Host has installed 4.3.11-dev

Re: Host has installed 4.3.11-dev

On Tue, 15 Feb 2005 00:12:55 +0000, Geoff Berrow <blthecat@ckdog .co.uk> wrote:
[color=blue]
>The host of one of the domains I manage has installed 4.3.11-dev and as
>a result file uploads no longer work with Internet Explorer.
>
>Worth keeping an eye out for.
>
>In the meantime I now need to ask why they have installed a development
>version on a production server...[/color]

Hm, another one... see thread "upgrade to php 4.311 stops file upload with EWE
- Help!!" starting with message-id
<420a2072$0$740 59$ed2619ec@ptn-nntp-reader03.plus.n et> on alt.php - same issue,
same syptoms. Same host?

--
Andy Hassall / <andy@andyh.co. uk> / <http://www.andyh.co.uk >
<http://www.andyhsoftwa re.co.uk/space> Space: disk usage analysis tool

Re: Host has installed 4.3.11-dev

I noticed that Message-ID: <prh2115pe5j8h6 jc42mrehar1cq86 qro1g@4ax.com>
from Andy Hassall contained the following:
[color=blue][color=green]
>>In the meantime I now need to ask why they have installed a development
>>version on a production server...[/color]
>
> Hm, another one... see thread "upgrade to php 4.311 stops file upload with EWE
>- Help!!" starting with message-id
><420a2072$0$74 059$ed2619ec@pt n-nntp-reader03.plus.n et> on alt.php - same issue,
>same syptoms. Same host?[/color]

Yes, it is, Fasthosts. And if they don't bloody well change it, I'm
going to be mentioning it a lot. I wouldn't use them but my client has
an account with them. They have PHP on their windoze boxes, but no GD
functions so we had to pay more to go onto a Linux box.

The annoying thing is that I had been doing some modifications to the
code and only noticed while I was testing. Naturally, I thought I had
screwed up and it took an hour and a half of further testing before I
came to the conclusion that t wasn't me. Grrrr...

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Re: Host has installed 4.3.11-dev

I noticed that Message-ID: <aef21192io4fl6 h6mfr127ork1ddp gn3il@4ax.com>
from Geoff Berrow contained the following:
[color=blue]
>The host of one of the domains I manage has installed 4.3.11-dev and as
>a result file uploads no longer work with Internet Explorer.[/color]

The host in question is Fasthosts in the UK.

The problem exists in Internet Explorer
$_FILE['userfile']['name'] contains the full path to the file.

It can be corrected by adding the lines
$fname = $_FILES['userfile']['name'];
$filename=subst r(strrchr($fnam e,"\\"),1);

and then replacing $_FILES['userfile']['name'] with $filename wherever
it occurs.


Support have stated that they have installed this version for security
reasons. Anyone know anything about this?


Crossposted to alt.php,alt.com p.lang.php,uk.n et.web.authorin g
Follow-ups to comp.lang.php

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Re: Host has installed 4.3.11-dev

Geoff Berrow wrote:[color=blue]
>
> The host of one of the domains I manage has installed 4.3.11-dev
> ...
> Support have stated that they have installed this version for[/color]
security[color=blue]
> reasons. Anyone know anything about this?[/color]

Most likely, this is overkill. There was indeed a security
advisory about PHP <= 4.3.9 and PHP <= 5.0.2:



But the recommendation was to upgrade to stable PHP 4.3.10.
Why a hosting company would want to upgrade to a development
version is beyond me...

Cheers,
NC

Re: Host has installed 4.3.11-dev

I noticed that Message-ID:
<1108495098.615 467.8040@o13g20 00cwo.googlegro ups.com> from NC contained
the following:
[color=blue][color=green]
>> reasons. Anyone know anything about this?[/color]
>
>Most likely, this is overkill. There was indeed a security
>advisory about PHP <= 4.3.9 and PHP <= 5.0.2:
>
>http://www.hardened-php.net/advisories/012004.txt
>
>But the recommendation was to upgrade to stable PHP 4.3.10.
>Why a hosting company would want to upgrade to a development
>version is beyond me...[/color]


The advisory says:

Recommendation:

It is strongly recommended to upgrade to the new PHP-Releases as
soon as possible, ...

But I agree with you, it does seem clueless to run development software
on a production server. Who knows what other vulnerabilities the dev
software may have?
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Re: Host has installed 4.3.11-dev

On Tue, 15 Feb 2005 11:25:41 +0000, Geoff Berrow <blthecat@ckdog .co.uk> wrote:
[color=blue]
>I noticed that Message-ID: <aef21192io4fl6 h6mfr127ork1ddp gn3il@4ax.com>
>from Geoff Berrow contained the following:
>[color=green]
>>The host of one of the domains I manage has installed 4.3.11-dev and as
>>a result file uploads no longer work with Internet Explorer.[/color]
>
>The host in question is Fasthosts in the UK.
>
>The problem exists in Internet Explorer
>$_FILE['userfile']['name'] contains the full path to the file.
>
>It can be corrected by adding the lines
>$fname = $_FILES['userfile']['name'];
>$filename=subs tr(strrchr($fna me,"\\"),1);
>
>and then replacing $_FILES['userfile']['name'] with $filename wherever
>it occurs.
>
>Support have stated that they have installed this version for security
>reasons. Anyone know anything about this?[/color]

Changelog for 4.3.11-dev has a couple of possibly bad bugs in it, but nothing
jumps out as worth upgrading to a development version on a live server.

Some memory leaks and some safe_mode issues.


?? ??? ????, Version 4.3.11
- Added Oracle Instant Client support. (cjbj at hotmail dot com, Tony)
- Changed phpize not to require libtool. (Jani)
- Fixed several egregious leaks in ext/browscap and sapi/embed. (Andrei)
- Fixed several leaks in ext/filepro. (Tony)
- Fixed build system to always use bundled libtool files. (Jani)
- Fixed MacOSX shared extensions crashing on Apache startup. (Rasmus)
- Fixed bug #31936 (set_h_errno() is redefined incompatibly). (Jani)
- Fixed bug #31858 (--disable-cli does not force --without-pear). (Jani)
- Fixed bug #31842 (*date('r') does not return RFC2822 conforming date string).
(Jani)
- Fixed bug #31797 (exif_read_data () uses too low nesting limit). (Ilia)
- Fixed bug #31796 (readline completion handler does not handle empty return
values). (Ilia)
- Fixed bug #31754 (dbase_open() fails for mode = 1). (Mehdi, Derick)
- Fixed bug #31705 (parse_url() does not recognize http://foo.com#bar). (Ilia)
- Fixed bug #31684 (dio_tcsetattr( ): misconfigured termios settings).
(elod at itfais dot com)
- Fixed bug #31699 (unserialize() float problem on non-English locales). (Ilia)
- Fixed bug #31623 (OCILogin does not support password grace period).
(daniel dot beet at accuratesoftwar e dot com, Tony)
- Fixed bug #31580 (fgetcsv() problematic with "" escape sequences). (Ilia)
- Fixed bug #31527 (crash in msg_send() when non-string is stored without
being serialized). (Ilia)
- Fixed bug #31514 (open_basedir uses path_translated rather then cwd for .
translation). (Ilia)
- Fixed bug #31480 (Possible infinite loop in imap_mail_compo se()). (Ilia)
- Fixed bug #31479 (Fixed crash in chunk_split(), when chunklen > strlen).
(Ilia)
- Fixed bug #31465 (False warning in unpack() when working with *). (Ilia)
- Fixed bug #31454 (session_set_sa ve_handler crashes PHP when supplied
non-existent object ref). (Tony)
- Fixed bug #31444 (Memory leak in zend_language_s canner.c).
(hexer at studentcenter dot org)
- Fixed bug #31413 (curl POSTFIELDS crashes on 64-bit platforms). (Joe)
- Fixed bug #31396 (compile fails with gd 2.0.33 without freetype). (Jani)
- Fixed bug #31371 (highlight_file () trims new line after heredoc). (Ilia)
- Fixed bug #31270 (missing safe_mode/open_basedir check in swf_openfile()) .
(Ilia)
- Fixed bug #31174 (compile warning in url.c). (Ilia, lukem at NetBSD dot org)
- Fixed bug #31159 (COM object access is not working). (Wez)
- Fixed bug #31142 (imap_mail_comp ose() fails to generate correct output).
(Ilia)
- Fixed bug #31398 (When magic_guotes_gp c are enabled filenames with ' get
cutoff).
(Ilia)
- Fixed bug #31120 (mssql_query returns false on successfull inserts and
stored procedures). (Frank)
- Fixed bugs #31107, #31110, #31111 (Compile failure of zend_strtod.c). (Jani)
- Fixed bug #31106 (Fixed crash in overloaded objects). (Stas)
- Fixed bug #31103 (Better error message when c-client cannot be found). (Ilia)
- Fixed bug #31101 (missing kerberos header file path with --with-openssl).
(Jani)
- Fixed bug #31072 (var_export() does not output an array element with an empty
string key). (Derick)
- Fixed bug #31060 (imageftbbox() does not use linespacing parameter). (Jani)
- Fixed bug #31056 (php_std_date() returns invalid formatted date if
y2k_compliance is On). (Ilia)
- Fixed bug #31055 (apache2filter: per request leak proportional to the full
path of the request URI). (kameshj at fastmail dot fm)
- Fixed bug #30726 (-.1 like numbers are not being handled correctly). (Ilia)
- Fixed bug #30446 (apache2handler : virtual() includes files out of sequence)
- Fixed bug #30430 (odbc_next_resu lt() doesn't bind values and that results
in segfault). (pdan-php at esync dot org, Tony)
- Fixed bug #30120 (imagettftext() and imagettfbbox() accept too many
parameters). (Jani)
- Fixed bug #29733 (printf() handles repeated placeholders wrong).
(bugs dot php dot net at bluetwanger dot de, Ilia)
- Fixed bug #28976 (mail(): use "From:" from headers if sendmail_from is
empty).
(Jani)
- Fixed bug #28930 (PHP sources pick wrong header files generated by bison).
(eggert at gnu dot org)
- Fixed bug #28804 (ini-file section parsing pattern is buggy).
(wendland at scan-plus dot de)
- Fixed bug #28451 (corupt EXIF headers have unlimited recursive IFD directory
entries). (Andrei)
- Fixed bug #28086 (crash inside overload() function). (Tony)
- Fixed bug #28074 (FastCGI: stderr should be written in a FCGI stderr stream).
(chris at ex-parrot dot com)
- Fixed bug #7782 (Cannot use PATH_INFO fully with php isapi). (Unknown)

--
Andy Hassall / <andy@andyh.co. uk> / <http://www.andyh.co.uk >
<http://www.andyhsoftwa re.co.uk/space> Space: disk usage analysis tool