Slashdot Mirror

← Back to Stories (view on slashdot.org)

PHP 4.3.2 Released

Posted by michael on from the silly-tagline-goes-here dept.

seldo writes "Everyone's favourite scripting language ;-) has released an update. From their site: 'The PHP developers are proud to announce the immediate availability of PHP 4.3.2. This release contains a huge number of bug fixes and is a strongly recommended update for all users of PHP. Full list of fixes can be found in the NEWS file.' This incremental release also has useful additions, such as updating to support GD 2.0.12."

4 of 49 comments (clear)

  1. Re:How's the Apache 2.0 support? by yelvington · · Score: 4, Informative

    PHP and Apache 2.0 play together nicely. However, some third-party libraries that extend PHP's core functionality do NOT play nicely in a threaded environment. Solution: Run Apache 2.0 in prefork mode.

  2. changes to note by ubiquitin · · Score: 4, Informative

    I combed through the changenotes and here are the ones that I thought were among the most important:

    # Added a new Apache 2 SAPI module (apache2handler) based on the old version (apache2filter).
    # Fixed several 64-bit problems
    # Fixed bug #22672 (User not logged under Apache2). (Ian)
    # Fixed bug #22989 (sendmail not found by configure). (igyu@ionsphere.org)
    # Fixed bug #17098 (make Apache2 aware that PHP scripts should not be cached). (Ilia)
    # Fixed bug #20802 (PHP would die silently when memory limit reached). (Ilia)
    # Fixed bug #21498 (mysql_pconnect connection problems). (Georg)

    --
    http://tinyurl.com/4ny52
  3. Re:Deeply unfair moderation by mbogosian · · Score: 5, Informative
    It's very easy to pick up the basics of PHP and develop scripts quickly, even with limited programming experience. Sadly until recently so many of the default settings in PHP (still required by a lot of freely available scripts out there) make it a non-trivial task to secure these scripts.

    The same might be said for C. How many inexperienced C programmers have you seen do something like this:

    #include <string.h>

    int main(int argc, char *argv[])
    {
    char buffer[1024];

    if (argc > 1)
    {
    strcpy(buffer, argv[1]);
    }

    return 0;
    }

    register_globals was never a good idea. That's why it's been off by default for the past several releases. Unless you're using placeholders in your SQL, nearly every Web app has the potential to be susceptable to bad things:

    /* SQL injector's dream */
    $db->execute("SELECT * FROM my_table WHERE id = $userInput");

    vs.

    /* The only way to fly */
    $db->execute('SELECT * FROM my_table WHERE id = :?', $vars);

    This is not limited to the 'Nukes or PHP. Perl, Python, C, Java, etc. all suffer from the same problem.
    --

    moto411.com
  4. Re:How's the Apache 2.0 support? by yelvington · · Score: 4, Informative

    There's a list of commonly used libraries on the Apache Web site, but it's full of question marks, and postgres isn't mentioned.

    http://httpd.apache.org/docs-2.1/developer/threa d_ safety.html#commonlibs

    The list really addresses the issue of linking the libraries directly with Apache, but I presume it's the same issue as indirectly linking through PHP.

    libmysqlclient is thread-safe if compiled with the proper flags.