I upgraded to PHP 5.3.3 today, and I was shocked! I found a huge
security hole default setting change that may leak the source code to public, which never happened in the earlier version.
Here is an example. Suppose my code looks like this:
<?php echo "This is a good example"; ?>
Everything will turn out fine. Here is the result:
However, if the open tag is changed from <?php to <?:
<? //My comment echo "This is a bad example"; ?>
I know that it happens on PHP for Windows (XAMPP for Windows), but I didn’t know that they move this new feature to Unix world.
Thanks for the help from bt garner, it is pretty simple to fill this security hole.
First, open the php.ini. If you are not sure where is it, you can run the following command to locate it:
sudo find / -name "php.ini"
And activate the following parameters:
short_open_tag = On