diff --git a/NEWS b/NEWS index ffc3792b29f5e..210ae00a010cc 100644 --- a/NEWS +++ b/NEWS @@ -43,6 +43,10 @@ PHP NEWS - mbstring: . Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo) +- Core: + . Fixed bug #73807 (Performance problem with processing large post request). + (Nikita) + - OpenSSL: . Fixed bug #71475 (openssl_seal() uninitialized memory usage). (Stas) @@ -128,6 +132,9 @@ PHP NEWS . Implemented FR #55651 (Option to ignore the returned FTP PASV address). (abrender at elitehosts dot com) +- Intl: + . Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex) + - Mbstring: . Fixed bug #71066 (mb_send_mail: Program terminated with signal SIGSEGV, Segmentation fault). (Laruence) @@ -236,6 +243,10 @@ PHP NEWS . Fixed bug #70982 (setStaticPropertyValue behaviors inconsistently with 5.6). (Laruence) +- Phar: + . Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). + (Stas) + - Soap: . Fixed bug #70993 (Array key references break argument processing). (Laruence) @@ -656,6 +667,10 @@ PHP NEWS . Corrected oci8 hash destructors to prevent segfaults, and a few other fixes. (Cameron Porter) +- IMAP: + . Fixed bug #77153 (imap_open allows to run arbitrary shell commands via + mailbox parameter). (Stas) + - ODBC: . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns). (cmb) diff --git a/NEWS.orig b/NEWS.orig new file mode 100644 index 0000000000000..bea7cf120e25c --- /dev/null +++ b/NEWS.orig @@ -0,0 +1,969 @@ +PHP NEWS +||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +04 Feb 2016 PHP 7.0.3 + +- Core: + . Added support for new HTTP 451 code. (Julien) + . Fixed bug #71039 (exec functions ignore length but look for NULL termination). + (Anatol) + . Fixed bug #71089 (No check to duplicate zend_extension). (Remi) + . Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol) + . Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars via + ob_start). (hugh at allthethings dot co dot nz) + . Fixed bug #71248 (Wrong interface is enforced). (Dmitry) + . Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash). + (Anatol) + . Fixed Bug #71275 (Bad method called on cloning an object having a trait). + (Bob) + . Fixed bug #71297 (Memory leak with consecutive yield from). (Bob) + . Fixed bug #71300 (Segfault in zend_fetch_string_offset). (Laruence) + . Fixed bug #71314 (var_export(INF) prints INF.0). (Andrea) + . Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its + input). (Leo Gaspard) + . Fixed bug #71336 (Wrong is_ref on properties as exposed via + get_object_vars()). (Laruence) + . Fixed bug #71459 (Integer overflow in iptcembed()). (Stas) + +- Apache2handler: + . Fix >2G Content-Length headers in apache2handler. (Adam Harvey) + +- CURL: + . Fixed bug #71227 (Can't compile php_curl statically). (Anatol) + . Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with + reference to CURLFile). (Laruence) + +- Interbase: + . Fixed Bug #71305 (Crash when optional resource is omitted). + (Laruence, Anatol) + +- LDAP: + . Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as string + "Array"). (Laruence) + +- mbstring: + . Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo) + +- Core: + . Fixed bug #73807 (Performance problem with processing large post request). + (Nikita) + +- OpenSSL: + . Fixed bug #71475 (openssl_seal() uninitialized memory usage). (Stas) + +- Phar: + . Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas) + . Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()). + (Stas) + . Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas) + +- SOAP: + . Fixed bug #70979 (crash with bad soap request). (Anatol) + +- SPL: + . Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading). + (Laruence) + . Fixed bug #71202 (Autoload function registered by another not activated + immediately). (Laruence) + . Fixed bug #71311 (Use-after-free vulnerability in SPL(ArrayObject, + unserialize)). (Sean Heelan) + . Fixed bug #71313 (Use-after-free vulnerability in SPL(SplObjectStorage, + unserialize)). (Sean Heelan) + +- Standard: + . Fixed bug #71287 (Error message contains hexadecimal instead of decimal + number). (Laruence) + . Fixed bug #71264 (file_put_contents() returns unexpected value when + filesystem runs full). (Laruence) + . Fixed bug #71245 (file_get_contents() ignores "header" context option if + it's a reference). (Laruence) + . Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start). + (hugh at allthethings dot co dot nz) + . Fixed bug #71190 (substr_replace converts integers in original $search + array to strings). (Laruence) + . Fixed bug #71188 (str_replace converts integers in original $search array + to strings). (Laruence) + . Fixed bug #71132, #71197 (range() segfaults). (Thomas Punt) + +- WDDX: + . Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas) + +07 Jan 2016 PHP 7.0.2 + +- Core: + . Fixed bug #71165 (-DGC_BENCH=1 doesn't work on PHP7). + (y dot uchiyama dot 1015 at gmail dot com) + . Fixed bug #71163 (Segmentation Fault: cleanup_unfinished_calls). (Laruence) + . Fixed bug #71109 (ZEND_MOD_CONFLICTS("xdebug") doesn't work). (Laruence) + . Fixed bug #71092 (Segmentation fault with return type hinting). (Laruence) + . Fixed bug memleak in header_register_callback. (Laruence) + . Fixed bug #71067 (Local object in class method stays in memory for each + call). (Laruence) + . Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky) + . Fixed bug #70781 (Extension tests fail on dynamic ext dependency). + (Francois Laupretre) + . Fixed bug #71089 (No check to duplicate zend_extension). (Remi) + . Fixed bug #71086 (Invalid numeric literal parse error within + highlight_string() function). (Nikita) + . Fixed bug #71154 (Incorrect HT iterator invalidation causes iterator reuse). + (Nikita) + . Fixed bug #52355 (Negating zero does not produce negative zero). (Andrea) + . Fixed bug #66179 (var_export() exports float as integer). (Andrea) + . Fixed bug #70804 (Unary add on negative zero produces positive zero). + (Andrea) + +- CURL: + . Fixed bug #71144 (Sementation fault when using cURL with ZTS). + (Michael Maroszek, Laruence) + +- DBA: + . Fixed key leak with invalid resource. (Laruence) + +- Filter: + . Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work). (Reeze Xia) + +- GD: + . Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index + Out of Bounds). (emmanuel dot law at gmail dot com). + +- FPM: + . Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas) + +- FTP: + . Implemented FR #55651 (Option to ignore the returned FTP PASV address). + (abrender at elitehosts dot com) + +- Intl: + . Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex) + +- Mbstring: + . Fixed bug #71066 (mb_send_mail: Program terminated with signal SIGSEGV, + Segmentation fault). (Laruence) + +- Opcache: + . Fixed bug #71127 (Define in auto_prepend_file is overwrite). (Laruence) + +- PCRE: + . Fixed bug #71178 (preg_replace with arrays creates [0] in replace array + if not already set). (Laruence) + +- Readline: + . Fixed bug #71094 (readline_completion_function corrupts static array on + second TAB). (Nikita) + +- Session: + . Fixed bug #71122 (Session GC may not remove obsolete session data). (Yasuo) + +- SPL: + . Fixed bug #71077 (ReflectionMethod for ArrayObject constructor returns + wrong number of parameters). (Laruence) + . Fixed bug #71153 (Performance Degradation in ArrayIterator with large + arrays). (Nikita) + +- Standard: + . Fixed bug #71270 (Heap BufferOver Flow in escapeshell functions). + (emmanuel dot law at gmail dot com) + +- WDDX: + . Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization). + (taoguangchen at icloud dot com) + . Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion + Vulnerability). (taoguangchen at icloud dot com) + +- XMLRPC + . Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker). + (Julien) + +17 Dec 2015, PHP 7.0.1 + +- Core: + . Fixed bug #71105 (Format String Vulnerability in Class Name Error Message). + (CVE-2015-8617) (andrew at jmpesp dot org) + . Fixed bug #70831 (Compile fails on system with 160 CPUs). (Daniel Axtens) + . Fixed bug #71006 (symbol referencing errors on Sparc/Solaris). (Dmitry) + . Fixed bug #70997 (When using parentClass:: instead of parent::, static + context changed). (Dmitry) + . Fixed bug #70970 (Segfault when combining error handler with output + buffering). (Laruence) + . Fixed bug #70967 (Weird error handling for __toString when Error is + thrown). (Laruence) + . Fixed bug #70958 (Invalid opcode while using ::class as trait method + paramater default value). (Laruence) + . Fixed bug #70944 (try{ } finally{} can create infinite chains of + exceptions). (Laruence) + . Fixed bug #70931 (Two errors messages are in conflict). (dams, Laruence) + . Fixed bug #70904 (yield from incorrectly marks valid generator as + finished). (Bob) + . Fixed bug #70899 (buildconf failure in extensions). (Bob, Reeze) + . Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol: + php_register_internal_extensions). (Lior Kaplan) + . Fixed \int (or generally every scalar type name with leading backslash) + to not be accepted as type name. (Bob) + . Fixed exception not being thrown immediately into a generator yielding + from an array. (Bob) + . Fixed bug #70987 (static::class within Closure::call() causes segfault). + (Andrea) + . Fixed bug #71013 (Incorrect exception handler with yield from). (Bob) + . Fixed double free in error condition of format printer. (Bob) + +- CLI server: + . Fixed bug #71005 (Segfault in php_cli_server_dispatch_router()). (Adam) + +- Intl: + . Fixed bug #71020 (Use after free in Collator::sortWithSortKeys). + (CVE-2015-8616) (emmanuel dot law at gmail dot com, Laruence) + +- Mysqlnd: + . Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction). + (Laruence) + . Fixed bug #68344 (MySQLi does not provide way to disable peer certificate + validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT + connection flag. (Andrey) + +- OCI8: + . Fixed LOB implementation size_t/zend_long mismatch reported by gcov. + (Senthil) + +- Opcache: + . Fixed bug #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32 + on the same server). (Anatol) + . Fixed bug #70991 (zend_file_cache.c:710: error: array type has incomplete + element type). (Laruence) + . Fixed bug #70977 (Segmentation fault with opcache.huge_code_pages=1). + (Laruence) + +- PDO_Firebird: + . Fixed bug #60052 (Integer returned as a 64bit integer on X64_86). (Mariuz) + +- Phpdbg: + . Fixed stderr being written to stdout. (Bob) + +- Reflection: + . Fixed bug #71018 (ReflectionProperty::setValue() behavior changed). + (Laruence) + . Fixed bug #70982 (setStaticPropertyValue behaviors inconsistently with + 5.6). (Laruence) + +- Soap: + . Fixed bug #70993 (Array key references break argument processing). + (Laruence) + +- SPL: + . Fixed bug #71028 (Undefined index with ArrayIterator). (Laruence) + +- SQLite3: + . Fixed bug #71049 (SQLite3Stmt::execute() releases bound parameter instead + of internal buffer). (Laruence) + +- Standard: + . Fixed bug #70999 (php_random_bytes: called object is not a function). + (Scott) + . Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number + of parameters). (Laruence) + +- Streams/Socket: + . Add IPV6_V6ONLY constant / make it usable in stream contexts. (Bob) + +03 Dec 2015, PHP 7.0.0 + +- Core: + . Fixed bug #70947 (INI parser segfault with INI_SCANNER_TYPED). (Laruence) + . Fixed bug #70914 (zend_throw_or_error() format string vulnerability). + (Taoguang Chen) + . Fixed bug #70912 (Null ptr dereference instantiating class with invalid + array property). (Laruence) + . Fixed bug #70895, #70898 (null ptr deref and segfault with crafted calable). + (Anatol, Laruence) + . Fixed bug #70249 (Segmentation fault while running PHPUnit tests on + phpBB 3.2-dev). (Laruence) + . Fixed bug #70805 (Segmentation faults whilst running Drupal 8 test suite). + (Dmitry, Laruence) + . Fixed bug #70842 (Persistent Stream Segmentation Fault). (Caleb Champlin) + . Fixed bug #70862 (Several functions do not check return code of + php_stream_copy_to_mem()). (Anatol) + . Fixed bug #70863 (Incorect logic to increment_function for proxy objects). + (Anatol) + . Fixed bug #70323 (Regression in zend_fetch_debug_backtrace() can cause + segfaults). (Aharvey, Laruence) + . Fixed bug #70873 (Regression on private static properties access). + (Laruence) + . Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l). + (Laruence) + . Fixed bug #70689 (Exception handler does not work as expected). (Laruence) + . Fixed bug #70430 (Stack buffer overflow in zend_language_parser()). (Nikita) + . Fixed bug #70782 (null ptr deref and segfault (zend_get_class_fetch_type)). + (Nikita) + . Fixed bug #70785 (Infinite loop due to exception during identical + comparison). (Laruence) + . Fixed bug #70630 (Closure::call/bind() crash with ReflectionFunction-> + getClosure()). (Dmitry, Bob) + . Fixed bug #70662 (Duplicate array key via undefined index error handler). + (Nikita) + . Fixed bug #70681 (Segfault when binding $this of internal instance method + to null). (Nikita) + . Fixed bug #70685 (Segfault for getClosure() internal method rebind with + invalid $this). (Nikita) + . Added zend_internal_function.reserved[] fields. (Dmitry) + . Fixed bug #70557 (Memleak on return type verifying failed). (Laruence) + . Fixed bug #70555 (fun_get_arg() on unsetted vars return UNKNOW). (Laruence) + . Fixed bug #70548 (Redundant information printed in case of uncaught engine + exception). (Laruence) + . Fixed bug #70547 (unsetting function variables corrupts backtrace). + (Laruence) + . Fixed bug #70528 (assert() with instanceof adds apostrophes around class + name). (Laruence) + . Fixed bug #70481 (Memory leak in auto_global_copy_ctor() in ZTS build). + (Laruence) + . Fixed bug #70431 (Memory leak in php_ini.c). (Senthil, Laruence) + . Fixed bug #70478 (**= does no longer work). (Bob) + . Fixed bug #70398 (SIGSEGV, Segmentation fault zend_ast_destroy_ex). + (Dmitry, Bob, Laruence) + . Fixed bug #70332 (Wrong behavior while returning reference on object). + (Laruence, Dmitry) + . Fixed bug #70300 (Syntactical inconsistency with new group use syntax). + (marcio dot web2 at gmail dot com) + . Fixed bug #70321 (Magic getter breaks reference to array property). + (Laruence) + . Fixed bug #70187 (Notice: unserialize(): Unexpected end of serialized + data). (Dmitry) + . Fixed bug #70145 (From field incorrectly parsed from headers). (Anatol) + . Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when + building extensions). (Adam) + . Fixed bug causing exception traces with anon classes to be truncated. (Bob) + . Fixed bug #70397 (Segmentation fault when using Closure::call and yield). + (Bob) + . Fixed bug #70299 (Memleak while assigning object offsetGet result). + (Laruence) + . Fixed bug #70288 (Apache crash related to ZEND_SEND_REF). (Laruence) + . Fixed bug #70262 (Accessing array crashes PHP 7.0beta3). + (Laruence, Dmitry) + . Fixed bug #70258 (Segfault if do_resize fails to allocated memory). + (Laruence) + . Fixed bug #70253 (segfault at _efree () in zend_alloc.c:1389). (Laruence) + . Fixed bug #70240 (Segfault when doing unset($var());). (Laruence) + . Fixed bug #70223 (Incrementing value returned by magic getter). (Laruence) + . Fixed bug #70215 (Segfault when __invoke is static). (Bob) + . Fixed bug #70207 (Finally is broken with opcache). (Laruence, Dmitry) + . Fixed bug #70173 (ZVAL_COPY_VALUE_EX broken for 32bit Solaris Sparc). + (Laruence, cmb) + . Fixed bug #69487 (SAPI may truncate POST data). (cmb) + . Fixed bug #70198 (Checking liveness does not work as expected). + (Shafreeck Sea, Anatol Belski) + . Fixed bug #70241,#70293 (Skipped assertions affect Generator returns). (Bob) + . Fixed bug #70239 (Creating a huge array doesn't result in exhausted, + but segfault). (Laruence, Anatol) + . Fixed "finally" issues. (Nikita, Dmitry) + . Fixed bug #70098 (Real memory usage doesn't decrease). (Dmitry) + . Fixed bug #70159 (__CLASS__ is lost in closures). (Julien) + . Fixed bug #70156 (Segfault in zend_find_alias_name). (Laruence) + . Fixed bug #70124 (null ptr deref / seg fault in ZEND_HANDLE_EXCEPTION). + (Laruence) + . Fixed bug #70117 (Unexpected return type error). (Laruence) + . Fixed bug #70106 (Inheritance by anonymous class). (Bob) + . Fixed bug #69674 (SIGSEGV array.c:953). (cmb) + . Fixed bug #70164 (__COMPILER_HALT_OFFSET__ under namespace is not defined). + (Bob) + . Fixed bug #70108 (sometimes empty $_SERVER['QUERY_STRING']). (Anatol) + . Fixed bug #70179 ($this refcount issue). (Bob) + . Fixed bug #69896 ('asm' operand has impossible constraints). (Anatol) + . Fixed bug #70183 (null pointer deref (segfault) in zend_eval_const_expr). + (Hugh Davenport) + . Fixed bug #70182 (Segfault in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER). + (Hugh Davenport) + . Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive + method calls). (Stas) + . Fixed bug #69892 (Different arrays compare indentical due to integer key + truncation). (Nikita) + . Fixed bug #70121 (unserialize() could lead to unexpected methods execution + / NULL pointer deref). (Stas) + . Fixed bug #70089 (segfault at ZEND_FETCH_DIM_W_SPEC_VAR_CONST_HANDLER ()). + (Laruence) + . Fixed bug #70057 (Build failure on 32-bit Mac OS X 10.6.8: recursive + inlining). (Laruence) + . Fixed bug #70012 (Exception lost with nested finally block). (Laruence) + . Fixed bug #69996 (Changing the property of a cloned object affects the + original). (Dmitry, Laruence) + . Fixed bug #70083 (Use after free with assign by ref to overloaded objects). + (Bob) + . Fixed bug #70006 (cli - function with default arg = STDOUT crash output). + (Laruence) + . Fixed bug #69521 (Segfault in gc_collect_cycles()). + (arjen at react dot com, Laruence) + . Improved zend_string API. (Francois Laupretre) + . Fixed bug #69955 (Segfault when trying to combine [] and assign-op on + ArrayAccess object). (Laruence) + . Fixed bug #69957 (Different ways of handling div/mod/intdiv). (Bob) + . Fixed bug #69900 (Too long timeout on pipes). (Anatol) + . Fixed bug #69872 (uninitialised value in strtr with array). (Laruence) + . Fixed bug #69868 (Invalid read of size 1 in zend_compile_short_circuiting). + (Laruence) + . Fixed bug #69849 (Broken output of apache_request_headers). (Kalle) + . Fixed bug #69840 (iconv_substr() doesn't work with UTF-16BE). (Kalle) + . Fixed bug #69823 (PHP 7.0.0alpha1 segmentation fault when exactly 33 + extensions are loaded). (Laruence) + . Fixed bug #69805 (null ptr deref and seg fault in zend_resolve_class_name). + (Laruence) + . Fixed bug #69802 (Reflection on Closure::__invoke borks type hint class + name). (Dmitry) + . Fixed bug #69761 (Serialization of anonymous classes should be prevented). + (Laruence) + . Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation + fault). (Christoph M. Becker) + . Fixed bug #69781 (phpinfo() reports Professional Editions of Windows + 7/8/8.1/10 as "Business"). (Christian Wenz) + . Fixed bug #69835 (phpinfo() does not report many Windows SKUs). + (Christian Wenz) + . Fixed bug #69889 (Null coalesce operator doesn't work for string offsets). + (Nikita) + . Fixed bug #69891 (Unexpected array comparison result). (Nikita) + . Fixed bug #69892 (Different arrays compare indentical due to integer key + truncation). (Nikita) + . Fixed bug #69893 (Strict comparison between integer and empty string keys + crashes). (Nikita) + . Fixed bug #69767 (Default parameter value with wrong type segfaults). + (cmb, Laruence) + . Fixed bug #69756 (Fatal error: Nesting level too deep - recursive dependency + ? with ===). (Dmitry, Laruence) + . Fixed bug #69758 (Item added to array not being removed by array_pop/shift + ). (Laruence) + . Fixed bug #68475 (Add support for $callable() sytnax with 'Class::method'). + (Julien, Aaron Piotrowski) + . Fixed bug #69485 (Double free on zend_list_dtor). (Laruence) + . Fixed bug #69427 (Segfault on magic method __call of private method in + superclass). (Laruence) + . Improved __call() and __callStatic() magic method handling. Now they are + called in a stackless way using ZEND_CALL_TRAMPOLINE opcode, without + additional stack frame. (Laruence, Dmitry) + . Optimized strings concatenation. (Dmitry, Laruence) + . Fixed weird operators behavior. Division by zero now emits warning and + returns +/-INF, modulo by zero and intdid() throws an exception, shifts + by negative offset throw exceptions. Compile-time evaluation of division + by zero is disabled. (Dmitry, Andrea, Nikita) + . Fixed bug #69371 (Hash table collision leads to inaccessible array keys). + (Laruence) + . Fixed bug #68933 (Invalid read of size 8 in zend_std_read_property). + (Laruence, arjen at react dot com) + . Fixed bug #68252 (segfault in Zend/zend_hash.c in function + _zend_hash_del_el). (Laruence) + . Fixed bug #65598 (Closure executed via static autoload incorrectly marked as + static). (Nikita) + . Fixed bug #66811 (Cannot access static::class in lambda, writen outside of a + class). (Nikita) + . Fixed bug #69568 (call a private function in closure failed). (Nikita) + . Added PHP_INT_MIN constant. (Andrea) + . Added Closure::call() method. (Andrea) + . Fixed bug #67959 (Segfault when calling phpversion('spl')). (Florian) + . Implemented the RFC `Catchable "Call to a member function bar() on a + non-object"`. (Timm) + . Added options parameter for unserialize allowing to specify acceptable + classes (https://wiki.php.net/rfc/secure_unserialize). (Stas) + . Fixed bug #63734 (Garbage collector can free zvals that are still + referenced). (Dmitry) + . Removed ZEND_ACC_FINAL_CLASS, promoting ZEND_ACC_FINAL as final class + modifier. (Guilherme Blanco) + . is_long() & is_integer() is now an alias of is_int(). (Kalle) + . Implemented FR #55467 (phpinfo: PHP Variables with $ and single quotes). (Kalle) + . Added ?? operator. (Andrea) + . Added <=> operator. (Andrea) + . Added \u{xxxxx} Unicode Codepoint Escape Syntax. (Andrea) + . Fixed oversight where define() did not support arrays yet const syntax did. + (Andrea, Dmitry) + . Use "integer" and "float" instead of "long" and "double" in ZPP, type hint + and conversion error messages. (Andrea) + . Implemented FR #55428 (E_RECOVERABLE_ERROR when output buffering in output + buffering handler). (Kalle) + . Removed scoped calls of non-static methods from an incompatible $this + context. (Nikita) + . Removed support for #-style comments in ini files. (Nikita) + . Removed support for assigning the result of new by reference. (Nikita) + . Invalid octal literals in source code now produce compile errors, fixes + PHPSadness #31. (Andrea) + . Removed dl() function on fpm-fcgi. (Nikita) + . Removed support for hexadecimal numeric strings. (Nikita) + . Removed obsolete extensions and SAPIs. See the full list in UPGRADING. (Anatol) + . Added NULL byte protection to exec, system and passthru. (Yasuo) + . Added error_clear_last() function. (Reeze Xia) + . Fixed bug #68797 (Number 2.2250738585072012e-308 converted incorrectly). + (Anatol) + . Improved zend_qsort(using hybrid sorting algo) for better performance, + and also renamed zend_qsort to zend_sort. (Laruence) + . Added stable sorting algo zend_insert_sort. (Laruence) + . Improved zend_memnchr(using sunday algo) for better performance. (Laruence) + . Implemented the RFC `Scalar Type Decalarations v0.5`. (Anthony) + . Implemented the RFC `Group Use Declarations`. (Marcio) + . Implemented the RFC `Continue Output Buffering`. (Mike) + . Implemented the RFC `Constructor behaviour of internal classes`. (Dan, Dmitry) + . Implemented the RFC `Fix "foreach" behavior`. (Dmitry) + . Implemented the RFC `Generator Delegation`. (Bob) + . Implemented the RFC `Anonymous Class Support`. (Joe, Nikita, Dmitry) + . Implemented the RFC `Context Sensitive Lexer`. (Marcio Almada) + . Fixed bug #69511 (Off-by-one buffer overflow in php_sys_readlink). + (Jan Starke, Anatol) + +- CLI server: + . Fixed bug #68291 (404 on urls with '+'). (cmb) + . Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). + (wusuopu, cmb) + . Fixed bug #70264 (CLI server directory traversal). (cmb) + . Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb) + . Fixed bug #64878 (304 responses return Content-Type header). (cmb) + . Refactor MIME type handling to use a hash table instead of linear search. + (Adam) + . Update the MIME type list from the one shipped by Apache HTTPD. (Adam) + . Added support for SEARCH WebDav method. (Mats Lindh) + +- COM: + . Fixed bug #69939 (Casting object to bool returns false). (Kalle) + +- Curl: + . Fixed bug #70330 (Segmentation Fault with multiple "curl_copy_handle"). + (Laruence) + . Fixed bug #70163 (curl_setopt_array() type confusion). (Laruence) + . Fixed bug #70065 (curl_getinfo() returns corrupted values). (Anatol) + . Fixed bug #69831 (Segmentation fault in curl_getinfo). (im dot denisenko at + yahoo dot com) + . Fixed bug #68937 (Segfault in curl_multi_exec). (Laruence) + . Removed support for unsafe file uploads. (Nikita) + +- Date: + . Fixed bug #70245 (strtotime does not emit warning when 2nd parameter is + object or string). (cmb) + . Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to + be optional). (cmb) + . Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). + (cmb) + . Fixed day_of_week function as it could sometimes return negative values + internally. (Derick) + . Removed $is_dst parameter from mktime() and gmmktime(). (Nikita) + . Removed date.timezone warning + (https://wiki.php.net/rfc/date.timezone_warning_removal). (Bob) + . Added "v" DateTime format modifier to get the 3-digit version of fraction + of seconds. (Mariano Iglesias) + . Implemented FR #69089 (Added DateTime::RFC3339_EXTENDED to output in + RFC3339 Extended format which includes fraction of seconds). (Mariano + Iglesias) + +- DBA: + . Fixed bug #62490 (dba_delete returns true on missing item (inifile)). (Mike) + . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info) + +- DOM: + . Fixed bug #70558 ("Couldn't fetch" error in + DOMDocument::registerNodeClass()). (Laruence) + . Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity + encoding). (cmb) + . Fixed bug #69846 (Segmenation fault (access violation) when iterating over + DOMNodeList). (Anatol Belski) + . Made DOMNode::textContent writeable. (Tjerk) + +- EXIF: + . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte + value of 32 bytes). (Stas) + +- Fileinfo: + . Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB) + +- Filter: + . New FILTER_VALIDATE_DOMAIN and better RFC conformance for FILTER_VALIDATE_URL. (Kevin Dunglas) + +- FPM: + . Fixed bug #70538 ("php-fpm -i" crashes). (rainer dot jung at + kippdata dot de) + . Fixed bug #70279 (HTTP Authorization Header is sometimes passed to newer + reqeusts). (Laruence) + . Fixed bug #68945 (Unknown admin values segfault pools). (Laruence) + . Fixed bug #65933 (Cannot specify config lines longer than 1024 bytes). (Chris Wright) + . Implemented FR #67106 (Split main fpm config). (Elan Ruusamäe, Remi) + +- FTP: + . Fixed bug #69082 (FTPS support on Windows). (Anatol) + +- GD: + . Fixed bug #53156 (imagerectangle problem with point ordering). (cmb) + . Fixed bug #66387 (Stack overflow with imagefilltoborder). (cmb) + . Fixed bug #70102 (imagecreatefromwebm() shifts colors). (cmb) + . Fixed bug #66590 (imagewebp() doesn't pad to even length). (cmb) + . Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). (cmb) + . Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory). (cmb) + . Fixed bug #69024 (imagescale segfault with palette based image). (cmb) + . Fixed bug #53154 (Zero-height rectangle has whiskers). (cmb) + . Fixed bug #67447 (imagecrop() add a black line when cropping). (cmb) + . Fixed bug #68714 (copy 'n paste error). (cmb) + . Fixed bug #66339 (PHP segfaults in imagexbm). (cmb) + . Fixed bug #70047 (gd_info() doesn't report WebP support). (cmb) + . Replace libvpx with libwebp for bundled libgd. (cmb, Anatol) + . Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb) + . Made fontFetch's path parser thread-safe. (Sara) + . Removed T1Lib support. (Kalle) + +- GMP: + . Fixed bug #70284 (Use after free vulnerability in unserialize() with GMP). + (stas) + +- hash: + . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee + at naver dot com) + +- IMAP: + . Fixed bug #70158 (Building with static imap fails). (cmb) + . Fixed bug #69998 (curl multi leaking memory). (Pierrick) + +- Intl: + . Fixed bug #70453 (IntlChar::foldCase() incorrect arguments and missing + constants). (cmb) + . Fixed bug #70454 (IntlChar::forDigit second parameter should be optional). + (cmb, colinodell) + . Removed deprecated aliases datefmt_set_timezone_id() and + IntlDateFormatter::setTimeZoneID(). (Nikita) + +- JSON: + . Fixed bug #62010 (json_decode produces invalid byte-sequences). + (Jakub Zelenka) + . Fixed bug #68546 (json_decode() Fatal error: Cannot access property + started with '\0'). (Jakub Zelenka) + . Replace non-free JSON parser with a parser from Jsond extension, fixes #63520 + (JSON extension includes a problematic license statement). (Jakub Zelenka) + . Fixed bug #68938 (json_decode() decodes empty string without error). + (jeremy at bat-country dot us) + +- LDAP: + . Fixed bug #47222 (Implement LDAP_OPT_DIAGNOSTIC_MESSAGE). (Andreas Heigl) + +- LiteSpeed: + . Updated LiteSpeed SAPI code from V5.5 to V6.6. (George Wang) + +- libxml: + . Fixed handling of big lines in error messages with libxml >= 2.9.0. + (Christoph M. Becker) + +- Mcrypt: + . Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was + specified under RC4). (Nikita) + . Fixed bug #69833 (mcrypt fd caching not working). (Anatol) + . Fixed possible read after end of buffer and use after free. (Dmitry) + . Removed mcrypt_generic_end() alias. (Nikita) + . Removed mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb(), mcrypt_ofb(). (Nikita) + +- Mysqli: + . Fixed bug #32490 (constructor of mysqli has wrong name). (cmb) + +- Mysqlnd: + . Fixed bug #70949 (SQL Result Sets With NULL Can Cause Fatal Memory Errors). + (Laruence) + . Fixed bug #70384 (mysqli_real_query():Unknown type 245 sent by the server). + (Andrey) + . Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to + a server). (Sergei Turchanov) + . Fixed bug #70572 segfault in mysqlnd_connect. (Andrey, Remi) + . Fixed Bug #69796 (mysqli_stmt::fetch doesn't assign null values to + bound variables). (Laruence) + +- OCI8: + . Fixed memory leak with LOBs. (Senthil) + . Fixed bug #68298 (OCI int overflow) (Senthil). + . Corrected oci8 hash destructors to prevent segfaults, and a few other fixes. + (Cameron Porter) + +- IMAP: + . Fixed bug #77153 (imap_open allows to run arbitrary shell commands via + mailbox parameter). (Stas) + +- ODBC: + . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined + columns). (cmb) + +- Opcache: + . Fixed bug #70656 (require() statement broken after opcache_reset() or a + few hours of use). (Laruence) + . Fixed bug #70843 (Segmentation fault on MacOSX with + opcache.file_cache_only=1). (Laruence) + . Fixed bug #70724 (Undefined Symbols from opcache.so on Mac OS X 10.10). + (Laruence) + . Fixed compatibility with Windows 10 (see also bug #70652). (Anatol) + . Attmpt to fix "Unable to reattach to base address" problem. (Matt Ficken) + . Fixed bug #70423 (Warning Internal error: wrong size calculation). (Anatol) + . Fixed bug #70237 (Empty while and do-while segmentation fault with opcode + on CLI enabled). (Dmitry, Laruence) + . Fixed bug #70111 (Segfault when a function uses both an explicit return + type and an explicit cast). (Laruence) + . Fixed bug #70058 (Build fails when building for i386). (Laruence) + . Fixed bug #70022 (Crash with opcache using opcache.file_cache_only=1). + (Anatol) + . Removed opcache.load_comments configuration directive. Now doc comments + loading costs nothing and always enabled. (Dmitry) + . Fixed bug #69838 (Wrong size calculation for function table). (Anatol) + . Fixed bug #69688 (segfault with eval and opcache fast shutdown). + (Laruence) + . Added experimental (disabled by default) file based opcode cache. + (Dmitry, Laruence, Anatol) + . Fixed bug with try blocks being removed when extended_info opcode + generation is turned on. (Laruence) + . Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8 + + Opcache). (Laruence) + +- OpenSSL: + . Require at least OpenSSL version 0.9.8. (Jakub Zelenka) + . Fixed bug #68312 (Lookup for openssl.cnf causes a message box). (Anatol) + . Fixed bug #55259 (openssl extension does not get the DH parameters from + DH key resource). (Jakub Zelenka) + . Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb) + . Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka) + . Implemented FR #70438 (Add IV parameter for openssl_seal and openssl_open) + (Jakub Zelenka) + . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically + secure). (Stas) + . Fixed bug #69882 (OpenSSL error "key values mismatch" after + openssl_pkcs12_read with extra cert). (Tomasz Sawicki) + . Added "alpn_protocols" SSL context option allowing encrypted client/server + streams to negotiate alternative protocols using the ALPN TLS extension when + built against OpenSSL 1.0.2 or newer. Negotiated protocol information is + accessible through stream_get_meta_data() output. + . Removed "CN_match" and "SNI_server_name" SSL context options. Use automatic + detection or the "peer_name" option instead. (Nikita) + +- Pcntl: + . Fixed bug #70386 (Can't compile on NetBSD because of missing WCONTINUED + and WIFCONTINUED). (Matteo) + . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler + when setting SIG_DFL). (Julien) + . Implemented FR #68505 (Added wifcontinued and wcontinued). (xilon-jul) + . Added rusage support to pcntl_wait() and pcntl_waitpid(). (Anton Stepanenko, + Tony) + +- PCRE: + . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string + match). (cmb) + . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). + (Anatol Belski) + . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string + match). (cmb) + . Fixed bug #53823 (preg_replace: * qualifier on unicode replace garbles the + string). (cmb) + . Fixed bug #69864 (Segfault in preg_replace_callback). (cmb, ab) + +- PDO: + . Fixed bug #70861 (Segmentation fault in pdo_parse_params() during Drupal 8 + test suite). (Anatol) + . Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence) + . Fixed bug #70272 (Segfault in pdo_mysql). (Laruence) + . Fixed bug #70221 (persistent sqlite connection + custom function + segfaults). (Laruence) + . Removed support for the /e (PREG_REPLACE_EVAL) modifier. (Nikita) + . Fixed bug #59450 (./configure fails with "Cannot find php_pdo_driver.h"). + (maxime dot besson at smile dot fr) + +- PDO_DBlib: + . Fixed bug #69757 (Segmentation fault on nextRowset). + (miracle at rpz dot name) + +- PDO_mysql: + . Fixed bug #68424 (Add new PDO mysql connection attr to control multi + statements option). (peter dot wolanin at acquia dot com) + +- PDO_OCI: + . Fixed bug #70308 (PDO::ATTR_PREFETCH is ignored). (Chris Jones) + +- PDO_pgsql: + . Fixed bug #69752 (PDOStatement::execute() leaks memory with DML + Statements when closeCuror() is u). (Philip Hofstetter) + . Removed PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT attribute in favor of + ATTR_EMULATE_PREPARES). (Nikita) + +- Phar: + . Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas) + . FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip + entry filename is "/"). (Stas) + . Improved fix for bug #69441. (Anatol Belski) + . Fixed bug #70019 (Files extracted from archive may be placed outside of + destination directory). (Anatol Belski) + +- Phpdbg: + . Fixed bug #70614 (incorrect exit code in -rr mode with Exceptions). (Bob) + . Fixed bug #70532 (phpdbg must respect set_exception_handler). (Bob) + . Fixed bug #70531 (Run and quit mode (-qrr) should not fallback to + interactive mode). (Bob) + . Fixed bug #70533 (Help overview (-h) does not rpint anything under Windows). + (Anatol) + . Fixed bug #70449 (PHP won't compile on 10.4 and 10.5 because of missing + constants). (Bob) + . Fixed bug #70214 (FASYNC not defined, needs sys/file.h include). (Bob) + . Fixed bug #70138 (Segfault when displaying memory leaks). (Bob) + +- Reflection: + . Fixed bug #70650 (Wrong docblock assignment). (Marcio) + . Fixed bug #70674 (ReflectionFunction::getClosure() leaks memory when used + for internal functions). (Dmitry, Bob) + . Fixed bug causing bogus traces for ReflectionGenerator::getTrace(). (Bob) + . Fixed inheritance chain of Reflector interface. (Tjerk) + . Added ReflectionGenerator class. (Bob) + . Added reflection support for return types and type declarations. (Sara, + Matteo) + +- Session: + . Fixed bug #70876 (Segmentation fault when regenerating session id with + strict mode). (Laruence) + . Fixed bug #70529 (Session read causes "String is not zero-terminated" error). + (Yasuo) + . Fixed bug #70013 (Reference to $_SESSION is lost after a call to + session_regenerate_id()). (Yasuo) + . Fixed bug #69952 (Data integrity issues accessing superglobals by + reference). (Bob) + . Fixed bug #67694 (Regression in session_regenerate_id()). (Tjerk) + . Fixed bug #68941 (mod_files.sh is a bash-script). (bugzilla at ii.nl, Yasuo) + +- SOAP: + . Fixed bug #70940 (Segfault in soap / type_to_string). (Remi) + . Fixed bug #70900 (SoapClient systematic out of memory error). (Dmitry) + . Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace + attribute). (Matteo) + . Fixed bug #70715 (Segmentation fault inside soap client). (Laruence) + . Fixed bug #70709 (SOAP Client generates Segfault). (Laruence) + . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). + (Stas) + . Fixed bug #70081 (SoapClient info leak / null pointer dereference via + multiple type confusions). (Stas) + . Fixed bug #70079 (Segmentation fault after more than 100 SoapClient + calls). (Laruence) + . Fixed bug #70032 (make_http_soap_request calls + zend_hash_get_current_key_ex(,,,NULL). (Laruence) + . Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes). (Laruence) + +- SPL: + . Fixed bug #70959 (ArrayObject unserialize does not restore protected + fields). (Laruence) + . Fixed bug #70853 (SplFixedArray throws exception when using ref variable + as index). (Laruence) + . Fixed bug #70868 (PCRE JIT and pattern reuse segfault). (Laruence) + . Fixed bug #70730 (Incorrect ArrayObject serialization if unset is called + in serialize()). (Laruence) + . Fixed bug #70573 (Cloning SplPriorityQueue leads to memory leaks). (Dmitry) + . Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb) + . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject + items). (sean.heelan) + . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with + SPLArrayObject). (taoguangchen at icloud dot com) + . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with + SplObjectStorage). (taoguangchen at icloud dot com) + . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with + SplDoublyLinkedList). (taoguangchen at icloud dot com) + . Fixed bug #70053 (MutlitpleIterator array-keys incompatible change in + PHP 7). (Tjerk) + . Fixed bug #69970 (Use-after-free vulnerability in + spl_recursive_it_move_forward_ex()). (Laruence) + . Fixed bug #69845 (ArrayObject with ARRAY_AS_PROPS broken). (Dmitry) + . Changed ArrayIterator implementation using zend_hash_iterator_... API. + Allowed modification of iterated ArrayObject using the same behavior + as proposed in `Fix "foreach" behavior`. Removed "Array was modified + outside object and internal position is no longer valid" hack. (Dmitry) + . Implemented FR #67886 (SplPriorityQueue/SplHeap doesn't expose extractFlags + nor curruption state). (Julien) + . Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME + breaks the RecursiveIterator). (Paul Garvin) + +- SQLite3: + . Fixed bug #70571 (Memory leak in sqlite3_do_callback). (Adam) + . Fixed bug #69972 (Use-after-free vulnerability in + sqlite3SafetyCheckSickOrOk()). (Laruence) + . Fixed bug #69897 (segfault when manually constructing SQLite3Result). + (Kalle) + . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong + required_num_args). (Julien) + +- Standard: + . Fixed count on symbol tables. (Laruence) + . Fixed bug #70963 (Unserialize shows UNKNOWN in result). (Laruence) + . Fixed bug #70910 (extract() breaks variable references). (Laruence) + . Fixed bug #70808 (array_merge_recursive corrupts memory of unset items). + (Laruence) + . Fixed bug #70667 (strtr() causes invalid writes and a crashes). (Dmitry) + . Fixed bug #70668 (array_keys() doesn't respect references when $strict is + true). (Bob, Dmitry) + . Implemented the RFC `Random Functions Throwing Exceptions in PHP 7`. + (Sammy Kaye Powers, Anthony) + . Fixed bug #70487 (pack('x') produces an error). (Nikita) + . Fixed bug #70342 (changing configuration with ignore_user_abort(true) isn't + working). (Laruence) + . Fixed bug #70295 (Segmentation fault with setrawcookie). (Bob) + . Fixed bug #67131 (setcookie() conditional for empty values not met). (cmb) + . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with + SplObjectStorage). (taoguangchen at icloud dot com) + . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with + SplDoublyLinkedList). (taoguangchen at icloud dot com) + . Fixed bug #70250 (extract() turns array elements to references). + (Laruence) + . Fixed bug #70211 (php 7 ZEND_HASH_IF_FULL_DO_RESIZE use after free). + (Laruence) + . Fixed bug #70208 (Assert breaking access on objects). (Bob) + . Fixed bug #70140 (str_ireplace/php_string_tolower - Arbitrary Code + Execution). (CVE-2015-6527) (Laruence) + . Implemented FR #70112 (Allow "dirname" to go up various times). (Remi) + . Fixed bug #36365 (scandir duplicates file name at every 65535th file). (cmb) + . Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). (cmb) + . Fixed bug #70018 (exec does not strip all whitespace). (Laruence) + . Fixed bug #69983 (get_browser fails with user agent of null). + (Kalle, cmb, Laruence) + . Fixed bug #69976 (Unable to parse "all" urls with colon char). (cmb) + . Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb) + . Fixed bug #62922 (Truncating entire string should result in string). + (Nikita) + . Fixed bug #69723 (Passing parameters by reference and array_column). + (Laruence) + . Fixed bug #69523 (Cookie name cannot be empty). (Christoph M. Becker) + . Fixed bug #69325 (php_copy_file_ex does not pass the argument). + (imbolk at gmail dot com) + . Fixed bug #69299 (Regression in array_filter's $flag argument in PHP 7). + (Laruence) + . Removed call_user_method() and call_user_method_array() functions. (Kalle) + . Fixed user session handlers (See rfc:session.user.return-value). (Sara) + . Added intdiv() function. (Andrea) + . Improved precision of log() function for base 2 and 10. (Marc Bennewitz) + . Remove string category support in setlocale(). (Nikita) + . Remove set_magic_quotes_runtime() and its alias magic_quotes_runtime(). + (Nikita) + . Fixed bug #65272 (flock() out parameter not set correctly in windows). + (Daniel Lowrey) + . Added preg_replace_callback_array function. (Wei Dai) + . Deprecated salt option to password_hash. (Anthony) + . Fixed bug #69686 (password_verify reports back error on PHP7 will null + string). (Anthony) + . Added Windows support for getrusage(). (Kalle) + . Removed hardcoded limit on number of pipes in proc_open(). (Tony) + +- Streams: + . Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections). + (Niklas Keller) + . Fixed bug #68532 (convert.base64-encode omits padding bytes). + (blaesius at krumedia dot de) + . Removed set_socket_blocking() in favor of its alias stream_set_blocking(). + (Nikita) + +- Tokenizer: + . Fixed bug #69430 (token_get_all has new irrecoverable errors). (Nikita) + +- XMLReader: + . Fixed bug #70309 (XmlReader read generates extra output). (Anatol) + +- XMLRPC + . Fixed bug #70526 (xmlrpc_set_type returns false on success). (Laruence) + +- XSL: + . Fixed bug #70678 (PHP7 returns true when false is expected). (Felipe) + . Fixed bug #70535 (XSLT: free(): invalid pointer). (Laruence) + . Fixed bug #69782 (NULL pointer dereference). (Stas) + . Fixed bug #64776 (The XSLT extension is not thread safe). (Mike) + . Removed xsl.security_prefs ini option. (Nikita) + +- Zlib: + . Added deflate_init(), deflate_add(), inflate_init(), inflate_add() + functions allowing incremental/streaming compression/decompression. + (Daniel Lowrey & Bob Weinand) + +- Zip: + . Fixed bug #70322 (ZipArchive::close() doesn't indicate errors). (cmb) + . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when + creating directories). (neal at fb dot com) + . Added ZipArchive::setCompressionName and ZipArchive::setCompressionIndex + methods. (Remi, Cedric Delmas) + . Update bundled libzip to 1.0.1. (Remi, Anatol) + . Fixed bug #67161 (ZipArchive::getStream() returns NULL for certain file). + (Christoph M. Becker) + diff --git a/UPGRADING b/UPGRADING index 836e35253dbef..8c8d1dfcee1de 100644 --- a/UPGRADING +++ b/UPGRADING @@ -15,6 +15,13 @@ 13. Other Changes +- IMAP: + Starting with 7.2.13, rsh/ssh logins are disabled by default. Use + imap.enable_insecure_rsh if you want to enable them. Note that the IMAP + library does not filter mailbox names before passing them to rsh/ssh + command, thus passing untrusted data to this function with rsh/ssh enabled + is insecure. + ======================================== 1. Backward Incompatible Changes ======================================== diff --git a/UPGRADING.orig b/UPGRADING.orig new file mode 100644 index 0000000000000..836e35253dbef --- /dev/null +++ b/UPGRADING.orig @@ -0,0 +1,809 @@ +PHP 7.0 UPGRADE NOTES + +1. Backward Incompatible Changes +2. New Features +3. Changes in SAPI modules +4. Deprecated Functionality +5. Changed Functions +6. New Functions +7. New Classes and Interfaces +8. Removed Extensions and SAPIs +9. Other Changes to Extensions +10. New Global Constants +11. Changes to INI File Handling +12. Windows Support +13. Other Changes + + +======================================== +1. Backward Incompatible Changes +======================================== + +Language changes +================ + +Changes to variable handling +---------------------------- + +* Indirect variable, property and method references are now interpreted with + left-to-right semantics. Some examples: + + $$foo['bar']['baz'] // interpreted as ($$foo)['bar']['baz'] + $foo->$bar['baz'] // interpreted as ($foo->$bar)['baz'] + $foo->$bar['baz']() // interpreted as ($foo->$bar)['baz']() + Foo::$bar['baz']() // interpreted as (Foo::$bar)['baz']() + + To restore the previous behavior add explicit curly braces: + + ${$foo['bar']['baz']} + $foo->{$bar['baz']} + $foo->{$bar['baz']}() + Foo::{$bar['baz']}() + +* The global keyword now only accepts simple variables. Instead of + + global $$foo->bar; + + it is now required to write the following: + + global ${$foo->bar}; + +* Parentheses around variables or function calls no longer have any influence + on behavior. For example the following code, where the result of a function + call is passed to a by-reference function + + function getArray() { return [1, 2, 3]; } + + $last = array_pop(getArray()); + // Strict Standards: Only variables should be passed by reference + $last = array_pop((getArray())); + // Strict Standards: Only variables should be passed by reference + + will now throw a strict standards error regardless of whether parentheses + are used. Previously no notice was generated in the second case. + +* Array elements or object properties that are automatically created during + by-reference assignments will now result in a different order. For example + + $array = []; + $array["a"] =& $array["b"]; + $array["b"] = 1; + var_dump($array); + + now results in the array ["a" => 1, "b" => 1], while previously the result + was ["b" => 1, "a" => 1]; + +Relevant RFCs: +* https://wiki.php.net/rfc/uniform_variable_syntax +* https://wiki.php.net/rfc/abstract_syntax_tree + +Changes to list() +----------------- + +* list() will no longer assign variables in reverse order. For example + + list($array[], $array[], $array[]) = [1, 2, 3]; + var_dump($array); + + will now result in $array == [1, 2, 3] rather than [3, 2, 1]. Note that only + the **order** of the assignments changed, but the assigned values stay the + same. E.g. a normal usage like + + list($a, $b, $c) = [1, 2, 3]; + // $a = 1; $b = 2; $c = 3; + + will retain its current behavior. + +* Empty list() assignments are no longer allowed. As such all of the following + are invalid: + + list() = $a; + list(,,) = $a; + list($x, list(), $y) = $a; + +* list() no longer supports unpacking strings (while previously this was only + supported in some cases). The code + + $string = "xy"; + list($x, $y) = $string; + + will now result in $x == null and $y == null (without notices) instead of + $x == "x" and $y == "y". Furthermore list() is now always guaranteed to + work with objects implementing ArrayAccess, e.g. + + list($a, $b) = (object) new ArrayObject([0, 1]); + + will now result in $a == 0 and $b == 1. Previously both $a and $b were null. + +Relevant RFCs: +* https://wiki.php.net/rfc/abstract_syntax_tree#changes_to_list +* https://wiki.php.net/rfc/fix_list_behavior_inconsistency + +Changes to foreach +------------------ + +* Iteration with foreach() no longer has any effect on the internal array + pointer, which can be accessed through the current()/next()/etc family of + functions. For example + + $array = [0, 1, 2]; + foreach ($array as &$val) { + var_dump(current($array)); + } + + will now print the value int(0) three times. Previously the output was int(1), + int(2) and bool(false). + +* When iterating arrays by-value, foreach will now always operate on a copy of + the array, as such changes to the array during iteration will not influence + iteration behavior. For example + + $array = [0, 1, 2]; + $ref =& $array; // Necessary to trigger the old behavior + foreach ($array as $val) { + var_dump($val); + unset($array[1]); + } + + will now print all three elements (0 1 2), while previously the second element + 1 was skipped (0 2). + +* When iterating arrays by-reference, modifications to the array will continue + to influence the iteration. However PHP will now do a better job of + maintaining a correct position in a number of cases. E.g. appending to an + array during by-reference iteration + + $array = [0]; + foreach ($array as &$val) { + var_dump($val); + $array[1] = 1; + } + + will now iterate over the appended element as well. As such the output of this + example will now be "int(0) int(1)", while previously it was only "int(0)". + +* Iteration of plain (non-Traversable) objects by-value or by-reference will + behave like by-reference iteration of arrays. This matches the previous + behavior apart from the more accurate position management mentioned in the + previous point. + +* Iteration of Traversable objects remains unchanged. + +Relevant RFC: https://wiki.php.net/rfc/php7_foreach + +Changes to parameter handling +----------------------------- + +* It is no longer possible to define two function parameters with the same name. + For example, the following method will trigger a compile-time error: + + public function foo($a, $b, $unused, $unused) { + // ... + } + + Code like this should be changed to use distinct parameter names, for example: + + public function foo($a, $b, $unused1, $unused2) { + // ... + } + +* The func_get_arg() and func_get_args() functions will no longer return the + original value that was passed to a parameter and will instead provide the + current value (which might have been modified). For example + + function foo($x) { + $x++; + var_dump(func_get_arg(0)); + } + foo(1); + + will now print "2" instead of "1". This code should be changed to either + perform modifications only after calling func_get_arg(s) + + function foo($x) { + var_dump(func_get_arg(0)); + $x++; + } + + or avoid modifying the parameters altogether: + + function foo($x) { + $newX = $x + 1; + var_dump(func_get_arg(0)); + } + +* Similarly exception backtraces will no longer display the original value that + was passed to a function and show the modified value instead. For example + + function foo($x) { + $x = 42; + throw new Exception; + } + foo("string"); + + will now result in the stack trace + + Stack trace: + #0 file.php(4): foo(42) + #1 {main} + + while previously it was: + + Stack trace: + #0 file.php(4): foo('string') + #1 {main} + + While this should not impact runtime behavior of your code, it is worthwhile + to be aware of this difference for debugging purposes. + + The same limitation also applies to debug_backtrace() and other functions + inspecting function arguments. + +Relevant RFC: https://wiki.php.net/phpng + +Changes to integer handling +--------------------------- + +* Invalid octal literals (containing digits larger than 7) now produce compile + errors. For example, the following is no longer valid: + + $i = 0781; // 8 is not a valid octal digit! + + Previously the invalid digits (and any following valid digits) were simply + ignored. As such $i previously held the value 7, because the last two digits + were silently discarded. + +* Bitwise shifts by negative numbers will now throw an ArithmeticError: + + var_dump(1 >> -1); + // ArithmeticError: Bit shift by negative number + +* Left bitwise shifts by a number of bits beyond the bit width of an integer + will always result in 0: + + var_dump(1 << 64); // int(0) + + Previously the behavior of this code was dependent on the used CPU + architecture. For example on x86 (including x86-64) the result was int(1), + because the shift operand was wrapped. + +* Similarly right bitwise shifts by a number of bits beyond the bit width of an + integer will always result in 0 or -1 (depending on sign): + + var_dump(1 >> 64); // int(0) + var_dump(-1 >> 64); // int(-1) + +Relevant RFC: https://wiki.php.net/rfc/integer_semantics + +Changes to string handling +-------------------------- + +* Strings that contain hexadecimal numbers are no longer considered to be + numeric and don't receive special treatment anymore. Some examples of the + new behavior: + + var_dump("0x123" == "291"); // bool(false) (previously true) + var_dump(is_numeric("0x123")); // bool(false) (previously true) + var_dump("0xe" + "0x1"); // int(0) (previously 16) + + var_dump(substr("foo", "0x1")); // string(3) "foo" (previously "oo") + // Notice: A non well formed numeric value encountered + + filter_var() can be used to check if a string contains a hexadecimal number + or convert such a string into an integer: + + $str = "0xffff"; + $int = filter_var($str, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX); + if (false === $int) { + throw new Exception("Invalid integer!"); + } + var_dump($int); // int(65535) + +* Due to the addition of the Unicode Codepoint Escape Syntax for double-quoted + strings and heredocs, "\u{" followed by an invalid sequence will now result in + an error: + + $str = "\u{xyz}"; // Fatal error: Invalid UTF-8 codepoint escape sequence + + To avoid this the leading backslash should be escaped: + + $str = "\\u{xyz}"; // Works fine + + However, "\u" without a following { is unaffected. As such the following code + won't error and will work the same as before: + + $str = "\u202e"; // Works fine + +Relevant RFCs: +* https://wiki.php.net/rfc/remove_hex_support_in_numeric_strings +* https://wiki.php.net/rfc/unicode_escape + +Changes to error handling +------------------------- + +* There are now two exception classes: Exception and Error. Both classes + implement a new interface Throwable. Type hints in exception handling code + may need to be changed to account for this. + +* Some fatal errors and recoverable fatal errors now throw an Error instead. + As Error is a separate class from Exception, these exceptions will not be + caught by existing try/catch blocks. + + For the recoverable fatal errors which have been converted into an exception, + it is no longer possible to silently ignore the error from an error handler. + In particular, it is no longer possible to ignore type hint failures. + +* Parser errors now generate a ParseError that extends Error. Error + handling for eval()s on potentially invalid code should be changed to catch + ParseError in addition to the previous return value / error_get_last() + based handling. + +* Constructors of internal classes will now always throw an exception on + failure. Previously some constructors returned NULL or an unusable object. + +* The error level of some E_STRICT notices has been changed. + +Relevant RFCs: +* https://wiki.php.net/rfc/engine_exceptions_for_php7 +* https://wiki.php.net/rfc/throwable-interface +* https://wiki.php.net/rfc/internal_constructor_behaviour +* https://wiki.php.net/rfc/reclassify_e_strict + +Other language changes +---------------------- + +* Removed support for static calls to non-static methods from an incompatible + $this context. In this case $this will not be defined, but the call will be + allowed with a deprecation notice. An example: + + class A { + public function test() { var_dump($this); } + } + + // Note: Does NOT extend A + class B { + public function callNonStaticMethodOfA() { A::test(); } + } + + (new B)->callNonStaticMethodOfA(); + + // Deprecated: Non-static method A::test() should not be called statically + // Notice: Undefined variable $this + NULL + + Note that this only applies to calls from an incompatible context. If class B + extended from A the call would be allowed without any notices. + +* It is no longer possible to use the following class, interface and trait names + (case-insensitive): + + bool + int + float + string + null + false + true + + This applies to class/interface/trait declarations, class_alias() and use + statements. + + Furthermore the following class, interface and trait names are now reserved + for future use, but do not yet throw an error when used: + + resource + object + mixed + numeric + +* The yield language construct no longer requires parentheses when used in an + expression context. It is now a right-associative operator with precedence + between the "print" and "=>" operators. This can result in different behavior + in some cases, for example: + + echo yield -1; + // Was previously interpreted as + echo (yield) - 1; + // And is now interpreted as + echo yield (-1); + + yield $foo or die; + // Was previously interpreted as + yield ($foo or die); + // And is now interpreted as + (yield $foo) or die; + + Such cases can always be resolved by adding additional parentheses. + + . Removed ASP (<%) and script (