php-general Digest 25 Sep 2013 14:09:46 -0000 Issue 8377
php-general Digest 25 Sep 2013 14:09:46 - Issue 8377 Topics (messages 322176 through 322176): php fopen https error 322176 by: Markus Falb Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- With RHEL/CentOS 5 php I get an SSL Error RHEL/CentOS 5 php is at 5.1.6 with security fixes backported. ?php $handle = fopen(https://maps.google.com;, r); $contents = stream_get_contents($handle); fclose($handle); ? will result in something like Warning: stream_get_contents(): SSL: fatal protocol error in bla.php on line 3 Some https pages do not raise this error, e.g. https://www.redhat.com is fine What is wrong? How to debug? How to resolve? How to mitigate? Thanks -- Markus Falb ---End Message---
[PHP] php fopen https error
With RHEL/CentOS 5 php I get an SSL Error RHEL/CentOS 5 php is at 5.1.6 with security fixes backported. ?php $handle = fopen(https://maps.google.com;, r); $contents = stream_get_contents($handle); fclose($handle); ? will result in something like Warning: stream_get_contents(): SSL: fatal protocol error in bla.php on line 3 Some https pages do not raise this error, e.g. https://www.redhat.com is fine What is wrong? How to debug? How to resolve? How to mitigate? Thanks -- Markus Falb -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP and curl
In an attempt to interface with a webservice on a Windows 7 server I
have started writing the following:-
[code]
?php
$strTerminalname = CIS;
$version = 1.2;
$client = new
SoapClient(http://192.168.0.10/CISWebService/Mediamanager.asmx?WSDL;);
var_dump($client-__getFunctions());
$result =
$client-__doRequest(GetSequenceNo,$strTerminalname,$version, $one_way
= 0);
?
[/code]
and I execute it via
php php-soap-web-service.php test.txt
on my Ubuntu 13.04 laptop using php version Zend Engine v2.4.0
in return I get
array(20) {
[0]=
string(59) GetMediaListResponse GetMediaList(GetMediaList $parameters)
[1]=
string(68) GetMediaListAllResponse GetMediaListAll(GetMediaListAll
$parameters)
[2]=
string(59) GetSoundListResponse GetSoundList(GetSoundList $parameters)
[3]=
string(77) GetTerminalDataXMLResponse
GetTerminalDataXML(GetTerminalDataXML $parameters)
[4]=
string(59) GetRouterXmlResponse GetRouterXml(GetRouterXml $parameters)
[5]=
string(80) GetTerminalSoundXMLResponse
GetTerminalSoundXML(GetTerminalSoundXML $parameters)
[6]=
string(62) SetSequenceNoResponse SetSequenceNo(SetSequenceNo
$parameters)
[7]=
string(50) GetConfigResponse GetConfig(GetConfig $parameters)
[8]=
string(62) GetSequenceNoResponse GetSequenceNo(GetSequenceNo
$parameters)
[9]=
string(95) UpdateClientMediaLogTimeResponse
UpdateClientMediaLogTime(UpdateClientMediaLogTime $parameters)
[10]=
string(59) GetMediaListResponse GetMediaList(GetMediaList $parameters)
[11]=
string(68) GetMediaListAllResponse GetMediaListAll(GetMediaListAll
$parameters)
[12]=
string(59) GetSoundListResponse GetSoundList(GetSoundList $parameters)
[13]=
string(77) GetTerminalDataXMLResponse
GetTerminalDataXML(GetTerminalDataXML $parameters)
[14]=
string(59) GetRouterXmlResponse GetRouterXml(GetRouterXml $parameters)
[15]=
string(80) GetTerminalSoundXMLResponse
GetTerminalSoundXML(GetTerminalSoundXML $parameters)
[16]=
string(62) SetSequenceNoResponse SetSequenceNo(SetSequenceNo
$parameters)
[17]=
string(50) GetConfigResponse GetConfig(GetConfig $parameters)
[18]=
string(62) GetSequenceNoResponse GetSequenceNo(GetSequenceNo
$parameters)
[19]=
string(95) UpdateClientMediaLogTimeResponse
UpdateClientMediaLogTime(UpdateClientMediaLogTime $parameters)
}
now this is all great but my question is how do I call each of these
functions with parameters.
The call I immediately need to make is to GetSequenceNo() which requires
a parameter of CIS in my current configuration.
How do I do this ? Obviously $client-__doRequest is not the way to go.
--
Regards,
Alf Stockton www.stockton.co.za
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and curl
SOAP functions can be called as methods of the SoapClient object. Maybe:
$client-GetSequenceNo( $parameters );
-Shawn
On Wed, Sep 25, 2013 at 9:17 AM, Alf Stockton a...@stockton.co.za wrote:
In an attempt to interface with a webservice on a Windows 7 server I have
started writing the following:-
[code]
?php
$strTerminalname = CIS;
$version = 1.2;
$client = new SoapClient(http://192.168.0.**
10/CISWebService/Mediamanager.**asmx?WSDLhttp://192.168.0.10/CISWebService/Mediamanager.asmx?WSDL
);
var_dump($client-__**getFunctions());
$result =
$client-__doRequest(**GetSequenceNo,$**strTerminalname,$version,
$one_way = 0);
?
[/code]
and I execute it via
php php-soap-web-service.php test.txt
on my Ubuntu 13.04 laptop using php version Zend Engine v2.4.0
in return I get
array(20) {
[0]=
string(59) GetMediaListResponse GetMediaList(GetMediaList $parameters)
[1]=
string(68) GetMediaListAllResponse GetMediaListAll(**GetMediaListAll
$parameters)
[2]=
string(59) GetSoundListResponse GetSoundList(GetSoundList $parameters)
[3]=
string(77) GetTerminalDataXMLResponse
GetTerminalDataXML(**GetTerminalDataXML
$parameters)
[4]=
string(59) GetRouterXmlResponse GetRouterXml(GetRouterXml $parameters)
[5]=
string(80) GetTerminalSoundXMLResponse
GetTerminalSoundXML(**GetTerminalSoundXML
$parameters)
[6]=
string(62) SetSequenceNoResponse SetSequenceNo(SetSequenceNo
$parameters)
[7]=
string(50) GetConfigResponse GetConfig(GetConfig $parameters)
[8]=
string(62) GetSequenceNoResponse GetSequenceNo(GetSequenceNo
$parameters)
[9]=
string(95) **UpdateClientMediaLogTimeRespon**se
UpdateClientMediaLogTime(**UpdateClientMediaLogTime $parameters)
[10]=
string(59) GetMediaListResponse GetMediaList(GetMediaList $parameters)
[11]=
string(68) GetMediaListAllResponse GetMediaListAll(**GetMediaListAll
$parameters)
[12]=
string(59) GetSoundListResponse GetSoundList(GetSoundList $parameters)
[13]=
string(77) GetTerminalDataXMLResponse
GetTerminalDataXML(**GetTerminalDataXML
$parameters)
[14]=
string(59) GetRouterXmlResponse GetRouterXml(GetRouterXml $parameters)
[15]=
string(80) GetTerminalSoundXMLResponse
GetTerminalSoundXML(**GetTerminalSoundXML
$parameters)
[16]=
string(62) SetSequenceNoResponse SetSequenceNo(SetSequenceNo
$parameters)
[17]=
string(50) GetConfigResponse GetConfig(GetConfig $parameters)
[18]=
string(62) GetSequenceNoResponse GetSequenceNo(GetSequenceNo
$parameters)
[19]=
string(95) **UpdateClientMediaLogTimeRespon**se
UpdateClientMediaLogTime(**UpdateClientMediaLogTime $parameters)
}
now this is all great but my question is how do I call each of these
functions with parameters.
The call I immediately need to make is to GetSequenceNo() which requires a
parameter of CIS in my current configuration.
How do I do this ? Obviously $client-__doRequest is not the way to go.
--
Regards,
Alf Stockton www.stockton.co.za
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php fopen https error
I believe this was a bug, is only a warning that may be suppressed and may have been fixed in 5.2.0. Are you aware that PHP is at 5.5.4 and that 5.1.6 is over 7 years old? -Shawn On Wed, Sep 25, 2013 at 9:09 AM, Markus Falb markus.f...@fasel.at wrote: With RHEL/CentOS 5 php I get an SSL Error RHEL/CentOS 5 php is at 5.1.6 with security fixes backported. ?php $handle = fopen(https://maps.google.com;, r); $contents = stream_get_contents($handle); fclose($handle); ? will result in something like Warning: stream_get_contents(): SSL: fatal protocol error in bla.php on line 3 Some https pages do not raise this error, e.g. https://www.redhat.com is fine What is wrong? How to debug? How to resolve? How to mitigate? Thanks -- Markus Falb -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php fopen https error
Just as I thought: 5.2.0 Fixed bug #39039 SSL: fatal protocol error when fetching HTTPS from servers running Google web server). (Ilia) On Wed, Sep 25, 2013 at 10:03 AM, Shawn McKenzie shawn.mcken...@gmail.comwrote: I believe this was a bug, is only a warning that may be suppressed and may have been fixed in 5.2.0. Are you aware that PHP is at 5.5.4 and that 5.1.6 is over 7 years old? -Shawn On Wed, Sep 25, 2013 at 9:09 AM, Markus Falb markus.f...@fasel.at wrote: With RHEL/CentOS 5 php I get an SSL Error RHEL/CentOS 5 php is at 5.1.6 with security fixes backported. ?php $handle = fopen(https://maps.google.com;, r); $contents = stream_get_contents($handle); fclose($handle); ? will result in something like Warning: stream_get_contents(): SSL: fatal protocol error in bla.php on line 3 Some https pages do not raise this error, e.g. https://www.redhat.com is fine What is wrong? How to debug? How to resolve? How to mitigate? Thanks -- Markus Falb -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and curl
Keep on list. $result = $client-GetSequenceNo( CIS ); shouldn't be throwing that error. Maybe you are trying to do something with $result afterwards? Try var_dump($result); On Wed, Sep 25, 2013 at 10:12 AM, Alf Stockton a...@stockton.co.za wrote: On 25/09/13 16:52, Shawn McKenzie wrote: $client-GetSequenceNo( $parameters ); That unfortunately returns alf@alf-ThinkPad-T500:~/Development/PHP/DevIt$ php php-soap-web-service.php test.txt PHP Catchable fatal error: Object of class stdClass could not be converted to string in /home/alf/Development/PHP/DevIt/php-soap-web-service.php on line 7 No matter if I use $result = $client-GetSequenceNo( CIS ); or $result = $client-GetSequenceNo($strTerminalname); -- Regards, Alf Stockton www.stockton.co.za -- -- Thanks! -Shawn --
Re: [PHP] php fopen https error
On 25.9.2013 17:12, Shawn McKenzie wrote: Just as I thought: 5.2.0 Fixed bug #39039 SSL: fatal protocol error when fetching HTTPS from servers running Google web server). (Ilia) Thanks, but ... I am not sure how what I am supposed to do with this information. #39039 says it is a bug and it was fixed. How do I proceed to understand this bug? Where can I find the appropiate patch? Where is this bug discussed? I am sorry if I strain it (too much?) but the link to this bug does not give a solution to the problem and it does not help to understand the problem. I understand that somewhere in cvs there is the solution, but I can not see an obvious way to get it from the information in #39039 -- Markus Falb -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php fopen https error
On 25.9.2013 17:03, Shawn McKenzie wrote: I believe this was a bug, is only a warning that may be suppressed and may have been fixed in 5.2.0. Are you aware that PHP is at 5.5.4 and that 5.1.6 is over 7 years old? Please understand that some Distributions do the only backport security stuff thing, e.g. RedHat is supporting for 10 years nowadays. I do not complain, I just try to understand the issue. Thanks -- Markus Falb -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php fopen https error
I thought I covered that. The bug was fixed 7 years ago. Upgrade PHP, I doubt there is a patch. I understand that not all coders or distributions will have the latest version of PHP, but come on, how many thousands of bugs have been fixed in 7 years? You're going to run into more. Alternatively you could try and suppress it. From the bug it sounded like it was only the warning that was the bug, so the code should work. I can't test because my PHP on CentOS is only 3 years old (5.3.3). $contents = @stream_get_contents($handle); On Wed, Sep 25, 2013 at 11:20 AM, Markus Falb markus.f...@fasel.at wrote: On 25.9.2013 17:12, Shawn McKenzie wrote: Just as I thought: 5.2.0 Fixed bug #39039 SSL: fatal protocol error when fetching HTTPS from servers running Google web server). (Ilia) Thanks, but ... I am not sure how what I am supposed to do with this information. #39039 says it is a bug and it was fixed. How do I proceed to understand this bug? Where can I find the appropiate patch? Where is this bug discussed? I am sorry if I strain it (too much?) but the link to this bug does not give a solution to the problem and it does not help to understand the problem. I understand that somewhere in cvs there is the solution, but I can not see an obvious way to get it from the information in #39039 -- Markus Falb -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] https question
Hi gang: I have a client who had his entire site moved to another host -- no big problem. However, the old site had a https directory, where I had secure scripts to do credit-card transactions, but the new site doesn't have a https directory -- in fact it doesn't even have a http directory at all. So, what options do I have to do secure transactions? I remember someone saying that this could be done via a .htaccess file, but I don't have the code, nor am I positive this is the answer. What do you recommend? Thanks, tedd ___ tedd sperling t...@sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] https question
On Sep 25, 2013, at 1:55 PM, Tedd Sperling t...@sperling.com wrote: Hi gang: I have a client who had his entire site moved to another host -- no big problem. However, the old site had a https directory, where I had secure scripts to do credit-card transactions, but the new site doesn't have a https directory -- in fact it doesn't even have a http directory at all. So, what options do I have to do secure transactions? I remember someone saying that this could be done via a .htaccess file, but I don't have the code, nor am I positive this is the answer. What do you recommend? Thanks, tedd Did you setup the server (Apache / nginx) configuration? The entire site should be served under https if you're doing CC processing Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] https question
On Sep 25, 2013, at 1:58 PM, Joshua Kehn josh.k...@gmail.com wrote: On Sep 25, 2013, at 1:55 PM, Tedd Sperling t...@sperling.com wrote: Hi gang: I have a client who had his entire site moved to another host -- no big problem. However, the old site had a https directory, where I had secure scripts to do credit-card transactions, but the new site doesn't have a https directory -- in fact it doesn't even have a http directory at all. So, what options do I have to do secure transactions? I remember someone saying that this could be done via a .htaccess file, but I don't have the code, nor am I positive this is the answer. What do you recommend? Thanks, tedd Did you setup the server (Apache / nginx) configuration? The entire site should be served under https if you're doing CC processing Best, –Josh I understand that cc processing should be done via https. Normally, that means to me that I place my $ scripts in a https directory -- the problem is that I don't have one with this host. So, I am asking how does one do that with a https directory? Thanks, tedd ___ tedd sperling tedd.sperl...@gmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] https question
On Sep 25, 2013, at 2:24 PM, Tedd Sperling tedd.sperl...@gmail.com wrote: I understand that cc processing should be done via https. Normally, that means to me that I place my $ scripts in a https directory -- the problem is that I don't have one with this host. So, I am asking how does one do that with a https directory? Thanks, tedd ___ tedd sperling tedd.sperl...@gmail.com I'm saying the site should be served entirely under HTTPS. There shouldn't be separate https/http directories. Apache (or whatever your web server is) has a certificate installed on it and that vhost is configured to only respond to https requests. Typically this also means running a separate vhost on http that redirects to the https variant. Where is this new host? It should be a dedicated box (vps or other) due to how the certificates need to be issued (dedicated ip address). Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] https question
On Wed, Sep 25, 2013 at 1:55 PM, Tedd Sperling t...@sperling.com wrote:
Hi gang:
I have a client who had his entire site moved to another host -- no big
problem.
However, the old site had a https directory, where I had secure scripts to do
credit-card transactions, but the new site doesn't have a https directory --
in fact it doesn't even have a http directory at all. So, what options do I
have to do secure transactions?
I remember someone saying that this could be done via a .htaccess file, but I
don't have the code, nor am I positive this is the answer.
What do you recommend?
Sounds like it may have been moved from a Plesk server to a
non-Plesk server (or something using a similar path setup). If it's
still Apache-based, yes, an .htaccess mod_rewrite directive should
suffice. And, while it's out-of-scope for this list, an example, for
posterity:
# .htaccess - placed in the web root
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [QSA,R,L]
--
/Daniel P. Brown
Network Infrastructure Manager
http://www.php.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sending PHP mail with Authentication
Hi All, Semi newbie email question... I have used the - mail() — Send mail php function to send email from a site. now it seems the server is blocking this for safety because I should be using authentication Q: mail() does not have authentication - correct? Q: So I read from the link below that maybe I should use - PEAR Mail package is this a good choice to send mail with authentication? ...any suggestions for basic sending email with authentication (setup info and links also) would be welcome http://email.about.com/od/emailprogrammingtips/qt/PHP_Email_SMTP_Authentication.htm -- Thanks, Dave - DealTek deal...@gmail.com [db-3] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sending PHP mail with Authentication
Usually if I am using a framework I would use the SMTP library associated with it. If it doesn't have one, I use phpmailer, fast and easy to setup: http://phpmailer.worxware.com/index.php?pg=examplebsmtp Aziz On Wed, Sep 25, 2013 at 4:11 PM, dealTek deal...@gmail.com wrote: Hi All, Semi newbie email question... I have used the - mail() — Send mail php function to send email from a site. now it seems the server is blocking this for safety because I should be using authentication Q: mail() does not have authentication - correct? Q: So I read from the link below that maybe I should use - PEAR Mail package is this a good choice to send mail with authentication? ...any suggestions for basic sending email with authentication (setup info and links also) would be welcome http://email.about.com/od/emailprogrammingtips/qt/PHP_Email_SMTP_Authentication.htm -- Thanks, Dave - DealTek deal...@gmail.com [db-3] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sending PHP mail with Authentication
Another vote for PHPMailer, I have it working several years already (authenticating against a Zimbra and Outlook SMTP server) without problems. Greetings. On Wed, Sep 25, 2013 at 11:12 PM, Aziz Saleh azizsa...@gmail.com wrote: Usually if I am using a framework I would use the SMTP library associated with it. If it doesn't have one, I use phpmailer, fast and easy to setup: http://phpmailer.worxware.com/index.php?pg=examplebsmtp Aziz On Wed, Sep 25, 2013 at 4:11 PM, dealTek deal...@gmail.com wrote: Hi All, Semi newbie email question... I have used the - mail() — Send mail php function to send email from a site. now it seems the server is blocking this for safety because I should be using authentication Q: mail() does not have authentication - correct? Q: So I read from the link below that maybe I should use - PEAR Mail package is this a good choice to send mail with authentication? ...any suggestions for basic sending email with authentication (setup info and links also) would be welcome http://email.about.com/od/emailprogrammingtips/qt/PHP_Email_SMTP_Authentication.htm -- Thanks, Dave - DealTek deal...@gmail.com [db-3] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sending PHP mail with Authentication
On Wed, Sep 25, 2013 at 11:48 PM, Camilo Sperberg m...@unreal4u.com wrote: Another vote for PHPMailer, I have it working several years already (authenticating against a Zimbra and Outlook SMTP server) without problems. Greetings. On Wed, Sep 25, 2013 at 11:12 PM, Aziz Saleh azizsa...@gmail.com wrote: Usually if I am using a framework I would use the SMTP library associated with it. If it doesn't have one, I use phpmailer, fast and easy to setup: http://phpmailer.worxware.com/index.php?pg=examplebsmtp Aziz On Wed, Sep 25, 2013 at 4:11 PM, dealTek deal...@gmail.com wrote: Hi All, Semi newbie email question... I have used the - mail() — Send mail php function to send email from a site. now it seems the server is blocking this for safety because I should be using authentication Q: mail() does not have authentication - correct? Q: So I read from the link below that maybe I should use - PEAR Mail package is this a good choice to send mail with authentication? ...any suggestions for basic sending email with authentication (setup info and links also) would be welcome http://email.about.com/od/emailprogrammingtips/qt/PHP_Email_SMTP_Authentication.htm -- Thanks, Dave - DealTek deal...@gmail.com [db-3] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Another vote for PHPMailer, I have it working several years already (authenticating against a Zimbra and Outlook SMTP server) without problems. Greetings. PD: Sorry for previous mail, it has been some time that I haven't used the webmail interface of gmail :) -- Mailed by: UnReAl4U - unreal4u ICQ #: 54472056 www1: http://www.chw.net/ www2: http://unreal4u.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPDoc way to describe the magic getter/setters [SOLVED]
I use a base.class that most classes extend from. That class uses the lovely
Magic Methods for overloading __get() and __set()
http://php.net/manual/en/language.oop5.magic.php
However (in Zend Studio for example) when I try to auto-assist a property
$foo I don't see that it has a get() or set() method.
I'd like to see something like $this-get_foo() or $this-set_foo() and
also if possible have them show up in the Outline tab window.
Then I randomly stumbled upon this PHPDoc @ method tag and my whole world
is brighter today than it has been for the past, oh let's say DECADE!
http://manual.phpdoc.org/HTMLSmartyConverter/PHP/phpDocumentor/tutorial_tags
.method.pkg.html
or @property too.
http://manual.phpdoc.org/HTMLSmartyConverter/PHP/phpDocumentor/tutorial_tags
.property.pkg.html
*giddy!*
(now I just have to go back through all my code and update the class
documentation headers everywhere)
?php
/**
* This is an example of how to use PHPDoc to describe the magic __get() and
__set()
* so that Zend Studio / Eclipse / Other IDEs can utilize the methods that
don't technically exist.
*
* @methodvoid set_name() set_name(string $name) magic setter for $name
property
* @methodstring get_name() get_name() magic getter for $name property
*
* @link
http://manual.phpdoc.org/HTMLSmartyConverter/PHP/phpDocumentor/tutorial_tags
.method.pkg.html
* @link
http://manual.phpdoc.org/HTMLSmartyConverter/PHP/phpDocumentor/tutorial_tags
.property.pkg.html
*/
class foo
{
/**
* @var string $name the description of $name goes here
*/
protected $name;
public function __construct($id = NULL)
{
}
}
$myobj = new foo();
Put your cursor after the - and hit CTRL+SPACE.
Notice how you have magic get_name() and set_name($name)
appearing and also in the Eclipse Outline pane
$myobj-
You're welcome.
?
Re: [PHP] PHPDoc way to describe the magic getter/setters [SOLVED]
On Wed, Sep 25, 2013 at 4:31 PM, Daevid Vincent dae...@daevid.com wrote: Then I randomly stumbled upon this PHPDoc @ method tag and my whole world is brighter today than it has been for the past, oh let's say DECADE! Yes, @method and @property are very handy. Out of curiosity, since you're providing magic getters and setters, why not use __get and __set instead of __call with matching on get_xxx and set_xxx? This would allow using the simpler (and IMHO much more expressive and PHP-ish) forms $obj-foo = $obj-bar + 5; Peace, David
Re: [PHP] Apache
De: Ashley Sheridan a...@ashleysheridan.co.uk
Para: m...@nikha.org; Domain nikha.org m...@nikha.org
Cc: php-general@lists.php.net
Enviadas: Quarta-feira, 25 de Setembro de 2013 2:22
Assunto: Re: [PHP] Apache
Domain nikha.org m...@nikha.org wrote:
Ashley Sheridan am Montag, 23. September 2013 - 21:35:
No, no, no! That is not a good stand-in for fundamental security
principles!
This is a better method for ensuring an image is really an image:
?php
if(isset($_FILES['file']))
{
list($width, $height) = getimagesize($_FILES['file']['tmp_name']);
if($width $height)
{
$source = imagecreatefromjpeg($_FILES['file']['tmp_name']);
$dest = imagecreatetruecolor($width, $height);
imagecopyresampled($dest, $source,
0, 0, 0, 0,
$width, $height, $width, $height);
imagejpeg($dest, basename($_FILES['file']['tmp_name']));
}
else
echo {$_FILES['file']['name']} is not a jpeg;
}
?
form enctype=multipart/form-data method=post
input type=file name=file/
input type=submit name=submit value=submit/
/form
Obviously it's only rough, and checks only for jpeg images, but
that's
easy to alter. I've just tested this with a regular jpeg, the same
jpeg
with PHP code concatenated onto the end (which still appears to be a
valid image to viewing/editing software) and a pure PHP file with a
.jpg
extension. In the case of the first 2, a new jpeg is generated with
the
same image and without the code. The third example just echoes out an
error.
Dear Ashley, nice, but useless for this problem!
The problem was to do with an image upload, so no, not useless.
First, because users may upload other things than images! PDF's, audio
files, videos etc!
In an earlier email I detailed some methods for validating other types, such as
DomDocument for HTML, XML, svg, etc, or fpdf for PDF.
And on behalf images: GD you are using handles only
jpeg, gif and png. There are about hunderd other image types on the
way,
At the moment those are the 3 raster formats you can use on the web, so those
are the ones that pose an issue. If you're using anything else, it's not for
web and doesn't need to be in a publicly accessible location.
users can upload! How to detect them, if the extension is missleading?
The extension comes from the user. Never trust the user, ever.
And even if we succeed: As your script demonstrates very well,
malicious
code does not affect the rendering of the image.
My script does effectively strip out malicious code though, even if it can't
easily be seen.
The hacker says: Hi,
this is a nice picture, play it, and then, please do this--follows his
code, that can be a desaster for the whole system.
Social engineering is a whole different issue.
Yes, your script seems to purge the image file, simply because GD does
not copy the malware code. But why are you sure about that? You cannot
see that code, OK, but may be it was executed in the plain GD
environement?
GD isn't a PHP parser, and PHP doesn't execute the image before GD touches it.
Infact, Apache isn't even involved between GD and the image at that point, so
it won't suffer from this bad config.
What you are doing is dangerous, because you force the
execution of things that should be never executed!
Erm, no, the image isn't being executed.
no no no forget it. After all we cannot exclude that users come in
with malware.
If you think it's fine that a user be able to upload malware, then you're going
to have a very bad time.
But we MUST exclude, it is executed on the web server.
This is important too, but in this profession belt and braces is best I
believe.
That is the Apache chainsaw massacre as Steward whould say. And
probably
it can be avoided by purging the filenames (not the files!).
Nevertheless, the standard configuration of the Apache servers is
basically unacceptable. It must execute user requests and never ever
user files! Period.
Have nice days,
Niklaus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Thanks,
Ash
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Sorry for this late post but I'm amazed nobody consulted the doco.
The php.net site has a whole section titled Handling File Uploads.
Also check out finfo_open and finfo_file.
If your are a windoze user you need a dll.
If you want Apache to handle PUT requests you MUST tell it to run a script as
it cannot write to web root.
HTH
Robert
