{"id":2108,"date":"2006-11-04T03:20:00","date_gmt":"2006-11-04T01:20:00","guid":{"rendered":"https:\/\/www.fullo.net\/blog\/archives\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/"},"modified":"2006-11-04T03:20:00","modified_gmt":"2006-11-04T01:20:00","slug":"aggiornate-php-e-fatelo-in-fretta","status":"publish","type":"post","link":"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/","title":{"rendered":"Aggiornate PHP, e fatelo in fretta…"},"content":{"rendered":"

E’ stata rilevato un bug abbastanza grave che permette di usare htmlentities()<\/a> e htmlspecialchars()<\/a> per eseguire codice remoto su un server (maggiori info su hardened-php<\/a>). Siccome quelle due funzioni sono alla base di tutti i metodi di parsing e protezione contro XSS sono normalmente usate ovunque<\/strong>. <\/p>\n

Su PHP.net<\/a> trovate le nuove release 5.2.0 e 4.4.4 che risolvono la vulnerabilit\u00e0.<\/p>\n

ciauz<\/p>\n","protected":false},"excerpt":{"rendered":"

E’ stata rilevato un bug abbastanza grave che permette di usare htmlentities() e htmlspecialchars() per eseguire codice remoto su un server (maggiori info su hardened-php). Siccome quelle due funzioni sono alla base di tutti i metodi di parsing e protezione contro XSS sono normalmente usate ovunque. Su PHP.net trovate le nuove release 5.2.0 e 4.4.4 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[9],"tags":[2248,217,586],"class_list":["post-2108","post","type-post","status-publish","format-standard","hentry","category-php","tag-php","tag-security","tag-update"],"yoast_head":"\nAggiornate PHP, e fatelo in fretta... - Fullo<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Aggiornate PHP, e fatelo in fretta... - Fullo\" \/>\n<meta property=\"og:description\" content=\"E’ stata rilevato un bug abbastanza grave che permette di usare htmlentities() e htmlspecialchars() per eseguire codice remoto su un server (maggiori info su hardened-php). Siccome quelle due funzioni sono alla base di tutti i metodi di parsing e protezione contro XSS sono normalmente usate ovunque. Su PHP.net trovate le nuove release 5.2.0 e 4.4.4 […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/\" \/>\n<meta property=\"og:site_name\" content=\"Fullo\" \/>\n<meta property=\"article:published_time\" content=\"2006-11-04T01:20:00+00:00\" \/>\n<meta name=\"author\" content=\"Francesco Fullone\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@fullo\" \/>\n<meta name=\"twitter:site\" content=\"@fullo\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Francesco Fullone\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/11\\\/04\\\/aggiornate-php-e-fatelo-in-fretta\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/11\\\/04\\\/aggiornate-php-e-fatelo-in-fretta\\\/\"},\"author\":{\"name\":\"Francesco Fullone\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"headline\":\"Aggiornate PHP, e fatelo in fretta…\",\"datePublished\":\"2006-11-04T01:20:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/11\\\/04\\\/aggiornate-php-e-fatelo-in-fretta\\\/\"},\"wordCount\":65,\"commentCount\":6,\"publisher\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"keywords\":[\"php\",\"security\",\"update\"],\"articleSection\":[\"php\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/11\\\/04\\\/aggiornate-php-e-fatelo-in-fretta\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/11\\\/04\\\/aggiornate-php-e-fatelo-in-fretta\\\/\",\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/11\\\/04\\\/aggiornate-php-e-fatelo-in-fretta\\\/\",\"name\":\"Aggiornate PHP, e fatelo in fretta... - Fullo\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#website\"},\"datePublished\":\"2006-11-04T01:20:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/11\\\/04\\\/aggiornate-php-e-fatelo-in-fretta\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/11\\\/04\\\/aggiornate-php-e-fatelo-in-fretta\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/11\\\/04\\\/aggiornate-php-e-fatelo-in-fretta\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Aggiornate PHP, e fatelo in fretta…\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/\",\"name\":\"Fullo\",\"description\":\"nulla e' impossibile per chi non lo deve fare!\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\",\"name\":\"Francesco Fullone\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"width\":622,\"height\":622,\"caption\":\"Francesco Fullone\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\"},\"sameAs\":[\"http:\\\/\\\/www.fullo.net\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/fullo\",\"https:\\\/\\\/x.com\\\/fullo\"],\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/author\\\/fullo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Aggiornate PHP, e fatelo in fretta... - Fullo","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/","og_locale":"en_US","og_type":"article","og_title":"Aggiornate PHP, e fatelo in fretta... - Fullo","og_description":"E’ stata rilevato un bug abbastanza grave che permette di usare htmlentities() e htmlspecialchars() per eseguire codice remoto su un server (maggiori info su hardened-php). Siccome quelle due funzioni sono alla base di tutti i metodi di parsing e protezione contro XSS sono normalmente usate ovunque. Su PHP.net trovate le nuove release 5.2.0 e 4.4.4 […]","og_url":"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/","og_site_name":"Fullo","article_published_time":"2006-11-04T01:20:00+00:00","author":"Francesco Fullone","twitter_card":"summary_large_image","twitter_creator":"@fullo","twitter_site":"@fullo","twitter_misc":{"Written by":"Francesco Fullone"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/#article","isPartOf":{"@id":"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/"},"author":{"name":"Francesco Fullone","@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"headline":"Aggiornate PHP, e fatelo in fretta…","datePublished":"2006-11-04T01:20:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/"},"wordCount":65,"commentCount":6,"publisher":{"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"keywords":["php","security","update"],"articleSection":["php"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/","url":"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/","name":"Aggiornate PHP, e fatelo in fretta... - Fullo","isPartOf":{"@id":"https:\/\/www.fullo.net\/blog\/#website"},"datePublished":"2006-11-04T01:20:00+00:00","breadcrumb":{"@id":"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fullo.net\/blog\/"},{"@type":"ListItem","position":2,"name":"Aggiornate PHP, e fatelo in fretta…"}]},{"@type":"WebSite","@id":"https:\/\/www.fullo.net\/blog\/#website","url":"https:\/\/www.fullo.net\/blog\/","name":"Fullo","description":"nulla e' impossibile per chi non lo deve fare!","publisher":{"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fullo.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c","name":"Francesco Fullone","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","url":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","width":622,"height":622,"caption":"Francesco Fullone"},"logo":{"@id":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1"},"sameAs":["http:\/\/www.fullo.net","https:\/\/www.linkedin.com\/in\/fullo","https:\/\/x.com\/fullo"],"url":"https:\/\/www.fullo.net\/blog\/author\/fullo\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3OSc1-y0","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":1564,"url":"https:\/\/www.fullo.net\/blog\/2005\/07\/31\/qualche-articolo-sul-php\/","url_meta":{"origin":2108,"position":0},"title":"Qualche articolo sul php…","author":"Francesco Fullone","date":"31\/07\/2005","format":false,"excerpt":"Su ONLamp \u00e8 stata pubblicata una guida intitolata The Practicality of OO PHP che descrive alcune best practices per la programmazione OO su php. L'articolo di ONLamp \u00e8 dedicato per lo pi\u00f9 a chi si avvicina per la prima volta a questo metodo di programmazione e quindi non approfondisce molto\u2026","rel":"","context":"In "php"","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1698,"url":"https:\/\/www.fullo.net\/blog\/2005\/10\/17\/zend-studio-6-sara-basato-su-eclipse\/","url_meta":{"origin":2108,"position":1},"title":"Zend Studio 6 sar\u00e0 basato su Eclipse?","author":"Francesco Fullone","date":"17\/10\/2005","format":false,"excerpt":"Pare che Zend voglia entrare nell'Eclipse Foundation per supportare lo sviluppo dell'IDE come piattaforma standard, e di riferimento, per il development in PHP. La cosa non si ferma qui perch\u00e8 i piani finali di Zend, e di IBM, sono quelli di creare una sorta di piattaforma di sviluppo per applicazioni\u2026","rel":"","context":"In "php"","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":425,"url":"https:\/\/www.fullo.net\/blog\/2003\/08\/29\/phplinks-php-news\/","url_meta":{"origin":2108,"position":2},"title":"php::Links(‘ php news ‘);","author":"Francesco Fullone","date":"29\/08\/2003","format":false,"excerpt":"su phpxmlclasses ci sono classi php per la gestione dei formati xml-based pi\u00f9 famosi! maguma ha rilasciato la nuova versione di maguma studio poche le novit\u00e0 anche se \u00e8 stato annunciato che dalla prossima release il pacchetto sar\u00e0 multipiattaforma (win, linux, OS X). il blog di David Sklar, uno dei\u2026","rel":"","context":"In "tecnologia"","block_context":{"text":"tecnologia","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2159,"url":"https:\/\/www.fullo.net\/blog\/2006\/12\/24\/il-grusp-regala-fonere-e-sconti-su-phparchitect\/","url_meta":{"origin":2108,"position":3},"title":"Il GrUSP regala Fonere e sconti su PHP|Architect!","author":"Francesco Fullone","date":"24\/12\/2006","format":false,"excerpt":"Grazie a Stefano ed a Marco ho attivato per il GrUSP un paio di regalini natalizi. Una Fonera gratuita ed uno sconto casuale tra i 5 ed i 50 dollari sullo shop di php|architect. Il tutto spendibile entro il 31\/12 e per i soli soci dell'associazione. Se quindi non siete\u2026","rel":"","context":"In "php"","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1574,"url":"https:\/\/www.fullo.net\/blog\/2005\/08\/04\/php-designer-2005\/","url_meta":{"origin":2108,"position":4},"title":"PHP Designer 2005","author":"Francesco Fullone","date":"04\/08\/2005","format":false,"excerpt":"Era da un po' di tempo che non trattavo ide per il php, forse perch\u00e8 mi sto fossilizzando sullo Zend o forse perch\u00e8 EditPlus e Vi quando devo far poco sono sempre i migliori ;) Comunque sia su PHPDeveloper oggi parlavano di PHP Designer un piccolo ide che occupa solo\u2026","rel":"","context":"In "php"","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2206,"url":"https:\/\/www.fullo.net\/blog\/2007\/02\/05\/php-e-paradox\/","url_meta":{"origin":2108,"position":5},"title":"PHP e Paradox","author":"Francesco Fullone","date":"05\/02\/2007","format":false,"excerpt":"I lavori pi\u00f9 strambi sono anche i pi\u00f9 divertenti, oggi ho recuperato un DB paradox di una decina di anni fa usando PHP, la PECL di Paradox ed una libreria ad hoc per linux. A seguire il piccolo tutorial per accedere ad un db Paradox. Piccola premessa, tutti i test\u2026","rel":"","context":"In "php"","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts\/2108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/comments?post=2108"}],"version-history":[{"count":0,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts\/2108\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/media?parent=2108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/categories?post=2108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/tags?post=2108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}