PHPDeveloper: PHP News, Views and Community

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

Job Posting: Kodak Graphic Communications Group Seeks PHP Application Developer (Stamford, CT)

Job Posting: RJ Byrd (Recruiter) Seeks PHP Application Developer (Dallas, TX)

News Archive

DZone: Creating a NetBeans PHP Project from a Subversion Repository

Debuggable Blog: How to paginate a CakePHP search over a HABTM relation without hacking the core

NETTUTS.com: How to Dynamically Create Thumbnails

PHPBuilder.com: PHP Developer Resources

Site News: Popular Posts for the Week of 11.21.2008

IBM developerWorks: 30 game scripts you can write in PHP, Part 1: Creating 10 fundamental scripts

WebReference.com: Administering RBAC in PHP 5 CMS Framework

Douglas Clifton's Blog: PHP Specificity (a Five-part Series)

PHPro.org: Class Hierachies And Overriding

Hiveminds: PHP is a skill not a profession

feed this:

Secunia.com:
PHP "glob()" Code Execution Vulnerability

by Chris Cornutt July 16, 2007 @ 13:52:38

As reported here on Secunia (as discovered by shinnai), there's a code execution vulnerability in PHP's glob function:

The vulnerability is caused due to an error in the handling of an uninitialized structure inside the "glob()" function. This can be exploited to execute arbitrary code, which may lead to security restrictions (e.g. the "disable_functions" directive) being bypassed.

The vulnerability is confirmed in the 5.2.3 win32 installer. Other versions may also be affected.

The issue is marked as "less critical" and can be avoided easily by only allowing trusted users the correct permissions to execute PHP code on the server.

0 comments voice your opinion now!
glob vulnerability execution code bypass security glob vulnerability execution code bypass security

Pierre-Alain Joye's Blog:
Finally some new features are coming, zip-1.9.0 serie began

by Chris Cornutt January 18, 2007 @ 10:48:00

Pierre-Alain Joye has posted about some long-awaited features that he's added to his zip PECL package:

After a relatively long period without features addition, I feel like it is time to add some long awaited features to zip.

The features added are:

Glob and pattern support - now possible to add files using a glob pattern syntax or regexp (pcre based)
getStatusString - returns the error message containing the system/zlib or zip error, handy while debugging

These features are still just in the alpha release, but he's included some code to help you become familiar with their functionality already - one using glob, the other the regular expression.

2 comments voice your opinion now!
zip pel package new functionality addfile glob regularexpression zip pel package new functionality addfile glob regularexpression

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework