Tag Archives: Security

Stability, security-focused PHP 5.2.13 released today

PHP 5.2.13 was released today, fixing over 40 bugs.  PHP recommends that all users on the 5.2 branch upgrade as soon as possible.  Included below are various bugs fixed in this release, and links to the official changelog, release announcement, and download page.

  • Improved LCG entropy (security)
  • Fixed safe_mode validation inside tempnam() when… (security)
  • Fixed open_basedir/safe_mode bypass in session extension (security)
  • Upgraded to PCRE 7.9
  • Fixed strip_tags() bug that removed parameters over 1023 bytes even when in exclude list
  • Regarding define() and defined()
    • :: was allowed to be included within constant name using define(), issuing a fatal error vs. E_WARNING
    • defined() no longer requires a class to exist when testing class constant
  • PHP 5.2.13 Changelog
  • PHP 5.2.13 Release Announcement
  • Download PHP 5.2.13

Using PHPass password hasher with Zend Framework

In this tutorial, we will learn how to use PHPass, a portable PHP password hashing component, with the “glue”-based Zend Framework.  The popular PHP-based blogging platform WordPress utilizes PHPass to hash user passwords.  Using this library adds an extra level of security over a normal MD5-protected password. Continue reading Using PHPass password hasher with Zend Framework