php-general Digest 23 Jan 2006 01:24:59 -0000 Issue 3921
Topics (messages 229027 through 229048):
Re: Graphs
229027 by: Michael Crute
229030 by: tedd
Re: security of uploaded gif files
229028 by: PHP Superman
229029 by: Mark Krenz
229031 by: tedd
229032 by: Sameer N Ingole
229036 by: PHP Superman
229037 by: jonathan
229038 by: Rory Browne
php5 iterate an object
229033 by: Henrik Gemal
XML and special characters
229034 by: Adam Hubscher
229039 by: tedd
229041 by: Adam Hubscher
cookie question
229035 by: tedd
Question about Thumbnailing, Watermarking, and Modifying images/video/flash
dynamicly
229040 by: Jon Grimes
Devenix Live CD PHP4 and PHP5 project needs help
229042 by: Pete Savage
Re: PHP not seeing MySQL functions
229043 by: PHP Superman
229046 by: John Nichel
exec php.exe in windows
229044 by: Dave Kennedy
229048 by: Chuck Anderson
Re: Controling buffer: php/smarty or apache?
229045 by: David Tulloh
Re: problem with large arrays in php 4.3.2
229047 by: Jesse Guardiani
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On 1/22/06, Weber Sites LTD <[EMAIL PROTECTED]> wrote:
> What is the best (Free) way to create good looking graphs with PHP?
>
Jpgraph is my favorite. Its got a pretty clean OO API and decent
documentation. Plus its PHP5 compatible.
-Mike
--
________________________________
Michael E. Crute
Software Developer
SoftGroup Development Corporation
Linux takes junk and turns it into something useful.
Windows takes something useful and turns it into junk.
--- End Message ---
--- Begin Message ---
What is the best (Free) way to create good looking graphs with PHP?
Sincerely
berber
berber:
"Best?" -- whatever way that you like.
If you like any of these, just ask I'll provide code.
http://xn--ovg.com
Last three.
tedd
--
--------------------------------------------------------------------------------
http://sperling.com/
--- End Message ---
--- Begin Message ---
i think you guys are talking about the using the gd library, it may be
possible so when you upload check for any php code or other data
On 1/22/06, Rory Browne <[EMAIL PROTECTED]> wrote:
>
> I'd be a bit skeptical about the possibly of embedding PHP code inside
> a GIF file. Could you outline how he performed the task?
>
> On 1/22/06, jonathan <[EMAIL PROTECTED]> wrote:
> > what is the best way to prevent malicious code from being uploaded
> > via a .gif file? A friend showed me how php could be embedded within
> > the .gif file. Does this problem also exist for .jpeg's?
> >
> > thanks,
> >
> > jon
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Hi Everyone, I am running PHP 5 on Windosws XP SP2 with MySQL5, Bye Now!
--- End Message ---
--- Begin Message ---
Perhaps this would be a problem if you wrote a PHP program to reverse
stenography on images it receives and execute them. ;-)
On Sun, Jan 22, 2006 at 10:58:37AM GMT, Rory Browne [EMAIL PROTECTED] said the
following:
> I'd be a bit skeptical about the possibly of embedding PHP code inside
> a GIF file. Could you outline how he performed the task?
>
> On 1/22/06, jonathan <[EMAIL PROTECTED]> wrote:
> > what is the best way to prevent malicious code from being uploaded
> > via a .gif file? A friend showed me how php could be embedded within
> > the .gif file. Does this problem also exist for .jpeg's?
> >
> > thanks,
> >
> > jon
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
Mark S. Krenz
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
i think you guys are talking about the using the gd library, it may be
possible so when you upload check for any php code or other data
On 1/22/06, Rory Browne <[EMAIL PROTECTED]> wrote:
I'd be a bit skeptical about the possibly of embedding PHP code inside
a GIF file. Could you outline how he performed the task?
On 1/22/06, jonathan <[EMAIL PROTECTED]> wrote:
> what is the best way to prevent malicious code from being uploaded
> via a .gif file? A friend showed me how php could be embedded within
> the .gif file. Does this problem also exist for .jpeg's?
>
> thanks,
>
> > jon
I have placed data within the header of jpg files (lot's of room
there) and used that data for keeping track of images, but I don't
see how one can make embedded text executable code.
Would be very interested in how to do that.
tedd
--
--------------------------------------------------------------------------------
http://sperling.com/
--- End Message ---
--- Begin Message ---
Rory Browne wrote:
I'd be a bit skeptical about the possibly of embedding PHP code inside
a GIF file. Could you outline how he performed the task?
On 1/22/06, jonathan <[EMAIL PROTECTED]> wrote:
what is the best way to prevent malicious code from being uploaded
via a .gif file? A friend showed me how php could be embedded within
the .gif file. Does this problem also exist for .jpeg's?
thanks,
jon
If it is really possible, I am very much interested in knowing.
jon, can you show how to do that?
Regards,
--
Sameer N. Ingole
Blog: http://weblogic.noroot.org/
---
Better to light one candle than to curse the darkness.
--- End Message ---
--- Begin Message ---
sorry guys if i'm wrong, but
<?php
header("Content-type: image/png");
$im = imagecreate(10000, 10000)
or die("Cannot Initialize new GD image stream");
$background_color = imagecolorallocate($im, 252, 255, 255);
$text_color = imagecolorallocate($im, 233, 14, 91);
imagestring($im, 1000, 1000, 1000, "My Text", $text_color);
imagepng($im);
imagedestroy($im);
?>
if you have the required gd library, and a user changes the above to
exec(); a command, you might be in trouble, i might be wrong though... but
if you successfully hide the directory and dont tell the user where he
placed the file i think it would be pretty secure
On 1/22/06, Sameer N Ingole <[EMAIL PROTECTED]> wrote:
>
> Rory Browne wrote:
>
> >I'd be a bit skeptical about the possibly of embedding PHP code inside
> >a GIF file. Could you outline how he performed the task?
> >
> >On 1/22/06, jonathan <[EMAIL PROTECTED]> wrote:
> >
> >
> >>what is the best way to prevent malicious code from being uploaded
> >>via a .gif file? A friend showed me how php could be embedded within
> >>the .gif file. Does this problem also exist for .jpeg's?
> >>
> >>thanks,
> >>
> >>jon
> >>
> >>
> If it is really possible, I am very much interested in knowing.
> jon, can you show how to do that?
>
> Regards,
>
> --
> Sameer N. Ingole
> Blog: http://weblogic.noroot.org/
> ---
> Better to light one candle than to curse the darkness.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Hi Everyone, I am running PHP 5 on Windosws XP SP2 with MySQL5, Bye Now!
--- End Message ---
--- Begin Message ---
this is a little my fault. the example my friend showed me was a
retracing of the example he saw in Pro PHP Security (p284).
Basically, the short of the example is that a valid gif image could
be uploaded with the extension .php and pass a getimagesize because
it would have the necessary bytestream to think that it is a gif but
that arbitrary php code could be appended at the end. To get around
this, you just need to check for a valid file extension (.gif etc...)
and mimetype.
-jonathan
On Jan 22, 2006, at 2:58 AM, Rory Browne wrote:
I'd be a bit skeptical about the possibly of embedding PHP code inside
a GIF file. Could you outline how he performed the task?
On 1/22/06, jonathan <[EMAIL PROTECTED]> wrote:
what is the best way to prevent malicious code from being uploaded
via a .gif file? A friend showed me how php could be embedded within
the .gif file. Does this problem also exist for .jpeg's?
thanks,
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Or put it in a directory with no PHP or CGI.
On 1/22/06, jonathan <[EMAIL PROTECTED]> wrote:
> this is a little my fault. the example my friend showed me was a
> retracing of the example he saw in Pro PHP Security (p284).
> Basically, the short of the example is that a valid gif image could
> be uploaded with the extension .php and pass a getimagesize because
> it would have the necessary bytestream to think that it is a gif but
> that arbitrary php code could be appended at the end. To get around
> this, you just need to check for a valid file extension (.gif etc...)
> and mimetype.
>
> -jonathan
>
>
> On Jan 22, 2006, at 2:58 AM, Rory Browne wrote:
>
> > I'd be a bit skeptical about the possibly of embedding PHP code inside
> > a GIF file. Could you outline how he performed the task?
> >
> > On 1/22/06, jonathan <[EMAIL PROTECTED]> wrote:
> >> what is the best way to prevent malicious code from being uploaded
> >> via a .gif file? A friend showed me how php could be embedded within
> >> the .gif file. Does this problem also exist for .jpeg's?
> >>
> >> thanks,
> >>
> >> jon
> >>
> >> --
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> >
>
>
--- End Message ---
--- Begin Message ---
I have an object that looks like this:
Test Object
(
[config] => TestConfig Object
(
[file:protected] => test.conf
[kill:protected] => 1
)
[location:private] => "test"
}
I'm trying to write an PHP5 iterator that can iterate over an object but
I'm not sure how. The manual for PHP5 iterators seems to only work with
arrays. How do I iterate over an object and only get the name of the
attribute ("config") and not the entire name ("Test::config")
--- End Message ---
--- Begin Message ---
I've been having a tough time with parsing XML files and special characters.
I have attempted every applicable engine, last try SAX, to attempt at
parsing a (rather large, 17.8mb) xml file.
The problem I hit, is when it hits a UTF8 encoded character. I've
attempted at decoded the file before it hits the parser, I've attempted
even ENCODING it (god knows why that'd work, it didnt, lol). I've tried
html_entities, etc. Nothing as such has worked.
I've also tried simply removing the character, and low/behold, it
worked! Darned thing...
§µÖÕÔÓÒ
Those are the characters so far that have caused me problems. I'd give
the utf8 encoded equivalent, but I'm not sure of it off the top of my head.
My code, varies so much that I'm not sure it'd be useful to type it out.
The issue seems not to be with my code, as when I parse the file
manually with a whole bunch of inefficient regex statements, everything
works out peachy. The problem with that way again is, it eats system
resources for a very long time (remember, 17mb file, and its all plain
text? :)).
Any suggestions as to how I could get around this seemingly impossible
road block thats been placed by what seems to be the xml engines :O..
Thanks!
--- End Message ---
--- Begin Message ---
I've been having a tough time with parsing XML files and special characters.
-snip-
Any suggestions as to how I could get around this seemingly
impossible road block thats been placed by what seems to be the xml
engines :O..
Adam:
I believe that these "special" character will be with us for a long
while. I suggest that you review the Unicode database for these
characters and my suggestion is to use the code-points (HEX
equivalences) for these characters. For example, 0061 is a small "a",
2022 is a "bullet", 2713 is a "check-mark" and so on. Most language
glyphs of the world are represented in the Unicode database.
HTH's
tedd
--
--------------------------------------------------------------------------------
http://sperling.com/
--- End Message ---
--- Begin Message ---
tedd wrote:
I've been having a tough time with parsing XML files and special
characters.
-snip-
Any suggestions as to how I could get around this seemingly impossible
road block thats been placed by what seems to be the xml engines :O..
Adam:
I believe that these "special" character will be with us for a long
while. I suggest that you review the Unicode database for these
characters and my suggestion is to use the code-points (HEX
equivalences) for these characters. For example, 0061 is a small "a",
2022 is a "bullet", 2713 is a "check-mark" and so on. Most language
glyphs of the world are represented in the Unicode database.
HTH's
tedd
Oh, I understand that they'll be here for a while.
The problem is the XML file is not my own, rather, its generated by
another service that I am creating a stemmed service for. I feel I have
asked much of the owner of that service in creating a properly formed
XML file (he was simply using pseudo xml that was, although nice and
organized, unable to be parsed.. period, and took forever with pregs, at
least now running through an XML generator the script itself takes less
time on his part too, and hes thankful for that.)
There are usernames listed in the file that use these special characters.
Rather than have him have to well, go through and edit the 30000 some
odd users that are indexed... unless there is a way for the xml writer
to do hex codes instead of unicode codes automatically... (and in that
partake, is there any way to read them automatically with a parser?),
then the idea is feasible.
Other than that, I'm trying to find a solution to parse the existing
file with the unicode data that causes a fatal error in the parser.
--- End Message ---
--- Begin Message ---
Hi:
Please review --
http://xn--ovg.com
-- the Set and Get cookie demo (i.e., 1 & 2). The code is shown.
If you go from Set Cookie to Get Cookie, everything is OK.
If you cut the url, quit the browser, start the browser again, paste
the url and return to the page, everything is OK. The browser finds
the cookie.
However, if you go directly from:
http://xn--ovg.com
to Get Cookie, the cookie is gone -- why? What's happening here?
Any ideas, suggestions, or solutions welcomed.
Thanks.
tedd
--
--------------------------------------------------------------------------------
http://sperling.com/
--- End Message ---
--- Begin Message ---
I'm currently working on a media based site that serves up user submitted
videos/images/flash games/etc. The owner wants an easy way to generate
thumbnails for the content so that we don't have to depend on the user to
submit one. We would also like to attach a small intro clip to the video
content and possibly watermark it. I would like to automate all this and
make it part of the content submission process.
So what I'm looking for is:
A way to generate a thumbnail for a video/image/flash movie
A way to attach an intro clip to a video file.
A way to Watermark a video or image file.
I'm an experienced Linux user/admin/developer so i am interested in all
possible options, be it a php/c library, a prebuilt php solution, or some
command line tools which i can just control with php/cron jobs.
Ive been looking for info on this subject for some time, i know other sites
use it and that its possible, but most information I've found has been less
than helpful.
Thanks in advance.
--- End Message ---
--- Begin Message ---
Hi,
This seemed like the most sensible place to start to ask for help. I'm
currently working on Devenix, a project based on the knoppix live cd.
It will eventually be a complete php design and test studio on a live
cd, carry around a memory stick and save everything onto it, basically
enabling you to work on any computer anywhere and get straight back to work.
My PROBLEM is this. I need to install php4 and php5, my reasons? I
want to make it a studio capable of assisting with code migration and
testing from 4 to 5. php4 is already installed via the debian apt
source. I initially tried installing php5 by compiling from clean
source, but only ran into problems. I am now working on modifying the
php5 source tar from the apt-sources to install into a different dir to
avoid conflict with php4.
I added teh prefix line to the common configure line in the debian/rules
file, but this screwed up the libapachemodule rebuild when i tried to
rebuild the pacakge. Please any advice here would be greatly
appreciated. And any people wishing to help on the project would be
fantastic. There is no website yet, once this stumbling block is
overcome, the ball will start rolling.
Thanx
Pete
--- End Message ---
--- Begin Message ---
did you uncomment the line that adds the proper php
module(mysqli_blahblahblah.dll)?
On 1/16/06, Jonathan Duncan <[EMAIL PROTECTED]> wrote:
>
> I just got a new web server with RedHat Enterprise Linux 4 on it. It came
> with MySQL 4.1.x and PHP 4.3.9 on it. I uninstalled the MySQL 4 and put
> MySQL 5 on it. When I run a PHP script that has a DB connection in it I
> get:
>
> Fatal error: Call to undefined function: mysql_connect() in
> /var/www/html/mysqltest.php on line 5
>
> I check the PHPINFO and see:
>
> Configure Command has '--with-mysql=shared,/usr'
>
> And "dbx" supported databases has 'MySQL'
>
> However, there is no MySQL section.
>
> I checked in the '/etc/php.ini' file and see:
>
> [MySQL]
> mysql.allow_persistent = On
> mysql.max_persistent = -1
> mysql.max_links = -1
> mysql.default_port =
> mysql.default_socket =
> mysql.default_host =
> mysql.default_user =
> mysql.default_password =
> mysql.connect_timeout = 60
> mysql.trace_mode = Off
>
>
> What is missing that would keep me getting the missing functions error? I
> restarted apache of course.
>
> Thanks,
> Jonathan
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Hi Everyone, I am running PHP 5 on Windosws XP SP2 with MySQL5, Bye Now!
--- End Message ---
--- Begin Message ---
PHP Superman wrote:
did you uncomment the line that adds the proper php
module(mysqli_blahblahblah.dll)?
How would loading the mysqli modules help the poster with the mysql
functions?
How would loading Windoze dll's help the poster on a Linux box?
On 1/16/06, Jonathan Duncan <[EMAIL PROTECTED]> wrote:
I just got a new web server with RedHat Enterprise Linux 4 on it. It came
-----------------------------------------------------^^^^^
with MySQL 4.1.x and PHP 4.3.9 on it. I uninstalled the MySQL 4 and put
MySQL 5 on it. When I run a PHP script that has a DB connection in it I
get:
Fatal error: Call to undefined function: mysql_connect() in
-------------------------------------------^^^^^
OP, chance are, your RHEL box has the improved mysql (mysqli) libriaries
set-up. Try mysqli_connect. If this isn't the case, then your
libraries are not being loaded when you start Apache. Check your error
logs.
http://us2.php.net/mysqli
--
By-Tor.com
...it's all about the Rush
http://www.by-tor.com
--- End Message ---
--- Begin Message ---
Env:
Windows XP
PHP 4.3.10 (cgi-fcgi)
I am trying to capture the html output of Balance.php to a file:
The code loops over <month> and <branch> to build up a report in
export/Balance.html
exec('c:\php\php -q Balance.php export=all branch=<branch> month=<month>
login=admin password=admin >> export/Balance.html');
This command works in Linux when called from a web page.
In Windows it works from the command line
but from a web page it hangs - a cmd and php process are left running in
the Windows Task Manager
Any help would be greatly appreciated
--- End Message ---
--- Begin Message ---
Dave Kennedy wrote:
Env:
Windows XP
PHP 4.3.10 (cgi-fcgi)
I am trying to capture the html output of Balance.php to a file:
The code loops over <month> and <branch> to build up a report in
export/Balance.html
exec('c:\php\php -q Balance.php export=all branch=<branch> month=<month>
login=admin password=admin >> export/Balance.html');
This command works in Linux when called from a web page.
In Windows it works from the command line
but from a web page it hangs - a cmd and php process are left running in
the Windows Task Manager
Any help would be greatly appreciated
Sounds similar to something I had going on. In Control Panel -
Administrative Tools - Services (I don't know of a shorter way to get
there), I had to right-click on the Apache service and under Log On -
check Allow service to interact with desktop.
I run run Php as an Apache module, but you may want to give that a try.
--
*****************************
Chuck Anderson • Boulder, CO
http://www.CycleTourist.com
Integrity is obvious.
The lack of it is common.
*****************************
--- End Message ---
--- Begin Message ---
The browsers use a whole bunch of different ways to figure out how it
should render the page and if it should do it on the fly or wait until
the page is fully downloaded.
Assuming the content you are testing is the same for the static and
dynamic pages you should probably start looking for little things that
may be different. From what I've read, adding extra column information
to the table tag and making sure the doctype is correct so you don't end
up in quirks mode are both large factors.
Using 'wget ---save-headers' and 'diff' will help you find any small
difference between the pages.
David
robert mena wrote:
> Hi,
>
> I am facing a strange problem. My site, even tough designed to appear
> quickly at user's browser, appears at "once". If I test the static HTML
> version it starts to appear as downloaded If I test the php generated
> version the page seems render as a whole.
>
> I am using smarty as a template and it seems to be related to a buffer
> somewhere: php/smarty or apache.
>
> I've used microtime and from the begin of the php script until after the
> smarty->display it takes from 0.05s (min) to 0.32s (max)
>
> Any tips of how can I figure out what is "slowing" down my site?
>
> tks
>
--- End Message ---
--- Begin Message ---
Jesse Guardiani <jesse <at> wingnet.net> writes:
>
> Hello,
>
> I have an old version of php (4.3.2) that is acting rather strangely. I'm
> searching two large arrays (approx 22,000 records in each) using
> array_diff_key() from the PEAR PHP_Compat library:
>
> $result = $args[0];
> foreach ($args[0] as $key1 => $value1) {
> for ($i = 1; $i !== $array_count; $i++) {
> foreach ($args[$i] as $key2 => $value2) {
> if ((string) $key1 === (string) $key2) {
> unset($result[$key2]);
> break 2;
> }
> }
> }
> }
>
> And I'm getting aweful performance. I know it's a ton of records (22,000 *
> 22,000), but it shouldn't take 16 minutes on a P4 Xeon 2.4ghz!
>
> Has anyone seen this before? Is this a bug? Or are my math skills lacking and
> this is perfectly normal performance for the size of the data set?
>
> Thanks!
I've conducted a little multi-language benchmark to see how other languages
compare to PHP with regard to associative arrays of this size:
http://www.guardiani.us/index.php/Hash_Array_Benchmark
The result in short? PHP is a pretty typical performer, IMO.
Thanks!
P.S. Please read the disclaimer carefully before submitting criticism. Unless
you have a neat optimization to share or code from another language to
contribute, I've probably heard it already and don't care. :)
--- End Message ---
