I think we've set a new PHP release record today, 3 releases in one day, PHP 5.1.5, 4.4.4 and 5.2.0RC2. The first two are aimed at addressing a series of security faults that were discovered in stable branches. The good thing is that the issues found are mostly local exploits, so upgrading should definitely be a priority to shared hosting providers or multi-user PHP systems. That said, I would still recommend that all users of PHP consider upgrading their installs to the relevant releases. For information about the exploits themselves go to php.net The tar balls and win32 binaries for the releases can be found here for PHP 5.1.5 and PHP 4.4.4. As far as PHP 5.2.0RC2, this is an intermediate release,which brings us one step closer to the final release, hopefully sometime in September. As always, I'd like to ask everyone to give this release a try and see if your code runs on it or not and provide the PHP Development team with feedback. We are particularly interested in any new bugs, regression or dro...

A new version of FUDforum is on the release path. This release is largely a feature addition release with a fair quantity of new functionality being added. That said there were a few bug fixes sprinkled in between as well. The upgrade and installer can be downloaded from here: Installer Download Upgrade Script The main features of the new release include the following: Added an option that enabled admins and moderators to edit topic ratings. Added account moderators, who can approve new accounts as well as manage existing users. Added ability to display flags beside user names based on IP geo-location. Added an option of adding "permanent" announcements. To see details of all the changes see the release announcement.

I've just completed the upgraded of the bundled libsqlite in pdo driver from a fairly antiquated 3.2.8 to the latest 3.3.7. Yet, another reason to upgrade to 5.2.0 when it comes it ;-)

Thanks to a patch from Scott MacVicar that I've just applied to CVS, PHP 5.2 will have support for httpOnly cookie flag. This neat little feature allows you to mark a newly created cookie as HTTP only, another words inaccessible to browser based scripting languages such as JavaScript. This means it would become far more difficult, if not impossible to steal a user's cookie based session by injecting JavaScript into a page and then using to read cookies. This flag can be toggled by passing TRUE as the 7th parameter to the setcookie() and the setrawcookie() functions respectively. Ex: [php] setcookie("abc", "test", NULL, NULL, NULL, NULL, TRUE); setrawcookie("abc", "test", NULL, NULL, NULL, NULL, TRUE); [/php] The support of the httpOnly flag extends to the session extension as well, where it can be enabled by setting the session.cookie_httponly INI setting to 1. Or passing TRUE as the 5th parameter to the session_set_cookie_params() function. [php] ini_set("session.cookie_httponly", 1); // or session_set_c...

A new Apache 1.3.37 is out and I had to upgrade all my servers to it, in the process I've had to compile mod_deflate, a high performance compression module that works MUCH faster then mod_gzip. This is primarily thanks to the fact it does not use temporary files, but instead does everything in memory. Since the official mod_deflate package has been abandoned by its author, even though the code still works with a few minor tweaks. So, I've decided to post a patched version of this module for all interested Apache 1.3.37 users. You can download it here: http://ilia.ws/uploads/patches/mod_deflate-1.0.21i.tar.bz2 MD5: 4bd8b6773d9cb843494faceae3c9c945 The package also includes a short README files that explains how to install this module on your server. For people too lazy to read the README, the instructions follow at the bottom of this blog entry ;-). Installing mod_deflate 1) Apply mod_defalte.patch on top of Apache 1.3.37 2) copy mod_defalte.c into the src/modules/extra directory 3) Add --activat...