diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..bde2085 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,285 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. +unction ($uri): void { + // Special redirect cases not able to be captured in error.php + $shortcuts = [ + '/?:' => '/language.operators.comparison#language.operators.comparison.ternary', + '/??' => '/language.operators.comparison#language.operators.comparison.coalesce', + '/??=' => '/language.operators.assignment#language.operators.assignment.other', + ]; + if (isset($shortcuts[$uri])) { + header("Location: {$shortcuts[$uri]}"); + exit; + } +})($_SERVER['REQUEST_URI'] ?? ''); + +// Get the modification date of this PHP file +$timestamps = [@getlastmod()]; + +/* + The date of prepend.inc represents the age of ALL + included files. Please touch it if you modify any + other include file (and the modification affects + the display of the index page). The cost of stat'ing + them all is prohibitive. +*/ +$timestamps[] = @filemtime("include/prepend.inc"); + +// These are the only dynamic parts of the frontpage +$timestamps[] = @filemtime("include/pregen-confs.inc"); +$timestamps[] = @filemtime("include/pregen-news.inc"); +$timestamps[] = @filemtime("include/version.inc"); +$timestamps[] = @filemtime("js/common.js"); + +// The latest of these modification dates is our real Last-Modified date +$timestamp = max($timestamps); + +// Note that this is not a RFC 822 date (the tz is always GMT) +$tsstring = gmdate("D, d M Y H:i:s ", $timestamp) . "GMT"; + +// Check if the client has the same page cached +if (isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) && + ($_SERVER["HTTP_IF_MODIFIED_SINCE"] == $tsstring)) { + header("HTTP/1.1 304 Not Modified"); + exit(); +} + +// Inform the user agent what is our last modification date +header("Last-Modified: " . $tsstring); + +$_SERVER['BASE_PAGE'] = 'index.php'; +include_once 'include/prepend.inc'; +include_once 'include/branches.inc'; +include_once 'include/pregen-confs.inc'; +include_once 'include/pregen-news.inc'; +include_once 'include/version.inc'; + +mirror_setcookie("LAST_NEWS", $_SERVER["REQUEST_TIME"], 60 * 60 * 24 * 365); + +$content = "
"; +$frontpage = []; +foreach ($NEWS_ENTRIES as $entry) { + foreach ($entry["category"] as $category) { + if ($category["term"] == "frontpage") { + $frontpage[] = $entry; + if (count($frontpage) >= 25) { + break 2; + } + } + } +} +foreach ($frontpage as $entry) { + $link = preg_replace('~^(http://php.net/|https://www.php.net/)~', '', $entry["id"]); + $id = parse_url($entry["id"], PHP_URL_FRAGMENT); + $date = date_create($entry['updated']); + $date_human = date_format($date, 'd M Y'); + $date_w3c = date_format($date, DATE_W3C); + $content .= << +
+ +

+ {$entry["title"]} +

+
+
+ {$entry["content"]} +
+ +NEWSENTRY; +} +$content .= '

Older News Entries

'; +$content .= "
"; + +$intro = << + +

A popular general-purpose scripting language that is especially suited to web development.
Fast, flexible and pragmatic, PHP powers everything from your blog to the most popular websites in the world.

+
+ What's new in 8.3 + Download +
+EOF; + +$intro .= "\n"; +$intro .= << +EOF; + +site_header("Hypertext Preprocessor", + [ + 'current' => 'home', + 'headtags' => [ + '', + '', + ], + 'link' => [ + [ + "rel" => "search", + "type" => "application/opensearchdescription+xml", + "href" => $MYSITE . "phpnetimprovedsearch.src", + "title" => "Add PHP.net search", + ], + [ + "rel" => "alternate", + "type" => "application/atom+xml", + "href" => $MYSITE . "releases/feed.php", + "title" => "PHP Release feed", + ], + + ], + 'css' => ['home.css'], + 'intro' => $intro, + ], +); + +// Print body of home page. +echo $content; + +// Prepare announcements. +if (is_array($CONF_TEASER)) { + $conftype = [ + 'conference' => 'Upcoming conferences', + 'cfp' => 'Conferences calling for papers', + ]; + $announcements = ""; + foreach ($CONF_TEASER as $category => $entries) { + if ($entries) { + $announcements .= '
'; + $announcements .= ' ' . $conftype[$category] . ''; + $announcements .= '
    '; + foreach (array_slice($entries, 0, 4) as $url => $title) { + $title = preg_replace("'([A-Za-z0-9])([\s:\-,]*?)call for(.*?)$'i", "$1", $title); + $announcements .= "
  • $title
    • "; + } + $announcements .= '
'; + $announcements .= '
'; + } + } +} else { + $announcements = ''; +} + +$SIDEBAR = << + The PHP Foundation +
+

The PHP Foundation is a collective of people and organizations, united in the mission to ensure the long-term prosperity of the PHP language. +

Donate

+
+ +$announcements +

User Group Events

+

Special Thanks

+ + +SIDEBAR_DATA; + +// Print the common footer. +site_footer([ + "atom" => "/feed.atom", // Add a link to the feed at the bottom + 'elephpants' => true, + 'sidebar' => $SIDEBAR, +]);-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 +Hash: SHA512 + +Contact: https://github.com/php/php-src/security/advisories/new +Contact: mailto:security@php.net +Expires: 2024-11-28T11:59:59.999Z +Preferred-Languages: en +Canonical: https://www.php.net/.well-known/security.txt +Policy: https://github.com/php/php-src/security/policy +Policy: https://github.com/php/policies/blob/main/security-classification.rst + +# Signed by Ben Ramsey on 2023-09-29. +# Signed by Derick Rethans on 2024-02-06. + +# For instructions on how to update this file, read +# +# +-----BEGIN PGP SIGNATURE----- + +iQJDBAEBCAAtFiEEObZBND2MEEsrFG3D+cOdwLlphUQFAmUXFR8PHHJhbXNleUBw +aHAubmV0AAoJEPnDncC5aYVE5FsP/0vTzaiBB6ESAex1QPWU2tUFPiVsFBZN0/lo +DHVokFrOQ0CiUaXmOltia8ZJK5WR5IRlKjm94GlgFqdg5Mn0sLvo9JF9e4eq2PZa +AYj3rGL4C6GCXc8voKz9TXZ/eerkCSA2BY/0a1PM69dDam0XBcrCIndcil/3Evj0 +ztiWPWcMRHubBadxmDosoGtXwcw5u13IIGDmSsHwNtdkKNbS1eb1+o7DFSVQZicY +hW5SI4pfjW5BsIYxHLR7F9qCtoTWkZwtwTqX5LNIPBh6M/C8aYl/3vAfikBbqvXu +SPnObTGBNXeaHavVXMohBFNZsWdiJzBSAKQBhsqGTElVJfSbuzyaNIFN7LuuheS4 +Od7Ar9V8tUsfy/y9OisWOIbNVpm7FgQIDKTTXXJpI1THQ1kmsHKsPN5eFZw1O8ZE +ZSztjMyo0jaLTlwrfzAmqSwEiuAQAv1fvc4PncHeat1SMFFG4wP1/lEfmzunmLiq +yUzwii/5JOLWwAGfkuNaWTOTX7XJVyfTcr34nD+2WNxws4vrAA9KES2qhLBYpZ/K +xELiqGcogoDBiQYZ7AnofsbghFQn1cpX90uUxdXXAimiUWgBm3ONnXX9YoNsYMdd +eVMZ3JfOOUL8Gfe5vjaQex46o4zN/1g2baAmu5usfD21TLZEcrD9HhFiarEWjYv0 +Tr0agdzE +=CJdS +iQJDBAEBCgAtFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmXCHKcPHGRlcmlja0Bw +aHAubmV0AAoJEJEN60b1PqMSibcQANkyBZX2OebH+X6HGBaASjywJBn2U+P0/WCQ +hBxeoJS2PoTBotAwbcWL+by0whPuc4H+tlhk3CH2HmqQZj3btDpGwEv+kAxrDQrz +JL9g3Y/TkcC9CQ0WpzqwsZIpDhOjjmzGfOpiXJfVHzqLDLf2iZTDTxaUt9uZTRvC +W+zBml99gak27w/MjHLn4L3OP5uIMq8HLSw0oEA4ksm9Uo6e/MhVN/lcG26Btvqc +GUXOlAfkwmCvRhVU69IV8zBWZEd4vvB1mNJcdiKL504SjtICyrw2A5YupP2kqkat +Gm2VNZMiaKj6qwYsJtlcJRmOGNY+E3BBIIYSO+i7Nw9b3yEh4BqkXL73oMJ9gNC1 +bdE/HcaG+39uIBa1E4EMgBa9gxxNIAcviM4dDAjj0KXuprkn0g58DMv3cTF68vyN +3XX6HbxzB6eRy92YlRbolwcJrT7qU5VEL78bwCOyN93FSppqCYyx+y9MOdarMFk/ +OLOZSVHlpWr5DwTbjGxbgtPWETEUr+paL3EkW3KA8dLoD7H7Aib50BvAcq3RLACn +38uZPBlULfIEpttRKKYSqxNSxfhTBqQB4dU6dmSrZk+L0kZ0KR7Smwdobz6IeA0c +wv1x1PdCiodNMzWhEHdkzqZ/O8SVshA+shNm3uyVr10UzvSvIg23HrYsvUZl2Ti0 +PDLZowMK +=USeI +https://github.com/TKperson/Nuking-Discord-Server-Bot-Nuke-Bot/new/master +