PHP Smackdown

The PHP homepage has a phpBB smackdown, but unfortunately no permalinks. Apparently the phpBB asserted that the problem was due to a bug in PHP (which I had heard as well) when in fact it was a input validation error in phpBB. More snark!

2 replies on “PHP Smackdown”

There were two security problems. One which was a PHP problem see here ( while the other one was a phpBB problem see here (

The worm which killed many phpbb sites was the problem with phpbb but the patch was released a month before the worm got out. So if people updated their software it would not have been a problem. I’m not sure why this was such a big issue. Keep your software up to date and everything should be fine.


As a phpBB forum administrator and occasional modification writer, I understand the problem–it’s one of laziness combined with a fear of upgrading. Sometimes, the bugfixes break old modifications, and forum admins are afraid of losing one modification’s bit of functionality for fear of the backlash of their forum’s community. I’ve had to do this a couple of times myself, but I always have said, “Hey, I miss [$foo], too, but it’s this or have my server hijacked by script kiddies.” That’s usually enough to quit the bitching.

And you’re also right that psoTFX and Co. had pretty much already owned up to it. I didn’t see’s bit as a smackdown but as an explanation that was needed so that people wouldn’t think that PHP is crap.