Some of the key changes include:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the
tempnam() function.
* Enforce safe_mode for the source parameter of the copy() function.
* Fixed cross-site scripting inside the phpinfo() function.
* Fixed offset/length parameter validation inside the substr_compare()
function.
* Fixed a heap corruption inside the session extension.
* Fixed a bug that would allow variable to survive unset().
* Fixed a number of crashes in the DOM, SOAP and PDO extensions.
* Upgraded bundled PCRE library to version 6.6
* The use of the var keyword to declare properties no longer raises
a deprecation E_STRICT.
* FastCGI interface was completely reimplemented.
* Multitude of improvements to the SPL, SimpleXML, GD, CURL and
Reflection extensions.
* Over 120 various bug fixes.
See release annoucement on:
http://www.php.net/release_5_1_3.php
And ChangeLog:
http://www.php.net/ChangeLog-5.php#5.1.3
* HTTP Response Splitting has been addressed in ext/session and in
the header() function.
* Fixed format string vulnerability in ext/mysqli.
* Fixed possible cross-site scripting problems in certain error conditions.
* Hash & XMLWriter extensions added and enabled by default.
* Upgraded OCI8 extension.
* Over 85 various bug fixes.
(I haven't heard anything from the MAINTAINER but since this works fine
on my servers and as this fixes security issues I checked in this)
and to uncomment and explicitly set upload_tmp_dir, so that this works
out of box (patches adapted from www/php4)
pointed out by Martti Kuparinen on tech-pkg@
* A complete rewrite of date handling code, with improved timezone support.
* Significant performance improvements compared to PHP 5.0.X.
* PDO extension is now enabled by default (separate pkg for pkgsrc)
* Over 30 new functions in various extensions and built-in functionality.
* Bundled libraries, PCRE and SQLite upgraded to latest versions.
* Over 400 various bug fixes.
* PEAR upgraded to version 1.4.5
This release also fixes various security problems discovered in 5.0.X.
