|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #57836 HttpRequest does not assume / for domains
Submitted: 2007-09-12 18:06 UTC Modified: 2007-09-18 03:58 UTC
From: mattsch at gmail dot com Assigned: mike (profile)
Status: Closed Package: pecl_http (PECL)
PHP Version: 5.2.4 OS: Gentoo Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: mattsch at gmail dot com
New email:
PHP Version: OS:


 [2007-09-12 18:06 UTC] mattsch at gmail dot com
The url parameter for HttpRequest (and probably other methods that accept a url) does not assume root "/".  A forward slash should be appended to the url if a file is not specified.

Reproduce code:
$http = new HttpRequest('', HTTP_METH_POST, array('timeout' => 10));
$http->addPostFields(array('foo' => 'bar'));

Expected result:
string(38894) "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
<html xmlns="" xml:lang="en" lang="en">
 <title>PHP: Hypertext Preprocessor</title>
 <style type="text/css" media="all">
  @import url("");
  @import url("");
 <!--[if IE]><![if gte IE 6]><![endif]-->
  <style type="text/css" media="print">
   @import url("");
 <!--[if IE]><![endif]><![endif]-->

 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
 <link rel="shortcut icon" href="" />
 <link rel="search" type="application/opensearchdescription+xml" href="" title="Add search" />
 <script type="text/javascript" src=""></script>
 <base href="" />
 <link rel="alternate" type="application/rss+xml" title="PHP: Hypertext Preprocessor" href="" />
<body onload="boldEvents();">

<div id="headnav">

 <a href="/"><img src=""
 alt="PHP" width="120" height="67" /></a>
 <div id="headmenu">
  <a href="/downloads.php">downloads</a> |
  <a href="/docs.php">documentation</a> |
  <a href="/FAQ.php">faq</a> |
  <a href="/support.php">getting help</a> |
  <a href="/mailing-lists.php">mailing lists</a> |
  <a href="">reporting bugs</a> |
  <a href="/sites.php"> sites</a> |
  <a href="/links.php">links</a> |
  <a href="/conferences/">conferences</a> |
  <a href="/my.php">my</a>


<div id="headsearch">
 <form method="post" action="/search.php" id="topsearch">
   <span title="Keyboard shortcut: Alt+S (Win), Ctrl+S (Apple)">
    <span class="shortkey">s</span>earch for
   <input type="text" name="pattern" value="" size="30" accesskey="s" />

   <span>in the</span>
   <select name="show">
    <option value="quickref" selected="selected">function list</option>
    <option value="all"      >all sites</option>
    <option value="local"    >this mirror only</option>
    <option value="manual"   >online documentation</option>

    <option value="bugdb"    >bug database</option>
    <option value="news_archive">Site News Archive</option>
    <option value="changelogs">All Changelogs</option>
    <option value="pear"     >just</option>
    <option value="pecl"     >just</option>
    <option value="talks"    >just</option>

    <option value="maillist" >general mailing list</option>
    <option value="devlist"  >developer mailing list</option>
    <option value="phpdoc"   >documentation mailing list</option>
   <input type="image"
          class="submit" alt="search" />


<div id="layout_3"><div id="layout_3_helper">
 <div id="leftbar">

<h3>What is PHP?</h3>
 <acronym title="recursive acronym for PHP: Hypertext Preprocessor">PHP</acronym>
 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 If you are new to PHP and want to get some idea
 of how it works, try the <a href="/tut.php">introductory tutorial</a>.
 After that, check out the online <a href="/docs.php">manual</a>,
 and the example archive sites and some of the other resources
 available in the <a href="/links.php">links section</a>.

 Ever wondered how popular PHP is? see the
 <a href="/usage.php">Netcraft Survey</a>.

<h3><a href="/thanks.php">Thanks To</a></h3>
<ul class="simple">
 <li><a href="" title="DNS Hosting provided by easyDNS">easyDNS</a></li>
 <li><a href="">Directi</a></li>

 <li><a href="">pair Networks</a></li>
 <li><a href="">EV1Servers</a></li>
 <li><a href="">Server Central</a></li>
 <li><a href="">Hosted Solutions</a></li>
 <li><a href="">Spry VPS Hosting</a></li>
 <li><a href="">eZ Systems</a> / <a href="">HiT</a></li>

 <li><a href="">OSU Open Source Lab</a></li>
 <li><a href="">Yahoo! Inc.</a></li>
 <li><a href="">BinarySEC</a></li>
 <li><a href="">NEXCESS.NET</a></li>
<h3>Related sites</h3>
<ul class="simple">
 <li><a href="">Apache</a></li>

 <li><a href="">MySQL</a></li>
 <li><a href="">PostgreSQL</a></li>
 <li><a href="">Zend Technologies</a></li>
<ul class="simple">
 <li><a href=""></a></li>
 <li><a href="">OSTG</a></li>


 You can grab our news as an RSS feed via a daily dump in a file
 named <a href="/news.rss">news.rss</a>.
 <div id="rightbar">
  <div id="releaseBox">
   <h4>Stable Releases</h4>

   <ol id="releases">
    <li class="php5"><a href="/downloads.php#v5">Current PHP 5 Stable: <span class="release">5.2.4</span></a></li>
    <li class="php5"><a href="/downloads.php#v4">Historical PHP 4 Stable: <span class="release">4.4.7</span></a></li>
<h4>Upcoming Events <a href="/submit-event.php">[add]</a></h4>

<h4 class="eventmonth">September</h4>
<span class="event_ITA">26. <a href="/cal.php?id=2773">Think Open: OS &amp; FS Expo</a></span><br />
<h4>User Group Events</h4>
<span class="event_USA">12. <a href="/cal.php?id=1395">Wash DC PHP Developers Group</a></span><br />
<span class="event_DEU">12. <a href="/cal.php?id=2503">Stuttgart</a></span><br />

<span class="event_DEU">13. <a href="/cal.php?id=1848">Meeting usergroup Dortmund</a></span><br />
<span class="event_DEU">13. <a href="/cal.php?id=1946">PHP Usergroup Frankfurt/Main</a></span><br />
<span class="event_AUS">13. <a href="/cal.php?id=2670">Melbourne PHP User Group</a></span><br />
<span class="event_USA">13. <a href="/cal.php?id=2761">Boise, Idaho PHP User Group</a></span><br />
<span class="event_GBR">13. <a href="/cal.php?id=2774">Beer Festival Social@Birmingham</a></span><br />
<span class="event_USA">15. <a href="/cal.php?id=1131">Kansas City</a></span><br />

<span class="event_USA">15. <a href="/cal.php?id=1346">Miami Linux Users Group</a></span><br />
<span class="event_USA">15. <a href="/cal.php?id=1671">Twin Cities PHP</a></span><br />
<span class="event_USA">15. <a href="/cal.php?id=2449">Los Angeles LAMPsig</a></span><br />
<span class="event_BRA">15. <a href="/cal.php?id=2772">Seminario PHP</a></span><br />
<span class="event_USA">18. <a href="/cal.php?id=1738">Madison PHP User's Group</a></span><br />
<span class="event_AUS">18. <a href="/cal.php?id=2246">PHP Brisbane Meetup Group</a></span><br />

<span class="event_USA">19. <a href="/cal.php?id=1545">Miami PHP User Group</a></span><br />
<span class="event_USA">19. <a href="/cal.php?id=1546">Broward Php Usergroup</a></span><br />
<span class="event_USA">19. <a href="/cal.php?id=1847">Nashville PHP Users Group</a></span><br />
<span class="event_USA">19. <a href="/cal.php?id=2208">Chicago PHP User Group Brunch</a></span><br />
<span class="event_USA">20. <a href="/cal.php?id=1704">TriPUG</a></span><br />
<span class="event_USA">20. <a href="/cal.php?id=1719">OINK-PUG (Cincinnati, Ohio)</a></span><br />

<span class="event_USA">20. <a href="/cal.php?id=1820">Utah PHP Users Group Meeting</a></span><br />
<span class="event_USA">22. <a href="/cal.php?id=2629">Sacramento PHP Group</a></span><br />
<span class="event_USA">24. <a href="/cal.php?id=1099">Long Island PHP Users Group</a></span><br />
<span class="event_USA">25. <a href="/cal.php?id=409">New York</a></span><br />
<span class="event_USA">25. <a href="/cal.php?id=384">AzPHP</a></span><br />
<span class="event_USA">25. <a href="/cal.php?id=2039">San Antonio PHP Meetup</a></span><br />

<span class="event_MYS">25. <a href="/cal.php?id=2527">Malaysia PHP Meetup</a></span><br />
<span class="event_DEU">25. <a href="/cal.php?id=2600">PHP Usergroup Karlsruhe</a></span><br />
<span class="event_DEU">25. <a href="/cal.php?id=2660">PHPUG Wuerzburg</a></span><br />
<span class="event_IRL">26. <a href="/cal.php?id=2500">Irish PHP Users Group meeting</a></span><br />
<span class="event_SAU">27. <a href="/cal.php?id=1316">Arabic PHP Group Meeting</a></span><br />
<span class="event_MYS">27. <a href="/cal.php?id=1708">Malaysia PHP User Group Meet Up</a></span><br />

<span class="event_USA">27. <a href="/cal.php?id=2499">Sandy PHP Group</a></span><br />
<span class="event_USA">29. <a href="/cal.php?id=2662">Miami Linux Meetup</a></span><br />
<h4 class="eventmonth">October</h4>
<span class="event_USA">8. <a href="/cal.php?id=2679">2007 Zend/PHP Conference &amp; Expo</a></span><br />
<h4>User Group Events</h4>

<span class="event_USA">1. <a href="/cal.php?id=2495">PHP Meetup Columbia MD</a></span><br />
<span class="event_USA">2. <a href="/cal.php?id=1745">SW Florida Linux Users Group</a></span><br />
<span class="event_USA">2. <a href="/cal.php?id=1860">PDXPHP monthly meeting</a></span><br />
<span class="event_USA">2. <a href="/cal.php?id=2578">Providence PHP Meetup</a></span><br />
<span class="event_DEU">3. <a href="/cal.php?id=2352">Meeting PHP Usergroup OWL</a></span><br />
<span class="event_USA">3. <a href="/cal.php?id=2682">BostonPHP</a></span><br />

<span class="event_USA">4. <a href="/cal.php?id=109">SDPHP (San Diego, CA)</a></span><br />
<span class="event_DEU">4. <a href="/cal.php?id=272">Hannover</a></span><br />
<span class="event_USA">4. <a href="/cal.php?id=561">Meetup Day</a></span><br />
<span class="event_USA">4. <a href="/cal.php?id=1005">Omaha PHP Users Group Meetup</a></span><br />
<span class="event_GBR">4. <a href="/cal.php?id=1304">PHP London</a></span><br />
<span class="event_USA">4. <a href="/cal.php?id=1624">The Houston PHP Users Group</a></span><br />

<span class="event_USA">4. <a href="/cal.php?id=1632">Boston PHP Meetup</a></span><br />
<span class="event_USA">4. <a href="/cal.php?id=1706">Atlanta PHP User Group</a></span><br />
<span class="event_GBR">4. <a href="/cal.php?id=1795">Manchester UK - PHP Group</a></span><br />
<span class="event_GBR">4. <a href="/cal.php?id=1797">EdPUG - Edinburgh PHP User Group</a></span><br />
<span class="event_AUS">4. <a href="/cal.php?id=1918">Sydney PHP Group meetings</a></span><br />
<span class="event_NZL">4. <a href="/cal.php?id=2017">PHP UG Meetup Auckland</a></span><br />

<span class="event_ZAF">4. <a href="/cal.php?id=2195">Cape Town PHP Users Group</a></span><br />
<span class="event_USA">4. <a href="/cal.php?id=2301">Jacksonville User Group</a></span><br />
<span class="event_USA">4. <a href="/cal.php?id=2418">Seattle PHP Meetup Group</a></span><br />
<span class="event_DNK">4. <a href="/cal.php?id=2734">The Copenhagen PHP Meetup Group</a></span><br />
<span class="event_CAN">4. <a href="/cal.php?id=2760">PHP Quebec - Montreal</a></span><br />
<span class="event_DEU">5. <a href="/cal.php?id=153">K?ln/Bonn</a></span><br />

<span class="event_IRN">5. <a href="/cal.php?id=2663">Iran PHP developer's meetup</a></span><br />
<span class="event_CHN">7. <a href="/cal.php?id=1923">PHP meeting online in China</a></span><br />
<span class="event_BOL">7. <a href="/cal.php?id=2540">meeting de LAMPistas en La Paz</a></span><br />
<span class="event_DEU">9. <a href="/cal.php?id=1385">Hamburg</a></span><br />
<span class="event_USA">9. <a href="/cal.php?id=1523">Dallas PHP/MySQL Users Group</a></span><br />
<span class="event_USA">9. <a href="/cal.php?id=1670">Dallas PHP Users Group (DPUG)</a></span><br />

<span class="event_USA">9. <a href="/cal.php?id=1652">Austin PHP Meetup</a></span><br />
<span class="event_USA">9. <a href="/cal.php?id=1665">OKC PHP Meetup</a></span><br />
<span class="event_USA">9. <a href="/cal.php?id=2238">Seattle PHP Users Group</a></span><br />
<span class="event_USA">10. <a href="/cal.php?id=1395">Wash DC PHP Developers Group</a></span><br />
<span class="event_DEU">10. <a href="/cal.php?id=2503">Stuttgart</a></span><br />
<span class="event_DEU">11. <a href="/cal.php?id=1848">Meeting usergroup Dortmund</a></span><br />

<span class="event_DEU">11. <a href="/cal.php?id=1946">PHP Usergroup Frankfurt/Main</a></span><br />
<span class="event_AUS">11. <a href="/cal.php?id=2670">Melbourne PHP User Group</a></span><br />
<span class="event_CAN">13. <a href="/cal.php?id=1732">PHP User Group Nanaimo, BC/CA</a></span><br />
<span class="event_CHN">13. <a href="/cal.php?id=2580">PEA meeting from phpchina</a></span><br />
<span class="event_USA">16. <a href="/cal.php?id=1738">Madison PHP User's Group</a></span><br />
<span class="event_AUS">16. <a href="/cal.php?id=2246">PHP Brisbane Meetup Group</a></span><br />

<span class="event_USA">17. <a href="/cal.php?id=1545">Miami PHP User Group</a></span><br />
<span class="event_USA">17. <a href="/cal.php?id=1546">Broward Php Usergroup</a></span><br />
<span class="event_USA">17. <a href="/cal.php?id=1847">Nashville PHP Users Group</a></span><br />
<span class="event_USA">17. <a href="/cal.php?id=2208">Chicago PHP User Group Brunch</a></span><br />
<span class="event_USA">18. <a href="/cal.php?id=1704">TriPUG</a></span><br />
<span class="event_USA">18. <a href="/cal.php?id=1719">OINK-PUG (Cincinnati, Ohio)</a></span><br />

<span class="event_USA">18. <a href="/cal.php?id=1820">Utah PHP Users Group Meeting</a></span><br />
<span class="event_USA">20. <a href="/cal.php?id=1131">Kansas City</a></span><br />
<span class="event_USA">20. <a href="/cal.php?id=1346">Miami Linux Users Group</a></span><br />
<span class="event_USA">20. <a href="/cal.php?id=1671">Twin Cities PHP</a></span><br />
<span class="event_USA">20. <a href="/cal.php?id=2449">Los Angeles LAMPsig</a></span><br />
<span class="event_USA">23. <a href="/cal.php?id=409">New York</a></span><br />

<span class="event_USA">23. <a href="/cal.php?id=384">AzPHP</a></span><br />
<span class="event_USA">23. <a href="/cal.php?id=2039">San Antonio PHP Meetup</a></span><br />
<span class="event_SAU">25. <a href="/cal.php?id=1316">Arabic PHP Group Meeting</a></span><br />
<span class="event_MYS">25. <a href="/cal.php?id=1708">Malaysia PHP User Group Meet Up</a></span><br />
<span class="event_USA">25. <a href="/cal.php?id=2499">Sandy PHP Group</a></span><br />
<span class="event_USA">27. <a href="/cal.php?id=2629">Sacramento PHP Group</a></span><br />

<span class="event_USA">27. <a href="/cal.php?id=2662">Miami Linux Meetup</a></span><br />
<span class="event_USA">29. <a href="/cal.php?id=1099">Long Island PHP Users Group</a></span><br />
<span class="event_MYS">30. <a href="/cal.php?id=2527">Malaysia PHP Meetup</a></span><br />
<span class="event_DEU">30. <a href="/cal.php?id=2600">PHP Usergroup Karlsruhe</a></span><br />
<span class="event_DEU">30. <a href="/cal.php?id=2660">PHPUG Wuerzburg</a></span><br />
<span class="event_IRL">31. <a href="/cal.php?id=2500">Irish PHP Users Group meeting</a></span><br />

<span class="event_ESP">1. <a href="/cal.php?id=338">MySQL Spain</a></span><br />
<span class="event_ESP">1. <a href="/cal.php?id=456">Curso PHP Madrid</a></span><br />
<span class="event_DEU">1. <a href="/cal.php?id=641">PHP E-Learning/Germany</a></span><br />
<span class="event_ESP">1. <a href="/cal.php?id=998">Curso on-line ActionScript / PHP</a></span><br />
<span class="event_DEU">1. <a href="/cal.php?id=1198">PHP &amp; MySQL Training in Kassel</a></span><br />

<span class="event_BRA">1. <a href="/cal.php?id=1360">PHP &amp; MySQL com Dreamweaver MX</a></span><br />
<span class="event_ESP">1. <a href="/cal.php?id=1981">Curso on-line de PHP</a></span><br />
<span class="event_BRA">1. <a href="/cal.php?id=2051">PHP &amp; MYSQL-Construindo WebSites</a></span><br />
<span class="event_CAN">1. <a href="/cal.php?id=2738">LAMP training in Ottawa</a></span><br />
<span class="event_ESP">2. <a href="/cal.php?id=841">Curso on-line de PHP-MySQL</a></span><br />

<span class="event_USA">2. <a href="/cal.php?id=1490">PHP Class at CalTek</a></span><br />
<span class="event_IND">3. <a href="/cal.php?id=2144">PHP Training - Chennai - India</a></span><br />
<span class="event_ESP">4. <a href="/cal.php?id=1516">Curso de PHP Avanzado en Bilbao</a></span><br />
<span class="event_BRA">6. <a href="/cal.php?id=2702">PHP &amp; AJAX -Construindo Websites</a></span><br />
<span class="event_IND">7. <a href="/cal.php?id=2023">Ahmedabad PHP Group Training</a></span><br />

<span class="event_ESP">8. <a href="/cal.php?id=1466">PHP para Expertos Curso on-line</a></span><br />
<span class="event_ECU">8. <a href="/cal.php?id=1583">Curso PHP y MySQL</a></span><br />
<span class="event_FRA">8. <a href="/cal.php?id=2560">Formation PHP expert certifie</a></span><br />
<span class="event_CAN">9. <a href="/cal.php?id=2739">LAMP training in Montreal</a></span><br />
<span class="event_CAN">9. <a href="/cal.php?id=2740">Formation LAMP a Quebec</a></span><br />
<span class="event_GBR">10. <a href="/cal.php?id=2763">Using Propel ORM</a></span><br />

<span class="event_DEU">15. <a href="/cal.php?id=1200">PHP &amp; MySQL Training / Gie?en</a></span><br />
<span class="event_USA">15. <a href="/cal.php?id=2745">PHP Boot Camp - travel included!</a></span><br />
<span class="event_ESP">16. <a href="/cal.php?id=1389">Cursos de PHP en Bilbao</a></span><br />
<span class="event_USA">16. <a href="/cal.php?id=2726">PHP 5 Training from NYPHP</a></span><br />
<span class="event_USA">17. <a href="/cal.php?id=2756">PHP/MySQL training San Francisco</a></span><br />

<span class="event_IND">18. <a href="/cal.php?id=2408">Chennai PHP Training</a></span><br />
<span class="event_ZAF">22. <a href="/cal.php?id=2589">PHP Intro Course South Africa</a></span><br />
<span class="event_GBR">23. <a href="/cal.php?id=231">UK PHP Training</a></span><br />
<span class="event_BRA">25. <a href="/cal.php?id=1137">PHP Brasil - Training</a></span><br />
<span class="event_IND">29. <a href="/cal.php?id=2421">Basic PHP Course</a></span><br />
<span class="event_NLD">30. <a href="/cal.php?id=2248">Opleiding PHP Professional</a></span><br />

 <div id="content" class=".">
  <div id="confTeaser">
     <td valign='top' style='white-space: nowrap'>Upcoming conferences:</td>
     <td valign='top'>
      <ul class="conference">

       <li><a href="/conferences/index.php#2007-07-16-01">php|works 2007 in Atlanta</a></li>
       <li><a href="/conferences/index.php#2007-07-25-1">Zend/PHP Conference 2007</a></li>

<br />

<div class="newsItem">
    <a name="2007-08-30-1" id="2007-08-30-1"><h1>PHP 5.2.4 Released</h1></a>
  <span class="newsdate">[30-Aug-2007]</span>
The PHP development team would like to announce the immediate
<a href="/downloads.php#v5">availability of PHP 5.2.4</a>. 
This release focuses on improving the stability of the PHP 5.2.X 
branch with over 120 various bug fixes in addition to resolving 
several low priority security bugs. All users of PHP are encouraged 
to upgrade to this release.

Further details about the PHP 5.2.4 release can be found in the
<a href="/releases/5_2_4.php">release announcement for 5.2.4</a>, the full list of
changes is available in the <a href="/ChangeLog-5.php#5.2.4">ChangeLog for PHP 5</a>.
    <b>Security Enhancements and Fixes in PHP 5.2.4:</b>

    <li>Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)</li>
    <li>Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)</li>
    <li>Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)</li>
    <li>Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)</li>
    <li>Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)</li>
    <li>Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)</li>

    <li>Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)</li>
    <li>Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)</li>
    <li>Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)</li>
    <li>Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)</li>
    <li>Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)</li>
    <li>Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)</li>

    <li>Improved fix for MOPB-03-2007.</li>
    <li>Corrected fix for CVE-2007-2872.</li>
For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is
available <a href="/migration52">here</a>, detailing the changes between
those releases and PHP 5.2.4.

<hr />
<div class="newsItem">
    <a name="2007-07-13-1" id="2007-07-13-1"><h1>PHP 4 end of life announcement</h1></a>
  <span class="newsdate">[13-Jul-2007]</span>
  Today it is exactly three years ago since PHP 5 has been released. In
  those three years it has seen many improvements over PHP 4. PHP 5 is
  fast, stable &amp; production-ready and as PHP 6 is on the way, PHP 4
  will be discontinued.

  The PHP development team hereby announces that support for PHP 4 will
  continue until the end of this year only. After 2007-12-31 there will be no
  more releases of PHP 4.4. We will continue to make critical security fixes
  available on a case-by-case basis until 2008-08-08.  Please use the rest of
  this year to make your application suitable to run on PHP 5. 
  For documentation on migration for PHP 4 to PHP 5, we would like to point you
  to our <a href="/manual/en/migration5.php">migration guide</a>. There is
  additional information available in the <a href="/manual/en/migration51.php">PHP 5.0 to PHP 5.1</a> and <a href="/manual/en/migration52.php">PHP 5.1 to PHP 5.2</a> migration guides as


<hr />
<div class="newsItem">
    <a name="2007-06-01-1" id="2007-06-01-1"><h1>PHP 5.2.3 Released</h1></a>
  <span class="newsdate">[31-May-2007]</span>
The PHP development team would like to announce the immediate <a href="/downloads.php#v5">availability of PHP 5.2.3</a>. 
This release continues to improve the security and the stability of 
the 5.X branch as well as addressing two regressions introduced
by the previous 5.2 releases. These regressions relate to the timeout
handling over non-blocking SSL connections and the lack of
HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to
upgrade to this release.

Further details about the PHP 5.2.3 release can be found in the
<a href="/releases/5_2_3.php">release announcement for 5.2.3</a>, the full list of
changes is available in the <a href="/ChangeLog-5.php#5.2.3">ChangeLog for PHP 5</a>.
    <b>Security Enhancements and Fixes in PHP 5.2.3:</b>

    <li>Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)</li>
    <li>Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)</li>
    <li>Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)</li>
    <li>Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)</li>
    <li>Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.</li>
    <li>Added mysql_set_charset() to allow runtime altering of connection encoding.</li>

For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is
available <a href="/migration52">here</a>, detailing the changes between
those releases and PHP 5.2.3.

<hr />
<div class="newsItem">
    <a name="2007-05-03-1" id="2007-05-03-1"><h1>PHP 5.2.2 and PHP 4.4.7 Released</h1></a>

  <span class="newsdate">[02-May-2007]</span>
 The PHP development team would like to announce the immediate
 <a href="/downloads.php#v5">availability of PHP 5.2.2</a> and
 <a href="/downloads.php#v4">availability of PHP 4.4.7</a>.
 These releases are major stability and security enhancements of the 5.x and
 4.4.x branches, and all users are strongly encouraged to upgrade to it as
 soon as possible.  Further details about the PHP 5.2.2 release can be found
 in the <a href="/releases/5_2_2.php">release announcement for 5.2.2</a>,
 the full list of changes is available in the
 <a href="/ChangeLog-5.php#5.2.2">ChangeLog for PHP 5</a>. Details about
 the PHP 4.4.7 release can be found in the
 <a href="/releases/4_4_7.php">release announcement for 4.4.7</a>, the full
 list of changes is available in the
 <a href="/ChangeLog-4.php#4.4.7">ChangeLog for PHP 4</a>.

    <b>Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:</b>
    <li>Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)</li>
    <li>Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)</li>
    <li>Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser)</li>

    <li>Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser)</li>
    <li>Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)</li>
    <li>Added missing open_basedir &amp; safe_mode checks to zip:// and bzip:// wrappers. (MOPB-21 by Stefan Esser).</li>
    <li>Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)</li>
    <li>Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev)</li>

    <b>Security Enhancements and Fixes in PHP 5.2.2 only:</b>
    <li>Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser)</li>
    <li>Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)</li>

    <li>Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia)</li>
    <li>Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (by Ilia Alshanetsky)</li>
    <li>Fixed a buffer overflow inside user_filter_factory_create(). (by Ilia Alshanetsky)</li>
    <li>Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser)</li>
    <li>Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser)</li>

    <b>Security Enhancements and Fixes in PHP 4.4.7 only:</b>
    <li>XSS in phpinfo() (MOPB-8 by Stefan Esser)</li>
 While majority of the issues outlined above are local, in some
 circumstances given specific code paths they can be triggered externally.
 Therefor, we strongly recommend that if you use code utilizing the
 functions and extensions identified as having had vulnerabilities in them,
 you consider upgrading your PHP.

 For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is
 available <a href="/migration52">here</a>, detailing the changes between
 those releases and PHP 5.2.2.
  <p><strong>Update: May 4th;</strong> The PHP 4.4.7 Windows build was updated due to the faulty Apache2 module shipped with the original</p>
  <p><strong>Update: May 23th;</strong> By accident a couple of fixes where listed as fixed in both PHP 5.2.2 and 4.4.7 but where however only fixed in PHP 5.2.2. The PHP 4 ChangeLog was not affected.</p>


<hr />
<div class="newsItem">
    <a name="2007-04-14-1" id="2007-04-14-1"><h1>The Google Summer of Code</h1></a>
  <span class="newsdate">[13-Apr-2007]</span>
    The PHP team is once again proud to participate in the 
    <a href="">Google Summer of Code</a>.
    Seven students will "flip bits instead of burgers" this summer:

        Mentored by Michael Wallner, Hannes Magnusson will work on
        <a href="">LiveDocs</a>, which is a
        "tool to display DocBook XML files in a web browser on the
        fly, without the need of building all HTML target files first".
        This project will be of great value to the PHP Documentation Team.
        The PHP Interpreter uses reference counting to keep track of which
        objects are no longer referenced and thus can be destroyed. A major
        weakness in the current implementation is that it cannot detect
        reference cycles, that is objects that reference each other in a
        circular graph structure which is not referenced itself from outside
        the circle. Mentored by Derick Rethans, David Wang will implement a
        new reference counting algorithm that will alleviate this problem.
    <li><a href="">Xdebug</a> provides a range of useful
        functionality for PHP developers, including detailed error information,
        code coverage and profiling support, and support for remote debugging
        using the GDB and DBGp protocols. Mentored by Xdebug's creator,
        Derick Rethans, Adam Harvey will develop a cross-platform GUI
        application that implements the DBGp protocol and allows PHP
        applications to be debugged using Xdebug in a development environment
        agnostic fashion.

	    Mentored by Lukas Smith, Konsta Vesterinen will work on the
        object-relational mapper <a href="">Doctrine</a>.
        Mutation Testing, or Automated Error Seeding, is an approach where
        the testing tool makes some change to the tested code, runs the tests,
        and if the tests pass displays a message saying what it changed. This
        approach is different than code coverage analysis, because it can find
        code that is executed by the running of tests but not actually tested.
        Mentored by Sebastian Bergmann, Mike Lewis will implement Mutation
        Testing for <a href="">PHPUnit</a>.
        Mentored by Helgi ?ormar ?orbj?rnsson, Igor Feghali will add support
        for foreign keys to
        <a href="">MDB2_Schema</a>,
        a package that "enables users to maintain RDBMS independant schema
        files in XML that can be used to create, alter and drop database
        entities and insert data into a database".

        Mentored by David Coallier, Nicolas B?rard-Nault will refactor the
        internals of <a href="">Jaws</a>, a
        Framework and Content Management System for building dynamic web sites,
        for PHP 6.

<hr />
<div class="newsItem">
    <a name="2007-03-01-1" id="2007-03-01-1"><h1>PHP 4.4.6 Released</h1></a>

  <span class="newsdate">[28-Feb-2007]</span>
    The PHP development team would like to announce the immediate
    <a href="/downloads.php#v4">availability of PHP 4.4.6</a>.
    The main issue that this release addresses is a crash problem that was
    introduced in PHP 4.4.5.  The problem occurs when session variables are used
    while register_globals is enabled.

    Details about the PHP 4.4.6 release can be found in the
    <a href="/releases/4_4_6.php">release announcement for 4.4.6</a>,
    the full list of changes is available in the
    <a href="/ChangeLog-4.php#4.4.6">ChangeLog for PHP 4</a>.

<hr />
<div class="newsItem">
    <a name="2007-02-08-2" id="2007-02-08-2"><h1>PHP 5.2.1 and PHP 4.4.5 Released</h1></a>

  <span class="newsdate">[07-Feb-2007]</span>
  The PHP development team would like to announce the immediate
  <a href="/downloads.php#v5">availability of PHP 5.2.1</a> and
  <a href="/downloads.php#v4">availability of PHP 4.4.5</a>.
  These releases are major stability and security enhancements of the 5.x and
  4.4.x branches, and all users are strongly encouraged to upgrade to it as
  soon as possible.  Further details about the PHP 5.2.1 release can be found in
  the <a href="/releases/5_2_1.php">release announcement for 5.2.1</a>, the full list of
  changes is available in the <a href="/ChangeLog-5.php#5.2.1">ChangeLog for PHP
   5</a>. Details about the PHP 4.4.5 release can be found in the
  <a href="/releases/4_4_5.php">release announcement for 4.4.5</a>, the full list of
  changes is available in the <a href="/ChangeLog-4.php#4.4.5">ChangeLog for PHP 4</a>.

    <b>Security Enhancements and Fixes in PHP 5.2.1 and PHP 4.4.5:</b>
    <li>Fixed possible safe_mode &amp; open_basedir bypasses inside the session extension.</li>
    <li>Fixed unserialize() abuse on 64 bit systems with certain input strings.</li>

    <li>Fixed possible overflows and stack corruptions in the session extension.</li>
    <li>Fixed an underflow inside the internal sapi_header_op() function.</li>
    <li>Fixed non-validated resource destruction inside the shmop extension.</li>
    <li>Fixed a possible overflow in the str_replace() function.</li>
    <li>Fixed possible clobbering of super-globals in several code paths.</li>
    <li>Fixed a possible information disclosure inside the wddx extension.</li>

    <li>Fixed a possible string format vulnerability in *print() functions on 64 bit systems.</li>
    <li>Fixed a possible buffer overflow inside ibase_{delete,add,modify}_user() functions.</li>
    <li>Fixed a string format vulnerability inside the odbc_result_all() function.</li>
    <b>Security Enhancements and Fixes in PHP 5.2.1 only:</b>

    <li>Prevent search engines from indexing the phpinfo() page.</li>
    <li>Fixed a number of input processing bugs inside the filter extension.</li>
    <li>Fixed allocation bugs caused by attempts to allocate negative values in some code paths.</li>
    <li>Fixed possible stack/buffer overflows inside zip, imap &amp; sqlite extensions.</li>
    <li>Fixed several possible buffer overflows inside the stream filters.</li>

    <li>Memory limit is now enabled by default.</li>
    <li>Added internal heap protection.</li>
    <li>Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.</li>
    <b>Security Enhancements and Fixes in PHP 4.4.5 only:</b>

    <li>Fixed possible overflows inside zip &amp; imap extensions.</li>
    <li>Fixed a possible buffer overflow inside mail() function on Windows.</li>
    <li>Unbundled the ovrimos extension.</li>

The majority of the security vulnerabilities discovered and resolved can in
most cases be only abused by local users and cannot be triggered remotely.
However, some of the above issues can be triggered remotely in certain
situations, or exploited by malicious local users on shared hosting setups
utilizing PHP as an Apache module. Therefore, we strongly advise all users of
PHP, regardless of the version to upgrade to the 5.2.1 or 4.4.5 releases as soon as possible.
For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is
available <a href="/migration52">here</a>, detailing the changes between
those releases and PHP 5.2.1.
  <p><strong>Update: Feb 14th;</strong> Added release information for PHP
  <p><strong>Update: Feb 12th;</strong> The Windows install package had problems
with upgrading from previous PHP versions. That has now been fixed and new file
posted in the <a href="/downloads.php">download section</a>.</p>


<hr />
<div class="newsItem">
    <a name="2007-02-08-1" id="2007-02-08-1"><h1>The front page has changed</h1></a>
  <span class="newsdate">[07-Feb-2007]</span>
    The news on the front page of has changed, the <a href="/conferences/">conference announcements</a> are now located on their own page.
    The idea is to keep specific news clear and also opens the door for additional news entries, like for RC releases. More changes are on the way so keep an eye out.


<hr />
<div class="newsItem">
    <a name="2007-02-03-1" id="2007-02-03-1"><h1>PHP Manual Updates</h1></a>
  <span class="newsdate">[02-Feb-2007]</span>
  <p>The PHP documentation team is proud to present to the PHP community a few fixes and tweaks to the <a href="/manual/en/">PHP Manual</a>, including:</p>

    <li>an improved, XSL-based build system that will deliver compiled manuals to mirrors in a more timely manner (goodbye dsssl)</li>
    <li>manual pages can now contain images (see <code><a href="/en/function.imagearc">imagearc()</a></code> for an example)</li>
    <li>updated function version information and capture system (fewer "no version information, might be only in CVS" messages)</li>
    <li>... and more to come!</li>

  <p>Please <a href="/about.howtohelp">help us improve the documentation</a> by <a href="">submitting bug reports</a>, and adding notes to undocumented functions.</p>

<hr />

<p class="center"><a href="/archive/index.php">News Archive</a></p>

 <div class="cleaner">&nbsp;</div>

<div id="footnav">
 <a href="/news.rss">RSS</a> | <a href="/source.php?url=/index.php">show source</a> |
 <a href="/credits.php">credits</a> |
 <a href="/stats/">stats</a> |
 <a href="/sitemap.php">sitemap</a> |
 <a href="/contact.php">contact</a> |
 <a href="/contact.php#ads">advertising</a> |
 <a href="/mirrors.php">mirror sites</a>


<div id="pagefooter">
 <div id="copyright">
  <a href="/copyright.php">Copyright &copy; 2001-2007 The PHP Group</a><br />
  All rights reserved.

 <div id="thismirror">
  <a href="/mirror.php">This mirror</a> generously provided by:
  <a href="">Yahoo! Inc.</a><br />

  Last updated: Wed Sep 12 14:41:56 2007 PDT


Actual result:
string(0) ""


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2007-09-12 18:07 UTC] mattsch at gmail dot com
Changing php version.
 [2007-09-17 05:12 UTC]
Thank you for taking the time to write to us, but this is not
a bug.

HttpRequest uses http_build_url() internally which expands URLs without path with the current scripts path.
 [2007-09-17 09:56 UTC] mattsch at gmail dot com
Could you elaborate more?  I don't understand your explanation.  You're saying that if I specify a domain without a forward slash, it assumes I want to open the script file that created the request?  Most http clients that I have seen (like Firefox) automatically append a / to the url and you're saying that this is not the case for this extension?
 [2007-09-17 10:03 UTC] mattsch at gmail dot com
Could you also point to where this unusual behavior is documented since I don't seem to see it mentioned in the php documentation?
 [2007-09-18 03:56 UTC]
Changed type to FR.

Implemented in HEAD.
 [2010-01-20 09:03 UTC] joke at trash2009 dot com - best casinos online
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jun 25 11:01:32 2024 UTC