Slashdot Mirror

← Back to Stories (view on slashdot.org)

PHP 4.3.2 Released

Posted by michael on from the silly-tagline-goes-here dept.

seldo writes "Everyone's favourite scripting language ;-) has released an update. From their site: 'The PHP developers are proud to announce the immediate availability of PHP 4.3.2. This release contains a huge number of bug fixes and is a strongly recommended update for all users of PHP. Full list of fixes can be found in the NEWS file.' This incremental release also has useful additions, such as updating to support GD 2.0.12."

4 of 49 comments (clear)

  1. How's the Apache 2.0 support? by poulbailey · · Score: 4, Insightful

    What's the official word on Apache 2.0 support? Do they still recommend that you use Apache 1.x for now?

  2. php programmers by InsaneCreator · · Score: 3, Insightful

    PHP, being one of the simplest languages to learn, unfortunately attracts HUGE numbers of really bad programmers, who only know how to retrieve data from a DB (mysql, of course) and print it out using a simple loop. And then they think they know everything.

    Theese are the people creating many "professional" websites - people, who have no idea why using register_globals is a distster waiting to happen, what is SQL injection, why every bit comming from the user should be treated as unsafe, etc.

    PHP might be easy to use, but it's also very easy to write scripts, which should never be allowed to run on a networked computer.

  3. Re:Apache & PHP by TheSunborn · · Score: 2, Insightful

    The point MIGHT be that php is part of apache. Remember Apache is far more then just a webserver. Just have a look at php.apache.org

  4. Deeply unfair moderation by $rtbl_this · · Score: 3, Insightful

    Everything InsaneCreator just said is true. I've worked with people who have written amazingly dangerous PHP scripts for commercial web sites and don't have the programming background to understand why their code is so insecure. With support for automating PHP code generation built into Dreamweaver this is probably going to become a more widespread problem.

    It's very easy to pick up the basics of PHP and develop scripts quickly, even with limited programming experience. Sadly until recently so many of the default settings in PHP (still required by a lot of freely available scripts out there) make it a non-trivial task to secure these scripts. The point about register_globals is a good one -- the fact that it allows users to change the value of a variable by specifying it in the URL is extremely dangerous for obvious reasons. This has not been the default behaviour in PHP for some time, but most people I know end up switching it back on to avoid having to rewrite all their scripts to use HTTP session variables.

    Of course it's possible to write insecure code in any language, and the newer versions of PHP have filled in some of the bigger security holes, but by being so newbie friendly it's still going to end up with more than its share of dangerous scripts.

    And don't even get me started on PHP-Nuke! :)

    --
    "Are you being weird, or sarcastic?" said Emma. I said I didn't know because I get the two feelings mixed up.