PHP 5.2.5 Released, 7 security enhancements & fixes


The PHP development team would like to announce the immediate availability of PHP 5.2.5. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.

Further details about the PHP 5.2.5 release can be found in the release announcement for 5.2.5, the full list of changes is available in the ChangeLog for PHP 5.

Security Enhancements and Fixes in PHP 5.2.5:

  • Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
  • Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
  • Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
  • Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
  • Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
  • Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
  • Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).

For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.5.

Download now.

Create Paging with PHP : Link collection

Soon or later everyone who learn php will face this thing : ‘paging

blog, guest book, search result are using paging for displaying data. Make it easy to read and more friendly

some picture of paging implementation :

 php paging

php paging

php paging

 Good paging code will survive when record in database or file system getting bigger.

many url in internet exist for such purpose, teach how to create paging with php.

I start to collect them in this page that might be useful for someone who like to implement paging in his guestbook, search result etc.

Some urls : 


Maybe you have found useful url that might help others?

I’ll update the list if I have other link.

Tell me please :-)

Multiple domains login in roundcube webmail

Roundcube is very good solution for webmail. I use squirrelmail for almost 4 years and I like it too.

In production server I install squirrelmail and roundcube as well for give other user different experience :-)

using mail and mail2 as prefix and multiple domains need special attention in roundcube.

After search in their forum I like this snippet :

 function getDomain() {




    if ($arr[0]==$prefix) { unset($arr[0]); $host=implode(‘.’,$arr); }

    else { $host=”; }

    return $host;


plus this line :

$rcmail_config[‘username_domain’] = getDomain();

 put that in config/

for my case where I use mail and mail2 just edit the line :

if ($arr[0]==$prefix) { unset($arr[0]); $host=implode(‘.’,$arr); }


if ($arr[0]==$prefix or $arr[0]==’mail2′) {

unset($arr[0]); $host=implode(‘.’,$arr);


 Working  well for me :-)

date.timezone in php.ini for php5

My last post about glitch in time related function for php5 I use a function date_default_timezone_set

For global setting as always use date.timezone in php.ini

just change from :

;date.timezone =Asia/Jakarta

uncomment it first by remove semicolon mark into this :

date.timezone =Asia/Jakarta

save php.ini files and restart apache

try view using phpinfo()

you’re done :-)

date_default_timezone_set for php5 date() fixation

Recent upgrade to php5 in appserv make me confuse when my friend ask me about this code :

print date(‘d-M-Y H:i:s’);

hour isn’t accurate

after googling I found about date_default_timezone_set

for full list of supported zone time see this link

edit  the code into

date_default_timezone_set( "Asia/Jakarta" );

// date.timezone = "timezone_here"

print date(‘d-M-Y H:i:s’);

work well :-)