Updating to PHP5.5.4.

Update information      Edit(9/21)

   At Sep-18 23:44:17UTC, they released PHP5.5.4.

   They say this release fixes several bugs against PHP 5.5.3. ( ChangeLog )

   I downloaded a Thread Safe version php-5.5.4-Win32-VC11-x86.zip for my server (Windows7HP+SP1(x86)). It requires VC11. If you don’t have VC11 on your Windows, you must install vcredist_x__.exe before the PHP configuration.

   The text in the file php.ini-production is slightly changed.

   About short_open_tag
———————————————————————————————————————————————
On PHP5.5.3 —
; This directive determines whether or not PHP will recognize code between
; <? and ?> tags as PHP source which should be processed as such. It’s been
; recommended for several years that you not use the short tag “short cut” and
; instead to use the full <?php and ?> tag combination. With the wide spread use
; of XML and use of these tags by other languages, the server can become easily
; confused and end up parsing the wrong code in the wrong context. But because
; this short cut has been a feature for such a long time, it’s currently still
; supported for backwards compatibility, but we recommend you don’t use them.
———————————————————————————————————————————————
On PHP5.5.4 —
; This directive determines whether or not PHP will recognize code between
; <? and ?> tags as PHP source which should be processed as such. It is
; generally recommended that <?php and ?> should be used and that this feature
; should be disabled, as enabling it may result in issues when generating XML
; documents, however this remains supported for backward compatibility reasons.
; Note that this directive does not control the [PHP-DEV] Is it true that short_open_tag is deprecated in PHP 6?“.

   And, about session.use_strict_mode, which finally showed up.
———————————————————————————————————————————————
On PHP5.5.3 —
   Nothing
———————————————————————————————————————————————
On PHP5.5.4 —
; Whether to use strict session mode.
; Strict session mode does not accept uninitialized session ID and regenerate
; session ID if browser sends uninitialized session ID. Strict mode protects
; applications from session fixation via session adoption vulnerability. It is
; disabled by default for maximum compatibility, but enabling it is encouraged.
; https://wiki.php.net/rfc/strict_sessions
session.use_strict_mode = 0
———————————————————————————————————————————————

   As the official PHP binary includes php5apache2_4.dll, I extract the zip archive and replace all PHP5.5.3 files with all PHP5.5.4 files except my php.ini. Then, I restart my Apache. That’s it.

   If you need how to configure PHP5.5, please see the post. It is for a mbstrings user, but the information gives some help for you.

Edit(9/21):
   I tried this script to be sure that “Note that this directive does not control the <?= shorthand tag, which can be used regardless of this directive.”.
———————————————
      <? echo “1. Can I use this directive?”; ?>
      <br>
      <?php echo “2. Can I use this directive?”; ?>
      <br>
      <?= “3. Can I use this directive?”; ?>
———————————————
   The answer was the below.

      2. Can I use this directive?
      3. Can I use this directive?
———————————————
   In my php.ini, the short tag “short cut” is disabled, but the shorthand tag is available despite it. The PHP manual reads;

Note:

This directive also affected the shorthand <?= before PHP 5.4.0, which is identical to <? echo. Use of this shortcut required short_open_tag to be on. Since PHP 5.4.0, <?= is always available.