[PHP-DOC] Security Flaw In User Note Submission Form
Good evening, all; As some of you may have noticed, earlier today there were about a dozen emails on seemingly-random pages, all of which stated simply "I love PHP! I love the [function]() function!" by Anonymous. That was me. While looking through parts of the website, I also audited the user note submission form and found a hole that allows wide-spread SPAM. In fact, with a simple script, the user notes could be slammed with thousands of SPAM messages per day. I don't want to get into the specifics of it on the list or in a public bug report, of course, because that's just inviting trouble. If you send me an email privately, I'll send you the link to the source of the script I used and an explanation of the vulnerability. In any case, we should update the form ASAP before it becomes a real problem. Is there a closed-to-the-public list for discussing site and system issues among members of the group that we don't want publicized? Speaking in riddles feels rather ridiculous. ;-P -- Better prices on dedicated servers: Intel 2.4GHz/60GB/512MB/2TB $49.99/mo. Intel 3.06GHz/80GB/1GB/2TB $59.99/mo. Dedicated servers, VPS, and hosting from $2.50/mo.
[PHP-DOC] Re: [PHP-CVS] cvs: php-src(PHP_5_3) /ext/ming ming.c php_ming.h
Hi Derick, I'm working on optimizing the version checking to make it possible to compile and link against at least 0.3, but older versions might not be possible as it would create too much spaghetti code. - Frank > On Fri, 25 Jul 2008, Derick Rethans wrote: > > > On Thu, 24 Jul 2008, Frank M. Kromann wrote: > > > > > fmk Thu Jul 24 08:02:39 2008 UTC > > > > > > Modified files: (Branch: PHP_5_3) > > > /php-src/ext/ming ming.c php_ming.h > > > Log: > > > Syncronize the ming extension with libming 0.4 > > > [DOC] PHP 5.3 requires libming 0.4 > > > > Is that really necessary? libming 0.3 has been working fine, and it's > > the latest that debian unstable has - could you please see if it'd be > > possible to support that as well? > > This is even more useful as PHP < 5.3 doesn't compile against libming > 0.4. In order to be able to run both 5.2 and 5.3 I need both version of > the lib - something that many distributions don't do. > > regards, > Derick > -- > HEAD before 5_3!: http://tinyurl.com/6d2esb > http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org >
[PHP-DOC] bug#44244 (Link s to the class docs)
Hi all I'd like to fix bug#44244 like we fixed the methodless-exception-problem[1], by introducing phpdoc:class element which will behave exactly like the phpdoc:exception element. This way we can index (the actual classname) and therefore automatically generate links to only classes, and the same for obviously. I don't have a patch for it at the moment though, but it would be exactly like the phpdoc:exception Docbook DTD patch. Any objections? -Hannes [1] http://php.markmail.org/message/qdwemr6mr55hsc2m
[PHP-DOC] Re: [PHP-CVS] cvs: php-src(PHP_5_3) /ext/ming ming.c php_ming.h
On Fri, 25 Jul 2008, Derick Rethans wrote: > On Thu, 24 Jul 2008, Frank M. Kromann wrote: > > > fmk Thu Jul 24 08:02:39 2008 UTC > > > > Modified files: (Branch: PHP_5_3) > > /php-src/ext/ming ming.c php_ming.h > > Log: > > Syncronize the ming extension with libming 0.4 > > [DOC] PHP 5.3 requires libming 0.4 > > Is that really necessary? libming 0.3 has been working fine, and it's > the latest that debian unstable has - could you please see if it'd be > possible to support that as well? This is even more useful as PHP < 5.3 doesn't compile against libming 0.4. In order to be able to run both 5.2 and 5.3 I need both version of the lib - something that many distributions don't do. regards, Derick -- HEAD before 5_3!: http://tinyurl.com/6d2esb http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org
[PHP-DOC] Re: [PHP-CVS] cvs: php-src(PHP_5_3) /ext/ming ming.c php_ming.h
On Thu, 24 Jul 2008, Frank M. Kromann wrote: > fmk Thu Jul 24 08:02:39 2008 UTC > > Modified files: (Branch: PHP_5_3) > /php-src/ext/ming ming.c php_ming.h > Log: > Syncronize the ming extension with libming 0.4 > [DOC] PHP 5.3 requires libming 0.4 Is that really necessary? libming 0.3 has been working fine, and it's the latest that debian unstable has - could you please see if it'd be possible to support that as well? regards, Derick -- HEAD before 5_3!: http://tinyurl.com/6d2esb http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org