php-general Digest 9 Mar 2006 11:11:31 -0000 Issue 4006

Thu, 09 Mar 2006 03:14:09 -0800 

php-general Digest 9 Mar 2006 11:11:31 -0000 Issue 4006

Topics (messages 231695 through 231709):

Re: .DAT file with PHP
        231695 by: Rory Browne
        231696 by: Rory Browne
        231700 by: Jabez
        231701 by: Paul Novitski
        231708 by: Rory Browne

Re: php tests failures on windows
        231697 by: Chris
        231699 by: Manish Marathe

Re: test security of code
        231698 by: Chris
        231706 by: Gregory Machin
        231707 by: Björn Bartels

Random permission strangeness
        231702 by: Paul Scott
        231703 by: Chris
        231705 by: Paul Scott

Re: Make all emails links
        231704 by: Rafael

Re: Convert all named entities into numeric character references
        231709 by: Robin Vickery

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        [email protected]


----------------------------------------------------------------------
--- Begin Message --- 
On 3/8/06, Paul Novitski <[EMAIL PROTECTED]> wrote:
>
> At 10:27 AM 3/8/2006, Rory Browne wrote:
> >$filename = "filename.txt";
> >$file_content = join("\n", array_reverse(file($filename)));
> >echo $file_content;
>
>
> Rory,
>
> I think you've got the logic right.
>
> Tangentially, however, I recommend that you break it out into
> separate statements and not throw multiple functions into the same
> statement -- it's hard to proofread, it's hard to pinpoint where
> errors occur, and it's next to impossible to insert echo statements
> to debug the process.  Also for ease of debugging & maintenance, I
> recommend indicating the type of each variable with a prefix
> (a=array, s=string, etc.):


Different strokes for different folks. Code presention is something I take
very seriously, but I don't consider using the return value of one function
as a parameter for another to be a bad thing.

Meaningful, or conventional variables are another thing I take seriously. If
I wanted to keep track of types I'd use C++ or Java. I don't have a problem
with something like:


         $sFilename = "filename.txt";
>          $aFile_content = file($sFilename);
>          $aFile_reverse = array_reverse($aFile_content);
>          $sDisplay_content = join("\n", $aFile_reverse);
>          echo $sDisplay_content;
>
> I don't think PHP will "care" whether it's broken out or not --
> internally it's having to create temporary variables on the fly to
> store incremental values -- but your future self and other folks
> reading your code will thank you for it.
>
> Regards,
> Paul
>
>

--- End Message ---
--- Begin Message --- 
last mail got accidently sent before completion - please reply to that, or
the OP and not this.

I don't have much of a problem with code that takes a less blatent
inspiration of the following:

$file = "filename.txt";
$file = file_get_contents($file);
$file = explode("\n", $file);
$file = array_reverse($file);
$file = join("\n", $file);

echo $file;

I do however consider

$filename - "whatever.txt";  I perfer to abstract "configuration issues"
$rev_content = join("\n", array_reverse(file($file)))';
echo $rev_contaent;


to be cleaner

>

--- End Message ---
--- Begin Message --- 
I used the following code that Paul suggested, but it didn't reverse my
content.

The file I would want to have the content reversed is as attached. Chinese
characters is in the file so...

Suggestions?

-----Original Message-----
From: Paul Novitski [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 09, 2006 2:58 AM
To: [email protected]
Subject: Re: [PHP] .DAT file with PHP

At 10:27 AM 3/8/2006, Rory Browne wrote:
>$filename = "filename.txt";
>$file_content = join("\n", array_reverse(file($filename))); echo 
>$file_content;


Rory,

I think you've got the logic right.

Tangentially, however, I recommend that you break it out into separate
statements and not throw multiple functions into the same statement -- it's
hard to proofread, it's hard to pinpoint where errors occur, and it's next
to impossible to insert echo statements to debug the process.  Also for ease
of debugging & maintenance, I recommend indicating the type of each variable
with a prefix (a=array, s=string, etc.):

         $sFilename = "filename.txt";
         $aFile_content = file($sFilename);
         $aFile_reverse = array_reverse($aFile_content);
         $sDisplay_content = join("\n", $aFile_reverse);
         echo $sDisplay_content;

I don't think PHP will "care" whether it's broken out or not -- internally
it's having to create temporary variables on the fly to store incremental
values -- but your future self and other folks reading your code will thank
you for it.

Regards,
Paul 

--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php


net/unsub.php

--- End Message ---
--- Begin Message --- 
At 07:05 PM 3/8/2006, Jabez wrote:

I used the following code that Paul suggested, but it didn't reverse my
content.

The file I would want to have the content reversed is as attached. Chinese
characters is in the file so...

Suggestions?



Jabez,
The data in your file is all in one text line. You have inserted the string "<br>" between what I assume are your data elements, but not PHP linefeed characters. 

Try using "\n" (backslash-n) as your line delimiter and try again.
By the way, I neglected to tell you earlier that when file() reads a file into an array, it includes the linefeed characters at the end of each array element. These might or might not get in your way if you're outputting your data to an HTML file -- a linefeed will render as a whitespace character. If you'll be writing the data to another text file where linefeeds are crucial, you may wish to massage the array to ensure that every array element (including the last one read from the original file) ends in \n. 

Regards,
Paul
--- End Message ---
--- Begin Message --- 
I didn't get the file, but

If the lines are seperated by <br>'s instead of newlines, then

$filename = "monkey.html";
$file_array = preg_split("/<br.*?>/", file_get_content($filename));
$rev_array = array_reverse($file_array);
$output = join("<br />", $rev_array);

This could be modded to maintain any arguments inside the <br> tag, by
replacing preg_replacing <br.*?> with $1\n, and then splitting on \n.


On 3/9/06, Paul Novitski <[EMAIL PROTECTED]> wrote:
>
> At 07:05 PM 3/8/2006, Jabez wrote:
> >I used the following code that Paul suggested, but it didn't reverse my
> >content.
> >
> >The file I would want to have the content reversed is as attached.
> Chinese
> >characters is in the file so...
> >
> >Suggestions?
>
>
> Jabez,
>
> The data in your file is all in one text line.  You have inserted the
> string "<br>" between what I assume are your data elements, but not
> PHP linefeed characters.
>
> Try using "\n" (backslash-n) as your line delimiter and try again.
>
> By the way, I neglected to tell you earlier that when file() reads a
> file into an array, it includes the linefeed characters at the end of
> each array element.  These might or might not get in your way if
> you're outputting your data to an HTML file -- a linefeed will render
> as a whitespace character.  If you'll be writing the data to another
> text file where linefeeds are crucial, you may wish to massage the
> array to ensure that every array element (including the last one read
> from the original file) ends in \n.
>
> Regards,
> Paul
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--- End Message ---
--- Begin Message --- 
Manish Marathe wrote:

Hello,

Some of the tests, mostly bugs, are failing on cygwin environment on Windows
Server 2003. The http://bugs.php.net site says those bugs have been fixed,
although I am still getting the failure. Here are those bugs :

http://bugs.php.net/bug.php?id=27780
http://bugs.php.net/bug.php?id=32555
http://bugs.php.net/bug.php?id=22414
http://bugs.php.net/bug.php?id=26615
http://bugs.php.net/bug.php?id=26938
http://bugs.php.net/bug.php?id=27646
http://bugs.php.net/bug.php?id=24063
http://bugs.php.net/bug.php?id=24640
http://bugs.php.net/bug.php?id=35481
http://bugs.php.net/bug.php?id=30745

Has anyone too encountered failures of these tests?


Which php version are you running?
Reading the first one it says it's not broken, it's cygwin. Didn't bother reading the rest. 

--
Postgresql & php tutorials
http://www.designmagick.com/

--- End Message ---
--- Begin Message --- 
On 3/8/06, Manish Marathe <[EMAIL PROTECTED]> wrote:
>
> On 3/8/06, Chris <[EMAIL PROTECTED]> wrote:
> >
> > Manish Marathe wrote:
> > > Hello,
> > >
> > > Some of the tests, mostly bugs, are failing on cygwin environment on
> > Windows
> > > Server 2003. The http://bugs.php.net site says those bugs have been
> > fixed,
> > > although I am still getting the failure. Here are those bugs :
> > >
> > > http://bugs.php.net/bug.php?id=27780
> > > http://bugs.php.net/bug.php?id=32555
> > > http://bugs.php.net/bug.php?id=22414
> > > http://bugs.php.net/bug.php?id=26615
> > > http://bugs.php.net/bug.php?id=26938
> > > http://bugs.php.net/bug.php?id=27646
> > > http://bugs.php.net/bug.php?id=24063
> > > http://bugs.php.net/bug.php?id=24640
> > > http://bugs.php.net/bug.php?id=35481
> > > http://bugs.php.net/bug.php?id=30745
> > >
> > > Has anyone too encountered failures of these tests?
> >
> > Which php version are you running?
> >
> > Reading the first one it says it's not broken, it's cygwin. Didn't
> > bother reading the rest.
>
>
Sorry my earlier reply got accidently sent only to Chris, so re-sending it.

PHP version 5.1.2, well thats right, its broken on cygwin, what if I run
from the cmd of windows, it still fails and also I removed cygwin from the
path while executing on cmd of windows.


--
Manish Marathe
SpikeSource, Inc.
http://developer.spikesource.com

--- End Message ---
--- Begin Message --- 
Gregory Machin wrote:

Hi
Is there an application that can pass source code and report potential
security problem and or the live site ?
Many thanks
--
Gregory Machin
[EMAIL PROTECTED]
[EMAIL PROTECTED]
www.linuxpro.co.za
www.exponent.co.za
Web Hosting Solutions
Scalable Linux Solutions
www.iberry.info (support and admin)

+27 72 524 8096


Just found this:
http://caffeinatedsecurity.com/blog/archives/2006/03/08/web-application-security-testing-tools/


--
Postgresql & php tutorials
http://www.designmagick.com/

--- End Message ---
--- Begin Message --- 
Thanks looks good will read on further .

On 3/9/06, Chris <[EMAIL PROTECTED]> wrote:
>
> Gregory Machin wrote:
> > Hi
> > Is there an application that can pass source code and report potential
> > security problem and or the live site ?
> > Many thanks
> > --
> > Gregory Machin
> > [EMAIL PROTECTED]
> > [EMAIL PROTECTED]
> > www.linuxpro.co.za
> > www.exponent.co.za
> > Web Hosting Solutions
> > Scalable Linux Solutions
> > www.iberry.info (support and admin)
> >
> > +27 72 524 8096
>
> Just found this:
>
> http://caffeinatedsecurity.com/blog/archives/2006/03/08/web-application-security-testing-tools/
>
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>



--
Gregory Machin
[EMAIL PROTECTED]
[EMAIL PROTECTED]
www.linuxpro.co.za
www.exponent.co.za
Web Hosting Solutions
Scalable Linux Solutions
www.iberry.info (support and admin)

+27 72 524 8096

--- End Message ---
--- Begin Message --- 
Hello there...

i think you can lessen this effort by improving your qualitymanagement
during the planing and development phase of your projects (means making
a lot of UML diagrams and so on...).
You may try to let the application handle its missbehavours by itself.

If you don't want anyone to get your source-code it's a question of
server security...

cheers
bb

Am $date schrieb $from:

>Thanks looks good will read on further .
>
>On 3/9/06, Chris <[EMAIL PROTECTED]> wrote:
>>
>>Gregory Machin wrote:
>>>Hi
>>>Is there an application that can pass source code and report
>>>potential
>>>security problem and or the live site ?
>>>Many thanks
>>>--
>>>Gregory Machin
>>>[EMAIL PROTECTED]
>>>[EMAIL PROTECTED]
>>>www.linuxpro.co.za
>>>www.exponent.co.za
>>>Web Hosting Solutions
>>>Scalable Linux Solutions
>>>www.iberry.info (support and admin)
>>>
>>>+27 72 524 8096
>>
>>Just found this:
>>


>>>>>>>>http://caffeinatedsecurity.com/blog/archives/2006/03/08/web-application-security-testing-tools/
>>
>>
>>--
>>Postgresql & php tutorials
>>http://www.designmagick.com/
>>
>
>
>
>--
>Gregory Machin
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>www.linuxpro.co.za
>www.exponent.co.za
>Web Hosting Solutions
>Scalable Linux Solutions
>www.iberry.info (support and admin)
>
>+27 72 524 8096


Björn Bartels
-Development/IT-Services-

----------------------------------------------
dbusiness.de gmbh
digital business & printing gmbh

Greifswalder Str. 152
D-10409 Berlin

Fon: [0.30] 4.21.19.95
Fax: [0.30] 4.21.19.74

www.dbusiness.de
[EMAIL PROTECTED]
ftp://dbusiness.dyndns.org


Björn Bartels
-Development/IT-Services-

----------------------------------------------
dbusiness.de gmbh
digital business & printing gmbh

Greifswalder Str. 152
D-10409 Berlin

Fon: [0.30] 4.21.19.95
Fax: [0.30] 4.21.19.74

www.dbusiness.de
[EMAIL PROTECTED]
ftp://dbusiness.dyndns.org

--- End Message ---
--- Begin Message --- 
I am pretty much randomly getting the following error:

.. ps_files_cleanup_dir: opendir(/var/lib/php5) failed: Permission
denied (13) in .......

As far as I can see the session write directory has no problems with
permissions. The *really* strange thing is that it only fails at certain
times, and nothing really reproduceable.

I am using:

PHP Version 5.1.2 on Apache2 Debian GNU/Linux amd64 stock kernel on
Opteron processors.

Has anyone any ideas as to why this is happening?

--Paul

--- End Message ---
--- Begin Message --- 
Paul Scott wrote:

I am pretty much randomly getting the following error:

.. ps_files_cleanup_dir: opendir(/var/lib/php5) failed: Permission
denied (13) in .......

As far as I can see the session write directory has no problems with
permissions. The *really* strange thing is that it only fails at certain
times, and nothing really reproduceable.

I am using:

PHP Version 5.1.2 on Apache2 Debian GNU/Linux amd64 stock kernel on
Opteron processors.
What's the whole error message (ie context)? Is it coming from cron or randomly in your scripts? 

My first guess is garbage collection..
What are the permissions on that folder? If it's randomly in your scripts, which user is your webserver running as? 

--
Postgresql & php tutorials
http://www.designmagick.com/

--- End Message ---
--- Begin Message --- 
On Thu, 2006-03-09 at 16:05 +1100, Chris wrote:
> What's the whole error message (ie context)? Is it coming from cron or 
> randomly in your scripts?

>From Xdebug...

Its random. I am just thinking though that what it *might* be is that
the initial session is timing out between the app launch and the user
logging in. I start the session beforehand, and simply add/delete from
it as the user moves through the system. 

Notice: session_start()
[function.session-start]: ps_files_cleanup_dir: opendir(/var/lib/php5) failed: 
Permission denied (13) in /var/www/5ive/app/classes/core/engine_class_inc.php 
on line 967

       Call Stack
           #
        Function
        Location
           1
{main}()
/var/www/5ive/app/index.php:0
           2
engine->__construct()
/var/www/5ive/app/index.php:26
           3
engine->sessionStart()
/var/www/5ive/app/classes/core/engine_class_inc.php:236
           4
session_start ()
/var/www/5ive/app/classes/core/engine_class_inc.php:967

Warning: Cannot modify
header information -
headers already sent by
(output started
at /var/www/5ive/app/classes/core/engine_class_inc.php:967) in 
/var/www/5ive/app/classes/core/engine_class_inc.php on line 1060

       Call Stack
           #
        Function
        Location
           1
{main}()
/var/www/5ive/app/index.php:0
           2
engine->run()
/var/www/5ive/app/index.php:31
           3
engine->_dispatch()
/var/www/5ive/app/classes/core/engine_class_inc.php:296
           4
header ()
/var/www/5ive/app/classes/core/engine_class_inc.php:1060

Warning: Cannot modify
header information -
headers already sent by
(output started
at /var/www/5ive/app/classes/core/engine_class_inc.php:967) in 
/var/www/5ive/app/classes/core/engine_class_inc.php on line 1061

       Call Stack
           #
        Function
        Location
           1
{main}()
/var/www/5ive/app/index.php:0
           2
engine->run()
/var/www/5ive/app/index.php:31
           3
engine->_dispatch()
/var/www/5ive/app/classes/core/engine_class_inc.php:296
           4
header ()
/var/www/5ive/app/classes/core/engine_class_inc.php:1061

Warning: Cannot modify
header information -
headers already sent by
(output started
at /var/www/5ive/app/classes/core/engine_class_inc.php:967) in 
/var/www/5ive/app/classes/core/engine_class_inc.php on line 1062

       Call Stack
           #
        Function
        Location
           1
{main}()
/var/www/5ive/app/index.php:0
           2
engine->run()
/var/www/5ive/app/index.php:31
           3
engine->_dispatch()
/var/www/5ive/app/classes/core/engine_class_inc.php:296
           4
header ()
/var/www/5ive/app/classes/core/engine_class_inc.php:1062

Warning: Cannot modify
header information -
headers already sent by
(output started
at /var/www/5ive/app/classes/core/engine_class_inc.php:967) in 
/var/www/5ive/app/classes/core/engine_class_inc.php on line 1063

       Call Stack
           #
        Function
        Location
           1
{main}()
/var/www/5ive/app/index.php:0
           2
engine->run()
/var/www/5ive/app/index.php:31
           3
engine->_dispatch()
/var/www/5ive/app/classes/core/engine_class_inc.php:296
           4
header ()
/var/www/5ive/app/classes/core/engine_class_inc.php:1063

Warning: Cannot modify
header information -
headers already sent by
(output started
at /var/www/5ive/app/classes/core/engine_class_inc.php:967) in 
/var/www/5ive/app/classes/core/engine_class_inc.php on line 1064

       Call Stack
           #
        Function
        Location
           1
{main}()
/var/www/5ive/app/index.php:0
           2
engine->run()
/var/www/5ive/app/index.php:31
           3
engine->_dispatch()
/var/www/5ive/app/classes/core/engine_class_inc.php:296
           4
header ()
/var/www/5ive/app/classes/core/engine_class_inc.php:1064

Warning: Cannot modify
header information -
headers already sent by
(output started
at /var/www/5ive/app/classes/core/engine_class_inc.php:967) in 
/var/www/5ive/app/templates/page/default_page_tpl.php on line 1

       Call Stack
           #
        Function
        Location
           1
{main}()
/var/www/5ive/app/index.php:0
           2
engine->run()
/var/www/5ive/app/index.php:31
           3
engine->_callTemplate()
/var/www/5ive/app/classes/core/engine_class_inc.php:309
           4
controller->callTemplate()
/var/www/5ive/app/classes/core/engine_class_inc.php:1153
           5
require()
/var/www/5ive/app/classes/core/controller_class_inc.php:255
           6
header ()
/var/www/5ive/app/templates/page/default_page_tpl.php:1
> 
> My first guess is garbage collection..
> 
> What are the permissions on that folder? If it's randomly in your 
> scripts, which user is your webserver running as?

www-data, permissions are drwx-wx-wt owner root.

Would it not be a little unsafe to change those permissions to anything
less secure? I certainly wouldn't think it OK to chown to the webserver
user...?

--Paul

--- End Message ---
--- Begin Message --- I agree, your regexp are bad (jk) What you need is a regexp that matches an email address. Look for something like "regexp email" on Google (without the quotes) or something similar and you should find some regexp to validate an email address; once you have it use it with preg_replace() like Bekko did -or its EGREP equivalent. 

        Example (using the first one I found, a bit modified):
$regexp = '/[EMAIL PROTECTED]/Xi'; 
  $string = preg_replace($regexp, '<a href="mailto:$1";>$1</a>', $string);

El Bekko wrote:

Benjamin Adams wrote:


I'm pulling data from a database;
When the data is pulled emails look like
[EMAIL PROTECTED]
Is there a way to just make all email address in the text that it pulls so, 
"bla bla bla okjsokdf [EMAIL PROTECTED] ksnow noduowe..."

Make the email in the text be a mailto link automatically?

Thanks
-Ben



With a RegExp ;)

Something like this (yes my RegExp is bad):

<?php
$message = preg_replace("[EMAIL PROTECTED]","<a href=\"mailto:$1\";>$1</a>",$message); 

?>

--
Atentamente,
J. Rafael Salazar Magaña
Innox - Innovación Inteligente
Tel: +52 (33) 3615 5348 ext. 205 / 01 800 2-SOFTWARE
http://www.innox.com.mx

--- End Message ---
--- Begin Message --- 
On 06/03/06, Jacob Friis Saxberg <[EMAIL PROTECTED]> wrote:
> > > Does anyone know of a Php funtion that can do this:
> > > http://golem.ph.utexas.edu/~distler/blog/NumericEntities.html
> > Hi there!
> >
> > http://se.php.net/manual/en/function.htmlentities.php
> >
> > ?
>
> htmlentities converts to named entitites. I want it to numeric entities.

This is probably the simplest way of doing it; write a simple function
that translates entity names to numbers, then start an output buffer
at the beginning of your script using the function as an output
callback function. Then everything after that automatically gets
converted.

In fact it's so simple, I'll do it for you...

Code posted to pastebin:

   http://robinv.pastebin.com/592400

  -robin

--- End Message ---

Reply via email to