php-general Digest 20 Oct 2006 06:50:39 -0000 Issue 4411
Topics (messages 243360 through 243371):
Re: User question for PHP
243360 by: Christian Heinrich
243361 by: Al
243362 by: Andy Hultgren
243369 by: Chris
Weird stack trace in error_log from PDOException
243363 by: Russ Brown
[ANNOUNCE] php|tek
243364 by: Richard Lynch
ENV vars
243365 by: jekillen
243366 by: Ed Lazor
Re: Creating Tree Structure from associative array
243367 by: Larry Garfield
243370 by: Robert Cummings
Re: Problems with open_basedir
243368 by: Chris
Setting try and catch to use my own error handler
243371 by: Dave M G
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
try suPHP :-)
Is it possible to have a PHP script execute as the user of the domain
instead of the webserver? So when I upload files through a PHP script
they are owned by me and not "wwwrun" or "nobody"?
--- End Message ---
--- Begin Message ---
Christian Heinrich wrote:
try suPHP :-)
Is it possible to have a PHP script execute as the user of the domain
instead of the webserver? So when I upload files through a PHP script
they are owned by me and not "wwwrun" or "nobody"?
Sounds like it could be a big security issue if not very carefully.
--- End Message ---
--- Begin Message ---
To whoever was asking this (sorry didn't see the original email):
Is it possible to have a PHP script execute as the user of the domain
instead of the webserver? So when I upload files through a PHP script
they are owned by me and not "wwwrun" or "nobody"?
I was recently exchanging on this list about that very topic. It's in the
archives for this list. Go to www.php.net and set the dropdown menu in the
upper right corner of the page to "general mailing list", then type "File
Upload Security and chmod" into the search field and hit enter. The
conversation is within the first few hits on this search.
The server hosting my site runs with php executing as "me" (the owner of the
domain), and we covered some of the potential security pitfalls of such a
situation (mainly centered on the fact that this makes any php script far
too powerful). In my situation I couldn't change how the server was set up;
however, the general consensus was that this situation created a number of
serious security concerns that had to be very carefully addressed. I would
avoid this configuration if you have the choice, based purely on the advice
I received.
Hope that helps,
Andy
--- End Message ---
--- Begin Message ---
Andy Hultgren wrote:
To whoever was asking this (sorry didn't see the original email):
Is it possible to have a PHP script execute as the user of the domain
instead of the webserver? So when I upload files through a PHP script
they are owned by me and not "wwwrun" or "nobody"?
I was recently exchanging on this list about that very topic. It's in the
archives for this list. Go to www.php.net and set the dropdown menu in the
upper right corner of the page to "general mailing list", then type "File
Upload Security and chmod" into the search field and hit enter. The
conversation is within the first few hits on this search.
The server hosting my site runs with php executing as "me" (the owner of
the
domain), and we covered some of the potential security pitfalls of such a
situation (mainly centered on the fact that this makes any php script far
too powerful). In my situation I couldn't change how the server was set
up;
however, the general consensus was that this situation created a number of
serious security concerns that had to be very carefully addressed. I would
avoid this configuration if you have the choice, based purely on the advice
I received.
Actually you have that the wrong way around.
If php is running as "www" or "nobody" then any files or directories
that a php script creates will be done as the web server user.
That means (potentially) that if domain 'a' creates a file, domain 'b'
can read and write to that file and even delete it.
If php is running as you instead, you can control this with appropriate
chmod commands (at least removing the risk of deleting of files /
updating of files).
A shared user (like "www" or "nobody") is a *much* bigger risk than
separate users.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Hi,
I have a pretty simple bit of code that looks like the following;
// Prepare a statement. This will actually call a stored procedure
$objStatement = $objDB->prepare($strInsert);
try
{
$objStatement->execute($arrParams);
error_log("ABOUT TO fetchColumn");
$intID = $objStatement->fetchColumn();
error_log("AFTER fetchColumn");
$objStatement->closeCursor();
}
catch (PDOException $objEx)
{
error_log(get_class($objEx));
// Actually handle the exception
}
The query runs a stored procedure which sometimes results in an
(expected) error condition which the catch block handles. It all works
perfectly, with one exception: Inbetween the call to fetchColumn and the
catch block being invoked, PHP dumps a stack trace to the error log
complaining about the exception, and I can't for the life of me figure
out why or how to stop it. I have the PDO connection configured to throw
exceptions when it encounters and error, and apart from this the code
works perfectly: the exception gets handled and the rest of the code
continues as it should without any other issues.
Does anybody have any thoughts on what might be the cause of the problem
or any pointers on how I could go about debugging it?
Thanks.
--
Russ.
--- End Message ---
--- Begin Message ---
As many of you know, I've been planning to host a PHP-General
Gathering in Spring 2007.
It's just been announced that php|architect is hosting a php|tek
Conference MAY 2007 in CHICAGO!
Now, I'm not dumb enough to butt heads with Marco :-)
So we decided to work together on his conference this year:
http://www.phparch.com/tek
I'm still up for the first couple kegs and a round of appetizers at an
"After Party" in conjunction with php|tek, so be sure not to miss
that!
And the Chicago PHP User Group is sponsoring php|tek -- Look for us at
the Conference!
This is going to be a GREAT Event, and I'm ecstatic that a PHP
Conference is being hosted in Chicago!
Go register now for the best deal -- And because last year's php|tek
SOLD OUT. Don't put it off and be left outside in the cold :-)
http://www.phparch.com/tek
More details in this thread in a few weeks!
PS
In case you thought I was serious about butting heads with Marco, I
want to publicly THANK MARCO TABINI for taking the time to call me and
allowing me to help out to make this a "win-win" for all!
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--- End Message ---
--- Begin Message ---
Hello again;
I'm wondering if it is possible to create an $_ENV var with a php
script running under a web server. I'm not sure where to look
in the manual or other documentations for this. Isn't there a
set_env() function or something like it? (would apply to php 4 0r 5x)
Thanks in advance.
JK
--- End Message ---
--- Begin Message ---
How are you running PHP? What are you trying to accomplish with
setting the env var?
On Oct 19, 2006, at 8:16 PM, jekillen wrote:
Hello again;
I'm wondering if it is possible to create an $_ENV var with a php
script running under a web server. I'm not sure where to look
in the manual or other documentations for this. Isn't there a
set_env() function or something like it? (would apply to php 4 0r 5x)
Thanks in advance.
JK
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
That depends on what your data structure is, exactly, and what sort of tree
structure you want on the other side. Please be more specific.
On Thursday 19 October 2006 09:08, Angelo Zanetti wrote:
> Hi all,
>
> I have an associative array, which contains parent and child
> relationships. I've searched the web for creating a tree structure from
> this and found a few good sites but doesnt help 100% perhaps someone can
> point me in the correct direction? I've started to code it got to a
> point where I cant go any further, the code is pseudo code and dont want
> to reinvent the wheel.
>
> any suggestions would be really appreciated.
>
> Thanks in advance
>
> --
> ------------------------------------------------------------------------
> Angelo Zanetti
> Systems developer
> ------------------------------------------------------------------------
>
> *Telephone:* +27 (021) 469 1052
> *Mobile:* +27 (0) 72 441 3355
> *Fax:* +27 (0) 86 681 5885
> *
> Web:* http://www.zlogic.co.za
> *E-Mail:* [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
--
Larry Garfield AIM: LOLG42
[EMAIL PROTECTED] ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
--- End Message ---
--- Begin Message ---
On Thu, 2006-10-19 at 23:58 -0500, Larry Garfield wrote:
> That depends on what your data structure is, exactly, and what sort of tree
> structure you want on the other side. Please be more specific.
>
> On Thursday 19 October 2006 09:08, Angelo Zanetti wrote:
> > Hi all,
> >
> > I have an associative array, which contains parent and child
> > relationships. I've searched the web for creating a tree structure from
> > this and found a few good sites but doesnt help 100% perhaps someone can
> > point me in the correct direction? I've started to code it got to a
> > point where I cant go any further, the code is pseudo code and dont want
> > to reinvent the wheel.
> >
> > any suggestions would be really appreciated.
It's kinda simple...
<?php
////////////////////////////////
//
// 6 5
// / \ / \
// 2 7 9 3
// / | \
// 1 4 8
//
////////////////////////////////
$list = array
(
array
(
'id' => '1',
'pid' => '2',
'value' => 'Value Foo 1',
),
array
(
'id' => '2',
'pid' => '6',
'value' => 'Value Foo 2',
),
array
(
'id' => '3',
'pid' => '5',
'value' => 'Value Foo 3',
),
array
(
'id' => '4',
'pid' => '2',
'value' => 'Value Foo 4',
),
array
(
'id' => '5',
'pid' => '0',
'value' => 'Value Foo 5',
),
array
(
'id' => '6',
'pid' => '0',
'value' => 'Value Foo 6',
),
array
(
'id' => '7',
'pid' => '6',
'value' => 'Value Foo 7',
),
array
(
'id' => '8',
'pid' => '2',
'value' => 'Value Foo 8',
),
array
(
'id' => '9',
'pid' => '5',
'value' => 'Value Foo 9',
),
);
//
// Set up indexing of the above list (in case it wasn't indexed).
//
$lookup = array();
foreach( $list as $item )
{
$item['children'] = array();
$lookup[$item['id']] = $item;
}
//
// Now build tree.
//
$tree = array();
foreach( $lookup as $id => $foo )
{
$item = &$lookup[$id];
if( $item['pid'] == 0 )
{
$tree[$id] = &$item;
}
else
if( isset( $lookup[$item['pid']] ) )
{
$lookup[$item['pid']]['children'][$id] = &$item;
}
else
{
$tree['_orphans_'][$id] = &$item;
}
}
//
// WooooooohoooooooooOO!
//
print_r( $tree );
?>
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
Patrik Jansson wrote:
Hello,
I'm having some difficulties with open_basedir. If I include the prefix
/home/web25637/ in open_basedir shouldn't it include every directory
within this? We're getting this error:
Warning: file_exists() [function.file-exists]: open_basedir restriction
in effect.
File(/home/web25637/domains/abc.ssf.scout.se/public_html//components/com_sef/sef.php)
The // might cause a problem, if you fix that does it work?
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
PHP List,
I have a system where the code parses the URL and creates objects based
on the classes named in the link.
In order to prevent a user typing in a URL that contains an object that
doesn't exist, and getting an error, I'm trying to set up an error
handler class, called ErrorHandler, that will handle it.
I set the error handler to be my own, and then put a Try and Catch
around the part of the code that
set_error_handler(ErrorHandler::handleError());
try
{
object = new $urlParts[0]();
if (!empty($urlParts[2]))
{
$object->$urlParts[1]($urlParts[2]);
}
else
{
$object->$urlParts[1]();
}
}
catch (Error $e)
{
echo "Sorry, the web page you are looking for can not be found.";
}
Inside my ErrorHandler, I have this:
public static function handleError($errno, $errstr, $errfile, $errline)
{
echo "Hey dude! Error! " . $errno . $errstr . $errfile . $errline ;
}
However, I get errors saying that the arguments for handleError don't exist.
Shouldn't they be automatically passed to my own error handler?
Thank you for any advise.
--
Dave M G
Ubuntu 6.06 LTS
Kernel 2.6.17.7
Pentium D Dual Core Processor
PHP 5, MySQL 5, Apache 2
--- End Message ---
