Loud Baking

For the ones of you who have not opted to receive the PHP announcements from the php.net site, here’s an important one you shouldn’t miss if you are using the 5.2.x branch.

From the PHP team:

over 60 bug fixes, several of which are security related

Some of the vulnerabilities are:

1. Various errors exist in the “htmlentities” and “htmlspecialchars” functions where partial multibyte sequences are not accepted.
2. Various boundary errors exist in the “fnmatch()”, “setlocale()”, and “glob()” functions and can be exploited to cause buffer overflows.
3. An error in the processing of “.htaccess” files can be exploited to bypass the “disablefunctions” directive by modifying the “mail.forceextraparameters” php.ini directive via an “.htaccess” file.
4. An error in the handling of variables can be exploited to overwrite values set in httpd.conf via the “iniset()” function.

More details can be found in the official announcement here.

Back when the web app was to be hosted on the VPS (using PHP4), I had started coding some of the scrapers and parsers to retrieve data from different affiliate networks. After moving to the new servers and setting them up with the latest stable versions of PHP and MySQL, it was time I clean up, optimize and document my code. But no, before I could start doing that and while I was still testing it to refresh my memory on the different methods available within the DtSoap class, I started getting errors!

nusoap

My code required nusoap to communicate with the networks’ WSDL. However, just like for nusoap, PHP5 includes a class named ‘soapclient‘ which caused the conflict. The solution was simple, changing the class’ name to ‘nusoapclient’ and the constructor too before finally changing my code to call for it instead of the old name.

That was the lazy-guy in me reasoning. As soon as the geek kicked in, you guessed it, or maybe not: I decided to update the code and use the built-in soap extension available in PHP5. (more…)