<![CDATA[向东博客专注WEB应用构架之美 --- 构架之美，在于尽态极妍

<![CDATA[向东博客专注WEB应用构架之美 --- 构架之美，在于尽态极妍 | 应用之美，在于药到病除]]> http://jackxiang.com/index.php zh-cn http://jackxiang.com/post// <![CDATA[PHP 5.2.12 发布修复60多个bug]]> jack <xdy108@126.com> Thu, 24 Dec 2009 07:48:58 +0000 http://jackxiang.com/post//
PHP开发团队将马上宣布PHP 5.2.12的可用性，此版本着重于提高PHP 5.2.x的稳定性，修复60多个bug，其中一些bug还和安全有关，鼓励所有PHP 5.2的使用者升级到此版本。

http://cn.php.net/distributions/php-5.2.12.tar.bz2 (源码)

http://cn.php.net/distributions/php-5.2.12-Win32.zip (win 二进制包)

查看ChangeLog: http://www.php.net/ChangeLog-5.php#5.2.12

Security Enhancements and Fixes in PHP 5.2.12:

-Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)

-Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)

-Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)

-Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)

-Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

Key enhancements in PHP 5.2.12 include:

- Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)

- Fixed crash in com_print_typeinfo when an invalid typelib is given.

- Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection.

- Fixed crash when instantiating PDORow and PDOStatement through Reflection.

- Fixed memory leak in openssl_pkcs12_export_to_file().

- Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux).

- Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database).

- Fixed bug #50006 (Segfault caused by uksort()).

- Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault).

- Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property).

- Fixed bug #49098 (mysqli segfault on error).

- Over 50 other bug fixes. ]]> http://jackxiang.com/post//#blogcomment <![CDATA[[评论] PHP 5.2.12 发布修复60多个bug]]> <user@domain.com> Thu, 01 Jan 1970 00:00:00 +0000 http://jackxiang.com/post//#blogcomment