标签 PHP 下的文章

由于将PHP从5升级到了PHP7,部分函数已经不支持了,Typecho直接数据库无法连接。
下面简单讲述下修改Typecho支持新版本PHP7。

在网站根目录下找到config.inc.php文件。
找到

$db = new Typecho_Db('Mysql', 'typecho_');

改为

$db = new Typecho_Db('Pdo_Mysql', 'typecho_');

也就是说,将Mysql改成Pdo_Mysql即可,其他不变。

源头在于wiki.php.net的漏洞导致wiki账号被盗,而wiki的账号和php代码源的SVN提交权限相关联。

原文:

The wiki.php.net boxwas compromised and the attackers were able to collect wiki account credentials. No other machines in the php.net infrastructure appear to have been affected. Our biggest concern is, of course, the integrity of our source code. We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found. The compromised machine has been wiped and we are forcing a password change for all svn accounts.
We are still investigating the details of the attack which combined a vulnerability in the Wiki software with a Linux root exploit.

- 阅读剩余部分 -

LNMP一键安装包是一个用Linux Shell编写的可以为CentOS/RadHat、Debian VPS(VDS)或独立主机安装LNMP(Nginx、MySQL、PHP、phpMyAdmin)生产环境的Shell程序。

LNMP 0.6是一个安装优化版,主要是处理脚本安装过程中的错误及添加Ubuntu专用安装脚本(安装成功率大大提升),并未对安装程序的版本进行升级。

安装教程:http://lnmp.org/install.html

LNMP相关软件版本:

Nginx 0.7.67
MySQL 5.1.48
PHP 5.2.14
PHPMyAdmin 3.3.7

- 阅读剩余部分 -

昨日,在php官网上php5.2.x系列稳定版更新到php5.2.14,PHP5.3.x系列更新到PHP5.3.3。同时这个版本主要改进了 PHP5.2.x系列的稳定性,修复60多个BUG,部分BUG与安全相关。这个版本标志着对PHP5.2系列更新的结束,在此版本之后不再积极更新 PHP5.2x,其安全补丁可能以单个形式发布。

与此同时,PHP开发团队发布了PHP5.3.3,修复了近100个BUG,鼓励所有PHP5.2系列的用户升级到PHP5.3。 但是实际上国内很多PHP程序对PHP5.3的支持都有不少小问题。

此外,PHP官网着重列出一个PHP5.3.3新的不兼容特性:在命名空间里,和类名一致的函数不再被作为一个构造函数。不过没有使用namespace的类不受影响。

<?php namespace Foo; class Bar { public function Bar() { // 在PHP 5.3.0-5.3.2版本作为构造函数 // 在PHP 5.3.3作为一个普通函数 } } ?>

以下是PHP5.3.3的修复清单。 Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).

  • Fixed a possible resource destruction issues in shm_put_var().
  • Fixed a possible information leak because of interruption of XOR operator.
  • Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
  • Fixed a possible memory corruption in ArrayObject::uasort().
  • Fixed a possible memory corruption in parse_str().
  • Fixed a possible memory corruption in pack().
  • Fixed a possible memory corruption in substr_replace().
  • Fixed a possible memory corruption in addcslashes().
  • Fixed a possible stack exhaustion inside fnmatch().
  • Fixed a possible dechunking filter buffer overflow.
  • Fixed a possible arbitrary memory access inside sqlite extension.
  • Fixed string format validation inside phar extension.
  • Fixed handling of session variable serialization on certain prefix characters.
  • Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
  • Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
  • Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
  • Fixed possible buffer overflows when handling error packets in mysqlnd.
  • Key enhancements in PHP 5.3.3 include:
  • Upgraded bundled sqlite to version 3.6.23.1.
  • Upgraded bundled PCRE to version 8.02.
  • Added FastCGI Process Manager (FPM) SAPI.
  • Added stream filter support to mcrypt extension.
  • Added full_special_chars filter to ext/filter.
  • Fixed a possible crash because of recursive GC invocation.
  • Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
  • Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
  • Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
  • Fixed bug #52001 (Memory allocation problems after using variable variables).
  • Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows).
  • Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3).
  • For users upgrading from PHP 5.2 there is a migration guide available on http://php.net/migration53, detailing the changes between those releases and PHP 5.3.

PHP5.2.14主要更新清单

  • Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
  • Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
  • Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
  • Fixed a possible memory corruption in substr_replace().
  • Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
  • Fixed a possible stack exaustion inside fnmatch().
  • Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
  • Fixed handling of session variable serialization on certain prefix characters.
  • Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.
  • Key enhancements in PHP 5.2.14 include:
  • Upgraded bundled PCRE to version 8.02.
  • Updated timezone database to version 2010.5.
  • Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
  • Fixed bug #52237 (Crash when passing the reference of the property of a non-object).
  • Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
  • Fixed bug #51822 (Segfault with strange __destruct() for static class variables).
  • Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).
  • Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").

下载:PHP5.3