Month: November 2006

Security Enhancements and Fixes in PHP 5.2.0

php

  • Made PostgreSQL escaping functions in PostgreSQL and PDO extension keep track of character set encoding whenever possible.
  • Added allow_url_include, set to Off by default to disallow use of URLs for include and require.
  • Disable realpath cache when open_basedir and safe_mode are being used.
  • Improved safe_mode enforcement for error_log() function.
  • Fixed a possible buffer overflow in the underlying code responsible for htmlspecialchars() and htmlentities() functions.
  • Added missing safe_mode and open_basedir checks for the cURL extension.
  • Fixed overflow is str_repeat() & wordwrap() functions on 64bit machines.
  • Fixed handling of long paths inside the tempnam() function.
  • Fixed safe_mode/open_basedir checks for session.save_path, allowing them to account for extra parameters.
  • Fixed ini setting overload in the ini_restore() function.

How to disable 3rd party cookies in Firefox 2.0

ffoxFound an interesting blurb on the Mozillazine Forums:

You used to be able to set this via the standard user interface pre-2.0 but now you must go to the address bar and type:

about:config

You can then search for the following string:

network.cookie.cookieBehavior

change the value from 0 to 1 and restart Firefox.

This will prevent the transfer of cookie information from site-to-site. (i.e. msn.com reading your google.com cookies)

Scroll to top