PHP is een zogenoemde hypertext preprocessor en wordt voornamelijk gebruikt om dynamische content in de opmaaktaal html serverside te genereren. De software wordt veelal gebruikt in combinatie met het databaseprogramma MySQL, waarmee de dynamische content van websites en forums worden geserveerd. De ontwikkelaars van The PHP Group hebben alweer enkele dagen geleden versie 5.2.5 vrijgegeven en voorzien van de volgende aankondiging:
The PHP development team would like to announce the immediate availability of PHP 5.2.5. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.5:Key enhancements in PHP 5.2.5 include:
- Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
- Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
- Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
- Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
- Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
- Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).
For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.5.
- Upgraded PCRE to version 7.3
- Updated timezone database to version 2007.9
- Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable.
- Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions
- Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll())
- Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax)
- Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23)
- Over 60 bug fixes.
For a full list of changes in PHP 5.2.5, see the ChangeLog.
:strip_exif()/i/1371972860.png?f=thumbmedium)
:strip_icc():strip_exif()/u/25938/lekkerkontje.jpg?f=community){kind=small}
/u/4598/WebIcon.png?f=community){kind=small}