* master: (41 commits)
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
Update copyright year to 2014
NEWS
Fix Request #67453 Allow to unserialize empty data.
Update copyright year to 2014
Update copyright year for re2c generated files
Update copyright year to 2014
Update copyright year for re2c files as well
Fix patch for bug #67436
fix failed test
Fix test on modern distro where old unsecure algo are disabled in openssl config. Testing recent algo should be enough to check this function.
Added tests for bug 67436
Fixed wrong XFAIL test - already fixed
Fix typo in Bug #67406 NEWS entry
Fix typo in Bug #67406 NEWS entry
...
Conflicts:
Zend/zend_compile.c
ext/session/session.c
ext/standard/array.c
ext/standard/http_fopen_wrapper.c
tests/classes/bug63462.phpt
Up until now the session cookie used "HttpOnly" to indicate cookies
only available through HTTP while setcookie() used "httponly". The
relevant RFC 6265 claims that case does not matter for this token,
but only explicitely mentions "HttpOnly". Thus this seems like a
logical choice when streamlining the code.
Also the setcookie implementation now uses the same string constants
as the session extension for other tokens like Max-Age or the domain
attribute.
This change poses a slight risk of backwards incompatibility in places
where people deliberately ignore chapter 5.2.5 of RFC 6265 and perform
case-sensitive checks for the HttpOnly attribute.
requests--let's see what I can dig out of the bugtracker for NEWS--
and while crossing the road:
* implemented new zlib API
* fixed up ext/tidy (what was "s&" in zend_parse_parameters() supposed to do?)
Thanks to Jani and Felipe for pioneering.
* Removed ini options, safe_mode*
* Removed --enable-safe-mode --with-exec-dir configure options on Unix
* Updated extensions, SAPI's and core
* php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore