[Mapserver-users] PHP 4.3.0 security issues
woodbri at swoodbridge.com
woodbri at swoodbridge.com
Fri Feb 21 08:41:52 EST 2003
With respect to the PHP_SELF I was able to place the fix in an auto_prepend file and didn't have to cange any of my scripts.
But I think there is another problem that I ran into that causes the PHP/mapscript process to not terminate and use up 99% of your cpu cycles.
-Steve W.
Paul Spencer <pagameba at magma.ca> wrote:
>
> Thorsten, the bug is in PHP 4.3.0 and is fixed in PHP 4.3.1, this was
> mentioned by Daniel Morissette on 17 Feb
>
> (http://mapserver.gis.umn.edu/data2/wilma/mapserver-users/0302/msg00420.html)
>
> And please be aware that there is a bug in PHP 4.3.0 and PHP 4.3.1 that
> appears to corrupt the value of PHP_SELF. A great many applications
> rely on this value so upgrading to PHP 4.3.0 or PHP 4.3.1 will likely
> break your application. There has been at least one suggestion of a
> work-around for this problem on the mailing list.
>
> http://mapserver.gis.umn.edu/data2/wilma/mapserver-users/0302/msg00540.html
>
> And I believe that the bug is fixed in the latest CVS version of PHP as
> per http://bugs.php.net/bug.php?id=21261
>
> Cheers,
>
> Paul
>
> Thorsten Fischer wrote:
> > I have no idea how closely you guys usually follow these things, but I
> > havent seen it mentioned on the list even though it's already 10 days
> > old, so I just post it here to annoy you if you already know it.
> >
> > There is a bug in PHP 4.3.1 that renders the --enable-force-cgi-redirect
> > compile-time option useless. Everyone running the developer version of
> > PHP MapScript should patch their PHP installation. MapScript 3.7
> > requires PHP 4.3.0, and it requires it running as a CGI.
> >
> >
> > More info:
> >
> > http://www.php.net/release_4_3_1.php
> >
> >
> >
> > hth,
> >
> > thorsten
> >
>
> --
> Paul Spencer
> Applications and Software Development
> DM Solutions Group Inc.
> http://www.dmsolutions.ca
>
>
> _______________________________________________
> Mapserver-users mailing list
> Mapserver-users at lists.gis.umn.edu
> http://lists.gis.umn.edu/mailman/listinfo/mapserver-users
More information about the mapserver-users
mailing list