PHP 5.2.11°æ±¾ÐÞ¸´¶à¸ö°²È«Â©¶´
ÊÜÓ°Ïìϵͳ£º
PHP PHP 5.2.x
²»ÊÜÓ°Ïìϵͳ£º
PHP PHP 5.2.11
ÃèÊö£º
BUGTRAQ ID: 36449
CVE ID: CVE-2009-3291,CVE-2009-3292,CVE-2009-3293,CVE-2009-3294
PHPÊǹ㷺ʹÓõÄͨÓÃÄ¿µÄ½Å±¾ÓïÑÔ£¬ÌرðÊʺÏÓÚWeb¿ª·¢£¬¿ÉǶÈëµ½HTMLÖС£
PHPµÄ5.2.11֮ǰ°æ±¾µÄ¶à¸öº¯ÊýÖдæÔÚ°²È«Â©¶´£¬¿ÉÄÜÔÊÐíÔ¶³Ì¹¥»÷Õßµ¼Ö¾ܾø·þÎñ»òÍêÈ«ÈëÇÖÓû§ÏµÍ³¡£
1) PHPµÄphp_openssl_apply_verification_policyº¯ÊýûÓÐÕýÈ·µÄÖ´ÐÐÖ¤ÊéÑéÖ¤£¬¿ÉÄÜÔÊÐí¹¥»÷Õßͨ¹ýαÔìµÄÖ¤ÊéÖ´ÐÐÆÛƹ¥»÷¡£
2) imagecolortransparentº¯ÊýûÓÐÕýÈ·µÄ¶ÔÑÕÉ«Ë÷ÒýÖ´ÐйýÂ˼ì²é¡£
3) µ±ÔËÐÐÔÚijЩWindows²Ù×÷ϵͳÉÏʱ£¬TSRM/tsrm_win32.cÎļþÖеÄpopen APIº¯ÊýÔÊÐí¹¥»÷Õßͨ¹ýµÚ¶þ¸ö²ÎÊýÖеÄÌØÖÆe»òer×Ö·û´®µ¼Ö¾ܾø·þÎñ¡£
<*À´Ô´£ºRyan Sleevi
Á´½Ó£ºhttp://secunia.com/advisories/36791
http://bugs.php.net/bug.php?id=44683
*>
²âÊÔ·½·¨£º
¾¯ ¸æ
ÒÔϳÌÐò(·½·¨)¿ÉÄÜ´øÓй¥»÷ÐÔ£¬½ö¹©°²È«Ñо¿Óë½Ìѧ֮Óá£Ê¹ÓÃÕß·çÏÕ×Ô¸º£¡
<?php
$t1 = popen("echo hello", "e");
pclose($t1);
$t2 = popen("echo hello", "re");
pclose($t2);
$t3 = popen("echo hello", "er");
pclose($t3);
?>
Ïà¹ØÎĵµ£º
££££££££££££££
°²×°pear
££££££££££££££
pearÊÇPHPµÄÀ©Õ¹ºÍÓ¦ÓóÌÐò¿â£¬°üº¬Á˺ܶàÓÐÓõÄÀ࣬°²×°ºÃphp5.0ºó£¬pearʵ¼ÊÉϲ¢Ã»Óб»°²×°£¬°²×°µÄ·½·¨ÈçÏ£º
1.ÔÚphpĿ¼ÖÐË«»÷go-pear.bat¡£
2.°´ÕÕÌáʾÊäÈëһЩÉèÖÃÐÅÏ¢£¬ ......
Ò»¡¢ ±äÁ¿ÃüÃû
a) ËùÓÐ×Öĸ¶¼Ê¹ÓÃСд
b) Ê××Öĸ¸ù¾Ý±äÁ¿ÖµÀàÐÍÖ¸¶¨
i. ÕûÊýi
ii. ¸¡µãÊýf
iii. ×Ö·û´®s
iv. ²¼¶ûÖµb
v. Êý×éa
vi. ¶ÔÏóo
vii. ×ÊÔ´r
viii. »ìºÏÀàÐÍm
c) ʹÓÃ’_’×÷Ϊÿһ¸ö´ÊµÄ·Ö½ç
ÀýÈ磺
$i_age_max = 10;
$f_price = 22.5;
$s_name =‘harry’;
$b_flag = true;
......
¡¡¡¡/***************************
¡¡¡¡* author : ´óÁäÇàÄê
¡¡¡¡* email : wenadmin@sina.com
¡¡¡¡* from: http://blog.csdn.net/hahawen
¡¡¡¡* תÔØÇë±£ÁôÕⲿ·ÖÐÅÏ¢£¬Ð»Ð»
¡¡¡¡***************************/
phpÒ³Ãæ·ÃÎÊʱ£¬Í³Ò»½øÐÐȨÏÞÑéÖ¤µÄÉè¼Æ
ÍíÉÏÓÐÈËÎÊÎÒ¹ØÓÚÍøÕ¾Ò³ÃæÏÔʾµÄʱºò£¬È¨ÏÞÅжϵÄÎÊÌâ¡£ÓÚÊǾÍÓ ......
ÓÉÓÚÄêÇ°°Ñ¹¤×÷È·ÈÏÏÂÀ´ÁË£¬ÓÚÊÇ×¼±¸ÀûÓÃ׫д±ÏÒµÂÛÎĵÄÆÚ¼äѧϰһÏÂPHPµÄ¿ª·¢£¬ÈκÎÒ»ÃÅÓïÑÔµÄѧϰ¹ý³Ì£¬µÚÒ»²½¶¼ÊÇ¿ª·¢»·¾³µÄ³É¹¦ÅäÖã¬ÓÚÊÇÎÒ»¨ÁËÒ»ÉÏÎçʱ¼ä°Ñ»·¾³´î½¨³É¹¦¡£
PHP¿ª·¢»·¾³ÅäÖùý³ÌÏê½â
±¾´ÎÅäÖÃÖ÷ÒªÕë¶ÔÓÚWindows XPϵÄÅäÖð²×°£¬ÖÁÓÚLinuxϵÄÅäÖð²×°½«ÔÚÒÔºó¸øÓè²¹³ä¡£
Ò»¡¢ËùÐèÈí¼þ
Windows XP ......
