Stefan Esser has posted a warning about upgrading PHP to the 5.2.7 release :
(…)a change in the ext/filter extension that by default processes all incoming data, broke the magic_quotes_gpc feature. While magic_quotes_gpc itself is deprecated and it is recommended to not rely on it as protection against SQL injection, it is still used in many legacy applications that become very insecure once it is turned off. And exactly that happens with the upgrade to PHP 5.2.7. The fix for this was already commited to the PHP CVS and PHP 5.2.8 will be released next week.
I just fixed this issue in the Dotdeb packages, just upgrade your servers.
12 replies on “PHP 5.2.7 updated because magic_quotes_gpc is broken”
[…] posted here: PHP 5.2.7 updated because magic_quotes_gpc is broken Related ArticlesBookmarksTags PHP PHP is a computer scripting language. Originally […]
Thanx for everyone of this site.
My apache2 server was everytime crashing, with error in log file: [notice] child pid ???? exit signal Segmentation fault (11), i have find by [gdb] that is was libgd.so.2 module from PHP.
I have upgrade PHP 220.127.116.11 to 5.2.7 in Debian server from your Site, and all works Fine!
Again – thank you very much!
Thanks a lot for providing the corrected packages, because the error broke our MediaWiki-Installation of rezeptewiki.org for a few hours. Site was online and pages could be viewed, but no changes could be made, because the MediaWiki-Script wasn’t able to check some hidden input fields…
Now everything is running as exspected. Thanks!
@FILLVAIO2 : Great 🙂
@Sebastian Harnau : This was a serious problem and I thought it was important to fix it immediatly, without the upcoming 5.2.8 release.
Is there any reason why anyone would turn the stupid thing on to begin with?
Whats this ?
I cant “apt-get upgrade” anymore he does not find any package to update …
@Christopher. Don’t fetch PHP 5.2.8 yet. Please upgrade to the 5.2.7-0.dotdeb.1 packages, they’re secure.
[…] von Dotdeb.org ist schnell, denn er stellt eine fehlerbereinigte PHP 5.2.7 Version für Debian bereit. Diese PHP-Packete können einfach via Aptitude oder Apt-Get installiert […]
I´ve read at golem.de that this PHP Version isn’t secure. What should I do now? Should I try a downgrade or is this version secure?
@Christopher B. : the 5.2.7-0.dotdeb.1 packages are secure, they are 5.2.8 without the right version number. You can upgrade without any known security problem.
@Guillaume Plessis : Thanks for the fast reply. Ok I will use the actually php5dotdeb Version.
It’s crazy… this “feature” is so deprecated, programmers should learn to escape their inputs and use prepared statements instead of relying on such a hack.