PHP 5.2.5釋出,修掉60項bug

Posted by

PHP 5.2.5釋出,修掉60項bug

重要的網頁程式語言PHP,其網頁程式編譯器釋出新版PHP 5.2.5。不論是PHP 4系列最新版的4.4.7、PHP 5.1系列或PHP 5.2.4,PHP官方建議所有用戶更新到PHP 5.2.5的版本。

還沒有升級到PHP 5.2的話,因為其部份架構與之前的PHP 4不同,可以參考PHP方面提供的PHP 5升級文件,獲得更多解答。

這次的更新不但改善60項bug,也提高執行效率,包括array_intersect_key()、array_intersect_assoc()、array_uintersect_assoc()、array_diff_key()、array_diff_assoc()與 array_udiff_assoc() 這些功能的效率提升。另外,更新PCRE正規表示式為7.3,時區資料也更新到2007年9月的新版本,增加能控制使用ZEND_MM_COMPACT環境變數時記憶體消耗量的功能。


這次PHP 5.2.5更新的重點內容如下:

* Upgraded PCRE to version 7.3
* Updated timezone database to version 2007.9
* Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable.
* Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions
* Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll())
* Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax)
* Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23)
* Over 60 bug fixes.

這次PHP 5.2.5修掉的重點Bug如下:

* Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
* Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
* Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
* Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
* Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
* Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
* Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).

延伸閱讀:PHP 5.2.5詳細修正與更新的內容

一直很喜歡的緞帶教堂 Ribbon Chapel
2007 年 11 月