php-general Digest 17 Apr 2010 10:03:29 -0000 Issue 6697
Topics (messages 304151 through 304158):
Re: PHP and schedules tasks/events
304151 by: Ryan Sun
Re: changing NULL behavior in PHP arithmetic
304152 by: Shawn McKenzie
304155 by: cr.vegelin.gmail.com
Re: Include security?
304153 by: Micky Hulse
PHP include security
304154 by: Micky Hulse
304157 by: Michiel Sikma
Re: How define if javascript is on with php
304156 by: Michiel Sikma
Re: limit to var_dump?
304158 by: Michiel Sikma
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
you can setup a schedule table in db
and have a cron php script check the db every time
and send email if the current time is around the scheduled_at time
and close the schedule after you send the email
On Fri, Apr 16, 2010 at 5:35 PM, Adam Richardson <simples...@gmail.com> wrote:
> On Fri, Apr 16, 2010 at 5:15 PM, Don Wieland <d...@dwdataconcepts.com>wrote:
>
>> On Apr 16, 2010, at 1:26 PM, Bastien Koert wrote:
>>
>> Run a cronjob at midnight and send the email. Track who it got sent
>>> to, so you don't duplicate it. Easy peasy!
>>>
>>
>> This is fine if the email is to be sent at midnight.
>>
>> I am looking for more refinement.
>>
>> For example:
>>
>> A user signs up for an event - 4/16/2010 @ 10:45am
>>
>> There is an option:
>>
>> Send me a reminder email X minutes/hours/days/weeks/months/years prior to
>> the Event.
>>
>> so:
>>
>> 30 minute(s) = email sent at 4/16/2010 @ 10:15am
>> 2 hour(s) = email sent at 4/16/2010 @ 8:45am
>> 3 day(s) = email sent at 4/13/2010 @ 10:45am
>> 1 week(s) = email sent at 4/9/2010 @ 10:45am
>> 1 month(s) = email sent at 3/16/2010 @ 10:45am
>> 1 year(s) = email sent at 4/16/2009 @ 10:45am
>>
>> This is really what I need...
>>
>>
>> Don Wieland
>> D W D a t a C o n c e p t s
>> ~~~~~~~~~~~~~~~~~~~~~~~~~
>> d...@dwdataconcepts.com
>> Direct Line - (949) 305-2771
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> What about making ics files available for download? Users could easily
> import the event into the calendar of choice, and they could also (using the
> calendar software they're already familiar with) set the alarm. For
> instance, I can set the calendar on my cell to ring my phone to alert me to
> events (my preference over email reminders for important events because I
> sometimes get flooded with email.)
>
> Your scripts could generate the files containing event info and then
> automatically start the download.
>
> This allows the users to determine the mode of alarm that works best for
> them in their native calendar app, and you're still greatly facilitating the
> process by providing all of the info so they merely have to drag and drop
> for many apps.
>
> I realize you asked specifically for a server-side email alarm solution (I
> apologize for the tangent if your needs preclude this type of approach), but
> I thought I'd toss out the idea as this approach has proved more effective
> and efficient for websites I maintain.
>
> Adam
>
> --
> Nephtali: PHP web framework that functions beautifully
> http://nephtaliproject.com
>
--- End Message ---
--- Begin Message ---
On 04/15/2010 02:46 AM, cr.vege...@gmail.com wrote:
> Hi All,
>
> Is there an option in PHP to change the behavior of NULL in PHP functions ?
> Now PHP uses NULL as a 0 (zero) for arithmetic, for example:
> NULL + 6 = 6
> NULL * 6 = 0
> NULL / 6 = 0
> 6 / NULL = Division by zero
>
> What I need is the same behavior as #N/A (or =NA()) in Excel, where:
> #N/A + 6 = #N/A
> #N/A * 6 = #N/A
> #N/A / 6 = #N/A
> 6 / #N/A = #N/A
>
> because arithmetic operations with "Unknown" operands should result to
> "Unknown" ...
>
> TIA, Cor
>
In what cases do you have a null var?
--
Thanks!
-Shawn
http://www.spidean.com
--- End Message ---
--- Begin Message ---
----- Original Message -----
From: "Shawn McKenzie" <nos...@mckenzies.net>
To: <cr.vege...@gmail.com>
Cc: <php-gene...@lists.php.net>
Sent: Saturday, April 17, 2010 3:41 AM
Subject: Re: changing NULL behavior in PHP arithmetic
On 04/15/2010 02:46 AM, cr.vege...@gmail.com wrote:
Hi All,
Is there an option in PHP to change the behavior of NULL in PHP functions
?
Now PHP uses NULL as a 0 (zero) for arithmetic, for example:
NULL + 6 = 6
NULL * 6 = 0
NULL / 6 = 0
6 / NULL = Division by zero
What I need is the same behavior as #N/A (or =NA()) in Excel, where:
#N/A + 6 = #N/A
#N/A * 6 = #N/A
#N/A / 6 = #N/A
6 / #N/A = #N/A
because arithmetic operations with "Unknown" operands should result to
"Unknown" ...
TIA, Cor
In what cases do you have a null var?
Hi Shawn,
I am dealing with time series.
As an example, assume rows per year with 12 monthly values.
For 2009 all values are known, and numeric.
For 2010 some values are known, some are unknown.
The 2009 total can be calculated, but the 2010 total should be unknown,
and should not be the sum of the known values.
Thanks, Cor
--- End Message ---
--- Begin Message ---
> if allow_url_include is turned off, you don't have to worry much about http,
> if '.' is a invalide char, you can't include *.php...
> the include path probably should be the inc(whatever the name)
> folder(not accessible from web) instead of the web root and '..'
> should be disallowed
Hi Ryan! Many thanks for your help, I really appreciate it. :)
How does this look:
<http://sandbox.hulse.me/secure_inc_str.txt>
How could my code be improved?
Thanks again for the help, I really appreciate it. :)
Cheers,
Micky
--- End Message ---
--- Begin Message ---
Hi,
Code:
=========
ob_start();
switch ($this->command)
{
case 'include':
@include($x);
break;
default:
@readfile($x);
}
$data = ob_get_contents();
ob_end_clean();
=========
The above code snippet is used in a class which would allow developers
(of a specific CMS) to include files without having to put php include
tags on the template view.
The include path will be using the server root path, and the include
files will probably be stored above the web root.
My question:
What would be the best way to "clean" and secure the include string?
Maybe something along these lines (untested):
$invalidChars=array(".","\\","\"",";"); // things to remove.
$include_file = strtok($include_file,'?'); // No need for query string.
$include_file=str_replace($invalidChars,"",$include_file);
What about checking to make sure the include path is root relative,
vs. http://...?
What do ya'll think? Any suggestions?
Many thanks in advance!
Cheers,
Micky
--- End Message ---
--- Begin Message ---
On 16 April 2010 06:57, Micky Hulse <mickyhulse.li...@gmail.com> wrote:
> Hi,
>
> -snip-
>
> The above code snippet is used in a class which would allow developers
> (of a specific CMS) to include files without having to put php include
> tags on the template view.
>
> The include path will be using the server root path, and the include
> files will probably be stored above the web root.
>
> My question:
>
> What would be the best way to "clean" and secure the include string?
>
> Maybe something along these lines (untested):
>
> $invalidChars=array(".","\\","\"",";"); // things to remove.
> $include_file = strtok($include_file,'?'); // No need for query string.
> $include_file=str_replace($invalidChars,"",$include_file);
>
> What about checking to make sure the include path is root relative,
> vs. http://...?
>
> What do ya'll think? Any suggestions?
>
> Many thanks in advance!
>
> Cheers,
> Micky
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Hi,
It depends. What's exactly do you want to prevent? It doesn't seem like a
very big problem if someone tries to include an improper adderss or
nonexistent file, since that would simply make $data an empty string
(depending on your level of error reporting and whether you display or hide
warnings). If the included file decides to call ob_get_clean() or something
like that $data will be false. I can't think of what else you realistically
want to prevent.
Building a page with multiple templates is best done by using a good
template class. Allowing the inclusion of external PHP files from a CMS will
pose a risk if non-developers have access to the CMS as well. You're
basically allowing anyone to add (potentially untested) code to a live site
and I would recommend against doing it. If you want people to be able to
include, say, additional HTML content, use file_get_contents() instead.
Michiel
--- End Message ---
--- Begin Message ---
On 16 April 2010 19:02, tedd <tedd.sperl...@gmail.com> wrote:
> At 3:46 PM +0200 4/16/10, Michiel Sikma wrote:
>
>> On 16 April 2010 14:06, Paulo-WORK <pauloworkm...@googlemail.com> wrote:
>>
>> -snip-
>>
>
> Paulo:
>
> I agree. Here's a working example with everything you need:
>
> http://sperling.com/examples/javascript-detection/
>
> Cheers,
>
> tedd
>
>
Another important thing to consider is that the web is meant to be
accessible to even those using a screen reader. Screen readers don't support
Javascript (to my knowledge) and instead rely on properly written HTML. By
having regular content and overriding it with Javascript, you're ensuring
that the visually impaired, among others, can also use your site.
Michiel
--- End Message ---
--- Begin Message ---
On 16 April 2010 16:15, Ashley Sheridan <a...@ashleysheridan.co.uk> wrote:
> I'm seeing some strange behaviour with var_dump. Is there a limit to how
> many levels deep that var_dump can display?
>
> -snip-
>
> However, when I var_dump the top-most object (the Gantt object) the
> predecessors array for Gantt_Task 1.2 just shows as '...'. If I var_dump
> that particular object, I can see that the correct array element does
> exist.
>
> Is this just a random bug I've found, or is there an intended limit to
> how complex and deep var_dump can go? Would it have anything to do with
> the fact that Gantt contains multiple instances of the Gantt_Task
> object?
>
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
There's a limit to var_dump if you have Xdebug installed. See the Xdebug
site:
http://www.xdebug.org/docs/display
On another note, iirc var_dump itself can detect and prevent infinite
recursion.
Michiel
--- End Message ---
