最近,PHP脚本语言中新发现的一个BUG: 当PHP执行转换超大浮点数的代码时,可能导致服务器宕机,这对基于PHP的网站的安全产生了一定的影响。这一错误只影响版本号为5.2和5.3的 PHP 发行版,并且只在使用 X87 指令集的32位英特尔CPU上出现。
在命令行执行如下代码即可测试您的系统当前版本的PHP是否受此BUG影响:
<?php /* +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ | Copyright (c) 2011 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | | available through the world-wide-web at the following url: | | http://www.php.net/license/3_01.txt | | If you did not receive a copy of the PHP license and are unable to | | obtain it through the world-wide-web, please send a note to | | license@php.net so we can mail you a copy immediately. | +----------------------------------------------------------------------+ | Author: Johannes Schlueter <johannes@php.net> | +----------------------------------------------------------------------+ */ if (PHP_SAPI != 'cli') { die("Please run this test from CLI!\n"); } ini_set('display_errors', 1); ini_set('output_buffering', 0); error_reporting(-1); if (!ini_get('safe_mode')) { set_time_limit(1); } echo "Testing float behaviour. If this script hangs or terminates with an error ". "message due to maximum execution time limit being reached, you should ". "update your PHP installation asap!\n"; echo "For more information refer to <http://bugs.php.net/53632>.\n"; $d = (double)"2.2250738585072011e-308"; echo "Your system seems to be safe.\n"; ?>
如果上述代码证实您的系统中当前的PHP版本受此BUG影响,强烈建议升级PHP到BUG修复版本PHP-5.3.5。