|
|
|
|
| 搜索 首页 |
经过冗长的质量检测, PHP 4.1.0 终于出来了,你可以从下面的页面下载: http://www.php.net/downloads.php FreeLAMP 提供本地下载: http://www.freelamp.com/download/LAMP/PHP/php-4.1.0.tar.gz PHP 4.1.0 关键的一些特色是: - 提供了新的输入界面,提升安全性 - 总体上的性能提升 - Windows 平台上革命性的性能和稳定性提升。 Windows 下的多线程模块加载速度提高了30倍! 感谢 Brett Brewer 和他的团队。 - 扩展名的版本支持 - 对输出压缩的完全支持 - 大量的修正和新的函数 下面是对新的输入机制的描述,再后面是 4.1.0 的所有改变。 ----------------------------------- 首先需要声明的是,无论在下面你会读到什么,PHP 4.1.0 支持旧的输入机制,原来的应用在新版本上不需要作任何修改应该可以使用。 基于各种各样的理由,PHP 的设置需要依赖于 register_globals 参数打开,但是也成为安全的重要隐患,请看下面的一段代码: <?php if (authenticate_user()) { $authenticated = true; } ... ?> 远程用户可以简单的传递 'authenticated' 作为表单变量,即使 authenticate_user() 函数返回 false,$authenticated 还是会设置成 true。这是一个简单的例子,你或许会说,我的程序不会这样来写。 而实际上,在稍微复杂一些的应用里面,这个机制就会成为重大的漏洞。 因此,新版本的 PHP ,我们建议用户不要采用这个变量来控制应用,虽然我们没有打算要在不久的将来删除。 为了帮助用户建立 register_globals 设置为 off 的应用,我们增加了一些变量来代替旧的,下面是7 个新的数组: $_GET - 包含了通过 GET 发送的表单变量 $_POST - 包含了通过 POST 发送的表单变量 $_COOKIE - 包含了 HTTP cookie 变量 $_SERVER - 包含服务器端变量 (例如:REMOTE_ADDR) $_ENV - 包含环境变量 $_REQUEST - GET 变量,POST 变量和 Cookie 变量的混合,通过用户而来而不能信任的变量。 $_SESSION - 包含通过会话模块注册的 HTTP 变量 这些变量,在任何范围内,都自动设置为全局变量,可以在任何地方调用,而不需要加 global 关键字。 例如: function example1() { print $_GET["name"]; // 没有必要写成:'global $_GET;' } 另外一个值得一提的小窍门是在 $_SESSION 数组中增加一个记录能自动作为会话变量注册,就像你调用了 session_register() 函数。 PHP 4.1.0 仍旧把 register_globals 缺省设置为 on,这会是一个暂时的版本,我们鼓励应用程序的作者把这个变量设置为 off。 下一个版本的 PHP 会在新的安装上把 设置为 off 。但是,我们说的是“新”的安装,在升级安装中,原来的开关还是保持。 请注意:一些旧的变量,例如:$HTTP_GET_VARS 依然能够使用,但是我们建议用户采用新的,更短的名字。 下面是完整的 4.1.0 的改变,基于时间的原因,这里不翻译了。 ------------------------------------- FULL LIST OF CHANGES 10 Dec 2001, Version 4.1.0 - Worked around a bug in the MySQL client library that could cause PHP to hang when using unbuffered queries. (Zeev) - Fixed a bug which caused set_time_limit() to affect all subsequent requests to running Apache child process. (Zeev) - Removed the sablotron extension in favor of the new XSLT extension. (Sterling) - Fixed a bug in WDDX deserialization that would sometimes corrupt the root element if it was a scalar one. (Andrei) - Make ImageColorAt() and ImageColorsForIndex() work with TrueColor images. (Rasmus) - Fixed a bug in preg_match_all() that would return results under improper indices in certain cases. (Andrei) - Fixed a crash in str_replace() that would happen if search parameter was an array and one of the replacements resulted in subject string being empty. (Andrei) - Fixed MySQL extension to work with MySQL 4.0. (Jani) - Fixed a crash bug within Cobalt systems. Patch by tomc@tripac.com. (Jani) - Bundled Dan Libby's xmlrpc-epi extension. - Introduced extension version numbers. (Stig) - Added version_compare() function. (Stig) - Fixed pg_last_notice() (could cause random crashes in PostgreSQL applications, even if they didn't use pg_last_notice()). (Zeev) - Fixed DOM-XML's error reporting, so E_WARNING errors are given instead of E_ERROR error's, this allows you to trap errors thrown by DOMXML functions. (Sterling) - Fixed a bug in the mcrypt extension, where list destructors were not properly being allocated. (Sterling) - Better Interbase blob, null and error handling. (Patch by Jeremy Bettis) - Fixed a crash bug in array_map() if the input arrays had string or non-sequential keys. Also modified it so that if a single array is passed, its keys are preserved in the resulting array. (Andrei) - Fixed a crash in dbase_replace_record. (Patch by robin.marlow@dps-int.com) - Fixed a crash in msql_result(). (Zeev) - Added support for single dimensional SafeArrays and Enumerations. Added an is_enum() function to check if a component implements an enumeration. (Alan, Harald) - Fixed a bug in dbase_get_record() and dbase_get_record_with_names(). boolean fields are now returned correctly. Patch by Lawrence E. Widman (Jani) - Added --version option to php-config. (Stig) - Improved support for thttpd-2.21b by incorporating patches for all known bugs. (Sascha) - Added ircg_get_username, a roomkey argument to ircg_join, error fetching infrastructure, a tokenizer to speed up message processing, and fixed a lot of bugs in the IRCG extension. (Sascha) - Improved speed of the serializer/deserializer. (Thies, Sascha) - Floating point numbers are better detected when converting from strings. (Zeev, Zend Engine) - Replaced php.ini-optimized with php.ini-recommended. As the name implies, it's warmly recommended to use this file as the basis for your PHP configuration, rather than php.ini-dist. (Zeev) - Restore xpath_eval() and php_xpathptr_eval() for 4.0.7. There are still some known leaks. (Joey) - Added import_request_variables(), to allow users to safely import form variables to the global scope (Zeev) - Introduced a new $_REQUEST array, which includes any GET, POST or COOKIE variables. Like the other new variables, this variable is also available regardless of the context. (Andi & Zeev) - Introduced $_GET, $_POST, $_COOKIE, $_SERVER and $_ENV variables, which deprecate the old $HTTP_*_VARS arrays. In addition to be much shorter to type - these variables are also available regardless of the scope, and there's no need to import them using the 'global' statement. (Andi & Zeev) - Added vprintf() and vsprintf() functions that allow passing all arguments after format as an array. (Andrei) - Added support for GD2 image type for ImageCreateFromString() (Jani) - Added ImageCreateFromGD(), ImageCreateFromGD2(), ImageCreateFromGD2part(), ImageGD() and ImageGD2() functions (Jani) - addcslashes now warns when charlist is invalid. The returned string remained the same (Jeroen) - Added optional extra argument to gmp_init(). The extra argument indicates which number base gmp should use when converting a string to the gmp-number. (Troels) - Added the Cyrus-IMAP extension, which allows a direct interface to Cyrus' more advanced capabilities. (Sterling) - Enhance read_exif_data() to support multiple comment tags (Rasmus) - Fixed a crash bug in array_map() when NULL callback was passed in. (Andrei) - Change from E_ERROR to E_WARNING in the exif extension (Rasmus) - New pow() implementation, which returns an integer when possible, and warnings on wrong input (jeroen) - Added optional second parameter to trim, chop and ltrim. You can now specify which characters to trim (jeroen) - Hugely improved the performance of the thread-safe version of PHP, especially under Windows (Andi & Zeev) - Improved request-shutdown performance significantly (Andi & Zeev, Zend Engine) - Added a few new math functions. (Jesus) - Bump bundled expat to 1.95.2 (Thies) - Improved the stability of OCIPlogon() after a database restart. (Thies) - Fixed __FILE__ in the CGI & Java servlet modes when used in the main script. It only worked correctly in included files before this fix (Andi) - Improved the Zend hash table implementation to be much faster (Andi, Zend Engine) - Updated PHP's file open function (used by include()) to check in the calling script's directory in case the file can't be found in the include_path (Andi) - Fixed a corruption bug that could cause constants to become corrupted, and possibly prevent resources from properly being cleaned up at the end of a request (Zeev) - Added optional use of Boyer-Moore algorithm to str_replace() (Sascha) - Fixed and improved shared-memory session storage module (Sascha) - Add config option (always_populate_raw_post_data) which when enabled will always populate $HTTP_RAW_POST_DATA regardless of the post mime type (Rasmus) - Added support for socket and popen file types to ftp_fput (Jason) - Fixed various memory leaks in the LDAP extension (Stig Venaas) - Improved interactive mode - it is now available in all builds of PHP, without any significant slowdown (Zeev, Zend Engine) - Fixed crash in iptcparse() if the supplied data was bogus. (Thies) - Fixed return value for a failed snmpset() - now returns false (Rasmus) - Added hostname:port support to snmp functions (nbougues@axialys.net, Rasmus) - Added fdf_set_encoding() function (Masaki YATSU, Rasmus) - Reversed the destruction-order of resources. This fixes the reported OCI8 "failed to rollback outstanding transactions!" message (Thies, Zend Engine) - Added option for returning XMLRPC fault packets. (Matt Allen, Sascha Schumann) - Improved range() function to support range('a','z') and range(9,0) types of ranges. (Rasmus) - Added getmygid() and safe_mode_gid ini directive to allow safe mode to do a gid check instead of a uid check. (James E. Flemer, Rasmus) - Made assert() accept the array(&$obj, 'methodname') syntax. (Thies) - Made sure that OCI8 outbound variables are always zero-terminated. (Thies) - Fixed a bug that allowed users to spawn processes while using the 5th parameter to mail(). (Derick) - Added nl_langinfo() (when OS provides it) that returns locale. - Fixed a major memory corruption bug in the thread safe version. (Zeev) - Fixed a crash when using the CURLOPT_WRITEHEADER option. (Sterling) - Added optional suffix removal parameter to basename(). (Hartmut) - Added new parameter UDM_PARAM_VARDIR ha in Udm_Set_Agent_Param() function to support alternative search data directory. This requires mnogoSearch 3.1.13 or later. - Fixed references in sessions. This doesn't work when using the WDDX session-serializer. Also improved speed of sessions. (Thies) - Added new experimental module pcntl (Process Control). (Jason) - Fixed a bug when com.allow_dcom is set to false. (phanto) - Added a further parameter to the constructor to load typelibs from file when instantiating components (e.g. DCOM Components without local registration). (phanto) - Added the possibility to specify typelibs by full name in the typelib file (Alan Brown) - Renamed the ZZiplib extension to the Zip extension, function names have also changed accordingly, functionality, has stayed constant. (Sterling) - Made the length argument (argument 2) to pg_loread() optional, if not specified data will be read in 1kb chunks. (Sterling) - Added a third argument to pg_lowrite() which is the length of the data to write. (Sterling) - Added the CONNECTION_ABORTED, CONNECTION_TIMEOUT and CONNECTION_NORMAL constants. (Zak) - Assigning to a string offset beyond the end of the string now automatically increases the string length by padding it with spaces, and performs the assignment. (Zeev, Zend Engine) - Added warnings in case an uninitialized string offset is read. (Zeev, Zend Engine) - Fixed a couple of overflow bugs in case of very large negative integer numbers. (Zeev, Zend Engine) - Fixed a crash bug in the string-offsets implementation (Zeev, Zend Engine) - Improved the implementation of parent::method_name() for classes which use run-time inheritance. (Zeev, Zend Engine) - Added 'W' flag to date() function to return week number of year using ISO 8601 standard. (Colin) - Made the PostgreSQL driver do internal row counting when iterating through result sets. (gvz@2scale.net) - Updated ext/mysql/libmysql to version 3.23.39; Portability fixes, minor bug fixes. (tim@mysql.com) - Added get_defined_constants() function to return an associative array of constants mapped to their values. (Sean) - New mailparse extension for parsing and manipulating MIME mail. (Wez) - Define HAVE_CONFIG_H when building standalone DSO extensions. (Stig) - Added the 'u' modifier to printf/sprintf which prints unsigned longs. (Derick) - Improved IRIX compatibility. (Sascha) - Fixed crash bug in bzopen() when specifying an invalid file. (Andi) - Fixed bugs in the mcrypt extension that caused crashes. (Derick) - Added the IMG_ARC_ROUNDED option for the ImageFilledArc() function, which specified that the drawn curve should be rounded. (Sterling) - Updated the sockets extension to use resources instead of longs for the socket descriptors. The socket functions have been renamed to conform with the PHP standard instead of their C counterparts. The sockets extension is now usable under Win32. (Daniel) - Added disk_total_space() to return the total size of a filesystem. (Patch from Steven Bower) - Renamed diskfreespace() to disk_free_space() to conform to established naming conventions. (Jon) - Fixed #2181. Now zero is returned instead of an unset value for 7-bit encoding and plain text body type. (Vlad) - Fixed a bug in call_user_*() functions that would not allow calling functions/methods that accepted parameters by reference. (Andrei) - Added com_release($obj) and com_addref($obj) functions and the related class members $obj->Release() and $obj->AddRef() to gain more control over the used COM components. (phanto) - Added an additional parameter to dotnet_load to specify the codepage (phanto) - Added peak memory logging. Use --enable-memory-limit to create a new Apache 1.x logging directive "{mod_php_memory_usage}n" which will log the peak amount of memory used by the script. (Thies) - Made fstat() and stat() provide identical output by returning a numerical and string indexed array. (Jason) - Fixed memory leak upon re-registering constants. (Sascha, Zend Engine) ----------------------------------- Zeev < | >
|
|
|||||||||||||||||||||
|
|||||||||||||||||||||||
|
禅道
须在生活中修,在日常言语、形式里面契合、印证
自我的觉醒却是光阴偷不走,人拿不走的。 | ||||||
|
||||||
更加安全的 PHP 4.1.0 发布
