Security Enhancements and Fixes in PHP 5.2.0
- Made PostgreSQL escaping functions in PostgreSQL and PDO extension keep track of character set encoding whenever possible.
- Added allow_url_include, set to Off by default to disallow use of URLs for include and require.
- Disable realpath cache when open_basedir and safe_mode are being used.
- Improved safe_mode enforcement for error_log() function.
- Fixed a possible buffer overflow in the underlying code responsible for htmlspecialchars() and htmlentities() functions.
- Added missing safe_mode and open_basedir checks for the cURL extension.
- Fixed overflow is str_repeat() & wordwrap() functions on 64bit machines.
- Fixed handling of long paths inside the tempnam() function.
- Fixed safe_mode/open_basedir checks for session.save_path, allowing them to account for extra parameters.
- Fixed ini setting overload in the ini_restore() function.
Scroll to top