PHP: Hypertext Preprocessor

[/] downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | links | conferences | my php.net s earch for in the all php.net sites this mirror only function list online documentation bug database Site News Archive All Changelogs just pear.php.net just pecl.php.net just talks.php.net general mailing list developer mailing list documentation mailing list What is PHP? PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If you are new to PHP and want to get some idea of how it works, try the introductory tutorial . After that, check out the online manual , and the example archive sites and some of the other resources available in the links section . Ever wondered how popular PHP is? See the Netcraft Survey . Thanks To easyDNS Directi pair Networks Server Central Hosted Solutions Spry VPS Hosting OSU Open Source Lab Yahoo! Inc. NEXCESS.NET Rackspace EUKhost SoHosted Webhosting Redpill Linpro Facebook Krystal.co.uk ServerGrove Bauer + Kirch GmbH Related sites Apache MySQL PostgreSQL Zend Technologies Community LinuxFund.org OSTG Syndication You can grab our news as an Atom feed . Stable Releases Current PHP 5.4 Stable: 5.4.3 Current PHP 5.3 Stable: 5.3.13 Release Candidates 5.4.4RC2 (30 May 2012) 5.3.14RC1 (17 May 2012) Upcoming Events [add] June Conferences 06 . biggest French PHP conference 07 . Dutch PHP Conference 2012 09 . DevConf 2012 29 . Lone Star PHP - Dallas, TX User Group Events 06 . Meeting PHP Usergroup OWL 06 . BostonPHP 06 . Pittsburgh PHP Meetup Group 07 . SDPHP (San Diego, CA) 07 . Hannover 07 . Meetup Day 07 . Omaha PHP Users Group Meetup 07 . PHP London 07 . The Houston PHP Users Group 07 . Boston PHP Meetup 07 . Atlanta PHP User Group 07 . Sydney PHP Group meetings 07 . PHP UG Meetup Auckland 07 . Seattle PHP Meetup Group 07 . The Copenhagen PHP Meetup Group 07 . SF PHP Meetup 07 . Knoxville Python & PHP UG 07 . Minnesota PHP User Group 07 . OrlandoPHP User Group 07 . PHP Cardiff Meetup 07 . PHPEM 09 . PHP User Group Nanaimo, BC/CA 09 . PEA meeting from phpchina 09 . Nagpur PHP Meetup 09 . Nezahualcoyotl PHP Ramptors 10 . Los Angeles PHP Developers Group 11 . Queen City (Charlotte) PHP 12 . Hamburg 12 . Dallas PHP/MySQL Users Group 12 . Dallas PHP Users Group (DPUG) 12 . Austin PHP Meetup 12 . OKC PHP Meetup 12 . Nashville PHP User Group 12 . Oklahoma City PHP User Group 12 . Buffalo PHP Meetup 12 . South Florida PHP Users Group 12 . South Florida PUG - Lauderdale 13 . PHP User Group Stuttgart 13 . South FL PUG- Miami 13 . PHP South West User Group 13 . PHPSW, UK 13 . DC PHP Developer's Community 14 . Meeting usergroup Dortmund 14 . PHP Usergroup Frankfurt/Main 14 . Metro Jersey PHP Usergroup 14 . Seattle PHP Meetup/Users Group 16 . Kansas City 16 . Miami Linux Users Group 16 . Twin Cities PHP 16 . Los Angeles LAMPsig 19 . PHP Brisbane Meetup Group 19 . Nashville Enterprise LAMP UG 19 . Chattanooga PHP Developers 19 . PHP North-East User Group 19 . NWO-PUG User Group Meeting 20 . Miami PHP User Group 20 . Broward Php Usergroup 20 . Chicago PHP User Group Brunch 20 . Baltimore PHP User Group 21 . TriPUG 21 . OINK-PUG (Cincinnati, Ohio) 21 . Utah PHP Users Group Meeting 21 . Denver - FRPUG 21 . B/CS PHP User Group 21 . AmsterdamPHP Meetup 25 . Long Island PHP Users Group 25 . Tampa Bay Florida PHP 25 . Winnipeg PHP 26 . New York 26 . AzPHP 26 . Malaysia PHP Meetup 26 . PHP Usergroup Karlsruhe 26 . PHPUG Wuerzburg 26 . DCPHP Beverage Subgroup 26 . Brisbane PHP User Group 26 . PHP User Group Roma 26 . PHPUBSP 27 . Irish PHP Users Group meeting 27 . Guelph PHP Users Group 27 . Edinburgh PHP Users Group 27 . Louisville PHP User Group 28 . Arabic PHP Group Meeting 28 . Malaysia PHP User Group Meet Up 28 . Memphis PHP 28 . PHP Usergroup D/DU/KR 30 . Miami Linux Meetup 30 . PHP RIO Meetup 30 . PHP User Group Hong Kong Training 06 . PHP Training - Chennai - India 06 . Zend Certification 06 . ZEND: PHP II: Higher Structures 06 . ZEND: Test Prep: Framework Cert 06 . ZEND: PHP I: Foundations On-line 06 . PHP: Web-sites and MySQL 07 . Curso de PHP Avanzado en Bilbao 11 . PHP para Expertos Curso on-line 11 . Curso PHP y MySQL 11 . Schulung PHP, MySQL, HTML, CSS 11 . ZEND: Test Prep: PHP 5.3 Cert 11 . ZEND: PHP for OO/Procedural Prog 11 . ZEND: Framework: Fundamentals 11 . ZEND: Framework: Advanced 11 . Dév.de sites WEB dynamiques php 11 . Sites WEB dynamiques avec PHP 13 . UK Object Orientation Workshop 13 . Zend Framework Philippines 14 . UK Smarty Templating Workshop 15 . L'essentiel de PHP orient&e 18 . PHP & MySQL Training / Gießen 18 . PHP Intro Course South Africa 18 . Formation PHP Niveau 1 Bordeaux 19 . Cursos de PHP en Bilbao 21 . Chennai PHP Training 25 . Basic PHP Course 25 . Formation PHP Niveau 2 Bordeaux 26 . UK PHP Training 26 . ZEND: PHP Security On-line 28 . PHP Brasil - Training 28 . Développement orient&eacu 29 . PHP Training Upcoming conferences: DevConf 2012 Dutch PHP Conference 2012 Calling for papers: Northeast PHP conference PHP 5.4.3 and PHP 5.3.13 Released! [08-May-2012] The PHP development team would like to announce the immediate availability of PHP 5.4.3 and PHP 5.3.13. All users are encouraged to upgrade to PHP 5.4.3 or PHP 5.3.13 The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311). Note: mod_php and php-fpm are not vulnerable to this attack. PHP 5.4.3 fixes a buffer overflow vulnerability in the apache_request_headers() (CVE-2012-2329). The PHP 5.3 series is not vulnerable to this issue. For source downloads of PHP 5.4.3 and PHP 5.3.13 please visit our downloads page , Windows binaries can be found on windows.php.net/download/ . The list of changes are recorded in the ChangeLog . PHP 5.3.12 and 5.4.2 and the CGI flaw (CVE-2012-1823) [06-May-2012] PHP 5.3.12/5.4.2 do not fix all variations of the CGI issues described in CVE-2012-1823. It has also come to our attention that some sites use an insecure cgiwrapper script to run PHP. These scripts will use $* instead of "$@" to pass parameters to php-cgi which causes a number of issues. Again, people using mod_php or php-fpm are not affected. One way to address these CGI issues is to reject the request if the query string contains a '-' and no '='. It can be done using Apache's mod_rewrite like this: RewriteCond %{QUERY_STRING} ^[^=]*$ RewriteCond %{QUERY_STRING} %2d|\- [NC] RewriteRule .? - [F,L] Note that this will block otherwise safe requests like ?top-40 so if you have query parameters that look like that, adjust your regex accordingly. Another set of releases are planned for Tuesday, May, 8th. These releases will fix the CGI flaw and another CGI-related issue in apache_request_header (5.4 only). We apologize for the inconvenience created with these releases and the (lack of) communication around them. PHP 5.3.12 and PHP 5.4.2 Released! [03-May-2012] There is a vulnerability in certain CGI-based setups (Apache+mod_php and nginx+php-fpm are not affected) that has gone unnoticed for at least 8 years. Section 7 of the CGI spec states: Some systems support a method for supplying a [sic] array of strings to the CGI script. This is only used in the case of an `indexed' query. This is identified by a "GET" or "HEAD" HTTP request with a URL search string not containing any unencoded "=" characters. So, requests that do not have a "=" in the query string are treated differently from those who do in some CGI implementations. For PHP this means that a request containing ?-s may dump the PHP source code for the page, but a request that has ?-s&=1 is fine. A large number of sites run PHP as either an Apache module through mod_php or using php-fpm under nginx. Neither of these setups are vulnerable to this. Straight shebang-style CGI also does not appear to be vulnerable. If you are using Apache mod_cgi to run PHP you may be vulnerable. To see if you are, just add ?-s to the end of any of your URLs. If you see your source code, you are vulnerable. If your site renders normally, you are not. To fix this, update to PHP 5.3.12 or PHP 5.4.2. We recognize that since CGI is a rather outdated way to run PHP, it may not be feasible to upgrade these sites to a modern version of PHP. An alternative is to configure your web server to not let these types of requests with query strings starting with a "-" and not containing a "=" through. Adding a rule like this should not break any sites. For Apache using mod_rewrite it would look like this: RewriteCond %{QUERY_STRING} ^(%2d|-)[^=]+$ [NC] RewriteRule ^(.*) $1? [L] If you are writing your own rule, be sure to take the urlencoded ?%2ds version into account. Making a bad week worse, we had a bug in our bug system that toggled the private flag of a bug report to public on a comment to the bug report causing this issue to go public before we had time to test solutions to the level we would like. Please report any issues via bugs.php.net . For source downloads of PHP 5.3.12 and PHP 5.4.2 please visit our downloads page , Windows binaries can be found on windows.php.net/download/ . A ChangeLog exists. PHP 5.3.11 And PHP 5.4.1 Released! [26-Apr-2012] The PHP development team announces the immediate availability of PHP 5.3.11 and PHP 5.4.1. These releases focuses on improving the stability of the current PHP branches with over 60 bug fixes, some of which are security related. Security Enhancements for both PHP 5.3.11 and PHP 5.4.1: Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). Add open_basedir checks to readline_write_history and readline_read_history. Security Enhancement affecting PHP 5.3.11 only: Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831). Key enhancements in these releases include: Added debug info handler to DOM objects. Fixed bug #61172 (Add Apache 2.4 support). For a full list of changes in PHP 5.3.11 and PHP 5.4.1, see the ChangeLog . For source downloads please visit our downloads page , Windows binaries can be found on windows.php.net/download/ . All users of PHP are strongly encouraged to upgrade to PHP 5.3.11 or PHP 5.4.1. PHP 5.4.1RC2 Released for Testing [13-Apr-2012] The PHP development team would like to announce the 2nd release candidate of PHP 5.4.1. Windows binaries can be downloaded from the Windows QA site . THIS IS A RELEASE CANDIDATE - DO NOT USE IT IN PRODUCTION! This is the 2nd release candidate. The release candidate phase is intended as a period of bug fixing prior to the stable release. The release candidate fixes a critical issue when using the internal classes in multiple threads. A complete list of changes since the last release candidate can be found in the NEWS file. Please help us to identify bugs in order to ensure that the release is solid and all things behave as expected by taking the time to test this release candidate against your code base and reporting any problems that you encounter to the QA mailing list and/or the PHP bug tracker . PHP 5.4.1 final will be released on April 26. News Archive Atom | show source | credits | sitemap | contact | advertising | mirror sites Copyright © 2001-2012 The PHP Group All rights reserved. This mirror generously provided by: Max Khaikin Last updated: Thu Jun 7 02:41:14 2012 UTC