PHP 5.3 Upgrade

Status
Not open for further replies.

Corey

I Break Things
Staff member
Messages
34,551
Reaction score
204
Points
63
We have started testing PHP 5.3 support and plan to upgrade all servers by the end of the week. All major scripts already support 5.3 and if you're running the latest version this change should not be noticeable to you.

I'll leave this thread open for questions.
 

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
Try adding the following line to the top of the script:

error_reporting(E_ALL & ~E_DEPRECATED);
 

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
I had a look through cutenews' source: eregi is used in almost every script... and I'm pretty sure they've been at their current version for years now.
 

bdistler

Well-Known Member
Prime Account
Messages
3,534
Reaction score
196
Points
63
ITEM #1 > Deprecated features in PHP 5.3.x that will throw errors if your script uses them
AND you do not have error reporting turned off

NOTE: This is the full list -::- not all the items listed are under your control as a x10 free-hosting user

PHP 5.3.0 introduces two new error levels: E_DEPRECATED and E_USER_DEPRECATED.
The E_DEPRECATED error level is used to indicate that a function or feature has been deprecated.
The E_USER_DEPRECATED level is intended for indicating deprecated features in user code, similarly
to the E_USER_ERROR and E_USER_WARNING levels.

#############################
The following is a list of deprecated INI directives.
Use of any of these INI directives will cause an E_DEPRECATED error to be thrown at startup.

define_syslog_variables
register_globals
register_long_arrays
safe_mode
magic_quotes_gpc
magic_quotes_runtime
magic_quotes_sybase

Comments starting with '#' are now deprecated in .INI files.

#############################
Deprecated functions:

call_user_method() (use call_user_func() instead)
call_user_method_array() (use call_user_func_array() instead)
define_syslog_variables()
dl()
ereg() (use preg_match() instead)
ereg_replace() (use preg_replace() instead)
eregi() (use preg_match() with the 'i' modifier instead)
eregi_replace() (use preg_replace() with the 'i' modifier instead)
set_magic_quotes_runtime() and its alias, magic_quotes_runtime()
session_register() (use the $_SESSION superglobal instead)
session_unregister() (use the $_SESSION superglobal instead)
session_is_registered() (use the $_SESSION superglobal instead)
set_socket_blocking() (use stream_set_blocking() instead)
split() (use preg_split() instead)
spliti() (use preg_split() with the 'i' modifier instead)
sql_regcase()
mysql_db_query() (use mysql_select_db() and mysql_query() instead)
mysql_escape_string() (use mysql_real_escape_string() instead)

Passing locale category names as strings is now deprecated. Use the LC_* family of constants instead.
The is_dst parameter to mktime(). Use the new timezone handling functions instead.

#############################
Deprecated features:

Assigning the return value of new by reference is now deprecated.
Call-time pass-by-reference is now deprecated.

*****************************
ITEM #2 > Current ver of WordPress 3.2.1 July 12,2011

Just for the deprecated function ==> ereg() <==
I found it inside these files
of a new install - no plug-ins added

wordpress/wp-admin/includes/class-ftp-pure.php
wordpress/wp-admin/includes/class-ftp-sockets.php
wordpress/wp-admin/includes/class-ftp.php
wordpress/wp-admin/includes/class-pclzip.php
wordpress/wp-includes/functions.wp-scripts.php
wordpress/wp-includes/functions.wp-styles.php
wordpress/wp-includes/rewrite.php

WordPress site has been talking about deprecated features in PHP 5.3.x
for 2+ years now - yet the current (July this year) ver still has them

How do you like the way your database info and password are stored in plan text
in the default file ==> wp-config.php <== ??
 

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
How do you like the way your database info and password are stored in plan text
in the default file ==> wp-config.php <== ??

Just move the file up one directory. If you installed WP in public_html, it will be out of the document root and inaccessible from the Web.

By hacking wp-load.php, you can move it anywhere and even change its name.

You can use .htaccess to return a 403 Forbidden for files that are for internal use only.

Yes, these are things you have to do yourself and maybe WP could make it easier to harden a site.

And storing information encrypted solves what? The script has to decrypt it. Using? Where do you store the key?
 

bdistler

Well-Known Member
Prime Account
Messages
3,534
Reaction score
196
Points
63
Just move the file up one directory. If you installed WP in public_html, it will be out of the document root and inaccessible from the Web.
My file that holds the database data and password is above public_html
wp-config.php is with my WordPress files in a folder below public_html
***

By hacking wp-load.php, you can move it anywhere and even change its name.
This is my point - you need to hack - BTW the only file I change is wp-config.php
***

You can use .htaccess to return a 403 Forbidden for files that are for internal use only.
For wp-config.php I use
==>
Code:
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
<==
***

And storing information encrypted solves what? The script has to decrypt it. Using? Where do you store the key?
if you get my table - from the data base - for user/password info - you would find only two columns named x0 and x1
column x0 is a random-salt-hash of length = 125 hexadecimal characters
column x1 is a random-salt-hash of length = 187 hexadecimal characters
NOTE:
both lengths are not standard hash lengths
both lengths are odd s/b even for hexadecimal
they do not use the same hashing algorithm
adds fun for the hackers

I do not [ decrypt ] I take the users input and hash it - then look for a match - of the hash - in the database
***
 

callumacrae

not alex mac
Community Support
Messages
5,257
Reaction score
97
Points
48
Uh dbistler, you are aware that unless someone has file access (in which case you're screwed anyway), they are unable to read the file? It doesn't matter whether you block access to it in htaccess or not, it is a PHP file and therefore impossible to read from the client side.
 

terminatorafcik17

New Member
Messages
12
Reaction score
0
Points
0
hmmm... i dont see php 5.3... when will it be available on starka - server?
Code:
Hosting package 	undefined
Server Name 	starka
cPanel Version 	11.30.1 (build 1)
Theme 	x3
Apache version 	2.2.17
PHP version 	5.2.17
MySQL version 	5.1.56
Architecture 	x86_64
Operating system 	linux
Shared IP Address 	69.175.120.122
Path to sendmail 	/usr/sbin/sendmail
Path to Perl 	/usr/bin/perl
Perl version 	5.8.8
Kernel version 	2.6.18-194.32.1.el5
cPanel Pro 	1.0 (RC1)
 
Last edited:

epsonrok85

New Member
Messages
82
Reaction score
0
Points
0
Did this upgrade affect the loading speed of our websites? I'm asking because I have gotten a few complaints from a few of my forum's members mentioning that the forum has been running slow since a couple of days ago.
 

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
Did this upgrade affect the loading speed of our websites? I'm asking because I have gotten a few complaints from a few of my forum's members mentioning that the forum has been running slow since a couple of days ago.

Not a cause of php 5.3, as your server isn't on it yet (boru cpanel is still reporting a 5.2 version).
 

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
Corey will finish moving the servers to php 5.3 by the end of the week. You can't do anything to speed the process up as it's a configuration change on the server, which requires admins to change.
 
Status
Not open for further replies.
Top