Download PHP 4.4.3

The developers behind PHP Hypertext Preprocessor, or PHP for short, released version 4.4.3 yesterday. PHP is mainly used to generate dynamic content in the HTML markup language on the server side. The software is often used in combination with the database program MySQL, which serves the dynamic content of websites and forums. In this release, a relatively small number of bugs have been fixed and a number of so-called ‘security issues’ have been resolved. The full changelog looks like this:

Changes in this release:

• Added control character checks for cURL extension’s open_basedir/safe_mode checks.
• Added overflow checks to wordwrap() function.
• Added a check for special characters in the session name.
• Improved safe_mode check for the error_log() function.
• Updated PCRE to version 6.6.
• Fixed handling of extremely long paths inside tempnam() function.
• Fixed XSS inside phpinfo() with long inputs.
• Fixed a possible buffer overflow inside create_named_pipe() for Win32 systems in libmysql.c.
• Fixed bug #37720 (merge_php_config scrambles values).
• Fixed bug #37569 (WDDX incorrectly encodes high-ascii characters).
• Fixed bug #37510 (session_regenerate_id changes session_id() even on failure).
• Fixed bug #37360 (Memory errors with a corrupt GIF file).
• Fixed bug #37348 (Make PEAR install ignore open_basedir).
• Fixed bug #37346 (Crashes when using an invalid colormap format).
• Fixed bug #37162 (wddx does not build as a shared extension).
• Fixed bug #37046 (foreach breaks static scope).
• Fixed bug #37045 (Fixed check for special chars for http redirects).
• Fixed bug #36857 (Added support for partial content fetching to the HTTP streams wrapper).
• Fixed bug #36776 (node_list_wrapper_dtor segfault).
• Fixed bug #36459 (Incorrectly adding PHPSESSID to links, which contains \r\n).
• Fixed bug #36458 (sleep() accepts negative values).
• Fixed bug #36242 (Possible memory corruption in stream_select()).
• Fixed bug #36223 (curl bypasses open_basedir restrictions).
• Fixed bug #36205 (Memory leaks on duplicate cookies).
• Fixed bug #36148 (unpack(“H*hex”, $data) is adding an extra character to the end of the string).
• Fixed bug #36017 (fopen() crashes PHP when opening a URL).

[break]The following downloads are available:
PHP 4.4.3 (tar.bz2)
PHP 4.4.3 (tar.gz)