PHP是一种新型的CGI程序编写语言,易学易用,运行速度快,可以方便快捷地编写出功能强大,运行速度快,并可同时运行于 Windows、Unix、Linux平台的Web后台程序, 内置了对文件上传、密码认证、Cookies操作、邮件收发、动态GIF生成等功能,PHP 直接为很多数据库提供原本的连接,包括Oracle、Sybase、Postgres、Mysql、Informix、Dbase、Solid、 Access等,完全支持ODBC接口,用户更换平台时,无需变换PHP代码,可即拿即用.
Security Enhancements and Fixes in PHP 5.3.9:
Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
Fixed bug 60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)
Key enhancements in PHP 5.3.9 include:
Fixed bug 55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of).
Fixed bug 55609 (mysqlnd cannot be built shared)
Many changes to the FPM SAPI module
Security Enhancements and Fixes in PHP 5.3.6:
* Enforce security in the fastcgi protocol parsing with fpm SAPI.
* Fixed bug 54247 (format-string vulnerability on Phar).
(CVE-2011-1153)
* Fixed bug 54193 (Integer overflow in shmop_read()).
(CVE-2011-1092)
* Fixed bug 54055 (buffer overrun with high values for precision
ini setting).
* Fixed bug 54002 (crash on crafted tag in exif). (CVE-2011-0708)
* Fixed bug 53885 (ZipArchive segfault with FL_UNCHANGED on empty
archive). (CVE-2011-0421)
Key enhancements in PHP 5.3.6 include:
* Upgraded bundled Sqlite3 to version 3.7.4.
* Upgraded bundled PCRE to version 8.11.
* Added ability to connect to HTTPS sites through proxy with basic
authentication using stream_context/http/header/
Proxy-Authorization.
* Added options to debug backtrace functions.
* Changed default value of ini directive serialize_precision from
100 to 17.
* Fixed Bug 53971 (isset() and empty() produce apparently spurious
runtime error).
* Fixed Bug 53958 (Closures can't 'use' shared variables by value
and by reference).
* Fixed bug 53577 (Regression introduced in 5.3.4 in open_basedir
with a trailing forward slash).
* Over 60 other bug fixes.
Security Enhancements and Fixes in PHP 5.3.1:
Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
Added missing sanity checks around exif processing.
Fixed a safe_mode bypass in tempnam().
Fixed a open_basedir bypass in posix_mkfifo().
Fixed failing safe_mode_include_dir.
Further details about the PHP 5.3.1 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.
查看全部软件简介»
2397
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
