back to article PHP devs lob second patch at super-critical CGI bug

The developers of PHP have released updates to thwart fresh attacks against systems that use the scripting language to dynamically generate web pages. All users are encouraged to upgrade to PHP 5.4.3 or PHP 5.3.13, as appropriate, after a serious security bug in PHP-CGI-based setups was disclosed. Developers attempted to fix …


This topic is closed for new posts.
  1. Greg J Preece

    Cue 1000 server admins calling PHP a shit language whilst providing no superior alternative.

  2. Cazzo Enorme

    I'm not a "server admin", but here are a few superior alternatives:

    Ruby on Rails

    Python on Django or various alternatives

    Java with Spring

    Groovy on Grails

    Scala with Lift

    Smalltalk on Seaside

    Hell, even C# if you're happy with Windows as a platform.

    They are all programming languages designed and maintained by people way more competent than those responsible for PHP.

    1. Rob Carriere

      You're right, all of those are superior to to PHP as a language.

      Which is nice when I'm toying around at home, or when I'm working for a business that does their own hosting and is willing to configure their webserver according to my wishes. It's completely irrelevant when you're dealing with hosting providers, who typically provide a choice between static HTML or PHP.

      This in turn means that if you're not in the mood to invent your own CMS from scratch, you're doing PHP.

      The world would be a much simpler place if technical merit were the only criterion for choosing a programming language.

      1. Peter Murphy

        That means a lot of hosting services need to lift their game.

        It's not good enough to just offer PHP or straight HTML any more. My hosting service, Webfaction, also offers Perl, Ruby, and Python as well, as well as their frameworks like Rails and Django. Other firms have similar facilities available.

    2. James Dunmore
      Thumb Down

      Sorry, but PHP is fantastic as a lightweight front end (website) programming language. It has the smallest, easiest hello world of any of them. It's only a bad language when you write bad code - sure, the difference is in PHP it's easier to write bad code, but that's down to a bad programmer, not a bad language.

      I've seen plenty of C# and Java websites that run badly, and have been written badly (not to mention how slow Java and c# are). Don't use a sledge hammer, and all that, PHP is great for it's job - it's why it is used so widely

      Don't get me started on how dead Ruby, etc. are.

      I'd agree that Python on Diango is a good alternative, but I'd argue against it being superior.

  3. cynic 2

    Twisting the knife

    Here's an awesome teardown of PHP for those who haven't seen it yet :

    1. Ken Hagan Gold badge

      Re: Twisting the knife

      That's a joke, right? There couldn't actually be a language as bad as the one described in that article. Someone just read about INTERCAL and decided to turn the perversion up to eleven.

      1. Anonymous Coward
        Anonymous Coward

        Re: Twisting the knife

        And yet, for some reason, everyone uses it...

        1. Miek

          Re: Twisting the knife


          That blogger is talking out of his arse.

    2. AndrewV
      Thumb Up

      Re: Twisting the knife

      That article changed my life.

      After 13 years of PHP I'm now using Python. I haven't felt this alive in years.

  4. Steve Knox

    Pick a side!

    ...releasing a new set of patches on Tuesday, 8 May 8.

    Now I know El Reg tries to be accommodating to us on this side of the pond, but we can read dates in your format, backwards as it may be. There's no need to try to splice the two formats together.


      Re: Pick a side!

      That's just John Leyden for you. He doesn't know whether he is British or American.

      His brain immediately forgets the keys his fingers press as he is typing. If his eyes were ever to move back along the line of text to verify the words he has just written, then his head would immediately explode. Not to mention the implications for the space-time continuum.

      Even the sub-editors daren't read his work as it will forever haunt them in their sleep.

  5. iamzippy

    WTF? Thanks El Reg...Not

    Since this 'revelation' was posted, I'm now getting a ton of hits at some WP sites with the query-string '?-s' . And other article-related shit besides.

    Never had one of those before today.

    I have it covered, but I wonder if you guys ever expect consequences?

    1. Anonymous Coward
      Anonymous Coward

      Re: WTF? Thanks El Reg...Not

      Yeah, because El Reg is the only website that's published the exploit that's being doing the rounds of the security sites for the past 3 weeks.

      1. iamzippy

        Re: Re: WTF? Thanks El Reg...Not

        AC@20:20, you might want to take a moment to ponder over that?

        '...the only website that's published the exploit...'

        I despair.

        1. Anonymous Coward
          Anonymous Coward

          I despair too...

          I despair of your ability to detect sarcasm.

      2. heyrick Silver badge

        Re: WTF? Thanks El Reg...Not

        Dude, any nerd knows, if it ain't on ElReg, it ain't worth knowin.

This topic is closed for new posts.

Other stories you might like