| Versions Update Log und Dateien Projekt | 
| 08.09.2007 um 19:40 Uhr - Fr33z3m4n   Kommentare (6) | 
|  In den letzten Tagen trat vermehrt die Nachfrage nach einer Liste oder einem Archiv auf, welches die geänderten Dateien zwischen den einzelnen Versionen ausgibt. Es wurde auch darüber diskutiert, einen 2ten Mod Ordner zu erstellen, jedoch nach langer Überlegung, wäre ein 2ter Mod Ordner ein zu hohes Sicherheitsrisiko, unter anderem würde die Performance von CSP darunter leiden. Daraufhin haben wir uns für ein Archiv und eine Datei entschieden, welche die geänderten Dateien enthält und auflistet. Wir haben das Archiv rückwirkend für die Version 2007.4 erstellt: clansphere_update_2007.3.1-2007.4.zip welches unter Sourceforge zu finden ist. Wer nur die TXT benötigt: 2007.3.1 - 2007.4 Diese Datei wurde auch dem Archiv beigefügt. Wir hoffen, dass das Updaten damit für einige vereinfacht wird. | 
| PHP 5.2.4 released Serversoftware | 
| 01.09.2007 um 00:15 Uhr - Denni Kommentare (3) | 
| Am 30. August haben die Entwickler von PHP die nun aktuelle Version 5.2.4 released. Es wurde vor allem an der Stabilität gearbeitet, desweiteren wurden über 120 Bugs gefixt. Die Datenbank Oracle11g wird nun ebenfalls unterstützt, PCRE ist mit diesem Release in Version 7.2 enthalten. Das Entwicklerteam rät jedem User zu einem Update auf die neue Version. Changelog  Version 5.2.4 30-August-2007 * Security Fixes o Fixed "Floating point exception" inside wordwrap(). (Mattias Bengtsson, Ilia) o Fixed several integer overflows in ImageCreate(), ImageCreateTrueColor(), ImageCopyResampled() and ImageFilledPolygon() reported by Mattias Bengtsson. (Tony) o Fixed size calculation in chunk_split(). (Stas) o Fixed integer overflow in str[c]spn(). (Stas) o Fixed money_format() not to accept multiple %i or %n tokens. (Stas, Ilia) o Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Ilia) o Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Stas) o Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Stas, Maksymilian Arciemowicz) o Fixed possible invalid read in glob() win32 implementation (CVE-2007-3806). (Tony) o Improved fix for MOPB-03-2007. (Ilia) o Corrected fix for CVE-2007-2872. (Ilia) * Removed --enable-versioning configure option. (Jani) * Upgraded PCRE to version 7.2 (Nuno) * Updated timezone database to version 2007.6. (Derick) * Improved openssl_x509_parse() to return extensions in readable form. (Dmitry) * Enabled changing the size of statement cache for non-persistent OCI8 connections. (Chris Jones, Tony) * Changed display_errors php.ini option to accept stderr as value which makes the error messages to be outputted to STDERR instead of STDOUT with CGI and CLI SAPIs (#22839). (Jani) * Changed error handler to send HTTP 500 instead of blank page on PHP errors. (Dmitry, Andrei Nigmatulin) * Changed mail() function to be always available. (Johannes) * Added check for unknown options passed to configure. (Jani) * Added persistent connection status checker to pdo_pgsql. (Elvis Pranskevichus, Ilia) * Added support for ATTR_TIMEOUT inside pdo_pgsql driver. (Ilia) * Added php_ini_loaded_file() function which returns the path to the actual php.ini in use. (Jani) * Added GD version constants GD_MAJOR_VERSION, GD_MINOR_VERSION GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre) * Added missing open_basedir checks to CGI. (anight at eyelinkmedia dot com, Tony) * Added missing format validator to unpack() function. (Ilia) * Added missing error check inside bcpowmod(). (Ilia) * Added CURLOPT_PRIVATE & CURLINFO_PRIVATE constants. (Andrey A. Belashkov, Tony) * Added missing MSG_EOR and MSG_EOF constants to sockets extension. (Jani) * Added PCRE_VERSION constant. (Tony) * Added ReflectionExtension::info() function to print the phpinfo() block for an extension. (Johannes) * Implemented FR #41884 (ReflectionClass::getDefaultProperties() does not handle static attributes). (Tony) * Fixed possible crash in imagepsloadfont(), work around a bug in the pslib on Windows. (Pierre) * Fixed oci8 and PDO_OCI extensions to allow configuring with Oracle 11g client libraries. (Chris Jones) * Fixed EOF handling in case of reading from file opened in write only mode. (Dmitry) * Fixed var_export() to use the new H modifier so that it can generate parseable PHP code for floats, independent of the locale. (Derick) * Fixed regression introduced by the fix for the libgd bug #74. (Pierre) * Fixed SimpleXML's behavior when used with empty(). (Sara) * Fixed crash in OpenSSL extension because of non-string passphrase. (Dmitry) * Fixed PECL Bug #11345 (PDO_OCI crash after National language Support "NLS" environment initialization error). (Chris Jones) * Fixed PECL bug #11216 (crash in ZipArchive::addEmptyDir when a directory already exists). (Pierre) * Fixed bug #42368 (Incorrect error message displayed by pg_escape_string). (Ilia) * Fixed bug #42365 (glob() crashes and/or accepts way too many flags). (Jani) * Fixed bug #42364 (Crash when using getRealPath with DirectoryIterator). (Johannes) * Fixed bug #42292 ($PHP_CONFIG not set for phpized builds). (Jani) * Fixed bug #42261 (header wrong for date field). (roberto at spadim dot com dot br, Ilia) * Fixed bug #42259 (SimpleXMLIterator loses ancestry). (Rob) * Fixed bug #42247 (ldap_parse_result() not defined under win32). (Jani) * Fixed bug #42243 (copy() does not output an error when the first arg is a dir). (Ilia) * Fixed bug #42242 (sybase_connect() crashes). (Ilia) * Fixed bug #42237 (stream_copy_to_stream returns invalid values for mmaped streams). (andrew dot minerd at sellingsource dot com, Ilia) * Fixed bug #42233 (Problems with æøå in extract()). (Jani) * Fixed bug #42222 (possible buffer overflow in php_openssl_make_REQ). (Pierre) * Fixed bug #42211 (property_exists() fails to find protected properties from a parent class). (Dmitry) * Fixed bug #42208 (substr_replace() crashes when the same array is passed more than once). (crrodriguez at suse dot de, Ilia) * Fixed bug #42198 (SCRIPT_NAME and PHP_SELF truncated when inside a userdir and using PATH_INFO). (Dmitry) * Fixed bug #42195 (C++ compiler required always). (Jani) * Fixed bug #42183 (classmap causes crash in non-wsdl mode). (Dmitry) * Fixed bug #42173 (oci8 INTERVAL and TIMESTAMP type fixes). (Chris) * Fixed bug #42151 (__destruct functions not called after catching a SoapFault exception). (Dmitry) * Fixed bug #42142 (substr_replace() returns FALSE when length > string length). (Ilia) * Fixed bug #42135 (Second call of session_start() causes creation of SID). (Ilia) * Fixed bug #42134 (oci_error() returns false after oci_new_collection() fails). (Tony) * Fixed bug #42119 (array_push($arr,&$obj) doesn't work with zend.ze1_compatibility_mode On). (Dmitry) * Fixed bug #42117 (bzip2.compress loses data in internal buffer). (Philip, Ilia) * Fixed bug #42112 (deleting a node produces memory corruption). (Rob) * Fixed bug #42107 (sscanf broken when using %2$s format parameters). (Jani) * Fixed bug #42090 (json_decode causes segmentation fault). (Hannes) * Fixed bug #42082 (NodeList length zero should be empty). (Hannes) * Fixed bug #42072 (No warning message for clearstatcache() with arguments). (Ilia) * Fixed bug #42071 (ini scanner allows using NULL as option name). (Jani) * Fixed bug #42027 (is_file() / is_dir() matches file/dirnames with wildcard char or trailing slash in Windows). (Dmitry) * Fixed bug #42019 (configure option --with-adabas=DIR does not work). (Jani) * Fixed bug #42015 (ldap_rename(): server error "DSA is unwilling to perform"). (bob at mroczka dot com, Jani) * Fixed bug #42009 (is_a() and is_subclass_of() should NOT call autoload, in the same way as "instanceof" operator). (Dmitry) * Fixed bug #41989 (move_uploaded_file() & relative path in ZTS mode). (Tony) * Fixed bug #41984 (Hangs on large SoapClient requests). (Dmitry) * Fixed bug #41983 (Error Fetching http headers terminated by 'n'). (Dmitry) * Fixed bug #41973 (--with-ldap=shared fails with LDFLAGS="-Wl,--as-needed"). (Nuno) * Fixed bug #41971 (PDOStatement::fetch and PDOStatement::setFetchMode causes unexpected behavior). (Ilia) * Fixed bug #41964 (strtotime returns a timestamp for non-time string of pattern '(A|a) .+'). (Derick) * Fixed bug #41961 (Ensure search for hidden private methods does not stray from class hierarchy). (robin_fernandes at uk dot ibm dot com) * Fixed bug #41947 (SimpleXML incorrectly registers empty strings as namespaces). (Rob) * Fixed bug #41929 (Foreach on object does not iterate over all visible properties). (Dmitry) * Fixed bug #41919 (crash in string to array conversion). (judas dot iscariote at gmail dot com, Ilia) * Fixed bug #41909 (var_export() is locale sensitive when exporting float values). (Derick) * Fixed bug #41908 (CFLAGS="-Os" ./configure --enable-debug fails). (christian at hoffie dot info, Tony) * Fixed bug #41904 (proc_open(): empty env array should cause empty environment to be passed to process). (Jani) * Fixed bug #41867 (SimpleXML: getName is broken). (Rob) * Fixed bug #41865 (fputcsv(): 2nd parameter is not optional). (Jani) * Fixed bug #41861 (SimpleXML: getNamespaces() returns the namespaces of a node's siblings). (Rob) * Fixed bug #41845 (pgsql extension does not compile with PostgreSQL <7.4). (Ilia) * Fixed bug #41844 (Format returns incorrect number of digits for negative years -0001 to -0999). (Derick) * Fixed bug #41842 (Cannot create years < 0100 & negative years with date_create or new DateTime). (Derick) * Fixed bug #41833 (addChild() on a non-existent node, no node created, getName() segfaults). (Rob) * Fixed bug #41831 (pdo_sqlite prepared statements convert resources to strings). (Ilia) * Fixed bug #41815 (Concurrent read/write fails when EOF is reached). (Sascha) * Fixed bug #41813 (segmentation fault when using string offset as an object). (judas dot iscariote at gmail dot com, Tony) * Fixed bug #41795 (checkdnsrr does not support DNS_TXT type). (lucas at facebook dot com, Tony) * Fixed bug #41773 (php_strip_whitespace() sends headers with errors suppressed). (Tony) * Fixed bug #41770 (SSL: fatal protocol error due to buffer issues). (Ilia) * Fixed bug #41765 (Recode crashes/does not work on amd64). (nexus at smoula dot net, Stas) * Fixed bug #41724 (libxml_get_last_error() - errors service request scope). (thekid at php dot net, Ilia) * Fixed bug #41717 (imagepolygon does not respect thickness). (Pierre) * Fixed bug #41713 (Persistent memory consumption on win32 since 5.2). (Dmitry) * Fixed bug #41711 (NULL temporary lobs not supported in OCI8). (Chris Jones, Tony) * Fixed bug #41709 (strtotime() does not handle 00.00.0000). (Derick) * Fixed bug #41698 (float parameters truncated to integer in prepared statements). (Ilia) * Fixed bug #41692 (ArrayObject shows weird behavior in respect to inheritance). (Tony) * Fixed bug #41691 (ArrayObject::exchangeArray hangs Apache). (Tony) * Fixed bug #41686 (Omitting length param in array_slice not possible). (Ilia) * Fixed bug #41685 (array_push() fails to warn when next index is already occupied). (Ilia) * Fixed bug #41655 (open_basedir bypass via glob()). (Ilia) * Fixed bug #41640 (get_class_vars produces error on class constants). (Johannes) * Fixed bug #41635 (SoapServer and zlib.output_compression with FastCGI result in major slowdown). (Dmitry) * Fixed bug #41633 (Crash instantiating classes with self-referencing constants). (Dmitry) * Fixed bug #41630 (segfault when an invalid color index is present in the image data). (Reported by Elliot wccoder@gmail dot com) (Pierre) * Fixed bug #41628 (PHP settings leak between Virtual Hosts in Apache 1.3). (Scott, manuel at mausz dot at) * Fixed bug #41608 (segfault on a weird code with objects and switch()). (Tony) * Fixed bug #41600 (url rewriter tags doesn't work with namespaced tags). (Ilia) * Fixed bug #41596 (Fixed a crash inside pdo_pgsql on some non-well-formed SQL queries). (Ilia) * Fixed bug #41594 (OCI8 statement cache is flushed too frequently). (Tony) * Fixed bug #41582 (SimpleXML crashes when accessing newly created element). (Tony) * Fixed bug #41576 (configure failure when using --without-apxs or some other SAPIs disabling options). (Jani) * Fixed bug #41567 (json_encode() double conversion is inconsistent with PHP). (Lucas, Ilia) * Fixed bug #41566 (SOAP Server not properly generating href attributes). (Dmitry) * Fixed bug #41555 (configure failure: regression caused by fix for #41265). (Jani) * Fixed bug #41527 (WDDX deserialize numeric string array key). (Matt, Ilia) * Fixed bug #41523 (strtotime('0000-00-00 00:00:00') is parsed as 1999-11-30). (Derick) * Fixed bug #41518 (file_exists() warns of open_basedir restriction on non-existent file). (Tony) * Fixed bug #41445 (parse_ini_file() has a problem with certain types of integer as sections). (Tony) * Fixed bug #41433 (DBA: configure fails to include correct db.h for db4). (Jani) * Fixed bug #41372 (Internal pointer of source array resets during array copying). (Dmitry) * Fixed bug #41350 (my_thread_global_end() error during request shutdown on Windows). (Scott, Andrey) * Fixed bug #41278 (get_loaded_extensions() should list Zend extensions). (Johannes) * Fixed bug #41127 (Memory leak in ldap_{first|next}_attribute functions). (Jani) * Fixed bug #40757 (get_object_vars get nothing in child class). (Dmitry) * Fixed bug #40705 (Iterating within function moves original array pointer). (Dmitry) * Fixed bug #40509 (key() function changed behaviour if global array is used within function). (Dmitry) * Fixed bug #40419 (Trailing slash in CGI request does not work). (Dmitry) * Fixed bug #39330 (apache2handler does not call shutdown actions before apache child die). (isk at ecommerce dot com, Gopal, Tony) * Fixed bug #39291 (ldap_sasl_bind() misses the sasl_authc_id parameter). (diafour at gmail dot com, Jani) * Fixed bug #37715 (array pointers resetting on copy). (Dmitry) * Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir bypass). (Ilia) * Fixed bug #36492 (Userfilters can leak buckets). (Sara) * Fixed bugs #36796, #36918, #41371 (stream_set_blocking() does not work). (Jani) * Fixed bug #35981 (pdo-pgsql should not use pkg-config when not present). (Jani) * Fixed bug #31892 (PHP_SELF incorrect without cgi.fix_pathinfo, but turning on screws up PATH_INFO). (Dmitry) * Fixed bug #21197 (socket_read() outputs error with PHP_NORMAL_READ). (Nuno, Jani) | 
| MAD-LAN 5 - ClanSphere Community Meeting LAN-Partys | 
| 24.08.2007 um 20:20 Uhr - hajo   Kommentare (5) | 
|  Wünsche, Vorschläge und Weiteres von euch könnt ihr, sofern schon sicher das ihr auf der LAN auch erscheint und bezahlt habt, hier reinschreiben: Veranstaltungen -> MAD-LAN 5 ab 2. Nov. Norderstedt bei HH Ziel ist ein kleines Kontaktnetzwerk im Norden zu errichten um ggf. weitere Treffs zu organisieren, vll. dann sogar als eigene Veranstaltung für sich. | 
| Support-Ende für alte PHP-Versionen Entwicklung | 
| 22.08.2007 um 20:40 Uhr - hajo   Kommentare (7) | 
|  Ab dem 5. Februar 2008 werden wir nurnoch Versionen veröffentlichen die ab PHP 5.2.0 lauffähig sind, da uns dies ermöglicht einige alte PHP 4 kompatible Codestellen zu kürzen und vor allem diverse Probleme sich dadurch von selbst lösen werden die unseren Support schon seit langer Zeit teils unnötig belasten (z.B. zu alte PHP-Versionen die Fehler verursachen). Daher auch der Hinweis im aktuellen 2007.4 Release. Wir haben auf Dauer vor ClanSphere komplett auf PHP 5.2 umzustellen und sehen in dieser Initiative einen ersten Schritt dieses Ziel auch erreichen zu können. Es bringt allen nichts wenn ein großteil der Community auf Freehosts liegt der nur PHP 4 anbietet, dessen Weiterentwicklung bereits ausgelaufen ist und ab ende diesen Jahres nicht mehr betreut wird. Der oben genannte Zeitraum sollte lange genug sein um auf einen PHP 5.2 Webspace umzuziehen. Auch wenn ClanSphere zudem bereits problemlos mit PHP 6 läuft raten wir davon bis zu einer finalen Version von PHP 6 ab, da sich noch Änderungen ergeben könnten mit denen wir nicht gerechnet haben. | 
| ClanSphere 2007.4 Release Releases | 
| 22.08.2007 um 20:00 Uhr - Fr33z3m4n   Kommentare (13) | 
|  Heute wird die Version ClanSphere 2007.4 freigegeben. Es gab wichtige Änderungen in Bezug auf die Sicherheit. Diese wurden bei der Aktion: "Geld für Sicherheit" gefunden und gefixed, um noch mehr Sicherheit zu bieten. Aufgrund fehlender Übersetzungen im aktualisierten Contact-Modul gibt es vorerst nur ein DE-EN Paket. Das Multi Paket wird demnächst nachgeliefert. So nun aber das beliebte Changelog .. Changelog   >> Security: Added settype in usersgallery com_view on cat_id [reported by xsign (dot) dll (at) gravediggers (dot) eu] >> Security: Fixed settype double dollar typo in files mod download part [reported by xsign (dot) dll (at) gravediggers (dot) eu] >> Security: Fixed sql injection possibilities inside articles mod manage/remove [reported by xsign (dot) dll (at) gravediggers (dot) eu] >> Security: Fixed sql injection possibilities inside board mod attachments [reported by xsign (dot) dll (at) gravediggers (dot) eu] >> Security: Fixed sql injection possibilities inside maps mod create [reported by xsign (dot) dll (at) gravediggers (dot) eu] >> Security: Fixed sql injection possibilities inside news mod create/edit [reported by xsign (dot) dll (at) gravediggers (dot) eu] >> Security: Fixed sql injection possibilities inside ranks mod create/edit [reported by xsign (dot) dll (at) gravediggers (dot) eu] >> Security: Fixed sql injection possibilities inside whole search mod [reported by xsign (dot) dll (at) gravediggers (dot) eu] -> Added new function cs_unlink to replace nearly all calls to unlink (hajo) -> Added PAD informations to docs at the new pad directory (hajo) -> Added PHP version recommendation to use 5.2.0 or newer for installation (hajo) -> Added sql-file to Update from BXCP 0.3.2.2 (Fr33z3m4n) -> Added themes files mod lanpartys (Drag0n) -> Added themes files mod shoutbox (Drag0n) -> Fixed abcode secure in comments to use all functions without HTML (Fr33z3m4n) -> Fixed all require/include functions with complete path Mod:board (Fr33z3m4n) -> Fixed cash mod with Access, sql sort by nick and new overview with users entrys (Fr33z3m4n) -> Fixed clip function mod clans/create (Fr33z3m4n) -> Fixed empty $_GET pid Partner Mod (Fr33z3m4n) -> Fixed gallery zip file upload and top voted pics (NosNos) -> Fixed get ID in Partner Navlist Mod (Fr33z3m4n) -> Fixed html to be no longer parsed inside sql at updates mod and values in navglobal tool (hajo) -> Fixed missing SQL var at new installation mod board func. boardfiles_downloaded (Fr33z3m4n) -> Fixed sql update with empty array for delete avatar (Fr33z3m4n) -> Fixed update instructions in readme files (Denni) -> Removed old bxcp, bxls and pre final clansphere updates (hajo) -> Reworked mod and added theme files: buddys (Denni) -> Reworked mod and added theme files: contact (Denni) -> Updated warning message for deprecated html functions (hajo) -> Updated warning message pool to contain more functions (hajo) - /mods/gbook/entry.php: Fixed captcha check error (Denni) - /mods/updates/import.php: Faster query splitting (hajo) - /mods/updates/export.php: Backups are now preventing sql injection on imports (hajo) - /mods/updates/optimize.php: Tables can now be edited again (hajo) | 



 
  
  
  
  
 