News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Sharon Levy's Blog:
PHP Version
January 05, 2012 @ 13:20:40

Sharon Levy has a new post to her blog showing a trick she's come up with to show the PHP version information (usually found in the phpinfo) even when it's disabled.

Sometimes the most crucial, basic piece of information can seem so hard to find. For example, suppose you wanted to find out what version of PHP your remote webhost provides to shared hosting users? What would you do? [...] For development purposes it can be helpful having phpinfo() available, but on a live shared host, you may discover as I did recently that it is no longer available; your host may have disabled it.

She includes three other ways you can use to get the version of PHP you're working with:

  • If you have command line access, running "php -v"
  • Using the phpversion function (or PHP_VERSION constant)
  • Appending a certain value to the URL (only works in some cases)
0 comments voice your opinion now!
find version language method phpinfo phpversion url


PHPBuilder.com:
The ABC's of PHP Part 3 - Basic Script Building in PHP
March 26, 2009 @ 07:56:40

PHPBuilder.com has posted the next article in their "ABCs of PHP" series looking at some basic techniques for building your first scripts.

Welcome to part 3 of my 10 part series on PHP. In the first two parts I introduced you to the language and to what software you needed to run it. In this episode we will look at some simple PHP syntax, and we'll write a couple of small scripts to get our feet wet, and get a feel for the language.

Their first script mixes HTML and PHP together to make a "Hello World" web page. They also give the example of a phpinfo function call to get the settings for the current PHP installation.

0 comments voice your opinion now!
abc introduction first script technique phpinfo


PHP 10.0 Blog:
Production mode
December 18, 2006 @ 08:43:00

In an effort to get some thought going about ways to encourage security in PHP applications, Stas has posted an idea about a simplified php.ini setting - production=On.

His idea is that, with this setting on, the PHP installation would:

  • disable display errors
  • disable phpinfo()
  • turn expose_php off
  • make max_execution_time/memory_limit reasonable
  • and possibly a few others that some developers forget to set correctly
Comments on the post range from disagreement to suggestions on improvement and support.

0 comments voice your opinion now!
production mode phpini setting phpinfo exposephp displayerrors production mode phpini setting phpinfo exposephp displayerrors


PHP Security Blog:
Suhosin 0.9.15 comes with Transparent phpinfo() Protection
November 29, 2006 @ 10:43:00

According to this new post on the PHP Security Blog, there's a new META tag the Suhosin extension includes in the output of a phpinfo page to help resolve some of the issues with Google (and buddies) storing the contents of the page, giving a potential attacker information they could exploit.

[The] extra META TAG to the HTML output of phpinfo() that forbids indexing and archiving by robots. For fairness reasons following the embedded links is still allowed to robots, because a lot of projects [...] to get at least a few backlinks for their work, that might result in a better search engine positioning.

The patch can be downloaded from their site.

0 comments voice your opinion now!
suhosin extension transparent phpinfo protection suhosin extension transparent phpinfo protection


Nexen.net:
PHPInfo() Stats - Part 2
November 21, 2006 @ 10:51:00

Damien Seguy has continued his series looking at PHP configurations around the web and is sharing the results in the form of two new reports over on Nexen.net.

I just published the second part of the serie about PHP configurations. This part focuses on three aspects of PHP: PHP extensions, PHP streams, and disabled functions.

You can find the statistics themselves here and the latest configuration statistics here. It's interesting to see the drop-off when it comes to the various modules that are installed ("php, ftp and http are the most common. Besides them, tough luck.") and to see the somewhat more gradual curve of which functions are disabled - with system() topping out the list (with good reason).

0 comments voice your opinion now!
phpinfo statistics streams extensions pecl disabled functions graph phpinfo statistics streams extensions pecl disabled functions graph


Ilia Alshanetsky's Blog:
Reliably locating phpinfo()
October 23, 2006 @ 11:26:00

In his latest post, Ilia Alshanetsky shares a handy (and a little scary) tip on finding the location of a phpinfo page reliably to help figure out the common PHP settings developers out there are using.

The problem with finding a reliable pool of such pages is that basic search often contaisn many blog, forum, bugs.php.net and alike entries which area copy & paste outputs from users. This maybe fine in some instances, but what if you just want the real phpinfo() pages. The answer is surprisingly simple.

His solution? To search for an element always in the page, but unique to it - usually the term you're looking for (like his suggestion of "Zend Scripting Language Engine"). He links to two result sets, one from Google and the other from Yahoo.

Besides the phpinfo information, Ilia also mentions the other handy data you can find with similar searches to major search engines like Apache header information.

0 comments voice your opinion now!
phpinfo locate statistics search engine term keyword apache header phpinfo locate statistics search engine term keyword apache header


Chris Shiflett's Blog:
DC PHP Conference Recap
October 22, 2006 @ 17:38:00

After having attended this year's DC PHP Conference, Chris Shiflett has come back with his own recap of the event including talks given and people met.

This past Thursday, I attended the DC PHP Conference. Since I was only there for a day, I'm sure I missed a lot, but I did manage to do some of the things on my list.

Talks hhe mentions were Mike Naberezny's look at Getting Started with the Zend Framework and Eli White's High Volume PHP & MySQL Scaling Techniques talk. He also mentions meeting David Recordon from VeriSign and some work that Damien Seguy on tracking statistics on open phpinfo pages (about half still have register globals on!).

0 comments voice your opinion now!
dcphpcon2006 recap talks people openid phpinfo dcphpcon2006 recap talks people openid phpinfo


4Null4.de:
Four new vulnerabilities in PHP found
April 10, 2006 @ 15:41:31

According to this new post on 4null4.de today, there are four new vulnerabilities in the most recent releases of PHP that have been found.

heise online, the popular and well-known German IT news site, conveys four new vulnerabilities in the PHP script language. PHP is often used for web applications such as WordPress and many bulletin board systems like phpBB or vBulletin. The issues can be found in PHP versions up to (and including) 4.4.2 and 5.1.2, and the current CVS snapshots for the upcoming 5.1.3 release will be first to fix the issues.

The errors are:

  • A problem with copy() that circumvents the "Safe Mode" for users who are logged in at the system.
  • A possible issue with tempname() that could ignore the "Safe Mode" setting also
  • a third leak that could lead to a web server process crashing (recusive function calls)
  • and an XSS attack issue with the standard phpinfo() page

The 4null4.de post has a summary of the issues, but the original article from heise has the complete info (as well as links to examples of the problems as documented on SecurityReason.com).

0 comments voice your opinion now!
vulnerabilities four new copy tempname crash phpinfo vulnerabilities four new copy tempname crash phpinfo



Community Events





Don't see your event here?
Let us know!


laravel wordpress podcast threedevsandamaybe series bugfix list api library community release project code introduction developer language interview application configure framework

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework