To the people running dated php version because of an obscure WordPress plugin that helps them do everything for their business from their site.
You knew this day was coming.
Yeah, I've fired clients who wouldn't stop doing that stuff. I just don't need to deal with that sort of crap. Sadly, not everyone's able to do opt out in such a manner.To the people running dated php version because of an obscure WordPress plugin that helps them do everything for their business from their site.
You knew this day was coming.
While implementing PHP, the team did not notice the Best-Fit feature of encoding conversion within the Windows operating system
It turns out that, as part of unicode processing, PHP will apply what’s known as a ‘best fit’ mapping
On Windows no less!They never had a chance if they were running an obscure WordPress plugin to begin with.
Yea my heart skipped a beat reading the headline right before 5pm on Friday; then I relaxed because what professional actually runs PHP server on a windows box? I might just do the rewrite rule anyway since it won't impact our systems & will cut down on the script kiddies hitting the servers this weekend.PHP vuln..oh shit...OOOOhhhh.. only on Windows? Nevermind. and it needs CGI mode. Who runs PHP like that?
It's a dumb comment, and outdated (modern PHP is not that bad, Python has developed some pretty bad warts too), but I'll upvote for trying oh so hard to make a recursive acronym joke.Frankly PHP and its community stopped deserving derision some years ago and really just deserve sympathy.
Maybe we should open a special mental health fund for php developers.
PPDRF - PPDRF PHP Developer Relief Fund
The whole PHP is dead thing, is a conspiracy by seasoned developers to keep the new kids out of the hiring pool. Modern PHP is pretty good, but developer pay for updating old PHP to modern is even better! (That's why we try to keep it a secret!) /sFrankly PHP and its community stopped deserving derision some years ago and really just deserve sympathy.
Maybe we should open a special mental health fund for php developers.
PPDRF - PPDRF PHP Developer Relief Fund
Not JUST PHP on Windows, but PHP and Apache on Windows! Is phpfm even ON windows?Yea my heart skipped a beat reading the headline right before 5pm on Friday; then I relaxed because what professional actually runs PHP server on a windows box? I might just do the rewrite rule anyway since it won't impact our systems & will cut down on the script kiddies hitting the servers this weekend.
It's still there just under layers of abstraction. It just works... Until it doesn't and then no one knows what to look for.Wow, haven't heard of CGI in a seriously long time. I didn't think anyone still used it. In case anyone wondering, CGI in this context means Common Gateway Interface.
Yeah that one was pretty badbut I'll upvote for trying oh so hard to make a recursive acronym joke
Cautiously raises hand...PHP vuln..oh shit...OOOOhhhh.. only on Windows? Nevermind. and it needs CGI mode. Who runs PHP like that?
i.e. LAMP stacks are unaffected. It is also appears to be Apache-specific.This vulnerability affects all versions of PHP installed on the Windows operating system.
This comes up in every discussion about PHP. And it’s true, but a language needs more compelling reasons to use it besides “is not crap anymore” when there are other options to choose from with some real strengths.modern PHP is not that bad
One strength: You can build an app or API without bringing in a heavy framework or100 layers of nested packages including left-pad. The built-in PHP and standard includes support SQL databases, network calls, string manipulation, file operations, etc.This comes up in every discussion about PHP. And it’s true, but a language needs more compelling reasons to use it besides “is not crap anymore” when there are other options to choose from with some real strengths.
Obscure? WordPress itself isn't yet fully compatible with any actively-supported versions of PHP.To the people running dated php version because of an obscure WordPress plugin that helps them do everything for their business from their site.
You knew this day was coming.
Wordpress 6.5 (released in April) seems to be compatible with no exceptions.Obscure? WordPress itself isn't yet fully compatible with any actively-supported versions of PHP.
Wait what? I haven’t done anything with PHP in years, but this can’t be true, is it?Obscure? WordPress itself isn't yet fully compatible with any actively-supported versions of PHP.
Nothing wrong with CGI. I use it for my website, which is all bash, perl and CGI. It can scale to dozens of users a week.Wow, haven't heard of CGI in a seriously long time. I didn't think anyone still used it. In case anyone wondering, CGI in this context means Common Gateway Interface.
It can happen. WordPress is one of the oldest PHP code bases which is still maintained, and a pretty large one. It has doubtless used a lot of (mis)features over the years which have been deprecated and/or removed. Combine that with PHP versions being supported no more than two years, and you can eventually fall behind if you don't plan carefully.Wait what? I haven’t done anything with PHP in years, but this can’t be true, is it?
PHP has benefitted for years (decades by now, really) from its deployment story being "index.php already works". It was really easy for it to win when the competing deployment stories were things like "first, make sure Perl and CPAN are up to date; you'll also need gcc for compiling mod_perl" and "the Tomcat servlet model is a land of contrasts".One strength: You can build an app or API without bringing in a heavy framework or100 layers of nested packages including left-pad. The built-in PHP and standard includes support SQL databases, network calls, string manipulation, file operations, etc.
I've been running PHP 8.2.x on Centos 7, with a recent version of nginx without any trouble at all. Migrating to a more recent OS now. Containers are nice though.I went from running PHP 5.x on centos 7, to spending hours and days to getting it up to ... 7.1 with a real struggle. On an old apache version.
To running in containers and now rocking the most recent 8.3.7 on nginx like its nothing.
Containers are the way to go. Can't say enough about it. Changed my life.
"new" isn't new anymore in the computer business, it's become a fracking sort of business imo, environmentally damaging and draining all remaining money out of the social main body. Attempting to shove "new" down the paying customer's throat with force. "Late stage capitalism". /rantThe whole PHP is dead thing, is a conspiracy by seasoned developers to keep the new kids out of the hiring pool. Modern PHP is pretty good, but developer pay for updating old PHP to modern is even better! (That's why we try to keep it a secret!) /s
Yeah, no kidding, I just sent a ping to the work slack about it, then realised oh, it's probably not a huge deal for us after all, because who hosts PHP on a public-facing server running Windows?PHP vuln..oh shit...OOOOhhhh.. only on Windows? Nevermind. and it needs CGI mode. Who runs PHP like that?
Obscure? WordPress itself isn't yet fully compatible with any actively-supported versions of PHP.
Wordpress 6.5 (released in April) seems to be compatible with no exceptions.
That's annoying. I consulted the 'Server Environment' documentation which made no mention of exceptions for 6.5, while mentioning exceptions for all earlier versions. The release announcement makes no mention, either. Presumably the table is correct, but there's clearly some room for doubt.Actively supported PHP versions are 8.2 and 8.3. WordPress lists version 6.5 as having "beta support" for 8.2 and 8.3.