armtuk: Cheetah (Default)
[personal profile] armtuk
From the PHP homepage:


PHP 5.2.7 has been removed from distribution
[07-Dec-2008]

Due to a security bug found in the PHP 5.2.7 release, it has been removed from distribution. The bug affects configurations where magic_quotes_gpc is enabled, because it remains off even when set to on. In the meantime, use PHP 5.2.6 until PHP 5.2.8 is later released.


This means that even if you used magic_quotes_gpc, which is evil anyway, but necessary for MySQL (reasons not to use MySQL and PHP), you would have been open to an injection attack, and that values that had single quotes in them like O'Reilly would have broken your site.

Can anyone say regression tests?

PHP - Not enterprise software.

Profile

armtuk: Cheetah (Default)
armtuk

April 2017

S M T W T F S
      1
2345678
9101112131415
16171819 202122
23242526272829
30      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 23rd, 2017 09:19 am
Powered by Dreamwidth Studios