Security Center?

In an effort to make security related information more readily available, the PHP Security Response Team created a new Security Center on March 1st, 2007. The Security Center will serve as the central location where interested parties can find information about security threats, fixes and/or workarounds and any other related meterial.

Security related books

Other links

EOT; site_header("PHP Security center"); echo "

PHP Security Center

\n"; $dbfile = $_SERVER['DOCUMENT_ROOT'] . '/security/vulndb.txt'; $fp = @fopen($dbfile, "rt"); if(is_resource($fp)) { $RECORDS = array(); $record_no = 1; while($s = fgets($fp)) { if($s == "\n") { if(!isset($RECORDS[$record_no]["id"])) { $RECORDS[$record_no]["id"] = $record_no; } $field = null; $record_no++; continue; } if(preg_match("/^([-\w]+):\s*(.*)/", $s, $m)) { // new record $field = strtolower($m[1]); $data = $m[2]; } else { $data = $s; } if($field) { if(isset($RECORDS[$record_no][$field])) { $RECORDS[$record_no][$field] .= $data; } else { $RECORDS[$record_no][$field] = $data; } } } } //echo "
";print_r($RECORDS);
    $id = isset($_GET["id"]) ? (int)$_GET["id"] : 0;
    if(!$id || !isset($RECORDS[$id])) {
?>

PHP Vulnerability Disclosures


This page contains information about PHP-related security threats, patches and known workarounds.


If you believe you have discovered a security problem in PHP please inform the
PHP Security Response Team in confidence by mailing security@php.net




The following colors are used to highlight the severity of a bug:


= $d) {
            if($c > $d) {
                return -1;
            }
            return 0;
        }
        return 1;
    }
    usort($RECORDS, "cmp_records");

    $last_month = "";
    foreach($RECORDS as $record) {
        if(!isset($record["summary"])) {
            if(strlen($record["description"]) > 80) {
                $record["summary"] = substr($record["description"], 0, 70) . "...";
            } else {
                $record["summary"] = $record["description"];
            }
        }
        $current_month = date("Ym", strtotime($record["published"]));
        if($current_month != $last_month) {
            $last_month = $current_month;
            $current_month = $record["affects"];

            echo "
", date("F Y", strtotime($record["published"])), "
\n";
        }
?>

">
    
.php">PHPSA-

    

    
">

    

    




%s (%s)\n", $RECORDS[$id]["id"], $date);
    echo "
\n";
    foreach($RECORDS[$id] as $field => $data) {
        if(!$data) {
            continue;
        }
        $title = ucfirst(strtr($field, "-", " "));
        // Turn urls into links (stolen from master/manage/user-notes.php)
        $data = preg_replace(
            '!((mailto:|(http|ftp|nntp|news):\/\/).*?)(\s|<|\)|"|\\|\'|$)!',
            '\1\4',
            $data
        );
        echo <<< EOT
 

  
$title

  
$data

 
\n
EOT;
    }
    echo "
\n";
}

site_footer();