Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 10 additions & 7 deletions archive/entries/2012-05-03-1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
7 of the CGI spec</a> states:</p>

<cite>
Some systems support a method for supplying a array of strings to the
Some systems support a method for supplying a [sic] array of strings to the
CGI script. This is only used in the case of an `indexed' query. This
is identified by a "GET" or "HEAD" HTTP request with a URL search
string not containing any unencoded "=" characters.
Expand All @@ -36,13 +36,9 @@
if you are just add ?-s to the end of any of your URLs. If you see your
source code, you are vulnerable. If your site renders normally, you are not.</p>

<p>Making a bad week worse, we had a bug in our bug system that toggled the
private flag of a bug report to public on a comment to the bug report
causing this issue to go public before we had time to test solutions to
the level we would like.</p>
<p>To fix this update to PHP 5.3.12 or PHP 5.4.2. </p>

<p>To fix this update to PHP 5.3.12 or PHP 5.4.2. We recognize that since
this is a rather outdated way to run PHP it may not be feasible to
<p>We recognize that since CGI is a rather outdated way to run PHP it may not be feasible to
upgrade these sites to a modern version of PHP, so an alternative is to
configure your web server to not let these types of requests with query
strings starting with a "-" and not containing a "=" through. Adding a
Expand All @@ -57,10 +53,17 @@
<p>If you are writing your own rule, be sure to take the urlencoded ?%2ds
version into account.</p>

<p>Making a bad week worse, we had a bug in our bug system that toggled the
private flag of a bug report to public on a comment to the bug report
causing this issue to go public before we had time to test solutions to
the level we would like. Please report any issues via <a href="https://bugs.php.net/">bugs.php.net</a>.</p>

<p>For source downloads of PHP 5.3.12 and PHP 5.4.2 please visit
our <a href="/downloads.php">downloads page</a>, Windows binaries can be found
on <a href="http://windows.php.net/download/">windows.php.net/download/</a>. A
<a href="/ChangeLog-5.php#5.4.2">ChangeLog</a> exists.</p>


</div>
</content>
</entry>