Sie sind hier: PHP-Versionen > PHP 7 > PHP 7.0

PHP 7.0.0 wurde am 03.12.2015 herausgebracht. Im folgenden erhalten Sie einen kurzen Überblick welche Änderungen in diesem Patch enthalten waren. Bei Interesse kann auch das ausführliche Änderungsprotokoll eingesehen werden.

INI parser segfault with INI_SCANNER_TYPED
zend_throw_or_error() format string vulnerability
Null ptr dereference instantiating class with invalid array property
null ptr deref and segfault with crafted calable
Segmentation fault while running PHPUnit tests on phpBB 3.2-dev
Segmentation faults whilst running Drupal 8 test suite
Persistent Stream Segmentation Fault
Several functions do not check return code of php_stream_copy_to_mem()
Incorect logic to increment_function for proxy objects
Regression in zend_fetch_debug_backtrace() can cause segfaults
Regression on private static properties access
Segfault in ini_lex () at Zend/zend_ini_scanner.l
Exception handler does not work as expected
Stack buffer overflow in zend_language_parser()
null ptr deref and segfault (zend_get_class_fetch_type)
Infinite loop due to exception during identical comparison
Closure::call/bind() crash with ReflectionFunction-> getClosure()
Duplicate array key via undefined index error handler
Segfault when binding $this of internal instance method to null
Segfault for getClosure() internal method rebind with invalid $this
Memleak on return type verifying failed
fun_get_arg() on unsetted vars return UNKNOW
Redundant information printed in case of uncaught engine exception
unsetting function variables corrupts backtrace
assert() with instanceof adds apostrophes around class name
Memory leak in auto_global_copy_ctor() in ZTS build
Memory leak in php_ini.c
**= does no longer work
SIGSEGV, Segmentation fault zend_ast_destroy_ex
Wrong behavior while returning reference on object
Syntactical inconsistency with new group use syntax
Magic getter breaks reference to array property
Notice: unserialize(): Unexpected end of serialized data
From field incorrectly parsed from headers
Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions
Fixed bug causing exception traces with anon classes to be truncated
Segmentation fault when using Closure::call and yield
Memleak while assigning object offsetGet result
Apache crash related to ZEND_SEND_REF
Accessing array crashes PHP 7.0beta3
Segfault if do_resize fails to allocated memory
segfault at _efree () in zend_alloc.c:1389
Segfault when doing unset($var());
Incrementing value returned by magic getter
Segfault when __invoke is static
Finally is broken with opcache
ZVAL_COPY_VALUE_EX broken for 32bit Solaris Sparc
SAPI may truncate POST data
Checking liveness does not work as expected
Skipped assertions affect Generator returns
Creating a huge array doesn't result in exhausted, but segfault
Fixed "finally" issues
Real memory usage doesn't decrease
__CLASS__ is lost in closures
Segfault in zend_find_alias_name
null ptr deref / seg fault in ZEND_HANDLE_EXCEPTION
Unexpected return type error
Inheritance by anonymous class
SIGSEGV array.c:953
__COMPILER_HALT_OFFSET__ under namespace is not defined
sometimes empty $_SERVER['QUERY_STRING']
$this refcount issue
'asm' operand has impossible constraints
null pointer deref (segfault) in zend_eval_const_expr
Remotely triggerable stack exhaustion via recursive method calls
Different arrays compare indentical due to integer key truncation
unserialize() could lead to unexpected methods execution / NULL pointer deref
Build failure on 32-bit Mac OS X 10.6.8: recursive inlining
Exception lost with nested finally block
Changing the property of a cloned object affects the original
Use after free with assign by ref to overloaded objects
cli - function with default arg = STDOUT crash output
Segfault in gc_collect_cycles()
Segfault when trying to combine [] and assign-op on ArrayAccess object
Different ways of handling div/mod/intdiv
Too long timeout on pipes
uninitialised value in strtr with array
Invalid read of size 1 in zend_compile_short_circuiting
Broken output of apache_request_headers
iconv_substr() doesn't work with UTF-16BE
PHP 7.0.0alpha1 segmentation fault when exactly 33 extensions are loaded
null ptr deref and seg fault in zend_resolve_class_name
Reflection on Closure::__invoke borks type hint class name
Serialization of anonymous classes should be prevented
parse_ini_file() and parse_ini_string() segmentation fault
phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business"
phpinfo() does not report many Windows SKUs
Null coalesce operator doesn't work for string offsets
Unexpected array comparison result
Different arrays compare indentical due to integer key truncation
Strict comparison between integer and empty string keys crashes
Default parameter value with wrong type segfaults
Fatal error: Nesting level too deep - recursive dependency ? with ===
Item added to array not being removed by array_pop/shift
Add support for $callable() sytnax with 'Class::method'
Double free on zend_list_dtor
Segfault on magic method __call of private method in superclass
Fixed weird operators behavior. Division by zero now emits warning and returns +/-INF, modulo by zero and intdid() throws an exception, shifts by negative offset throw exceptions. Compile-time evaluation of division by zero is disabled.
Hash table collision leads to inaccessible array keys
Invalid read of size 8 in zend_std_read_property
segfault in Zend/zend_hash.c in function _zend_hash_del_el
Closure executed via static autoload incorrectly marked as static
Cannot access static::class in lambda, writen outside of a class
call a private function in closure failed
Segfault when calling phpversion('spl')
Garbage collector can free zvals that are still referenced
Fixed oversight where define() did not support arrays yet const syntax did
Number 2.2250738585072012e-308 converted incorrectly
Off-by-one buffer overflow in php_sys_readlink
CLI server
404 on urls with '+'
CLI server directory traversal
php -S changes MKCALENDAR request method to MKCOL
304 responses return Content-Type header
Casting object to bool returns false
Segmentation Fault with multiple "curl_copy_handle"
curl_setopt_array() type confusion
curl_getinfo() returns corrupted values
Segmentation fault in curl_getinfo
Segfault in curl_multi_exec
strtotime does not emit warning when 2nd parameter is object or string
DateInterval::__construct.interval_spec is not supposed to be optional
new DateTimeZone($foo) is ignoring text after null byte
Fixed day_of_week function as it could sometimes return negative values internally
dba_delete returns true on missing item (inifile)
useless comparisons
"Couldn't fetch" error in DOMDocument::registerNodeClass()
Assigning to DOMNode::textContent does additional entity encoding
Segmenation fault (access violation) when iterating over DOMNodeList
Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes
libmagic: don't assume char is signed
"php-fpm -i" crashes
HTTP Authorization Header is sometimes passed to newer reqeusts
Unknown admin values segfault pools
Cannot specify config lines longer than 1024 bytes
FTPS support on Windows
imagerectangle problem with point ordering
Stack overflow with imagefilltoborder
imagecreatefromwebm() shifts colors
imagewebp() doesn't pad to even length
imagerotate by -90 degrees truncates image by 1px
imagescale(..., IMG_BICUBIC) leaks memory
imagescale segfault with palette based image
Zero-height rectangle has whiskers
imagecrop() add a black line when cropping
copy 'n paste error
PHP segfaults in imagexbm
gd_info() doesn't report WebP support
imagegammacorrect function loses alpha channel
Use after free vulnerability in unserialize() with GMP
HAVAL gives wrong hashes in specific cases
Building with static imap fails
curl multi leaking memory
IntlChar::foldCase() incorrect arguments and missing constants
IntlChar::forDigit second parameter should be optional
json_decode produces invalid byte-sequences
json_decode() Fatal error: Cannot access property started with ''
JSON extension includes a problematic license statement
json_decode() decodes empty string without error
Fixed handling of big lines in error messages with libxml >= 2.9.0
mcrypt_encrypt() won't return data when no IV was specified under RC4
mcrypt fd caching not working
Fixed possible read after end of buffer and use after free
constructor of mysqli has wrong name
SQL Result Sets With NULL Can Cause Fatal Memory Errors
mysqli_real_query():Unknown type 245 sent by the server
mysqlnd doesn't activate TCP keep-alive when connecting to a server
segfault in mysqlnd_connect
mysqli_stmt::fetch doesn't assign null values to bound variables
Fixed memory leak with LOBs
OCI int overflow
Corrected oci8 hash destructors to prevent segfaults, and a few other fixes
PHP segfaults when accessing nvarchar(max) defined columns
require() statement broken after opcache_reset() or a few hours of use
Segmentation fault on MacOSX with opcache.file_cache_only=1
Undefined Symbols from on Mac OS X 10.10
Fixed compatibility with Windows 10
Warning Internal error: wrong size calculation
Empty while and do-while segmentation fault with opcode on CLI enabled
Segfault when a function uses both an explicit return type and an explicit cast
Build fails when building for i386
Crash with opcache using opcache.file_cache_only=1
Wrong size calculation for function table
segfault with eval and opcache fast shutdown
Fixed bug with try blocks being removed when extended_info opcode generation is turned on
strlen incorrect : mbstring + func_overload=2 +UTF-8 + Opcache
Lookup for openssl.cnf causes a message box
openssl extension does not get the DH parameters from DH key resource
Missing ARG_INFO for openssl_seal()
openssl_seal fails with AES
openssl_random_pseudo_bytes() is not cryptographically secure
OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra cert
Can't compile on NetBSD because of missing WCONTINUED and WIFCONTINUED
pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL
Incorrect bump-along behavior with K and empty string match
Multiple vulnerabilities related to PCRE functions
Incorrect bump-along behavior with K and empty string match
preg_replace: * qualifier on unicode replace garbles the string
Segfault in preg_replace_callback
Segmentation fault in pdo_parse_params() during Drupal 8 test suite
PDO constructor changes unrelated variables
Segfault in pdo_mysql
persistent sqlite connection + custom function segfaults
./configure fails with "Cannot find php_pdo_driver.h"
Segmentation fault on nextRowset
Add new PDO mysql connection attr to control multi statements option
PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u
Null pointer dereference in phar_get_fp_offset()
Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"
Improved fix for: Buffer Over flow when parsing tar/zip/phar in phar_set_inode
Files extracted from archive may be placed outside of destination directory
incorrect exit code in -rr mode with Exceptions
phpdbg must respect set_exception_handler
Run and quit mode (-qrr) should not fallback to interactive mode
Help overview (-h) does not rpint anything under Windows
PHP won't compile on 10.4 and 10.5 because of missing constants
FASYNC not defined, needs sys/file.h include
Segfault when displaying memory leaks
Wrong docblock assignment
ReflectionFunction::getClosure() leaks memory when used for internal functions
Fixed bug causing bogus traces for ReflectionGenerator::getTrace()
Fixed inheritance chain of Reflector interface
Segmentation fault when regenerating session id with strict mode
Session read causes "String is not zero-terminated" error
Reference to $_SESSION is lost after a call to session_regenerate_id()
Data integrity issues accessing superglobals by reference
Regression in session_regenerate_id() is a bash-script
Segfault in soap / type_to_string
SoapClient systematic out of memory error
Segmentation fault if wsdl has no targetNamespace attribute
Segmentation fault inside soap client
SOAP Client generates Segfault
SOAP serialize_function_call() type confusion / RCE
SoapClient info leak / null pointer dereference via multiple type confusions
Segmentation fault after more than 100 SoapClient calls
make_http_soap_request calls zend_hash_get_current_key_ex(,,,NULL)
Segmentation fault on SoapClient::__getTypes
ArrayObject unserialize does not restore protected fields
SplFixedArray throws exception when using ref variable as index
PCRE JIT and pattern reuse segfault
Incorrect ArrayObject serialization if unset is called in serialize()
Cloning SplPriorityQueue leads to memory leaks
Incorrect constructor reflection for ArrayObject
Dangling pointer in the unserialization of ArrayObject items
Use After Free Vulnerability in unserialize() with SPLArrayObject
Use After Free Vulnerability in unserialize() with SplObjectStorage
Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
MutlitpleIterator array-keys incompatible change in PHP 7
Use-after-free vulnerability in spl_recursive_it_move_forward_ex()
ArrayObject with ARRAY_AS_PROPS broken
RecursiveDirectoryIterator::CURRENT_AS_PATHNAME breaks the RecursiveIterator
Memory leak in sqlite3_do_callback
Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()
segfault when manually constructing SQLite3Result
SQLite3Result::fetchArray declares wrong required_num_args
Fixed count on symbol tables
Unserialize shows UNKNOWN in result
extract() breaks variable references
array_merge_recursive corrupts memory of unset items
strtr() causes invalid writes and a crashes
array_keys() doesn't respect references when $strict is true
pack('x') produces an error
changing configuration with ignore_user_abort(true) isn't working
Segmentation fault with setrawcookie
setcookie() conditional for empty values not met
Use-after-free vulnerability in unserialize() with SplObjectStorage
Use-after-free vulnerability in unserialize() with SplDoublyLinkedList
extract() turns array elements to references
php 7 ZEND_HASH_IF_FULL_DO_RESIZE use after free
Assert breaking access on objects
str_ireplace/php_string_tolower - Arbitrary Code Execution
scandir duplicates file name at every 65535th file
Repeated iptcembed() adds superfluous FF bytes
exec does not strip all whitespace
get_browser fails with user agent of null
Unable to parse "all" urls with colon char
escapeshell*() doesn't cater to !
Truncating entire string should result in string
Passing parameters by reference and array_column
Cookie name cannot be empty
php_copy_file_ex does not pass the argument
Regression in array_filter's $flag argument in PHP 7
Fixed user session handlers (See rfc:session.user.return-value)
flock() out parameter not set correctly in windows
password_verify reports back error on PHP7 will null string
HTTP stream wrapper doesn't close keep-alive connections
convert.base64-encode omits padding bytes
token_get_all has new irrecoverable errors
XmlReader read generates extra output
xmlrpc_set_type returns false on success
PHP7 returns true when false is expected
XSLT: free(): invalid pointer
NULL pointer dereference
The XSLT extension is not thread safe
ZipArchive::close() doesn't indicate errors
ZipArchive::extractTo allows for directory traversal when creating directories
ZipArchive::getStream() returns NULL for certain file
Implementierung FR
phpinfo: PHP Variables with $ and single quotes
E_RECOVERABLE_ERROR when output buffering in output buffering handler
Added DateTime::RFC3339_EXTENDED to output in RFC3339 Extended format which includes fraction of seconds
Split main fpm config
Add IV parameter for openssl_seal and openssl_open
Added wifcontinued and wcontinued
SplPriorityQueue/SplHeap doesn't expose extractFlags nor curruption state
Allow "dirname" to go up various times
Added zend_internal_function.reserved[] fields
Improved zend_string API
Improved __call() and __callStatic() magic method handling. Now they are called in a stackless way using ZEND_CALL_TRAMPOLINE opcode, without additional stack frame.
Optimized strings concatenation
Added PHP_INT_MIN constant
Added Closure::call() method
Implemented the RFC `Catchable "Call to a member function bar() on a non-object"`
Added options parameter for unserialize allowing to specify acceptable classes
Removed ZEND_ACC_FINAL_CLASS, promoting ZEND_ACC_FINAL as final class modifier
is_long() & is_integer() is now an alias of is_int()
Added ?? operator
Added <=> operator
Added u{xxxxx} Unicode Codepoint Escape Syntax
Use "integer" and "float" instead of "long" and "double" in ZPP, type hint and conversion error messages
Removed scoped calls of non-static methods from an incompatible $this context
Removed support for #-style comments in ini files
Removed support for assigning the result of new by reference
Invalid octal literals in source code now produce compile errors, fixes PHPSadness #31
Removed dl() function on fpm-fcgi
Removed support for hexadecimal numeric strings
Removed obsolete extensions and SAPIs. See the full list in UPGRADING
Added NULL byte protection to exec, system and passthru
Added error_clear_last() function
Improved zend_qsort(using hybrid sorting algo) for better performance, and also renamed zend_qsort to zend_sort
Added stable sorting algo zend_insert_sort
Improved zend_memnchr(using sunday algo) for better performance
Implemented the RFC `Scalar Type Decalarations v0.5`
Implemented the RFC `Group Use Declarations`
Implemented the RFC `Continue Output Buffering`
Implemented the RFC `Constructor behaviour of internal classes`
Implemented the RFC `Fix "foreach" behavior`
Implemented the RFC `Generator Delegation`
Implemented the RFC `Anonymous Class Support`
Implemented the RFC `Context Sensitive Lexer`
CLI server
Refactor MIME type handling to use a hash table instead of linear search
Update the MIME type list from the one shipped by Apache HTTPD
Added support for SEARCH WebDav method
Removed support for unsafe file uploads
Removed $is_dst parameter from mktime() and gmmktime()
Removed date.timezone warning
Added "v" DateTime format modifier to get the 3-digit version of fraction of seconds
Made DOMNode::textContent writeable
Replace libvpx with libwebp for bundled libgd
Made fontFetch's path parser thread-safe
Removed T1Lib support
Removed deprecated aliases datefmt_set_timezone_id() and IntlDateFormatter::setTimeZoneID()
Replace non-free JSON parser with a parser from Jsond extension
Updated LiteSpeed SAPI code from V5.5 to V6.6
Removed mcrypt_generic_end() alias
Removed mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb(), mcrypt_ofb()
Attmpt to fix "Unable to reattach to base address" problem
Removed opcache.load_comments configuration directive. Now doc comments loading costs nothing and always enabled
Added experimental (disabled by default) file based opcode cache
Require at least OpenSSL version 0.9.8
Added "alpn_protocols" SSL context option allowing encrypted client/server streams to negotiate alternative protocols using the ALPN TLS extension when built against OpenSSL 1.0.2 or newer. Negotiated protocol information is accessible through stream_get_meta_data() output
Removed "CN_match" and "SNI_server_name" SSL context options. Use automatic detection or the "peer_name" option instead
Added usage support to pcntl_wait() and pcntl_waitpid()
Removed support for the /e (PREG_REPLACE_EVAL) modifier
Added ReflectionGenerator class
Added reflection support for return types and type declarations
Changed ArrayIterator implementation using zend_hash_iterator_... API. Allowed modification of iterated ArrayObject using the same behavior as proposed in `Fix "foreach" behavior`. Removed "Array was modified outside object and internal position is no longer valid" hack
Implemented the RFC `Random Functions Throwing Exceptions in PHP 7`
Removed call_user_method() and call_user_method_array() functions
Added intdiv() function
Improved precision of log() function for base 2 and 10
Remove string category support in setlocale()
Remove set_magic_quotes_runtime() and its alias magic_quotes_runtime()
Added preg_replace_callback_array function
Deprecated salt option to password_hash
Added Windows support for getrusage()
Removed hardcoded limit on number of pipes in proc_open()
Removed set_socket_blocking() in favor of its alias stream_set_blocking()
Removed xsl.security_prefs ini option
Added deflate_init(), deflate_add(), inflate_init(), inflate_add() functions allowing incremental/streaming compression/decompression
Added ZipArchive::setCompressionName and ZipArchive::setCompressionIndex methods
Update bundled libzip to 1.0.1

Changelog Quelle