I've received some reports of a cross-site scripting (XSS) vulnerability in phpDVDProfiler, consequently I've taken some time to fix it and included a few minor compatibility issues I had on the back burner for some time.

Here's what's been fixed:

  • security: removed XSS using the search function (CVE-2025-46729)
  • fix: some minimal formatting
  • fix: better compatibility with PHP 8.0 (in TestFonts) and 8.2
  • fix: display of watched statistics when there's no entry for the current month (#49)

Watch out: the following PHP extensions are needed for phpDVDProfiler:

  • mysqli (used for database access)
  • mbstring (used for sanitizing filenames, and for converting dates from UTF-8 to windows-1252)
  • intl (used for the replacement of the deprecated strftime in PHP 8.1, and when sanitizing filenames)
  • gd2 (optional, but necessary if you want to correctly display the thumbnails in profiles and galleries)

If you're using the latest version of PHP 8.2, and use jpgraph for displaying statistics, I've noticed that the latest official jpgraph library (4.4.1) has some issue. If you encounter the same issue, you should switch to the jpgraph version from MiTo Team. It's not exactly a drop-in replacement for use with phpDVDProfiler. Here're the steps to make it work:

  • Download the latest release from https://github.com/mitoteam/jpgraph/releases
  • Extract the contents of the jpgraph-10.3.1/src/lib directory from the archive to the jpgraph/src folder of your installation.

You can download the archive either from this post, or from Github. As for comments, questions, and so on, I'd prefer if they're all done on Github.

Important information: I don't intend to do any kind of refactoring, developing new features, or anything else. This is just the basic needed work to make it compatible with newer versions of PHP.