Hardening-Patch v0.4.1 re-released
10. August 2005
Hardening-Patch v0.4.1 was actually released one day after v0.4.0 because a few things were not handled properly within the eval() function black- and whitelist (callbacks, destructors, ...). Now every function or class that is defined during execution of eval()'d code is flagged as created_by_eval and if it is later used by the normal script (f.e. callbacks) they are handled as if executed from within eval()'d code.
The actual re-release was needed, because of a little glitch in the patch against PHP 4.4.0, that resulted in PHP refusing to load any shared library.
Note: Keep in mind, that restricting the use of functions within eval(), does not stop eval()'d code to modify variables of the main script, to influence it's actions. Black- and whitelists for global variables will be added in a future version.