2010-11-13 19:12:07 +08:00
|
|
|
PHP NEWS
|
1999-07-23 07:54:54 +08:00
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
2014-02-26 22:08:08 +08:00
|
|
|
?? ??? 2014, PHP 5.6.0 Beta 1
|
|
|
|
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
27 Feb 2014, PHP 5.6.0 Alpha 3
|
2014-02-06 20:48:57 +08:00
|
|
|
|
2014-02-26 22:28:36 +08:00
|
|
|
- Core
|
|
|
|
. Expose get_debug_info class hook as __debugInfo() magic method. (Sara)
|
2014-02-26 22:29:40 +08:00
|
|
|
. Implemented unified default encoding
|
|
|
|
(RFC: https://wiki.php.net/rfc/default_encoding). (Yasuo Ohgaki)
|
2014-02-17 13:53:19 +08:00
|
|
|
|
2014-02-27 04:06:08 +08:00
|
|
|
- Curl
|
|
|
|
. Check for openssl.cafile ini directive when loading CA certs. (Daniel Lowrey)
|
2014-02-27 04:29:10 +08:00
|
|
|
. Remove cURL close policy related constants as these have no effect and are
|
|
|
|
no longer used in libcurl. (Chris Wright)
|
2014-02-27 04:06:08 +08:00
|
|
|
|
2014-02-19 18:28:55 +08:00
|
|
|
- Fileinfo
|
|
|
|
. Upgraded to libmagic-5.17 (Anatol)
|
2014-02-27 08:12:17 +08:00
|
|
|
. Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943) (Remi)
|
2014-02-19 18:28:55 +08:00
|
|
|
|
2014-02-27 08:26:23 +08:00
|
|
|
- FPM:
|
|
|
|
. Added clear_env configuration directive to disable clearenv() call.
|
|
|
|
(Github PR# 598, Paul Annesley)
|
|
|
|
|
2014-02-27 08:19:08 +08:00
|
|
|
- GD:
|
2014-02-26 22:28:36 +08:00
|
|
|
. Fixed imagettftext to load the correct character map rather than the last one.
|
|
|
|
(Scott)
|
2014-02-27 08:19:08 +08:00
|
|
|
. Fixed bug #66714 ( imageconvolution breakage). (Brad Daily)
|
2014-02-26 22:28:36 +08:00
|
|
|
|
2014-02-17 18:16:32 +08:00
|
|
|
- JSON:
|
|
|
|
. Fixed bug #65753 (JsonSerializeable couldn't implement on module extension)
|
|
|
|
(chobieeee@php.net)
|
|
|
|
|
2014-02-27 08:22:15 +08:00
|
|
|
- OPCache
|
|
|
|
. Added function opcache_is_script_cached(). (Danack)
|
2014-02-27 08:23:58 +08:00
|
|
|
. Added information about interned strings usage. (Terry, Julien, Dmitry)
|
2014-02-27 08:22:15 +08:00
|
|
|
|
2014-02-15 01:26:42 +08:00
|
|
|
- Openssl
|
2014-02-26 04:22:16 +08:00
|
|
|
. Fallback to Windows CA cert store for peer verification if no openssl.cafile
|
|
|
|
ini directive or "cafile" SSL context option specified in Windows.
|
|
|
|
(Chris Wright)
|
2014-02-27 04:06:08 +08:00
|
|
|
. The openssl.cafile and openssl.capath ini directives introduced in alpha2
|
|
|
|
now have PHP_INI_PERDIR accessibility (was PHP_INI_ALL). (Daniel Lowrey)
|
|
|
|
. New "peer_name" SSL context option replaces "CN_match" (which still works
|
|
|
|
as before but triggers E_DEPRECATED). (Daniel Lowrey)
|
2014-02-15 01:26:42 +08:00
|
|
|
. Fixed segfault when accessing non-existent context for client SNI use
|
|
|
|
(Daniel Lowrey)
|
2014-02-15 12:44:05 +08:00
|
|
|
. Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
|
|
|
|
(Mark Zedwood)
|
2014-02-27 04:06:08 +08:00
|
|
|
. Fixed Bug #47030 (add new boolean "verify_peer_name" SSL context option
|
|
|
|
allowing clients to verify cert names separately from the cert itself).
|
|
|
|
"verify_peer_name" is enabled by default for client streams.
|
2014-02-22 00:38:15 +08:00
|
|
|
(Daniel Lowrey)
|
|
|
|
. Fixed Bug #65538 ("cafile" SSL context option now supports stream
|
|
|
|
wrappers). (Daniel Lowrey)
|
|
|
|
. New openssl_get_cert_locations() function to aid CA file and peer
|
|
|
|
verification debugging. (Daniel Lowrey)
|
|
|
|
. Encrypted stream wrappers now disable TLS compression by default.
|
|
|
|
(Daniel Lowrey)
|
|
|
|
. New "capture_session_meta" SSL context option allows encrypted client and
|
|
|
|
server streams access to negotiated protocol/cipher information.
|
|
|
|
(Daniel Lowrey)
|
|
|
|
. New "honor_cipher_order" SSL context option allows servers to prioritize
|
|
|
|
cipher suites of their choosing when negotiating SSL/TLS handshakes.
|
|
|
|
(Daniel Lowrey)
|
|
|
|
. New "single_ecdh_use" and "single_dh_use" SSL context options allow for
|
|
|
|
improved forward secrecy in encrypted stream servers. (Daniel Lowrey)
|
|
|
|
. New "dh_param" SSL context option allows stream servers control over
|
|
|
|
the parameters when negotiating DHE cipher suites. (Daniel Lowrey)
|
|
|
|
. New "ecdh_curve" SSL context option allowing stream servers to specify
|
|
|
|
the curve to use when negotiating ephemeral ECDHE ciphers (defaults to
|
|
|
|
NIST P-256). (Daniel Lowrey)
|
|
|
|
. New "rsa_key_size" SSL context option gives stream servers control
|
|
|
|
over the key size (in bits) used for RSA key agreements. (Daniel Lowrey)
|
|
|
|
. Crypto methods for encrypted client and server streams now use
|
|
|
|
bitwise flags for fine-grained protocol support. (Daniel Lowrey)
|
|
|
|
. Added new tlsv1.0 stream wrapper to specify TLSv1 client/server method.
|
|
|
|
tls wrapper now negotiates TLSv1, TLSv1.1 or TLSv1.2. (Daniel Lowrey)
|
|
|
|
. Encrypted client streams now enable SNI by default. (Daniel Lowrey)
|
|
|
|
. Encrypted streams now prioritize ephemeral key agreement and high strength
|
|
|
|
ciphers by default. (Daniel Lowrey)
|
|
|
|
. New OPENSSL_DEFAULT_STREAM_CIPHERS constant exposes default cipher
|
|
|
|
list. (Daniel Lowrey)
|
|
|
|
. New STREAM_CRYPTO_METHOD_* constants for enhanced control over the crypto
|
|
|
|
methods negotiated encrypted server/client sessions. (Daniel Lowrey)
|
|
|
|
. Encrypted stream servers now automatically mitigate potential DoS vector
|
|
|
|
arising from client-initiated TLS renegotiation. New "reneg_limit",
|
|
|
|
"reneg_window" and "reneg_limit_callback" SSL context options for custom
|
|
|
|
renegotiation limiting control. (Daniel Lowrey)
|
2014-02-15 01:26:42 +08:00
|
|
|
|
2014-02-16 13:21:05 +08:00
|
|
|
- Pgsql:
|
|
|
|
. pg_insert()/pg_select()/pg_update()/pg_delete() are no longer EXPERIMENTAL.
|
2014-02-17 08:59:58 +08:00
|
|
|
(Yasuo)
|
|
|
|
. Impremented FR #25854 Return value for pg_insert should be resource instead of bool.
|
|
|
|
(Yasuo)
|
|
|
|
. Implemented FR #41146 - Add "description" with exteneded flag pg_meta_data().
|
|
|
|
pg_meta_data(resource $conn, string $table [, bool extended])
|
|
|
|
It also made pg_meta_data() return "is enum" always.
|
|
|
|
(Yasuo)
|
2014-02-16 13:21:05 +08:00
|
|
|
|
2014-02-12 13:39:10 +08:00
|
|
|
13 Feb 2014, PHP 5.6.0 Alpha 2
|
2014-02-06 21:45:22 +08:00
|
|
|
- Core:
|
|
|
|
. Added T_POW (**) operator
|
|
|
|
(RFC: https://wiki.php.net/rfc/pow-operator). (Tjerk Meesters)
|
|
|
|
|
2014-01-29 21:27:43 +08:00
|
|
|
- mysqli
|
|
|
|
. Added new function mysqli_get_links_stats() as well as new INI variable
|
|
|
|
mysqli.rollback_on_cached_plink of type bool (Andrey)
|
|
|
|
|
2014-02-04 17:39:18 +08:00
|
|
|
- PCRE:
|
|
|
|
. Upgraded to PCRE 8.34. (Anatol)
|
|
|
|
|
2014-02-14 06:21:28 +08:00
|
|
|
- ldap
|
|
|
|
. Added new function ldap_modify_batch(). (Ondrej Hosek)
|
2013-11-27 16:34:40 +08:00
|
|
|
|
2014-02-14 07:22:31 +08:00
|
|
|
- Openssl
|
|
|
|
. Peer certificates now verified by default in client socket operations
|
|
|
|
(RFC: https://wiki.php.net/rfc/tls-peer-verification). (Daniel Lowrey)
|
2014-02-22 00:38:15 +08:00
|
|
|
. New openssl.cafile and openssl.capath ini directives. (Daniel Lowrey)
|
2014-02-14 07:22:31 +08:00
|
|
|
|
2014-01-21 18:20:40 +08:00
|
|
|
23 Jan 2014, PHP 5.6.0 Alpha 1
|
2013-11-16 04:37:52 +08:00
|
|
|
- CLI server:
|
2013-12-13 21:32:14 +08:00
|
|
|
. Added some MIME types to the CLI web server. (Chris Jones)
|
2013-11-16 04:37:52 +08:00
|
|
|
|
2013-05-17 17:35:32 +08:00
|
|
|
- Core:
|
|
|
|
. Improved IS_VAR operands fetching. (Laruence, Dmitry)
|
2013-12-26 18:47:13 +08:00
|
|
|
. Improved empty string handling. Now ZE uses an interned string instead of
|
|
|
|
allocation new empty string each time. (Laruence, Dmitry)
|
2013-06-18 00:27:22 +08:00
|
|
|
. Implemented internal operator overloading
|
|
|
|
(RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita)
|
2013-09-03 05:19:53 +08:00
|
|
|
. Made calls from incompatible context issue an E_DEPRECATED warning instead
|
|
|
|
of E_STRICT (phase 1 of RFC: https://wiki.php.net/rfc/incompat_ctx).
|
|
|
|
(Gustavo)
|
2013-09-17 14:04:07 +08:00
|
|
|
. Uploads equal or greater than 2GB in size are now accepted.
|
|
|
|
(Ralf Lang, Mike)
|
2014-01-17 19:18:16 +08:00
|
|
|
. Reduced POST data memory usage by 200-300%. Changed INI setting
|
|
|
|
always_populate_raw_post_data to throw a deprecation warning when enabling
|
|
|
|
and to accept -1 for never populating the $HTTP_RAW_POST_DATA global
|
|
|
|
variable, which will be the default in future PHP versions. (Mike)
|
2013-09-27 00:39:17 +08:00
|
|
|
. Implemented dedicated syntax for variadic functions
|
|
|
|
(RFC: https://wiki.php.net/rfc/variadics). (Nikita)
|
2013-11-06 02:54:50 +08:00
|
|
|
. Fixed bug #50333 Improving multi-threaded scalability by using
|
|
|
|
emalloc/efree/estrdup (Anatol, Dmitry)
|
2013-11-28 20:46:51 +08:00
|
|
|
. Implemented constant scalar expressions (with support for constants)
|
|
|
|
(RFC: https://wiki.php.net/rfc/const_scalar_exprs). (Bob)
|
2013-12-13 00:15:50 +08:00
|
|
|
. Fixed bug #65784 (Segfault with finally). (Laruence, Dmitry)
|
2014-01-21 01:18:20 +08:00
|
|
|
. Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch)
|
2013-05-17 17:35:32 +08:00
|
|
|
|
2013-09-11 02:42:42 +08:00
|
|
|
- cURL:
|
|
|
|
. Implemented FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir
|
|
|
|
or safe_mode). (Adam)
|
|
|
|
|
2013-09-12 05:37:07 +08:00
|
|
|
- GMP:
|
|
|
|
. Moved GMP to use object as the underlying structure and implemented various
|
|
|
|
improvements based on this.
|
|
|
|
(RFC: https://wiki.php.net/rfc/operator_overloading_gmp). (Nikita)
|
2013-11-29 06:42:23 +08:00
|
|
|
. Added gmp_root() and gmp_rootrem() functions for calculating nth roots.
|
|
|
|
(Nikita)
|
2013-08-09 17:05:07 +08:00
|
|
|
|
2013-10-03 22:23:59 +08:00
|
|
|
- Hash:
|
|
|
|
. Added gost-crypto (CryptoPro S-box) GOST hash algo. (Manuel Mausz)
|
|
|
|
|
2013-09-18 03:12:29 +08:00
|
|
|
- JSON:
|
|
|
|
. Fixed case part of bug #64874 ("json_decode handles whitespace and
|
|
|
|
case-sensitivity incorrectly")
|
|
|
|
|
2013-07-22 17:02:48 +08:00
|
|
|
- mysqlnd:
|
|
|
|
. Disabled flag for SP OUT variables for 5.5+ servers as they are not natively
|
|
|
|
supported by the overlying APIs. (Andrey)
|
|
|
|
|
2013-05-17 17:35:32 +08:00
|
|
|
- OPcache:
|
2013-11-27 01:38:40 +08:00
|
|
|
. Added an optimization of class constants and constant calls to some
|
|
|
|
internal functions (Laruence, Dmitry)
|
2013-05-17 17:35:32 +08:00
|
|
|
. Added an optimization pass to convert FCALL_BY_NAME into DO_FCALL.
|
|
|
|
(Laruence, Dmitry)
|
|
|
|
. Added an optimization pass to merged identical constants (and related
|
|
|
|
cache_slots) in op_array->literals table. (Laruence, Dmitry)
|
|
|
|
. Added script level constant replacement optimization pass. (Dmitry)
|
|
|
|
|
2013-10-08 22:20:07 +08:00
|
|
|
- Openssl:
|
|
|
|
. Added crypto_method option for the ssl stream context. (Martin Jansen)
|
|
|
|
. Added certificate fingerprint support. (Tjerk Meesters)
|
2013-10-17 21:47:55 +08:00
|
|
|
. Added explicit TLSv1.1 and TLSv1.2 stream transports. (Daniel Lowrey)
|
2013-10-08 22:20:07 +08:00
|
|
|
. Fixed bug #65729 (CN_match gives false positive). (Tjerk Meesters)
|
2014-01-28 05:58:04 +08:00
|
|
|
. Peer name verification matches SAN DNS names for certs using
|
|
|
|
the Subject Alternative Name x509 extension. (Daniel Lowrey)
|
|
|
|
. Fixed segfault when built against OpenSSL>=1.0.1 (Daniel Lowrey)
|
2014-02-03 11:20:16 +08:00
|
|
|
. Added SPKAC support. (Jason Gerfen)
|
2014-01-28 05:58:04 +08:00
|
|
|
|
2013-06-18 00:27:22 +08:00
|
|
|
- PDO_pgsql:
|
2013-06-07 15:27:42 +08:00
|
|
|
. Fixed Bug #42614 (PDO_pgsql: add pg_get_notify support). (Matteo)
|
2013-06-07 15:36:41 +08:00
|
|
|
. Fixed Bug #63657 (pgsqlCopyFromFile, pgsqlCopyToArray use Postgres < 7.3
|
|
|
|
syntax). (Matteo)
|
2013-06-07 15:27:42 +08:00
|
|
|
|
2013-12-20 21:56:03 +08:00
|
|
|
- phpdbg:
|
|
|
|
. Included phpdbg sapi (RFC: https://wiki.php.net/rfc/phpdbg).
|
|
|
|
(Felipe Pena, Joe Watkins and Bob Weinand)
|
|
|
|
|
2014-01-14 09:10:48 +08:00
|
|
|
- pgsql:
|
|
|
|
. pg_version() returns full report which obtained by PQparameterStatus().
|
2014-01-15 13:37:24 +08:00
|
|
|
(Yasuo)
|
|
|
|
. Added pg_lo_truncate(). (Yasuo)
|
|
|
|
. Added 64bit large object support for PostgreSQL 9.3 and later. (Yasuo)
|
2014-01-14 09:10:48 +08:00
|
|
|
|
2013-09-12 05:37:07 +08:00
|
|
|
- Session:
|
|
|
|
. Fixed Bug #65315 (session.hash_function silently fallback to default md5)
|
|
|
|
(Yasuo)
|
|
|
|
. Implemented Request #54649 (Create session_serializer_name()). (Yasuo)
|
|
|
|
. Implemented Request #17860 (Session write short circuit). (Yasuo)
|
|
|
|
. Implemented Request #20421 (session_abort() and session_reset() function).
|
|
|
|
(Yasuo)
|
|
|
|
. Implemented Request #11100 (session_gc() function). (Yasuo)
|
2013-06-18 00:27:22 +08:00
|
|
|
|
Request non-keep-alive connections by default in HTTP 1.1 requests.
As noted in FR #65634, at present we don't send a Connection request header
when the protocol version is set to 1.1, which means that RFC-compliant Web
servers should respond with keep-alive connections. Since there's no way of
reusing the HTTP connection at present, this simply means that PHP will appear
to hang until the remote server hits its connection timeout, which may be quite
some time.
This commit sends a "Connection: close" header by default when HTTP 1.1 (or
later) is requested by the user via the context options. It can be overridden
by specifying a Connection header in the context options. It isn't possible to
disable sending of the Connection header, but given "Connection: keep-alive" is
the same as the default HTTP 1.1 behaviour, I don't see this as a significant
issue — users who want to opt in for that still can.
As a note, although I've removed an efree(protocol_version), this doesn't
result in a memory leak: protocol_version is freed in the out: block at the end
of the function anyway, and there are no returns between the removed efree()
and the later call. Yes, I ran the tests with valgrind to check that. ☺
Implements FR #65634 (HTTP wrapper is very slow with protocol_version 1.1).
2013-09-12 05:11:29 +08:00
|
|
|
- Standard:
|
|
|
|
. Implemented FR #65634 (HTTP wrapper is very slow with protocol_version
|
|
|
|
1.1). (Adam)
|
2013-10-29 17:53:45 +08:00
|
|
|
. Implemented Change crypt() behavior w/o salt RFC. (Yasuo)
|
|
|
|
https://wiki.php.net/rfc/crypt_function_salt
|
2013-11-13 04:56:50 +08:00
|
|
|
. Implemented request #49824 (Change array_fill() to allow creating empty
|
|
|
|
array). (Nikita)
|
Request non-keep-alive connections by default in HTTP 1.1 requests.
As noted in FR #65634, at present we don't send a Connection request header
when the protocol version is set to 1.1, which means that RFC-compliant Web
servers should respond with keep-alive connections. Since there's no way of
reusing the HTTP connection at present, this simply means that PHP will appear
to hang until the remote server hits its connection timeout, which may be quite
some time.
This commit sends a "Connection: close" header by default when HTTP 1.1 (or
later) is requested by the user via the context options. It can be overridden
by specifying a Connection header in the context options. It isn't possible to
disable sending of the Connection header, but given "Connection: keep-alive" is
the same as the default HTTP 1.1 behaviour, I don't see this as a significant
issue — users who want to opt in for that still can.
As a note, although I've removed an efree(protocol_version), this doesn't
result in a memory leak: protocol_version is freed in the out: block at the end
of the function anyway, and there are no returns between the removed efree()
and the later call. Yes, I ran the tests with valgrind to check that. ☺
Implements FR #65634 (HTTP wrapper is very slow with protocol_version 1.1).
2013-09-12 05:11:29 +08:00
|
|
|
|
2013-10-03 21:23:05 +08:00
|
|
|
- XMLReader:
|
|
|
|
. Fixed bug #55285 (XMLReader::getAttribute/No/Ns methods inconsistency).
|
|
|
|
(Mike)
|
|
|
|
|
2013-11-04 20:32:45 +08:00
|
|
|
- Zip:
|
2013-12-30 14:45:09 +08:00
|
|
|
. update libzip to version 1.11.2.
|
2013-11-04 20:32:45 +08:00
|
|
|
PHP don't use any ilibzip private symbol anymore. (Pierre, Remi)
|
|
|
|
. new method ZipArchive::setPassword($password). (Pierre)
|
|
|
|
. add --with-libzip option to build with system libzip. (Remi)
|
2013-12-30 14:45:09 +08:00
|
|
|
. new methods:
|
|
|
|
ZipArchive::setExternalAttributesName($name, $opsys, $attr [, $flags])
|
|
|
|
ZipArchive::setExternalAttributesIndex($idx, $opsys, $attr [, $flags])
|
|
|
|
ZipArchive::getExternalAttributesName($name, &$opsys, &$attr [, $flags])
|
|
|
|
ZipArchive::getExternalAttributesIndex($idx, &$opsys, &$attr [, $flags])
|
2013-11-04 20:32:45 +08:00
|
|
|
|
2013-05-17 17:22:04 +08:00
|
|
|
<<< NOTE: Insert NEWS from last stable release here prior to actual release! >>>
|