php-general Digest 13 Oct 2010 09:45:35 -0000 Issue 6985
Topics (messages 308660 through 308668):
Re: Scripts running twice
308660 by: Alexander Schrijver
Google Calendar
308661 by: Floyd Resler
308664 by: Kranthi Krishna
308665 by: Govinda
308667 by: Kranthi Krishna
Re: poll of 'public framework or roll your own'
308662 by: Daevid Vincent
Zend studio location Cross-Domain Scripting Vulnerability
308663 by: Daevid Vincent
308666 by: Thijs Lensselink
308668 by: Richard Quadling
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
On Tue, Oct 12, 2010 at 07:52:46PM +0100, Ashley Sheridan wrote:
>
> On Tue, 2010-10-12 at 20:45 +0200, Alexander Schrijver wrote:
>
> On Tue, Oct 12, 2010 at 05:29:39PM +0100, [1][email protected] wrote:
> > That's probably it then! Some browsers make multiple requests to speed up
> > rend
> ering of a page.
>
> Do you have any examples of browsers which do this? Because that kind of
> behaviour would be wrong.
>
> I just know that a couple of years ago, I was working on a website that
> removed credits from a clients account upon a page visit. When the page
> was accessed via a link, two credits were always taken. We did all
> sorts of tests, from writing to the DB in a single call from that page,
> and every time, it was coming up with two hits. This was happening on
> all the main browsers: Fx, IE, Opera & Safari.
> It's not the wrong behaviour, this is allowed behaviour when using the
> GET protocol, which most general page requests are I believe.
Reading the HTTP RFC this is allowed for a GET request with a range specified.
I'm not sure how PHP deals with this.
--- End Message ---
--- Begin Message ---
I am attempting to use the Zend Gdata framework to communicate with Google
Calendars and am having a problem. If I start a new event like this:
$event=$gcal->newEventEntry(), nothing happens. My code simply stops executing
at that call. If I replace it with this:
$event=new Zend_Gdata_Calendar_EventEntry() my code doesn't stop but I get the
an error with this:
$event->title = $gcal->newTitle($row->title); The error is
"Zend/Gdata/Calendar/Extension/Title.php - no such file or directory".
I don't know enough about the Zend Framework to figure this one out!
Thanks!
Floyd
--- End Message ---
--- Begin Message ---
The exact error message will help understand your situation
Most probable reason is Zend is not included in your include path
develop with error_reporting set to E_ALL & E_STRICT that will help
you understand many trivial errors
--- End Message ---
--- Begin Message ---
develop with error_reporting set to E_ALL & E_STRICT that will help
you understand many trivial errors
Krishna, allow me to jump in here and ask - is my understanding
correct that some errors will never be reported... regardless of the
setting for error_reporting? ...like when I put a tab before the
heredoc closing identifier on the same line.
-Govinda
--- End Message ---
--- Begin Message ---
in this case when you put a tab before the closing heredoc it is not
an error in itself. Its equivalent to removing the closing heredoc. so
PHP treats the rest of the code as part of the string.
A Parse error is reported when ?> OR end of the file is reached
--- End Message ---
--- Begin Message ---
That was my poll! :)
Do you use a public framework or roll your own?
I personally find most frameworks to be either too generic or too
restricting. To do some tasks you have to jump through many hoops. I see
the benefit and certainly for prototypes they may have use, but I tend to
find that building a custom framework using some basic tools like a DB
wrapper, debug routines, selectbox routines, dynamic menu creation,
headers, footers, etc. gives all the MVC power I need. What do you do?
What's a framework?
1 (1.9%)
I don't use any framework (by choice or policy).
9 (16.7%)
I use my own custom framework.
33 (61.1%)
I use a public framework like Zend, Symfony, Cake, etc.
11 (20.4%
P.s. the link works fine for me...
http://www.rapidpoll.net/8opnt1e
And here are two more of interest maybe:
http://www.rapidpoll.net/show.aspx?id=awp1ocy
http://www.rapidpoll.net/show.aspx?id=arc1opy
> -----Original Message-----
> From: Tommy Pham [mailto:[email protected]]
> Sent: Friday, October 08, 2010 6:47 AM
> To: PHP
> Subject: [PHP] poll of 'public framework or roll your own'
>
> Hi,
>
> Does anyone know/remember what's the results of that old poll
> back in mid(?)
> January?
> http://marc.info/?l=php-general&m=126455173203450&w=2
>
> I can't seem to access http://www.rapidpoll.net/8opnt1e.
>
> Thanks,
> Tommy
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
http://80vul.com/Zend%20studio/Zend%20studio%20location%20Cross.htm
Interesting. A co-worker and I were JUST noticing how our PHPDoc comments
were being parsed pretty much verbatim including <b> tags and links and
stuff and thought, "wow, that's stupid, that's just a XSS or injection
waiting to happen". LOL. Guess someone's ears were burning. ;-)
--- End Message ---
--- Begin Message ---
On 10/13/2010 12:19 AM, Daevid Vincent wrote:
http://80vul.com/Zend%20studio/Zend%20studio%20location%20Cross.htm
Interesting. A co-worker and I were JUST noticing how our PHPDoc comments
were being parsed pretty much verbatim including<b> tags and links and
stuff and thought, "wow, that's stupid, that's just a XSS or injection
waiting to happen". LOL. Guess someone's ears were burning. ;-)
Why didn't you inform Zend before you went full disclosure?
It's a nasty bug though!!
--- End Message ---
--- Begin Message ---
On 13 October 2010 05:25, Thijs Lensselink <[email protected]> wrote:
> On 10/13/2010 12:19 AM, Daevid Vincent wrote:
>>
>> http://80vul.com/Zend%20studio/Zend%20studio%20location%20Cross.htm
>>
>> Interesting. A co-worker and I were JUST noticing how our PHPDoc comments
>> were being parsed pretty much verbatim including<b> tags and links and
>> stuff and thought, "wow, that's stupid, that's just a XSS or injection
>> waiting to happen". LOL. Guess someone's ears were burning. ;-)
>>
>>
>
> Why didn't you inform Zend before you went full disclosure?
>
> It's a nasty bug though!!
Yesterday, I installed PDT for the first time.
Created the scenario for this vulnerability.
Get an exception. MS Visual Studio shows a HTML block with the
<script> tag in it and that is highlighted as the error. "Microsoft
JScript runtime error: Automation server can't create object".
--
Richard Quadling
Twitter : EE : Zend
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
--- End Message ---
