PHP version 5.3.1 was just released. This release contains a patch for a denial of service condition we’ve reported on 27 October 2009. The problem is related with PHP’s handling of RFC 1867 (Form-based File upload in HTML).
Source: http://www.securityfocus.com/archive/1/507982
Exploit already on PacketStorm…
I promised a client I would give him a little PHP script to help him deal with internationalization (french/english visitors) of his website. So, here is a very simple way to retrieve your visitor’s browser language setting and fork through a IF clause based on this value :
< ?php
#we retreive the language
$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
#if french $lang=fr, english $lang=en
if ( $lang==”fr” ) {
echo “ceci est la version francaise”;
}
else {
echo “other language”;
}?>
This is not meant to be the ‘best’ way or the ‘easiest’, it is simply the way I would do it for a small project. If you got a better way, feel free to post it in the comment section of this post !
I had an installation of phpForms [1] to complete on a client server where Ensim was already installed and configured. installed. I’ve learn a couple of things:
1.
Recovering the root MySQL password is ‘really, really easy’ if Ensim is installed on the server – maybe a bit too much:
# ensim-python -c “import sys;sys.path.append(\”/usr/lib/opcenter/mysql\”);import mysqlbe;print mysqlbe.read_mysqlpass()”
2.
./phpforms/install.php script fail with a 500 error (application error) when viewed with a web browser but output valid code when viewed through a CLI. In a direct relation, the apache error-log is complaining :
‘premature end of script’ ; php-script’
This error is directly related to Ensim’s security setting. Try lowering them: when logged as server-administrator, edit the site setting, and set a ‘low-security-setting’.
[1]. http://phpforms.net/ – PHP Scripts to auto-magically create web forms using database backend.