Page 1 of 1

Buffer overflow in htmlentities()

Posted: Fri Nov 03, 2006 10:08 pm
by Ambush Commander
Fixed by PHP 5.2.0, but unfixed in the other versions. And you know how long it takes for webhosts to upgrade,

- http://www.hardened-php.net/advisory_132006.138.html
- http://secunia.com/advisories/22653/
- http://sla.ckers.org/forum/read.php?13,2396

Holy crap!

Posted: Fri Nov 03, 2006 11:38 pm
by nickvd
Oh this is just great...

Or... Will it (hopefully) cause (force) hosts to upgrade to 5.2?

Posted: Sat Nov 04, 2006 3:29 pm
by alex.barylski
They have to be aware of it first...then accept it's a critical flaw before most fix anything :P