB-8-2007 (XSS in phpinfo()). (Joe Orton, Stas) - Fixed CVE-2007-1001 (GD wbmp used with invalid image size). (Pierre) - Fixed CVE-2007-0455 (Buffer overflow in gdImageStringFTEx, used by imagettf function). (Kees Cook, Pierre) - Fixed bug #41252 (Calling mcrypt_generic without first calling mcrypt_generic_init crashes). (Derick) - Fixed bug #40998 (long session array keys are truncated). (Tony) - Fixed bug #40915 (addcslashes unexpected behavior with binary input). (Tony) - Fixed bug #40831 (cURL extension doesn't clean up the buffer of reused handle). (Tony) - Fixed bug #40747 (possible crash in session when save_path is out of open_basedir). (Tony) - Fixed bug #38236 (Binary data gets corrupted on multipart/formdata POST) (patch by [email protected]) - Fixed huge CPU usage in imagearc when used with large angles (libgd bug #74). (Pierre) - Fixed CRLF injection inside ftp_putcmd(). (Ilia) 28 Feb 2007, Version 4.4.6 - Updated PCRE to version 7.0. (Nuno) - Fixed segfault in ext/session when register_globals=On. (Tony) - Fixed bug #40635 (segfault in cURL extension). (Tony) - Fixed bug #40611 (possible cURL memory error). (Tony) - Fixed bug #40578 (imagettftext() multithreading issue). (Tony) - Fixed bug #40502 (ext/interbase compile failure). (Tony) - Fixed bug #40286 (PHP fastcgi with PHP_FCGI_CHILDREN don't kill children when parent is killed). (Dmitry) 14 Feb 2007, Version 4.4.5 - Upgraded PEAR to 1.5.0. (Greg) - Updated PCRE to version 6.7. (Ilia) - Moved extensions to PECL: . ext/ovrimos (Derick) - Added a meta tag to phpinfo() output to prevent search engines from indexing the page. (Ilia) - Backported a fix in the configure tests to detect the "rounding fuzz". (Derick, Joe Orton) - Backported fix for ext/imap compilation failure with recent c-client versions. (Tony) - Fixed missing open_basedir check inside chdir() function. (Ilia) - Fixed bug #40335 (Compile fails when using GCC 4.1.1/binutils 2.17). (Tony) - Fixed bug #39971 (pg_insert/pg_update do not allow now() to be used for timestamp fields). (Ilia) - Fixed bug #39890 (using autoconf 2.6x and --with-layout=GNU breaks PEAR install path). (Tony) - Fixed bug #39819 (Using $this not in object context can cause segfaults). (Dmitry) - Fixed bug #39653 (ext/dba doesn't check for db-4.5 and db-4.4 when db4 support is enabled). (Tony) - Fixed bug #39583 (ftp_put() does not change transfer mode to ASCII). (Tony) - Fixed bug #39458 (ftp_nlist() returns false on empty dirs). (Nuno) - Fixed bug #39354 (Allow building of curl extension against libcurl 7.16.0). (Ilia) - Fixed bug #39034 (curl_exec() with return transfer returns TRUE on empty files). (Ilia) - Fixed bug #38963 (Fixed a possible open_basedir bypass in tempnam()). (Ilia) - Fixed bug #38882 (ldap_connect causes segfault with newer versions of OpenLDAP). (Tony) - Fixed bug #38859 (parse_url() fails if passing '@' in passwd). (Tony,Ilia) - Fixed bug #38722 (Calling undefined method prints insufficient error message) (Hannes) - Fixed bug #38534 (segfault when calling setlocale() in userspace session handler). (Tony) - Fixed bug #38450 (constructor is not called for classes used in userspace stream wrappers). (Tony) - Fixed bug #38378 (wddx_serialize_value() generates no wellformed xml). (sj at sjaensch dot org, grzegorz dot nosek at netart dot pl, Tony). - Fixed bug #37812 (aggregate_methods_by_list fails to take certain methods). (Hannes) - Fixed bug #36975 (natcasesort() causes array_pop() to misbehave). (Hannes) - Fixed bug #36248 (CURLOPT_HEADERFUNCTION, couldn't set the function in the class). (Ilia) - Fixed bug #34066 (recursive array_walk causes segfault). (Tony) 17 Aug 2006, Version 4.4.4 - Fixed memory_limit on 64bit systems. (Stefan E.) - Fixed overflow on 64bit systems in str_repeat() and wordwrap(). (Stefan E.) - Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled. (Stefan E.) - Fixed a memory corruption error with an invalid foreach() call. (Stefan E., Dmitry, Derick) - Fixed bug #38456 (Apache2 segfaults when virtual() is called in .php ErrorDocument). (Ilia) - Fixed bug #38431 (xmlrpc_get_type() crashes PHP on objects). (Tony) - Fixed bug #38377 (session_destroy() gives warning after session_regenerate_id()). (Ilia) - Fixed bug #38322 (reading past array in sscanf() leads to arbitary code execution). (Tony) - Fixed bug #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire). (Tony) - Fixed bug #38251 (socket_select() and invalid arguments). (Tony) - Fixed bug #38183 (disable_classes=Foobar causes disabled class to be called Foo). (Jani) - Fixed bug #38112 (corrupted gif segfaults) (Pierre) - Fixed bug #37265 (Added missing safe_mode & open_basedir checks to imap_body()). (Ilia) - Fixed bug #29538 (number_format and problem with 0). (Matthew Wilmas) 03 Aug 2006, Version 4.4.3 - Added control character checks for cURL extension's open_basedir/safe_mode checks. (Ilia) - Added overflow checks to wordwrap() function. (Ilia) - Added a check for special characters in the session name. (Ilia) - Improved safe_mode check for the error_log() function. (Ilia) - Updated PCRE to version 6.6. (Andrei) - Fixed handling of extremely long paths inside tempnam() function. (Ilia) - Fixed XSS inside phpinfo() with long inputs. (Ilia) - Fixed a possible buffer overflow inside create_named_pipe() for Win32 systems in libmysql.c. (Ilia) - Fixed bug #37720 (merge_php_config scrambles values). (Mike, pumuckel at metropolis dot de) - Fixed bug #37569 (WDDX incorrectly encodes high-ascii characters). (Ilia) - Fixed bug #37510 (session_regenerate_id changes session_id() even on failure). (Hannes) - Fixed bug #37360 (Memory errors with a corrupt GIF file) (Pierre) - Fixed bug #37348 (Make PEAR install ignore open_basedir). (Ilia) - Fixed bug #37346 (Crashes when using an invalid colormap format). (Pierre) - Fixed bug #37162 (wddx does not build as a shared extension). (jdolecek at NetBSD dot org, Ilia) - Fixed bug #37046 (foreach breaks static scope). (Dmitry) - Fixed bug #37045 (Fixed check for special chars for http redirects). (Ilia) - Fixed bug #36857 (Added support for partial content fetching to the HTTP streams wrapper). (Ilia) - Fixed bug #36776 (node_list_wrapper_dtor segfault). (Rob) - Fixed bug #36459 (Incorrect adding PHPSESSID to links, which contains \r\n). (Ilia) - Fixed bug #36458 (sleep() accepts negative values). (Ilia) - Fixed bug #36242 (Possible memory corruption in stream_select()). (Tony) - Fixed bug #36223 (curl bypasses open_basedir restrictions). (Tony) - Fixed bug #36205 (Memory leaks on duplicate cookies). (Dmitry) - Fixed bug #36148 (unpack("H*hex", $data) is adding an extra character to the end of the string). (Ilia) - Fixed bug #36017 (fopen() crashes PHP when opening a URL). (Tony) 13 Jan 2006, Version 4.4.2 - Added missing safe_mode/open_basedir checks into cURL extension. (Ilia) - Backported missing imap_mailcompose() fixes from PHP 5.x. (Ilia) - Prevent header injection by limiting each header to a singl