Upgrade to PHP 5.2.1 升級摘要

趁著調整系統設定之時,順便更新 PHP 的版本到 5.2.1,這次的更新主要在穩定度和安全性上面做改進,ChangeLog 裡有提到 “FastCGI speed optimized build of PHP for Windows made available for downloading”,而更新之後執行速度確實快了些,可以從控制台的速度偵測得知。

幾個主要安全性加強及修正:

Security Enhancements and Fixes in PHP 5.2.1:

● Fixed possible safe_mode & open_basedir bypasses inside the session extension.
● Prevent search engines from indexing the phpinfo() page.
● Fixed a number of input processing bugs inside the filter extension.
● Fixed unserialize() abuse on 64 bit systems with certain input strings.
● Fixed possible overflows and stack corruptions in the session extension.
● Fixed an underflow inside the internal sapi_header_op() function.
● Fixed allocation bugs caused by attempts to allocate negative values in some code paths.
● Fixed possible stack overflows inside zip, imap & sqlite extensions.
● Fixed several possible buffer overflows inside the stream filters.
● Fixed non-validated resource destruction inside the shmop extension.
● Fixed a possible overflow in the str_replace() function.
● Fixed possible clobbering of super-globals in several code paths.
● Fixed a possible information disclosure inside the wddx extension.
● Fixed a possible string format vulnerability in *print() functions on 64 bit systems.
● Fixed a possible buffer overflow inside mail() and ibase_{delete,add,modify}_user() functions.
● Fixed a string format vulnerability inside the odbc_result_all() function.
● Memory limit is now enabled by default.
● Added internal heap protection.
● Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.

The key improvements of PHP 5.2.1 include:

● Several performance improvements in the engine, streams API and some Windows specific optimizations.
● PDO_MySQL now uses buffered queries by default and emulates prepared statements to bypass limitations of MySQL’s prepared statement API.
● Many improvements and enhancements to the filter and zip extensions.
● Memory limit is now always enabled, this includes Windows builds, with a default limit of 128 megabytes.
● Added several performance optimizations using faster Win32 APIs (this change means that PHP no longer supports Windows 98).
● FastCGI speed optimized build of PHP for Windows made available for downloading.
● Over 180 bug fixes.

有滿多是與 Windows 系統相關的效能改善。