[Phplib-trackers] [ phplib-Bugs-545551 ] PHP 4.3.0-DEV incompatibility

[<no...@so...>]

Bugs item #545551, was opened at 2002-04-18 19:18
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=403611&aid=545551&group_id=31885

Category: None
Group: 7.4pre1
>Status: Closed
>Resolution: Fixed
>Priority: 1
Submitted By: David S. (dazo)
>Assigned to: Richard Archer (richardarcher)
Summary: PHP 4.3.0-DEV incompatibility

Initial Comment:
Hello!

I'm running Apache 2.0.35 and PHP-4.3.0-DEV on my
machine and tried to install phplib-7.4pre1

Ok!  Since the latest PHP has some great security
improvements, it's not fully compatible with your
latest phplib.

I noticed these two differences which led to a
modification in php.ini file.

** 1.  allow_call_time_pass_reference (comment taken
out php ini file)
; Whether to enable the ability to force arguments to
be passed by reference
; at function call time.  This method is deprecated and
is likely to be
; unsupported in future versions of PHP/Zend.  The
encouraged method of
; specifying which arguments should be passed by
reference is in the function
; declaration.  You're encouraged to try and turn this
option Off and make
; sure your scripts work properly with it in order to
ensure they will work
; with future versions of the language (you will
receive a warning each time
; you use this feature, and the argument will be passed
by value instead of by
; reference).
allow_call_time_pass_reference = Off

This has to be set to 'On' ... You might want to
consider rewriting this since this option/feature
probably will disapear in the near future ...

** 2.  register_globals (comment from php.ini)
;     Global variables are no longer registered for
input data (POST, GET, cookies,
;     environment and other server variables).  Instead
of using $foo, you must use
;     you can use $_REQUEST["foo"] (includes any
variable that arrives through the
;     request, namely, POST, GET and cookie variables),
or use one of the specific
;     $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or
$_FILES["foo"], depending
;     on where the input originates.  Also, you can
look at the
;     import_request_variables() function.
;     Note that register_globals is going to be
depracated (i.e., turned off by
;     default) in the next version of PHP, because it
often leads to security bugs.
;     Read
http://php.net/manual/en/security.registerglobals.php
for further
;     information.
register_globals = Off

This also has to be set to 'On'  ... this feature I
simply decline to set to On due to security risks.  And
this feature/option will also disapear in the near
future ...

I also noticed that a line is missing in the
db_pgsql.inc ...  Add
	var $Port     = "";
in the DB_Sql class.

And one last thing ... since PHP4 ... all the
extensions on this PHP scripts are .php ... so you
might want to rename all the files ... if not, the user
have to edit the Apache configuration file (httpd.conf)
to enable .php3 files to act as .php files.  

If it wasn't for all this, I would have started using
the library today, but I don't dare to do that now
because I must rely on features in the latest PHP
version and since the most important PHP options might
disapear I can not bind myself to this library.

Except for this, this library seems to be great!

----------------------------------------------------------------------

>Comment By: Richard Archer (richardarcher)
Date: 2002-04-25 15:32

Message:
Logged In: YES 
user_id=279311

Most of these are now fixed.
Added a cheap fix to a broken concept in the -devel
auth/sql/auth.inc.

----------------------------------------------------------------------

Comment By: David S. (dazo)
Date: 2002-04-19 19:16

Message:
Logged In: YES 
user_id=231324

I took the latest CVS version and tried it!  Much better!

But I do get a strange error/notice from PHP:

Notice: Undefined index: error in phplib/auth/sql/auth.inc
on line 194

I tried to add the an error variable (var $error = "") in
both the phplib/auth/auth.inc and phplib/auth/sql/auth.inc

But it didn't seem to work ... I'm gonna have a close look
on this one. (In my php.ini I have: error_reporting  = 
E_ALL; display_errors = On; display_startup_errors = On; 
--- and thats the reason it screams about it, but I'm
paranoid so I like to see my mistakes! ;-)

Keep up the good work!  This is great!


David S.
I also added a patch for the pgsql driver (the $Port
variable)

----------------------------------------------------------------------

Comment By: Layne Weathers (layne_weathers)
Date: 2002-04-19 02:01

Message:
Logged In: YES 
user_id=278685

1. allow_call_time_pass_reference
This was fixed in session.inc last August so it should be 
fixed in 7.4pre1 - user.inc has since been fixed in CVS 
(fix yours by removing the ampersand in the calls to $this-
>serialize()) and there is one roque occurrence in 
layout_html.inc (on its way to being fixed) and one use in 
db_odbc.inc's next_record().

2. register_globals
This also is fixed in CVS. 

3. db_pgsql.inc
If you will provide a patch for using that parameter, we 
can get it into CVS.

4. file extensions
This has been asked before - I hate to keep .php3, but I 
also hate sending files to the CVS Attic just to change 
their name - it disconnects their history. I'll let someone 
else do the deed.

Unfortunately, I think there's still a bit of work to do 
before the next release. I have tested the latest CVS and 
it is now on my production servers - I recommend checking 
it out.

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=403611&aid=545551&group_id=31885