Version History of PHP 5.4.0

  • autoconf 2.59+ is now supported (and required) for generating the configure script with ./buildconf. Autoconf 2.60+ is desirable otherwise the configure help order may be incorrect.
  • Removed legacy features
    • break/continue $var syntax.
    • Safe mode and all related ini options.
    • register_globals and register_long_arrays ini options.
    • import_request_variables().
    • allow_call_time_pass_reference.
    • define_syslog_variables ini option and its associated function.
    • highlight.bg ini option.
    • Session bug compatibility mode (session.bug_compat_42 and session.bug_compat_warn ini options).
    • session_is_registered(), session_register() and session_unregister() functions.
    • y2k_compliance ini option.
    • magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept but always return false, set_magic_quotes_runtime raises an E_CORE_ERROR.
    • Removed support for putenv("TZ=..") for setting the timezone.
    • Removed the timezone guessing algorithm in case the timezone isn't set with date.timezone or date_default_timezone_set(). Instead of a guessed timezone, "UTC" is now used instead.
  • Moved extensions to PECL
    • ext/sqlite. (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are not affected)
  • General improvements
    • Added short array syntax support ([1,2,3]), see UPGRADING guide for full details.
    • Added binary numbers format (0b001010).
    • Added support for Class::{expr}() syntax.
    • Added multibyte support by default. Previously php had to be compiled with --enable-zend-multibyte. Now it can be enabled or disabled through zend.multibyte directive in php.ini.
    • Removed compile time dependency from ext/mbstring.
    • Added support for Traits.
    • Added closure $this support back.
    • Added array dereferencing support.
    • Added callable typehint.
    • Added indirect method call through array. #47160.
    • Added DTrace support.
    • Added class member access on instantiation (e.g. (new foo)->bar()) support.
    • <?= is now always available regardless of the short_open_tag setting.
    • Implemented Zend Signal Handling (configurable option --enable-zend-signals, off by default).
    • Improved output layer, see README.NEW-OUTPUT-API for internals.
    • Improved unix build system to allow building multiple PHP binary SAPIs and one SAPI module the same time. #53271, #52419.
    • Implemented closure rebinding as parameter to bindTo.
    • Improved the warning message of incompatible arguments.
    • Improved ternary operator performance when returning arrays.
    • Changed error handlers to only generate docref links when the docref_root INI setting is not empty.
    • Changed silent conversion of array to string to produce a notice.
    • Changed default value of "default_charset" php.ini option from ISO-8859-1 to UTF-8.
    • Changed silent casting of null/''/false into an Object when adding a property into a warning.
    • Changed E_ALL to include E_STRICT.
    • Disabled windows CRT warning by default, can be enabled again using the ini directive windows_show_crt_warnings.
    • Fixed bug #55378: Binary number literal returns float number though its value is small enough.
  • Improved Zend Engine memory usage
    • Improved parse error messages.
    • Replaced zend_function.pass_rest_by_reference by ZEND_ACC_PASS_REST_BY_REFERENCE in zend_function.fn_flags.
    • Replaced zend_function.return_reference by ZEND_ACC_RETURN_REFERENCE in zend_function.fn_flags.
    • Removed zend_arg_info.required_num_args as it was only needed for internal functions. Now the first arg_info for internal functions (which has special meaning) is represented by zend_internal_function_info structure.
    • Moved zend_op_array.size, size_var, size_literal, current_brk_cont, backpatch_count into CG(context) as they are used only during compilation.
    • Moved zend_op_array.start_op into EG(start_op) as it's used only for 'interactive' execution of single top-level op-array.
    • Replaced zend_op_array.done_pass_two by ZEND_ACC_DONE_PASS_TWO in zend_op_array.fn_flags.
    • op_array.vars array is trimmed (reallocated) during pass_two.
    • Replaced zend_class_entry.constants_updated by ZEND_ACC_CONSTANTS_UPDATED in zend_class_entry.ce_flags.
    • Reduced the size of zend_class_entry by sharing the same memory space by different information for internal and user classes. See zend_class_entry.info union.
    • Reduced size of temp_variable.
  • Improved Zend Engine, performance tweaks and optimizations
    • Inlined most probable code-paths for arithmetic operations directly into executor.
    • Eliminated unnecessary iterations during request startup/shutdown.
    • Changed $GLOBALS into a JIT autoglobal, so it's initialized only if used. (this may affect opcode caches!)
    • Improved performance of @ (silence) operator.
    • Simplified string offset reading. $str[1][0] is now a legal construct.
    • Added caches to eliminate repeatable run-time bindings of functions, classes, constants, methods and properties.
    • Added concept of interned strings. All strings constants known at compile time are allocated in a single copy and never changed.
    • ZEND_RECV now always has IS_CV as its result.
    • ZEND_CATCH now has to be used only with constant class names.
    • ZEND_FETCH_DIM_? may fetch array and dimension operands in different order.
    • Simplified ZEND_FETCH_*_R operations. They can't be used with the EXT_TYPE_UNUSED flag any more. This is a very rare and useless case. ZEND_FREE might be required after them instead.
    • Split ZEND_RETURN into two new instructions ZEND_RETURN and ZEND_RETURN_BY_REF.
    • Optimized access to global constants using values with pre-calculated hash_values from the literals table.
    • Optimized access to static properties using executor specialization. A constant class name may be used as a direct operand of ZEND_FETCH_* instruction without previous ZEND_FETCH_CLASS.
    • zend_stack and zend_ptr_stack allocation is delayed until actual usage.
  • Other improvements to Zend Engine
    • Added an optimization which saves memory and emalloc/efree calls for empty HashTables.
    • Added ability to reset user opcode handlers.
    • Changed the structure of op_array.opcodes. The constant values are moved from opcode operands into a separate literal table.
    • Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods.
    • Fixed bug #43200 (Interface implementation / inheritence not possible in abstract classes).
  • Improved core functions
    • Added optional argument to debug_backtrace() and debug_print_backtrace() to limit the amount of stack frames returned.
    • Added hex2bin() function.
    • number_format() no longer truncates multibyte decimal points and thousand separators to the first byte. #53457.
    • Added support for object references in recursive serialize() calls. #36424.
    • Added support for SORT_NATURAL and SORT_FLAG_CASE in array sort functions (sort, rsort, ksort, krsort, asort, arsort and array_multisort). #55158.
    • Added stream metadata API support and stream_metadata() stream class handler.
    • User wrappers can now define a stream_truncate() method that responds to truncation, e.g. through ftruncate(). #53888.
    • Improved unserialize() performance.
    • Changed array_combine() to return empty array instead of FALSE when both parameter arrays are empty. #34857.
    • Fixed invalid free in call_user_method() function.
    • Fixed crypt_blowfish handling of 8-bit characters. (CVE-2011-2483).
    • Fixed bug #61095 (Incorect lexing of 0x00*+<NUM>).
    • Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with $double=false).
    • Fixed bug #60895 (Possible invalid handler usage in windows random functions).
    • Fixed bug #60879 (unserialize() Does not invoke __wakeup() on object).
    • Fixed bug #60825 (Segfault when running symfony 2 tests).
    • Fixed bug #60809 (TRAITS - PHPDoc Comment Style Bug).
    • Fixed bug #60627 (httpd.worker segfault on startup with php_value).
    • Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax).
    • Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax).
    • Fixed bug #60558 (Invalid read and writes).
    • Fixed bug #60536 (Traits Segfault).
    • Fixed bug #60444 (Segmentation fault with include & class extending).
    • Fixed bug #60362 (non-existent sub-sub keys should not have values).
    • Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e).
    • Fixed bug #60321 (ob_get_status(true) no longer returns an array when buffer is empty).
    • Fixed bug #60282 (Segfault when using ob_gzhandler() with open buffers).
    • Fixed bug #60240 (invalid read/writes when unserializing specially crafted strings).
    • Fixed bug #60227 (header() cannot detect the multi-line header with CR(0x0D)).
    • Fixed bug #60174 (Notice when array in method prototype error).
    • Fixed bug #60169 (Conjunction of ternary and list crashes PHP).
    • Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when

the data exceeds or is equal to 2048 bytes).

    • Fixed bug #60099 (__halt_compiler() works in braced namespaces).
    • Fixed bug #60038 (SIGALRM cause segfault in php_error_cb).
    • Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs).
    • Fixed bug #55871 (Interruption in substr_replace()).
    • Fixed bug #55825 (Missing initial value of static locals in trait methods).
    • Fixed bug #55801 (Behavior of unserialize has changed).
    • Fixed bug #55622 (memory corruption in parse_ini_string).
    • Fixed bug #55758 (Digest Authenticate missed in 5.4) .
    • Fixed bug #55748 (multiple NULL Pointer Dereference with zend_strndup()) (CVE-2011-4153).
    • Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds).
    • Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux parisc).
    • Fixed bug #55705 (Omitting a callable typehinted argument causes a segfault).
    • Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of).
    • Fixed bug #55471 (ZTS build broken with dtrace).
    • Fixed bug #55124 (recursive mkdir fails with current (dot) directory in path).
    • Fixed bug #55084 (Function registered by header_register_callback is called only once per process).
    • Implement #54514 (Get php binary path during script execution).
    • Fixed bug #52624 (tempnam() by-pass open_basedir with nonexistent directory).
    • Fixed bug #52211 (iconv() returns part of string on error).
    • Fixed bug #51860 (Include fails with toplevel symlink to /).
  • Improved generic SAPI support
    • Added $_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision.
    • Added max_input_vars directive to prevent attacks based on hash collisions.
    • Added header_register_callback() which is invoked immediately prior to the sending of headers and after default headers have been added.
    • Added http_response_code() function. #52555.
    • Fixed bug #55500 (Corrupted $_FILES indices lead to security concern).
    • Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices).
  • Improved Apache SAPI
    • Fixed bug #60205 (possible integer overflow in content_length).
  • Improved CLI SAPI
    • Added friendly log messages. #55109.
    • Added built-in web server that is intended for testing purpose.
    • Added command line option --rz <name> which shows information of the named Zend extension.
    • Interactive readline shell improvements
      • Added "cli.pager" php.ini setting to set a pager for output.
      • Added "cli.prompt" php.ini setting to configure the shell prompt.
      • Added shortcut #inisetting=value to change ini settings at run-time.
      • Changed shell not to terminate on fatal errors.
      • Interactive shell works with shared readline extension. #53878.
    • Fixed bug #60591 (Memory leak when access a non-exists file).
    • Fixed bug #60523 (PHP Errors are not reported in browsers using built-in SAPI).
    • Fixed bug #60477 (Segfault after two multipart/form-data POST requests, one 200 RQ and one 404).
    • Implement #60390 (Missing $_SERVER['SERVER_PORT']).
    • Fixed bug #60180 ($_SERVER["PHP_SELF"] incorrect).
    • Fixed bug #60159 (Router returns false, but POST is not passed to requested resource).
    • Fixed bug #60146 (Last 2 lines of page not being output).
    • Fixed bug #60115 (memory definitely lost in cli server).
    • Fixed bug #60112 (If URI does not contain a file, index.php is not served).
    • Fixed bug #55759 (memory leak when using built-in server).
    • Fixed bug #55755 (SegFault when outputting header WWW-Authenticate).
    • Fixed bug #55747 (request headers missed in $_SERVER).
    • Fixed bug #55726 (Changing the working directory makes router script inaccessible).
    • Fixed bug #55463 (cli-server missing _SERVER[REMOTE_ADDR]).
    • Fixed bug #55450 (Built in web server not accepting file uploads).
    • Fixed bug #55423 (cli-server could not output correctly in some case).
  • Improved CGI/FastCGI SAPI
    • Added apache compatible functions: apache_child_terminate(), getallheaders(), apache_request_headers() and apache_response_headers().
    • Improved performance of FastCGI request parsing.
    • Fixed reinitialization of SAPI callbacks after php_module_startup().
  • Improved PHP-FPM SAPI
    • Added partial syslog support (on error_log only). #52052.
    • Added .phar to default authorized extensions.
    • Added process.max to control the number of process FPM can fork. #55166.
    • Dropped restriction of not setting the same value multiple times, the last one holds.
    • Lowered default value for Process Manager. #54098.
    • Enhanced security by limiting access to user defined extensions. #55181.
    • Enhanced error log when the primary script can't be open. #60199.
    • Removed EXPERIMENTAL flag.
    • Fixed bug #60659 (FPM does not clear auth_user on request accept).
    • Fixed bug #60629 (memory corruption when web server closed the fcgi fd).
  • Improved Litespeed SAPI
    • Fixed bug #55769 (Make Fails with "Missing Separator" error).
  • Improved BCmath extension
    • Fixed bug #60377 (bcscale related crashes on 64bits platforms).
  • Improved CURL extension
    • Added support for CURLOPT_MAX_RECV_SPEED_LARGE and CURLOPT_MAX_SEND_SPEED_LARGE. #51815.
    • Fixed bug #60439 (curl_copy_handle segfault when used with CURLOPT_PROGRESSFUNCTION).
  • Improved Date extension
    • Added the + modifier to parseFromFormat to allow trailing text in the string to parse without throwing an error.
  • Improved DBA extension
    • Added Tokyo Cabinet abstract DB support.
    • Added Berkeley DB 5 support.
  • Improved DOM extension
    • Added the ability to pass options to loadHTML.
  • Improved filesystem functions
    • scandir() now accepts SCANDIR_SORT_NONE as a possible sorting_order value. #53407.
  • Improved fileinfo extension
    • Fixed possible memory leak in finfo_open().
    • Fixed memory leak when calling the Finfo constructor twice.
    • Fixed bug #60094 (C++ comment fails in c89).
  • Improved HASH extension
    • Added Jenkins's one-at-a-time hash support.
    • Added FNV-1 hash support.
    • Made Adler32 algorithm faster. #53213.
    • Removed Salsa10/Salsa20, which are actually stream ciphers.
    • Fixed bug #60221 (Tiger hash output byte order).
  • Improved intl extension
    • Added Spoofchecker class, allows checking for visibly confusable characters and other security issues.
    • Added Transliterator class, allowing transliteration of strings.
    • Added support for UTS #46.
    • Fixed memory leak in several Intl locale functions.
    • Fixed build on Fedora 15 / Ubuntu 11.
    • Fixed bug #55562 (grapheme_substr() returns false on big length).
  • Improved JSON extension
    • Added new json_encode() option JSON_UNESCAPED_UNICODE. #53946.
    • Added JsonSerializable interface.
    • Added JSON_BIGINT_AS_STRING, extended json_decode() sig with $options.
    • Added support for JSON_NUMERIC_CHECK option in json_encode() that converts numeric strings to integers.
    • Added new json_encode() option JSON_UNESCAPED_SLASHES. #49366.
    • Added new json_encode() option JSON_PRETTY_PRINT. #44331.
  • Improved LDAP extension
    • Added paged results support. #42060.
  • Improved mbstring extension
    • Added Shift_JIS/UTF-8 Emoji (pictograms) support.
    • Added JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004) support.
    • Ill-formed UTF-8 check for security enhancements.
    • Added MacJapanese (Shift_JIS) and gb18030 encoding support.
    • Added encode/decode in hex format to mb_[en|de]code_numericentity().
    • Added user JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004) support.
    • Added the user defined area for CP936 and CP950.
    • Fixed possible crash in mb_ereg_search_init() using empty pattern.
    • Fixed bug #60306 (Characters lost while converting from cp936 to utf8).
  • Improved MS SQL extension
    • Fixed bug #60267 (Compile failure with freetds 0.91).
  • Improved MySQL extensions
    • MySQL: Deprecated mysql_list_dbs(). #50667.
    • mysqlnd: Added named pipes support. #48082.
    • MySQLi: Added iterator support in MySQLi. mysqli_result implements Traversable.
    • PDO_mysql: Removed support for linking with MySQL client libraries older than 4.1.
    • ext/mysql, mysqli and pdo_mysql now use mysqlnd by default.
    • Fixed bug #55473 (mysql_pconnect leaks file descriptors on reconnect).
    • Fixed bug #55653 (PS crash with libmysql when binding same variable as param and out).
  • Improved OpenSSL extension
    • Added AES support. #48632.
    • Added a "no_ticket" SSL context option to disable the SessionTicket TLS extension. #53447.
    • Added no padding option to openssl_encrypt()/openssl_decrypt().
    • Use php's implementation for Windows Crypto API in openssl_random_pseudo_bytes.
    • On error in openssl_random_pseudo_bytes() made sure we set strong result to false.
    • Fixed segfault with older versions of OpenSSL.
    • Fixed possible attack in SSL sockets with SSL 3.0 / TLS 1.0. CVE-2011-3389.
    • Fixed bug #61124 (Crash when decoding an invalid base64 encoded string).
    • Fixed bug #60279 (Fixed NULL pointer dereference in stream_socket_enable_crypto, case when ssl_handle of session_stream is not initialized.
  • Improved Oracle Database extension (OCI8)
    • Increased maximum Oracle error message buffer length for new 11.2.0.3 size.
    • Improved internal initalization failure error messages.
    • Fixed bug #59985 (show normal warning text for OCI_NO_DATA).
  • Improved PDO
    • Fixed PDO objects binary incompatibility.
  • PDO DBlib driver
    • Added nextRowset support.
    • Fixed bug #60033 (Incorrectly merged PDO dblib patches break uniqueidentifier column type).
    • Fixed bug #50755 (PDO DBLIB Fails with OOM).
  • Improved Pdo Firebird driver
    • Fixed bug #53280 (segfaults if query column count less than param count).
    • Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO Firebird).
    • Fixed bug #47415 (segfaults when passing lowercased column name to bindColumn).
  • Improved PostgreSQL extension
    • Added support for "extra" parameter for PGNotify().
  • Improved preg extension
    • Changed third parameter of preg_match_all() to optional. #53238.
  • Improved readline extension
    • Fixed bug #54450 (Enable callback support when built against libedit).
  • Improved Reflection extension
    • Added ReflectionClass::newInstanceWithoutConstructor() to create a new instance of a class without invoking its constructor. #55490.
    • Added ReflectionExtension::isTemporary() and ReflectionExtension::isPersistent() methods.
    • Added ReflectionZendExtension class.
    • Added ReflectionClass::isCloneable().
    • Fixed bug #60367 (Reflection and Late Static Binding).
    • Fixed bug #60357 (__toString() method triggers E_NOTICE "Array to string conversion").
  • Improved Session extension
    • Expose session status via new function, session_status. #52982.
    • Added support for object-oriented session handlers.
    • Added support for storing upload progress feedback in session data.
    • Changed session.entropy_file to default to /dev/urandom or /dev/arandom if either is present at compile time.
    • Fixed bug #60860 (session.save_handler=user without defined function core dumps).
    • Implement #60551 (session_set_save_handler should support a core's session handler interface).
    • Fixed bug #60640 (invalid return values).
  • Improved SNMP extension
    • Added OO API. #53594 (php-snmp rewrite).
    • Sanitized return values of existing functions. Now it returns FALSE on failure.
    • Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to max_oids upon request.
    • Introducing unit tests for extension with ~full coverage. IPv6 support. (#42918)
    • Way of representing OID value can now be changed when SNMP_VALUE_OBJECT is used for value output mode. Use or'ed SNMP_VALUE_LIBRARY(default if not specified) or SNMP_VALUE_PLAIN. (#54502)
    • Fixed bug #60749 (SNMP module should not strip non-standard SNMP port from hostname).
    • Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support is disabled).
    • Fixed bug #53862 (snmp_set_oid_output_format does not allow returning to default).
    • Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly).
    • Fixed bug #46065 (snmp_set_quick_print() persists between requests).
    • Fixed bug #45893 (Snmp buffer limited to 2048 char).
    • Fixed bug #44193 (snmp v3 noAuthNoPriv doesn't work).
  • Improved SOAP extension
    • Added new SoapClient option "keep_alive". #60329.
    • Fixed basic HTTP authentication for WSDL sub requests.
  • Improved SPL extension
    • Added RegexIterator::getRegex() method.
    • Added SplObjectStorage::getHash() hook.
    • Added CallbackFilterIterator and RecursiveCallbackFilterIterator.
    • Added missing class_uses(..) as pointed out by #55266.
    • Immediately reject wrong usages of directories under Spl(Temp)FileObject and friends.
    • FilesystemIterator, GlobIterator and (Recursive)DirectoryIterator now use the default stream context.
    • Fixed bug #60201 (SplFileObject::setCsvControl does not expose third argument via Reflection).
    • Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY).
    • Fixed bug #55287 (spl_classes() not includes CallbackFilter classes)
  • Improved Sysvshm extension
    • Fixed bug #55750 (memory copy issue in sysvshm extension).
  • Improved Tidy extension
    • Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference).
  • Improved Tokenizer extension
    • Fixed bug #54089 (token_get_all with regards to __halt_compiler is not binary safe).
  • Improved XSL extension
    • Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs() to define forbidden operations within XSLT stylesheets, default is not to enable write operations from XSLT. Fixed bug #54446.
    • XSL doesn't stop transformation anymore, if a PHP function can't be called
  • Improved ZLIB extension
    • Re-implemented non-file related functionality.
    • Fixed bug #55544 (ob_gzhandler always conflicts with zlib.output_compression).