Re: [PHP-DEV] PHP 4.0 Bug #8795: Recieved POST-form-data is unexpectedlyescaped with backslashes
On Thu, 18 Jan 2001, Toby Butzon wrote: As a side note, check this link out ;) http://[removed]?file=/etc/passwd --Toby Oh come on. Exposing this file even with shadow passwords in place is still a HUGE risk, because now your userids are exposed and your system is vulnerable to a brute-force attack. Never, EVER, do something as silly as this, especially in a public forum. -- Ignacio Vazquez-Abrams [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] PHP 4.0 Bug #8751: configure misdetects zlib on FreeBSD4.1.1
On 17 Jan 2001 [EMAIL PROTECTED] wrote:
From: [EMAIL PROTECTED]
Operating system: FreeBSD 4.1.1
PHP version: 4.0.4pl1
PHP Bug Type: PHP options/info functions
Bug description: configure misdetects zlib on FreeBSD 4.1.1
When running configure for PHP 4.0.4pl1 on FreeBSD 4.1.1/i386, configure fails to
properly detect FreeBSD's builtin zlib support. Zlib version 1.1.3 is preinstalled in
/usr/lib/libz.{a,so}, however when configure tries to verify zlib's presence it says
"zlib support requires zlib version = 1.0.9" and terminates. It also complains that
it can't find gzgets in -lz.
The exact command line I used was:
./configure --with-apxs --enable-sigchild \
--enable-magic-quotes --enable-bcmath --with-bz2 \
--with-gdbm --with-ndbm --enable-ftp --with-gd=/usr/local \
--with-jpeg-dir=/usr/local --with-xpm-dir=/usr/X11R6 \
--with-ttf --enable-gd-imgstrttf --with-imap \
--with-java=/usr/local/jdk1.1.8 --with-ldap --with-mhash \
--with-mysql=/usr/local --with-iodbc --with-pdflib \
--with-zlib-dir=/usr --with-png-dir=/usr/local \
--with-tiff-dir=/usr/local --with-mm --enable-trans-sid \
--with-zlib=/usr --enable-sockets \
--enable-inline-optimization --enable-memory-limit
Upon removing the --with-zlib flag, php compiles fine and works normally.
Could you please configure PHP with --with-zlib and post the last 15-20 lines
of config.log. I don't have experience with PHP under FreeBSD, but usually the
zlib error indicates that something else is wrong.
--
Ignacio Vazquez-Abrams [EMAIL PROTECTED]
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] MySQL client library upgrade: 3.3.31
On Tue, 16 Jan 2001, Thimble Smith wrote: Hi, all. I would like to upgrade ext/mysql/libmysql to the latest version. There is one important bug fix. Right now, the client can't connect to a server if mysqld is using a character set other than latin1. There are also numerous bug fixes and a few added features. One thing I'm not sure about: in your version of config-win.h, the #definition of HAVE_COMPRESS is commented out. Is this important, or is it okay to leave the way we have it in MySQL? The diff isn't too huge, so I'll put it at the end of this message. If no one has any objections, I'll commit it shortly. Ahh...it is pretty large (102K). I've put it here: http://toxic.magnesium.net/~thim/mysql/php-mysql.diff Tim I realize that this may be slightly off-topic, but I (and plenty others who are aware of the problem) feel that it needs to be addressed. When PHP is configured to use an external library for MySQL support, if zlib support is not added then PHP fails with an "unresolved symbol: compress" error due to the fact that the newer versions of the MySQL client libraries seem to require libz.so in order to function. I have tried a couple of times to patch ext/mysql/config.m4 to resolve this, but I haven't been successful. Some PHP bug reports which refer to this problem are: 5651, 6811, 6981, 7266, 8307, 8332, and 8575. I'm certain that there are many who would appreciate it if you could deal with this issue once and for all. Thank you for your time. -- Ignacio Vazquez-Abrams [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DEV] MySQL client library upgrade: 3.3.31
On Tue, 16 Jan 2001, Sean R. Bright wrote: Ignacio: This is my configure line: ./configure --with-mysql=/usr/local/mysql --with-apxs=/usr/local/etc/httpd/ bin/apxs And I have a relatively new (a month?) mysql tarball and haven't received this message. How are you configuring? Sean Do any of the other modules you're loading in Apache require zlib? You can find out by running ldd on them and looking for libz.so. -- Ignacio Vazquez-Abrams [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
