[Ben]

PHP 4.4.3 veröffentlicht

PHP 4.4.3 wurde am 3.August 2006 offiziell zum Download veröffentlicht.
Neben einigen Bugfixes wurden auch einige kleinere Sicherheitslöcher geflickt.

Man lese dazu die offizielle Ankündigung zum release:
http://www.php.net/release_4_4_3.php
und das komplette Changelog.

Zitat:

* Added control character checks for cURL extension's open_basedir/safe_mode checks.
* Added overflow checks to wordwrap() function.
* Added a check for special characters in the session name.
* Improved safe_mode check for the error_log() function.
* Updated PCRE to version 6.6.
* Fixed handling of extremely long paths inside tempnam() function.
* Fixed XSS inside phpinfo() with long inputs.
* Fixed a possible buffer overflow inside create_named_pipe() for Win32 systems in libmysql.c.
* Fixed bug #37720 (merge_php_config scrambles values).
* Fixed bug #37569 (WDDX incorrectly encodes high-ascii characters).
* Fixed bug #37510 (session_regenerate_id changes session_id() even on failure).
* Fixed bug #37360 (Memory errors with a corrupt GIF file).
* Fixed bug #37348 (Make PEAR install ignore open_basedir).
* Fixed bug #37346 (Crashes when using an invalid colormap format).
* Fixed bug #37162 (wddx does not build as a shared extension).
* Fixed bug #37046 (foreach breaks static scope).
* Fixed bug #37045 (Fixed check for special chars for http redirects).
* Fixed bug #36857 (Added support for partial content fetching to the HTTP streams wrapper).
* Fixed bug #36776 (node_list_wrapper_dtor segfault).
* Fixed bug #36459 (Incorrect adding PHPSESSID to links, which contains \r\n).
* Fixed bug #36458 (sleep() accepts negative values).
* Fixed bug #36242 (Possible memory corruption in stream_select()).
* Fixed bug #36223 (curl bypasses open_basedir restrictions).
* Fixed bug #36205 (Memory leaks on duplicate cookies).
* Fixed bug #36148 (unpack("H*hex", $data) is adding an extra character to the end of the string).
* Fixed bug #36017 (fopen() crashes PHP when opening a URL).