php-general Digest 22 Jun 2009 07:26:13 -0000 Issue 6188
php-general Digest 22 Jun 2009 07:26:13 - Issue 6188 Topics (messages 294381 through 294402): Re: mirroring website 294381 by: Nitsan Bin-Nun 294382 by: Richard Heyes 294383 by: Lars Nielsen 294384 by: Jonesy Re: isset question 294385 by: Gary 294388 by: Ashley Sheridan Re: Calendar 294386 by: Ashley Sheridan Re: PHP Mail Function 294387 by: Ashley Sheridan share code between sites 294389 by: Lars Nielsen 294390 by: Eddie Drapkin 294391 by: Nathan Nobbe 294392 by: Lars Nielsen Passing Values between C App and PHP 294393 by: Tobias Krieger 294394 by: Nathan Nobbe 294395 by: Tobias Krieger 294396 by: Nathan Nobbe 294402 by: bruce Problems with APC, possible cache-corruption? 294397 by: James McLean 294398 by: Nathan Nobbe 294399 by: James McLean 294400 by: Jonathan Tapicer 294401 by: James McLean Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- Create 2 different configuration files, load the appropriate one after checking whether $_ENV['dev'] is set to 1 or 0 then all you have to do is to set the environment variable 'dev' to 1 or 0 through .htaccess file. After setting this up all you have to do is to rewrite the files whenever you want to update the files in the production server or vice versa. Just my $0.02 ;) Nitsan On Sun, Jun 21, 2009 at 4:56 PM, Lars Nielsen l...@mit-web.dk wrote: Hey I have the following issue! I want to develop my website on my local machine, and then upload the entire developed site to a production server. What is the best strategy to do that? I have been looking at a php mirroring script but that was about 5 years old! Is'nt there a better/newer approach? By the way... I'm using Fedora linux with LAMP (php5) best regards Lars Nielsen www.mit-web.dk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ---End Message--- ---BeginMessage--- Hi, I have the following issue! I want to develop my website on my local machine, and then upload the entire developed site to a production server. What is the best strategy to do that? I have been looking at a php mirroring script but that was about 5 years old! Is'nt there a better/newer approach? I used to use rsync (with a bunch of options) whenever I did this. With you being on Linux, it would be trivial to automate it with a script. -- Richard Heyes HTML5 graphing: RGraph (www.rgraph.net - updated 20th June) PHP mail: RMail (www.phpguru.org/rmail) PHP datagrid: RGrid (www.phpguru.org/rgrid) PHP Template: RTemplate (www.phpguru.org/rtemplate) PHP SMTP: http://www.phpguru.org/smtp ---End Message--- ---BeginMessage--- Thanks for the cents. I will try a combination of multiple configuration files and rsync! /Lars søn, 21 06 2009 kl. 16:39 +0100, skrev Richard Heyes: Hi, I have the following issue! I want to develop my website on my local machine, and then upload the entire developed site to a production server. What is the best strategy to do that? I have been looking at a php mirroring script but that was about 5 years old! Is'nt there a better/newer approach? I used to use rsync (with a bunch of options) whenever I did this. With you being on Linux, it would be trivial to automate it with a script. -- Richard Heyes HTML5 graphing: RGraph (www.rgraph.net - updated 20th June) PHP mail: RMail (www.phpguru.org/rmail) PHP datagrid: RGrid (www.phpguru.org/rgrid) PHP Template: RTemplate (www.phpguru.org/rtemplate) PHP SMTP: http://www.phpguru.org/smtp ---End Message--- ---BeginMessage--- On Sun, 21 Jun 2009 16:39:18 +0100, Richard Heyes wrote: I have the following issue! I want to develop my website on my local machine, and then upload the entire developed site to a production server. What is the best strategy to do that? I have been looking at a php mirroring script but that was about 5 years old! Is'nt there a better/newer approach? I used to use rsync (with a bunch of options) whenever I did this. With you being on Linux, it would be trivial to automate it with a script. And, if you don't have ssh access to the web server -- but rather, just ftp -- there's `ftpsync` which I use. When Googling for `ftpsync` , ignore the windo$ hits. There's a name collison there. You want the linux program. Be carefull with .htaccess. heh heh Mine are different for the local machine -- mainly for testing and local lan purposes. Now and then I screw up and upload an .htaccess from the local web server to the World-Wide-Web server. Big snafu -
php-general Digest 22 Jun 2009 19:52:12 -0000 Issue 6189
php-general Digest 22 Jun 2009 19:52:12 - Issue 6189 Topics (messages 294403 through 294416): Re: Passing Values between C App and PHP 294403 by: Per Jessen Re: PEAR Spreadsheet_Excel_Writer setLocked method 294404 by: Thodoris Re: isset question 294405 by: Ford, Mike Re: resubmit form after validation error 294406 by: PJ 294407 by: Caner Bulut Pointers for NuSOAP 294408 by: Anton Heuschen 294409 by: Jonathan Tapicer 294411 by: Anton Heuschen PHP SOAP Using SAML 294410 by: Carlos Medina 294412 by: Karel Kozlik sharing PHP sessions between web servers using NFS 294413 by: Randy Paries 294414 by: Per Jessen 294415 by: [moderação] Erick Couto XSS Preventing. 294416 by: Caner Bulut Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- Tobias Krieger wrote: This would be a nice and fast solution, but unfortunatelly, it's like that the C programm needs to surveilance the hardware all the time (controlling values,...) hence, it would run more as a daemon. Depending your skill-levels with C, there is not much to it. Here is some fairly simple code I use for a daemon that controls an IOM142 (google it) board via the serial port. http://jessen.ch/files/fridged.tar.gz It's very much send two-byte command, then receive multi-byte response, but it also responds to simple http-style requests and I call it from php to produce this page: http://jessen.ch/refrigeration/ (in dire need up an update). /Per -- Per Jessen, Zürich (14.4°C) ---End Message--- ---BeginMessage--- Thodoris wrote: I've used it for some time but never needed to lock a cell. Here is a piece of code that shows how to apply a format to a cell: Hope it helps. I think that by doing something like this: $format_bold-setLocked(); while creating the format could do the trick but it is not tested. No, this didn't do it. I already have some formats I've created for dollar amounts, right align, etc, and applying the setLocked() method to them had no affect. Skip I have noticed that when you use setLocked to the cell formatting the cell has the protected flag set. My openoffice tells me that the cell protection is meaningful only if the data sheet is protected. I think that the following code does what you need as long as you save the xls before opening it. ?php // Include the PEAR script require 'Spreadsheet/Excel/Writer.php'; // Stop displaying the errors so that the warnings don't get in your spreadsheet // ini_set('display_errors',0); // Instantiate a workbook $workbook = new Spreadsheet_Excel_Writer(); // Send it directly to the browser $workbook-send(test.xls); // Set the version (very useful for compatibility) $workbook-setVersion(8); // Create a worksheet in the workbook $worksheet = $workbook-addWorksheet('Test'); // Set input encoding $worksheet-setInputEncoding('UTF-8'); // Set protection for the worksheet $worksheet-protect(); // Create the formats format $format_locked = $workbook-addFormat(); $format_locked-setBold(); $format_locked-setHAlign('center'); $format_locked-setFgColor('yellow'); $format_locked-setLocked(); // Create a format $format_unlocked = $workbook-addFormat(); $format_unlocked-setBold(); $format_unlocked-setHAlign('center'); $format_unlocked-setFgColor('yellow'); // Apply the format to a cell $worksheet-writeString(0, 0, Locked, $format_locked); $worksheet-writeString(0, 1, Unocked, $format_unlocked); // Close the workbook $workbook-close(); ? This protects the file with a blank password. I don't know if this is the proper way to do this but it has been tested and works. -- Thodoris ---End Message--- ---BeginMessage--- On 19 June 2009 19:53, Ashley Sheridan advised: On Fri, 2009-06-19 at 12:36 +0100, Ford, Mike wrote: On 18 June 2009 20:25, LAMP advised: using !empty() instead isset() will work if you don't care for PHP Notice: Undefined variable... If you want to avoid PHP Notice you have to use both: $msg.= (isset($_POST['mort']) and !empty($_POST['mort'])) ? The mortgage amount is $mort\n : ; Absolute rubbish -- as it says at http://php.net/empty, empty($var) is the opposite of (boolean)$var, except that no warning is generated when the variable is not set. -- so protecting empty() with an isset() is a total waste of time, space and cpu cycles. Cheers! Mike -- Mike Ford, Electronic Information Developer, C507, Leeds Metropolitan University, Civic Quarter Campus, Woodhouse Lane, LEEDS, LS1 3HE, United Kingdom Email: m.f...@leedsmet.ac.uk Tel: +44 113 812 4730 To view the terms under which this email
RE: [PHP] Passing Values between C App and PHP
if memory serves... you can look into using a shared memory block, or pipes to communicate between the php/c app -Original Message- From: Tobias Krieger [mailto:tobias.krie...@teamfrednet.org] Sent: Sunday, June 21, 2009 2:44 PM To: Nathan Nobbe Cc: php-general@lists.php.net Subject: Re: [PHP] Passing Values between C App and PHP Am 21.06.2009 um 23:31 schrieb Nathan Nobbe: On Sun, Jun 21, 2009 at 3:25 PM, Tobias Krieger tobias.krie...@teamfrednet.org wrote: Hi, I've recently written an eMail regarding I2C and PHP - since I haven't found a nice solution yet, I'm considering writting the I2C part (opening device, writing, reading,...) in C (that's simple) and to recieve (and returning) the values through PHP and Javascript. E.g. Website (PHP/Javascript) - set a new motorspeed - PHP passes the new speed to C Application - C AP opens and writes the new speed onto the I2C Bus - Motor executes - returns ack - Is this somehow, and not complicated possible? if the C program is written such that it can start and stop on every request rather than as a daemon, its as simple as shell_exec(). write your C app to take args over the cli and then pass them in through the call: ?php $result = shell_exec('myI2C -speed 50'); ? something of that nature. -nathan This would be a nice and fast solution, but unfortunatelly, it's like that the C programm needs to surveilance the hardware all the time (controlling values,...) hence, it would run more as a daemon. thx, tobias -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Passing Values between C App and PHP
Tobias Krieger wrote: This would be a nice and fast solution, but unfortunatelly, it's like that the C programm needs to surveilance the hardware all the time (controlling values,...) hence, it would run more as a daemon. Depending your skill-levels with C, there is not much to it. Here is some fairly simple code I use for a daemon that controls an IOM142 (google it) board via the serial port. http://jessen.ch/files/fridged.tar.gz It's very much send two-byte command, then receive multi-byte response, but it also responds to simple http-style requests and I call it from php to produce this page: http://jessen.ch/refrigeration/ (in dire need up an update). /Per -- Per Jessen, Zürich (14.4°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PEAR Spreadsheet_Excel_Writer setLocked method
Thodoris wrote: I've used it for some time but never needed to lock a cell. Here is a piece of code that shows how to apply a format to a cell: Hope it helps. I think that by doing something like this: $format_bold-setLocked(); while creating the format could do the trick but it is not tested. No, this didn't do it. I already have some formats I've created for dollar amounts, right align, etc, and applying the setLocked() method to them had no affect. Skip I have noticed that when you use setLocked to the cell formatting the cell has the protected flag set. My openoffice tells me that the cell protection is meaningful only if the data sheet is protected. I think that the following code does what you need as long as you save the xls before opening it. ?php // Include the PEAR script require 'Spreadsheet/Excel/Writer.php'; // Stop displaying the errors so that the warnings don't get in your spreadsheet // ini_set('display_errors',0); // Instantiate a workbook $workbook = new Spreadsheet_Excel_Writer(); // Send it directly to the browser $workbook-send(test.xls); // Set the version (very useful for compatibility) $workbook-setVersion(8); // Create a worksheet in the workbook $worksheet = $workbook-addWorksheet('Test'); // Set input encoding $worksheet-setInputEncoding('UTF-8'); // Set protection for the worksheet $worksheet-protect(); // Create the formats format $format_locked = $workbook-addFormat(); $format_locked-setBold(); $format_locked-setHAlign('center'); $format_locked-setFgColor('yellow'); $format_locked-setLocked(); // Create a format $format_unlocked = $workbook-addFormat(); $format_unlocked-setBold(); $format_unlocked-setHAlign('center'); $format_unlocked-setFgColor('yellow'); // Apply the format to a cell $worksheet-writeString(0, 0, Locked, $format_locked); $worksheet-writeString(0, 1, Unocked, $format_unlocked); // Close the workbook $workbook-close(); ? This protects the file with a blank password. I don't know if this is the proper way to do this but it has been tested and works. -- Thodoris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] isset question
On 19 June 2009 19:53, Ashley Sheridan advised: On Fri, 2009-06-19 at 12:36 +0100, Ford, Mike wrote: On 18 June 2009 20:25, LAMP advised: using !empty() instead isset() will work if you don't care for PHP Notice: Undefined variable... If you want to avoid PHP Notice you have to use both: $msg.= (isset($_POST['mort']) and !empty($_POST['mort'])) ? The mortgage amount is $mort\n : ; Absolute rubbish -- as it says at http://php.net/empty, empty($var) is the opposite of (boolean)$var, except that no warning is generated when the variable is not set. -- so protecting empty() with an isset() is a total waste of time, space and cpu cycles. Cheers! Mike -- Mike Ford, Electronic Information Developer, C507, Leeds Metropolitan University, Civic Quarter Campus, Woodhouse Lane, LEEDS, LS1 3HE, United Kingdom Email: m.f...@leedsmet.ac.uk Tel: +44 113 812 4730 To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm To be honest, you're still opening yourself up to attack that way. What I'd do is first assign the variable to a forced int, and then use that result if it is 0: $mortgage = (isset($_REQUEST['mort'])?intval($_REQUEST['mort']):0; $msg .= ($mortgage 0)?The mortgage amount is $mortgage:; Too true -- I have a parameter-checking system that does this automatically for me, so I tend not to think of it when writing actual processing code. My bad, probably, but good catch. Cheers! Mike -- Mike Ford, Electronic Information Developer, C507, Leeds Metropolitan University, Civic Quarter Campus, Woodhouse Lane, LEEDS, LS1 3HE, United Kingdom Email: m.f...@leedsmet.ac.uk Tel: +44 113 812 4730 To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] resubmit form after validation error
Hi Caner, Thanks for the input. I'm not sure that would do it as the first instruction on the page is : $bid = $_GET['id'] ; thus, the page cannot even be loaded if there is no id in the uri - it generates a number of errors. In order to use the feature of editing, I use a search page and then set up an href to the edit page with the id of the item to be edited. I finally figured out to do the action=another_page.php and with slight modifications to the form, things finally work. And, to delete the item (all records related to the item), I set up 2 submits - 1 to update.php and one to delete.php Maybe it's all cumbersome and maybe it is possible to streamline the whole process, but then it does work and I am just learning... :-) Thanks again. PJ Caner BULUT wrote: Hi, You can use a variable to that. Like following. Example if the variable is 1 you start to processing form input. Example form method=post action=file.php?action=1 And in file.php you check the action variable if it is 1 you can start the processing data. If($_GET['action']==1) { Echo done; } Thanks. Caner. -Original Message- From: PJ [mailto:af.gour...@videotron.ca] Sent: 20 June 2009 22:55 To: php-general@lists.php.net Subject: [PHP] resubmit form after validation error I'm having a bit of a time figuring out how to resubmit a form after obligatory field missing error. The problem is that the page is accessed from a search page href where the uri is like = file.php$=123. Since the method=post action=file.php?=?php echo $number; ? does not work nor does PHP_SELF, I have set the action=otherfile.php. All is well, if all fields are properly entered, but if there is an error, how to resubmit the form for correction and resubmission without using js or functions or redoing it all from scratch? -- Hervé Kempf: Pour sauver la planète, sortez du capitalisme. - Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com/andypantry.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Pointers for NuSOAP
Does anyone have any good links to basic and more advanced (and some examples) of NuSOAP and using this ? Would be appreciated to see some recommendations that might of helped others etc. Thank you in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Pointers for NuSOAP
I've used this one, split in 4 parts: Introduction to NuSOAP: http://www.scottnichol.com/nusoapintro.htm Programming with NuSOAP: http://www.scottnichol.com/nusoapprog.htm Programming with NuSOAP Part 2: http://www.scottnichol.com/nusoapprog2.htm Programming with NuSOAP Using WSDL: http://www.scottnichol.com/nusoapprogwsdl.htm It's nice, and it has lots of working examples. Jonathan On Mon, Jun 22, 2009 at 11:02 AM, Anton Heuschenanto...@gmail.com wrote: Does anyone have any good links to basic and more advanced (and some examples) of NuSOAP and using this ? Would be appreciated to see some recommendations that might of helped others etc. Thank you in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP SOAP Using SAML
Hi Anybody, I am evaluating to use Webservices to solve an knowed Issue. I need to know, if it is Possible to use SAML 1.0 with PHP 4 or PHP 5 and when yes, where can i get information about this Issue or open Source Software,etc. Regards Carlos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Pointers for NuSOAP
Much appreciated Jonathan, going to look at it later tonight. 2009/6/22 Jonathan Tapicer tapi...@gmail.com: I've used this one, split in 4 parts: Introduction to NuSOAP: http://www.scottnichol.com/nusoapintro.htm Programming with NuSOAP: http://www.scottnichol.com/nusoapprog.htm Programming with NuSOAP Part 2: http://www.scottnichol.com/nusoapprog2.htm Programming with NuSOAP Using WSDL: http://www.scottnichol.com/nusoapprogwsdl.htm It's nice, and it has lots of working examples. Jonathan On Mon, Jun 22, 2009 at 11:02 AM, Anton Heuschenanto...@gmail.com wrote: Does anyone have any good links to basic and more advanced (and some examples) of NuSOAP and using this ? Would be appreciated to see some recommendations that might of helped others etc. Thank you in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] resubmit form after validation error
Hi PJ, You can use the structure following $bid = htmlentities($_GET['id']); if(empty($bid) { $bid=0; } if(is_numeric($bid)) { if($bid==0) { do something } else if($bid==1) { do something } } After this code there will always a number, If the id variable is 0, bid will be 0 and you can control it. Thanks. Caner. 2009/6/22 PJ af.gour...@videotron.ca Hi Caner, Thanks for the input. I'm not sure that would do it as the first instruction on the page is : $bid = $_GET['id'] ; thus, the page cannot even be loaded if there is no id in the uri - it generates a number of errors. In order to use the feature of editing, I use a search page and then set up an href to the edit page with the id of the item to be edited. I finally figured out to do the action=another_page.php and with slight modifications to the form, things finally work. And, to delete the item (all records related to the item), I set up 2 submits - 1 to update.php and one to delete.php Maybe it's all cumbersome and maybe it is possible to streamline the whole process, but then it does work and I am just learning... :-) Thanks again. PJ Caner BULUT wrote: Hi, You can use a variable to that. Like following. Example if the variable is 1 you start to processing form input. Example form method=post action=file.php?action=1 And in file.php you check the action variable if it is 1 you can start the processing data. If($_GET['action']==1) { Echo done; } Thanks. Caner. -Original Message- From: PJ [mailto:af.gour...@videotron.ca] Sent: 20 June 2009 22:55 To: php-general@lists.php.net Subject: [PHP] resubmit form after validation error I'm having a bit of a time figuring out how to resubmit a form after obligatory field missing error. The problem is that the page is accessed from a search page href where the uri is like = file.php$=123. Since the method=post action=file.php?=?php echo $number; ? does not work nor does PHP_SELF, I have set the action=otherfile.php. All is well, if all fields are properly entered, but if there is an error, how to resubmit the form for correction and resubmission without using js or functions or redoing it all from scratch? -- Hervé Kempf: Pour sauver la planète, sortez du capitalisme. - Phil Jourdan --- p...@ptahhotep.com http://www.ptahhotep.com http://www.chiccantine.com/andypantry.php
Re: [PHP] PHP SOAP Using SAML
Hi, take a look to Lasso. They claims it support SAML 2.0. http://lasso.entrouvert.org/ Karel Carlos Medina napsal(a): Hi Anybody, I am evaluating to use Webservices to solve an knowed Issue. I need to know, if it is Possible to use SAML 1.0 with PHP 4 or PHP 5 and when yes, where can i get information about this Issue or open Source Software,etc. Regards Carlos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] sharing PHP sessions between web servers using NFS
Hello, I have three web servers (in a lvs cluster) in the cluster they all think they are www.mydomain.com With LVS you can not guarantee that each request is going to come in via the same server I am trying to share php sessions between servers. I have seen some examples that use mysql for session, but i think this may work and would be easier to implement currently all three servers share the same file system via NFS so what i was going to do is change the path in the php.ini to session.save_path = /mynfsmount/phpsessions. So essentially all three servers would write the session files in the same location. my concern is does anyone know how php creates the session ID the thing that concerns me is that i compared the current session directories on the 3 servers and there are duplicate file names. Do you think i can assume that PHP checks for the existence of the session file before it creates a new PHPSESSIONID?? the one thing that would be ugly is if the servers overwrote the others files and sessions started getting messed up. Thanks for your help -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sharing PHP sessions between web servers using NFS
Randy Paries wrote: Hello, I have three web servers (in a lvs cluster) in the cluster they all think they are www.mydomain.com With LVS you can not guarantee that each request is going to come in via the same server I thought LVS had some session persistence stuff ? /Per -- Per Jessen, Zürich (11.6°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] sharing PHP sessions between web servers using NFS
you can use memcached for php sessions.. it´s simple, transparent, and configurated on php.ini too. i have used it for a long time. 2009/6/22 Per Jessen p...@computer.org Randy Paries wrote: Hello, I have three web servers (in a lvs cluster) in the cluster they all think they are www.mydomain.com With LVS you can not guarantee that each request is going to come in via the same server I thought LVS had some session persistence stuff ? /Per -- Per Jessen, Zürich (11.6°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] XSS Preventing.
Hi Guys, I have a question if you have any knowledge about this please let me know. I getting data from a form with POST method like following. $x = htmlentities($_POST['y']); . After getting all form daha I save them into DB, I used mysql_real_escape_string. I have an page which show the information that I have save into DB. But If I don't use html_entity_decode, there will encodding and charset problems. I can't set htmlentities charset parameters because this function does not have Turkish Charset support. The question is that, after saving data into DB with using htmlentities, in the information page if I use html_entity_decode function still there is an XSS risk or not? . html_entity_decode function get back all risk again? Please help. Thanks. Caner.
[PHP] Why does simpleXML give me nested objects for blank tags?
Repost as I got zero replies. Does anyone know why this is? Seems like a bug to me, or at least should be documented as such whacky behavior. Are there any solutions to this or work-arounds? -Original Message- From: Daevid Vincent [mailto:dae...@daevid.com] Sent: Thursday, June 18, 2009 6:04 PM I'm trying to use http://us2.php.net/manual/en/function.simplexml-load-string.php $xml_url = file_get_contents('http://myserver/cgi-bin/foo.cgi?request=c901c906e4d06a0') ; try { $xml = simplexml_load_string($xml_url, 'SimpleXMLElement', LIBXML_NOBLANKS LIBXML_COMPACT LIBXML_NOEMPTYTAG); print_r( $xml); } catch (Exception $e) { echo bad xml; } If I have this XML file (note the tags I marked with -- below): issue crstatusi_field_submitted/crstatus problem_number151827/problem_number problem_synopsis_fieldtitle/problem_synopsis_field problem_description_fielddescription2/problem_description_field fi_priorityHigh/fi_priority -- assignee/ create_time5/12/2009 22:53:10/create_time -- fi_notes_oem/ fi_sw_part_namesw_part_name/fi_sw_part_name fi_general_referencegeneral_reference/fi_general_reference fi_sw_part_numbersw_part_num/fi_sw_part_number fi_customer_ecd_date1244703600/fi_customer_ecd_date fi_sw_part_versionsw_part_version/fi_sw_part_version fi_required_date1243839600/fi_required_date -- ac_type/ /issue Why does it give me sub-objects and not just empty strings for tags that have no values as I'd expect??! I tried all those options above and none of them make a difference. SimpleXMLElement Object ( [crstatus] = i_field_submitted [problem_number] = 151827 [problem_synopsis_field] = title [problem_description_field] = description2 [fi_priority] = High -- [assignee] = SimpleXMLElement Object ( ) -- [fi_notes_oem] = SimpleXMLElement Object ( ) [fi_sw_part_name] = sw_part_name [fi_general_reference] = general_reference [fi_sw_part_number] = sw_part_num [fi_customer_ecd_date] = 1244703600 [fi_sw_part_version] = sw_part_version [fi_required_date] = 1243839600 -- [ac_type] = SimpleXMLElement Object ( ) ) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Why does simpleXML give me nested objects for blank tags?
On Mon, Jun 22, 2009 at 2:13 PM, Daevid Vincent dae...@daevid.com wrote: Repost as I got zero replies. Does anyone know why this is? Seems like a bug to me, or at least should be documented as such whacky behavior. Are there any solutions to this or work-arounds? -Original Message- From: Daevid Vincent [mailto:dae...@daevid.com] Sent: Thursday, June 18, 2009 6:04 PM I'm trying to use http://us2.php.net/manual/en/function.simplexml-load-string.php $xml_url = file_get_contents('http://myserver/cgi-bin/foo.cgi?request=c901c906e4d06a0 ') ; try { $xml = simplexml_load_string($xml_url, 'SimpleXMLElement', LIBXML_NOBLANKS LIBXML_COMPACT LIBXML_NOEMPTYTAG); print_r( $xml); } catch (Exception $e) { echo bad xml; } If I have this XML file (note the tags I marked with -- below): issue crstatusi_field_submitted/crstatus problem_number151827/problem_number problem_synopsis_fieldtitle/problem_synopsis_field problem_description_fielddescription2/problem_description_field fi_priorityHigh/fi_priority -- assignee/ create_time5/12/2009 22:53:10/create_time -- fi_notes_oem/ fi_sw_part_namesw_part_name/fi_sw_part_name fi_general_referencegeneral_reference/fi_general_reference fi_sw_part_numbersw_part_num/fi_sw_part_number fi_customer_ecd_date1244703600/fi_customer_ecd_date fi_sw_part_versionsw_part_version/fi_sw_part_version fi_required_date1243839600/fi_required_date -- ac_type/ /issue Why does it give me sub-objects and not just empty strings for tags that have no values as I'd expect??! first off, why does it matter. second, i dont think its a bug, thats just how it works, php $a = simplexml_load_string('blah/'); php var_dump($a); object(SimpleXMLElement)#1 (0) { } I tried all those options above and none of them make a difference. SimpleXMLElement Object ( [crstatus] = i_field_submitted [problem_number] = 151827 [problem_synopsis_field] = title [problem_description_field] = description2 [fi_priority] = High -- [assignee] = SimpleXMLElement Object ( ) -- [fi_notes_oem] = SimpleXMLElement Object ( ) [fi_sw_part_name] = sw_part_name [fi_general_reference] = general_reference [fi_sw_part_number] = sw_part_num [fi_customer_ecd_date] = 1244703600 [fi_sw_part_version] = sw_part_version [fi_required_date] = 1243839600 -- [ac_type] = SimpleXMLElement Object ( ) ) third the documentation says var_dump() / print_r() are not supported, so i wouldnt put much stock in the dump of the object above. from the manual: http://us2.php.net/manual/en/function.simplexml-element-attributes.php *Note*: SimpleXML has made a rule of adding iterative properties to most methods. They cannot be viewed using var_dump()http://us2.php.net/manual/en/function.var-dump.phpor anything else which can examine objects. -nathan
[PHP] Re: XSS Preventing.
Caner BULUT wrote: Hi Guys, I have a question if you have any knowledge about this please let me know. I getting data from a form with POST method like following. $x = htmlentities($_POST['y']); . After getting all form daha I save them into DB, I used mysql_real_escape_string. I have an page which show the information that I have save into DB. But If I don't use html_entity_decode, there will encodding and charset problems. I can't set htmlentities charset parameters because this function does not have Turkish Charset support. The question is that, after saving data into DB with using htmlentities, in the information page if I use html_entity_decode function still there is an XSS risk or not? . html_entity_decode function get back all risk again? Please help. Thanks. Caner. Don't htmlentiies() before DB save. In general: - mysql_real_escape_string() before DB insertion - htmlentities() before dispaly -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: XSS Preventing.
Thanks for response. But if I use before display there is charset problems occurs. And htmlentities does not support Turkish Charset. How can I decode data after pass thought htmlentities. Thanks. -Original Message- From: Shawn McKenzie [mailto:nos...@mckenzies.net] Sent: 22 June 2009 23:27 To: php-general@lists.php.net Subject: [PHP] Re: XSS Preventing. Caner BULUT wrote: Hi Guys, I have a question if you have any knowledge about this please let me know. I getting data from a form with POST method like following. $x = htmlentities($_POST['y']); . After getting all form daha I save them into DB, I used mysql_real_escape_string. I have an page which show the information that I have save into DB. But If I don't use html_entity_decode, there will encodding and charset problems. I can't set htmlentities charset parameters because this function does not have Turkish Charset support. The question is that, after saving data into DB with using htmlentities, in the information page if I use html_entity_decode function still there is an XSS risk or not? . html_entity_decode function get back all risk again? Please help. Thanks. Caner. Don't htmlentiies() before DB save. In general: - mysql_real_escape_string() before DB insertion - htmlentities() before dispaly -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems with APC, possible cache-corruption?
On Sun, Jun 21, 2009 at 6:17 PM, James McLean james.mcl...@gmail.comwrote: On Mon, Jun 22, 2009 at 9:40 AM, Nathan Nobbequickshif...@gmail.com wrote: On Sun, Jun 21, 2009 at 5:56 PM, James McLean james.mcl...@gmail.com wrote: did you take a look at the size of the cache you created ? Yes. Tried multiple segments and single, with cache size values between 128mb and 256mb. Also tried with stat on and off. also, arent you planning to cache php opcodes, so if you load up the page, index.html, i would expect to see a bunch of php files mentioned in the apc cache.. Well, index.html wouldn't be cached because it's not parsed by the PHP engine. But yes, if it were index.php for example each compiled PHP file is then cached in the opcode cache - include files and everything. This is how it works on every other APC installation i've tried :) This installation is not doing that, even though this is the default behaviour. if apc has support for output caching, ive not yet used it so im not sure how much i could help there (sort of sounds like youre shooting for output caching the way you describe things above). No, i'm not looking for output caching. Apologies if my original email was poorly worded. maybe you could dump out your ini settings for apc and share them here? No need. they're all default as reccomended by PHP and APC. hmm, 2 other thoughts i have.. . long shot, but do you have apc.php installed on a diff domain than the moodle app (not sure but i suspect apc.php only shows cached values for the domain in which its currently running (i know this is something eaccelerator does). . as a test, perhaps setup a simple test site, w/ 2 files, apc.php and one index.php file on this rhel box. if things are working (index.php cached w/ apc.php), it would seem something goofy is going on indside the moodle app. -nathan
Re: [PHP] Re: XSS Preventing.
Caner BULUT wrote: Thanks for response. But if I use before display there is charset problems occurs. And htmlentities does not support Turkish Charset. How can I decode data after pass thought htmlentities. I have no idea, I was just saying that if you use it, use it for display and not for storage. If you only use it for display, then you don't need to decode it. Also, what do you mean it doesn't support the Turkish charset? Does it mangle some of the chars? You are using it so that you don't get markup script etc. in your output, so does it do something bad with the Turkish chars?. Maybe try htmlspecialchars() as it only converts a few specific chars. Thanks. -Original Message- From: Shawn McKenzie [mailto:nos...@mckenzies.net] Sent: 22 June 2009 23:27 To: php-general@lists.php.net Subject: [PHP] Re: XSS Preventing. Caner BULUT wrote: Hi Guys, I have a question if you have any knowledge about this please let me know. I getting data from a form with POST method like following. $x = htmlentities($_POST['y']); . After getting all form daha I save them into DB, I used mysql_real_escape_string. I have an page which show the information that I have save into DB. But If I don't use html_entity_decode, there will encodding and charset problems. I can't set htmlentities charset parameters because this function does not have Turkish Charset support. The question is that, after saving data into DB with using htmlentities, in the information page if I use html_entity_decode function still there is an XSS risk or not? . html_entity_decode function get back all risk again? Please help. Thanks. Caner. Don't htmlentiies() before DB save. In general: - mysql_real_escape_string() before DB insertion - htmlentities() before dispaly -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: XSS Preventing.
Shawm thanks, İf you using htmlentities awere that he change the charset to ISO-8859-1. So this is the a problem. For solving this there were some parameters. Htmlentities($str, ENT_QUOTES, 'UTF-8') But there is no Turkish Charset inside supportad Charset. You can see the detail info from http://tr.php.net/htmlentities After using htmlentities I am getting following Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli Paramp;ccedil;anyacute;n After using htmlspecialchars I am getting following Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli Paramp;ccedil;anyacute;n amp;ccedil;yacute;karyacute;ldyacute;eth;yacute; / takyacute;lacaeth;yacute; araamp;ccedil; modeli I hope I can explain the problem. Thanks -Original Message- From: Shawn McKenzie [mailto:nos...@mckenzies.net] Sent: 23 June 2009 00:01 To: php-general@lists.php.net Subject: Re: [PHP] Re: XSS Preventing. Caner BULUT wrote: Thanks for response. But if I use before display there is charset problems occurs. And htmlentities does not support Turkish Charset. How can I decode data after pass thought htmlentities. I have no idea, I was just saying that if you use it, use it for display and not for storage. If you only use it for display, then you don't need to decode it. Also, what do you mean it doesn't support the Turkish charset? Does it mangle some of the chars? You are using it so that you don't get markup script etc. in your output, so does it do something bad with the Turkish chars?. Maybe try htmlspecialchars() as it only converts a few specific chars. Thanks. -Original Message- From: Shawn McKenzie [mailto:nos...@mckenzies.net] Sent: 22 June 2009 23:27 To: php-general@lists.php.net Subject: [PHP] Re: XSS Preventing. Caner BULUT wrote: Hi Guys, I have a question if you have any knowledge about this please let me know. I getting data from a form with POST method like following. $x = htmlentities($_POST['y']); . After getting all form daha I save them into DB, I used mysql_real_escape_string. I have an page which show the information that I have save into DB. But If I don't use html_entity_decode, there will encodding and charset problems. I can't set htmlentities charset parameters because this function does not have Turkish Charset support. The question is that, after saving data into DB with using htmlentities, in the information page if I use html_entity_decode function still there is an XSS risk or not? . html_entity_decode function get back all risk again? Please help. Thanks. Caner. Don't htmlentiies() before DB save. In general: - mysql_real_escape_string() before DB insertion - htmlentities() before dispaly -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] XSS Preventing.
Caner BULUT wrote: Hi Guys, I have a question if you have any knowledge about this please let me know. I getting data from a form with POST method like following. $x = htmlentities($_POST['y']); . After getting all form daha I save them into DB, I used mysql_real_escape_string. Don't try to home brew your own. You'll miss stuff. Use an input filter class that is developed by and tested by a large number of users. http://htmlpurifier.org/ is what I recommend. Also, with respect to mysql_real_escape - if you use prepared statements, escaping isn't an issue. Personally I recommend a database extraction later. Pear MDB2 is a good one. It makes your code portable to other databases as long as you stick to standard SQL (which usually is pretty easy to do). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems with APC, possible cache-corruption?
On Tue, Jun 23, 2009 at 6:17 AM, Nathan Nobbequickshif...@gmail.com wrote: hmm, 2 other thoughts i have.. . long shot, but do you have apc.php installed on a diff domain than the moodle app (not sure but i suspect apc.php only shows cached values for the domain in which its currently running (i know this is something eaccelerator does). No. Same domain. . as a test, perhaps setup a simple test site, w/ 2 files, apc.php and one index.php file on this rhel box. if things are working (index.php cached w/ apc.php), it would seem something goofy is going on indside the moodle app. The RHEL box works flawlessly, as has almost every other APC install i've ever done. I simply used it as an example that Moodle likely wasn't at fault, and I have since further proved this by grepping the source - it isn't setting any of it's own apc filters as suggested before. On the APC install that is not working correctly, when I switch between my info.php and apc.php files - the counter on the cached file (apc.php) resets, and info.php is not cached. That was all outlined in the original email. I guess this is not a common issue, no one seems to have experienced it before.. Cheers -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php