php-general Digest 30 Mar 2012 21:39:48 -0000 Issue 7753
Topics (messages 317363 through 317380):
Re: Watch out for automatic type casting
317363 by: Arno Kuhl
317365 by: Arno Kuhl
PHP 5.4.1 RC1 Released
317364 by: Stas Malyshev
request for feedback on logAndHandler
317366 by: rene7705
317367 by: marco.behnke.biz
317372 by: rene7705
securing a script that exec()s
317368 by: rene7705
317370 by: Bastien
317371 by: David OBrien
317373 by: Peter Bauer
317374 by: David OBrien
317375 by: rene7705
317377 by: Mike Mackintosh
Re: [PHP-DEV] PHP 5.4.1 RC1 Released
317369 by: Nikita Popov
Surge 2012 CFP is Open!
317376 by: Katherine Jeschke
PHP preg_replace_callback with unicode
317378 by: Jimmy Chen
Re: Thinking out loud - a continuation...
317379 by: Robert Cummings
Re: Node.PHP
317380 by: Hiyarli Baba
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
-----Original Message-----
From: Simon Schick [mailto:simonsimc...@googlemail.com]
Sent: 29 March 2012 07:19 PM
To: a...@dotcontent.net
Cc: php-gene...@lists.php.net
Subject: Re: [PHP] Watch out for automatic type casting
Hi, Arno
FYI: I found a page in the php-manual that's exactly for that:
http://www.php.net/manual/en/language.operators.precedence.php
p.s. some of them were also new to me .... Thanks for getting me to read it.
Bye
Simon
----
Thanks Simon and others, thought it was typecasting, but precedence makes more
sense.
I remember seeing that table when I first started using php, which is why I
always use AND and OR rather than && and || because it's lower precedence than
the assignment and the ternary operators, but I couldn't remember where I'd
seen it. So thanks for linking to it.
Cheers
Arno
--- End Message ---
--- Begin Message ---
-----Original Message-----
From: Simon Schick [mailto:simonsimc...@googlemail.com]
Sent: 29 March 2012 07:19 PM
To: a...@dotcontent.net
Cc: php-gene...@lists.php.net
Subject: Re: [PHP] Watch out for automatic type casting
Hi, Arno
FYI: I found a page in the php-manual that's exactly for that:
http://www.php.net/manual/en/language.operators.precedence.php
p.s. some of them were also new to me .... Thanks for getting me to read it.
Bye
Simon
----
Thanks Simon and others, thought it was typecasting, but precedence makes more
sense.
I remember seeing that table when I first started using php, which is why I
always use AND and OR rather than && and || because it's lower precedence than
the assignment and the ternary operators, but I couldn't remember where I'd
seen it. So thanks for linking to it.
Cheers
Arno
--
BTW interesting to note on that precedence page that "!" has a higher
precedence than "=" (which you'd expect it to be) but you can still do
if (!$a = foo())
I use that form often (as I'm sure many others do) and just took it for granted
that it works even though the order of precedence says it shouldn't.
It could be expanded to
if ($a = foo() != TRUE)
But that wouldn't get the expected result due to order of precedence, though at
first glance you could reasonably expect it to work because of
if (!$a = foo())
being valid.
I think that's why it's so easy to be caught out (at least for me) by the
similar form of
if ( $pos = strpos($sText, "test") !== FALSE)
Cheers
Arno
--- End Message ---
--- Begin Message ---
Hi!
We would like to announce the first RC of the 5.4.1 version. This is
mainly a bugfix release, including all fixes that did not make the
cut for 5.4.0 and new issues since then. Please test it and notify us of
any problems you may encounter.
The full list of the fixes is as always in the NEWS file.
You can download the packages from:
http://downloads.php.net/stas
The Windows team provides windows binaries for the release.
As always you find them at:
http://windows.php.net/qa/
This is also the first release we are making from our brand new Git
setup, please tell us if you notice any glitches. You can
read more about the Git migration here:
http://www.php.net/archive/2012.php#id2012-03-20-1
We plan the next RC for 5.4.1 in two weeks, on April 12th.
Regards,
Stas & David
--- End Message ---
--- Begin Message ---
Hi.
I've recently got rid of some bugs in an older component of mine called
logAndHandler.
Basically, logAndHandler will catch errors, warning and notices in PHP code
and present them in an attractive interface in the browser.
Although it does not work in Internet Explorer, and may never work in that
browser, I still find it useful for development purposes.
I thought now would be a good time to get some early feedback on what else
I can improve for this component, at least from an end-user perspective (I
haven't yet updated the download zip on http://mediabeez.ws with these
latest changes).
An option not to include the entire $_SERVER in the output is already on my
agenda.
The test url is at
http://skatescene.biz/sites/mediabeez.ws/code/libraries_rv/logAndHandler-0.8.3/
--- End Message ---
--- Begin Message ---
rene7705 <rene7...@gmail.com> hat am 30. März 2012 um 11:29 geschrieben:
> I thought now would be a good time to get some early feedback on what
else
> I can improve for this component, at least from an end-user perspective
(I
> haven't yet updated the download zip on http://mediabeez.ws with these
> latest changes).
First of all this is only my opinion but you should not mistaken this
maillist for a "review my extension" list. This a discussion group about
PHP. I think there are proper places on the internet for that.
Most people reading this list will have no interest in reading a discussion
about stuff they are not interested in it.
I suggest you set up a github project, groogle group or whatever wiki/forum
you like where people interested in it can post and discuss.
Then you can send a mail to this list where you announce your discussion
group. So there is no dicussion on this list and you can promote your work
to be discussed.
Just my 2 cents on that.
Regards,
Marco
--- End Message ---
--- Begin Message ---
bit bad timing, but i've decided to try out ubuntu instead of windows on
that skatescene.biz machine.. i'll try to have the test url up asap or move
it to my hoster within a few hours.
--- End Message ---
--- Begin Message ---
Hi.
I have a script that uses imagemagick's convert command on the commandline
to get it's work done.
These calls to exec('convert [params]') take params from the end-user via a
html form, so is very unsecure.
The intention is that the end-user only runs this script on localhost, from
localhost.
So now i'm checking $_SERVER['REMOTE_ADDR']===$_SERVER['SERVER_ADDR'] to
see if I can allow the script to be used.
But unfortunately, $_SERVER['REMOTE_ADDR'] is my external IP, and
$_SERVER['SERVER_ADDR'] is my internal IP.
How would I best fix this?
--- End Message ---
--- Begin Message ---
Bastien Koert
On 2012-03-30, at 5:56 AM, rene7705 <rene7...@gmail.com> wrote:
> Hi.
>
> I have a script that uses imagemagick's convert command on the commandline
> to get it's work done.
> These calls to exec('convert [params]') take params from the end-user via a
> html form, so is very unsecure.
>
> The intention is that the end-user only runs this script on localhost, from
> localhost.
>
> So now i'm checking $_SERVER['REMOTE_ADDR']===$_SERVER['SERVER_ADDR'] to
> see if I can allow the script to be used.
>
> But unfortunately, $_SERVER['REMOTE_ADDR'] is my external IP, and
> $_SERVER['SERVER_ADDR'] is my internal IP.
>
> How would I best fix this?
Validate the data?
--- End Message ---
--- Begin Message ---
Find a way to do it using PHP's imagemagick extensions
http://php.net/manual/en/book.imagick.php
On Fri, Mar 30, 2012 at 5:56 AM, rene7705 <rene7...@gmail.com> wrote:
> Hi.
>
> I have a script that uses imagemagick's convert command on the commandline
> to get it's work done.
> These calls to exec('convert [params]') take params from the end-user via a
> html form, so is very unsecure.
>
> The intention is that the end-user only runs this script on localhost, from
> localhost.
>
> So now i'm checking $_SERVER['REMOTE_ADDR']===$_SERVER['SERVER_ADDR'] to
> see if I can allow the script to be used.
>
> But unfortunately, $_SERVER['REMOTE_ADDR'] is my external IP, and
> $_SERVER['SERVER_ADDR'] is my internal IP.
>
> How would I best fix this?
>
--- End Message ---
--- Begin Message ---
On Fri, Mar 30, 2012 at 11:56:41AM +0200, rene7705 wrote:
> ...
> But unfortunately, $_SERVER['REMOTE_ADDR'] is my external IP, and
> $_SERVER['SERVER_ADDR'] is my internal IP.
>
> How would I best fix this?
Simply log on your box via ssh (if its a unix system) and run your script from
console or with textmode browser lynx.
But the best solution would be to secure the exec call.
--
Regards,
Peter Bauer
PHP developer
--- End Message ---
--- Begin Message ---
Sender: dgobr...@gmail.com
Subject: Re: [PHP] securing a script that exec()s
Message-Id: <CAF=yD_3efQkA_kz169ooYQ2z7g=g75sjghadnvw+irjzp8q...@mail.gmail.com>
Recipient: adam.nicho...@hl.co.uk
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
--- Begin Message ---
Find a way to do it using PHP's imagemagick extensions
http://php.net/manual/en/book.imagick.php
On Fri, Mar 30, 2012 at 5:56 AM, rene7705 <rene7...@gmail.com> wrote:
> Hi.
>
> I have a script that uses imagemagick's convert command on the commandline
> to get it's work done.
> These calls to exec('convert [params]') take params from the end-user via a
> html form, so is very unsecure.
>
> The intention is that the end-user only runs this script on localhost, from
> localhost.
>
> So now i'm checking $_SERVER['REMOTE_ADDR']===$_SERVER['SERVER_ADDR'] to
> see if I can allow the script to be used.
>
> But unfortunately, $_SERVER['REMOTE_ADDR'] is my external IP, and
> $_SERVER['SERVER_ADDR'] is my internal IP.
>
> How would I best fix this?
>
--- End Message ---
--- End Message ---
--- Begin Message ---
On Fri, Mar 30, 2012 at 3:16 PM, Peter Bauer <p...@archivum.info> wrote:
> On Fri, Mar 30, 2012 at 11:56:41AM +0200, rene7705 wrote:
> > ...
> > But unfortunately, $_SERVER['REMOTE_ADDR'] is my external IP, and
> > $_SERVER['SERVER_ADDR'] is my internal IP.
> >
> > How would I best fix this?
>
> Simply log on your box via ssh (if its a unix system) and run your script
> from console or with textmode browser lynx.
>
> But the best solution would be to secure the exec call.
>
> How would I best secure the exec call?
--- End Message ---
--- Begin Message ---
On Mar 30, 2012, at 9:25 AM, rene7705 wrote:
> On Fri, Mar 30, 2012 at 3:16 PM, Peter Bauer <p...@archivum.info> wrote:
>
>> On Fri, Mar 30, 2012 at 11:56:41AM +0200, rene7705 wrote:
>>> ...
>>> But unfortunately, $_SERVER['REMOTE_ADDR'] is my external IP, and
>>> $_SERVER['SERVER_ADDR'] is my internal IP.
>>>
>>> How would I best fix this?
>>
>> Simply log on your box via ssh (if its a unix system) and run your script
>> from console or with textmode browser lynx.
>>
>> But the best solution would be to secure the exec call.
>>
>> How would I best secure the exec call?
What would the form input look like?
Mike Mackintosh
PHP, the drug of choice - www.highonphp.com
--- End Message ---
--- Begin Message ---
On Fri, Mar 30, 2012 at 8:23 AM, Stas Malyshev <smalys...@sugarcrm.com> wrote:
> Hi!
>
> We would like to announce the first RC of the 5.4.1 version. This will
> be mainly a bugfix version, including all bugfixes that did not make the
> cut for 5.4.0 and new issues since then. Please test it and notify us of
> any problems you may encounter.
Hey Stas!
Does this mean that the 5.4 branch is frozen now and one should ask a
PM before committing?
Nikita
--- End Message ---
--- Begin Message ---
Surge 2012, the scalability conference, September 27-28, Baltimore, MD
has opened its CFP. Please visit http://omniti.com/surge/2012/cfp for
details.
--
Katherine Jeschke
Director of Marketing and Creative Services
OmniTI Computer Consulting, Inc.
7070 Samuel Morse Drive, Ste.150
Columbia, MD 21046
O: 443-325-1357, 222
F: 410/872-4911
C: 443/643-6140
omniti.com
Surge2012: http://omniti.com/surge/2012
PG Corridor Days - DC: http://pgday.bwpug.org/
The information contained in this electronic message and any attached
documents is privileged, confidential, and protected from disclosure.
If you are not the intended recipient, note that any review,
disclosure, copying, distribution, or use of the contents of this
electronic message or any attached documents is prohibited. If you
have received this communication in error, please destroy it and
notify us immediately by telephone (1-443-325-1360) or by electronic
mail (i...@omniti.com). Thank you.
--- End Message ---
--- Begin Message ---
I wrote a simple script below to simulate my problem.
Both my string and pattern contain unicode characters.
Basically, if I run it from command line (php -f test.php), it prints
"match" as expected.
But if I run it through web server (apache, http://localhost/test.php), it
prints "no match".
I am using PHP 5.3.
I am sure both use the same php.ini.
Any idea why it behaves differently?
How do I make it work through web server?
Thanks
-----
<?php
function myCallback($matches) {
return $matches[0]; //do nothing, test only
}
$value = 'aaa äää';
$pattern = '/(\bäää)/u';
$value = preg_replace_callback($pattern, 'myCallback', $value, -1, $count);
if ($count > 0) {
echo "match";
} else {
echo 'no match';
}
?>
--- End Message ---
--- Begin Message ---
On 12-03-27 11:11 AM, Jay Blanchard wrote:
[snip]On 3/27/2012 12:21 AM, Robert Cummings wrote:
>> [-- SNIP --]
Essentially, entries at the root and entries for the children are just
auto indexed array items but the actual entries in those arrays retain
the associative index structure for retrieval of the specific
information. let me know and I can probably whip you up something.
Robert that looks correct. Here is an example of the JSON that the guy
provided for me -
var json = {
id: "node02",
name: "0.2",
data: {},
children: [{
id: "node13",
name: "1.3",
data: {},
children: [{
id: "node24",
name: "2.4",
data: {},
children: [{
id: "node35",
name: "3.5",
data: {},
children: [{
id: "node46",
name: "4.6",
data: {},
children: []
}]
}, {
id: "node37",
name: "3.7",
data: {},
children: [{
id: "node48",
name: "4.8",
data: {},
children: []
}, {
id: "node49",
name: "4.9",
data: {},
children: []
}, {
id: "node410",
name: "4.10",
data: {},
children: []
}, {
id: "node411",
name: "4.11",
data: {},
children: []
}]
},
Of course he properly closes up the JSON. I inserted id's (just an
auto-incrementing number) and the data portion where needed. The name:
is the part that has been the result of what you did before.
Here's the code... I did a bit of shuffling and actually tested against
a test db table:
<?mysql :)
DROP TABLE IF EXISTS tiers;
CREATE TABLE tiers
(
company INT NOT NULL,
tier1 VARCHAR( 32 ) NOT NULL DEFAULT '',
tier2 VARCHAR( 32 ) NOT NULL DEFAULT '',
tier3 VARCHAR( 32 ) NOT NULL DEFAULT '',
tier4 VARCHAR( 32 ) NOT NULL DEFAULT '',
tier5 VARCHAR( 32 ) NOT NULL DEFAULT '',
tier6 VARCHAR( 32 ) NOT NULL DEFAULT '',
tier7 VARCHAR( 32 ) NOT NULL DEFAULT '',
tier8 VARCHAR( 32 ) NOT NULL DEFAULT '',
tier9 VARCHAR( 32 ) NOT NULL DEFAULT '',
tier10 VARCHAR( 32 ) NOT NULL DEFAULT '',
tier11 VARCHAR( 32 ) NOT NULL DEFAULT '',
tier12 VARCHAR( 32 ) NOT NULL DEFAULT '',
tier13 VARCHAR( 32 ) NOT NULL DEFAULT '',
tier14 VARCHAR( 32 ) NOT NULL DEFAULT ''
);
INSERT INTO tiers (company, tier1, tier2, tier3) VALUES
(1, 'exec-001','sub-exec-011','sub-sub-exec-111'),
(1, 'exec-001','sub-exec-011','sub-sub-exec-112'),
(1, 'exec-001','sub-exec-012','sub-sub-exec-121'),
(1, 'exec-001','sub-exec-012','sub-sub-exec-122'),
(1, 'exec-002','sub-exec-021','sub-sub-exec-211'),
(1, 'exec-002','sub-exec-021','sub-sub-exec-212'),
(1, 'exec-002','sub-exec-022','sub-sub-exec-221'),
(1, 'exec-002','sub-exec-022','sub-sub-exec-222');
?>
And here's the code:
<?php
function getTiers( $company )
{
//
// Establish the root.
//
$sDb = &ijinn_getServiceRef( 'dbManager' );
$db = &$sDb->getConnectionRef();
$query =
"SELECT DISTINCT "
." * "
."FROM "
." tiers "
."WHERE "
." company = {$company} ";
$root = array();
if( $db->query( $query ) )
{
while( ($row = $db->fetchRow()) )
{
$focus = &$root;
for( $i = 1; $i <= 14; $i++ )
{
$name = trim( $row['tier'.$i] );
if( $name === '' )
{
break;
}
if( !isset( $focus[$name] ) )
{
$focus[$name] = array
(
'name' => $name,
'children' => array(),
);
}
$focus = &$focus[$name]['children'];
}
}
}
$wrapper = array
(
'children' => &$root
);
postProcessTiers( $wrapper );
return $root;
}
function postProcessTiers( &$root )
{
$root['children'] = array_values( $root['children'] );
foreach( array_keys( $root['children'] ) as $index )
{
postProcessTiers( $root['children'][$index] );
}
}
function getTiersJson( $company )
{
$tiers = getTiers( $company );
$json = JSON_encode( $tiers );
}
$tiersJson = getTiersJson( 1 );
?>
This will output JSON with the following structure:
<?js
[
{
"name":"exec-001",
"children":[
{
"name":"sub-exec-011",
"children":[
{
"name":"sub-sub-exec-111",
"children":[]
},
{
"name":"sub-sub-exec-112",
"children":[]
}
]
},
{
"name":"sub-exec-012",
"children":[
{
"name":"sub-sub-exec-121",
"children":[]
},
{
"name":"sub-sub-exec-122",
"children":[]
}
]
}
]
},
{
"name":"exec-002",
"children":[
{
"name":"sub-exec-021",
"children":[
{
"name":"sub-sub-exec-211",
"children":[]
},
{
"name":"sub-sub-exec-212",
"children":[]
}
]
},
{
"name":"sub-exec-022",
"children":[
{
"name":"sub-sub-exec-221",
"children":[]
},
{
"name":"sub-sub-exec-222",
"children":[]
}
]
}
]
}
]
?>
PHP is smart enough to detect an array that only has consecutive integer
keys and create the appropriate JavaScript array object. So we don't
have to do any special processing of the JSON after we've post processed
the tier structure itself.
Cheers,
Rob
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.
--- End Message ---
--- Begin Message ---
As like Micheal's said said just keep up alive the project
I was preferes node.js to pho only when i needed send millions of ssl
api requests.
nodejs sends 1k https request in onky 2 second including parsing
required elements from database , check the returned source write to
file
if you want develope / clone more modules for that please start from
http|s.req :p and let me coninue at php
http://stackoverflow.com/a/9199961 my nodejs + php thing
2012/3/22, Michael Save <savetheinter...@omegasdg.com>:
> Very nice!
>
> I'll have a proper look at this in the morning, and I'll try it out
> for myself. Looking forward to seeing more development on this.
>
> Michael
>
> On Thu, Mar 22, 2012 at 11:40 AM, Joseph Moniz <joseph.mo...@gmail.com>
> wrote:
>> Hey,
>>
>> So i had my first Hackathon at work last week and my project was to
>> prototype making a node.js clone using PHP instead of V8. So i
>> snatched up libuv and joyent's HTTP parser and set off on a 24 hour
>> coding spree to get something workable. By the time the sun was coming
>> out the next morning the following code was working.
>>
>> <?php
>>
>> $http = new node_http();
>>
>> $http->listen(8080, function($request, $response) {
>> $response->end("yay, super awesome response");
>> });
>>
>> nodephp_run();
>>
>> ?>
>>
>> The C code that powers it was whipped together really fast and is kind
>> of hackish as a result. The code has some memory leaks that i haven't
>> had time to fully track down yet. Some small portions of the code were
>> borrowed from the phode project.
>>
>> In a naive benchmark on this simple server VS an equally simple server
>> in node.js this implementation already out performs node.js in
>> throughput by being able to serve just under 200% the amount of
>> requests per second that node.js could. Take that with a grain of salt
>> though because node.js has much more feature and is much more hardend
>> from production use. I do believe the PHP binary will have some major
>> performance gains over V8 as crossing the PHP <--> C barrier seems to
>> be a much lighter operation then crossing the V8 <--> C++ barrier.
>>
>> Any help or feedback will be greatly appreciated. The projects source
>> code can be found here: https://github.com/JosephMoniz/node.php
>>
>> - Joseph Moniz
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
