| Security Holes In PHP [message #782] |
Wed, 27 February 2002 16:19  |
Ilia
Messages: 13241
Registered: January 2002
Karma: 0
|
Senior Member
Administrator
Core Developer |
|
|
I have been made aware of several nasty security exploits in PHP, when submitting data via multipart/form-data POST.
More details can be found at:
http://security.e-matters.de/advisories/012002.html
The listed venerabilities seem to affect versions 4.0.3-4.1.1 when uploading files.
There has been a new version of PHP release that fixes those security holes, PHP version 4.1.2. So, if you are using file uploads in the forum or else where in your PHP program I strongly encourage you to upgrade to latest version.
FUDforum Core Developer
|
|
|
|
| Re: Security Holes In PHP [message #792 is a reply to message #782] |
Wed, 27 February 2002 19:06  |
Ilia
Messages: 13241
Registered: January 2002
Karma: 0
|
Senior Member
Administrator
Core Developer |
|
|
If for some reason you are adding additional modules like APC remember PHP developers CANNOT FOR THEIR LIFE WRITE PROPER AUTOCONF scripts. So, you'll get lots & lots of warning and even claims of bugs inside autoconf. However, if you upgrade to the latest version of autoconf, it will completely and utterly break php's configure script...
Autoconf 2.13 works just fine, so use it and ignore the errors & warnings.
[/rant off]
Something to think about...
FUDforum Core Developer
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]