At Sep-18 23:44:17UTC, they released PHP5.5.4.
They say this release fixes several bugs against PHP 5.5.3. ( ChangeLog )
I downloaded a Thread Safe version php-5.5.4-Win32-VC11-x86.zip for my server (Windows7HP+SP1(x86)). It requires VC11. If you don’t have VC11 on your Windows, you must install vcredist_x__.exe before the PHP configuration.
The text in the file php.ini-production is slightly changed.
About short_open_tag
———————————————————————————————————————————————
On PHP5.5.3 —
; This directive determines whether or not PHP will recognize code between
; <? and ?> tags as PHP source which should be processed as such. It’s been
; recommended for several years that you not use the short tag “short cut” and
; instead to use the full <?php and ?> tag combination. With the wide spread use
; of XML and use of these tags by other languages, the server can become easily
; confused and end up parsing the wrong code in the wrong context. But because
; this short cut has been a feature for such a long time, it’s currently still
; supported for backwards compatibility, but we recommend you don’t use them.
———————————————————————————————————————————————
On PHP5.5.4 —
; This directive determines whether or not PHP will recognize code between
; <? and ?> tags as PHP source which should be processed as such. It is
; generally recommended that <?php and ?> should be used and that this feature
; should be disabled, as enabling it may result in issues when generating XML
; documents, however this remains supported for backward compatibility reasons.
; Note that this directive does not control the [PHP-DEV] Is it true that short_open_tag is deprecated in PHP 6?“.
And, about session.use_strict_mode, which finally showed up.
———————————————————————————————————————————————
On PHP5.5.3 —
Nothing
———————————————————————————————————————————————
On PHP5.5.4 —
; Whether to use strict session mode.
; Strict session mode does not accept uninitialized session ID and regenerate
; session ID if browser sends uninitialized session ID. Strict mode protects
; applications from session fixation via session adoption vulnerability. It is
; disabled by default for maximum compatibility, but enabling it is encouraged.
; https://wiki.php.net/rfc/strict_sessions
session.use_strict_mode = 0
———————————————————————————————————————————————
As the official PHP binary includes php5apache2_4.dll, I extract the zip archive and replace all PHP5.5.3 files with all PHP5.5.4 files except my php.ini. Then, I restart my Apache. That’s it.
If you need how to configure PHP5.5, please see the post. It is for a mbstrings user, but the information gives some help for you.
Edit(9/21):
I tried this script to be sure that “Note that this directive does not control the <?= shorthand tag, which can be used regardless of this directive.”.
———————————————
<? echo “1. Can I use this directive?”; ?>
<br>
<?php echo “2. Can I use this directive?”; ?>
<br>
<?= “3. Can I use this directive?”; ?>
———————————————
The answer was the below.
2. Can I use this directive?
3. Can I use this directive?
———————————————
In my php.ini, the short tag “short cut” is disabled, but the shorthand tag is available despite it. The PHP manual reads;
| Note:
This directive also affected the shorthand <?= before PHP 5.4.0, which is identical to <? echo. Use of this shortcut required short_open_tag to be on. Since PHP 5.4.0, <?= is always available. |