Thursday, September 13, 2007

PHP 5.2.4 Released

PHP 5.2.4 Released
[30-Aug-2007]

The PHP development team would like to announce the immediate availability of PHP 5.2.4. This release focuses on improving the stability of the PHP 5.2.X branch with over 120 various bug fixes in addition to resolving several low priority security bugs. All users of PHP are encouraged to upgrade to this release.

Further details about the PHP 5.2.4 release can be found in the release announcement for 5.2.4, the full list of changes is available in the ChangeLog for PHP 5.

Security Enhancements and Fixes in PHP 5.2.4:

  • Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)
  • Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)
  • Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)
  • Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)
  • Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)
  • Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)
  • Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)
  • Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)
  • Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)
  • Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)
  • Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)
  • Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)
  • Improved fix for MOPB-03-2007.
  • Corrected fix for CVE-2007-2872.

For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.4.



http://www.php.net

Posted by at No comments:

Monday, September 10, 2007

Cooking Cookies with PHP

A cookie is often used to store data which can be used to identify a user, for example, person's username.
Cookie is a small flat file which sits on user’s computer. Each time that user requests a page or goes to a webpage, all cookie information is sent too. This is used to identify who you are.

More: http://www.php-learn-it.com/php_cookies.html
Posted by at No comments:
Labels: ,

Wrong PHP prediction: you don’t need to patch PHP to run multiple versions

I read an article on Michael Kimsals blog about how he is waiting for a patch to run different PHP versions on the same Apache server. I think he is misinformed and I highly doubt than someone will write that patch. The solution is here already.

http://blog.adaniels.nl/?p=48
Posted by at No comments:
Labels: ,

Sunday, September 9, 2007

The PHP Developer: A place for the tools

The PHP Developer: A place for the tools

I’ve been asked on several occasions to spill the beans on my development environment. Sadly, it’s probably not the easiest setup - but it works for my stubborn mind.

More:
http://www.designbytim.com/2007/08/28/the-php-developer-a-place-for-the-tools/
Posted by at No comments:

ROLL YOUR OWN SEARCH ENGINE WITH ZEND_SEARCH_LUCENE

Zend has now published their own tutorial on the new Zend_Search_Lucene package.
On several occasions developing database-driven web applications, I've been approached by clients who want Google-style search implemented at the last minute of the development cycle. Usually this leads to using some canned script that crawls the website, or a hacked up search function that uses the database but either returns too many results or none at all. On top of that, the queries performed are too many or too slow.

http://devzone.zend.com/node/view/id/91
Posted by at No comments:
Labels:

WAMP HOWTOThis document explains how to install, configure, and test a basic setup. I'll also show you how to install phpMyAdmin which is an excellent

This document explains how to install, configure, and test a basic setup. I'll also show you how to install phpMyAdmin which is an excellent browser-based tool to administrate your MySQL database. These instructions were designed for Windows XP Pro and Home users although they should work for Windows 98 and Windows Server 2000/2003 with little modification.

More:
http://www.troywolf.com/articles/wamp_howto.htm
Posted by at No comments:

Late Static Bindings Explained

Late Static Binding (LSB, yes, not LSD) is an OO feature that is meant to be implemented in PHP 6, and maybe even backported to PHP 5. This article will describe what LSB is, what problems it's supposed to solve and how.
More:
http://www.colder.ch/news/08-24-2007/28/late-static-bindings-expl.html
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)