Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.428
diff -u -p -r1.428 bootstrap.inc
--- includes/bootstrap.inc	15 Oct 2010 04:15:41 -0000	1.428
+++ includes/bootstrap.inc	15 Oct 2010 16:00:56 -0000
@@ -19,7 +19,7 @@ define('DRUPAL_CORE_COMPATIBILITY', '7.x
 /**
  * Minimum supported version of PHP.
  */
-define('DRUPAL_MINIMUM_PHP',    '5.2.5');
+define('DRUPAL_MINIMUM_PHP',    '5.2.4');
 
 /**
  * Minimum recommended value of PHP memory_limit.
Index: includes/database/database.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/database/database.inc,v
retrieving revision 1.140
diff -u -p -r1.140 database.inc
--- includes/database/database.inc	3 Oct 2010 01:29:40 -0000	1.140
+++ includes/database/database.inc	15 Oct 2010 16:00:57 -0000
@@ -1293,6 +1293,9 @@ abstract class Database {
   /**
    * Gets the connection object for the specified database key and target.
    *
+   * Note: do not use the setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE) on the
+   * returned object because of http://bugs.php.net/bug.php?id=43139.
+   *
    * @param $target
    *   The database target name.
    * @param $key
Index: modules/system/system.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.install,v
retrieving revision 1.518
diff -u -p -r1.518 system.install
--- modules/system/system.install	12 Oct 2010 02:50:03 -0000	1.518
+++ modules/system/system.install	15 Oct 2010 16:01:03 -0000
@@ -77,6 +77,15 @@ function system_requirements($phase) {
     // If PHP is old, it's not safe to continue with the requirements check.
     return $requirements;
   }
+  // Check that htmlspecialchars() is secure if the site is running any PHP
+  // version older than 5.2.5. We don't simply require 5.2.5, because Ubuntu
+  // 8.04 ships with PHP 5.2.4, but includes the necessary security patch.
+  elseif (version_compare($phpversion, '5.2.5') < 0 && strlen(@htmlspecialchars(chr(0xC0) . chr(0xAF), ENT_QUOTES, 'UTF-8'))) {
+    $requirements['php']['description'] = $t('Your PHP installation is too old. Drupal requires at least PHP 5.2.5, or PHP @version with the htmlspecialchars security patch backported.', array('@version' => DRUPAL_MINIMUM_PHP));
+    $requirements['php']['severity'] = REQUIREMENT_ERROR;
+    // If PHP is old, it's not safe to continue with the requirements check.
+    return $requirements;
+  }
 
   // Test PHP register_globals setting.
   $requirements['php_register_globals'] = array(