Wednesday, May 03, 2006

PHP 5.1.3. Release Announcement

The PHP development team is proud to announce the release of PHP 5.1.3. This release combines small number of feature enhancements with a significant amount of bug fixes and resolves a number of security issues. All PHP users are encouraged to upgrade to this release as soon as possible.

The security issues resolved include the following:

  • Disallow certain characters in session names.
  • Fixed a buffer overflow inside the wordwrap() function.
  • Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.
  • Enforce safe_mode for the source parameter of the copy() function.
  • Fixed cross-site scripting inside the phpinfo() function.
  • Fixed offset/length parameter validation inside the substr_compare() function.
  • Fixed a heap corruption inside the session extension.
  • Fixed a bug that would allow variable to survive unset().

The feature enhancements include the following notables:

  • The use of the var keyword to declare properties no longer raises a deprecation E_STRICT.
  • FastCGI interface was completely reimplemented.
  • Multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions.
  • Support for many additional date formats added to the strtotime() function.
  • A number of performance improvements added to the engine and the core extensions.
  • Added imap_savebody() that allows message body to be written to a file.
  • Added lchown() and lchgrp() to change user/group ownership of symlinks.
  • Upgraded bundled PCRE library to version 6.6

The release also includes over 120 bug fixes with a focus on:

  • Make auto_globals_jit work without too many INI changes.
  • Fixed tiger hash algorithm generating wrong results on big endian platforms.
  • Fixed a number of errors in the SOAP extension.
  • Fixed recursion handling in the serialize() functionality.
  • Make is_*() function account of open_basedir restrictions.
  • Fixed a number of crashes in the DOM and PDO extensions.
  • Addressed a number of regressions in the strtotime() function.
  • Make memory_limit work in Win32 systems.
  • Fixed a deadlock in the sqlite extension caused by the sqlite_fetch_column_types() function.
  • Fixed memory leaks in the realpath() cache.
For a full list of changes in PHP 5.1.3, see the ChangeLog

Dipping a Toe into Rapid Application Development for PHP

Dipping a Toe into Rapid Application Development for PHP: "[Summary]

As Andi Gutmans presented at his php|tek keynote, and reinforced by IBM in their showing of QEDWiki, there is indeed a place in PHP for the Rapid Application Development. As part of Andi’s keynote, he spoke about component architectures and showed a quick demo of what that might look like in the future. He did so with a proof of concept called phpBlox. Now, don’t get too excited, it looks nice and worked for the demo, but we are still only at the beginning of the Road to RAD."