php-windows Digest 30 Jan 2006 18:21:01 -0000 Issue 2878

[php-windows-digest-help]

php-windows Digest 30 Jan 2006 18:21:01 -0000 Issue 2878

Topics (messages 26663 through 26668):

Question about directory & file operations
        26663 by: GT
        26664 by: Mike
        26665 by: GT
        26667 by: Stut

Re: Getting a "unique identifier" for a file
        26666 by: Dinu Ionut

IIS6 error page for PHP errors?
        26668 by: Travis Raybold

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        php-windows@lists.php.net


----------------------------------------------------------------------

--- Begin Message ---

I have  a script on my local test website that lists all of the files in
my FTP server directories.

It is setup to look at absolute paths. (ie: C:/Windows)

If it is called with the right parameters or the "Previous Directory"
link is clicked too many times, the browser will be outside
of the paths that I want them to be in...

For example, the browser can address

http://localhost/script.php?path=C:/

and view the contents of the C: drive.

Not really what I want..

I would like to be able to lock the browser down
to a particular set of directories and thier subs.

Does anyone have any suggestions that might help?

Thanks in advance... 

--- End Message ---

--- Begin Message ---

> If it is called with the right parameters or the "Previous Directory"
> link is clicked too many times, the browser will be outside 
> of the paths that I want them to be in...
> 
> I would like to be able to lock the browser down to a 
> particular set of directories and thier subs.
> 

What you may want to do is set up a bit of parsing in your script so that
the script is passed the relative portion of the directory and the script
appends the parent folders to that. 

For example, say the user is browsing directory C:\users\tom\images\vacation
and you want to lock everything to the \users directory.

Have the script expect
http://localhost/script.php?path=users\tom\images\vacation instead of the
full path. You can then do some basic string parsing to determine the first
folder (in this case "users") and ensure that that matches a defined set of
acceptable folders.

So 

if($first_dir != "users"){
  echo "this is an invalid directory";
}

Etc.

Also, if someone tries to pass "C:\" into $path, it'd end up getting parsed
as "C:\C:\", which will obviously be an invalid directory.

This would allow the user from doing something like 

http://localhost/script.php?path=windows\system32 since "windows" isn't in
the approved folders list.

I'm sure there's a bunch of other ways of doing this, but it's the first
that popped into my head.

-M

--- End Message ---

--- Begin Message ---

Hmmm... that sounds like it might work.. Thanks.

I'll try it after I've had some sleep.. php and no sleep don't
really go together.


""Mike"" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
>> If it is called with the right parameters or the "Previous Directory"
>> link is clicked too many times, the browser will be outside
>> of the paths that I want them to be in...
>>
>> I would like to be able to lock the browser down to a
>> particular set of directories and thier subs.
>>
>
> What you may want to do is set up a bit of parsing in your script so that
> the script is passed the relative portion of the directory and the script
> appends the parent folders to that.
>
> For example, say the user is browsing directory 
> C:\users\tom\images\vacation
> and you want to lock everything to the \users directory.
>
> Have the script expect
> http://localhost/script.php?path=users\tom\images\vacation instead of the
> full path. You can then do some basic string parsing to determine the 
> first
> folder (in this case "users") and ensure that that matches a defined set 
> of
> acceptable folders.
>
> So
>
> if($first_dir != "users"){
>  echo "this is an invalid directory";
> }
>
> Etc.
>
> Also, if someone tries to pass "C:\" into $path, it'd end up getting 
> parsed
> as "C:\C:\", which will obviously be an invalid directory.
>
> This would allow the user from doing something like
>
> http://localhost/script.php?path=windows\system32 since "windows" isn't in
> the approved folders list.
>
> I'm sure there's a bunch of other ways of doing this, but it's the first
> that popped into my head.
>
> -M 

--- End Message ---

--- Begin Message ---

Mike wrote:

If it is called with the right parameters or the "Previous Directory"

link is clicked too many times, the browser will be outside of the paths that I want them to be in... I would like to be able to lock the browser down to a particular set of directories and thier subs.

What you may want to do is set up a bit of parsing in your script so that
the script is passed the relative portion of the directory and the script

For example, say the user is browsing directory C:\users\tom\images\vacation
and you want to lock everything to the \users directory.

Have the script expect
http://localhost/script.php?path=users\tom\images\vacation instead of the
full path. You can then do some basic string parsing to determine the first
folder (in this case "users") and ensure that that matches a defined set of
acceptable folders.


if($first_dir != "users"){
 echo "this is an invalid directory";
}

Etc.

Also, if someone tries to pass "C:\" into $path, it'd end up getting parsed
as "C:\C:\", which will obviously be an invalid directory.


http://localhost/script.php?path=windows\system32 since "windows" isn't in
the approved folders list.

I'm sure there's a bunch of other ways of doing this, but it's the first
that popped into my head.

appends the parent folders to that. So This would allow the user from doing something like

Please please please don't make this your only check. According to the above I could easily do something like the following to get where I wanted to go...

http://localhost/script.php?path=users\..\..\..\..\..\windows\system32

I suggest you look at http://php.net/realpath and use that to get the real absolute path after ..'s etc have been expanded, then compare that to the directory you want to lock them into.

-Stut

--- End Message ---

--- Begin Message ---

SamuelDr a écrit :

Hi back,
Manuel Lemos wrote :

Hello,

on 01/28/2006 08:31 PM SamuelDr said the following:

Hi !

I'm trying to develop something in PHP.
I have a list of file, and I want to know if I can have a unique
identifier for each files. What I mean, is:

I have my files:
    test.txt
    test2.txt

I would like them to return a unique something... anything...

tempnam ?

I would want this because, take this example in account :

No, actually, I do not want to create a new file, I want to associate a certain file to a certain row in a DB. I want to do some windows desktop like web application for active desktop, and want to know if there could be some sort of way to have a unique identifier to each file. I have dowloaded a file, movie1.avi . I delete it. 2 hours later (the wipe in the DB for old file entries is not done) I download another file with the same name. It would be place at the place of the old one ! Maybe by checking the creation date, and the filename, that would be possibkle... only quirks : if you rename the file not from the web interface... it would place itself like a new icon.

I have received this in my mail inbox... I saw that it was not there :

> I can think of that would get you a unique ID for a file that does not
> rely on the name being unique...
> 1) filename + creation date
> 2) filename + md5 hash of the contents

the first would be possible... I think.


Thanks anyway !

------------------------------------------------------------------------

SamuelDr a écrit :

But the second, if someone modify its files, they would get back to their default position.

SamuelDr a écrit :

Hi back,
Manuel Lemos wrote :

Hello,

on 01/28/2006 08:31 PM SamuelDr said the following:

Hi !

I'm trying to develop something in PHP.
I have a list of file, and I want to know if I can have a unique
identifier for each files. What I mean, is:

I have my files:
    test.txt
    test2.txt

I would like them to return a unique something... anything...

tempnam ?

I would want this because, take this example in account :

No, actually, I do not want to create a new file, I want to associate a certain file to a certain row in a DB. I want to do some windows desktop like web application for active desktop, and want to know if there could be some sort of way to have a unique identifier to each file. I have dowloaded a file, movie1.avi . I delete it. 2 hours later (the wipe in the DB for old file entries is not done) I download another file with the same name. It would be place at the place of the old one ! Maybe by checking the creation date, and the filename, that would be possibkle... only quirks : if you rename the file not from the web interface... it would place itself like a new icon.

I have received this in my mail inbox... I saw that it was not there :


 > rely on the name being unique...
 > 1) filename + creation date
 > 2) filename + md5 hash of the contents

the first would be possible... I think.


Thanks anyway !

> I can think of that would get you a unique ID for a file that does not But the second, if someone modify its files, they would get back to their default position.

I have received this in my inbox :

SamualDr,

You could get an MD5 hash of the file. It is extremely difficult for two
different files to have the same hash.

 Paul

It would be a good idea if my files were not meant to be modyfied, but it seems that files on the desktop WILL be modified... So, i'm still looking for something.

try md5 for file... like a hash check .... i don't know exactly how it is 
done... but it returns a unique identifier for a file depending on the content, 
type, but NOT on filename (extension)... Hope it helps!

--- End Message ---

--- Begin Message --- has anyone figured out if there is a way to have IIS's custom error pages work for PHP?

--travis

i have custom error handling code that is fine for non-fatal errors. but the only workaround i have found for handling fatal errors involves turning off buffereing, which i don't want to do. the way i can handle fatal errors is to first thing on every page send a Location header that redirects to the error page, and if i get a fatal error it goes to the error page. if i finish the page normally, the last bit of code i have resets the Location header. this necessitates turning off buffering, obviously. anyone have a better way of handling this? all i want is to redirect to a clean error page if there is a fatal error.

smime.p7s
Description: S/MIME Cryptographic Signature

--- End Message ---