PHP 5.2.7 updated because magic_quotes_gpc is broken

Stefan Esser has posted a warning about upgrading PHP to the 5.2.7 release :

(…)a change in the ext/filter extension that by default processes all incoming data, broke the magic_quotes_gpc feature. While magic_quotes_gpc itself is deprecated and it is recommended to not rely on it as protection against SQL injection, it is still used in many legacy applications that become very insecure once it is turned off. And exactly that happens with the upgrade to PHP 5.2.7. The fix for this was already commited to the PHP CVS and PHP 5.2.8 will be released next week.

I just fixed this issue in the Dotdeb packages, just upgrade your servers.

12 replies on “PHP 5.2.7 updated because magic_quotes_gpc is broken”

Thanx for everyone of this site.

My apache2 server was everytime crashing, with error in log file: [notice] child pid ???? exit signal Segmentation fault (11), i have find by [gdb] that is was module from PHP.

I have upgrade PHP to 5.2.7 in Debian server from your Site, and all works Fine!

Again – thank you very much!

Problem fixed!

Thanks a lot for providing the corrected packages, because the error broke our MediaWiki-Installation of for a few hours. Site was online and pages could be viewed, but no changes could be made, because the MediaWiki-Script wasn’t able to check some hidden input fields…

Now everything is running as exspected. Thanks!

[…] von ist schnell, denn er stellt eine fehlerbereinigte PHP 5.2.7 Version für Debian bereit. Diese PHP-Packete können einfach via Aptitude oder Apt-Get installiert […]

I´ve read at that this PHP Version isn’t secure. What should I do now? Should I try a downgrade or is this version secure?

@Guillaume Plessis : Thanks for the fast reply. Ok I will use the actually php5dotdeb Version.

It’s crazy… this “feature” is so deprecated, programmers should learn to escape their inputs and use prepared statements instead of relying on such a hack.

Comments are closed.