Thanks to a patch from Scott MacVicar that I've just applied to CVS, PHP 5.2 will have support for httpOnly cookie flag. This neat little feature allows you to mark a newly created cookie as HTTP only, another words inaccessible to browser based scripting languages such as JavaScript. This means it would become far more difficult, if not impossible to steal a user's cookie based session by injecting JavaScript into a page and then using to read cookies. This flag can be toggled by passing TRUE as the 7th parameter to the setcookie() and the setrawcookie() functions respectively. Ex: [php] setcookie("abc", "test", NULL, NULL, NULL, NULL, TRUE); setrawcookie("abc", "test", NULL, NULL, NULL, NULL, TRUE); [/php] The support of the httpOnly flag extends to the session extension as well, where it can be enabled by setting the session.cookie_httponly INI setting to 1. Or passing TRUE as the 5th parameter to the session_set_cookie_params() function. [php] ini_set("session.cookie_httponly", 1); // or session_set_c...

A new Apache 1.3.37 is out and I had to upgrade all my servers to it, in the process I've had to compile mod_deflate, a high performance compression module that works MUCH faster then mod_gzip. This is primarily thanks to the fact it does not use temporary files, but instead does everything in memory. Since the official mod_deflate package has been abandoned by its author, even though the code still works with a few minor tweaks. So, I've decided to post a patched version of this module for all interested Apache 1.3.37 users. You can download it here: http://ilia.ws/uploads/patches/mod_deflate-1.0.21i.tar.bz2 MD5: 4bd8b6773d9cb843494faceae3c9c945 The package also includes a short README files that explains how to install this module on your server. For people too lazy to read the README, the instructions follow at the bottom of this blog entry ;-). Installing mod_deflate 1) Apply mod_defalte.patch on top of Apache 1.3.37 2) copy mod_defalte.c into the src/modules/extra directory 3) Add --activat...

The first release candidate of PHP 5.2.0 has just been released. The source packages can be found here: http://downloads.php.net/ilia/php-5.2.0RC1.tar.bz2 (fa36d378f7f1fd547b881b6323ae2c60) http://downloads.php.net/ilia/php-5.2.0RC1.tar.gz (e217195c90e123acce0c2f71ac07f88d) Given that it took a few months to reach this point and addition of new features was allowed the changelog already looks extremely impressive. Some of the key changes include things like 3 new extensions (filter, json and zip), the date extension had the rest of its functionality enabled, much work was done in terms of getting PHP 5.2 to run faster and more efficiently (in terms on memory usage). There have also been nearly 80 bug fixes made to existing functionality, which hopefully translates to a more stable release. As the RM for this release, I'd like to ask everyone to download and try this PHP version on your software, see if the code still runs properly and hopefully faster then it did before. If you come across any proble...

A quick note to anyone building PHP with cURL or http extension support as well as one of the MySQL extensions (mysql, mysqli and pdo_mysql). The MySQL binaries found on mysql.com are built against yaSSL as opposed to the more common openssl against which libcurl (usede by cURL and HTTP extensions) is linked. The conflict between the two libraries causes curl initialization of the SSL layer to fail preventing startup of the PHP extensions. To fix this problem you can either use older mysqlclient binaries (5.0.18 works) or compile MySQL yourself against openssl, either of these two will allow a working build of PHP with MySQL and curl support.

After what seems like forever a new stable version of FUDforum is finally out. The upgrade and the installation scripts can be found here: http://fudforum.org/download.php This release incorporates a number of significant changes, including the introduction of Ajax for tree views and category collapsing. Improved Help (FAQ renamed) that offers better explanation on the various features FUDforum offers to the forum users. A number of performance improvements across the board and many other improvements and features. This release also includes a security fix relating to the mime handling for image uploads, the fix is retroactive, so it'll address any bogus images uploaded before the upgrade.