News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHP.net:
PHP 5.3.10 Released (Security Fix - Recommended Upgrade)
February 03, 2012 @ 08:01:29

The PHP development team has officially announced the release of the latest version of PHP in the 5.3.x series - PHP 5.3.10:

The PHP development team would like to announce the immediate availability of PHP 5.3.10. This release delivers a critical security fix. [...] Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830.

It is highly recommended that users upgrade to this latest version to avoid falling victim to this recently introduced bug relating to the new "max_input_vars" setting added to protect from the overflow issue recently brought up in the PHP community.

0 comments voice your opinion now!
release security fix maxinputvars hashtable collision dos vulnerability


Nikita Popov's Blog:
Supercolliding a PHP array
December 29, 2011 @ 12:15:30

In a new post to his blog Nikita Popov talks about a little trick with inserting values into arrays that can make it take a lot longer than it should (because of how PHP stores its array values in hashtables).

PHP internally uses hashtables to store arrays. The above creates a hashtable with 100% collisions (i.e. all keys will have the same hash). [...] Because every hash function has collisions this C array doesn't actually store the value we want, but a linked list of possible values. [...] Normally there will be only a small number of collisions, so in most cases the linked list will only have one value. But the [included script] creates a hash where all elements collide.

He explains why it works, noting that it's relatively simple to do in PHP because of how it applies a table mask. The slowness comes in when PHP is forced to go through the entire list when it tries to insert. Because of this issue, there's the potential for a Denial of Service attack that could potentially take a server down. There's a fix already in place for the problem, though, so keep an eye out for the next release (that will include a max_input_vars setting to prevent it).

0 comments voice your opinion now!
collision array hashtable mask denialofservice overload


Matthew Weier O'Phinney's Blog:
Migrating OOP Libraries and Frameworks to PHP 5.3
July 02, 2008 @ 10:24:02

Matthew Weier O'Phinney recently posted about a method he's come up with for migrating your object-oriented libraries (including frameworks) over to the upcoming PHP 5.3 version of the language.

With PHP 5.3 coming up on the horizon, I'm of course looking forward to using namespaces.

He gives an example of how useful these namespaces can be for you and your code, but points out one failing point - trying to define classes in a namespace that are named the same as a built-in keyword for PHP. There's already been a suggestion to add a captial "I" in front of the class name to prevent this collision.

There's also the problem of throwing custom exceptions - unless you use the namespace properly your script will just throw a default exception.

0 comments voice your opinion now!
php5 namespace migrate library framework collision keyword exception



Community Events





Don't see your event here?
Let us know!


package series language podcast introduction release opinion zendserver laravel symfony framework library deployment community tips install api update interview list

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework