PHP 4 ChangeLog

Version 4.4.6

01-Mar-2007

Updated PCRE to version 7.0.
Fixed segfault in ext/session when register_globals=On.
Fixed bug #40635 (segfault in cURL extension).
Fixed bug #40611 (possible cURL memory error).
Fixed bug #40578 (imagettftext() multithreading issue).
Fixed bug #40502 (ext/interbase compile failure).
Fixed bug #40286 (PHP fastcgi with PHP_FCGI_CHILDREN don't kill children when parent is killed).

Version 4.4.5

14-Feb-2007

Upgraded PEAR to 1.5.0.
Updated PCRE to version 6.7.
Moved extensions to PECL: ext/ovrimos
Added a meta tag to phpinfo() output to prevent search engines from indexing the page.
Backported a fix in the configure tests to detect the "rounding fuzz".
Backported fix for ext/imap compilation failure with recent c-client versions.
Fixed missing open_basedir check inside chdir() function.
Fixed bug #40335 (Compile fails when using GCC 4.1.1/binutils 2.17).
Fixed bug #39971 (pg_insert/pg_update do not allow now() to be used for timestamp fields).
Fixed bug #39890 (using autoconf 2.6x and --with-layout=GNU breaks PEAR install path).
Fixed bug #39819 (Using $this not in object context can cause segfaults).
Fixed bug #39653 (ext/dba doesn't check for db-4.5 and db-4.4 when db4 support is enabled).
Fixed bug #39583 (ftp_put() does not change transfer mode to ASCII).
Fixed bug #39458 (ftp_nlist() returns false on empty dirs).
Fixed bug #39354 (Allow building of curl extension against libcurl 7.16.0).
Fixed bug #39034 (curl_exec() with return transfer returns TRUE on empty files).
Fixed bug #38963 (Fixed a possible open_basedir bypass in tempnam()).
Fixed bug #38882 (ldap_connect causes segfault with newer versions of OpenLDAP).
Fixed bug #38859 (parse_url() fails if passing '@' in passwd).
Fixed bug #38722 (Calling undefined method prints insufficient error message).
Fixed bug #38534 (segfault when calling setlocale() in userspace session handler).
Fixed bug #38450 (constructor is not called for classes used in userspace stream wrappers).
Fixed bug #38378 (wddx_serialize_value() generates no wellformed xml).
Fixed bug #37812 (aggregate_methods_by_list fails to take certain methods).
Fixed bug #36975 (natcasesort() causes array_pop() to misbehave).
Fixed bug #36248 (CURLOPT_HEADERFUNCTION, couldn't set the function in the class).
Fixed bug #34066 (recursive array_walk causes segfault).

There is a separate announcement available for this release.

Version 4.4.4

17-Aug-2006

Fixed memory_limit on 64bit systems.
Fixed overflow on 64bit systems in str_repeat() and wordwrap().
Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled.
Fixed a memory corruption error with an invalid foreach() call.
Fixed bug #38431 (xmlrpc_get_type() crashes PHP on objects).
Fixed bug #38377 (session_destroy() gives warning after session_regenerate_id()).
Fixed bug #38322 (reading past array in sscanf() leads to arbitary code execution).
Fixed bug #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire).
Fixed bug #38251 (socket_select() and invalid arguments).
Fixed bug #38183 (disable_classes=Foobar causes disabled class to be called Foo).
Fixed bug #38112 (corrupted gif segfaults).
Fixed bug #37265 (Added missing safe_mode & open_basedir checks to imap_body()).
Fixed bug #29538 (number_format and problem with 0).

There is a separate announcement available for this release.

Version 4.4.3

03-Aug-2006

Added control character checks for cURL extension's open_basedir/safe_mode checks.
Added overflow checks to wordwrap() function.
Added a check for special characters in the session name.
Improved safe_mode check for the error_log() function.
Updated PCRE to version 6.6.
Fixed handling of extremely long paths inside tempnam() function.
Fixed XSS inside phpinfo() with long inputs.
Fixed a possible buffer overflow inside create_named_pipe() for Win32 systems in libmysql.c.
Fixed bug #37720 (merge_php_config scrambles values).
Fixed bug #37569 (WDDX incorrectly encodes high-ascii characters).
Fixed bug #37510 (session_regenerate_id changes session_id() even on failure).
Fixed bug #37360 (Memory errors with a corrupt GIF file).
Fixed bug #37348 (Make PEAR install ignore open_basedir).
Fixed bug #37346 (Crashes when using an invalid colormap format).
Fixed bug #37162 (wddx does not build as a shared extension).
Fixed bug #37046 (foreach breaks static scope).
Fixed bug #37045 (Fixed check for special chars for http redirects).
Fixed bug #36857 (Added support for partial content fetching to the HTTP streams wrapper).
Fixed bug #36776 (node_list_wrapper_dtor segfault).
Fixed bug #36459 (Incorrect adding PHPSESSID to links, which contains \r\n).
Fixed bug #36458 (sleep() accepts negative values).
Fixed bug #36242 (Possible memory corruption in stream_select()).
Fixed bug #36223 (curl bypasses open_basedir restrictions).
Fixed bug #36205 (Memory leaks on duplicate cookies).
Fixed bug #36148 (unpack("H*hex", $data) is adding an extra character to the end of the string).
Fixed bug #36017 (fopen() crashes PHP when opening a URL).

There is a separate announcement available for this release.

Version 4.4.2

11-Jan-2006

Added missing safe_mode/open_basedir checks into cURL extension.
Backported missing imap_mailcompose() fixes from PHP 5.x.
Prevent header injection by limiting each header to a single line.
Fixed possible XSS inside error reporting functionality.
Fixed Apache 2 regression with sub-request handling on non-linux systems.
Fixed bug #35817 (unpack() does not decode odd number of hexadecimal values).
Fixed bug #35735 ($EGREP not defined in configure).
Fixed bug #35669 (imap_mail_compose() crashes with multipart-multiboundary-email).
Fixed bug #35655 (whitespace following end of heredoc is lost).
Fixed bug #35646 (%{mod_php_memory_usage}n is not reset after exit).
Fixed bug #35594 (Multiple calls to getopt() may result in a crash).
Fixed bug #35571 (Fixed crash in Apache 2 SAPI when more then one php script is loaded via SSI include).
Fixed bug #35536 (mysql_field_type() doesn't handle NEWDECIMAL).
Fixed bug #35410 (wddx_deserialize() doesn't handle large ints as keys properly).
Fixed bug #35341 (Fix for bug #33760 breaks build with older curl).
Fixed bug #35278 (Multiple virtual() calls crash Apache 2 php module).
Fixed bug #35257 (Calling ob_flush after creating an ob callback causes segfault).
Fixed bug #35079 (stream_set_blocking(true) toggles, not enables blocking).
Fixed bug #35078 (configure does not find ldap_start_tls_s).
Fixed bug #35071 (Wrong fopen mode used in GD safe-mode checks).
Fixed bug #35067, Fixed bug #35063 (key(),current() need to work by reference).
Fixed bug #35062 (socket_read() produces warnings on non blocking sockets).
Fixed bug #35059 (Apache2 crash with mod_rewrite).
Fixed bug #35009 (ZTS: Persistent resource destruct crashes when extension is compiled as shared).
Fixed bug #34996 (ImageTrueColorToPalette() crashes when ncolors is zero).
Fixed bug #34851 (SO_RECVTIMEO and SO_SNDTIMEO socket options expect integer parameter on Windows).
Fixed bug #34830 (the 5th argument of mb_send_mail does not work).
Fixed bug #34359 (Possible crash inside fopen http wrapper).
Fixed bug #33963 (mssql_bind() fails on input parameters).
Fixed bug #33760 (cURL needs CRYPTO_callback functions to prevent locking).
Fixed bug #33720 (mb_encode_mimeheader does not work for multibyte chars).
Fixed bug #33523 (Memory leak in xmlrpc_encode_request()).
Fixed bug #33201 (Crash when fetching some data types).
Fixed bug #33153 (crash in mssql_next result).
Fixed bug #32009 (crash when mssql_bind() is called more than once).
Fixed bug #31971 (ftp_login fails on some SSL servers).
Fixed bug #30760 (Remove MessageBox on win32 for E_CORE errors if display_startup_error is off).
Fixed bug #27678 (number_format() crashes with large numbers).

There is a separate announcement available for this release.

Version 4.4.1

31-Oct-2005

Added missing safe_mode checks for image* functions and cURL.
Added missing safe_mode/open_basedir checks for file uploads.
Fixed a memory corruption bug regarding included files.
Fixed possible INI setting leak via virtual() in Apache 2 sapi.
Fixed possible crash and/or memory corruption in import_request_variables().
Fixed potential GLOBALS overwrite via import_request_variables().
Fixed possible GLOBALS variable override when register_globals are ON.
Fixed possible register_globals toggle via parse_str().
Added "new_link" parameter to mssql_connect(). Bug #34369.
Fixed bug #34850 (--program-suffix and --program-prefix not included in man page names).
Fixed bug #34790 (preg_match_all(), named capturing groups, variable assignment/return => crash).
Fixed bug #34742 (ftp wrapper failures caused from segmented command transfer).
Fixed bug #34704 (Infinite recursion due to corrupt JPEG).
Fixed bug #34645 (ctype corrupts memory when validating large numbers).
Fixed bug #34565 (mb_send_mail does not fetch mail.force_extra_parameters).
Fixed bug #34557 (php -m exits with "error" 1).
Fixed bug #34456 (Possible crash inside pspell extension).
Fixed bug #34311 (unserialize() crashes with chars above 191 dec).
Fixed bug #34307 (on_modify handler not called to set the default value if setting from php.ini was invalid).
Fixed bug #34302 (date('W') do not return leading zeros for week 1 to 9).
Fixed bug #34277 (array_filter() crashes with references and objects).
Fixed bug #34191 (ob_gzhandler does not enforce trailing \0).
Fixed bug #34156 (memory usage remains elevated after memory limit is reached).
Fixed bug #34148 (+,- and . not supported as parts of scheme).
Fixed bug #34137 (assigning array element by reference causes binary mess).
Fixed bug #34068 (Numeric string as array key not cast to integer in wddx_deserialize()).
Fixed bug #34064 (arr[] as param to function is allowed only if function receives argument by reference).
Fixed bug #33989 (extract($GLOBALS,EXTR_REFS) crashes PHP).
Fixed bug #33987 (php script as ErrorDocument causes crash in Apache 2).
Fixed bug #33940 (array_map() fails to pass by reference when called recursively).
Fixed bug #33690 (Crash setting some ini directives in httpd.conf).
Fixed bug #33673 (Added detection for partially uploaded files).
Fixed bug #33648 (Using --with-regex=system causes compile failure).
Fixed bug #33558 (Warning with nested calls to functions returning by reference).
Fixed bug #33383 (crash when retrieving empty LOBs).
Fixed bug #33156 (cygwin version of setitimer doesn't accept ITIMER_PROF).
Fixed bug #32937 (open_basedir looses trailing / in the limiter).
Fixed bug #32589 (possible crash inside imap_mail_compose() function).
Fixed bug #32179 (xmlrpc_encode() segfaults with recursive references).
Fixed bug #32160 (copying a file into itself leads to data loss).
Fixed bug #31158 (array_splice on $GLOBALS crashes).
Fixed bug #29983 (PHP does not explicitly set mime type & charset).
Fixed bug #29253 (array_diff with $GLOBALS argument fails).
Fixed bug #21306 (ext/sesssion: catch bailouts of write handler during RSHUTDOWN).

There is a separate announcement available for this release.

Version 4.4.0

11-Jul-2005

Added man pages for "phpize" and "php-config" scripts.
Added support for .cc files in extensions.
Added the sorting flag SORT_LOCALE_STRING to the sort() functions which makes them sort based on the current locale.
Changed sha1_file() and md5_file() functions to use streams instead of low level IO.
Fixed memory corruptions when using references in a wrong way.
Fixed memory corruption in pg_copy_from() in case the as_null parameter was passed.
Fixed memory corruption in stristr().
Fixed bug #32685, Fixed bug #29423 (Segfault when using assignment by reference within function).
Fixed bug #33242 (Mangled error message when stream fails).
Fixed bug #33222 (segfault when CURL handle is closed in a callback).
Fixed bug #33214 (odbc_next_result does not signal SQL errors with 2-statement SQL batches).
Fixed bug #33210 (relax jpeg recursive loop protection).
Fixed bug #33200 (preg_replace(): magic_quotes_sybase=On makes 'e' modifier misbehave).
Fixed bug #33150 (shtool: insecure temporary file creation).
Fixed bug #33072 (Add a safemode/open_basedir check for runtime save_path change).
Fixed bug #33070 (Improved performance of bzdecompress() by several orders of magnitude).
Fixed bug #33057 (Don't send extraneous entity-headers on a 304 as per RFC 2616 section 10.3.5).
Fixed bug #33019 (socket errors cause memory leaks in php_strerror()).
Fixed bug #33017 ("make distclean" gives an error with VPATH build).
Fixed bug #33013 ("next month" was handled wrong while parsing dates).
Fixed bug #32974 (pcntl calls malloc() from a signal handler).
Fixed bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies).
Fixed bug #32936 (http redirects URLs are not checked for control chars).
Fixed bug #32932 (Oracle LDAP: ldap_get_entries invalid pointer).
Fixed bug #32904 (pg_get_notify() ignores result_type parameter).
Fixed bug #32813 (parse_url() does not handle scheme-only urls properly).
Fixed bug #32810 (temporary files not using plain file wrapper).
Fixed bug #32802 (General cookie overrides more specific cookie).
Fixed bug #32800, Fixed bug #32830 (ext/odbc: Problems with 64bit systems).
Fixed bug #32773 (GMP functions break when second parameter is 0).
Fixed bug #32742 (segmentation fault when the stream with a wrapper is not closed).
Fixed bug #32730 (ext/crack.c fails to compile with cracklib-2.8.3).
Fixed bug #32670 (foreach() does not issue warning on unset array arg).
Fixed bug #32699 (pg_affected_rows() was defined when it was not available).
Fixed bug #32682 (ext/mssql: Error on module shutdown when called from activescript).
Fixed bug #32647 (Using register_shutdown_function() with invalid callback can crash PHP).
Fixed bug #32591 (ext/mysql: Unsatisfied symbol: ntohs with HP-UX).
Fixed bug #32589 (Possible crash inside imap_mail_compose, with charsets).
Fixed bug #32587 (Apache2: errors sent to error_log do not include timestamps).
Fixed bug #32567 (ext/gmp fails to compile in threadsafe mode).
Fixed bug #32538 (ext/swf/swf.c does not compile with gcc-3.4.x or newer).
Fixed bug #32530 (chunk_split() does not append endstr if chunklen is longer then the original string).
Fixed bug #32491 (File upload error - unable to create a temporary file).
Fixed bug #32311 (mb_encode_mimeheader() does not properly escape characters).
Fixed bug #32245 (xml_parser_free() in a function assigned to the xml parser gives a segfault).
Fixed bug #32116 (mysql compressed connection doesn't work under windows).
Fixed bug #31887 (ISAPI: Custom 5xx error does not return correct HTTP response message).
Fixed bug #31583 (php_std_date() uses short day names in non-y2k_compliance mode).
Fixed bug #31213 (Sideeffects caused by fix of bug Fixed bug #29493).
Fixed bug #30052 (Crash on shutdown after odbc_pconnect()).
Fixed bug #29975 (memory leaks when set_error_handler() is used inside error handler).
Fixed bug #29944 (Function defined in switch, crashes).
Fixed bug #29338 (unencoded spaces get ignored after certain tags).
Fixed bug #28605 (Need to use -[m]ieee option for Alpha CPUs).
Fixed bug #28377 (debug_backtrace is intermittently passing args).

There is a separate announcement available for this release.

Version 4.3.11

31-Mar-2005

Added Oracle Instant Client support
Added checks for negative values to gmp_sqrt(), gmp_powm(), gmp_sqrtrem() and gmp_fact() to prevent SIGFPE
Changed phpize not to require libtool
Updated bundled libmbfl library (used for multibyte functions)
Fixed several leaks in ext/browscap and sapi/embed
Fixed several leaks in ext/filepro
Fixed build system to always use bundled libtool files
Fixed MacOSX shared extensions crashing on Apache startup
Fixed bug #32373 (segfault in bzopen() if supplied path to non-existent file).
Fixed bug #32340 (insert_before($node,NULL) does not return).
Fixed bug #32200 (Prevent using both --with-apxs2 and --with-apxs2filter).
Fixed bug #32114 (DOM crashing when attribute appended to Document).
Fixed bug #32063 (mb_convert_encoding ignores named entity 'alpha').
Fixed bug #31960 (msql_fetch_row() and msql_fetch_array() dropping columns with NULL values).
Fixed bug #31936 (set_h_errno() is redefined incompatibly).
Fixed bug #31911 (mb_decode_mimeheader() is case-sensitive to hex escapes).
Fixed bug #31858 (--disable-cli does not force --without-pear).
Fixed bug #31842 (*date('r') does not return RFC2822 conforming date string).
Fixed bug #31797 (exif_read_data() uses too low nesting limit).
Fixed bug #31796 (readline completion handler does not handle empty return values).
Fixed bug #31792 (getrusage() does not provide ru_nswap value).
Fixed bug #31754 (dbase_open() fails for mode = 1).
Fixed bug #31705 (parse_url() does not recognize http://foo.com#bar).
Fixed bug #31684 (dio_tcsetattr(): misconfigured termios settings).
Fixed bug #31699 (unserialize() float problem on non-English locales).
Fixed bug #31623 (OCILogin does not support password grace period).
Fixed bug #31580 (fgetcsv() problematic with "" escape sequences).
Fixed bug #31527 (crash in msg_send() when non-string is stored without being serialized).
Fixed bug #31514 (open_basedir uses path_translated rather then cwd for . translation).
Fixed bug #31480 (Possible infinite loop in imap_mail_compose()).
Fixed bug #31479 (Fixed crash in chunk_split(), when chunklen > strlen).
Fixed bug #31465 (False warning in unpack() when working with *).
Fixed bug #31454 (session_set_save_handler crashes PHP when supplied non-existent object ref).
Fixed bug #31444 (Memory leak in zend_language_scanner.c).
Fixed bug #31442 (unserialize broken on 64-bit systems).
Fixed bug #31440 ($GLOBALS can be overwritten via GPC when register_globals is enabled).
Fixed bug #31413 (curl POSTFIELDS crashes on 64-bit platforms).
Fixed bug #31396 (compile fails with gd 2.0.33 without freetype).
Fixed bug #31371 (highlight_file() trims new line after heredoc).
Fixed bug #31270 (missing safe_mode/open_basedir check in swf_openfile()).
Fixed bug #31174 (compile warning in url.c).
Fixed bug #31159 (COM object access is not working).
Fixed bug #31142 (imap_mail_compose() fails to generate correct output).
Fixed bug #31398 (When magic_guotes_gpc are enabled filenames with ' get cutoff).
Fixed bug #31288 (Possible crash in mysql_fetch_field(), if mysql_list_fields() was not called previously).
Fixed bug #31120 (mssql_query returns false on successful inserts and stored procedures).
Fixed bug #31107, Fixed bug #31110, Fixed bug #31111, Fixed bug #31249 (Compile failure of zend_strtod.c).
Fixed bug #31106 (Fixed crash in overloaded objects).
Fixed bug #31103 (Better error message when c-client cannot be found).
Fixed bug #31101 (missing kerberos header file path with --with-openssl).
Fixed bug #31072 (var_export() does not output an array element with an empty string key).
Fixed bug #31060 (imageftbbox() does not use linespacing parameter).
Fixed bug #31056 (php_std_date() returns invalid formatted date if y2k_compliance is On).
Fixed bug #31055 (apache2filter: per request leak proportional to the full path of the request URI).
Fixed bug #30726 (-.1 like numbers are not being handled correctly).
Fixed bug #30609 (cURL functions bypass open_basedir).
Fixed bug #30573 (compiler warnings in libmbfl due to invalid type cast).
Fixed bug #30549 (incorrect character translations for some ISO8859 charsets).
Fixed bug #30446 (apache2handler: virtual() includes files out of sequence)
Fixed bug #30430 (odbc_next_result() doesn't bind values and that results in segfault).
Fixed bug #30120 (imagettftext() and imagettfbbox() accept too many parameters).
Fixed bug #29733 (printf() handles repeated placeholders wrong).
Fixed bug #29424 (width and height inverted for JPEG2000 files).
Fixed bug #28976 (mail(): use "From:" from headers if sendmail_from is empty).
Fixed bug #28930 (PHP sources pick wrong header files generated by bison).
Fixed bug #28804 (ini-file section parsing pattern is buggy).
Fixed bug #28803 (enabled debug causes bailout errors with CLI on AIX because of fflush() called on already closed filedescriptor).
Fixed bug #28451 (corrupt EXIF headers have unlimited recursive IFD directory entries).
Fixed bug #28220 (mb_strwidth() returns wrong width values for some handful chars).
Fixed bug #28086 (crash inside overload() function).
Fixed bug #28074 (FastCGI: stderr should be written in a FCGI stderr stream).
Fixed bug #28067 (partially incorrect utf8 to htmlentities mapping).
Fixed bug #27633 (Double \r problem on ftp_get in ASCII mode on Win32).
Fixed bug #18613 (Multiple OUs in x509 certificate not handled properly).
Fixed bug #7782 (Cannot use PATH_INFO fully with php isapi).

There is a separate announcement available for this release.

Version 4.3.10

14-Dec-2004

Added the %F modifier to *printf to render a non-locale-aware representation of a float with the . as decimal separator.
Fixed a bug in addslashes() handling of the '\0' character.
Backported Marcus' foreach() speedup patch from PHP 5.x.
Fixed potential problems with unserializing invalid serialize data.
Fixed bug #31034 (Problem with non-existing iconv header file).
Fixed bug #31024 (Crash in fgetcsv() with negative length).
Fixed bug #31019 (Logic error mssql library checking).
Fixed bug #30995 (snmp extension does not build with net-snmp 5.2).
Fixed bug #30990 (allow popen() on *NIX to accept 'b' flag).
Fixed bug #30826 (Certain reference relations cannot be unserialized properly).
Fixed bug #30750 (Meaningful error message when upload directory is not accessible).
Fixed bug #30739 (imagefill does not set back alphablending mode).
Fixed bug #30672 (Problem handling exif data in jpeg images at unusual places).
Fixed bug #30658 (Ensure that temporary files created by GD are removed).
Fixed bug #30654 (oci8 persistent connection is deleted from hash if there was exclusive connection with the same credentials).
Fixed bug #30613 (Prevent infinite recursion in url redirection).
Fixed bug #30587 (array_multisort doesn't separate zvals before changing them).
Fixed bug #30475 (curl_getinfo() may crash in some situations).
Fixed bug #30442 (segfault when parsing ?getvariable[][ ).
Fixed bug #30388 (rename across filesystems loses ownership and permission info).
Fixed bug #30282 (segfault when using unknown/unsupported session.save_handler and/or session.serialize_handler).
Fixed bug #30281 (Prevent non-wbmp images from being detected as such).
Fixed bug #30276 (Possible crash in ctype_digit on large numbers).
Fixed bug #30229 (imagerectangle and imagefilledrectangle do work well with alpha channel, corners are drawn twice).
Fixed bug #30224 (Sybase date strings are sometimes not null terminated).
Fixed bug #30133 (get_current_user() crashes on Windows).
Fixed bug #30057 (did not detect IPV6 on FreeBSD 4.1).
Fixed bug #30027 (Possible crash inside ftp_get()).
Fixed bug #29805 (HTTP Authentication Issues).
Fixed bug #29418 (double free when openssl_csr_new fails)..
Fixed bug #28598 (Lost support for MS Symbol fonts).
Fixed bug #28325 (Circular references not properly serialized).
Fixed bug #28228 (NULL decimal separator is not being handled correctly).
Fixed bug #27469 (serialize() objects of incomplete class).

There is a separate announcement available for this release.

Version 4.3.9

22-Sep-2004

GPC input processing fixes.
Implemented periodic PCRE compiled regexp cache cleanup, to avoid memory exhaustion.
Fixed bug with raw_post_data not getting set.
Fixed a file-descriptor leak with phpinfo() and other 'special' URLs.
Rewritten UNIX and Windows install help files.
Updated PCRE to provide better error handling in certain cases.
NSAPI: added "bucket" parameter to list of non-php.ini-keys of php4_execute for doing performance stats without warnings in server-log.
Fixed leap year checking with idate().
Fixed strip_tags() to correctly handle '\0' characters.
Fixed funny forking effect in FastCGI when PHP_FCGI_CHILDREN was not set.
Fixed bug #30050 (Possible crash inside php_shutdown_config()).
Fixed bug #29882 (isset crashes on arrays).
Fixed bug #29753 (mcal_fetch_event() allows 2nd argument to be optional).
Fixed bug #29727 (Added missing CURL authentication directives).
Fixed bug #29719 (fgetcsv() has problem parsing strings ending with escaped enclosures).
Fixed bug #29607 (highlighting code with HEREDOC produces invalid output).
Fixed bug #29599 (domxml_error segfaults another apache module).
Fixed bug #29594 (Use PHP's own tmpfile() implementation).
Fixed bug #29581 (Typo inside php.ini comments for mysql.trace_mode).
Fixed bug #29493 (extract(array, EXTR_REFS) misbehaves with elements referred twice or more times).
Fixed bug #29443 (Sanity check for wbmp detection).
Fixed bug #29369 (Uploaded files with ' or " in their names get their names truncated at those characters).
Fixed bug #29349 (imagecreatefromstring() crashes with external GD library).
Fixed bug #29333 (output_buffering+trans_sess_id can corrupt output).
Fixed bug #29226 (ctype_* functions missing validation of numeric string representations).
Fixed bug #29209 (imap_fetchbody() doesn't check message index).
Fixed bug #29116 (Zend constant warning uses memory after free).
Fixed bug #29114 (Potential double free in php_stat).
Fixed bug #29075 (strnatcmp() incorrectly handles whitespace).
Fixed bug #29049 (array sorting via user function/method does not validate it).
Fixed bug #29038 (extract() with EXTR_PREFIX_SAME prefixes empty strings).
Fixed bug #29034 (wordwrap() returns a boolean when passed empty string).
Fixed bug #28974 (overflow in array_slice(), array_splice(), substr, substr_replace(), strspn(), strcspn()).
Fixed bug #28897 (ibase: -1 returned as -0.000 for 64-bit scaled int).
Fixed bug #28879 (Implicit/Explicit array creation inconsistency when using Resources, Arrays, or Objects as indices).
Fixed bug #28878 (Setting of inikey's in obj.conf fails).
Fixed bug #28868 (Internal wrapper registry not thread safe).
Fixed bug #28818 (Apache 2 sapis do not export st_dev).
Fixed bug #28800 (strings beginning with "inf" improperly converted).
Fixed bug #28723 (Fixed mbstring config.m4 to work on OSes where test command does not support -e parameter).
Fixed bug #28692 (\0 in Authenticate header passed via safe_mode).
Fixed bug #28670 (WWW-Authentication header mangling with PCRE in safe_mode adds extra spaces).
Fixed bug #28668 (glob() does not work with relative paths on Windows).
Fixed bug #28649 (Proper glob() return value on Linux when there are no matches).
Fixed bug #28633 (sprintf incorrectly adding padding to floats).
Fixed bug #28627 (When multiple MySQL links are used default link is leaked).
Fixed bug #28525 (gmp_powm() does not work with hexadecimal string modulo represented as a string).
Fixed bug #28512 (Allocate enough space to store MSSQL data).
Fixed bug #28466 (mbstring_convert_variables() array separation problem).
Fixed bug #28175 (Allow bundled GD to compile against freetype 2.1.2).

There is a separate announcement available for this release.

Version 4.3.8

13-Jul-2004

Fixed strip_tags() to correctly handle '\0' characters. (Stefan)
Improved stability during startup when memory_limit is used. (Stefan)
Replace alloca() with emalloc() for better stack protection. (Ilia)
Added missing safe_mode checks inside ftok and itpc. (Ilia)
Fixed bug #28963 Fixed address allocation routine in IMAP extension. (Ilia)
Fixed bug #28632 Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL. (Ilia)

There is a separate announcement available for this release.

Version 4.3.7

03-Jun-2004

Upgraded bundled GD library to 2.0.23. (Ilia)
Changed user error handler mechanism to relay to built-in error handler if it returns false. (Andrei)
Fixed command line escaping routines for win32. (Ilia)
Fixed problems with *printf() functions and '%f' formatting. (Marcus)
Fixed possible crash inside pg_copy_(to|from) function if delimiter is more then 1 character long. (Ilia)
Fixed crash inside cpdf_place_inline_image() when working with true-color images. (Ilia)
Fixed handling of return values from stored procedures in mssql_execute() with multiple result sets returned. (Frank)
Fixed logic bug in session_register() which allowed registering _SESSION and/or HTTP_SESSION_VARS. (Sara)
Fixed bug #28597 (xmlrpc_encode_request() incorrectly encodes chars in 200-210 range). (fernando dot nemec at folha dot com dot br, Ilia)
Fixed bug #28569 (informix connection id is not thread safe). (novicky at aarongroup dot cz, Ard)
Fixed bug #28564 (Problem building informix as a shared extension). (roques at mti dot ag, Ilia)
Fixed bug #28508 (Do not make hypot() available if not supported by libc). (Ilia)
Fixed bug #28506 (Allow negative start angle in imagearc and imagefilledarc). (Pierre)
Fixed bug #28456 (Problem with enclosed / in uploaded files). (Antony)
Fixed bug #28386 (wordwrap() wraps lines 1 character too soon). (Ilia)
Fixed bug #28374 (Possible unterminated loop inside _php_pgsql_trim_message()). (Ilia)
Fixed bug #28355 (glob() does not return error on Linux when it does not have permission to open the directory). (Ilia)
Fixed bug #28289 (incorrect resolving of relative paths by glob() in windows). (Ilia)
Fixed bug #28229 (run-tests tripped up by spaces in names). (Marcus)
Fixed bug #28228 (number_format() does not allow empty decimal separator). (Ilia)
Fixed bug #28196 (missing error constants in cURL extension). (Ilia)
Fixed bug #28187 (parse_url() not handling embedded IPv6 in URLs). (Sara)
Fixed bug #28175 (build problem for people using FreeType 2.1.0-2.1.2). (Ilia)
Fixed bug #28147 (Crash with drawing anti-aliased lines). (Derick)
Fixed bug #28122 (dba_open db3: Permission denied). (Marcus)
Fixed bug #28112 (sqlite_query() crashing apache on malformed query). (Ilia, Marcus)
Fixed bug #28055 (timeout duration too long in feof()/pfsockopen() liveness checks). (Wez)
Fixed bug #28087 (Do not force mysql.trace_mode to 0 on every request). (Ilia)
Fixed bug #28042 (greek letters in html to entity mapping not correct). (Derick)
Fixed bug #28007 (compile mssql extension with old versions of FreeTDS fails). (Frank)
Fixed bug #27995 (imagefilltoborder() stops the fill process prematurely). (Ilia)
Fixed bug #27810 (don't use php's pemalloc in ext/pcre). (Joe Orton)
Fixed bug #23220 (SSL: fatal protocol error when talking to IIS). (Wez)

There is a separate announcement available for this release.

Version 4.3.6

15-Apr-2004

Updated bundled PDFLib library to version 5.0.3p1 in Windows distribution. (Edin)
Synchronized bundled GD library with GD 2.0.22. (Ilia)
Fixed a crash in multi-threaded environments when a thread is shutdown by the web server. (Stas)
Fixed a bug that prevented building of the GD extension against external GD lib 1.X. (Ilia, Edin, Nick Talbott).
Fixed bug #27963 (Session lifetime setting may leak between requests). (Ilia)
Fixed bug #27849 (configure craps out on trivial syntax error). (Derick)
Fixed bug #27822 (is_resource() returns TRUE for closed resources). (Derick)
Fixed bug #27819 (problems returning reference to a reference parameter). (Ilia)
Fixed bug #27809 (ftp_systype returns null on some ftp servers). (Ilia)
Fixed bug #27802 (default number of children to 8 when PHP_FCGI_CHILDREN is not defined). (Ilia)
Fixed bug #27780 (strtotime(+1 xxx) returns a wrong date/time). (Derick)
Fixed bug #27769 (domxml_xmltree crashes). (Rob)
Fixed bug #27764 (Get return value from a stored procedure not returning any result sets). (Frank)
Fixed bug #27762 (SCO Openserver doesn't have S_ISSOCK). (Wez)
Fixed bug #27743 (Make sure Money types are converted and returned correctly). (Frank)
Fixed bug #27732 (Fixed compilation bug inside php_sab_info.h). (Ilia)
Fixed bug #27731 (error_reporting() inside @ block fails to set error_reporting level). (Ilia)
Fixed bug #27719 (mktime issues on and around DST changeover). (Rasmus)
Fixed bug #27717 (Test Failures when compiled on 64-bit mode). (Ard, Derick)
Fixed bug #27687 (Bug Adding Default Charset to 'text/*' Content-Type Header). (Marcus)
Fixed bug #27663 (compile failure with cURL 7.11.1). (Ilia)
Fixed bug #27646 (Cannot serialize/unserialize non-finite numeric values). (Marcus)
Fixed bug #26757 (session.save_path default is bogus for win32). (Wez)
Fixed bug #26589 (Crash inside mssql extension when selecting many columns of type money). (Frank)
Fixed bug #25547 (error_handler and array index with function call). cschneid at cschneid dot com)

There is a separate announcement available for this release.

Version 4.3.5

26-Mar-2004

Fixed possible crash using an invalid color index with a palette image in imagecolortransparent (Pierre)
Fixed php-cgi to not ignore command-line switches when run in a web context. This fixes our test cases allowing INI with GET sections to work (Rasmus)
Fixed getopt() so it works without $_SERVER (Rasmus, bfrance)
Fixed crash in php_ini_scanned_files() when no additional INI files were actually parsed. (Jon)
Fixed possible crashes inside socket extension, due to missing check inside allocation functions. (Ilia)
Fixed zero bytes memory allocation when no extra ini files are found in the --with-config-file-scan-dir specified directory. (Eric Colinet, Derick)
Changed "allow_url_fopen" php.ini option to be PHP_INI_SYSTEM. (Sara)
Improved the sybase_ct module: (Timm)
- Added ability to define a message handler not only globally, but also per connection.
- Added "sybct.packet_size" php.ini option.
- Changed "sybct.login_timeout" php.ini option changeable at runtime.
- Fixed memory leak in sybase_set_message_handler().
Synchronized bundled GD library with GD 2.0.17
Upgraded PCRE library to version 4.5. (Andrei)
Updated bundled PostgreSQL library to version 7.4 in Windows distribution. (Edin)
Added support for --program-prefix and --program-suffix configure options. (Jani)
Added a warning when creating temp stream fails with ftp_(n)list(). (Sara)
Fixed header handler in NSAPI SAPI module (header->replace was ignored, send_default_content_type now sends value from php.ini). (Uwe Schindler)
Fixed bug #27633 (Incorrect EOL translation by ftp_get() in ASCII mode). (Ilia)
Fixed bug #27600 (GCC 3.0.4 does not like __attribute__ directive). (Sascha)
Fixed bug #27590 (crash during shutdown when freeing persistent resources in ZTS mode). (Ilia)
Fixed bug #27582 (possible crashes in imagefilltoborder()). (Pierre)
Fixed bug #27580 (pre-initialization errors in ap2 handler are not being written to vhost error log). (Ilia)
Fixed bug #27559 (Corrected open_basedir resolving logic). (Ilia)
Fixed bug #27530 (broken http auth when safe_mode is on and PCRE is disabled). (Ilia)
Fixed bug #27509 (broken getaddrinfo() causes fsockopen() error). (Sara)
Fixed bug #27505 (htmlentities() does not handle BIG5 correctly). (Ilia, ywliu at hotmail dot com)
Fixed bug #27498 (bogus safe_mode error on nonexistent directories for chdir() and opendir() functions). (Ilia)
Fixed bug #27460 (base64_decode() does not handle extra padding). (Ilia, naish at klanen dot net)
Fixed bug #27443 (defined() returns wrong type). (Derick)
Fixed bug #27437 (wrong freetype include inside GD library). (Ilia)
Fixed bug #27424 (headers missing on flush() in apache 2 SAPIs). (Ilia)
Fixed bug #27421 (mbstring.func_overload should be system ini setting). (Ilia)
Fixed bug #27384 (unpack() misbehaves with 1 char string). (GeorgeS)
Fixed bug #27383 (Potential crash inside fopen_wrapper, while parsing response code). (Ilia)
Fixed bug #27354 (Modulus operator crashes PHP). (Derick)
Fixed bug #27341 (HEAD requests fail to return data). (Ilia)
Fixed bug #27337 (missing sapi_shutdown() in sapi/isapi causes memory leak). (Jani, msisolak at yahoo dot com)
Fixed bug #27328 (ftp extension relies on 32-bit longs). (Sara)
Fixed bug #27300 (Improved regex for pg_convert()). (benjcarson at digitaljunkies dot ca, Ilia)
Fixed bug #27295 (memory leak inside sscanf()). (Ilia)
Fixed bug #27293 (two crashes inside image2wbmp()). (Ilia)
Fixed bug #27291 (get_browser matches browscap.ini patterns incorrectly). (Jay)
Fixed bug #27278 (*printf() functions treat arguments as if passed by reference). (Ilia)
Fixed bug #27238 (iptcparse() function misses some fields). (Pierre)
Fixed bug #27235 (Interbase NUMERIC x.0 field returns empty string on 0). (Ard)
Fixed bug #27196 (Missing content_length initialization in apache 2 sapis). (Ilia, pdoru at kappa dot ro)
Fixed bug #27183 (userland stream wrapper segfaults on stream_write). (Moriyoshi)
Fixed bug #27175 (tzset() is not being called by PHP on startup). (Ilia, sagawa at sohgoh dot net)
Fixed bug #27172 (Possible floating point exception in gmp_powm()). (Ilia)
Fixed bug #27171 (crash inside gmp_hamdist()). (Jani)
Fixed bug #27157 (Compile Failure on Solaris 8). (Timm)
Fixed bug #27149 (broken CLOB support in oci8 extension). (Antony)
Fixed bug #27135 (Possible crash inside mb_strlen()). (Moriyoshi)
Fixed bug #27104 (CLI/CGI SAPI module variable name conflict). (Marcus)
Fixed bug #27058 (crash in sybase_connect() with 2 arguments). (Ilia)
Fixed bug #27056 (ints used instead of longs inside some GD functions). (Ilia)
Fixed bug #27040 (passing an array of form-fields to CURLOPT_POSTFIELDS does not work). (Ilia, Jani)
Fixed bug #27037 (fixed possible crash in apache2handler output code). (Ilia)
Fixed bug #27026 (Added "cgi.nph" php.ini option to allow forcing of the 'Status: 200' header that is not normally needed). (Ilia)
Fixed bug #27011 (64bit int/long confusion in preg_match*() functions). (Ilia)
Fixed bug #27007 (missing connection closure when connect fails in pgsql). (Ilia)
Fixed bug #26974 (rename() doesn't check the destination file against safe_mode/open_basedir). (Ilia)
Fixed bug #26973 (*printf() '+' modifier broken). (Jani)
Fixed bug #26969 (--with-openssl=shared build fails). (Jani)
Fixed bug #26968 (Segfault with Interbase module built as shared). (Ard)
Fixed bug #26949 (rand(min,max) always returns min when ZTS enabled). (Jani)
Fixed bug #26937 (Warning in xml.c). (Jani)
Fixed bug #26927 (preg_quote() does not escape \0). (Ilia)
Fixed bug #26923 (ext/imap: pam and crypt libraries missing when build as shared extension). (Jani)
Fixed bug #26909 (crash in imap_mime_header_decode() when no encoding is used). (Ilia)
Fixed bug #26896 (ext/ftp does not work as shared extension). (Jani)
Fixed bug #26892 (ORA-21301 in ocinewcollection() call). (Antony)
Fixed bug #26878 (problem with multiple references to the same variable with different types). (Ilia)
Fixed bug #26864 (pg_(update|delete) ignore PGSQL_DML_EXEC option). (Ilia)
Fixed bug #26862 (ob_flush() followed by output_reset_rewrite_vars() may result in data loss). (Ilia, scottmacvicar at ntlworld dot com)
Fixed bug #26847 (memory leak in mail() when to/subject contain only spaces). (Ilia)
Fixed bug #26814 (When included file has a parse error, terminate script execution). (Ilia)
Fixed bug #26777 (ext/interbase: Let DB handle NULL params). (Ard)
Fixed bug #26772, #26967 (file operations return NULL instead of FALSE). (Wez, Ilia)
Fixed bug #26758 (FastCGI exits immediately with status 255). (Ilia, tcarter at noggin dot com dot au)
Fixed bug #26755 (CLI now overrides php.ini settings and switches off output buffering). (Edin)
Fixed bug #26753 (zend_fetch_list_dtor_id() doesn't check NULL strings). (Jani, Markus dot Lidel at shadowconnect dot com)
Fixed bug #26752 (Silent unterminated loop when length parameter for fgets(), fread() and fgetss() is 0). (Ilia)
Fixed bug #26751 (PHP can't find the MySQL socket on a case sensitive file system). (Derick)
Fixed bug #26703 (Certain characters inside strings incorrectly treated as keywords). (vrana [at] php [dot] net, Ilia)
Fixed bug #26699 (mbstring doesn't identify "binary" as a valid encoding). (nirva-php at ishiboo dot com, Moriyoshi)
Fixed bug #26667 (Added safety checks to ip2long()). (Ilia)
Fixed bug #26653 (open_basedir incorrectly resolved on win32). (Ilia, scottmacvicar at ntlworld dot com)
Fixed bug #26639 (mb_convert_variables() clutters variables beyond the references). (Moriyoshi)
Fixed bug #26635 (fixed look up for fonts in the current directory w/ZTS). (Ilia)
Fixed bug #26625 (pg_convert sets NULL incorrectly for character data types). (Ilia)
Fixed bug #26604 (Apache2 SAPIs implicitly disable Keep-Alive). (Ilia)
Fixed bug #26595 (ext/domxml: XSLT_NAMESPACE undeclared). (Christian)
Fixed bug #26565 (strtotime("this month") resolving to the wrong month). (Jani)
Fixed bug #26564 (ncurses5 has headers in PREFIX/include/ncurses/). (Jani)
Fixed bug #26548 (ext/session: Malformed HTTP dates headers). (Derick)
Fixed bug #26531 (ext/domxml: get_elements_by_tag_name() wildcard fails). (Rob Richards)
Fixed bug #26488 (Missing declaration of CRTSCTS in ext/dio/dio.c). (Jani)
Fixed bug #26467 (flock() does not force the "wouldblock" parameter to be passed by reference). (Wez)
Fixed bug #26463 (Incorrect handling of semicolons after heredoc). (Ilia)
Fixed bug #26462 (phpize + ext/bcmath -> compile error). (Jani)
Fixed bug #26461 (-lssl missing from LIBS). (Jani)
Fixed bug #26458 (var_dump(), var_export(), debug_zval_dump() not binary safe for array keys). (Ilia)
Fixed bug #26447 (--with-openssl=shared causes compile errors). (Jani)
Fixed bug #26446 (domxml_open_file() returns an empty error-Array). (Rob)
Fixed bug #26440 (MFH missing context options). (Ilia)
Fixed bug #26438 (error in thttpd SAPI installation). (Jani)
Fixed bug #26415 (Updated bundled OpenSSL DLLs in the Windows distribution to 0.9.7c). (Edin)
Fixed bug #26407 (Result set fetching broken around transactions). (Timm)
Fixed bug #26391 (parse_url() destroys strings that contain a character in range of \x80-\xff)). (Moriyoshi)
Fixed bug #26384 (crash in domxslt->process()). (Christian)
Fixed bug #26381 (rand() without srand() doesn't work with certain php.ini). (Jani)
Fixed bug #26376 (typo in ext/odbc/config.m4: DBMaker test fails). (Jani)
Fixed bug #26355 (flock() doesn't initialize the wouldblock argument). (Ilia)
Fixed bug #26309 (Fixed argument parsing for imageftbbox()). (Ilia)
Fixed bug #26304 (Unexpected data loss when opening dba file). (Marcus)
Fixed bug #26285 (escapeshellarg() uses wrong quotes on windows). (Ilia)
Fixed bug #26267 (gmp_random() leaks memory and does not produce random numbers). (Jani)
Fixed bug #26253 (ext/tokenizer: build as shared extension fails). (Jani)
Fixed bug #26235 (yp_first/yp_next do not specify correct key length). (Ilia)
Fixed bug #26216 ("getimagesize(): stream does not support seeking" when using remote files). (Marcus)
Fixed bug #26201 (crash in ibase_trans() on invalid link handle). (Ilia)
Fixed bug #26198 (strtotime() handling of M/F Y date format). (Ilia)
Fixed bug #26194 (iconv() not properly defined with libiconv). (Steph, Frank, Moriyoshi)
Fixed bug #26176 (Fixed handling of numeric keys in INI files). (Ilia)
Fixed bug #26168 (shtool availability check in phpize). (robbat2 at gentoo dot org, Ilia)
Fixed bug #26148 (Print the notice before modifying variable on type mismatch). (morten-bugs dot php dot net at afdelingp dot dk, Ilia)
Fixed bug #26128 (mbstring prints out wrong information on phpinfo()). (Moriyoshi)
Fixed bug #26113 (remove leftover local file when ftp_get/ftp_nb_get fails). (Ilia)
Fixed bug #26105 (Compile failure on GCC version 3.0.X). (Ilia)
Fixed bug #26103 (ext/mime_magic causes compile failure in ext/mssql). (Jani)
Fixed bug #26097 (gdImageColorClosestAlpha() returns incorrect results). (sprice at wisc dot edu, Ilia)
Fixed bug #26042 (memory leak if mcrypt_generic_deinit() is not called after every mcrypt_generic_init() call). (Ilia)
Fixed bug #26025 (Segfault on glob() without GLOB_NOCHECK or GLOB_NOMAGIC under *BSD platforms). (Moriyoshi)
Fixed bug #26005 (Random "cannot change the session ini settings" errors). (Jani, jsnajdr at kerio dot com)
Fixed bug #26003 (Make fgetcsv() binary safe). (Ilia, Moriyoshi)
Fixed bug #25963 (PostgreSQL error message include \n characters). (Marcus, Ilia)
Fixed bug #25939 (feof() not working correctly for sockets). (Wez)
Fixed bug #25916 (get_browser() -> PHP Fatal error: Nesting level too deep - recursive dependency?). (Uwe Schindler)
Fixed bug #25794 (Cannot open existing hash db3 file with write" ext/dba). (Marcus)
Fixed bug #25753 (php.ini settings "leak" from vhosts/.htaccess files). (Patch by: rover at tob dot ru)
Fixed bug #25694 (round() and number_format() give inconsistent results). (Ilia)
Fixed bug #25664 (calling ITypeInfo::Invoke with bogus params). (Wez)
Fixed bug #25581 (getimagesize () return incorrect values on bitmap (os2) files). (Marcus)
Fixed bug #25329 (sqlite_create_function with method and reference to $this). (Marcus).
Fixed bug #24773 (unsetting string as array causes a crash). (Sara)
Fixed bug #24773 (Unsetting string offsets crashes PHP). (Moriyoshi, Sara)
Fixed bug #24582 (extensions can't be loaded dynamically in Solaris/iPlanet). (Jani)
Fixed bug #23467 (date('T') outputs incorrect Time Zone). (Jani, scottmacvicar at ntlworld dot com)
Fixed bug #22403 (PHP crashes when executing a sql procedure without parameters). (Timm)
Fixed bug #22127 (Invalid response code when force-cgi-redirect safety mechanism is triggered). (Ilia, scottmacvicar at ntlworld dot com)
Fixed bug #21760 (Use of uninitialized pointer inside php_read()). (Ilia, uce at ftc dot gov)
Fixed bug #21513 (shutdown functions not executed if timed out). (Zeev)
Fixed bug #21070 (ftp_genlist/ANSI-tmpfile() fail w/ some platform). (Sara)

There is a separate announcement available for this release.

Version 4.3.4

03-Nov-2003

Made MCVE extension available on win32. (Jani)
Upgraded bundled libfcgi and made FastCGI support viable on Win32. (Sascha)
Added apache_get_version() function. (Ilia)
Fixed disk_total_space() and disk_free_space() under FreeBSD. (Jon Parise)
Fixed crash bug when non-existing save/serializer handler was used. (Jani)
Fixed memory leak in gethostbynamel() if an error occurs. (Sara)
Fixed FastCGI being unable to bind to a specific IP. (Sascha)
Fixed multibyte regex engine to properly handle ".*" pattern under POSIX compatible mode. (K.Kosako <kosako at sofnec.co.jp>, Moriyoshi)
Fixed bug #25955 (Compile failure on MacOSX 10.3 Panther). (Marko, Dan)
Fixed bug #25923 (mail() modifies the to & subject arguments). (Ilia)
Fixed bug #25922 (Crash in error handler when 5th argument is modified). (Ilia)
Fixed bug #25918 (Possible crash in mime_content_type()). (Ilia)
Fixed bug #25900 (document->get_elements_by_tag_name with default xmlns). (Rob)
Fixed bug #25895 (Incorrect detection of safe_mode limited ini options). (Ilia)
Fixed bug #25888 (Crash of php.exe when xpath_eval of a namespace). (Rob)
Fixed bug #25836 (last key of multi-dimensional array passed via GPC not being escaped when magic_quotes_gpc is on). (Ilia)
Fixed bug #25825 (tzset() was not called to reset libc environment on request shutdown). (Wez)
Fixed bug #25814 (Make flock() return correct value when 3rd argument is used). (Ilia)
Fixed bug #25800 (parse_url() could not parse urls with empty port). (Ilia)
Fixed bug #25780 (ext/session: invalid "session.cookie_lifetime" makes session_start() to crash in win32). (Jani)
Fixed bug #25777 (Do not rtrim() of text fields fetched from mssql). (Ilia)
Fixed bug #25770 (Segfault with PHP and bison 1.875). (eggert@gnu.org, Marcus)
Fixed bug #25764 (ldap_get_option() crashes with unbound ldap link). (Jani)
Fixed bug #25758 (var_export does not escape ' & \ inside array keys). (Ilia)
Fixed bug #25752 (ext/ncurses: ncurses.h instead of curses.h with BSD). (Jani)
Fixed bug #25746 (Do not bail out when unable to chdir original dir on systems with broken getcwd()). (Ilia)
Fixed bug #25745 (ctype functions fail with non-ascii characters). (Moriyoshi)
Fixed bug #25744 (make ZTS build of ext/sybase compile). (Ilia)
Fixed bug #25738 (alloca() related issues on the Darwin platform). (Moriyoshi)
Fixed bug #25708 (extract($GLOBALS, EXTR_REFS) mangles $GLOBALS). (Moriyoshi)
Fixed bug #25707 (html_entity_decode() over-decodes <). (Moriyoshi)
Fixed bug #25703 (openssl configure check failed). (Jani)
Fixed bug #25701 (On flush() set headers_sent in apache2handler). (Ilia)
Fixed bug #25671 (str_replace() corrupts subarrays). (Sara)
Fixed bug #25669 (eregi() with non-ascii characters). (Moriyoshi)
Fixed bug #25665 (var_dump() hangs on Nan and INF). (Ilia)
Fixed bug #25648 (xslt_set_encoding() not detected correctly). (Jani)
Fixed bug #25636 (SNMP Session not closed on success). (Ilia, patch by: nesslage at mwsc dot edu)
Fixed bug #25635 (Make "make tests" to fail due to invalid include_path). (Ilia)
Fixed bug #25604 (HAVE_SNMP_PARSE_OID undefined with phpize build). (Jani)
Fixed bug #25583 (Incorrect handling of paths starting with "/" on win32 inside glob() function). (Ilia)
Fixed bug #25570 (Possible crash in apache2handler when zend_bailout called outside of zend_try {} block). (Ilia)
Fixed bug #25558 (ext/dbase: reverted fix for bug #23463). (Vlad)
Fixed bug #25530 (checkdate() incorrectly handles floats). (Ilia)
Fixed bug #25525 (ldap_explode_dn() crashes when passed invalid dn). (Sara, patch by: mikael dot suvi at trigger dot ee)
Fixed bug #25504 (pcre_match_all() crashes when passed only 2 parameters). (Jani)
Fixed bug #25483 (ext/informix: bogus -469 error from ifx_query()). (Jani, patch by: denisov at kubsu dot ru)
Fixed bug #25463 (ext/cpdf: compile failure with bundled GD)
Fixed bug #25429 (fix copying of stdin using copy() function). (Ilia)
Fixed bug #25424 (ext/informix: lvarchar not supported in win32). (Jani)
Fixed bug #25404 (ext/pgsql: open transactions not closed when script ends). (Marcus)
Fixed bug #25385 (ob_gzhandler(): typo in sapi_add_header_ex() call). (Jani)
Fixed bug #25378 (unserialize() crashes with invalid data). (Jani)
Fixed bug #25372 (sscanf() does not work with %X). (Jani)
Fixed bug #25348 ("make install" fails with --enable-short-tags). (Jani)
Fixed bug #25343 (is_dir() gives warning on FreeBSD). (Jani)
Fixed bug #25333 (Possible body corruption & crash in win32 mail()). (Ilia)
Fixed bug #25316 (Possible infinite loop inside _php_stream_write()). (Ilia)
Fixed bug #25314 (FTP_ASCII mode behaving like binary from Win->Unix). (Sara)
Fixed bug #25308 (php -m crashes when zend extensions are loaded). (Stas)
Fixed bug #25307 (Crash with WDDX serializer). (Sascha, Jani)
Fixed bug #25295 (QNX6: php_ini.c:414: 'alphasort' undeclared). (Jani)
Fixed bug #25294 (ext/ftp: NLST failure leads to crash on exit). (Sara, Rob)
Fixed bug #25293 (Output correct EOL to error_log). (Ilia)
Fixed bug #25239 (ftp_fopen_wrapper not RFC compliant). (Sara)
Fixed bug #25218 ("deflate" compressed pages had a gzip header). (Stefan)
Fixed bug #25211 (image.c compile failure with AIX). (Marcus)
Fixed bug #25166 (WDDX serializer handler missing in win32). (Jani)
Fixed bug #25109 (Possible crash when fetching field names in pgsql). (Ilia)
Fixed bug #25106 (Added more stringent checks on bzopen() mode). (Ilia)
Fixed bug #25070 (unlock session files on win32 before closing them). (Ilia)
Fixed bug #24402 (Compile failure with gettext 0.12.x). (Jani)
Fixed bug #23488 (zlib.output_compression overrides Vary header). (Stefan)
Fixed bug #23326 (ext/domxml: Attributes via append_child not supported). (Melvyn)
Fixed bug #21220 (Wrong Apache version shown in phpinfo() output). (Jani)
Fixed bug #18534 (ifx_close() leaves open session). (nobbie@php.net)
Fixed bug #14049 (realpath() returns invalid results for non-existent paths). (Ilia)

There is a separate announcement available for this release.

Version 4.3.3

25-Aug-2003

Synchronized bundled GD library with GD 2.0.15. (Ilia)
Upgraded the bundled Expat library to version 1.95.6. (Jani)
Upgraded the bundled PCRE library to version 4.3. (Andrei)
Improved the engine to use POSIX/socket IO where feasible. (Sascha)
Improved the NSAPI SAPI module (Uwe Schindler)
- php4_init (magnus.conf): new parameter to set alternate path to php.ini. (php_ini="/path/to/php.ini")
- php4_execute (obj.conf): support for additional php.ini values. Allows different settings per virtual server. (See sapi/nsapi/nsapi-readme.txt for more information)
- Added support for virtual().
- Added nsapi_request_headers() and nsapi_response_headers() with aliases for apache compatibility.
- Added "nsapi.read_timeout" php.ini option.
- Synced $_SERVER variables to be similar to Apache variables.
- Added possibility to use PHP to generate HTTP error pages (404 Not Found..)
- Added possibility to use PHP to generate directory listings for directories without index.html
Improved the IMAP extension (Ilia)
- Added imap_timeout() function. (bug #24161)
- Added optional 'charset' parameter to imap_search() and imap_sort(). (bug #22505)
Improved the InterBase extension (Daniela)
- Added transaction constants: IBASE_REC_VERSION, IBASE_REC_NO_VERSION, IBASE_WRITE, IBASE_WAIT and IBASE_CONCURRENCY. (bugs #8797, #23887)
- Made numeric/decimal datatype handling work on any platform.
Added DBA handler 'inifile' to support ini files. (Marcus)
Added a "DEBUG" note to 'php -v' output when --enable-debug is used. (Derick)
Added long options into CLI & CGI (e.g. --version). (Marcus)
Added a new parameter to preg_match*() that can be used to specify the starting offset in the subject string to match from. (Andrei)
Fixed possible integer overflows in:
- base64_encode(). (Moriyoshi)
- bundled GD library. (Ilia)
Fixed "mysql.connect_timeout" php.ini option to be settable with ini_set(). (Rasmus)
Fixed ext/yaz to not log if "yaz.log_file" php.ini option is not set. (Adam)
Fixed a bug in bundled libmysql (mysql bug 564). (Georg)
Fixed ext/exif to honor "magic_quotes_runtime" php.ini option. (Marcus)
Fixed FastCGI IIS document root problem. (Shane)
Fixed corruption of multibyte character including 0x5c as second byte in multipart/form-data. (Rui)
Fixed possible crash in imagerotate() when an invalid color index is used for background color. (Pierre-Alain Joye)
Fixed a bug that under certain circumstances could invalidate safe_mode. (Ilia)
Fixed certificate version and allowed setting of the serial number in openssl_csr_sign(). (Stefan Roehrich)
Fixed each() to be binary safe for keys. (Zeev)
Fixed bug #25093 (Various leaks due to non-freed queries). (Ilia)
Fixed bug #25084 (Make refer check not dependant on register_globals). (Ilia)
Fixed bug #25081 (odbc_fetch_array() may mangle numeric fields). (Ilia)
Fixed bug #25044 (header("Location:") changing HTTP status). (Marcus)
Fixed bug #25037 (Possible infinite loop inside SendText()). (Ilia)
Fixed bug #25007 (rand() & mt_rand() seed RNG every call). (Jani)
Fixed bug #24989 (external libexpat conflicts with bundled libexpat). (Jani)
Fixed bug #24980 (array_reduce() uses first element as default running total). (Ilia)
Fixed bug #24977 (Revert mysql_select_db optimization). (Ilia)
Fixed bug #24958 (Incorrect handling of 404s). (Ilia, Justin)
Fixed bug #24951 (ob_flush() needlessly destroys output handler). (Ilia)
Fixed bug #24936 (ext/fdf not linked properly as shared extension). (Jani)
Fixed bug #24909 (Bad random numbers with ZTS builds on Solaris). (Ilia)
Fixed bug #24897 (inconsistent behavior of shuffle() & array_multisort()). (Ilia, Jani)
Fixed bug #24883 (variables_order and gpc_order being ignored). (Ilia)
Fixed bug #24873 (incorrect handling of / inside open_basedir). (Ilia)
Fixed bug #24871 (methods misidentified as constructors). (Ilia)
Fixed bug #24827 (ob_gzhandler overrides Vary header). (Ilia)
Fixed bug #24792 (--enable-zend-multibyte causes random segfaults with ZTS). (fujimoto)
Fixed bug #24783 (foreach($ar as $key => $val), $key not binary safe). (Zeev)
Fixed bug #24760 (non-default SNMP port number not working). (Jani)
Fixed bug #24752 (Unhandled "uniqueidentifier" field type). (Ilia, s.sonnenberg[at]coolspot.de)
Fixed bug #24710 (Crash when $obj->{0} is used). (Zeev)
Fixed bug #24663 (\n. sequences were not being escaped). (Ilia)
Fixed bug #24640 (var_export() and var_dump() can not output large floats). (Marcus)
Fixed bug #24629 (FreeBSD select() does not like large microseconds values). (Mirco Bauer).
Fixed bug #24609 (ext/domxml: segfault when using replace node across different docs). (Rob Richards)
Fixed bug #24594 (Rewrite of the imagefill() function). (Pierre-Alain Joye)
Fixed bug #24592 (NULL related crash in session extension). (Sascha)
Fixed bug #24573 (debug_backtrace() crashes if $this set to null). (Jani)
Fixed bug #24560 (parse_url() incorrectly handling certain file:// based schemas). (Ilia)
Fixed bug #24557 (make fclose() respect refcount on the resource). (Wez, Ilia)
Fixed bug #24537 (apache2 compile misses some include directories). (Jani)
Fixed bug #24535 (ext/mysql: crash when retrieving data from unbuffered result after the original connection has been changed). (Ilia)
Fixed bug #24519 (aggregate_methods_by_list() does not increment refcount).
Fixed bug #24313 (file_exists() warning on non-existent files when open_basedir is used). (Ilia)
Fixed bug #24312 (base64_decode() does not skip 0xF0-0xFF characters). (gereon.steffens[at]onvista.de, Ilia)
Fixed bug #24284 (Fixed memory leak inside pg_ping()). (Ilia)
Fixed bug #24249 (fdf_add_doc_javascript() not available on Windows). (Edin)
Fixed bug #24224 (ibase_blob_get() overflow). (Ard)
Fixed bug #24223 (missing variable initialization in bundled gd). (Ilia)
Fixed bug #24220 (range() didn't handle numeric strings correctly). (Ilia)
Fixed bug #24210 (not detecting assume_default_colors - typo). (Sara)
Fixed bug #24198 (Invalid recursion detection in array_merge_recurcive()). (Ilia)
Fixed bug #24177 (Status not set correctly after flush() in Apache 2). (Ilia)
Fixed bug #24155 (gdImageRotate270 incorrectly use x parameter for y axis). (tom@gksystems.com, Ilia)
Fixed bug #24150 (crash in imap_fetch_overview() & imap_rfc822_write_address()). (Ilia)
Fixed bug #24142 (workaround for a gcc bug affecting round()). (Marcus, Ilia)
Fixed bug #24063 (serialize() missing 0 after the . on scientific notation). (Marcus, Ilia)
Fixed bug #24063 (scientific notation broken in *printf()). (Ilia)
Fixed bug #24060 (ncurses_del_panel() causes segfault). (Georg)
Fixed bug #24054 (Integer overflow failure with GCC/x86 for *=). (Sascha)
Fixed bug #24028 (Reading raw post message by php://input failed). (Jani)
Fixed bug #24009 (FastCGI handling of file not found). (Shane)
Fixed bug #24007 (Problem with register_globals & arrays). (Ilia)
Fixed bug #23951 (constants in static initializers clobbered by inheritance). (Wez, Zend Engine)
Fixed bug #23936 (ext/interbase: fail to select and fetch). (Ard)
Fixed bug #23913 (make rename() work across partitions on *nix). (Ilia)
Fixed bug #23912 (Invalid CSS in phpinfo() output). (Ilia)
Fixed bug #23902 (NULL in CGI header output). (Shane)
Fixed bug #23898 (Proper handling of NULLs in odbc_result, odbc_fetch_into and odbc_result_all). (Ilia)
Fixed bug #23897 (Fixed a check for mbfilter_ru.h). (aleks@m2media.ru, Ilia)
Fixed bug #23894 (sprintf() decimal specifiers problem). (Moriyoshi)
Fixed bug #23888 (Missing input validation for flags parameter). (Ilia)
Fixed bug #23808 (broken imagecopymerge()). (Pierre-Alain Joye)
Fixed bug #23798 (Spaces were not being stripped from Bcc header). (Ilia)
Fixed bug #23792 (imagerotate() problems with limited pallet, the function will always return true color image from now on). (Pierre-Alain Joye)
Fixed bug #23779 (mysql_connect(): disable local infile option if php.ini option "open_basedir" is set). (Georg)
Fixed bug #23769 (In FreeBSD glob() gives wrong result when pattern not found). (Hartmut)
Fixed bug #23733 (Coredump on startup with Oracle 9+). (Edin)
Fixed bug #23685 (fake values returned when OID value is an empty string). (Jani)
Fixed bug #23664 (FastCGI socket listening). (Shane)
Fixed bug #23509 (exit code lost when exit() called from register_shutdown_function()). (Ilia)
Fixed bug #23463 (added Dbase2 version check). (Vlad Krupin)
Fixed bug #23285 (Potential Stack overflow in zendlex). (Wez)
Fixed bug #23104 (hash position of static arrays not being reset). (Ilia)
Fixed bug #23038, #23574 (aggregate() related leaks and crashes). (Andrei)
Fixed bug #22947 (Ack() inside win32/sendmail.c may stall in certain situations). (Ilia)
Fixed bug #22690 (ob_start() did not work with create_function() callbacks). (Marcus)
Fixed bug #22592 (Cascading assignments to strings with curly braces broken). (Stas)
Fixed bug #22245 (References inside $_SESSION not being handled). (Ilia)
Fixed bug #22154 (Possible crash when memory_limit is reached and output buffering in addition to session.use_trans_sid is used). (Ilia)
Fixed bug #22072 (Apache2 sapis do not detect aborted connections). (Ilia)
Fixed bug #21958 (workaround for unusual realpath() on AIX & Tru64). (Ilia)
Fixed bug #21957 (serialize() mangles objects with __sleep). (Ilia)
Fixed bug #21918 (strange behavior of mixed type in array-keys). (Marcus)
Fixed bug #21855 (Threading issue on HP-UX). (Roshan Naik, Andi, Moriyoshi)
Fixed bug #21611 (version_compare() does not support "p" as suffix). (Stefan Walk)
Fixed bug #21074 (Apache2: "ErrorDocument xxx /error.php" broken). (Jani)
Fixed bug #20896 (-s -w modes with php-cli cause php to hang). (Ilia)
Fixed bug #19613 (putenv("VAR=") does not empty VAR on win32). (Zeev)
Fixed bug #18744 (blob_add() has max limit of 64k). (Ard)
Fixed bug #18291 (escapeshellcmd() can now handle quoted arguments). (Ilia)
Fixed bug #17414 (pthreads bug workaround). (timo.teras[at]iki.fi)
Fixed bug #13142 (strtotime not handling "M d H:i:s Y" format). (Ilia)
Fixed bug #11924 (ibase_query(), ibase_execute() mangled passed parameters). (Jani)
Fixed bug #7014 (crash in _php_ibase_error() after request shutdown). (Ard)

More information on this release on our Releases page.

Version 4.3.2

29-May-2003

Syncronized bundled GD library with GD 2.0.12. (Ilia)
Removed support for GDLIB version 1.x.x (php_gd.dll) on Windows. (Edin)
Enabled read-only GIF support in the bundled GDLIB (php_gd2.dll) on Windows. (Sebastian, Edin)
Improved dba extension (Marcus)
- Added support for internal error handling of Berkeley db libraries.
- Disallowed Berkeley db versions 4.1.0 to 4.1.24 due to locking problems.
- Disallowed linkage of Berkeley db submodules against libraries with different major versions.
- Disallowed configuring of more than one Berkeley db handler.
- Reenabled dba_popen() with new persistent STDIO streams.
Added a new Apache 2.0 SAPI module (sapi/apache2handler) based on the old version (sapi/apache2filter). (Ian Holsman, Justin Erenkrantz)
Added "disable_classes" php.ini option to allow administrators to disable certain classes for security reasons. (Harald)
Added man page for CLI version of PHP. (Marcus)
Added --clean option into phpize. (Jani)
Added --ldflags option into php-config. (Jani)
Added imagesavealpha() and imageistruecolor() functions. (Pierre)
Added XBM support for bundled GD library. (Marcus)
Added session_regenerate_id() function. (Sascha)
Added zlib_get_coding_type() function which returns the coding type used for output compression. (Moriyoshi)
Added OCIPasswordChange() which allows renewing expired Oracle users. (Maxim)
Added memory_get_usage(). Only available when PHP is configured with --enable-memory-limit. (Andrey)
Added improved JPEG 2000 support for getimagesize(). (Marcus, Adam Wright)
Added XBM and WBMP support for getimagesize(). (Marcus)
Added KOI8-R, CP866, and CP1251 support for htmlentities(). (Antony Dovgal, Moriyoshi)
Added domdocument->free() to free XML-documents from memory. (Rob Richards)
Fixed a bug in error reporting with the CLI for start-up errors. (Derick)
Fixed spurious fsync calls during socket communication. (Sascha)
Fixed a possible vhost issue in thttpd. (Sascha, dgl@dgl.cx)
Fixed including from HTTP URLs. (Sascha)
Fixed a lot of memory leaks in domxml. (Rob Richards, Chregu)
Fixed a bug in GD's truecolor TTF handling. (Derick)
Fixed several 64-bit problems. (Dave)
Fixed several errors in hwapi extension. Objects weren't handled properly. (Uwe)
Fixed bug #23788 (str|preg_replace() clobber the array elements). (Ilia)
Fixed bug #23765 (file uploads ignored due to case sensitivity). (Sara)
Fixed bug #23738 (ifx_copy_blob() crash). (Jani)
Fixed bug #23661 (mysql_fetch_array() gives no warning when an invalid argument was passed as result_type). (Derick)
Fixed bug #23619 (set_error_handler() registered handler not called for object instances). (Jani, waboring@qualys.com)
Fixed bug #23606 (Unable to build --with-db4 (db4.1.25)). (Marcus)
Fixed bug #23567 (pfsockopen() returns dead connections). (Wez)
Fixed bug #23539 (curl_exec() produces strange results). (daniel@haxx.se)
Fixed bug #23527 (PostScript Type 1 fonts do not render properly). (nid@home.se, Ilia)
Fixed bug #23402 (crash with improper use of mssql_bind()). (Frank)
Fixed bug #23371 (configure falsely detects c-client using SSL). (Jani)
Fixed bug #23340 (fopen on multiple URLs causes memory corruption). (Wez)
Fixed bug #23298 (serialize cuts off floats & doubles). (Ilia, Marcus)
Fixed bug #23232 (safe_mode does not honor PHP_AUTH_* in apache2). (Ilia)
Fixed bug #23225 (money_format() didn't handle erroneous return of strfmon). (Ilia, marcot@tabini.ca)
Fixed bug #23201 (set_file_buffer() crashes with stdio streams). (Ilia)
Fixed bug #23188 (CDB databases created with 'c' mode do not work). (Marcus)
Fixed bug #23187 (memory leaks in sybase_connect/sybase_pconnect). (Ilia)
Fixed bug #23162 (user_error() crashs if error message > 1024 bytes). (Jay, Marcus, Moriyoshi)
Fixed bug #23152 ($http_response_header empty on invalid URLs). (Ilia)
Fixed bug #23102 (integer overflow in exif_iif_add_value()). (Ilia)
Fixed bug #23099 (ext/interbase: libgds.so: undefined reference to 'crypt'). (Jani)
Fixed bug #23093 (highlight_string() crashed with __FUNCTION__). (Jani)
Fixed bug #23080 (socket_strerror() crashes on win32). (Moriyoshi)
Fixed bug #23071 (when DST in effect, date("T") crashed PHP). (Scott MacVicar, Jani)
Fixed bug #23069 (tempnam creates readonly file [win32]). (Wez)
Fixed bug #23009 (pg_select with timestamp). (Marcus, Jay)
Fixed bug #23008 (ldap_start_tls() not available on Windows). (Edin)
Fixed bug #23004 (When ftp_close() is called, send QUIT to the ftp server). (Ilia)
Fixed bug #22989 (sendmail not found by configure). (igyu@ionsphere.org)
Fixed bug #22987 (missing perror() check in configure). (Jani)
Fixed bug #22965 (Crash in gd lib's ImageFillToBorder()). (Ilia)
Fixed bug #22939 (crash in imap_header_info()). (Ilia)
Fixed bug #22844 (Changing bool value via -d or ini_set(), On would be Off). (Ilia)
Fixed bug #22786 (Crash when trying to call DomAttribute's set_namespace method). (Chregu)
Fixed bug #22775 (Fatal errors exit with status 0 with CGI/CLI). (Jani)
Fixed bug #22774 (PHP crashes when exiting (long XML doc)). (Rob Richards)
Fixed bug #22751 (Compile error in gdcache.c when external libgd is used). (Jani)
Fixed bug #22721 (Poor file() performance on systems without mmap). (Wez)
Fixed bug #22709 (Crash in interbase when database unavailable). (Vladimir Michl)
Fixed bug #22681 (Crash when reading from invalid file pointer). (Ilia)
Fixed bug #22672 (User not logged under Apache2). (Ian)
Fixed bug #22616 (Wrong order of -lssl and -lcrypto with IMAP). (Jani)
Fixed bug #22613 (imagettfbox() does not add the kerning distance to the running position). (Ilia)
Fixed bug #22585 (Do not terminate the script on minor errors). (Ilia)
Fixed bug #22550 (overflow protection for upload_max_filesize ini option). (Ilia)
Fixed bug #22544 (writing transparency to truecolor png images). (Ilia)
Fixed bug #22538 (failed stat on stdio/stdin/stderr streams). (Wez, Ilia)
Fixed bug #22530 (append_child does not unlink node). (Chregu)
Fixed bug #22520 (mcrypt_generic_deinit() was not available on Windows). (Edin)
Fixed bug #22508 (Added protection against circular HTML redirects). (Ilia)
Fixed bug #22473 (ISAPI Secure Server variables not available). (Christian Swoboda)
Fixed bug #22402 (opening of ftp for read/write could fail due to invalid return code handling). (Ilia)
Fixed bug #22384 (FNM_CASEFOLD is not available). (Hartmut)
Fixed bug #22382 (fgetcsv() did not handle \" correctly). (Ilia)
Fixed bug #22376 (wrong httpd.conf modified when using INSTALL_ROOT). (Jani)
Fixed bug #22363 (combinations of fwrite(), fread() and fseek() produce unexpected results). (Wez)
Fixed bug #22355 (PHP would remove folding from Subject & To fields). (Ilia)
Fixed bug #22330 (overloaded strrpos() gives wrong results). (david@santinoli.com, Moriyoshi)
Fixed bug #22312 (crash on failed connection when curl_getinfo() was called). (Phil Oleson <poleson@verio.net>)
Fixed bug #22308 (optimized passthru, code is now ~40 times faster). (Ilia)
Fixed bug #22306 (pg_lo_seek($h, 0, PGSQL_SEEK_SET) succeeds but returns false). (Jani)
Fixed bug #22301 (htmlspecialchars() crashes Apache on Tru64). (Ilia)
Fixed bug #22299 (gethostbyname() with non-existing domain crashed on MacOSX). (Jani)
Fixed bug #22283 (possible crash when opening relative URLs). (Ilia)
Fixed bug #22238 (stream_select() clobbers fifos under win9x). (Wez)
Fixed bug #22234 (copy() fails if source file has 0 length). (Moriyoshi)
Fixed bug #22227 (printf() field limiters broke between 4.2.3 and 4.3.0). (Moriyoshi)
Fixed bug #22224 (implode() changes object references in array). (Moriyoshi)
Fixed bug #22221 (bad rows count in the result object for postgresql). (Marc)
Fixed bug #22207 (e notation in *printf would be missing a 0 when there is no exponent). (Ilia)
Fixed bug #22220 ("php_admin_value open_basedir none" does not work). (Jani)
Fixed bug #22191 (frontbase build broken with old version of frontbase). (Ilia)
Fixed bug #22187 (spprintf function did not handle floats correctly). (Ilia)
Fixed bug #22149 (incorrect insertion of session id when tabs are used to separate tag elements). (Ilia)
Fixed bug #22141 (removed undocumented Boyer str_replace() method). (Sara)
Fixed bug #22103 (Added gdImageEllipse and replaced old gdImageFilledEllipse with a better implementation). (Pierre)
Fixed bug #22088 (array_shift() left next index to be +1 too much). (Jani)
Fixed bug #22083 (MySQL charset directory problem on Windows). (Edin)
Fixed bug #22059 (ftp_chdir() causes segfault). (Sara)
Fixed bug #22048 (crash in imap_header() when the e-mail contains an abnormally large number of special characters). (Ilia)
Fixed bug #22042 (pg_result_seek() would never seek to the 1st row in the result due to always seeking to row next to the one requested). (Ilia)
Fixed bug #22031 (Made curl_write() & curl_write_header() binary safe). (Ilia)
Fixed bug #22022 (Crash in imap_mail_compose() if the body is an empty array). (Ilia)
Fixed bug #22017 (date() does not support negative timestamps on win32). (Ilia)
Fixed bug #22008 (strip_tags() eliminates too much). (Moriyoshi)
Fixed bug #22004 (Overload extension and _call() breaks classes). (Shane)
Fixed bug #21998 (array_pop() did not reset the current array position). (Jani)
Fixed bug #21978, #21036 (win32 mail(), bcc: gets interpreted as cc:). (Sara)
Fixed bug #21885 (move_uploaded_file() does not ignore open_basedir). (Wez)
Fixed bug #21820 ("$arr['foo']" generates bogus E_NOTICE, should be E_PARSE). (Jani)
Fixed bug #21815 (fpassthru() ignored buffered data but complained anyway). (Wez)
Fixed bug #21809 (select would not always timeout during socket shutdown). (Wez)
Fixed bug #21751 (default output buffer could not be deleted). (Marcus)
Fixed bug #21725 (return behaviour differs between include and require). (Zeev)
Fixed bug #21713 (include remote files leaks descriptors on Solaris). (Wez)
Fixed bug #21708 (ucwords() trouble again). (Moriyoshi)
Fixed bug #21689 (fgetcsv() suppresses some characters before a separator). (Masahiro, Moriyoshi)
Fixed bug #21912, #21676 (getimagesize() failed for remote files). (Wez)
Fixed bug #21597 (made glob() understand Windows paths). (Edin)
Fixed bug #21549 (problem with Ingres II persistent connections). (Jani)
Fixed bug #21544 (Extended checks for where FreeTDS is installed). (Frank)
Fixed bug #21534 (typo in gmp_gcdext() causes incorrect results). (Sara)
Fixed bug #21531 (file_exists() and other filestat functions report errors when the requested file/directory does not exists). (Sara)
Fixed bug #21529 (memory corruption by fsockopen()). (Ilia)
Fixed bug #21525 (bind_textdomain_codeset() now available on Windows). (Edin)
Fixed bug #21523 (number_format() could cause a memory allocation for a negative memory size in situations where the sprintf implementation of the host system generated less decimal places than were requested). (Wez)
Fixed bug #21518 (imagecreatefromstring() crashed with invalid image files). (Ilia)
Fixed bug #21511 (config.status warning). (Jani)
Fixed bug #21498 (mysql_pconnect connection problems). (Georg)
Fixed bug #21453 (improper handling of non-terminated < by strip_tags()). (Ilia)
Fixed bug #21445 (gd unable to open fonts). (Ilia)
Fixed bug #21443 (improper handling of ? surrounded by spaces in get_browser()). (Ilia)
Fixed bug #21442 (crash in mail() on Windows when 1st parameter is empty). (Edin)
Fixed bug #21410 (fixed handling of NULL or "" files on Win32). (Ilia)
Fixed bug #21378 (COM code crashes after update 4.2.1 to 4.3.0). (Harald)
Fixed bug #21338 (html_entity_decode() crashed when "" is passed). (Ilia)
Fixed bug #21310 (Solaris has issues with getcwd() needing read permissions on directories instead of just execute). (Wez, jflemer)
Fixed bug #21297 (in CLI/CGI on the #! it would leave a \n when the code encounters \r\n). (Ilia)
Fixed bug #21268 (session_decode() returned FALSE on success). (Ilia)
Fixed bug #21267 (opening URLs that result in redirection to a relative path was failing). (Ilia)
Fixed bug #21229 (missing 3rd argument to php_module_startup). (Ilia)
Fixed bug #21228 (broken check for ob_gzhandler and made ob_start() return the correct value). (Ilia)
Fixed bug #21226 (parse_url handling of urls without a path). (Ilia)
Fixed bug #21224 (apache configure fails when using --enable-versioning). (Jani)
Fixed bug #21169 (Compile Failure and lots of warnings on UnixWare). (Derick)
Fixed bug #21131 (fopen() with mode 'a+' and rewind() doesn't work). (Wez)
Fixed bug #21007 (html_errors off text-only output in phpinfo). (Marcus)
Fixed bug #20857 (snmpset() failed always, patch by: rs@epost.de). (Jani)
Fixed bug #20802 (PHP would die silently when memory limit reached). (Ilia)
Fixed bug #20715 (odbc could not be compiled as shared extension). (Jani)
Fixed bug #20641 (Numeric/decimal datatype overflow in ext/interbase on Win32). (Daniela)
Fixed bug #20503 (imagesetbrush() not available on Windows). (Edin)
Fixed bug #20282 (COM memory leak). (Harald)
Fixed bug #20256 (snprintf() not defined on some systems). (Jani)
Fixed bug #19919 (crash in sapi_apache_header_handler under heavy load). (George)
Fixed bug #19795 (Problems with strnatcmp() / strnatcasecmp()). (Moriyoshi)
Fixed bug #17868 (multiple  used to include PHP files crashes). (Ilia)
Fixed bug #17448 (Print the message when OCI_SUCCESS_WITH_INFO is returned). (Maxim)
Fixed bug #17098 (make Apache2 aware that PHP scripts should not be cached). (Ilia)
Fixed bug #16798 (Compile failure with LOB support for Oracle version < 8.1). (Maxim)
Fixed bug #14532 (fixed connection_status() to return 2 for timeouts). (Jani)
Fixed bug #14245 ('make install' fails on AIX when using --with-apxs). (Jani)
Fixed bug #13757 (CGI: passing query string on command line broken). (Shane)
Fixed bug #13561 (--without-pear disabled phpize/php-config install). (Jani)
Fixed bug #13551 (bcmath functions applying scale incorrectly). (Sara)

More information on this release on our Releases page.

Version 4.3.1

17-Feb-2003

Fixed serious security vulnerability in CGI SAPI. (Shane)

More information on this release on our Releases page.

Version 4.3.0

27-Dec-2002

If you don't specify building any other SAPI "make install" will install the CGI SAPI binary in {PREFIX}/bin/php. If you want to install CLI SAPI in that location use "make install-cli" after "make install" or add --disable-cgi to your configure options. In the Windows distribution CLI SAPI is included in the "cli" folder. (Edin)
Removed extensions: (Jan, Jani, Sebastian)
- ext/aspell
- ext/ccvs
- ext/cybercash
- ext/icap
- sapi/fastcgi
- sapi/fhttpd
Moved extensions to PECL (http://pear.php.net/): (James, Derick)
- ext/vpopmail
- ext/cybermut
Make PHP_AUTH_* variables not available in safe mode under Apache when an external basic auth mechanism is used. (Philip)
Added sha1() and sha1_file() for US Secure Hash Algorithm 1. (Stefan Esser)
Aliased dba_popen() to dba_open() until 4.3.2 when persistent STDIO streams are introduced. (Andrei)
Fixed a security bug in the bundled MySQL library. (Georg, Stefan)
ZLIB extension is now built-in in the Windows distribution. External extension (php_zlib.dll) has been removed. (Edin)
Fixed a bug in ISO-8601 week calculation
Fixed a crash when using invalid color index with imagecolortransparent() (Pierre-Alain Joye).
Fixed bug #20987 (no handling for client certificates). (Ilia)
Fixed bug #21039 (crash when not supplying an IV to mcrypt_generic_init). (Derick)
Fixed bug #20936 (openssl_pkey_get was broken). (jeroen@derks.it, Wez)
Fixed bug #20927 (wordwrap crash). (Ilia)
Fixed bug #20796 (when register_globals is on & arrays with same names are passed via get/post/cookie the data inside $_GET/$_POST/$_COOKIE can would be corrupted). (Ilia)
Fixed bug #20725 (if the upload directory cannot be written to, the POST data after the uploaded file is lost). (Ilia)
Fixed bug #20865 (array_key_exists() fails to find NULL key). (Ilia)
Fixed bug #20812 (ftp_get returned NULL on success, instead of TRUE). (Ilia)
Fixed bug #20785 (crash when using pdf_open_memory_image() to load a true-color image). (Ilia)
Fixed a crash when converting between true-color images (png/jpeg) and gd1/gd2 image formats, png/jpeg -> gd1/gd2 -> png/jpeg conversion now works correctly. (Ilia, Pierre-Alain Joye).
Fixed a memory leak in the bundled GD library inside gdImageTrueColorToPalette(). (Ilia)
Fixed bug #12776 (array_walk crash). (Moriyoshi)
Fixed bug #20934 (htmlspecialchars returns latin1 from UTF-8). (Moriyoshi)
Fixed bugs #20270, #15702, #18600 (segfaults in ext/java). (Tony J. White)
Made bcmath extension thread safe. (Sander)
Fixed bug #19566 (get_declared_classes() segfaults). (Moriyoshi, Marcus, Andi)
Fixed bug #20381 (array_merge_recursive mangles input arrays). (Moriyoshi)
Added -n command switch to cli and cgi version which allows to skip php.ini parsing at startup. (Marcus, Wez)
Fixed bug #19689 (absolute paths like /test/dir/ not working correctly). (Ilia)
Added "neutral" language entry to mbstring spec. (Moriyoshi)
Changed bundled gd library to consider php.ini option memory_limit. (Marcus)
Modified log() to accept multiple bases. (Jason)
Fixed bugs #16190/#18746xt/db: flatfile support with windows). (Marcus)
Added gd_info() which returns an array of gd support information. (Marcus)
Implemented features/changes requested in Bug #16960 (Timm):
- Added a new function sybase_unbuffered_query()
- Added a new function sybase_fetch_assoc()
- Added sybase_set_message_handler() which enables users to handle server messages in a callback function
- Added an ini entry for deadlock retries - retrying deadlocks can cause transaction state to break (sybct.deadlock_retry_count, defaults to -1 "forever").
- Fixed sybase_fetch_object() not to return objects with numeric members
- Fixed issues with identical fieldnames
- Made sybase_fetch_*() functions return correct datatypes
- Made phpinfo() section more verbose
- Made sybase_query() error messages more verbose
Fixed bug #19935 (made OpenSSL file system operations abide by safe_mode & open_basedir restrictions). (Ilia)
Fixed bug #18868 (improved the check for availability of realpath()). (Ilia)
Fixed width/height detection of bmp images using getimagesize() function on big endian systems and added code to retrieve bmp bit depth. (Ilia)
Fixed bug #20035 (line counting error when script starts with #! in cgi/cli/fastcgi sapis). (Ilia)
Fixed bug #20235 (incorrect handling of symlinks on ZTS build). (Ilia)
Added sanity checks to headers_sent() & image_type_to_mime_type(). (Ilia)
Added an aditional parameter to the jdtojewish() function which makes the function return the symbolic hebrew name. (Moshe Doron, Derick)
Fixed bug #20169 (implode() clobbers first argument). (Moriyoshi)
Improved dba extension (Marcus)
- Added dba_handlers() that returns an array of installed handlers and dba_list() that returns an associative array of open database files.
- Added bundled cdb support wich can be activated by --with-cdb without a path. The bundled version supports cdb_make that allows writing cdb files.
- Added optional skip parameter to dba_fetch() to support multiple key-value pairs with the same key for cdb handler.
- Added locking for those handlers that do not have their own locking.
- Added support for magic_quotes_runtime php.ini option.
- Added flatfile support what finally makes ext/db deprecated.
Added imagerotate() which is available only when bundled libgd is used. (Pierre-Alain Joye, Ilia)
Fixed bug #17497 (mssql extension crashes if magic_quotes_runtime is on). (Sterling)
Remove $_FILES from $_REQUEST (import_request_variables is not modified), this didn't work properly in the first place, and added confusion. (Sterling)
Fix the socket_read() function on win32 to work in normal mode (reading to the end of a line), as well as binary mode. (Sterling)
Fixed bug #20110 (added sanity check to prevent include/require functions from trying to include directories). (Ilia)
Fixed bug #20108 (segmentation fault on printf("%1.1s", "string")). (Ilia)
Added dbx_escape_string() function to dbx module. (Marc)
Added Oracle (oci8) support to dbx module. (Marc)
Updated FDF extension to work with Adode fdftk 5.0. (Hartmut)
Added mb_strtolower() and mb_strtoupper(). (Moriyoshi)
Fixed an infinite loop in setlocale() when only invalid locale names were passed in the array. (patch by Pal Loberg, pallo[at]initio.no)
Fixed bugs #19156 and #19544 (COM extension leaks memory and keeps components referenced). (Harald)
Added fribidi_get_charsets() and fribidi_charset_info() functions. (Tal)
Added Oracle TIMESTAMP type to oci8 extension. (Thies)
Fixed fgets($fp) t