Greatest Hits

Coyote Tracks

If you are drinking to forget, please pay in advance
A collection of thoughts and shiny objects, mostly (but not always) related to computers and technology. And cocktails. Brought to you by Watts Martin (@chipotlecoyote).

Elsewhere

Coyote Prints (writing blog)

Why Coyotes Howl, a short story collection: EPUB · Kindle/Print

Indigo Rain, an anthropomorphic fantasy/suspense novella: Print

  • May 3, 2012 1:39 pm

    Some weeks you can't win

    PHP.net, reporting on a newly-discovered security problem in everyone’s favorite web language:

    There is a vulnerability in certain CGI-based setups that has gone unnoticed for at least 8 years. […] A request containing “?-s” [in the URL query string] may dump the PHP source code for the page.

    This only happens if the query doesn’t have a “=” in the query string and only happens on PHP installations that are run using the CGI interface, which is (probably) very few at this point. It’s not made clear, though, whether this affects PHP installations using the newer FCGI interface that’s used by many non-Apache web servers.

    Making a bad week worse, we had a bug in our bug system that toggled the private flag of a bug report to public on a comment to the bug report causing this issue to go public before we had time to test solutions to the level we would like.

    Well, you shouldn’t have written your bug tracking system in… oh, never mind.

    1. chipotle posted this