[PHP] Re: Switch Statement
?php
session_start();
session_name(STORE);
set_time_limit(2400);
ini_set('display_errors', 'on');
ini_set('display_startup_errors', 'on');
error_reporting(-2);
ini_set('error_reporting', 'E_ALL | E_STRICT');
ini_set('html_errors', 'On');
ini_set('log_errors', 'On');
Ethan,Ethan,Ethan - what is all this stuff you have at the top??? Do
you know how any of this is supposed to be written? You can not put
Constants in quotes - they become just plain strings then, not Constants
with the predefined values you (and the functions) are expecting. For
example, 'on' is NOT the same as the use of the word : on. And your
error_reporting setting (which you are attempting to do TWICE) is
actually causing your script to NOT show any errors, which is preventing
you from seeing that your script dies at the misspelled print statement
and never gets to the pair of if statements that should call your good
and bad functions.
Hate to do this to you, but you've been attempting to pick up PHP for
two years now almost and from this latest post you appear to not have
learned anything.
And WHY would you EVER want to have a time limit of 2400 seconds???
And stop burying functions in the middle of your straight line code.
It's ridiculous and makes reading your scripts a royal PIA.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] create a local temp table in local machine
Thanks for the message, Do you have any information how to create JS file and how to access from jQuery auto complete? Thanks again for helping, Regards, Iccsi, Bastien wrote in message news:57469e24-56e6-40c9-8176-64cd8444f...@gmail.com... Thanks, Bastien On Sep 28, 2013, at 8:24 PM, iccsi inu...@gmail.com wrote: Thanks for the information and help, Yes, my data is pretty much static, Can you please give me some link for the solution? It is the solution I am looking for my current situation, Thanks a million for helping, Regards, Iccsi, I don't have a link unfortunately. The system I did it for is proprietary. But I do recall it was a pretty switch in the JS to view the list from the static file. The JS file with the static data was just an array and the autocomplete looked at that as the data source Sorry Bastien -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Switch Statement
On 09/28/2013 11:59 PM, Jim Giner wrote:
?php
session_start();
session_name(STORE);
set_time_limit(2400);
ini_set('display_errors', 'on');
ini_set('display_startup_errors', 'on');
error_reporting(-2);
ini_set('error_reporting', 'E_ALL | E_STRICT');
ini_set('html_errors', 'On');
ini_set('log_errors', 'On');
Ethan,Ethan,Ethan - what is all this stuff you have at the top??? Do
you know how any of this is supposed to be written? You can not put
Constants in quotes - they become just plain strings then, not Constants
with the predefined values you (and the functions) are expecting. For
example, 'on' is NOT the same as the use of the word : on. And your
error_reporting setting (which you are attempting to do TWICE) is
actually causing your script to NOT show any errors, which is preventing
you from seeing that your script dies at the misspelled print statement
and never gets to the pair of if statements that should call your good
and bad functions.
Hate to do this to you, but you've been attempting to pick up PHP for
two years now almost and from this latest post you appear to not have
learned anything.
And WHY would you EVER want to have a time limit of 2400 seconds???
And stop burying functions in the middle of your straight line code.
It's ridiculous and makes reading your scripts a royal PIA.
Jim -
Thanks.
Changed error_reporting to -1. No error messages. No change in output.
Ethan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Switch Statement
On 09/28/2013 10:53 PM, Aziz Saleh wrote: Ethan, can you do a var_dump instead of print_r. It might be that next_step has spaces in it causing the switch to not match. Aziz snip Aziz - Used var_dump no further information Ethan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Switch Statement
On 9/29/2013 1:29 AM, Ethan Rosenberg wrote:
On 09/28/2013 11:59 PM, Jim Giner wrote:
?php
session_start();
session_name(STORE);
set_time_limit(2400);
ini_set('display_errors', 'on');
ini_set('display_startup_errors', 'on');
error_reporting(-2);
ini_set('error_reporting', 'E_ALL | E_STRICT');
ini_set('html_errors', 'On');
ini_set('log_errors', 'On');
Ethan,Ethan,Ethan - what is all this stuff you have at the top??? Do
you know how any of this is supposed to be written? You can not put
Constants in quotes - they become just plain strings then, not Constants
with the predefined values you (and the functions) are expecting. For
example, 'on' is NOT the same as the use of the word : on. And your
error_reporting setting (which you are attempting to do TWICE) is
actually causing your script to NOT show any errors, which is preventing
you from seeing that your script dies at the misspelled print statement
and never gets to the pair of if statements that should call your good
and bad functions.
Hate to do this to you, but you've been attempting to pick up PHP for
two years now almost and from this latest post you appear to not have
learned anything.
And WHY would you EVER want to have a time limit of 2400 seconds???
And stop burying functions in the middle of your straight line code.
It's ridiculous and makes reading your scripts a royal PIA.
Jim -
Thanks.
Changed error_reporting to -1. No error messages. No change in output.
Ethan
CORRECT ALL THE WRONG SHIT AND YOULL GET ERROR MESSAGES!!!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Switch Statement
On 9/29/2013 1:38 AM, Jim Giner wrote:
session_start();
session_name(STORE);
set_time_limit(2400);
ini_set('display_errors', 'on');
ini_set('display_startup_errors', 'on');
error_reporting(-2);
ini_set('error_reporting', 'E_ALL | E_STRICT');
ini_set('html_errors', 'On');
ini_set('log_errors', 'On');
This is what you should have in place of all of the above:
session_start();
error_reporting(E_ALL | E_STRICT | E_NOTICE); ini_set('display_errors',
'1');
set_time_limit(2);// if you use more than 2 secs you have a problem
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 26 Sep 2013 14:49:48 -0000 Issue 8378
php-general Digest 26 Sep 2013 14:49:48 - Issue 8378
Topics (messages 322177 through 322197):
PHP and curl
322177 by: Alf Stockton
322178 by: Shawn McKenzie
322181 by: Shawn McKenzie
322197 by: Shawn McKenzie
Re: php fopen https error
322179 by: Shawn McKenzie
322180 by: Shawn McKenzie
322182 by: Markus Falb
322183 by: Markus Falb
322184 by: Shawn McKenzie
https question
322185 by: Tedd Sperling
322186 by: Joshua Kehn
322187 by: Tedd Sperling
322188 by: Joshua Kehn
322189 by: Daniel Brown
Sending PHP mail with Authentication
322190 by: dealTek
322191 by: Aziz Saleh
322192 by: Camilo Sperberg
322193 by: Camilo Sperberg
PHPDoc way to describe the magic getter/setters [SOLVED]
322194 by: Daevid Vincent
322195 by: David Harkness
Re: Apache
322196 by: Robert Stone
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
--
---BeginMessage---
In an attempt to interface with a webservice on a Windows 7 server I
have started writing the following:-
[code]
?php
$strTerminalname = CIS;
$version = 1.2;
$client = new
SoapClient(http://192.168.0.10/CISWebService/Mediamanager.asmx?WSDL;);
var_dump($client-__getFunctions());
$result =
$client-__doRequest(GetSequenceNo,$strTerminalname,$version, $one_way
= 0);
?
[/code]
and I execute it via
php php-soap-web-service.php test.txt
on my Ubuntu 13.04 laptop using php version Zend Engine v2.4.0
in return I get
array(20) {
[0]=
string(59) GetMediaListResponse GetMediaList(GetMediaList $parameters)
[1]=
string(68) GetMediaListAllResponse GetMediaListAll(GetMediaListAll
$parameters)
[2]=
string(59) GetSoundListResponse GetSoundList(GetSoundList $parameters)
[3]=
string(77) GetTerminalDataXMLResponse
GetTerminalDataXML(GetTerminalDataXML $parameters)
[4]=
string(59) GetRouterXmlResponse GetRouterXml(GetRouterXml $parameters)
[5]=
string(80) GetTerminalSoundXMLResponse
GetTerminalSoundXML(GetTerminalSoundXML $parameters)
[6]=
string(62) SetSequenceNoResponse SetSequenceNo(SetSequenceNo
$parameters)
[7]=
string(50) GetConfigResponse GetConfig(GetConfig $parameters)
[8]=
string(62) GetSequenceNoResponse GetSequenceNo(GetSequenceNo
$parameters)
[9]=
string(95) UpdateClientMediaLogTimeResponse
UpdateClientMediaLogTime(UpdateClientMediaLogTime $parameters)
[10]=
string(59) GetMediaListResponse GetMediaList(GetMediaList $parameters)
[11]=
string(68) GetMediaListAllResponse GetMediaListAll(GetMediaListAll
$parameters)
[12]=
string(59) GetSoundListResponse GetSoundList(GetSoundList $parameters)
[13]=
string(77) GetTerminalDataXMLResponse
GetTerminalDataXML(GetTerminalDataXML $parameters)
[14]=
string(59) GetRouterXmlResponse GetRouterXml(GetRouterXml $parameters)
[15]=
string(80) GetTerminalSoundXMLResponse
GetTerminalSoundXML(GetTerminalSoundXML $parameters)
[16]=
string(62) SetSequenceNoResponse SetSequenceNo(SetSequenceNo
$parameters)
[17]=
string(50) GetConfigResponse GetConfig(GetConfig $parameters)
[18]=
string(62) GetSequenceNoResponse GetSequenceNo(GetSequenceNo
$parameters)
[19]=
string(95) UpdateClientMediaLogTimeResponse
UpdateClientMediaLogTime(UpdateClientMediaLogTime $parameters)
}
now this is all great but my question is how do I call each of these
functions with parameters.
The call I immediately need to make is to GetSequenceNo() which requires
a parameter of CIS in my current configuration.
How do I do this ? Obviously $client-__doRequest is not the way to go.
--
Regards,
Alf Stockton www.stockton.co.za
---End Message---
---BeginMessage---
SOAP functions can be called as methods of the SoapClient object. Maybe:
$client-GetSequenceNo( $parameters );
-Shawn
On Wed, Sep 25, 2013 at 9:17 AM, Alf Stockton a...@stockton.co.za wrote:
In an attempt to interface with a webservice on a Windows 7 server I have
started writing the following:-
[code]
?php
$strTerminalname = CIS;
$version = 1.2;
$client = new SoapClient(http://192.168.0.**
10/CISWebService/Mediamanager.**asmx?WSDLhttp://192.168.0.10/CISWebService/Mediamanager.asmx?WSDL
);
var_dump($client-__**getFunctions());
$result =
$client-__doRequest(**GetSequenceNo,$**strTerminalname,$version,
$one_way = 0);
?
[/code]
and I execute it via
php php-soap-web-service.php test.txt
on my Ubuntu 13.04 laptop using php version Zend Engine v2.4.0
in return I get
array(20) {
[0]=
string(59) GetMediaListResponse GetMediaList(GetMediaList $parameters)
[1]=
string(68
php-general Digest 27 Sep 2013 04:56:29 -0000 Issue 8379
php-general Digest 27 Sep 2013 04:56:29 - Issue 8379 Topics (messages 322198 through 322199): Re: Sending PHP mail with Authentication 322198 by: Maciek Sokolewicz How to capture uploaded file data 322199 by: Mariusz Drozdowski Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- On 25-9-2013 22:11, dealTek wrote: Hi All, Semi newbie email question... I have used the - mail() — Send mail php function to send email from a site. now it seems the server is blocking this for safety because I should be using authentication Q: mail() does not have authentication - correct? Q: So I read from the link below that maybe I should use - PEAR Mail package is this a good choice to send mail with authentication? ...any suggestions for basic sending email with authentication (setup info and links also) would be welcome http://email.about.com/od/emailprogrammingtips/qt/PHP_Email_SMTP_Authentication.htm -- Thanks, Dave - DealTek deal...@gmail.com [db-3] I'm sure I'm going to annoy people with this, but I would advise to never use PEAR. It's the biggest load of extremely badly coded PHP you'll ever find. Creating an SMTP client (with the purpose of just sending mail) is very easy to do yourself (and also a good challenge if you're not yet very skilled with PHP). Alternatively, you can indeed use a package such as PHPMailer; it's not perfect, and quite bloated for what you want probably, but it works rather well. - Tul ---End Message--- ---BeginMessage--- Hi all php experts, I would like to ask you all a question, I hope this is the right place to ask it. I'm writing a PHP extension now in c/c++. User uploads a file (could be POST or PUT method, but I can limit it to POST only). I need to capture the file data while being uploaded, without writing it to disk on the server. I need to process the data and (maybe, depending on a situation) send it somewhere else or save it to disk. Of course I know, that I can process the file after it has been uploaded (saved on disk on the server), but I would like to avoid it. I also need to do something opposite: I need to generate a file on the fly and send it to the user. All metadata of the generated file is known beforehand (e.g. size, name). I've been searching around for some time now and I could not find anything even close to the solution. Is there any example(s) or existing PHP extension that do(es) something like this (at least something simmilar) ? If you could give me any pointers that would be awesome. Thanks for your help in advance. Mariusz ---End Message---
Re: [PHP] PHP and curl
Unfortunately this isn't anything to do with PHP. I don't have any info on
the app, what it's supposed to return or what the parameter passed should
be. The PHP soap call is working, but the app isn't returning what you
want or expect I guess.
On Thu, Sep 26, 2013 at 8:36 AM, Alf Stockton a...@stockton.co.za wrote:
Shawn, that was silly of me. I have now removed the echo but I still do
not get the expected result from the server.
var_dump of $result returns:-
object(stdClass)#2 (1) {
[GetSequenceNoResult]=
object(stdClass)#3 (6) {
[iServerNo]=
int(0)
[iClientNo]=
int(0)
[bNoLimitDownload]=
bool(false)
[dtStartDate]=
string(19) 0001-01-01T00:00:00
[dtEndDate]=
string(19) 0001-01-01T00:00:00
[dtServerTime]=
string(19) 0001-01-01T00:00:00
}
}
whereas the expected result is to have each of those fields containing
data.
My code now looks like
?php
$strTerminalname = CIS;
$version = 1.2;
$client = new SoapClient(
http://192.168.0.10/CISWebService/Mediamanager.asmx?WSDL;http://192.168.0.10/CISWebService/Mediamanager.asmx?WSDL
);
$result = $client-GetSequenceNo($strTerminalname);
print_r($result);
var_dump($result);
?
On 25/09/13 17:23, Shawn McKenzie wrote:
$result = $client-GetSequenceNo( CIS ); shouldn't be throwing that
error. Maybe you are trying to do something with $result afterwards? Try
var_dump($result);
On Wed, Sep 25, 2013 at 10:12 AM, Alf Stockton a...@stockton.co.za wrote:
On 25/09/13 16:52, Shawn McKenzie wrote:
$client-GetSequenceNo( $parameters );
That unfortunately returns
alf@alf-ThinkPad-T500:~/Development/PHP/DevIt$ php
php-soap-web-service.php test.txt
PHP Catchable fatal error: Object of class stdClass could not be
converted to string in
/home/alf/Development/PHP/DevIt/php-soap-web-service.php on line 7
No matter if I use
$result = $client-GetSequenceNo( CIS );
or
$result = $client-GetSequenceNo($strTerminalname);
--
Regards,
Alf Stockton www.stockton.co.za
--
--
Thanks!
-Shawn
--
--
Regards,
Alf Stockton www.stockton.co.za
--
Thanks!
-Shawn
[PHP] Re: Sending PHP mail with Authentication
On 25-9-2013 22:11, dealTek wrote: Hi All, Semi newbie email question... I have used the - mail() — Send mail php function to send email from a site. now it seems the server is blocking this for safety because I should be using authentication Q: mail() does not have authentication - correct? Q: So I read from the link below that maybe I should use - PEAR Mail package is this a good choice to send mail with authentication? ...any suggestions for basic sending email with authentication (setup info and links also) would be welcome http://email.about.com/od/emailprogrammingtips/qt/PHP_Email_SMTP_Authentication.htm -- Thanks, Dave - DealTek deal...@gmail.com [db-3] I'm sure I'm going to annoy people with this, but I would advise to never use PEAR. It's the biggest load of extremely badly coded PHP you'll ever find. Creating an SMTP client (with the purpose of just sending mail) is very easy to do yourself (and also a good challenge if you're not yet very skilled with PHP). Alternatively, you can indeed use a package such as PHPMailer; it's not perfect, and quite bloated for what you want probably, but it works rather well. - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to capture uploaded file data
Hi all php experts, I would like to ask you all a question, I hope this is the right place to ask it. I'm writing a PHP extension now in c/c++. User uploads a file (could be POST or PUT method, but I can limit it to POST only). I need to capture the file data while being uploaded, without writing it to disk on the server. I need to process the data and (maybe, depending on a situation) send it somewhere else or save it to disk. Of course I know, that I can process the file after it has been uploaded (saved on disk on the server), but I would like to avoid it. I also need to do something opposite: I need to generate a file on the fly and send it to the user. All metadata of the generated file is known beforehand (e.g. size, name). I've been searching around for some time now and I could not find anything even close to the solution. Is there any example(s) or existing PHP extension that do(es) something like this (at least something simmilar) ? If you could give me any pointers that would be awesome. Thanks for your help in advance. Mariusz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 25 Sep 2013 14:09:46 -0000 Issue 8377
php-general Digest 25 Sep 2013 14:09:46 - Issue 8377 Topics (messages 322176 through 322176): php fopen https error 322176 by: Markus Falb Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- With RHEL/CentOS 5 php I get an SSL Error RHEL/CentOS 5 php is at 5.1.6 with security fixes backported. ?php $handle = fopen(https://maps.google.com;, r); $contents = stream_get_contents($handle); fclose($handle); ? will result in something like Warning: stream_get_contents(): SSL: fatal protocol error in bla.php on line 3 Some https pages do not raise this error, e.g. https://www.redhat.com is fine What is wrong? How to debug? How to resolve? How to mitigate? Thanks -- Markus Falb ---End Message---
[PHP] php fopen https error
With RHEL/CentOS 5 php I get an SSL Error RHEL/CentOS 5 php is at 5.1.6 with security fixes backported. ?php $handle = fopen(https://maps.google.com;, r); $contents = stream_get_contents($handle); fclose($handle); ? will result in something like Warning: stream_get_contents(): SSL: fatal protocol error in bla.php on line 3 Some https pages do not raise this error, e.g. https://www.redhat.com is fine What is wrong? How to debug? How to resolve? How to mitigate? Thanks -- Markus Falb -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP and curl
In an attempt to interface with a webservice on a Windows 7 server I
have started writing the following:-
[code]
?php
$strTerminalname = CIS;
$version = 1.2;
$client = new
SoapClient(http://192.168.0.10/CISWebService/Mediamanager.asmx?WSDL;);
var_dump($client-__getFunctions());
$result =
$client-__doRequest(GetSequenceNo,$strTerminalname,$version, $one_way
= 0);
?
[/code]
and I execute it via
php php-soap-web-service.php test.txt
on my Ubuntu 13.04 laptop using php version Zend Engine v2.4.0
in return I get
array(20) {
[0]=
string(59) GetMediaListResponse GetMediaList(GetMediaList $parameters)
[1]=
string(68) GetMediaListAllResponse GetMediaListAll(GetMediaListAll
$parameters)
[2]=
string(59) GetSoundListResponse GetSoundList(GetSoundList $parameters)
[3]=
string(77) GetTerminalDataXMLResponse
GetTerminalDataXML(GetTerminalDataXML $parameters)
[4]=
string(59) GetRouterXmlResponse GetRouterXml(GetRouterXml $parameters)
[5]=
string(80) GetTerminalSoundXMLResponse
GetTerminalSoundXML(GetTerminalSoundXML $parameters)
[6]=
string(62) SetSequenceNoResponse SetSequenceNo(SetSequenceNo
$parameters)
[7]=
string(50) GetConfigResponse GetConfig(GetConfig $parameters)
[8]=
string(62) GetSequenceNoResponse GetSequenceNo(GetSequenceNo
$parameters)
[9]=
string(95) UpdateClientMediaLogTimeResponse
UpdateClientMediaLogTime(UpdateClientMediaLogTime $parameters)
[10]=
string(59) GetMediaListResponse GetMediaList(GetMediaList $parameters)
[11]=
string(68) GetMediaListAllResponse GetMediaListAll(GetMediaListAll
$parameters)
[12]=
string(59) GetSoundListResponse GetSoundList(GetSoundList $parameters)
[13]=
string(77) GetTerminalDataXMLResponse
GetTerminalDataXML(GetTerminalDataXML $parameters)
[14]=
string(59) GetRouterXmlResponse GetRouterXml(GetRouterXml $parameters)
[15]=
string(80) GetTerminalSoundXMLResponse
GetTerminalSoundXML(GetTerminalSoundXML $parameters)
[16]=
string(62) SetSequenceNoResponse SetSequenceNo(SetSequenceNo
$parameters)
[17]=
string(50) GetConfigResponse GetConfig(GetConfig $parameters)
[18]=
string(62) GetSequenceNoResponse GetSequenceNo(GetSequenceNo
$parameters)
[19]=
string(95) UpdateClientMediaLogTimeResponse
UpdateClientMediaLogTime(UpdateClientMediaLogTime $parameters)
}
now this is all great but my question is how do I call each of these
functions with parameters.
The call I immediately need to make is to GetSequenceNo() which requires
a parameter of CIS in my current configuration.
How do I do this ? Obviously $client-__doRequest is not the way to go.
--
Regards,
Alf Stockton www.stockton.co.za
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and curl
SOAP functions can be called as methods of the SoapClient object. Maybe:
$client-GetSequenceNo( $parameters );
-Shawn
On Wed, Sep 25, 2013 at 9:17 AM, Alf Stockton a...@stockton.co.za wrote:
In an attempt to interface with a webservice on a Windows 7 server I have
started writing the following:-
[code]
?php
$strTerminalname = CIS;
$version = 1.2;
$client = new SoapClient(http://192.168.0.**
10/CISWebService/Mediamanager.**asmx?WSDLhttp://192.168.0.10/CISWebService/Mediamanager.asmx?WSDL
);
var_dump($client-__**getFunctions());
$result =
$client-__doRequest(**GetSequenceNo,$**strTerminalname,$version,
$one_way = 0);
?
[/code]
and I execute it via
php php-soap-web-service.php test.txt
on my Ubuntu 13.04 laptop using php version Zend Engine v2.4.0
in return I get
array(20) {
[0]=
string(59) GetMediaListResponse GetMediaList(GetMediaList $parameters)
[1]=
string(68) GetMediaListAllResponse GetMediaListAll(**GetMediaListAll
$parameters)
[2]=
string(59) GetSoundListResponse GetSoundList(GetSoundList $parameters)
[3]=
string(77) GetTerminalDataXMLResponse
GetTerminalDataXML(**GetTerminalDataXML
$parameters)
[4]=
string(59) GetRouterXmlResponse GetRouterXml(GetRouterXml $parameters)
[5]=
string(80) GetTerminalSoundXMLResponse
GetTerminalSoundXML(**GetTerminalSoundXML
$parameters)
[6]=
string(62) SetSequenceNoResponse SetSequenceNo(SetSequenceNo
$parameters)
[7]=
string(50) GetConfigResponse GetConfig(GetConfig $parameters)
[8]=
string(62) GetSequenceNoResponse GetSequenceNo(GetSequenceNo
$parameters)
[9]=
string(95) **UpdateClientMediaLogTimeRespon**se
UpdateClientMediaLogTime(**UpdateClientMediaLogTime $parameters)
[10]=
string(59) GetMediaListResponse GetMediaList(GetMediaList $parameters)
[11]=
string(68) GetMediaListAllResponse GetMediaListAll(**GetMediaListAll
$parameters)
[12]=
string(59) GetSoundListResponse GetSoundList(GetSoundList $parameters)
[13]=
string(77) GetTerminalDataXMLResponse
GetTerminalDataXML(**GetTerminalDataXML
$parameters)
[14]=
string(59) GetRouterXmlResponse GetRouterXml(GetRouterXml $parameters)
[15]=
string(80) GetTerminalSoundXMLResponse
GetTerminalSoundXML(**GetTerminalSoundXML
$parameters)
[16]=
string(62) SetSequenceNoResponse SetSequenceNo(SetSequenceNo
$parameters)
[17]=
string(50) GetConfigResponse GetConfig(GetConfig $parameters)
[18]=
string(62) GetSequenceNoResponse GetSequenceNo(GetSequenceNo
$parameters)
[19]=
string(95) **UpdateClientMediaLogTimeRespon**se
UpdateClientMediaLogTime(**UpdateClientMediaLogTime $parameters)
}
now this is all great but my question is how do I call each of these
functions with parameters.
The call I immediately need to make is to GetSequenceNo() which requires a
parameter of CIS in my current configuration.
How do I do this ? Obviously $client-__doRequest is not the way to go.
--
Regards,
Alf Stockton www.stockton.co.za
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php fopen https error
I believe this was a bug, is only a warning that may be suppressed and may have been fixed in 5.2.0. Are you aware that PHP is at 5.5.4 and that 5.1.6 is over 7 years old? -Shawn On Wed, Sep 25, 2013 at 9:09 AM, Markus Falb markus.f...@fasel.at wrote: With RHEL/CentOS 5 php I get an SSL Error RHEL/CentOS 5 php is at 5.1.6 with security fixes backported. ?php $handle = fopen(https://maps.google.com;, r); $contents = stream_get_contents($handle); fclose($handle); ? will result in something like Warning: stream_get_contents(): SSL: fatal protocol error in bla.php on line 3 Some https pages do not raise this error, e.g. https://www.redhat.com is fine What is wrong? How to debug? How to resolve? How to mitigate? Thanks -- Markus Falb -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php fopen https error
Just as I thought: 5.2.0 Fixed bug #39039 SSL: fatal protocol error when fetching HTTPS from servers running Google web server). (Ilia) On Wed, Sep 25, 2013 at 10:03 AM, Shawn McKenzie shawn.mcken...@gmail.comwrote: I believe this was a bug, is only a warning that may be suppressed and may have been fixed in 5.2.0. Are you aware that PHP is at 5.5.4 and that 5.1.6 is over 7 years old? -Shawn On Wed, Sep 25, 2013 at 9:09 AM, Markus Falb markus.f...@fasel.at wrote: With RHEL/CentOS 5 php I get an SSL Error RHEL/CentOS 5 php is at 5.1.6 with security fixes backported. ?php $handle = fopen(https://maps.google.com;, r); $contents = stream_get_contents($handle); fclose($handle); ? will result in something like Warning: stream_get_contents(): SSL: fatal protocol error in bla.php on line 3 Some https pages do not raise this error, e.g. https://www.redhat.com is fine What is wrong? How to debug? How to resolve? How to mitigate? Thanks -- Markus Falb -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and curl
Keep on list. $result = $client-GetSequenceNo( CIS ); shouldn't be throwing that error. Maybe you are trying to do something with $result afterwards? Try var_dump($result); On Wed, Sep 25, 2013 at 10:12 AM, Alf Stockton a...@stockton.co.za wrote: On 25/09/13 16:52, Shawn McKenzie wrote: $client-GetSequenceNo( $parameters ); That unfortunately returns alf@alf-ThinkPad-T500:~/Development/PHP/DevIt$ php php-soap-web-service.php test.txt PHP Catchable fatal error: Object of class stdClass could not be converted to string in /home/alf/Development/PHP/DevIt/php-soap-web-service.php on line 7 No matter if I use $result = $client-GetSequenceNo( CIS ); or $result = $client-GetSequenceNo($strTerminalname); -- Regards, Alf Stockton www.stockton.co.za -- -- Thanks! -Shawn --
Re: [PHP] php fopen https error
On 25.9.2013 17:12, Shawn McKenzie wrote: Just as I thought: 5.2.0 Fixed bug #39039 SSL: fatal protocol error when fetching HTTPS from servers running Google web server). (Ilia) Thanks, but ... I am not sure how what I am supposed to do with this information. #39039 says it is a bug and it was fixed. How do I proceed to understand this bug? Where can I find the appropiate patch? Where is this bug discussed? I am sorry if I strain it (too much?) but the link to this bug does not give a solution to the problem and it does not help to understand the problem. I understand that somewhere in cvs there is the solution, but I can not see an obvious way to get it from the information in #39039 -- Markus Falb -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php fopen https error
On 25.9.2013 17:03, Shawn McKenzie wrote: I believe this was a bug, is only a warning that may be suppressed and may have been fixed in 5.2.0. Are you aware that PHP is at 5.5.4 and that 5.1.6 is over 7 years old? Please understand that some Distributions do the only backport security stuff thing, e.g. RedHat is supporting for 10 years nowadays. I do not complain, I just try to understand the issue. Thanks -- Markus Falb -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php fopen https error
I thought I covered that. The bug was fixed 7 years ago. Upgrade PHP, I doubt there is a patch. I understand that not all coders or distributions will have the latest version of PHP, but come on, how many thousands of bugs have been fixed in 7 years? You're going to run into more. Alternatively you could try and suppress it. From the bug it sounded like it was only the warning that was the bug, so the code should work. I can't test because my PHP on CentOS is only 3 years old (5.3.3). $contents = @stream_get_contents($handle); On Wed, Sep 25, 2013 at 11:20 AM, Markus Falb markus.f...@fasel.at wrote: On 25.9.2013 17:12, Shawn McKenzie wrote: Just as I thought: 5.2.0 Fixed bug #39039 SSL: fatal protocol error when fetching HTTPS from servers running Google web server). (Ilia) Thanks, but ... I am not sure how what I am supposed to do with this information. #39039 says it is a bug and it was fixed. How do I proceed to understand this bug? Where can I find the appropiate patch? Where is this bug discussed? I am sorry if I strain it (too much?) but the link to this bug does not give a solution to the problem and it does not help to understand the problem. I understand that somewhere in cvs there is the solution, but I can not see an obvious way to get it from the information in #39039 -- Markus Falb -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] https question
Hi gang: I have a client who had his entire site moved to another host -- no big problem. However, the old site had a https directory, where I had secure scripts to do credit-card transactions, but the new site doesn't have a https directory -- in fact it doesn't even have a http directory at all. So, what options do I have to do secure transactions? I remember someone saying that this could be done via a .htaccess file, but I don't have the code, nor am I positive this is the answer. What do you recommend? Thanks, tedd ___ tedd sperling t...@sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] https question
On Sep 25, 2013, at 1:55 PM, Tedd Sperling t...@sperling.com wrote: Hi gang: I have a client who had his entire site moved to another host -- no big problem. However, the old site had a https directory, where I had secure scripts to do credit-card transactions, but the new site doesn't have a https directory -- in fact it doesn't even have a http directory at all. So, what options do I have to do secure transactions? I remember someone saying that this could be done via a .htaccess file, but I don't have the code, nor am I positive this is the answer. What do you recommend? Thanks, tedd Did you setup the server (Apache / nginx) configuration? The entire site should be served under https if you're doing CC processing Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] https question
On Sep 25, 2013, at 1:58 PM, Joshua Kehn josh.k...@gmail.com wrote: On Sep 25, 2013, at 1:55 PM, Tedd Sperling t...@sperling.com wrote: Hi gang: I have a client who had his entire site moved to another host -- no big problem. However, the old site had a https directory, where I had secure scripts to do credit-card transactions, but the new site doesn't have a https directory -- in fact it doesn't even have a http directory at all. So, what options do I have to do secure transactions? I remember someone saying that this could be done via a .htaccess file, but I don't have the code, nor am I positive this is the answer. What do you recommend? Thanks, tedd Did you setup the server (Apache / nginx) configuration? The entire site should be served under https if you're doing CC processing Best, –Josh I understand that cc processing should be done via https. Normally, that means to me that I place my $ scripts in a https directory -- the problem is that I don't have one with this host. So, I am asking how does one do that with a https directory? Thanks, tedd ___ tedd sperling tedd.sperl...@gmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] https question
On Sep 25, 2013, at 2:24 PM, Tedd Sperling tedd.sperl...@gmail.com wrote: I understand that cc processing should be done via https. Normally, that means to me that I place my $ scripts in a https directory -- the problem is that I don't have one with this host. So, I am asking how does one do that with a https directory? Thanks, tedd ___ tedd sperling tedd.sperl...@gmail.com I'm saying the site should be served entirely under HTTPS. There shouldn't be separate https/http directories. Apache (or whatever your web server is) has a certificate installed on it and that vhost is configured to only respond to https requests. Typically this also means running a separate vhost on http that redirects to the https variant. Where is this new host? It should be a dedicated box (vps or other) due to how the certificates need to be issued (dedicated ip address). Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] https question
On Wed, Sep 25, 2013 at 1:55 PM, Tedd Sperling t...@sperling.com wrote:
Hi gang:
I have a client who had his entire site moved to another host -- no big
problem.
However, the old site had a https directory, where I had secure scripts to do
credit-card transactions, but the new site doesn't have a https directory --
in fact it doesn't even have a http directory at all. So, what options do I
have to do secure transactions?
I remember someone saying that this could be done via a .htaccess file, but I
don't have the code, nor am I positive this is the answer.
What do you recommend?
Sounds like it may have been moved from a Plesk server to a
non-Plesk server (or something using a similar path setup). If it's
still Apache-based, yes, an .htaccess mod_rewrite directive should
suffice. And, while it's out-of-scope for this list, an example, for
posterity:
# .htaccess - placed in the web root
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [QSA,R,L]
--
/Daniel P. Brown
Network Infrastructure Manager
http://www.php.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sending PHP mail with Authentication
Hi All, Semi newbie email question... I have used the - mail() — Send mail php function to send email from a site. now it seems the server is blocking this for safety because I should be using authentication Q: mail() does not have authentication - correct? Q: So I read from the link below that maybe I should use - PEAR Mail package is this a good choice to send mail with authentication? ...any suggestions for basic sending email with authentication (setup info and links also) would be welcome http://email.about.com/od/emailprogrammingtips/qt/PHP_Email_SMTP_Authentication.htm -- Thanks, Dave - DealTek deal...@gmail.com [db-3] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sending PHP mail with Authentication
Usually if I am using a framework I would use the SMTP library associated with it. If it doesn't have one, I use phpmailer, fast and easy to setup: http://phpmailer.worxware.com/index.php?pg=examplebsmtp Aziz On Wed, Sep 25, 2013 at 4:11 PM, dealTek deal...@gmail.com wrote: Hi All, Semi newbie email question... I have used the - mail() — Send mail php function to send email from a site. now it seems the server is blocking this for safety because I should be using authentication Q: mail() does not have authentication - correct? Q: So I read from the link below that maybe I should use - PEAR Mail package is this a good choice to send mail with authentication? ...any suggestions for basic sending email with authentication (setup info and links also) would be welcome http://email.about.com/od/emailprogrammingtips/qt/PHP_Email_SMTP_Authentication.htm -- Thanks, Dave - DealTek deal...@gmail.com [db-3] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sending PHP mail with Authentication
Another vote for PHPMailer, I have it working several years already (authenticating against a Zimbra and Outlook SMTP server) without problems. Greetings. On Wed, Sep 25, 2013 at 11:12 PM, Aziz Saleh azizsa...@gmail.com wrote: Usually if I am using a framework I would use the SMTP library associated with it. If it doesn't have one, I use phpmailer, fast and easy to setup: http://phpmailer.worxware.com/index.php?pg=examplebsmtp Aziz On Wed, Sep 25, 2013 at 4:11 PM, dealTek deal...@gmail.com wrote: Hi All, Semi newbie email question... I have used the - mail() — Send mail php function to send email from a site. now it seems the server is blocking this for safety because I should be using authentication Q: mail() does not have authentication - correct? Q: So I read from the link below that maybe I should use - PEAR Mail package is this a good choice to send mail with authentication? ...any suggestions for basic sending email with authentication (setup info and links also) would be welcome http://email.about.com/od/emailprogrammingtips/qt/PHP_Email_SMTP_Authentication.htm -- Thanks, Dave - DealTek deal...@gmail.com [db-3] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sending PHP mail with Authentication
On Wed, Sep 25, 2013 at 11:48 PM, Camilo Sperberg m...@unreal4u.com wrote: Another vote for PHPMailer, I have it working several years already (authenticating against a Zimbra and Outlook SMTP server) without problems. Greetings. On Wed, Sep 25, 2013 at 11:12 PM, Aziz Saleh azizsa...@gmail.com wrote: Usually if I am using a framework I would use the SMTP library associated with it. If it doesn't have one, I use phpmailer, fast and easy to setup: http://phpmailer.worxware.com/index.php?pg=examplebsmtp Aziz On Wed, Sep 25, 2013 at 4:11 PM, dealTek deal...@gmail.com wrote: Hi All, Semi newbie email question... I have used the - mail() — Send mail php function to send email from a site. now it seems the server is blocking this for safety because I should be using authentication Q: mail() does not have authentication - correct? Q: So I read from the link below that maybe I should use - PEAR Mail package is this a good choice to send mail with authentication? ...any suggestions for basic sending email with authentication (setup info and links also) would be welcome http://email.about.com/od/emailprogrammingtips/qt/PHP_Email_SMTP_Authentication.htm -- Thanks, Dave - DealTek deal...@gmail.com [db-3] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Another vote for PHPMailer, I have it working several years already (authenticating against a Zimbra and Outlook SMTP server) without problems. Greetings. PD: Sorry for previous mail, it has been some time that I haven't used the webmail interface of gmail :) -- Mailed by: UnReAl4U - unreal4u ICQ #: 54472056 www1: http://www.chw.net/ www2: http://unreal4u.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPDoc way to describe the magic getter/setters [SOLVED]
I use a base.class that most classes extend from. That class uses the lovely
Magic Methods for overloading __get() and __set()
http://php.net/manual/en/language.oop5.magic.php
However (in Zend Studio for example) when I try to auto-assist a property
$foo I don't see that it has a get() or set() method.
I'd like to see something like $this-get_foo() or $this-set_foo() and
also if possible have them show up in the Outline tab window.
Then I randomly stumbled upon this PHPDoc @ method tag and my whole world
is brighter today than it has been for the past, oh let's say DECADE!
http://manual.phpdoc.org/HTMLSmartyConverter/PHP/phpDocumentor/tutorial_tags
.method.pkg.html
or @property too.
http://manual.phpdoc.org/HTMLSmartyConverter/PHP/phpDocumentor/tutorial_tags
.property.pkg.html
*giddy!*
(now I just have to go back through all my code and update the class
documentation headers everywhere)
?php
/**
* This is an example of how to use PHPDoc to describe the magic __get() and
__set()
* so that Zend Studio / Eclipse / Other IDEs can utilize the methods that
don't technically exist.
*
* @methodvoid set_name() set_name(string $name) magic setter for $name
property
* @methodstring get_name() get_name() magic getter for $name property
*
* @link
http://manual.phpdoc.org/HTMLSmartyConverter/PHP/phpDocumentor/tutorial_tags
.method.pkg.html
* @link
http://manual.phpdoc.org/HTMLSmartyConverter/PHP/phpDocumentor/tutorial_tags
.property.pkg.html
*/
class foo
{
/**
* @var string $name the description of $name goes here
*/
protected $name;
public function __construct($id = NULL)
{
}
}
$myobj = new foo();
Put your cursor after the - and hit CTRL+SPACE.
Notice how you have magic get_name() and set_name($name)
appearing and also in the Eclipse Outline pane
$myobj-
You're welcome.
?
Re: [PHP] PHPDoc way to describe the magic getter/setters [SOLVED]
On Wed, Sep 25, 2013 at 4:31 PM, Daevid Vincent dae...@daevid.com wrote: Then I randomly stumbled upon this PHPDoc @ method tag and my whole world is brighter today than it has been for the past, oh let's say DECADE! Yes, @method and @property are very handy. Out of curiosity, since you're providing magic getters and setters, why not use __get and __set instead of __call with matching on get_xxx and set_xxx? This would allow using the simpler (and IMHO much more expressive and PHP-ish) forms $obj-foo = $obj-bar + 5; Peace, David
Re: [PHP] Apache
De: Ashley Sheridan a...@ashleysheridan.co.uk
Para: m...@nikha.org; Domain nikha.org m...@nikha.org
Cc: php-general@lists.php.net
Enviadas: Quarta-feira, 25 de Setembro de 2013 2:22
Assunto: Re: [PHP] Apache
Domain nikha.org m...@nikha.org wrote:
Ashley Sheridan am Montag, 23. September 2013 - 21:35:
No, no, no! That is not a good stand-in for fundamental security
principles!
This is a better method for ensuring an image is really an image:
?php
if(isset($_FILES['file']))
{
list($width, $height) = getimagesize($_FILES['file']['tmp_name']);
if($width $height)
{
$source = imagecreatefromjpeg($_FILES['file']['tmp_name']);
$dest = imagecreatetruecolor($width, $height);
imagecopyresampled($dest, $source,
0, 0, 0, 0,
$width, $height, $width, $height);
imagejpeg($dest, basename($_FILES['file']['tmp_name']));
}
else
echo {$_FILES['file']['name']} is not a jpeg;
}
?
form enctype=multipart/form-data method=post
input type=file name=file/
input type=submit name=submit value=submit/
/form
Obviously it's only rough, and checks only for jpeg images, but
that's
easy to alter. I've just tested this with a regular jpeg, the same
jpeg
with PHP code concatenated onto the end (which still appears to be a
valid image to viewing/editing software) and a pure PHP file with a
.jpg
extension. In the case of the first 2, a new jpeg is generated with
the
same image and without the code. The third example just echoes out an
error.
Dear Ashley, nice, but useless for this problem!
The problem was to do with an image upload, so no, not useless.
First, because users may upload other things than images! PDF's, audio
files, videos etc!
In an earlier email I detailed some methods for validating other types, such as
DomDocument for HTML, XML, svg, etc, or fpdf for PDF.
And on behalf images: GD you are using handles only
jpeg, gif and png. There are about hunderd other image types on the
way,
At the moment those are the 3 raster formats you can use on the web, so those
are the ones that pose an issue. If you're using anything else, it's not for
web and doesn't need to be in a publicly accessible location.
users can upload! How to detect them, if the extension is missleading?
The extension comes from the user. Never trust the user, ever.
And even if we succeed: As your script demonstrates very well,
malicious
code does not affect the rendering of the image.
My script does effectively strip out malicious code though, even if it can't
easily be seen.
The hacker says: Hi,
this is a nice picture, play it, and then, please do this--follows his
code, that can be a desaster for the whole system.
Social engineering is a whole different issue.
Yes, your script seems to purge the image file, simply because GD does
not copy the malware code. But why are you sure about that? You cannot
see that code, OK, but may be it was executed in the plain GD
environement?
GD isn't a PHP parser, and PHP doesn't execute the image before GD touches it.
Infact, Apache isn't even involved between GD and the image at that point, so
it won't suffer from this bad config.
What you are doing is dangerous, because you force the
execution of things that should be never executed!
Erm, no, the image isn't being executed.
no no no forget it. After all we cannot exclude that users come in
with malware.
If you think it's fine that a user be able to upload malware, then you're going
to have a very bad time.
But we MUST exclude, it is executed on the web server.
This is important too, but in this profession belt and braces is best I
believe.
That is the Apache chainsaw massacre as Steward whould say. And
probably
it can be avoided by purging the filenames (not the files!).
Nevertheless, the standard configuration of the Apache servers is
basically unacceptable. It must execute user requests and never ever
user files! Period.
Have nice days,
Niklaus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Thanks,
Ash
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Sorry for this late post but I'm amazed nobody consulted the doco.
The php.net site has a whole section titled Handling File Uploads.
Also check out finfo_open and finfo_file.
If your are a windoze user you need a dll.
If you want Apache to handle PUT requests you MUST tell it to run a script as
it cannot write to web root.
HTH
Robert
php-general Digest 24 Sep 2013 10:38:18 -0000 Issue 8375
php-general Digest 24 Sep 2013 10:38:18 - Issue 8375 Topics (messages 322160 through 322170): Re: No MIME-Type in imap_fetch_overview() 322160 by: Negin Nickparsa 322161 by: Negin Nickparsa 322166 by: Aziz Saleh 322168 by: Domain nikha.org 322169 by: Domain nikha.org Re: Apache 322162 by: Domain nikha.org 322165 by: Ashley Sheridan 322167 by: Tamara Temple 322170 by: Arno Kuhl Re: filesize() fails on file and works on it's copy (same permissions, same directory) 322163 by: MichaÅ Kochanowicz 322164 by: MichaÅ Kochanowicz Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- I have read your mail twice and still I could not get what you want exactly. can't get the structure of the email either although you elaborate it in details. you have said something about human rights that I couldn't understand why? but if you want to get the type of files fetch the structure and then you can use disposition string, find the attachment and then return the array. Sincerely Negin Nickparsa On Wed, Sep 18, 2013 at 3:27 PM, Domain nikha.org m...@nikha.org wrote: Hello all, im posting this here, because the bug report system of php.net is not right place for my problem. It's not a bug, but a wish - an I found there no wishlist option at all. I'm running my own webmail-client, written in PHP. It is stable, fast and pretty, showing the full power of the PHP imap section. Of course it presents paginated content lists for every mailbox the user may open. These lists tell him some usefull things about every mail actually listed: Sender, date, subject, size and (eventually) flags. All these things are nicely delivered by the function imap_fetch_overview() The same could be done by calling imap_headerinfo() for every single mail, but fetch_overview seems to be faster, because it does it at once for the whole batch. BUT NONE OF THEM returns any information about the MIME-Type of the mail! Since the user of my webmail client has the intrinsic, natural born an general human right to KNOW whether some mail in his mailbox has attachments or not, I'm forced to do very ugly things. My script calls additionally for every (!) actually listed mail imap_fetchbody($connect, $msg_no, 0) - where $connect holds the result of imap_open(). That gives me the mail header, the script reads the line starting with Content-Type: and returns its content. Evaluating this against mixed or alternative we have finaly what we want: This mail has attachments! Or is written in HTML, what is even more we wanted! Works fine, but is ugly. First fetch_overview parses all mail headers, then they are fetched again to be parsed for the MIME-Type. I could just omit fetch_overview and read the headers by my own means, that whould be faster, but then I loose the size information, that is NOT (and cannot) be part of the mail header! If I want to have both, size and MIME-Type, and I WANT to have both, respecting the intrinsic, natural born and general human rights of my user, im must call both, overview and fetchbody. My question is this: Is there a better solution? Or is there someone that knows someone among the PHP-Developpers to suggest them an improvement of the functions imap_fetch_overivew() and imap_headerinfo(). Please, Please, add the MIME-Type to your fantastic object collections! BTW: It's really easy. Read the Content-Type-Line! Sorry... Hope, somebody has an idea, my regards, Niklaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ---End Message--- ---BeginMessage--- I have read your mail twice and still I could not get what you want exactly. can't get the structure of the email either although you elaborate it in details. you have said something about human rights that I couldn't understand why? but if you want to get the type of files fetch the structure and then you can use disposition string, find the attachment and then return the array. Sincerely Negin Nickparsa On Wed, Sep 18, 2013 at 3:27 PM, Domain nikha.org m...@nikha.org wrote: Hello all, im posting this here, because the bug report system of php.net is not right place for my problem. It's not a bug, but a wish - an I found there no wishlist option at all. I'm running my own webmail-client, written in PHP. It is stable, fast and pretty, showing the full power of the PHP imap section. Of course it presents paginated content lists for every mailbox the user may open. These lists tell him some usefull things about every mail actually listed
php-general Digest 24 Sep 2013 22:58:33 -0000 Issue 8376
php-general Digest 24 Sep 2013 22:58:33 - Issue 8376
Topics (messages 322171 through 322175):
Re: Apache
322171 by: Domain nikha.org
322172 by: Domain nikha.org
322173 by: Ashley Sheridan
322174 by: Domain nikha.org
322175 by: Ashley Sheridan
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
--
---BeginMessage---
Ashley Sheridan am Montag, 23. September 2013 - 21:35:
No, no, no! That is not a good stand-in for fundamental security
principles!
This is a better method for ensuring an image is really an image:
?php
if(isset($_FILES['file']))
{
list($width, $height) = getimagesize($_FILES['file']['tmp_name']);
if($width $height)
{
$source = imagecreatefromjpeg($_FILES['file']['tmp_name']);
$dest = imagecreatetruecolor($width, $height);
imagecopyresampled($dest, $source,
0, 0, 0, 0,
$width, $height, $width, $height);
imagejpeg($dest, basename($_FILES['file']['tmp_name']));
}
else
echo {$_FILES['file']['name']} is not a jpeg;
}
?
form enctype=multipart/form-data method=post
input type=file name=file/
input type=submit name=submit value=submit/
/form
Obviously it's only rough, and checks only for jpeg images, but
that's
easy to alter. I've just tested this with a regular jpeg, the same
jpeg
with PHP code concatenated onto the end (which still appears to be a
valid image to viewing/editing software) and a pure PHP file with a
.jpg
extension. In the case of the first 2, a new jpeg is generated with
the
same image and without the code. The third example just echoes out an
error.
Dear Ashley, nice, but useless for this problem!
First, because users may upload other things than images! PDF's, audio
files, videos etc! And on behalf images: GD you are using handles only
jpeg, gif and png. There are about hunderd other image types on the way,
users can upload! How to detect them, if the extension is missleading?
And even if we succeed: As your script demonstrates very well, malicious
code does not affect the rendering of the image. The hacker says: Hi,
this is a nice picture, play it, and then, please do this--follows his
code, that can be a desaster for the whole system.
Yes, your script seems to purge the image file, simply because GD does
not copy the malware code. But why are you sure about that? You cannot
see that code, OK, but may be it was executed in the plain GD
environement? What you are doing is dangerous, because you force the
execution of things that should be never executed!
no no no forget it. After all we cannot exclude that users come in
with malware. But we MUST exclude, it is executed on the web server.
That is the Apache chainsaw massacre as Steward whould say. And probably
it can be avoided by purging the filenames (not the files!).
Nevertheless, the standard configuration of the Apache servers is
basically unacceptable. It must execute user requests and never ever
user files! Period.
Have nice days,
Niklaus
---End Message---
---BeginMessage---
Tamara Temple am Montag, 23. September 2013 - 22:38:
On Sep 23, 2013, at 1:36 PM, Domain nikha.org m...@nikha.org wrote:
Better solutions?
One I have used, and continue to use in Apache environments, is place
uploads only in a place where they cannot be executed by turning off
such options and handlers in that directory. This is *in addition* to
untainting files and names of uploaded files.
Good idea. I will do this right now
Niklaus
---End Message---
---BeginMessage---
Domain nikha.org m...@nikha.org wrote:
Ashley Sheridan am Montag, 23. September 2013 - 21:35:
No, no, no! That is not a good stand-in for fundamental security
principles!
This is a better method for ensuring an image is really an image:
?php
if(isset($_FILES['file']))
{
list($width, $height) = getimagesize($_FILES['file']['tmp_name']);
if($width $height)
{
$source = imagecreatefromjpeg($_FILES['file']['tmp_name']);
$dest = imagecreatetruecolor($width, $height);
imagecopyresampled($dest, $source,
0, 0, 0, 0,
$width, $height, $width, $height);
imagejpeg($dest, basename($_FILES['file']['tmp_name']));
}
else
echo {$_FILES['file']['name']} is not a jpeg;
}
?
form enctype=multipart/form-data method=post
input type=file name=file/
input type=submit name=submit value=submit/
/form
Obviously it's only rough, and checks only for jpeg images, but
that's
easy to alter. I've just tested
RE: [PHP] Apache
On 23 Sep 2013, at 11:37, Domain nikha.org m...@nikha.org wrote: Tamara Temple am Montag, 23. September 2013 - 06:49: GoDaddy's default plesk-generated configuration for FastCGI-served PHP files only looked to see if the file contained .php somewhere on it's path - i.e. it would happily execute 'malicilous.php.txt' as php code, even something ridiculous like 'malware.phpnoreallyiwantthistorun'. Yes, looks stupid. But my service prodider wrote me this, I quote: ---QUOTE--- This is because Apache offers features like language negotiation based on extensions, too -- the final extension doesn't always just specify the handler; it can specify other things. Apache can automatically pick a German-language script from these, for example: file.php.de file.php.en Whether this is a good idea or not is debatable. It's possible to set things up in a different way (using FilesMatch instead of AddHandler) to avoid this particular problem, but that breaks other things, so there's no perfect solution. More generally, the real problem is that scripts are looking at the final extension of uploaded files to decide whether they're safe or not, which is dangerous. They're simply assuming that a .gif file can't run a PHP interpreter, for example... which is usually true, but certainly not always: some people run all their files through PHP. ---END QUOTE--- This is somewhat daft. Yes, Apache offers this feature, but you don't need to configure it to work will all extensions. I'd be curious to know what their issue is with using FilesMatch, since that provides a way to disable this behaviour. And, honestly, who would have a PHP file per language? I think it's perfectly reasonable to not allow that, because duplicating PHP code across many files is an incredible stupid way to support multiple languages. Some people run all their files through PHP - true, but that doesn't mean they should, or that you, as a responsible web host, should be endorsing it. The problem is the weak PHP upload mechanism! As workaround my service provider tries to block suspicious filenames, but the PHP developpers themself should work on this severe security problem. PHP developers should absolutely validate all content coming in from users in every possible way, but I would be highly dubious about trusting a host who gives the reason above for what I consider a lax and insecure Apache configuration. It's like saying they sliced your arm off with their chainsaw because it's made for cutting things, attempting to dodge all responsibility for having swung it in your direction! -Stuart -- It seems this is the standard apache configuration, but that's no excuse. Googling returned many results where this was described as a major security threat e.g. Beware of the default Apache 2 config for PHP http://ilia.ws/archives/226-Beware-of-the-default-Apache-2-config-for-PHP.ht ml On that site the solution was to change AddHandler to AddType. My service provider is going the FilesMatch route. Cheers Arno -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache
Ashley Sheridan am Montag, 23. September 2013 - 21:35:
No, no, no! That is not a good stand-in for fundamental security
principles!
This is a better method for ensuring an image is really an image:
?php
if(isset($_FILES['file']))
{
list($width, $height) = getimagesize($_FILES['file']['tmp_name']);
if($width $height)
{
$source = imagecreatefromjpeg($_FILES['file']['tmp_name']);
$dest = imagecreatetruecolor($width, $height);
imagecopyresampled($dest, $source,
0, 0, 0, 0,
$width, $height, $width, $height);
imagejpeg($dest, basename($_FILES['file']['tmp_name']));
}
else
echo {$_FILES['file']['name']} is not a jpeg;
}
?
form enctype=multipart/form-data method=post
input type=file name=file/
input type=submit name=submit value=submit/
/form
Obviously it's only rough, and checks only for jpeg images, but
that's
easy to alter. I've just tested this with a regular jpeg, the same
jpeg
with PHP code concatenated onto the end (which still appears to be a
valid image to viewing/editing software) and a pure PHP file with a
.jpg
extension. In the case of the first 2, a new jpeg is generated with
the
same image and without the code. The third example just echoes out an
error.
Dear Ashley, nice, but useless for this problem!
First, because users may upload other things than images! PDF's, audio
files, videos etc! And on behalf images: GD you are using handles only
jpeg, gif and png. There are about hunderd other image types on the way,
users can upload! How to detect them, if the extension is missleading?
And even if we succeed: As your script demonstrates very well, malicious
code does not affect the rendering of the image. The hacker says: Hi,
this is a nice picture, play it, and then, please do this--follows his
code, that can be a desaster for the whole system.
Yes, your script seems to purge the image file, simply because GD does
not copy the malware code. But why are you sure about that? You cannot
see that code, OK, but may be it was executed in the plain GD
environement? What you are doing is dangerous, because you force the
execution of things that should be never executed!
no no no forget it. After all we cannot exclude that users come in
with malware. But we MUST exclude, it is executed on the web server.
That is the Apache chainsaw massacre as Steward whould say. And probably
it can be avoided by purging the filenames (not the files!).
Nevertheless, the standard configuration of the Apache servers is
basically unacceptable. It must execute user requests and never ever
user files! Period.
Have nice days,
Niklaus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache
Tamara Temple am Montag, 23. September 2013 - 22:38: On Sep 23, 2013, at 1:36 PM, Domain nikha.org m...@nikha.org wrote: Better solutions? One I have used, and continue to use in Apache environments, is place uploads only in a place where they cannot be executed by turning off such options and handlers in that directory. This is *in addition* to untainting files and names of uploaded files. Good idea. I will do this right now Niklaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache
Domain nikha.org m...@nikha.org wrote:
Ashley Sheridan am Montag, 23. September 2013 - 21:35:
No, no, no! That is not a good stand-in for fundamental security
principles!
This is a better method for ensuring an image is really an image:
?php
if(isset($_FILES['file']))
{
list($width, $height) = getimagesize($_FILES['file']['tmp_name']);
if($width $height)
{
$source = imagecreatefromjpeg($_FILES['file']['tmp_name']);
$dest = imagecreatetruecolor($width, $height);
imagecopyresampled($dest, $source,
0, 0, 0, 0,
$width, $height, $width, $height);
imagejpeg($dest, basename($_FILES['file']['tmp_name']));
}
else
echo {$_FILES['file']['name']} is not a jpeg;
}
?
form enctype=multipart/form-data method=post
input type=file name=file/
input type=submit name=submit value=submit/
/form
Obviously it's only rough, and checks only for jpeg images, but
that's
easy to alter. I've just tested this with a regular jpeg, the same
jpeg
with PHP code concatenated onto the end (which still appears to be a
valid image to viewing/editing software) and a pure PHP file with a
.jpg
extension. In the case of the first 2, a new jpeg is generated with
the
same image and without the code. The third example just echoes out an
error.
Dear Ashley, nice, but useless for this problem!
The problem was to do with an image upload, so no, not useless.
First, because users may upload other things than images! PDF's, audio
files, videos etc!
In an earlier email I detailed some methods for validating other types, such as
DomDocument for HTML, XML, svg, etc, or fpdf for PDF.
And on behalf images: GD you are using handles only
jpeg, gif and png. There are about hunderd other image types on the
way,
At the moment those are the 3 raster formats you can use on the web, so those
are the ones that pose an issue. If you're using anything else, it's not for
web and doesn't need to be in a publicly accessible location.
users can upload! How to detect them, if the extension is missleading?
The extension comes from the user. Never trust the user, ever.
And even if we succeed: As your script demonstrates very well,
malicious
code does not affect the rendering of the image.
My script does effectively strip out malicious code though, even if it can't
easily be seen.
The hacker says: Hi,
this is a nice picture, play it, and then, please do this--follows his
code, that can be a desaster for the whole system.
Social engineering is a whole different issue.
Yes, your script seems to purge the image file, simply because GD does
not copy the malware code. But why are you sure about that? You cannot
see that code, OK, but may be it was executed in the plain GD
environement?
GD isn't a PHP parser, and PHP doesn't execute the image before GD touches it.
Infact, Apache isn't even involved between GD and the image at that point, so
it won't suffer from this bad config.
What you are doing is dangerous, because you force the
execution of things that should be never executed!
Erm, no, the image isn't being executed.
no no no forget it. After all we cannot exclude that users come in
with malware.
If you think it's fine that a user be able to upload malware, then you're going
to have a very bad time.
But we MUST exclude, it is executed on the web server.
This is important too, but in this profession belt and braces is best I
believe.
That is the Apache chainsaw massacre as Steward whould say. And
probably
it can be avoided by purging the filenames (not the files!).
Nevertheless, the standard configuration of the Apache servers is
basically unacceptable. It must execute user requests and never ever
user files! Period.
Have nice days,
Niklaus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Thanks,
Ash
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache
Ashley Sheridan am Dienstag, 24. September 2013 - 18:22: In an earlier email I detailed some methods for validating other types, such as DomDocument for HTML, XML, svg, etc, or fpdf for PDF. Fine, gratulations! And on behalf images: GD you are using handles only jpeg, gif and png. There are about hunderd other image types on the way, At the moment those are the 3 raster formats you can use on the web, so those are the ones that pose an issue. If you're using anything else, it's not for web and doesn't need to be in a publicly accessible location. Why that???!!! Why should users only upload files, that are used for web, and what does this mean, for web? Users may store personal files on your host, because they use your website as a cloud, as it is said today. Not for web, but for personal use on everey computer connected to the internet! That is absolutly legitime and the ONLY reason to offer file uploading I can imagine! I allow it only for authenticated, subscribed users. Nevertheless those trusted users may upload (unintenionally!) infected files. And again: No virus was ever written for web, but to harm computersystems, clients and servers. They are just distributed via web. Whould be great we could block them, and I appreciate your efforts to do this. But sorry, your script shows me, that this cannot be done this way! Perhaps, if you are right and GD processing really is harmless (I'm in doubt), we have a clean jpeg (or gif or png). And then? What's about the rest? Keep in mind, that PHP is a scripting framework to create websites, certainly not a tool for virus detection! And we have a big problem with the Apache web server, not because Apache serves possibly infected files, but because all kind of files are NOT served, but passed to the script interpreter! That's awfull enough, and opens a new exploit! The hacker says: Hi, this is a nice picture, play it, and then, please do this--follows his code, that can be a desaster for the whole system. Social engineering is a whole different issue. yes, what I tried to describe is criminal. Niklaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache
Domain nikha.org m...@nikha.org wrote: Ashley Sheridan am Dienstag, 24. September 2013 - 18:22: In an earlier email I detailed some methods for validating other types, such as DomDocument for HTML, XML, svg, etc, or fpdf for PDF. Fine, gratulations! And on behalf images: GD you are using handles only jpeg, gif and png. There are about hunderd other image types on the way, At the moment those are the 3 raster formats you can use on the web, so those are the ones that pose an issue. If you're using anything else, it's not for web and doesn't need to be in a publicly accessible location. Why that???!!! Why should users only upload files, that are used for web, and what does this mean, for web? Users may store personal files on your host, because they use your website as a cloud, as it is said today. Not for web, Ok, imagine this scenario. A user uploads a .tif. this isn't a web format, so we treat it as a binary file, uploading to a non web accessible area of the site. Tell me again where the exploit is please. but for personal use on everey computer connected to the internet! That is absolutly legitime and the ONLY reason to offer file uploading I can imagine! I allow it only for authenticated, subscribed users. Nevertheless those trusted users may upload (unintenionally!) infected files. And again: No virus was ever written for web, Not exactly true, but beyond the scope of this discussion I think but to harm computersystems, clients and servers. They are just distributed via web. Whould be great we could block them, and I appreciate your efforts to do this. But sorry, your script shows me, that this cannot be done this way! Tell me how you would get a jpg past that example and I'll look into it, as I explained that was an example not a full solution. We don't tend to just write full code for people here. Perhaps, if you are right and GD processing really is harmless (I'm in doubt), Evidence? Either give some or stop saying GD isn't secure. The PHP community needs less hyperbole and more facts. we have a clean jpeg (or gif or png). And then? What's about the rest? Keep in mind, that PHP is a scripting framework to create websites, certainly not a tool for virus detection! And we have a big problem with the Apache web server, not because Apache serves possibly infected files, but because all kind of files are NOT served, but passed to the script interpreter! that's a bad Apache setup, which I'm not saying isn't a problem, but your original solution doesn't even cover validation. That's awfull enough, and opens a new exploit! The hacker says: Hi, this is a nice picture, play it, and then, please do this--follows his code, that can be a desaster for the whole system. Social engineering is a whole different issue. yes, what I tried to describe is criminal. Niklaus Thanks, Ash -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 23 Sep 2013 18:36:21 -0000 Issue 8374
php-general Digest 23 Sep 2013 18:36:21 - Issue 8374
Topics (messages 322149 through 322159):
Re: filesize() fails on file and works on it's copy (same permissions, same
directory)
322149 by: Negin Nickparsa
322150 by: Carsten Jensen
322158 by: Tamara Temple
Re: Apache
322151 by: Domain nikha.org
322152 by: Tim Streater
322153 by: Stuart Dallas
322159 by: Domain nikha.org
Re: Friday's Question
322154 by: Eric K. Dickinson
Problem with mbstring.internal_encoding, mcrypt and php-fpm
322155 by: Condor
322156 by: Aziz Saleh
322157 by: Condor
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
--
---BeginMessage---
regardless of you, saying they have same permissions I think they do not
have the same permission
try to use --reference for chmod to see if there is any differences
try to copy the file keeping the whole permissions from original using sudo
cp -rp and check.
if this copy has the warning then your problem is from the permissions.
Sincerely
Negin Nickparsa
On Tue, Aug 13, 2013 at 11:30 AM, Michał Kochanowicz
mic...@michal.waw.plwrote:
Hello
I've got a file, which can't be checked with filesize(). I copy it (with
permissions) and then I can filesize() the copy. This is same directory,
permissions are same. I don't understand what's the difference. Can you
help me?
Original file:
File: 'DSC_5196_fx-1553725666.JPG'
Size: 1907383 Blocks: 3728 IO Block: 4096 regular file
Device: 803h/2051d Inode: 5905591363 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 51/http) Gid: ( 51/http)
Access: 2013-08-13 00:47:28.107477918 +0200
Modify: 2013-08-12 21:38:27.219913208 +0200
Change: 2013-08-13 00:47:08.931478654 +0200
Birth: -
Copy:
File: 'DSC_5196_fx-1553725666_X.JPG'
Size: 1907383 Blocks: 3728 IO Block: 4096 regular file
Device: 803h/2051d Inode: 144 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 51/http) Gid: ( 51/http)
Access: 2013-08-13 00:45:48.0 +0200
Modify: 2013-08-12 21:38:27.0 +0200
Change: 2013-08-13 00:47:28.199477914 +0200
Birth: -
The only difference is inode: (5905591363 - doesn't work vs 144 - does
work).
Test script:
html
body
pre
?
$f3 = '/home/services/httpd/html.**galeria.XXX/gallery/var/**
albums/988_Rok-2013/333_**Rydzewo-04-06.08.2013/Sobota/**
DSC_5196_fx-1553725666.JPG';
$f4 = '/home/services/httpd/html.**galeria.XXX/gallery/var/**
albums/988_Rok-2013/333_**Rydzewo-04-06.08.2013/Sobota/**
DSC_5196_fx-1553725666_X.JPG';
print $f3.: .filesize($f3).\n;
print $f4.: .filesize($f4).\n;
?
/pre
/body
/html
Result:
Warning: filesize(): stat failed for /home/services/httpd/html.**
galeria.XXX/gallery/var/**albums/988_Rok-2013/333_**
Rydzewo-04-06.08.2013/Sobota/**DSC_5196_fx-1553725666.JPG in
/home/services/httpd/html.**galeria.michal.waw.pl/**
gallery3-3.0.x/test.phphttp://html.galeria.michal.waw.pl/gallery3-3.0.x/test.phpon
line 13
/home/services/httpd/html.**galeria.XXX/gallery/var/**
albums/988_Rok-2013/333_**Rydzewo-04-06.08.2013/Sobota/**DSC_5196_fx-1553725666.JPG:
/home/services/httpd/html.**galeria.XXX/gallery/var/**
albums/988_Rok-2013/333_**Rydzewo-04-06.08.2013/Sobota/**DSC_5196_fx-1553725666_X.JPG:
1907383
Regards
Michał
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
---End Message---
---BeginMessage---
if you have console access and the cli version of php works,
what does
echo filesize('/path/to/file');
tell (try running as root, then later as uid 51/webuser)
this will eliminate permission doubts
also you should use ?php as start tag instead of only ?
cheers
Carsten
On 09/23/2013 10:06 AM, Negin Nickparsa wrote:
regardless of you, saying they have same permissions I think they do not
have the same permission
try to use --reference for chmod to see if there is any differences
try to copy the file keeping the whole permissions from original using sudo
cp -rp and check.
if this copy has the warning then your problem is from the permissions.
Sincerely
Negin Nickparsa
On Tue, Aug 13, 2013 at 11:30 AM, Michał Kochanowicz
mic...@michal.waw.plwrote:
Hello
I've got a file, which can't be checked with filesize(). I copy it (with
permissions) and then I can filesize() the copy. This is same directory,
permissions are same. I don't understand what's the difference. Can you
help me?
Original file:
File: 'DSC_5196_fx-1553725666.JPG'
Size: 1907383 Blocks: 3728 IO Block: 4096 regular file
Device: 803h/2051d Inode: 5905591363 Links: 1
Access: (0644/-rw-r--r
Re: [PHP] filesize() fails on file and works on it's copy (same permissions, same directory)
regardless of you, saying they have same permissions I think they do not have the same permission try to use --reference for chmod to see if there is any differences try to copy the file keeping the whole permissions from original using sudo cp -rp and check. if this copy has the warning then your problem is from the permissions. Sincerely Negin Nickparsa On Tue, Aug 13, 2013 at 11:30 AM, Michał Kochanowicz mic...@michal.waw.plwrote: Hello I've got a file, which can't be checked with filesize(). I copy it (with permissions) and then I can filesize() the copy. This is same directory, permissions are same. I don't understand what's the difference. Can you help me? Original file: File: 'DSC_5196_fx-1553725666.JPG' Size: 1907383 Blocks: 3728 IO Block: 4096 regular file Device: 803h/2051d Inode: 5905591363 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 51/http) Gid: ( 51/http) Access: 2013-08-13 00:47:28.107477918 +0200 Modify: 2013-08-12 21:38:27.219913208 +0200 Change: 2013-08-13 00:47:08.931478654 +0200 Birth: - Copy: File: 'DSC_5196_fx-1553725666_X.JPG' Size: 1907383 Blocks: 3728 IO Block: 4096 regular file Device: 803h/2051d Inode: 144 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 51/http) Gid: ( 51/http) Access: 2013-08-13 00:45:48.0 +0200 Modify: 2013-08-12 21:38:27.0 +0200 Change: 2013-08-13 00:47:28.199477914 +0200 Birth: - The only difference is inode: (5905591363 - doesn't work vs 144 - does work). Test script: html body pre ? $f3 = '/home/services/httpd/html.**galeria.XXX/gallery/var/** albums/988_Rok-2013/333_**Rydzewo-04-06.08.2013/Sobota/** DSC_5196_fx-1553725666.JPG'; $f4 = '/home/services/httpd/html.**galeria.XXX/gallery/var/** albums/988_Rok-2013/333_**Rydzewo-04-06.08.2013/Sobota/** DSC_5196_fx-1553725666_X.JPG'; print $f3.: .filesize($f3).\n; print $f4.: .filesize($f4).\n; ? /pre /body /html Result: Warning: filesize(): stat failed for /home/services/httpd/html.** galeria.XXX/gallery/var/**albums/988_Rok-2013/333_** Rydzewo-04-06.08.2013/Sobota/**DSC_5196_fx-1553725666.JPG in /home/services/httpd/html.**galeria.michal.waw.pl/** gallery3-3.0.x/test.phphttp://html.galeria.michal.waw.pl/gallery3-3.0.x/test.phpon line 13 /home/services/httpd/html.**galeria.XXX/gallery/var/** albums/988_Rok-2013/333_**Rydzewo-04-06.08.2013/Sobota/**DSC_5196_fx-1553725666.JPG: /home/services/httpd/html.**galeria.XXX/gallery/var/** albums/988_Rok-2013/333_**Rydzewo-04-06.08.2013/Sobota/**DSC_5196_fx-1553725666_X.JPG: 1907383 Regards Michał -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] filesize() fails on file and works on it's copy (same permissions, same directory)
if you have console access and the cli version of php works,
what does
echo filesize('/path/to/file');
tell (try running as root, then later as uid 51/webuser)
this will eliminate permission doubts
also you should use ?php as start tag instead of only ?
cheers
Carsten
On 09/23/2013 10:06 AM, Negin Nickparsa wrote:
regardless of you, saying they have same permissions I think they do not
have the same permission
try to use --reference for chmod to see if there is any differences
try to copy the file keeping the whole permissions from original using sudo
cp -rp and check.
if this copy has the warning then your problem is from the permissions.
Sincerely
Negin Nickparsa
On Tue, Aug 13, 2013 at 11:30 AM, Michał Kochanowicz
mic...@michal.waw.plwrote:
Hello
I've got a file, which can't be checked with filesize(). I copy it (with
permissions) and then I can filesize() the copy. This is same directory,
permissions are same. I don't understand what's the difference. Can you
help me?
Original file:
File: 'DSC_5196_fx-1553725666.JPG'
Size: 1907383 Blocks: 3728 IO Block: 4096 regular file
Device: 803h/2051d Inode: 5905591363 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 51/http) Gid: ( 51/http)
Access: 2013-08-13 00:47:28.107477918 +0200
Modify: 2013-08-12 21:38:27.219913208 +0200
Change: 2013-08-13 00:47:08.931478654 +0200
Birth: -
Copy:
File: 'DSC_5196_fx-1553725666_X.JPG'
Size: 1907383 Blocks: 3728 IO Block: 4096 regular file
Device: 803h/2051d Inode: 144 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 51/http) Gid: ( 51/http)
Access: 2013-08-13 00:45:48.0 +0200
Modify: 2013-08-12 21:38:27.0 +0200
Change: 2013-08-13 00:47:28.199477914 +0200
Birth: -
The only difference is inode: (5905591363 - doesn't work vs 144 - does
work).
Test script:
html
body
pre
?
$f3 = '/home/services/httpd/html.**galeria.XXX/gallery/var/**
albums/988_Rok-2013/333_**Rydzewo-04-06.08.2013/Sobota/**
DSC_5196_fx-1553725666.JPG';
$f4 = '/home/services/httpd/html.**galeria.XXX/gallery/var/**
albums/988_Rok-2013/333_**Rydzewo-04-06.08.2013/Sobota/**
DSC_5196_fx-1553725666_X.JPG';
print $f3.: .filesize($f3).\n;
print $f4.: .filesize($f4).\n;
?
/pre
/body
/html
Result:
Warning: filesize(): stat failed for /home/services/httpd/html.**
galeria.XXX/gallery/var/**albums/988_Rok-2013/333_**
Rydzewo-04-06.08.2013/Sobota/**DSC_5196_fx-1553725666.JPG in
/home/services/httpd/html.**galeria.michal.waw.pl/**
gallery3-3.0.x/test.phphttp://html.galeria.michal.waw.pl/gallery3-3.0.x/test.phpon
line 13
/home/services/httpd/html.**galeria.XXX/gallery/var/**
albums/988_Rok-2013/333_**Rydzewo-04-06.08.2013/Sobota/**DSC_5196_fx-1553725666.JPG:
/home/services/httpd/html.**galeria.XXX/gallery/var/**
albums/988_Rok-2013/333_**Rydzewo-04-06.08.2013/Sobota/**DSC_5196_fx-1553725666_X.JPG:
1907383
Regards
Michał
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache
Tamara Temple am Montag, 23. September 2013 - 06:49: GoDaddy's default plesk-generated configuration for FastCGI-served PHP files only looked to see if the file contained .php somewhere on it's path - i.e. it would happily execute 'malicilous.php.txt' as php code, even something ridiculous like 'malware.phpnoreallyiwantthistorun'. Yes, looks stupid. But my service prodider wrote me this, I quote: ---QUOTE--- This is because Apache offers features like language negotiation based on extensions, too -- the final extension doesn't always just specify the handler; it can specify other things. Apache can automatically pick a German-language script from these, for example: file.php.de file.php.en Whether this is a good idea or not is debatable. It's possible to set things up in a different way (using FilesMatch instead of AddHandler) to avoid this particular problem, but that breaks other things, so there's no perfect solution. More generally, the real problem is that scripts are looking at the final extension of uploaded files to decide whether they're safe or not, which is dangerous. They're simply assuming that a .gif file can't run a PHP interpreter, for example... which is usually true, but certainly not always: some people run all their files through PHP. ---END QUOTE--- The problem is the weak PHP upload mechanism! As workaround my service provider tries to block suspicious filenames, but the PHP developpers themself should work on this severe security problem. Niklaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Apache
On 23 Sep 2013 at 11:37, Domain nikha.org m...@nikha.org wrote: The problem is the weak PHP upload mechanism! I'd have said the problem is weak metadata provision - overloading the filename for other purposes. -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache
On 23 Sep 2013, at 11:37, Domain nikha.org m...@nikha.org wrote: Tamara Temple am Montag, 23. September 2013 - 06:49: GoDaddy's default plesk-generated configuration for FastCGI-served PHP files only looked to see if the file contained .php somewhere on it's path - i.e. it would happily execute 'malicilous.php.txt' as php code, even something ridiculous like 'malware.phpnoreallyiwantthistorun'. Yes, looks stupid. But my service prodider wrote me this, I quote: ---QUOTE--- This is because Apache offers features like language negotiation based on extensions, too -- the final extension doesn't always just specify the handler; it can specify other things. Apache can automatically pick a German-language script from these, for example: file.php.de file.php.en Whether this is a good idea or not is debatable. It's possible to set things up in a different way (using FilesMatch instead of AddHandler) to avoid this particular problem, but that breaks other things, so there's no perfect solution. More generally, the real problem is that scripts are looking at the final extension of uploaded files to decide whether they're safe or not, which is dangerous. They're simply assuming that a .gif file can't run a PHP interpreter, for example... which is usually true, but certainly not always: some people run all their files through PHP. ---END QUOTE--- This is somewhat daft. Yes, Apache offers this feature, but you don't need to configure it to work will all extensions. I'd be curious to know what their issue is with using FilesMatch, since that provides a way to disable this behaviour. And, honestly, who would have a PHP file per language? I think it's perfectly reasonable to not allow that, because duplicating PHP code across many files is an incredible stupid way to support multiple languages. Some people run all their files through PHP - true, but that doesn't mean they should, or that you, as a responsible web host, should be endorsing it. The problem is the weak PHP upload mechanism! As workaround my service provider tries to block suspicious filenames, but the PHP developpers themself should work on this severe security problem. PHP developers should absolutely validate all content coming in from users in every possible way, but I would be highly dubious about trusting a host who gives the reason above for what I consider a lax and insecure Apache configuration. It's like saying they sliced your arm off with their chainsaw because it's made for cutting things, attempting to dodge all responsibility for having swung it in your direction! -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
54, Only when the surface of the desk is problematic. On 09/20/2013 12:58 PM, Larry Martell wrote: On Fri, Sep 20, 2013 at 10:51 AM, Tedd Sperling t...@sperling.com wrote: Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No 54 Yes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem with mbstring.internal_encoding, mcrypt and php-fpm
Hello,
from two days I have strange problem with this param
mbstring.internal_encoding on nginx and php-fpm.
I use php version 5.4.20 and when I setting mbstring.internal_encoding I
have a problem with mcrypt.
NOTICE: PHP message: PHP Warning: mcrypt_generic_init(): Iv size
incorrect; supplied length: 12, needed: 8 in file.php
I setup php.ini file:
zend.multibyte = On
default_mimetype = text/html
default_charset = UTF-8
mbstring.internal_encoding = UTF-8
and here is function:
85 private function decrypt($blob)
86 {
87 $deckey = $_SESSION['key'];
88 $realkey = sha1($deckey, true);
89 $rawblob = hex2bin($blob); /* binary blob */
90 $td = mcrypt_module_open($this-CIPHER, ,
MCRYPT_MODE_CFB, );
91 $iv = mb_substr($rawblob, 0,
mcrypt_enc_get_iv_size($td)); /* IV */
92 if (mb_strlen($iv) mcrypt_enc_get_iv_size($td))
return FALSE;
93 $ct = mb_substr($rawblob,
mcrypt_enc_get_iv_size($td)); /* CipherText */
94--- mcrypt_generic_init($td, $realkey, $iv);
95 $unblob = mdecrypt_generic($td, $ct);
96 mcrypt_generic_deinit($td);
97 $pt = mb_substr($unblob, 20);
98 $check = mb_substr($unblob, 0, 20);
99 if ($check != sha1($pt, true))
100 {
101 return FALSE;
102 } else {
103 return $pt;
104 }
105 }
The same code with the same config options is worked fine with apache
httpd.
Any one can give me a little help ?
Thanks
Regards,
Hristo S.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with mbstring.internal_encoding, mcrypt and php-fpm
Hristo,
Try changing the php.ini config:
mbstring.func_overload 0
See if that helps your issue, more on what it does:
http://php.net/manual/en/mbstring.overload.php
Aziz
On Mon, Sep 23, 2013 at 8:23 AM, Condor con...@stz-bg.com wrote:
Hello,
from two days I have strange problem with this param
mbstring.internal_encoding on nginx and php-fpm.
I use php version 5.4.20 and when I setting mbstring.internal_encoding I
have a problem with mcrypt.
NOTICE: PHP message: PHP Warning: mcrypt_generic_init(): Iv size
incorrect; supplied length: 12, needed: 8 in file.php
I setup php.ini file:
zend.multibyte = On
default_mimetype = text/html
default_charset = UTF-8
mbstring.internal_encoding = UTF-8
and here is function:
85 private function decrypt($blob)
86 {
87 $deckey = $_SESSION['key'];
88 $realkey = sha1($deckey, true);
89 $rawblob = hex2bin($blob); /* binary blob */
90 $td = mcrypt_module_open($this-**CIPHER, ,
MCRYPT_MODE_CFB, );
91 $iv = mb_substr($rawblob, 0,
mcrypt_enc_get_iv_size($td)); /* IV */
92 if (mb_strlen($iv) mcrypt_enc_get_iv_size($td))
return FALSE;
93 $ct = mb_substr($rawblob,
mcrypt_enc_get_iv_size($td)); /* CipherText */
94--- mcrypt_generic_init($td, $realkey, $iv);
95 $unblob = mdecrypt_generic($td, $ct);
96 mcrypt_generic_deinit($td);
97 $pt = mb_substr($unblob, 20);
98 $check = mb_substr($unblob, 0, 20);
99 if ($check != sha1($pt, true))
100 {
101 return FALSE;
102 } else {
103 return $pt;
104 }
105 }
The same code with the same config options is worked fine with apache
httpd.
Any one can give me a little help ?
Thanks
Regards,
Hristo S.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with mbstring.internal_encoding, mcrypt and php-fpm
On 2013-09-23 15:42, Aziz Saleh wrote:
Hristo,
Try changing the php.ini config:
mbstring.func_overload 0
See if that helps your issue, more on what it does:
http://php.net/manual/en/mbstring.overload.php [3]
Aziz
On Mon, Sep 23, 2013 at 8:23 AM, Condor con...@stz-bg.com wrote:
Hello,
from two days I have strange problem with this param
mbstring.internal_encoding on nginx and php-fpm.
I use php version 5.4.20 and when I setting
mbstring.internal_encoding I have a problem with mcrypt.
NOTICE: PHP message: PHP Warning: mcrypt_generic_init(): Iv size
incorrect; supplied length: 12, needed: 8 in file.php
I setup php.ini file:
zend.multibyte = On
default_mimetype = text/html
default_charset = UTF-8
mbstring.internal_encoding = UTF-8
and here is function:
85 private function decrypt($blob)
86 {
87 $deckey = $_SESSION['key'];
88 $realkey = sha1($deckey, true);
89 $rawblob = hex2bin($blob); /* binary
blob */
90 $td =
mcrypt_module_open($this-CIPHER, , MCRYPT_MODE_CFB, );
91 $iv = mb_substr($rawblob, 0,
mcrypt_enc_get_iv_size($td)); /* IV */
92 if (mb_strlen($iv)
mcrypt_enc_get_iv_size($td)) return FALSE;
93 $ct = mb_substr($rawblob,
mcrypt_enc_get_iv_size($td)); /* CipherText */
94 --- mcrypt_generic_init($td, $realkey, $iv);
95 $unblob = mdecrypt_generic($td, $ct);
96 mcrypt_generic_deinit($td);
97 $pt = mb_substr($unblob, 20);
98 $check = mb_substr($unblob, 0, 20);
99 if ($check != sha1($pt, true))
100 {
101 return FALSE;
102 } else {
103 return $pt;
104 }
105 }
The same code with the same config options is worked fine with
apache httpd.
Any one can give me a little help ?
Thanks
Regards,
Hristo S.
Hello,
I just try and no effect after reload the php-fpm.
Regards,
Hristo S.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] filesize() fails on file and works on it's copy (same permissions, same directory)
On Aug 13, 2013, at 3:00 AM, Michał Kochanowicz mic...@michal.waw.pl wrote: Hello I've got a file, which can't be checked with filesize(). I copy it (with permissions) and then I can filesize() the copy. This is same directory, permissions are same. I don't understand what's the difference. Can you help me? Original file: File: 'DSC_5196_fx-1553725666.JPG' Size: 1907383 Blocks: 3728 IO Block: 4096 regular file Device: 803h/2051d Inode: 5905591363 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 51/http) Gid: ( 51/http) Access: 2013-08-13 00:47:28.107477918 +0200 Modify: 2013-08-12 21:38:27.219913208 +0200 Change: 2013-08-13 00:47:08.931478654 +0200 Birth: - Copy: File: 'DSC_5196_fx-1553725666_X.JPG' Size: 1907383 Blocks: 3728 IO Block: 4096 regular file Device: 803h/2051d Inode: 144 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 51/http) Gid: ( 51/http) Access: 2013-08-13 00:45:48.0 +0200 Modify: 2013-08-12 21:38:27.0 +0200 Change: 2013-08-13 00:47:28.199477914 +0200 Birth: - The only difference is inode: (5905591363 - doesn't work vs 144 - does work). Test script: html body pre ? $f3 = '/home/services/httpd/html.galeria.XXX/gallery/var/albums/988_Rok-2013/333_Rydzewo-04-06.08.2013/Sobota/DSC_5196_fx-1553725666.JPG'; $f4 = '/home/services/httpd/html.galeria.XXX/gallery/var/albums/988_Rok-2013/333_Rydzewo-04-06.08.2013/Sobota/DSC_5196_fx-1553725666_X.JPG'; print $f3.: .filesize($f3).\n; print $f4.: .filesize($f4).\n; ? /pre /body /html Result: Warning: filesize(): stat failed for /home/services/httpd/html.galeria.XXX/gallery/var/albums/988_Rok-2013/333_Rydzewo-04-06.08.2013/Sobota/DSC_5196_fx-1553725666.JPG in /home/services/httpd/html.galeria.michal.waw.pl/gallery3-3.0.x/test.php on line 13 /home/services/httpd/html.galeria.XXX/gallery/var/albums/988_Rok-2013/333_Rydzewo-04-06.08.2013/Sobota/DSC_5196_fx-1553725666.JPG: /home/services/httpd/html.galeria.XXX/gallery/var/albums/988_Rok-2013/333_Rydzewo-04-06.08.2013/Sobota/DSC_5196_fx-1553725666_X.JPG: 1907383 Regards Michał -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php That is one whopping-big inode number — I am really out on a limb here, but is this a 32-bit vs 64-bit issue? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] No MIME-Type in imap_fetch_overview()
I have read your mail twice and still I could not get what you want exactly. can't get the structure of the email either although you elaborate it in details. you have said something about human rights that I couldn't understand why? but if you want to get the type of files fetch the structure and then you can use disposition string, find the attachment and then return the array. Sincerely Negin Nickparsa On Wed, Sep 18, 2013 at 3:27 PM, Domain nikha.org m...@nikha.org wrote: Hello all, im posting this here, because the bug report system of php.net is not right place for my problem. It's not a bug, but a wish - an I found there no wishlist option at all. I'm running my own webmail-client, written in PHP. It is stable, fast and pretty, showing the full power of the PHP imap section. Of course it presents paginated content lists for every mailbox the user may open. These lists tell him some usefull things about every mail actually listed: Sender, date, subject, size and (eventually) flags. All these things are nicely delivered by the function imap_fetch_overview() The same could be done by calling imap_headerinfo() for every single mail, but fetch_overview seems to be faster, because it does it at once for the whole batch. BUT NONE OF THEM returns any information about the MIME-Type of the mail! Since the user of my webmail client has the intrinsic, natural born an general human right to KNOW whether some mail in his mailbox has attachments or not, I'm forced to do very ugly things. My script calls additionally for every (!) actually listed mail imap_fetchbody($connect, $msg_no, 0) - where $connect holds the result of imap_open(). That gives me the mail header, the script reads the line starting with Content-Type: and returns its content. Evaluating this against mixed or alternative we have finaly what we want: This mail has attachments! Or is written in HTML, what is even more we wanted! Works fine, but is ugly. First fetch_overview parses all mail headers, then they are fetched again to be parsed for the MIME-Type. I could just omit fetch_overview and read the headers by my own means, that whould be faster, but then I loose the size information, that is NOT (and cannot) be part of the mail header! If I want to have both, size and MIME-Type, and I WANT to have both, respecting the intrinsic, natural born and general human rights of my user, im must call both, overview and fetchbody. My question is this: Is there a better solution? Or is there someone that knows someone among the PHP-Developpers to suggest them an improvement of the functions imap_fetch_overivew() and imap_headerinfo(). Please, Please, add the MIME-Type to your fantastic object collections! BTW: It's really easy. Read the Content-Type-Line! Sorry... Hope, somebody has an idea, my regards, Niklaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache
Stuart Dallas am Montag, 23. September 2013 - 12:58: And, honestly, who would have a PHP file per language? I think it's perfectly reasonable to not allow that, because duplicating PHP code across many files is an incredible stupid way to support multiple languages. I agree!! Didn't even know, that this kind of faked language support exists... Some people run all their files through PHP - true, but that doesn't mean they should, or that you, as a responsible web host, should be endorsing it. PHP developers should absolutely validate all content coming in from users in every possible way, but I would be highly dubious about trusting a host who gives the reason above for what I consider a lax and insecure Apache configuration. It's like saying they sliced your arm off with their chainsaw because it's made for cutting things, attempting to dodge all responsibility for having swung it in your direction! OK, in principle, I also agree. But this case is very easy to handle. I'm simply running str_replace() against dangerous parts of uploaded filenames, .php for instance. After that, Apache in every configuration will just serve, and never execute user uploaded files. Remains the risk on the clients side, I must concede. Better solutions? Nice days, Niklaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Apache
Tim Streater am Montag, 23. September 2013 - 12:56: On 23 Sep 2013 at 11:37, Domain nikha.org m...@nikha.org wrote: The problem is the weak PHP upload mechanism! I'd have said the problem is weak metadata provision - overloading the filename for other purposes. -- Cheers -- Tim You are right, but unfortunately filenames ARE metadata for Apache. Would be better, if they were not, and just identifiers... Niklaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] No MIME-Type in imap_fetch_overview()
I have read your mail twice and still I could not get what you want exactly. can't get the structure of the email either although you elaborate it in details. you have said something about human rights that I couldn't understand why? but if you want to get the type of files fetch the structure and then you can use disposition string, find the attachment and then return the array. Sincerely Negin Nickparsa On Wed, Sep 18, 2013 at 3:27 PM, Domain nikha.org m...@nikha.org wrote: Hello all, im posting this here, because the bug report system of php.net is not right place for my problem. It's not a bug, but a wish - an I found there no wishlist option at all. I'm running my own webmail-client, written in PHP. It is stable, fast and pretty, showing the full power of the PHP imap section. Of course it presents paginated content lists for every mailbox the user may open. These lists tell him some usefull things about every mail actually listed: Sender, date, subject, size and (eventually) flags. All these things are nicely delivered by the function imap_fetch_overview() The same could be done by calling imap_headerinfo() for every single mail, but fetch_overview seems to be faster, because it does it at once for the whole batch. BUT NONE OF THEM returns any information about the MIME-Type of the mail! Since the user of my webmail client has the intrinsic, natural born an general human right to KNOW whether some mail in his mailbox has attachments or not, I'm forced to do very ugly things. My script calls additionally for every (!) actually listed mail imap_fetchbody($connect, $msg_no, 0) - where $connect holds the result of imap_open(). That gives me the mail header, the script reads the line starting with Content-Type: and returns its content. Evaluating this against mixed or alternative we have finaly what we want: This mail has attachments! Or is written in HTML, what is even more we wanted! Works fine, but is ugly. First fetch_overview parses all mail headers, then they are fetched again to be parsed for the MIME-Type. I could just omit fetch_overview and read the headers by my own means, that whould be faster, but then I loose the size information, that is NOT (and cannot) be part of the mail header! If I want to have both, size and MIME-Type, and I WANT to have both, respecting the intrinsic, natural born and general human rights of my user, im must call both, overview and fetchbody. My question is this: Is there a better solution? Or is there someone that knows someone among the PHP-Developpers to suggest them an improvement of the functions imap_fetch_overivew() and imap_headerinfo(). Please, Please, add the MIME-Type to your fantastic object collections! BTW: It's really easy. Read the Content-Type-Line! Sorry... Hope, somebody has an idea, my regards, Niklaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] filesize() fails on file and works on it's copy (same permissions, same directory)
W dniu 2013-09-23 10:06, Negin Nickparsa pisze: regardless of you, saying they have same permissions I think they do not have the same permission The reason was 64-bit inode number. PHP can't stat() files with 64-bit nodes, at lease on 32-bit system. Regards Michał -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] filesize() fails on file and works on it's copy (same permissions, same directory)
W dniu 2013-09-23 17:24, Tamara Temple pisze: That is one whopping-big inode number — I am really out on a limb here, but is this a 32-bit vs 64-bit issue? You're right - 64-bit inode number was a cause. I had to add inode32 mount option (XFS). Regards Michał -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache
On Mon, 2013-09-23 at 20:36 +0200, Domain nikha.org wrote:
Stuart Dallas am Montag, 23. September 2013 - 12:58:
And, honestly, who would have a PHP file per language? I think it's
perfectly reasonable to not allow that, because duplicating PHP code
across many files is an incredible stupid way to support multiple
languages.
I agree!! Didn't even know, that this kind of faked language support
exists...
Some people run all their files through PHP - true, but that doesn't
mean they should, or that you, as a responsible web host, should be
endorsing it.
PHP developers should absolutely validate all content coming in from
users in every possible way, but I would be highly dubious about
trusting a host who gives the reason above for what I consider a lax and
insecure Apache configuration. It's like saying they sliced your arm off
with their chainsaw because it's made for cutting things, attempting to
dodge all responsibility for having swung it in your direction!
OK, in principle, I also agree. But this case is very easy to handle.
I'm simply running str_replace() against dangerous parts of uploaded
filenames, .php for instance. After that, Apache in every
configuration will just serve, and never execute user uploaded files.
Remains the risk on the clients side, I must concede. Better solutions?
Nice days,
Niklaus
No, no, no! That is not a good stand-in for fundamental security
principles!
This is a better method for ensuring an image is really an image:
?php
if(isset($_FILES['file']))
{
list($width, $height) = getimagesize($_FILES['file']['tmp_name']);
if($width $height)
{
$source = imagecreatefromjpeg($_FILES['file']['tmp_name']);
$dest = imagecreatetruecolor($width, $height);
imagecopyresampled($dest, $source,
0, 0, 0, 0,
$width, $height, $width,
$height);
imagejpeg($dest, basename($_FILES['file']['tmp_name']));
}
else
echo {$_FILES['file']['name']} is not a jpeg;
}
?
form enctype=multipart/form-data method=post
input type=file name=file/
input type=submit name=submit value=submit/
/form
Obviously it's only rough, and checks only for jpeg images, but that's
easy to alter. I've just tested this with a regular jpeg, the same jpeg
with PHP code concatenated onto the end (which still appears to be a
valid image to viewing/editing software) and a pure PHP file with a .jpg
extension. In the case of the first 2, a new jpeg is generated with the
same image and without the code. The third example just echoes out an
error.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Re: [PHP] No MIME-Type in imap_fetch_overview()
What Niklaus wishes for is a way to detect if an email message contains an attachment by just reading the headers (correct me if I am wrong). This isn't really a PHP issue. In any language you can't really figure out if an email has an attachment by just looking at the headers, you need to check the body. You can try to infer by using the content-type or the size, but that isn't 100% valid. Aziz On Mon, Sep 23, 2013 at 2:59 PM, Negin Nickparsa nickpa...@gmail.comwrote: I have read your mail twice and still I could not get what you want exactly. can't get the structure of the email either although you elaborate it in details. you have said something about human rights that I couldn't understand why? but if you want to get the type of files fetch the structure and then you can use disposition string, find the attachment and then return the array. Sincerely Negin Nickparsa On Wed, Sep 18, 2013 at 3:27 PM, Domain nikha.org m...@nikha.org wrote: Hello all, im posting this here, because the bug report system of php.net is not right place for my problem. It's not a bug, but a wish - an I found there no wishlist option at all. I'm running my own webmail-client, written in PHP. It is stable, fast and pretty, showing the full power of the PHP imap section. Of course it presents paginated content lists for every mailbox the user may open. These lists tell him some usefull things about every mail actually listed: Sender, date, subject, size and (eventually) flags. All these things are nicely delivered by the function imap_fetch_overview() The same could be done by calling imap_headerinfo() for every single mail, but fetch_overview seems to be faster, because it does it at once for the whole batch. BUT NONE OF THEM returns any information about the MIME-Type of the mail! Since the user of my webmail client has the intrinsic, natural born an general human right to KNOW whether some mail in his mailbox has attachments or not, I'm forced to do very ugly things. My script calls additionally for every (!) actually listed mail imap_fetchbody($connect, $msg_no, 0) - where $connect holds the result of imap_open(). That gives me the mail header, the script reads the line starting with Content-Type: and returns its content. Evaluating this against mixed or alternative we have finaly what we want: This mail has attachments! Or is written in HTML, what is even more we wanted! Works fine, but is ugly. First fetch_overview parses all mail headers, then they are fetched again to be parsed for the MIME-Type. I could just omit fetch_overview and read the headers by my own means, that whould be faster, but then I loose the size information, that is NOT (and cannot) be part of the mail header! If I want to have both, size and MIME-Type, and I WANT to have both, respecting the intrinsic, natural born and general human rights of my user, im must call both, overview and fetchbody. My question is this: Is there a better solution? Or is there someone that knows someone among the PHP-Developpers to suggest them an improvement of the functions imap_fetch_overivew() and imap_headerinfo(). Please, Please, add the MIME-Type to your fantastic object collections! BTW: It's really easy. Read the Content-Type-Line! Sorry... Hope, somebody has an idea, my regards, Niklaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache
On Sep 23, 2013, at 1:36 PM, Domain nikha.org m...@nikha.org wrote: Better solutions? One I have used, and continue to use in Apache environments, is place uploads only in a place where they cannot be executed by turning off such options and handlers in that directory. This is *in addition* to untainting files and names of uploaded files. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] No MIME-Type in imap_fetch_overview()
Negin Nickparsa am Montag, 23. September 2013 - 20:59: I have read your mail twice and still I could not get what you want exactly. Sorry for my bad english! What I want is, that the users of my webmail client can see at a glance, if mails in their mailboxes have attachments or not. (Thats a human right! But of course I was joking... It's simply nice to provide this information and should be done) but if you want to get the type of files fetch the structure and then you can use disposition string, find the attachment and then return the array. Yes, I could do even that! But this is worse! Imagine, you do this in the overview of the mailbox content! This can be hunderds of mails! My script paginates this stuff in blocks of 16 (or something) mail headers, but even then you have an huge overhead. Why? Because, first you must collect the sender and subject information. This is done by imap_fetch_overview(), parsing the mailheaders and grabing some server data, like arrival date, size and flags. Fine, but you still know nothing about attachments! You must do something more. OK? You whould run imap_fetchstructure(), but sorry, that's the wrong time and place. You will need this monster object only when the user _reads_ some specific mail. At the moment, we are not reading, but collecting mails to present them in the mailbox overview. My script modestly fetches the mailheaders again to read the Content-Type-line. That's quite fast, works fine, but is stupid, because this headers were fetched and parsed just before! I ask you, and all PHP developpers: Why the hell this function does not parse this line too? (a part of so much others of less importance) The same is true for imap_headerinfo(). And: of course this Content-Type-line provides by far not the complete MIME-structure as imap_fetchstructure() does, but, as said, we don't need this at the moment. The result is a script, that I self whould not describe as good practice because of it's duplicated parsing of the same string, but I found no other way yet. That's my problem, you see? Sincerely Niklaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] No MIME-Type in imap_fetch_overview()
Aziz Saleh am Montag, 23. September 2013 - 22:06: What Niklaus wishes for is a way to detect if an email message contains an attachment by just reading the headers (correct me if I am wrong). Yes, that's what I'm seeking :-) This isn't really a PHP issue. In any language you can't really figure out if an email has an attachment by just looking at the headers, you need to check the body. You can try to infer by using the content-type or the size, but that isn't 100% valid. That's like radio Eriwan: In principle you are right! BUT: I want not show the whole MIME-structure in the mailbox overview! That whould be absurd, and indeed could only be done by reading the body. Nevertheless we have in the primary header of any MIME compliant message the line Content-Type. (We have it also in the headers of the attached parts, but that is not intresting now) In this primary header (fetched by imap_fetchbody($mailbox, $msg_no, 0)) the leading part of the MIME-type description can have only two values: text or multipart. Right? I'm sure you will never find other values in the _primary_ header. That's the first decision for your script. text: no attachment, multipart: attachment. No matter the subtype-value after the slash, you have what I want! And ONLY by looking on the header. And this ist 100% valid, because it follows logically from the imap- and MIME-rfc's. About malformed messages violating the protocols we discuss next year, you agree? :-) You may evaluate the subtype after the slash. If the type is multipart, you will find mixed, alternative, related or digest, if the type is text, you will have plain or html as subtype. May be there are more subtypes on the way, but all these are optional for the primary job, a decent mailbox overview must do: tell the user, whether there are attachments or not. My own webmail client does this job pretty good, but it violates my own standard of good practice. Whether imap_fetch-overview() nor imap_headerinfo are reading the Content-Type-line while parsing much other header lines of minor importance. My script must refetch the mailheaders to do that! This is an ugly overhead I wish to avoid. BTW: the squirrelmail-staff, leading in the PHP-webmail-world, just ignores the whole imap-extension of PHP. Instead, they talk low level with the server. But this way is a little bit too hard for me... Therefore my pledge to all involved into the development of the fabulous PHP framework, section imap: Please ad the primary MIME-type to the objects returned by fetch_overview and headerinfo! It's so ridiculous simple: read the Content-Type-line in the primary mailheader as I must do afterwards, only because you do not! Niklaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 22 Sep 2013 13:12:45 -0000 Issue 8372
php-general Digest 22 Sep 2013 13:12:45 - Issue 8372 Topics (messages 322142 through 322143): Re: jquery fill select option value 322142 by: Ashley Sheridan 322143 by: Jim Giner Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- iccsi inu...@gmail.com wrote: select id=mark name=mark option value=--/option option value=bmwBMW/option option value=audiAudi/option /select I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I would like know is it possible to do, if yes, any hint or example code at server site is appreciated, Your help and information is great appreciated, Regards, Iccsi, Yes it is possible but a) not at server side because JavaScript is run on the browser, and b) this is a PHP list not a JavaScript list. Saying that, why aren't you populating it on the server side with PHP? Thanks, Ash ---End Message--- ---BeginMessage--- On 9/22/2013 3:52 AM, Ashley Sheridan wrote: iccsi inu...@gmail.com wrote: select id=mark name=mark option value=--/option option value=bmwBMW/option option value=audiAudi/option /select I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I would like know is it possible to do, if yes, any hint or example code at server site is appreciated, Your help and information is great appreciated, Regards, Iccsi, Yes it is possible but a) not at server side because JavaScript is run on the browser, and b) this is a PHP list not a JavaScript list. Saying that, why aren't you populating it on the server side with PHP? Thanks, Ash Not sure what you are asking. With PHP it is possible to have a specifi item from the options selected in the drop down when the page is loaded. With JS it is possible to capture the newly selected option value and place it in another field, if that is what you want. Obviously when the user clicks on an option, that value IS placed in the select tag for processing at the server side by PHP on submit. So what is it you want to accomplish? ---End Message---
php-general Digest 23 Sep 2013 04:49:40 -0000 Issue 8373
php-general Digest 23 Sep 2013 04:49:40 - Issue 8373 Topics (messages 322144 through 322148): Re: jquery fill select option value 322144 by: Tedd Sperling 322145 by: Jim Giner 322146 by: Tedd Sperling Re: Friday's Question 322147 by: Jonesy Re: Apache's PHP handlers 322148 by: Tamara Temple Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- On Sep 21, 2013, at 9:06 PM, iccsi inu...@gmail.com wrote: select id=mark name=mark option value=--/option option value=bmwBMW/option option value=audiAudi/option /select I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I would like know is it possible to do, if yes, any hint or example code at server site is appreciated, Your help and information is great appreciated, While jQuery is great, you don't need jQuery for this -- a simple AJAX routine will do what you want. Here's an example: http://php1.net/a/zipcode-states/ The ajax routine is there -- you can copy it. The HTML is there -- you can copy that too. The php script is a simple script that is triggered by an ajax script (triggered by the user via onchange() ) that then pulls whatever data is needed to populate the remaining option controls via a GET. HTH's tedd ___ tedd sperling tedd.sperl...@gmail.com ---End Message--- ---BeginMessage--- On 9/22/2013 12:04 PM, Tedd Sperling wrote: On Sep 21, 2013, at 9:06 PM, iccsi inu...@gmail.com wrote: select id=mark name=mark option value=--/option option value=bmwBMW/option option value=audiAudi/option /select I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I would like know is it possible to do, if yes, any hint or example code at server site is appreciated, Your help and information is great appreciated, While jQuery is great, you don't need jQuery for this -- a simple AJAX routine will do what you want. Here's an example: http://php1.net/a/zipcode-states/ The ajax routine is there -- you can copy it. The HTML is there -- you can copy that too. The php script is a simple script that is triggered by an ajax script (triggered by the user via onchange() ) that then pulls whatever data is needed to populate the remaining option controls via a GET. HTH's tedd ___ tedd sperling tedd.sperl...@gmail.com OH!!! So you want to populate another(!) select box after the user makes his first selection. You didn't say that. Yes - ajax call would be just what you want to do. ---End Message--- ---BeginMessage--- On Sep 22, 2013, at 12:47 PM, Jim Giner jim.gi...@albanyhandball.com wrote: On 9/22/2013 12:04 PM, Tedd Sperling wrote: On Sep 21, 2013, at 9:06 PM, iccsi inu...@gmail.com wrote: select id=mark name=mark option value=--/option option value=bmwBMW/option option value=audiAudi/option /select I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I would like know is it possible to do, if yes, any hint or example code at server site is appreciated, Your help and information is great appreciated, While jQuery is great, you don't need jQuery for this -- a simple AJAX routine will do what you want. Here's an example: http://php1.net/a/zipcode-states/ The ajax routine is there -- you can copy it. The HTML is there -- you can copy that too. The php script is a simple script that is triggered by an ajax script (triggered by the user via onchange() ) that then pulls whatever data is needed to populate the remaining option controls via a GET. HTH's tedd OH!!! So you want to populate another(!) select box after the user makes his first selection. You didn't say that. Well... not meaning to disagree -- but he did say: I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I took that to mean fill another option control. Why would one want to change the values of the current one? tedd ___ tedd sperling tedd.sperl...@gmail.com ---End Message--- ---BeginMessage--- On Fri, 20 Sep 2013 12:51:49 -0400, Tedd Sperling wrote: Do you use a Mousepad? Age: 70 Mousepad: No. Been using trackballs since 1993... (No room for a mousepad on _my_ desktop!) ---End Message--- ---BeginMessage--- On Sep 19, 2013, at 9:14 AM, Arno Kuhl a...@dotcontent.net wrote: Arno: If you can request that file using a web browser, and it gets executed as PHP on your server then there is an error in the Apache configuration. Easy test
Re: [PHP] jquery fill select option value
iccsi inu...@gmail.com wrote: select id=mark name=mark option value=--/option option value=bmwBMW/option option value=audiAudi/option /select I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I would like know is it possible to do, if yes, any hint or example code at server site is appreciated, Your help and information is great appreciated, Regards, Iccsi, Yes it is possible but a) not at server side because JavaScript is run on the browser, and b) this is a PHP list not a JavaScript list. Saying that, why aren't you populating it on the server side with PHP? Thanks, Ash -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] jquery fill select option value
On 9/22/2013 3:52 AM, Ashley Sheridan wrote: iccsi inu...@gmail.com wrote: select id=mark name=mark option value=--/option option value=bmwBMW/option option value=audiAudi/option /select I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I would like know is it possible to do, if yes, any hint or example code at server site is appreciated, Your help and information is great appreciated, Regards, Iccsi, Yes it is possible but a) not at server side because JavaScript is run on the browser, and b) this is a PHP list not a JavaScript list. Saying that, why aren't you populating it on the server side with PHP? Thanks, Ash Not sure what you are asking. With PHP it is possible to have a specifi item from the options selected in the drop down when the page is loaded. With JS it is possible to capture the newly selected option value and place it in another field, if that is what you want. Obviously when the user clicks on an option, that value IS placed in the select tag for processing at the server side by PHP on submit. So what is it you want to accomplish? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] jquery fill select option value
On Sep 21, 2013, at 9:06 PM, iccsi inu...@gmail.com wrote: select id=mark name=mark option value=--/option option value=bmwBMW/option option value=audiAudi/option /select I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I would like know is it possible to do, if yes, any hint or example code at server site is appreciated, Your help and information is great appreciated, While jQuery is great, you don't need jQuery for this -- a simple AJAX routine will do what you want. Here's an example: http://php1.net/a/zipcode-states/ The ajax routine is there -- you can copy it. The HTML is there -- you can copy that too. The php script is a simple script that is triggered by an ajax script (triggered by the user via onchange() ) that then pulls whatever data is needed to populate the remaining option controls via a GET. HTH's tedd ___ tedd sperling tedd.sperl...@gmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] jquery fill select option value
On 9/22/2013 12:04 PM, Tedd Sperling wrote: On Sep 21, 2013, at 9:06 PM, iccsi inu...@gmail.com wrote: select id=mark name=mark option value=--/option option value=bmwBMW/option option value=audiAudi/option /select I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I would like know is it possible to do, if yes, any hint or example code at server site is appreciated, Your help and information is great appreciated, While jQuery is great, you don't need jQuery for this -- a simple AJAX routine will do what you want. Here's an example: http://php1.net/a/zipcode-states/ The ajax routine is there -- you can copy it. The HTML is there -- you can copy that too. The php script is a simple script that is triggered by an ajax script (triggered by the user via onchange() ) that then pulls whatever data is needed to populate the remaining option controls via a GET. HTH's tedd ___ tedd sperling tedd.sperl...@gmail.com OH!!! So you want to populate another(!) select box after the user makes his first selection. You didn't say that. Yes - ajax call would be just what you want to do. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] jquery fill select option value
On Sep 22, 2013, at 12:47 PM, Jim Giner jim.gi...@albanyhandball.com wrote: On 9/22/2013 12:04 PM, Tedd Sperling wrote: On Sep 21, 2013, at 9:06 PM, iccsi inu...@gmail.com wrote: select id=mark name=mark option value=--/option option value=bmwBMW/option option value=audiAudi/option /select I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I would like know is it possible to do, if yes, any hint or example code at server site is appreciated, Your help and information is great appreciated, While jQuery is great, you don't need jQuery for this -- a simple AJAX routine will do what you want. Here's an example: http://php1.net/a/zipcode-states/ The ajax routine is there -- you can copy it. The HTML is there -- you can copy that too. The php script is a simple script that is triggered by an ajax script (triggered by the user via onchange() ) that then pulls whatever data is needed to populate the remaining option controls via a GET. HTH's tedd OH!!! So you want to populate another(!) select box after the user makes his first selection. You didn't say that. Well... not meaning to disagree -- but he did say: I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I took that to mean fill another option control. Why would one want to change the values of the current one? tedd ___ tedd sperling tedd.sperl...@gmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Friday's Question
On Fri, 20 Sep 2013 12:51:49 -0400, Tedd Sperling wrote: Do you use a Mousepad? Age: 70 Mousepad: No. Been using trackballs since 1993... (No room for a mousepad on _my_ desktop!) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache's PHP handlers
On Sep 19, 2013, at 9:14 AM, Arno Kuhl a...@dotcontent.net wrote: Arno: If you can request that file using a web browser, and it gets executed as PHP on your server then there is an error in the Apache configuration. Easy test: create a file in a text editor containing some PHP (?php phpinfo(); ? would be enough) and upload it to the www root of your site and name it test.pgif. Then hit http://www.yourdomain.com/test.pgif in your browser. If you see the PHP code or an error then you're fine. If you see PHP's info page then you need to change web host as quickly as possible. I don't care if they fix it - the fact their server was configured to do this by default is enough for me to never trust them again. -Stuart -- Thanks Stuart. I just tried it now, test.php.pgif displayed the info while test.xyz.pgif returned the content, confirming the problem. My service provider finally conceded the problem is on their side and are looking for an urgent fix, much too complicated to consider moving service providers in the short term. As a side note, the sp said the issue is new and coincided with an upgrade to fastcgi recently, I wonder if the hacker was exploiting a known issue with that scenario? Cheers Arno GoDaddy's default plesk-generated configuration for FastCGI-served PHP files only looked to see if the file contained .php somewhere on it's path - i.e. it would happily execute 'malicilous.php.txt' as php code, even something ridiculous like 'malware.phpnoreallyiwantthistorun'. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 21 Sep 2013 11:22:55 -0000 Issue 8370
php-general Digest 21 Sep 2013 11:22:55 - Issue 8370 Topics (messages 322126 through 322140): Re: Friday's Question 322126 by: Jen Rasmussen 322127 by: Joshua Kehn 322128 by: Larry Martell 322129 by: Matijn Woudt 322130 by: Camilo Sperberg 322132 by: Tedd Sperling 322133 by: Mattias Thorslund 322134 by: Curtis Maurand 322135 by: Bastien 322136 by: Tim Streater 322137 by: Tim Streater 322138 by: Simon J Welsh 322139 by: Daniel 322140 by: Ashley Sheridan Re: php-general Digest 20 Sep 2013 17:33:26 - Issue 8369 322131 by: Bill Guion Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- -Original Message- From: larry.mart...@gmail.com [mailto:larry.mart...@gmail.com] On Behalf Of Larry Martell Sent: Friday, September 20, 2013 12:26 PM To: j...@cetaceasound.com Cc: Tedd Sperling; PHP General Subject: Re: [PHP] Friday's Question On Fri, Sep 20, 2013 at 11:20 AM, Jen Rasmussen j...@cetaceasound.com wrote: -Original Message- What in the heck is a Bag Bomb? It's a salve for cow udders. Not sure what a person would do with it. Ha! Interesting. Thanks :) ---End Message--- ---BeginMessage--- On Sep 20, 2013, at 1:26 PM, Larry Martell la...@software-horizons.com wrote: On Fri, Sep 20, 2013 at 11:24 AM, Joshua Kehn josh.k...@gmail.com wrote: Slightly snobbish solution: Don't use windows. Unfortunately required to VPN into most of my clients corporate networks. Windows is required to VPN in? I'm guessing they use some proprietary client then? --jk---End Message--- ---BeginMessage--- On Fri, Sep 20, 2013 at 11:35 AM, Joshua Kehn josh.k...@gmail.com wrote: On Sep 20, 2013, at 1:26 PM, Larry Martell la...@software-horizons.com wrote: On Fri, Sep 20, 2013 at 11:24 AM, Joshua Kehn josh.k...@gmail.com wrote: Slightly snobbish solution: Don't use windows. Unfortunately required to VPN into most of my clients corporate networks. Windows is required to VPN in? I'm guessing they use some proprietary client then? --jk Yes, and/or they validate the host ID, and/or there's some soft key RSA thing involved. ---End Message--- ---BeginMessage--- On Fri, Sep 20, 2013 at 6:51 PM, Tedd Sperling t...@sperling.com wrote: Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No Age: 21 Mouse: No, so why would I need a mousepad? ---End Message--- ---BeginMessage--- On 20 sep. 2013, at 18:51, Tedd Sperling t...@sperling.com wrote: Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No Thank you, tedd PS: * If you don't want to provide your actual age, then indicate your age by stating young, middle-age, old-age, ancient, or whatever term describes your age. Alternate -- I claim that you can tell a man's age by ten-times the number of personal products he routinely uses, for example: Years Old - Personal Products 10Toothpaste 20Toothpaste, Deodorant 30Toothpaste, Deodorant, Aftershave 40Toothpaste, Deodorant, Aftershave, Minoxidil 50Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H 60Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb 70Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb, Fixodent So, you could indicate age by stating Bag Bomb like me. ___ tedd sperling t...@sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Age: Aftershave (but I've began using it only a year
php-general Digest 22 Sep 2013 01:07:00 -0000 Issue 8371
php-general Digest 22 Sep 2013 01:07:00 - Issue 8371 Topics (messages 322141 through 322141): jquery fill select option value 322141 by: iccsi Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- select id=mark name=mark option value=--/option option value=bmwBMW/option option value=audiAudi/option /select I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I would like know is it possible to do, if yes, any hint or example code at server site is appreciated, Your help and information is great appreciated, Regards, Iccsi, ---End Message---
Re: [PHP] Friday's Question
On Sat, 2013-09-21 at 11:07 +1000, Daniel wrote: 25 network admin and programmer and yes I use a mouse pad - my mouse hates me if I dont use it. -- Regards, Daniel Fenn 29 and don't use a mouse pad right now, although I did before I moved because the surface of my desk was too shiny. That's the only reason I ever use one now. Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] jquery fill select option value
select id=mark name=mark option value=--/option option value=bmwBMW/option option value=audiAudi/option /select I use above code to have my select drop down on the form and would like to use jQuery to fill option value on change event. I would like know is it possible to do, if yes, any hint or example code at server site is appreciated, Your help and information is great appreciated, Regards, Iccsi, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
php-general Digest 20 Sep 2013 17:33:26 -0000 Issue 8369
php-general Digest 20 Sep 2013 17:33:26 - Issue 8369 Topics (messages 322111 through 322125): Friday's Question 322111 by: Tedd Sperling 322112 by: Larry Martell 322113 by: Aziz Saleh 322114 by: Daniel Brown 322115 by: Kirk.Johnson.zootweb.com 322116 by: Jeff Burcher 322117 by: Joshua Kehn 322119 by: Jen Rasmussen 322120 by: Larry Martell 322121 by: Joshua Kehn 322122 by: Larry Martell 322123 by: Larry Martell 322124 by: Daniel Brown 322125 by: Sean Greenslade Re: Apache 322118 by: Domain nikha.org Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No Thank you, tedd PS: * If you don't want to provide your actual age, then indicate your age by stating young, middle-age, old-age, ancient, or whatever term describes your age. Alternate -- I claim that you can tell a man's age by ten-times the number of personal products he routinely uses, for example: Years Old - Personal Products 10 Toothpaste 20 Toothpaste, Deodorant 30 Toothpaste, Deodorant, Aftershave 40 Toothpaste, Deodorant, Aftershave, Minoxidil 50 Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H 60 Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb 70 Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb, Fixodent So, you could indicate age by stating Bag Bomb like me. ___ tedd sperling t...@sperling.com ---End Message--- ---BeginMessage--- On Fri, Sep 20, 2013 at 10:51 AM, Tedd Sperling t...@sperling.com wrote: Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No 54 Yes ---End Message--- ---BeginMessage--- Haha, like your product usage chart Tedd, Age: 31 Mousepad: Webster New Dictionary of Synonyms, too lazy of having to go to Microcenter and buy one! Aziz On Fri, Sep 20, 2013 at 12:58 PM, Larry Martell la...@software-horizons.com wrote: On Fri, Sep 20, 2013 at 10:51 AM, Tedd Sperling t...@sperling.com wrote: Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No 54 Yes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ---End Message--- ---BeginMessage--- On Fri, Sep 20, 2013 at 12:51 PM, Tedd Sperling t...@sperling.com wrote: Hi gang: Do you use a Mousepad? I'm in my mid-thirties and - despite having an optical mouse - I do indeed still use a mousepad. A customized one that the wife did for me for Christmas one year: images of Futurama, the Cleveland Browns, Minnesota Vikings, and several aircraft, all surrounding a picture of her and our daughter. I've found that shiny surfaces - such as my desk - reflect too much of the laser, causing the mouse to be far less responsive. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ ---End Message--- ---BeginMessage--- Tedd Sperling t...@sperling.com wrote on 09/20/2013 10:51:49 AM: Do you use a Mousepad
[PHP] Friday's Question
Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No Thank you, tedd PS: * If you don't want to provide your actual age, then indicate your age by stating young, middle-age, old-age, ancient, or whatever term describes your age. Alternate -- I claim that you can tell a man's age by ten-times the number of personal products he routinely uses, for example: Years Old - Personal Products 10 Toothpaste 20 Toothpaste, Deodorant 30 Toothpaste, Deodorant, Aftershave 40 Toothpaste, Deodorant, Aftershave, Minoxidil 50 Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H 60 Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb 70 Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb, Fixodent So, you could indicate age by stating Bag Bomb like me. ___ tedd sperling t...@sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Friday's Question
-Original Message- From: larry.mart...@gmail.com [mailto:larry.mart...@gmail.com] On Behalf Of Larry Martell Sent: Friday, September 20, 2013 12:26 PM To: j...@cetaceasound.com Cc: Tedd Sperling; PHP General Subject: Re: [PHP] Friday's Question On Fri, Sep 20, 2013 at 11:20 AM, Jen Rasmussen j...@cetaceasound.com wrote: -Original Message- What in the heck is a Bag Bomb? It's a salve for cow udders. Not sure what a person would do with it. Ha! Interesting. Thanks :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Fri, Sep 20, 2013 at 11:35 AM, Joshua Kehn josh.k...@gmail.com wrote: On Sep 20, 2013, at 1:26 PM, Larry Martell la...@software-horizons.com wrote: On Fri, Sep 20, 2013 at 11:24 AM, Joshua Kehn josh.k...@gmail.com wrote: Slightly snobbish solution: Don't use windows. Unfortunately required to VPN into most of my clients corporate networks. Windows is required to VPN in? I'm guessing they use some proprietary client then? --jk Yes, and/or they validate the host ID, and/or there's some soft key RSA thing involved. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Sep 20, 2013, at 1:04 PM, Daniel Brown danbr...@php.net wrote: I'm in my mid-thirties and - despite having an optical mouse - I do indeed still use a mousepad. A customized one that the wife did for me for Christmas one year: images of Futurama, the Cleveland Browns, Minnesota Vikings, and several aircraft, all surrounding a picture of her and our daughter. I've found that shiny surfaces - such as my desk - reflect too much of the laser, causing the mouse to be far less responsive. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ I'm in my 20's and rarely, if ever, use a dedicated mouse. I've transitioned to having all my workstations be laptops of one sort or another and they have built-in trackpads. Of course I also rarely use the mouse when there are so many keyboard shortcuts available. Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
Tedd Sperling t...@sperling.com wrote on 09/20/2013 10:51:49 AM: Do you use a Mousepad? [-snip-] Age: Bag Bomb Mousepad: Yes Padding for my wrist and quieter moving the mouse around - no scraping. So yes, I'm even too old to be plugged into an iPud or an iPeed, whatever they are :) Kirk
RE: [PHP] Friday's Question
-Original Message- From: Tedd Sperling [mailto:t...@sperling.com] Sent: Friday, September 20, 2013 12:52 PM To: php-general@lists.php.net Subject: [PHP] Friday's Question Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No Thank you, tedd PS: * If you don't want to provide your actual age, then indicate your age by stating young, middle-age, old-age, ancient, or whatever term describes your age. Alternate -- I claim that you can tell a man's age by ten-times the number of personal products he routinely uses, for example: Years Old - Personal Products 10Toothpaste 20Toothpaste, Deodorant 30Toothpaste, Deodorant, Aftershave 40Toothpaste, Deodorant, Aftershave, Minoxidil 50Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H 60Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb 70Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb, Fixodent So, you could indicate age by stating Bag Bomb like me. ___ tedd sperling t...@sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Age: 54 Mousepad: Yes Laser mice don't like reflective surfaces so much and if I don't carve out desk space for my mouse with a mousepad, I find that moving my mouse over multiple sheets of paper, paperclips, and whatnot is not very effective and somewhat frustrating. Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Fri, Sep 20, 2013 at 6:51 PM, Tedd Sperling t...@sperling.com wrote: Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No Age: 21 Mouse: No, so why would I need a mousepad?
RE: [PHP] Friday's Question
-Original Message- From: Tedd Sperling [mailto:t...@sperling.com] Sent: Friday, September 20, 2013 11:52 AM To: php-general@lists.php.net Subject: [PHP] Friday's Question Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No Thank you, tedd PS: * If you don't want to provide your actual age, then indicate your age by stating young, middle-age, old-age, ancient, or whatever term describes your age. Alternate -- I claim that you can tell a man's age by ten-times the number of personal products he routinely uses, for example: Years Old - Personal Products 10 Toothpaste 20 Toothpaste, Deodorant 30 Toothpaste, Deodorant, Aftershave 40 Toothpaste, Deodorant, Aftershave, Minoxidil 50 Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H 60 Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb 70 Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb, Fixodent So, you could indicate age by stating Bag Bomb like me. ___ tedd sperling t...@sperling.com 41 Mouse (yes) - I already have issues with my hands from work (carpal tunnel) so I need all the cushion I can get, andoh yeah Fixodent LOL. What in the heck is a Bag Bomb? Jen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Apache
Hi Arno!
Seems to be the standard behaviour of Apache servers all over the
world!
I was testing this way:
First I renamed a real, proper GIF-file to this.php.nice.gif, put it
in the root of my websites and called it with the browser. Result:
Error 500 Internal Server Error. The logfile tells: Premature end of
script headers: this.php.nice.gif.
Then I did infect the same GIF-file with some PHP-Code (?php echo
Hello, I'm evel; ?), renamed it to this.php.evel.gif, put it in the
root, called it with the browser. The result was exactly the same: Error
500, Premature end of script headers.
That means, wether the file is infected or not, it IS passed to the PHP
interpreter only because it contains somewehere .php in his name!
Then I renamed a real PHP script to test.php.gif. This finaly produced
the following response from my web hoster:
_QUOTE_
Files with Extra .php. Extension
If you were directed to this page, you probably tried viewing a file
that contains .php. in its name, such as image.php.jpeg or image.php.
(note the extra dot at the end).
The site you were visiting uses the Apache Web server, which will
usually attempt to run such files as PHP scripts (instead of allowing
your browser to display them as images, or completely failing to run
them, as you'd probably expect).
Allowing those files to run as a PHP script is a security vulnerability,
as seen in exploits for WordPress and Joomla. Because of that, we block
requests to these files.
If youre the owner of this site and you want to use a real image that
includes .php. as part of the name, please rename the file.
_END QUOTE_
Sounds reasonable. And means, you really must protect your uploadings.
A simple way:
$filename = str_replace('.php', '', $_FILES['userfile']['name']);
move_uploaded_file($_FILES['userfile']['tmp_name'],
'yourdirectory/'.$filename);
Hope, this helps,
Niklaus
Arno Kuhl am Donnerstag, 19. September 2013 - 16:14:
Arno: If you can request that file using a web browser, and it gets
executed
as PHP on your server then there is an error in the Apache
configuration.
Easy test: create a file in a text editor containing some PHP (?php
phpinfo(); ? would be enough) and upload it to the www root of your
site
and name it test.pgif. Then hit http://www.yourdomain.com/test.pgif in
your
browser. If you see the PHP code or an error then you're fine. If you
see
PHP's info page then you need to change web host as quickly as
possible. I
don't care if they fix it - the fact their server was configured to do
this
by default is enough for me to never trust them again.
-Stuart
--
Thanks Stuart. I just tried it now, test.php.pgif displayed the info
while
test.xyz.pgif returned the content, confirming the problem. My
service
provider finally conceded the problem is on their side and are looking
for
an urgent fix, much too complicated to consider moving service
providers in
the short term.
As a side note, the sp said the issue is new and coincided with an
upgrade
to fastcgi recently, I wonder if the hacker was exploiting a known
issue
with that scenario?
Cheers
Arno
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Fri, Sep 20, 2013 at 12:51 PM, Tedd Sperling t...@sperling.com wrote: Hi gang: Do you use a Mousepad? I'm in my mid-thirties and - despite having an optical mouse - I do indeed still use a mousepad. A customized one that the wife did for me for Christmas one year: images of Futurama, the Cleveland Browns, Minnesota Vikings, and several aircraft, all surrounding a picture of her and our daughter. I've found that shiny surfaces - such as my desk - reflect too much of the laser, causing the mouse to be far less responsive. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Fri, Sep 20, 2013 at 10:51 AM, Tedd Sperling t...@sperling.com wrote: Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No 54 Yes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
Haha, like your product usage chart Tedd, Age: 31 Mousepad: Webster New Dictionary of Synonyms, too lazy of having to go to Microcenter and buy one! Aziz On Fri, Sep 20, 2013 at 12:58 PM, Larry Martell la...@software-horizons.com wrote: On Fri, Sep 20, 2013 at 10:51 AM, Tedd Sperling t...@sperling.com wrote: Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No 54 Yes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Fri, Sep 20, 2013 at 11:16 AM, Joshua Kehn josh.k...@gmail.com wrote: On Sep 20, 2013, at 1:04 PM, Daniel Brown danbr...@php.net wrote: I'm in my mid-thirties and - despite having an optical mouse - I do indeed still use a mousepad. A customized one that the wife did for me for Christmas one year: images of Futurama, the Cleveland Browns, Minnesota Vikings, and several aircraft, all surrounding a picture of her and our daughter. I've found that shiny surfaces - such as my desk - reflect too much of the laser, causing the mouse to be far less responsive. I'm in my 20's and rarely, if ever, use a dedicated mouse. I've transitioned to having all my workstations be laptops of one sort or another and they have built-in trackpads. Of course I also rarely use the mouse when there are so many keyboard shortcuts available. When I'm on my MacBook (which is most of the time) I use the trackpad. But in the unfortunate times I have to be on a Windows box I always connect a mouse. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Sep 20, 2013, at 1:26 PM, Larry Martell la...@software-horizons.com wrote: On Fri, Sep 20, 2013 at 11:24 AM, Joshua Kehn josh.k...@gmail.com wrote: Slightly snobbish solution: Don't use windows. Unfortunately required to VPN into most of my clients corporate networks. Windows is required to VPN in? I'm guessing they use some proprietary client then? --jk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On 20 sep. 2013, at 18:51, Tedd Sperling t...@sperling.com wrote: Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No Thank you, tedd PS: * If you don't want to provide your actual age, then indicate your age by stating young, middle-age, old-age, ancient, or whatever term describes your age. Alternate -- I claim that you can tell a man's age by ten-times the number of personal products he routinely uses, for example: Years Old - Personal Products 10Toothpaste 20Toothpaste, Deodorant 30Toothpaste, Deodorant, Aftershave 40Toothpaste, Deodorant, Aftershave, Minoxidil 50Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H 60Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb 70Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb, Fixodent So, you could indicate age by stating Bag Bomb like me. ___ tedd sperling t...@sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Age: Aftershave (but I've began using it only a year ago xD) Mousepad: No, but if I had to use a mouse, I prefer a mousepad I currently use only my MBP's trackpad, and it is so customizable I ended up buying a magic trackpad for my Mac at work as well. But, back in the days of Windows I was using a mousepad, mainly because it just looks better than having nothing at all. Greetings. Met vriendelijke groet, Camilo Sperberg W: http://unreal4u.com T: http://twitter.com/unreal4u -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Fri, Sep 20, 2013 at 1:20 PM, Jen Rasmussen j...@cetaceasound.com wrote: LOL. What in the heck is a Bag Bomb? He's referring to Bag Balm. http://www.bagbalm.com/ -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Fri, Sep 20, 2013 at 11:20 AM, Jen Rasmussen j...@cetaceasound.com wrote: -Original Message- What in the heck is a Bag Bomb? It's a salve for cow udders. Not sure what a person would do with it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Fri, Sep 20, 2013 at 11:24 AM, Joshua Kehn josh.k...@gmail.com wrote: On Sep 20, 2013, at 1:23 PM, Larry Martell la...@software-horizons.com wrote: On Fri, Sep 20, 2013 at 11:16 AM, Joshua Kehn josh.k...@gmail.com wrote: I'm in my 20's and rarely, if ever, use a dedicated mouse. I've transitioned to having all my workstations be laptops of one sort or another and they have built-in trackpads. Of course I also rarely use the mouse when there are so many keyboard shortcuts available. When I'm on my MacBook (which is most of the time) I use the trackpad. But in the unfortunate times I have to be on a Windows box I always connect a mouse. Slightly snobbish solution: Don't use windows. Unfortunately required to VPN into most of my clients corporate networks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Fri, Sep 20, 2013 at 12:51:49PM -0400, Tedd Sperling wrote: Hi gang: Do you use a Mousepad? College Student (Electrical Engineer, go figure). Age: 20 Mousepad: yes I've used both optical and laser mice (they're a bit different, but similar tech) and I've found that I like having the pad because it sets the DPI of the mouse consistently. My favorite mousepad is this cheap as hell thin rubber and cloth one that I got from dealextreme.com many years ago. Go figure... --Sean -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Sep 20, 2013, at 1:23 PM, Larry Martell la...@software-horizons.com wrote: On Fri, Sep 20, 2013 at 11:16 AM, Joshua Kehn josh.k...@gmail.com wrote: I'm in my 20's and rarely, if ever, use a dedicated mouse. I've transitioned to having all my workstations be laptops of one sort or another and they have built-in trackpads. Of course I also rarely use the mouse when there are so many keyboard shortcuts available. When I'm on my MacBook (which is most of the time) I use the trackpad. But in the unfortunate times I have to be on a Windows box I always connect a mouse. Slightly snobbish solution: Don't use windows. --jk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Sep 20, 2013, at 1:25 PM, Larry Martell la...@software-horizons.com wrote: On Fri, Sep 20, 2013 at 11:20 AM, Jen Rasmussen j...@cetaceasound.com wrote: -Original Message- What in the heck is a Bag Bomb? It's a salve for cow udders. Not sure what a person would do with it. Feet. Wait until you have callus as feet. tedd ___ tedd sperling t...@sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php-general Digest 20 Sep 2013 17:33:26 -0000 Issue 8369
On Sep 20, 2013, at 1:33 PM, php-general-digest-h...@lists.php.net wrote: Friday's Question 322111 by: Tedd Sperling -- From: Tedd Sperling t...@sperling.com Subject: Friday's Question Date: September 20, 2013 12:51:49 PM EDT To: php-general@lists.php.net Hi gang: Do you use a Mousepad? My reason for asking is that I've used a Mousepad ever since mice first came out (back when they had one ball). Now that mice are optical (no balls), Mousepads are not really needed -- or so I'll told by the college -- you see, they don't provide Mousepads for their student's computers. As such, I wondered what's the percentage of programmers still using a Mousepad? Secondly, are Mousepads used primarily by older programmers (like me) while younger programmers don't use Mousepads, or what? So -- please respond with: Age: * Mousepad: Yes/No Thank you, tedd PS: * If you don't want to provide your actual age, then indicate your age by stating young, middle-age, old-age, ancient, or whatever term describes your age. Alternate -- I claim that you can tell a man's age by ten-times the number of personal products he routinely uses, for example: Years Old - Personal Products 10Toothpaste 20Toothpaste, Deodorant 30Toothpaste, Deodorant, Aftershave 40Toothpaste, Deodorant, Aftershave, Minoxidil 50Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H 60Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb 70Toothpaste, Deodorant, Aftershave, Minoxidil, Preparation-H, Bag Bomb, Fixodent So, you could indicate age by stating Bag Bomb like me. ___ tedd sperling t...@sperling.com Age: 72 years, 7 days toothpaste, deodorant, aftershave. Don't need the rest, yet. Mousepad: Yes. I find it easier to clean the mousepad than to try to clean the keyboard tray/desktop/whatever. -= Bill =- -- A day without sunshine is like a day in Seattle.
Re: [PHP] Friday's Question
On 9/20/2013 1:24 PM, Joshua Kehn wrote: On Sep 20, 2013, at 1:23 PM, Larry Martell la...@software-horizons.com wrote: On Fri, Sep 20, 2013 at 11:16 AM, Joshua Kehn josh.k...@gmail.com wrote: I'm in my 20's and rarely, if ever, use a dedicated mouse. I've transitioned to having all my workstations be laptops of one sort or another and they have built-in trackpads. Of course I also rarely use the mouse when there are so many keyboard shortcuts available. When I'm on my MacBook (which is most of the time) I use the trackpad. But in the unfortunate times I have to be on a Windows box I always connect a mouse. Slightly snobbish solution: Don't use windows. I'm agnostic when it comes to operating systems. I use Windows, Linux and Mac. I always go for a mouse. If the surface is really shiny, you'll need something under the mouse. In the case of a shiny surface, I've even used a piece of paper under the mouse in a pinch. I tend to use a mousepad in those cases, though. I'm not using one at home, but I do use one at work. It's a matter of taste. --jk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
