Armand Turpel wrote:
On Wed, 4 Jun 2003, Jay Blanchard wrote:
[snip]
Have register globals set to ON is one way of leaving your script open
to being exploitable.
[/snip]
Please explain this, how does it make it more exploitable? I think that
this is only true if the code
this file
download while under SSL, or is it something else I'm overlooking?
Thanks for any help.
---John Holmes...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Rouvas Stathis
[EMAIL PROTECTED]
http://www.di.uoa.gr
Holmes...
- Original Message -
From: Rouvas Stathis [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: 1LT John W. Holmes [EMAIL PROTECTED]
Sent: Monday, October 07, 2002 2:00 PM
Subject: Re: [PHP] File download doesn't work with SSL
John,
problem is broken HTTP/1.1 implementation
24143 Kiel
Postfach 6345
24124 Kiel
fon 0431 - 739 47 50
hdy 0175 - 458 73 74
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Rouvas Stathis
[EMAIL
Hi all,
Just wanting to notify everyone that
the link for the PHP.4.2.2 download is broken.
-Stathis.
--
Rouvas Stathis
[EMAIL PROTECTED]
http://www.di.uoa.gr/~rouvas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Rouvas Stathis
[EMAIL PROTECTED]
http://www.di.uoa.gr/~rouvas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
together in OE.
Anyon ehave a sugestion on a different way of doing what I want to do?
Should be easy but i;m starting to get a headache from this (6-7 years not
doing SQL doesn't help either)
--
Rouvas Stathis
[EMAIL PROTECTED]
http://www.di.uoa.gr/~rouvas
--
PHP General Mailing List
Miguel Cruz wrote:
On Mon, 22 Apr 2002, Leif K-Brooks wrote:
I use $formvar for form processing, I don't use the arrays. This is how I
was taught to do it. If my host upgrades to 4.2.0, my website is as good as
gone! What am I supposed to do?!
Fix them! This direction was first
Erik Price wrote:
On Tuesday, April 23, 2002, at 06:48 AM, Rouvas Stathis wrote:
This change improves your security, so it'd be rational to be happy
about
it.
No it doesn't. It just provides another excuse for lazy programming.
Nothing will save a lazy programmer or one
Miguel Cruz wrote:
On Tue, 23 Apr 2002, Rouvas Stathis wrote:
Miguel Cruz wrote:
On Mon, 22 Apr 2002, Leif K-Brooks wrote:
I use $formvar for form processing, I don't use the arrays. This is how I
was taught to do it. If my host upgrades to 4.2.0, my website is as good as
gone
See attached file.
-Stathis.
Boaz Yahav wrote:
Hi
I need a function that will get a date in the past and return how much
time has passed since that date till now.
The input to the function is a MySQL DATETIME format and the output
should be something like :
2 Years, 36 Days, 7 hours
:
Hello
But i would like to ues that modules that are not complied wit PHP
i mean dynamic inclusion of modules... Is that possible ?
Prachait
- Original Message -
From: Rouvas Stathis [EMAIL PROTECTED]
Newsgroups: php.general
To: Prachait Saxena [EMAIL PROTECTED]
Cc: [EMAIL
and recompling the apache ???
Now what i can do ?
Prachait
- Original Message -
From: Rouvas Stathis [EMAIL PROTECTED]
Newsgroups: php.general
Cc: [EMAIL PROTECTED]
Sent: Friday, March 29, 2002 6:34 PM
Subject: Re: [PHP] where i get .so [dll] file of linux ?
I always recompile
Prachait Saxena wrote:
Hello
I would like to Know, where Site or Link i can get complied .so [dll] files.
of linux
as i have php_sockets.dll which works very fine in Windows enviroment. but
on linux
Can you suggest any other option for this.
I am using dl(php_sockets.dll);
As long as preventing users to download a picture you display, my .02Eu
opinion is that is is a fruitless task. A determined user will _always_
find a way to store the picture you send him. After all, you do send
data to him, therefore the data can be manipulated at will:-)
As far as some code
Someone knows how to use the IF command ?
I need two expressions as such as IF (exp1 AND exp2) ...
name of poster deleted
computer programmer
^
A computer programmer not knowing the IF command?
Really, what computer do you program?
-Stathis.
PS: Sorry, I just can't
Manuel Lemos wrote:
For example, multi-threading. Looking at the PHP sources, I can see this
would be fairly easy to implement on some most server modules. Before I
get fried by people for suggesting this, I know there are many functions
that are not thread safe, such the ob_*
For the linux version, go to:
URL:http://glaykos.mm.di.uoa.gr/~rouvas/tmp/inet/linux/php/php-4.0.3pl1-orig.tar.gz
-Stathis.
Gaylen Fraley wrote:
This build is not on php.net. I need both the linux source and the windows
binary for testing. Does anyone know where I can obtain these?
--
Start php with -q, eg: php -q script.php
-Stathis.
Dan McCullough wrote:
I am setting up a shell script to provide a menu for some tasks that our server
admin would like
to do via script rather then vi'ing the file, now I am almost finished but I would
like to get rid
of this ugly part
Browsers discard whatever tags they don't understand.
They don't grok WDDX tags, so only the string is displayed.
View source and it all should be there.
-Stathis.
con pulpa wrote:
Hi EVERYONE!
I'm running RH7.1 with PHP version 4.04pl1 and
Apache1.3.19-5. A simple php script ?php
Search the archives for the following e-mail :
Subject: RE: [PHP3] Checking screen resolution and/or window size
Date: Wed, 23 Feb 2000 09:54:05 -0500
From: "Michael Geier" [EMAIL PROTECTED]
I think this will cover your questions.
-Stathis.
Nikola Veber wrote:
Hi !
I would like to
Try base64_(en|de)code.
-Stathis.
Christopher Heschong wrote:
Despite the fact that PHP's WDDX functions don't support a "binary" type,
most binary data comes through just fine, and in fact, the WDDX serialize
function can encode certain types of binary data, such as a null
character:
Jordan Elver wrote:
Hi,
Could any one explain what this statemnt means?
$i = (!$i)?"0":$i;
if (!$i) then
$i = "0";
else
$i = $i;
-Stathis
Thanks,
Jord
--
Jordan Elver
Web Developer
The InternetOne UK Ltd
--
PHP General Mailing List (http://www.php.net/)
To
Try vim instead of vi.
-Stathis.
Ben Bleything wrote:
I can't speak for terminal usage... I use pico and or vi... pico on
console, vi over ssh.
When working locally, I use nedit (www.nedit.org) on *nix (with custom
PHP syntax highlighting) and EditPlus on windows.
Good luck,
Ben
Michael Champagne wrote:
We recently ran into Oracle error ORA-04031 which has something to do with
your shared memory being filled up or thrashed (I'm not a DBA so I'm vague on
this.) I noticed that a lot of the PHP code on the site is not using
ocifreestatement() or ocilogoff() after
PL/SQL code for an Oracle trigger that will auto-increment specified
field:
create or replace trigger trigger
before insert on table
for each row
begin
if :new.field is null then
select sequence-name.nextval into :new.field from dual;
end if;
end;
You have to create a sequence
This is the official PHP 4.0.6 version. After line 448 insert:
#if MEMORY_LIMIT
AG(allocated_memory) -= REAL_SIZE(ptr-size);
#endif
If you'll take a good look at the diff file the first half is what you're
supposed to have and the second half is what
Patch cannot be successfully applied. Any suggestions ?
Output from patch application:
start
rouvas@aspasia(12) /opt/ide2/rouvas/tmp/php-4.0.6/Zend patch -i
patch.zend_alloc.c
patching file zend_alloc.c
Hunk #1 FAILED at 446.
1 out of 1 hunk FAILED -- saving rejects to file zend_alloc.c.rej
Gutmans wrote:
Very strange. I just checked it and it worked for me with GNU patch 2.5.
Do you know how to apply it yourself? You just need to add those three
lines (without the leading +).
Andi
At 07:48 PM 7/1/2001 +0300, Rouvas Stathis wrote:
Patch cannot be successfully applied. Any
Andi Gutmans wrote:
At 10:17 PM 7/1/2001 +0300, Rouvas Stathis wrote:
It is indeed strange, since in the sources I have (downloaded about a
week ago), I already have the exact source that the patch presents
(without the lines prefixed with +).
I'm looking at $PHPHOME/Zend/zend_alloc.c file
Richard Lynch wrote:
Been trying to compile PHP.4.0.6 with --with-zlib directive and failing.
Using --with-zlib-dir, however succeeds.
Does anyone knows the difference between the two ?
--with-zlib-dir works and --with-zlib doesn't?
:-) :-) :-)
If you got it to work, leave it
Hi,
Been trying to compile PHP.4.0.6 with --with-zlib directive and failing.
Using --with-zlib-dir, however succeeds.
Does anyone knows the difference between the two ?
Also, in a related problem, if I try with --enable-xslt I get the
following results:
checking for XML support... yes
"Thies C. Arntzen" wrote:
On Sun, Jun 24, 2001 at 09:50:05PM +0300, Rouvas Stathis wrote:
"Thies C. Arntzen" wrote:
On Fri, Jun 22, 2001 at 09:16:08PM +0300, Rouvas Stathis wrote:
Do you experience any other sort of problems other than those warnings?
I mea
"Thies C. Arntzen" wrote:
On Fri, Jun 22, 2001 at 09:16:08PM +0300, Rouvas Stathis wrote:
Do you experience any other sort of problems other than those warnings?
I mean, is anything wrong with the data? Normally, nothing should be
wrong.
I have seen the same messages (
for my comments on your other points.
"Thies C. Arntzen" wrote:
On Thu, Jun 21, 2001 at 09:32:31PM +0300, Rouvas Stathis wrote:
"Thies C. Arntzen" wrote:
On Thu, Jun 21, 2001 at 03:19:09PM +0300, Rouvas Stathis wrote:
Unfortunately, you are not doing anything w
"Thies C. Arntzen" wrote:
On Fri, Jun 22, 2001 at 02:47:39AM +0300, Rouvas Stathis wrote:
"Thies C. Arntzen" wrote:
please send me a "minimal" testcase that shows this
behaviour! i'll look into that then.
I said that I'll have it on Monday
Do you experience any other sort of problems other than those warnings?
I mean, is anything wrong with the data? Normally, nothing should be
wrong.
I have seen the same messages (especially the "service handle not
intitialized" one) in my server too.
I have traced it to attemtps to close an
Confuser wrote:
I understand that OCIPLogon creates a persitant connection to the Oracle DB,
to improve
performance... And I must say it does !
However, since OCILogoff is best not used with a persitant logon (and in the
latest versions,
it doesn't do anything anyway)... How will PHP
"Thies C. Arntzen" wrote:
On Thu, Jun 21, 2001 at 03:19:09PM +0300, Rouvas Stathis wrote:
Unfortunately, you are not doing anything wrong.
Persistent connections and PHP/Ora do not play well with each other.
??? - please elaborate.
PHP/Ora without persistent connection
"Thies C. Arntzen" wrote:
please send me a "minimal" testcase that shows this
behaviour! i'll look into that then.
I said that I'll have it on Monday, but curiosity got the better of
me:-)
So, I ran my test case and these are my findings, alogn with the test.
Machine Configuration
form/body/html
the first input text can be accessed as
window.document.forms[0].element[1] while the second can be accessed as
window.doucment.forms[0].elements[2]
-Stathis.
elias wrote:
How can i access names with '[]' w/o eval() or seeking in form's element?
-elias
"Rouvas Stathi
Actually, you *can* use brackets ([]) in names and javascript can handle
them just fine.
-Stathis.
Max Vysotskiy wrote:
Hi.
Why doesn't PHP convert mutiselect values with plain names (not array-like)
to arrays. Is there any reason to not doing this?
Example:
I have a page with
The Wise Man Said:
WISE MAN's EMAIL
Subject:
RE: [PHP3] URL without a classic php filename like php, php3,
phtml?
Date:
Tue, 11 Apr 2000 12:54:35 MST
From:
[EMAIL PROTECTED]
To:
"Michael Simcich" [EMAIL PROTECTED],
[EMAIL PROTECTED]
Goto SquirrelMail http://www.squirrelmail.org/ and search for the
"Infamous IE with SSL bug" (their wording).
If I remember correctly it has to do with IE not implementing correctly
HTTP/1.1 protocol (so you have to switch to HTTP/1.0 whenever an IE
browser hits you) and something about the cache
I wouldn't worry about that. Although it all depends by what do you mean
by "speed":-)
Anyway, you can always test your page with "ab" (part of the Apache
installation, at least on Linux)
-Stathis.
Kurth Bemis wrote:
i'm concerned about the speed at which httpd (with php4.0.1pl1 compiles in
I keep a copy of php.4.0.3.pl1 at
URL:http://glaykos.mm.di.uoa.gr/~rouvas/tmp/inet/linux/php/
Both the original version I downloaded as well as a version with the
bc-lib and conf files for SuSE exist.
-Stathis.
James Moore wrote:
I need an older version of PHP because my pam_auth won't
Check SquirelMail (I'm propably spelling it wrong) on freshmeat.net
-Stathis.
Steven Katz wrote:
I'm looking for a PHP web-based POP/IMAP mail client to install on my
RH7 machine. Anyone know of any with really good looking interfaces?
I found a few that I like, but they're CGI, and
If you don't see --enable-sigchild in phpinfo() then :
(a) you are not running the version you compiled
(b) your config script had something wrong.
Baseline: if you don't see it, it's not there.
You have to recompile.
-Stathis.
Bob Kakalec wrote:
When I execute an sql statement against my
In .htaccess use SSLRequireSSL for AuthType Config and redirect to https
using ErrorDocument.
Example for www.foo.goo/sec
.htacess
AuthType Config
SSLRequireSSL
ErrorDocument 403 https://www.foo.goo/sec
Options -Indexes
Options directive is not neccessary but I assume that if
Great News!
-Stathis.
Andrei Zmievski wrote:
The first release of PHP-GTK is now available. PHP-GTK is a PHP
extension that provides an object-oriented interface to GTK+ toolkit and
enables you to write client-side cross-platform GUI applications. For
more information, visit
From your mail, I understand that you cannot proceed past the
compilation step.
I've seen the same on previous versions of PHP for Linux, but now this
is solved.
Maybe the Solaris version didn't got the same fixes...
Anyway, PHP will look at ORACLE_HOME for the required libraries which
has now
And don't forget "goo". "foo" and "goo" go together:-)
-Stathis.
Soeren Staun-Pedersen wrote:
Probably some of you are laughing while reading this :) But I have seen the
word "foo" used so many time (in programming) from different resources for
different reasons. Has it any meaning?
Hit Thomas,
you need to recompile PHP with the options you want (as a shared apache
module) and then replace libphp4.so on /usr/lib/apache/ with your own
version.
A good thing is to keep SuSE's version as a backup:-)
Don't forget to restart apache afterwards. (/etc/rc.d/apache stop;
I find wotsit.org an excellent resource :
http://www.wotsit.org/
-Stathis.
Dallas Kropka wrote:
I need to create files and reports for importation into QuickBooks, but they
need to be in the IIF file format that QuickBooks supports where can I
find information for creating these files?
Try pscp from putty :
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-Stathis.
Kyle Jerviss wrote:
Yeek! Not quite what I meant. I don't think that web servers have any
business being on windows boxes. I was wondering if there were a way to
upload using something like scp from a
You don't need to hach into anything.
Apache has builtin pipe redirection support.
Search for "rotatelog" in Apache docs.
-Stathis.
Richard Lynch wrote:
I doubt it...
On busy servers, those files must get so huge, there's no way Apache can be
trying to keep it all in RAM.
So, pretty
56 matches
Mail list logo