[Alert] Upgrade your PHP from 5 to 7 in 2 months!(deadline in 2018/12/31)

PHP version 5 is now being used by popular application frameworks such as WordPress, Drupal, Joomla, etc. For example, PHP 5.6 is the major version number for many developers and websites.

But as PHP5 has stopped updating in 2017 and 2018/12/31 is about to stop security updates, this means that after 2019, PHP 5 vulnerabilities will not be patched, and all enterprises should be before 2018/12/31 Complete PHP upgrade (currently PHP7.2) test and GoProduction, many important security vulnerabilities that have been patched before, metadata containing photos can be accessed at will, LDAP functions frequently used by enterprise users are subject to DoS attacks, through iconv language The injection vulnerability attack caused by the code conversion has been patched in 2018/4.

If your app is still in PHPv5, at least now upgrading to PHP5.6.30 is currently a workable solution.

Skip Version 6, PHP starts with 5 directly from 7, which means that in addition to significant improvements in performance and improved security, there are grammatical changes.

For WordPress and Module that need to be added through Plugins for Drupal, rewriting this type of expansion module to fit PHP 7 is currently an important development effort.

Is there any vulnerability in PHP 5?

Security vulnerabilities are constantly being reported in PHP. Some of them are serious. Check out this page on CVEDetails.com to see the number and severity of recently reported PHP vulnerabilities.

Many of the vulnerabilities reported in PHP were discovered this year. After the security support for all versions of PHP 5 is over, more will be found in PHP version 5 next year. That’s why it’s important to upgrade to a supported version of PHP 7 that is receiving

What should I pay attention to if I update to PHP 7.2?

If you update to PHP 7.2, you may find that developers need to fix incompatibilities. Since version 5, PHP has undergone some changes that have improved the language and made it more secure, but may cause warnings or errors because the code is not yet compatible with PHP 7.

During development, you should set display_errors to on, include error, and notice:

Error_reporting(E_ALL);
Ini_set('display_errors', 1);

And turn off the above functions before GoProduction.

If you are a WordPress user, WordPress itself is fully compatible with PHP 7.2 and higher. But Plugins are based on the developer.

It’s important to note that Drupal 7 is still used by Drupal 7 in the majority of Drupal users, which will lead to the cost of upgrading to PHP 7 and the cost of upgrading Drupal 8. In addition, whether Module is compatible with PHP 7 must also be considered.

If you encounter any problems, please contact the developers of THEME, Plugin, Module and ask them to make an emergency repair. Remind them that PHP 5.6 will reach its end of life in two months, and then you must update to PHP 7.2.

Every December is a traditional Western holiday, and February is Chinese New Year, so scheduling for version updates is crucial. No one wants to have UAT, SIT, GoProduction during the holiday.

How to check my website’s PHP version?

Basic Way is write a .php file as below:

<?php
phpinfo();
?>

If you want more formal way, you may need this

<?phpob_start();phpinfo();$phpinfo = array('phpinfo' => array());if(preg_match_all('#(?:<h2>(?:<a name=".*?">)?(.*?)(?:</a>)?</h2>)|(?:<tr(?: class=".*?")?><t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>(?:<t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>(?:<t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>)?)?</tr>)#s', ob_get_clean(), $matches, PREG_SET_ORDER))foreach($matches as $match)if(strlen($match[1]))$phpinfo[$match[1]] = array();elseif(isset($match[3]))$phpinfo[end(array_keys($phpinfo))][$match[2]] = isset($match[4]) ? array($match[3], $match[4]) : $match[3];else$phpinfo[end(array_keys($phpinfo))][] = $match[2];?>Some examples of using individual values from the array:<?phpecho "System: {$phpinfo['phpinfo']['System']}<br />\n";echo "Safe Mode: {$phpinfo['PHP Core']['safe_mode'][0]}<br />\n";echo "License: {$phpinfo['PHP License'][0]}<br />\n";?>To display everything:<?phpforeach($phpinfo as $name => $section) {echo "<h3>$name</h3>\n<table>\n";foreach($section as $key => $val) {if(is_array($val))echo "<tr><td>$key</td><td>$val[0]</td><td>$val[1]</td></tr>\n";elseif(is_string($key))echo "<tr><td>$key</td><td>$val</td></tr>\n";elseecho "<tr><td>$val</td></tr>\n";}echo "</table>\n";}?>

save the file on the website, and check the file by browser will show you information.

Remember delete the file after you finished!!!

Update to PHP 7.2 or stay at PHP 5.6 ?

The real good news is that when you update your site to PHP 7.x , you may see a good performance boost.

Of course, you may need to deal with some, hopefully a slight incompatibility. However, once you update to PHP 7.2, you can rest assured that you will continue to receive security updates by November 30, 2020.

If you continue to use PHP 5.6, you may find you web applications been hacked in sometime next year, because PHP 5.6 has released a bug and the PHP team has not released a fix because PHP 5.6 has expired.

Can I help if I’m nor developer?

This deadline is coming soon. All versions of PHP 5 will stop receiving security updates within 2 months. There are a large number of websites still on PHP 5. Once the security update is over, the attacker will be very aggressive in discovering the vulnerabilities they can exploit because they will not be fixed and can be exploited for a long time.

To help convert the global online community to PHP 7, please share this article to promote and help create awareness about this pressing deadline and how to transition to PHP 7.

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Connect Microsoft Power BI with Hive?

An Introduction To Exception Handling in Python

Get The Flight Status Of Frontier Airlines

What’s The Best API Alternative To Google Text To Speech?

Use An API To Integrate Flight Data Into Your Travel Portal

[Week 4, February 2022] MEVerse Weekly Report

Get Free Brent Crude Oil Prices API

Jenkins Installation

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
isaac

isaac

More from Medium

What’s New Features in Laravel 9? — 10 Reasons to Upgrade your Existing Project to Laravel 9

URLs manipulation in PHP (the easy way)

Change your URLs with a simple fluent PHP class

Fetch Records from MySQL with jQuery AJAX Laravel 9

Fetch Records from MySQL with jQuery AJAX Laravel 9

Stripe ACH implementation in laravel