By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,407 Members | 1,753 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,407 IT Pros & Developers. It's quick & easy.

Host has installed 4.3.11-dev

P: n/a
The host of one of the domains I manage has installed 4.3.11-dev and as
a result file uploads no longer work with Internet Explorer.

Worth keeping an eye out for.

In the meantime I now need to ask why they have installed a development
version on a production server...
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
On Tue, 15 Feb 2005 00:12:55 +0000, Geoff Berrow <bl******@ckdog.co.uk> wrote:
The host of one of the domains I manage has installed 4.3.11-dev and as
a result file uploads no longer work with Internet Explorer.

Worth keeping an eye out for.

In the meantime I now need to ask why they have installed a development
version on a production server...


Hm, another one... see thread "upgrade to php 4.311 stops file upload with EWE
- Help!!" starting with message-id
<42***********************@ptn-nntp-reader03.plus.net> on alt.php - same issue,
same syptoms. Same host?

--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
Jul 17 '05 #2

P: n/a
I noticed that Message-ID: <pr********************************@4ax.com>
from Andy Hassall contained the following:
In the meantime I now need to ask why they have installed a development
version on a production server...


Hm, another one... see thread "upgrade to php 4.311 stops file upload with EWE
- Help!!" starting with message-id
<42***********************@ptn-nntp-reader03.plus.net> on alt.php - same issue,
same syptoms. Same host?


Yes, it is, Fasthosts. And if they don't bloody well change it, I'm
going to be mentioning it a lot. I wouldn't use them but my client has
an account with them. They have PHP on their windoze boxes, but no GD
functions so we had to pay more to go onto a Linux box.

The annoying thing is that I had been doing some modifications to the
code and only noticed while I was testing. Naturally, I thought I had
screwed up and it took an hour and a half of further testing before I
came to the conclusion that t wasn't me. Grrrr...

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #3

P: n/a
I noticed that Message-ID: <ae********************************@4ax.com>
from Geoff Berrow contained the following:
The host of one of the domains I manage has installed 4.3.11-dev and as
a result file uploads no longer work with Internet Explorer.


The host in question is Fasthosts in the UK.

The problem exists in Internet Explorer
$_FILE['userfile']['name'] contains the full path to the file.

It can be corrected by adding the lines
$fname = $_FILES['userfile']['name'];
$filename=substr(strrchr($fname,"\\"),1);

and then replacing $_FILES['userfile']['name'] with $filename wherever
it occurs.
Support have stated that they have installed this version for security
reasons. Anyone know anything about this?
Crossposted to alt.php,alt.comp.lang.php,uk.net.web.authoring
Follow-ups to comp.lang.php

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #4

P: n/a
NC
Geoff Berrow wrote:

The host of one of the domains I manage has installed 4.3.11-dev
...
Support have stated that they have installed this version for security reasons. Anyone know anything about this?


Most likely, this is overkill. There was indeed a security
advisory about PHP <= 4.3.9 and PHP <= 5.0.2:

http://www.hardened-php.net/advisories/012004.txt

But the recommendation was to upgrade to stable PHP 4.3.10.
Why a hosting company would want to upgrade to a development
version is beyond me...

Cheers,
NC

Jul 17 '05 #5

P: n/a
I noticed that Message-ID:
<11********************@o13g2000cwo.googlegroups.c om> from NC contained
the following:
reasons. Anyone know anything about this?


Most likely, this is overkill. There was indeed a security
advisory about PHP <= 4.3.9 and PHP <= 5.0.2:

http://www.hardened-php.net/advisories/012004.txt

But the recommendation was to upgrade to stable PHP 4.3.10.
Why a hosting company would want to upgrade to a development
version is beyond me...

The advisory says:

Recommendation:

It is strongly recommended to upgrade to the new PHP-Releases as
soon as possible, ...

But I agree with you, it does seem clueless to run development software
on a production server. Who knows what other vulnerabilities the dev
software may have?
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #6

P: n/a
On Tue, 15 Feb 2005 11:25:41 +0000, Geoff Berrow <bl******@ckdog.co.uk> wrote:
I noticed that Message-ID: <ae********************************@4ax.com>
from Geoff Berrow contained the following:
The host of one of the domains I manage has installed 4.3.11-dev and as
a result file uploads no longer work with Internet Explorer.


The host in question is Fasthosts in the UK.

The problem exists in Internet Explorer
$_FILE['userfile']['name'] contains the full path to the file.

It can be corrected by adding the lines
$fname = $_FILES['userfile']['name'];
$filename=substr(strrchr($fname,"\\"),1);

and then replacing $_FILES['userfile']['name'] with $filename wherever
it occurs.

Support have stated that they have installed this version for security
reasons. Anyone know anything about this?


Changelog for 4.3.11-dev has a couple of possibly bad bugs in it, but nothing
jumps out as worth upgrading to a development version on a live server.

Some memory leaks and some safe_mode issues.
?? ??? ????, Version 4.3.11
- Added Oracle Instant Client support. (cjbj at hotmail dot com, Tony)
- Changed phpize not to require libtool. (Jani)
- Fixed several egregious leaks in ext/browscap and sapi/embed. (Andrei)
- Fixed several leaks in ext/filepro. (Tony)
- Fixed build system to always use bundled libtool files. (Jani)
- Fixed MacOSX shared extensions crashing on Apache startup. (Rasmus)
- Fixed bug #31936 (set_h_errno() is redefined incompatibly). (Jani)
- Fixed bug #31858 (--disable-cli does not force --without-pear). (Jani)
- Fixed bug #31842 (*date('r') does not return RFC2822 conforming date string).
(Jani)
- Fixed bug #31797 (exif_read_data() uses too low nesting limit). (Ilia)
- Fixed bug #31796 (readline completion handler does not handle empty return
values). (Ilia)
- Fixed bug #31754 (dbase_open() fails for mode = 1). (Mehdi, Derick)
- Fixed bug #31705 (parse_url() does not recognize http://foo.com#bar). (Ilia)
- Fixed bug #31684 (dio_tcsetattr(): misconfigured termios settings).
(elod at itfais dot com)
- Fixed bug #31699 (unserialize() float problem on non-English locales). (Ilia)
- Fixed bug #31623 (OCILogin does not support password grace period).
(daniel dot beet at accuratesoftware dot com, Tony)
- Fixed bug #31580 (fgetcsv() problematic with "" escape sequences). (Ilia)
- Fixed bug #31527 (crash in msg_send() when non-string is stored without
being serialized). (Ilia)
- Fixed bug #31514 (open_basedir uses path_translated rather then cwd for .
translation). (Ilia)
- Fixed bug #31480 (Possible infinite loop in imap_mail_compose()). (Ilia)
- Fixed bug #31479 (Fixed crash in chunk_split(), when chunklen > strlen).
(Ilia)
- Fixed bug #31465 (False warning in unpack() when working with *). (Ilia)
- Fixed bug #31454 (session_set_save_handler crashes PHP when supplied
non-existent object ref). (Tony)
- Fixed bug #31444 (Memory leak in zend_language_scanner.c).
(hexer at studentcenter dot org)
- Fixed bug #31413 (curl POSTFIELDS crashes on 64-bit platforms). (Joe)
- Fixed bug #31396 (compile fails with gd 2.0.33 without freetype). (Jani)
- Fixed bug #31371 (highlight_file() trims new line after heredoc). (Ilia)
- Fixed bug #31270 (missing safe_mode/open_basedir check in swf_openfile()).
(Ilia)
- Fixed bug #31174 (compile warning in url.c). (Ilia, lukem at NetBSD dot org)
- Fixed bug #31159 (COM object access is not working). (Wez)
- Fixed bug #31142 (imap_mail_compose() fails to generate correct output).
(Ilia)
- Fixed bug #31398 (When magic_guotes_gpc are enabled filenames with ' get
cutoff).
(Ilia)
- Fixed bug #31120 (mssql_query returns false on successfull inserts and
stored procedures). (Frank)
- Fixed bugs #31107, #31110, #31111 (Compile failure of zend_strtod.c). (Jani)
- Fixed bug #31106 (Fixed crash in overloaded objects). (Stas)
- Fixed bug #31103 (Better error message when c-client cannot be found). (Ilia)
- Fixed bug #31101 (missing kerberos header file path with --with-openssl).
(Jani)
- Fixed bug #31072 (var_export() does not output an array element with an empty
string key). (Derick)
- Fixed bug #31060 (imageftbbox() does not use linespacing parameter). (Jani)
- Fixed bug #31056 (php_std_date() returns invalid formatted date if
y2k_compliance is On). (Ilia)
- Fixed bug #31055 (apache2filter: per request leak proportional to the full
path of the request URI). (kameshj at fastmail dot fm)
- Fixed bug #30726 (-.1 like numbers are not being handled correctly). (Ilia)
- Fixed bug #30446 (apache2handler: virtual() includes files out of sequence)
- Fixed bug #30430 (odbc_next_result() doesn't bind values and that results
in segfault). (pdan-php at esync dot org, Tony)
- Fixed bug #30120 (imagettftext() and imagettfbbox() accept too many
parameters). (Jani)
- Fixed bug #29733 (printf() handles repeated placeholders wrong).
(bugs dot php dot net at bluetwanger dot de, Ilia)
- Fixed bug #28976 (mail(): use "From:" from headers if sendmail_from is
empty).
(Jani)
- Fixed bug #28930 (PHP sources pick wrong header files generated by bison).
(eggert at gnu dot org)
- Fixed bug #28804 (ini-file section parsing pattern is buggy).
(wendland at scan-plus dot de)
- Fixed bug #28451 (corupt EXIF headers have unlimited recursive IFD directory
entries). (Andrei)
- Fixed bug #28086 (crash inside overload() function). (Tony)
- Fixed bug #28074 (FastCGI: stderr should be written in a FCGI stderr stream).
(chris at ex-parrot dot com)
- Fixed bug #7782 (Cannot use PATH_INFO fully with php isapi). (Unknown)

--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
Jul 17 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.