Re: [Phplib-users] phplib 6.1, php3 and php4
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] phplib 6.1, php3 and php4
|
From: Richard A. <rh...@ju...> - 2002-01-24 04:36:31
|
At 9:52 PM -0600 23/1/02, Lindsay Haisley wrote: >If you know of specific vulnerabilities and problems, cite >references to them. I fixed a cross-site scripting vulnerability in PHPLIB last October. I'm pretty sure that problem would have been there since version 6.1 (although that version pre-dates my use of PHPLIB). Consult the source forge bug tracker for more info. I also re-worked the optional md5 hash login forms. Probably not an issue for you since I don't think this was a feature of 6.1, however it is an example of another security upgrade to PHPLIB. I would be surprised if there hasn't been other security fixes made to PHPLIB in the last 3 years. The CVS tree on SourceForge contains all the commit comments for the last couple of years... you might like to browse that. If you're going to upgrade to PHP4, I recommend putting in the effort to bring your code up to the current release of PHPLIB. Lots of effort has been put into making it run cleanly under PHP4. If you want to stick with 6.1 under PHP4, you will have to back-port a lot of the changes to the old version. ...Richard. |
