Why does this PHP timezone conversion shift dates?
Why does this PHP timezone conversion shift dates in reports. The PHP code parses a UTC timestamp as local time and then converts it, effectively double shifting. In PHP analytics this moves events by hours.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phptimez...
What's wrong with this PHP JSON parse?
What's wrong with this PHP JSON parse in an API handler. The PHP code treats empty arrays and valid zeros as errors because it checks for falsey values instead of json_last_error. In PHP services this rejects legitimate requests.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering...
Why does this PHP gzip handler crash servers?
Why does this PHP gzip handler crash servers on small inputs. The PHP code inflates compressed data without size limits, so a tiny payload can explode memory. In PHP webhooks this becomes a denial of service.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phpgzipbomb ...
Learn to create interactive web forms using PHP including dynamic data handling secure transmissions and client server communication basics.
https://colisty.netlify.app/courses/php_introduction_iii_interactive_web_forms_on_demand/
#php #interactivewebforms #webdevelopment #requestandresponse #phpsecurity #dynamicforms #clientservermodel #formdatahandling #zendtraining
Discover why Composer should never be in your public directory! Learn about this crucial security practice for PHP projects. #PHPSecurity #WebDevelopment #ComposerTips
https://stevenroland.com/posts/why-composer-should-never-be-in-your-public-directory
Enhance your PHP application security with single-use tokens! Learn how to implement this powerful technique using PHP sessions. #PHPSecurity #WebDevelopment #CyberSecurity
https://stevenroland.com/posts/implementing-single-use-tokens-with-php-sessions
Enhance your PHP web forms' security with per-form CSRF tokens! Learn how to implement this robust protection against cross-site request forgery attacks. #PHPSecurity #WebDevelopment #CyberSecurity
https://stevenroland.com/posts/implementing-per-form-csrf-tokens-in-php
Enhance your PHP web app security with a simple CSRF token implementation. Learn how to protect your forms from cross-site request forgery attacks. #PHPSecurity #WebDevelopment #CyberSecurity
https://stevenroland.com/posts/simple-php-csrf-token
Less shameless reminder, if you are a serious laravel dev, or even just a php dev, go subscribe to Securing Laravel. Stephen will show you are not quite as knowledgeable about securing your apps as you think you are. Worth every penny. https://phpc.social/@valorin/112982675538019085
A new critical security flaw (CVE-2024-4577) affecting all versions of PHP on Windows has been disclosed. This CGI argument injection vulnerability allows remote code execution by bypassing protections from a previous flaw (CVE-2012-1823).
Key Points:
- Impacts all PHP versions on Windows
- Allows argument injection and remote code execution
- Bypasses previous CVE-2012-1823 protections
- Affects XAMPP installations with specific locales by default
- Patches available in PHP 8.3.8, 8.2.20, and 8.1.29
Admins are urged to update #PHP immediately as exploitation attempts have already been detected. Switching to more secure solutions like Mod-PHP, FastCGI, or PHP-FPM is also recommended.
This simple yet critical bug highlights the importance of thorough security reviews and timely patching.
#PHPSecurity #CVE20244577 #RemoteCodeExecution #CyberSecurity #SoftwareVulnerability #WindowsOS #WebAppSecurity
HackerNews: https://thehackernews.com/2024/06/new-php-vulnerability-exposes-windows.html
Wenn #Website #Sicherheit nicht in der eigenen Hand liegt, sondern in der des Providers - Stichwort #PHP https://www.heise.de/news/Sicherheitsupdates-Schwachstellen-in-PHP-gefaehrden-Websites-9684558.html #phpsecurity
RT @phithon_xg@twitter.com
Tricks to download source code for PHP built-in server on Windows.
full version is affected: /index.php::$DATA
prior to 7.4.9, 7.3.21: /index.pHP
prior to 5.6.1, 5.5.5, 5.4.33: /index.php.
🐦🔗: https://twitter.com/phithon_xg/status/1423672307520737286
#ActuLibre Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig -> http://feedproxy.google.com/~r/TheHackersNews/~3/yetT-_2zI7U/rConfig-network-vulnerability.html #NetworkDeviceManagement #Zero-DayVulnerability #remotecodeexecution #networksecurity #cybersecurity #phpsecurity #Networking #rConfig
#ActuLibre New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers -> http://feedproxy.google.com/~r/TheHackersNews/~3/FsBHt8lHiJo/nginx-php-fpm-hacking.html #hackingwebserver #hostingwebserver #PHPVulnerability #websitesecurity #Vulnerability #phpsecurity #PHP-FPM #NGINX #php7
