September 27, 2019 Appworks News Blog FileMaker FileMaker Security API integrationdata securityPHPPHP APIPHP upgradesecurity FileMaker Server’s Default PHP Will Stop Receiving Security Updates What’s happening? The default version of PHP that ships with FileMaker Server 17.0.4 up to 18.0.2 is 7.1.19. This particular version is no longer receiving active support and won’t receive any security updates starting on Dec 1st, 2019. Any version before FileMaker server 17.0.4 uses a version of PHP that is no longer supported. Running web apps on an unsupported version of PHP is not recommended, and will compromise the security of your application. PHP’s Support Timeline Which version do I have? You can check which version of PHP you’re running by doing the following: Open your text editor (e.g.: Notepad)Add the following: <?php phpinfo(); ?>Save the file as info.php in FileMaker Server/HTTPServer/conf/Open it in your web browser by entering the following link: [Your FM Server domain or IP]/info.php (example: fms.example.com/info.php)Or use localhost/info.php if you open the browser on your server.Check the version displayed at the top of the page. Sample PHP info page How to upgrade: Before you upgrade, make sure you test your app on a test server running the version of PHP that you wish to install. Don’t upgrade an app in production if you haven’t tested it first with the new PHP version. Go to https://www.php.net/downloads.phpChoose the “Current Stable” version Click “Windows Downloads” if you are running FileMaker Server on Windows. One extra step for Windows The steps below are shown on Windows: Make a backup of FileMaker Server\Web Publishing\publishing-engine\php by copying the php directory to another location. Backup the “php” directory Uncompress the downloaded file Extracted files Copy the extracted files Copy all the files from the file you downloaded from php.net Stop IIS by opening command prompt or PowerShell as an administrator and typing the following command: iisreset /stop Stop IIS Once you get “Internet services successfully stopped”: Open FileMaker Server\Web Publishing\publishing-engine\php and paste the files you copied from the downloaded PHP files.Choose to replace the files in destination when prompted Choose “Replace the files in destination” Turn on IIS: iisreset /start Start IIS Check your info file again. You should see the new version of PHP there. Make sure to delete the info file once you are done. Keeping this file open to the public will compromise your server security due to the information that it provides. Test your app and make sure everything is running fine.That’s it! You’ve finished upgrading PHP on your FileMaker server!To revert the upgrade, delete the php folder (FileMaker Server\Web Publishing\publishing-engine\php) then copy and paste the php folder that you created as a backup earlier. What if my FileMaker API is not compatible with the new PHP version? You can replace your PHP API with one of these (Special thanks to their authors):https://github.com/airmoi/FileMakerhttps://github.com/matatirosolutions/filemakerapihttps://github.com/driftwoodinteractive/fmPDA Going further While testing your web app on a test server, review your PHP.ini file (FileMaker Server\Web Publishing\publishing-engine\php\php.ini). Compare it with OWASP’s recommendations here. You can read about each php.ini value here.We are happy to upgrade for you if you don’t want to do it yourself. Schedule a window for this upgrade by emailing sales@app.works. By Karl Jreijiri
2 Comments Radioeinbauset Posted on 4:34 AM - October 21, 2019 Hi to every one, it’s actually a fastidious for me to go to see this web page, it contains important Information. Esther Posted on 7:56 PM - July 27, 2020 Hello There. I found your blog using msn. This is a very well written article. I will be sure to bookmark it and come back to read more of your useful information. Thanks for the post. I’ll certainly return.