changelog

Joomla!是一套获得过多个奖项的内容管理系统(Content Management System, CMS)。Joomla!采用PHP+MySQL数据库开发

	* testsuite.php: added a test case for zero parameters method calls;
	added two test cases for recently found code injection vulnerabilities

2005-06-27  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: (tentative) fix for security problem reported by
	security@gulftech.org: we were not properly php-escaping xml received for
	BASE64 and NAME tags;
	some more patching related to junk received in xml messages/responses: if the
	PHP code built from the parsed xml is broken, catch any generated errors
	without echoing it to screen but take note of the error and propagate to user
	code

	* xmlrpcs.inc: some more patching related to junk received in xml messages/
	responses: if the PHP code built from the parsed xml is broken, catch any
	generated errors without echoing it to screen but take note of the error and
	propagate to user code

2005-06-24  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: fixed php_xmlrpc_encode detection of php arrays (again!);
	removed from wrap_php_function the part about setting a custom error handler
	(it can be activated using the more general $server->setdebug(3) anyway)

	* xmlrpcs.inc: added to server the capability to trap all processing errors
	during execution of user functions and add them to debug info inside responses;
	return a (new) xmlrpcerr response instead of raising some obscure php execution
	error if there is an undefined function in the dispatch map

	* testsuite.php: Added new testcases for recently implemented stuff

2005-06-23  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: added new method: xmlrpcval->structmemexists, to check for
	presence of a wanted struct member without having to loop through all members;
	fix wrap_php_functions: correctly return false for php internal functions,
	whose param list is unknown;
	let addscalar fail as it should if called on struct vals;
	fix addstruct: do not fail when called for adding stuff to initialized structs;
	removed a warning generated when calling addscalar with inexistent type;
	massive code review for speed: replaced each() loops with foreach(), removed
	lots of useless assignments and duplications of data;
	added 'http11' as valid method param for xmlrpclient->send: makes use of curl
	for sending http 1.1 requests;
	changed a couple '=' into '=&' where objects are returned;
	fixed wrap_php_function() to better detect php errors while processing wrapped
	function

	* xmlrpcs.inc: Fix php warnings generated when clients requested method
	signature / description for a method that had none in its dispatch map;
	turned server->debug into an integer value that will change the amount of
	logging going as comments into xmlrpc responses

	* server.php: set default server debug level to 2

	* testsuite.php: removed calls to deleted functions (xmlrpc_encode,
	xmlrpc_decode);
	added html page title describing target servers used for tests;
	added an assign-by-ref

	* phpunit.php: Do not consider as failures PHP 5 E_STRICT errors (arbitrary
	choice, but lib is targeted at PHP 4)

2005-06-22  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: removed lottsa old code that had been left in commented

	* xmlrpc.inc: fixed setting of proxy port

	* xmlrpc.inc: removed one warning when trying to decompress junk sent as
	deflated response

	* xmlrpc.inc: changed the error messages (but not the code) that will be found
	in xmlrpcresponses when there are socket errors, to differentiate from HTTP
	errors

	* xmlrpc.inc: refactored xmlrpcclient->sendpayloadHTTPS: now it calls a new
	method (sendpayloadCURL) that could be used also for generating HTTP 1.1
	requests

	* xmlrpc.inc: added two new methods: wrap_php_function and wrap_xmlrpc_method:
	designed to let the lazy programmer automagically convert php functions to
	xmlrpc methods and vice versa. Details are in the code

	* debugger/*: added initial revision of a 'universal xmlrpc debugger'

2005-06-20  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: replace usage of 'echo' with error_log when errors arise
	in manipulation of xmlrpcval objects

	* xmlrpc.inc: replaced <br> with <br /> in dump function

	* xmlrpc.inc: added method structsize to xmlrpcval class (alias for arraysize)

	* xmlrpc.inc: addarray() now will add extra members to an xmlrpcval object
	of array type; addstruct() can be used to add members to an xmlrpcval object
	of struct type

	* xmlrpcs.inc: Added member allow_system_funcs to server: controls whether the
	server accepts or not calls to system.* functions

2005-05-10  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: fix regression in php_xmlrpc_encode when encoding php hashes;
	fix decompression of gzip/deflated xmlrpc responses;
	set user agent string correctly in SSL mode (was forgetting lib name);
	add allowed encoding http headers in requests;
	do not pass http headers back from curl to parseresponse, to avoid re-decoding
	compressed xml or http 100 headers

	* xmlrpcs.inc: added method setDebug;
	renamed compress_output to compress_response;
	do not try to set http headers if they have already been sent, because trying
	to do so will raise a PHP error, and if headers have been sent something has
	gone wrong already (shall we send a meaningful error response instead?)

2005-05-08  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpcs.inc, xmlrpcs.inc: reverted to usage of '=& new' for better
	performance on (some) php4 installs.
	NB: PHP 3 compatibility is deprecated from now on!

	* xmlrpc.inc: decode xmlrpc boolean type to native php boolean

	* xmlrpcs.inc, xmlrpcs.inc: switched $_xh[$parser] to $_xh, since indexing
	an array by object will give a warning in php 5 (and we were resetting the
	array of _xh elements on every call anyway)

	* xmlrpc.inc: commented unused code used originally for escaping content

	* xmlrpc.inc: commented deprecated methods xmlrpc_encode and xmlrpc_decode

	* xmlrpc.inc: php_xmlrpc_encode: encode integer-indexed php arrays as xmlrpc
	arrays instead of structs; if object given to encode is an xmlrpcval return it
	instead of reencoding (makes easier calling encode on an array of xmlrpcvals)

	* xmlrpcs.inc: added $debug field to server class; if false will prevent
	the server from echoing debug info back to the client as xml comment

	* xmlrpcs.inc: let the server add to the debug messages the complete request
	payload received and (if php installed as apache module) http headers, so that
	the client in debug mode can echo a complete fingerprint of the communication

	* xmlrpcs.inc: changed API of ParseRequest method: now it cannot be called
	without a 'data' parameter; added 2nd parameter (http encoding); changed the
	call to this method from inside service() method

	* xmlrpc.inc, xmlrpcs.inc: enable both server and client to parse compressed xml
	(if php is compiled with zlib); client should also be able to decode chunked
	http encoding

	* xmlrpc.inc: add support for proxies (only basic auth supported); default port
	is 8080 (if left unspecified)

	* xmlrpc.inc: use lowercase for names of http headers received (makes using
	them much simpler, since servers can use any upper/lowercase combination)

	* xmlrpc.inc: bumped version number to '2.0 beta'

2005-05-08  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* release of version 1.1

2005-04-24  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpcs.inc: removed charset declaration from xml prologue of responses,
	since we are now escaping all non-ascii chars in an encoding-independent way

	* bug_http.xml: modified to exercise some extra functonality of the lib
	(it should now be failed by the current PEAR implementation of the lib)

	* xmlrpc.inc: bumped up rev. number to 1.1

	* doc/xmlrpc_php.xml, doc/announce1_1.txt: documentation updates

	* Makefile: updated to reflect new xml doc source, modified filelist

2005-04-17  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* client.php, agesort.php, introspect.php, introspect_demo.php,
	which.php, test.pl, test.py: use as default target the server.php page hosted
	on phpxmlrpc.sf.net

	* server.php: fix for register_globals off; refer to docs on phpxmlrpc.sf.net

2005-04-15 Miles Lott <milos@groupwhere.org>

	code formatting and comments

2005-04-03  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: make use of global var $xmlrpcName in building User_Agent HTTP
	header (in conjunction with $xmlrpcVersion)

	* agesort.php, client.php, comment.php, dicuss.php, mail.php, server.php,
	which.php: various janitorial fixes
	+ always html escape content received from xmlrpc server or from user input
	+ make the scripts run fine with register_globals off an register_long_arrays off
	+ always use the functions php_xmlrpc_en(de)code, even if the EPI extension
	is not installed
	+ in mail.php, allow user to see script source even if support for .phps files
	is not configured in the local web server

	* testsuite.php: better detection of local webserver hostname for running tests
	against (if the user did not supply a webserver name)

2005-03-21  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpcs.inc: revert to a PHP3 compatible script (change '=& new' to '= new')

	* xmlrpc.inc: revert to a PHP3 compatible script (lottsa fixes)

	* testsuite.php: default to using local server as test target if no user
	provided values are available instead of heddley.com server

	* testsuite.php: play nice to PHP3 in retrieving user-passed values

	* testsuite.php: fix constructor method name for a type of tests

	* phpunit.php: fix all cases of call-time-pass-by-ref

	* phpunit.php: rename Exception class to _Exception if the script is run with
	PHP 5 (exception is a reserverd word)

2005-03-19  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: fixed bug in new http header parsing code in case there is
	no correct separator between response headers and body

	* xmlrpc.inc: added recognizing and stripping of HTTP/1.1 100 response headers

	* xmlrpc.inc: strip extra whitespace from response body, as well as any junk
	that comes after the last </MethodResponse> tag. It allows the server code to
	be put on public providers that add e.g. javascript advertising to served pages

	* xmlrpc.inc: removed unused parts of code, trailing whitespace

	* xmlrpc.inc: fix possible bug (?) in xmlrpc_ee for BOOLEAN values: true was
	being handled differently than false

	* testsuite.php: added a new file-based test to stress the response parsing
	modifications recently introduced; enabled debugging for file based tests

2005-03-15  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: fixed missing declaration of global vars in xmlrpc_dh,
	sendpayloadhttps and sendpayloadhttp10

	* xmlrpc.inc: changed error message for invalid responses: 'enable debugging'
	is more clear that 'enabling debugging' (the user is being encouraged to do it)

	* xmlrpc.inc: rewrote HTTP response header parsing. It should be more tolerant
	of invalid headers, give more accurate error messages and be marginally faster,
	too.

	* xmlrpc.inc: cosmetic whitespace fixes and remove useless one-liners

	* xmlrpc.inc: build a shorter PHP command line to be evaluated for rebuilding
	values from parsed xml: use '$val =& nex xmlrpcval("value")' for string values
	instead of '$val =& nex xmlrpcval("value", $xmlrpcString)'

	* xmlrpc.inc: fix change introduced 2005/01/30 moving call to curl_close()
	too early: it did not work on error situations

	* testsuite.php: fix name of testAddingTest method, renamed testErrosString
	into testErrorString and removed useless warning for register_globals=off case

2005-02-27  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: do not echo XML parsing error to screen (it is already dumped
	into error log)

	* xmlrpc.inc: set hdrs field into response object in case of XML parsing error
	(uniform behaviour with other responses)

2005-02-26  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: use global var $xmlrpcVersion as number for user agent string

	* xmlrpcs.inc: eliminate server side PHP wanring and give back to caller
	a better error msg in case the called method exists but no signature matches
	the number of parameters

2005-02-20  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: accept a + sign in front of floats / integers, since the spec
	clearly mentions it

	* xmlrpc.inc, xmlrpcs.inc: renamed function XmlEntities to xmlrpc_encode_entitites,
	to avoid using the same name as an array already defined

	* xmlrpc.inc: fix bug introduced with escaping of UTF8 chars in xmlrpc error
	responses: correct behaviour is to escape chars inside serialize(), not when
	calling the xmlrpcresp creator

	* testsuite.php: made test suite more friendly to modern PHP configs, allowing
	register_globals to be off and to set in the URL all testing parameters;
	added tests for newly introduced fixes; renamed existing tests acording to the
	docs inside phpunit.php (e.g. no subclass of TestCase should have a name
	starting with test...)

2005-02-19  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: accept patch 683153 by mah0: if timeout is set, allow all socket
	operations to timeout at the given time, not only the socket connection

2005-02-13  Gaetano Giunta <giunta.gaetano@sea-aeroportimilano.it>

	* xmlrpc.inc: be tolerant to double values received in exponential notation:
	even though the spec forbids their usage PHP is fine with them

	* xmlrpc.inc: fix bug: new xmlrpcval('-1') was creating an empty value instead
	of a string value!

	* xmlrpc.inc, xmlrpcs.inc: fix the payload encoding changes introduced by
	Andres Salomon on 2004-03-17: sending named html entities inside an xml chunk
	makes it invalid, and thus renders the lib absolutely non-interoperable with
	any other xmlrpc implementation; moreover the current implementation only ever
	worked for non-ascii requests, while breaking client-parsing of responses
	containing non-ascii chars.
	The principle of using entities is preserved though, because it allows the
	client to send correct xml regardless of php internal charset encoding vs.
	xml request charset encoding, but using 'character references' instead.

	* xmlrpc.inc: encode (non-ascii) chars into charset entities also for error
	strings

	* xmlrpcs.inc: encode (non-ascii) chars into charset entities also for debug
	messages

	* xmlrpcs.inc: added 'Accept-Charset' header in http request to let the server
	know what kind of charset encoding we do expect to be used for responses

	* xmlrpc.inc, xmlrpcs.inc: explicitly tell the xml parser what charset the
	application expects to receive content in (notably strings). A new variable,
	$xmlrpc_internalencoding, (defaulting to ISO-8859-1) defines what charset the
	parser will use for passing back string xmlrpcvals to the PHP application
	(both server-side and client-side).
	This allows transparent usage of e.g. UTF-8 for encoding xml messages between
	server and client and ISO-8859-1 for internal string handling.