Re: [PHP] Re: RewriteRules
On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: Jason: In addition to what everyone else has said, try this: $self = basename($_SERVER['SCRIPT_NAME']) I use it for forms -- you might find it useful. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com No need to use it on forms, as leaving the action attribute empty means the form sends to itself anyway. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RewriteRules
At 2:33 PM + 1/13/09, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: Jason: In addition to what everyone else has said, try this: $self = basename($_SERVER['SCRIPT_NAME']) I use it for forms -- you might find it useful. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com No need to use it on forms, as leaving the action attribute empty means the form sends to itself anyway. Ash Ash: That's what I've said for years, but (I think it was on this list, but too lazy to look) there was a concern that some browsers may not follow that default behavior. However, using what I provided will work regardless. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RewriteRules
On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: At 2:33 PM + 1/13/09, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: Jason: In addition to what everyone else has said, try this: $self = basename($_SERVER['SCRIPT_NAME']) I use it for forms -- you might find it useful. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com No need to use it on forms, as leaving the action attribute empty means the form sends to itself anyway. Ash Ash: That's what I've said for years, but (I think it was on this list, but too lazy to look) there was a concern that some browsers may not follow that default behavior. However, using what I provided will work regardless. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com I've not yet seen a browser that doesn't do this, and it's pretty old HTML really, so I don't see a reason why any new browsers wouldn't incorporate it. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RewriteRules
On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: At 2:33 PM + 1/13/09, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: Jason: In addition to what everyone else has said, try this: $self = basename($_SERVER['SCRIPT_NAME']) I use it for forms -- you might find it useful. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http:// earthstones.com No need to use it on forms, as leaving the action attribute empty means the form sends to itself anyway. Ash Ash: That's what I've said for years, but (I think it was on this list, but too lazy to look) there was a concern that some browsers may not follow that default behavior. However, using what I provided will work regardless. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com I've not yet seen a browser that doesn't do this, and it's pretty old HTML really, so I don't see a reason why any new browsers wouldn't incorporate it. I prefer to be specific in my programming :) What I typically do with self submitting forms is: ?PHP $self = $_SERVER['PHP_SELF']; echo HTML form method=post action={$self} ... /form HTML; ? But to each his (Or her) own right? -- Jason Pruim japr...@raoset.com 616.399.2355
Re: [PHP] Re: RewriteRules
On Tue, 2009-01-13 at 13:14 -0500, Jason Pruim wrote: On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: At 2:33 PM + 1/13/09, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: Jason: In addition to what everyone else has said, try this: $self = basename($_SERVER['SCRIPT_NAME']) I use it for forms -- you might find it useful. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http:// earthstones.com No need to use it on forms, as leaving the action attribute empty means the form sends to itself anyway. Ash Ash: That's what I've said for years, but (I think it was on this list, but too lazy to look) there was a concern that some browsers may not follow that default behavior. However, using what I provided will work regardless. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com I've not yet seen a browser that doesn't do this, and it's pretty old HTML really, so I don't see a reason why any new browsers wouldn't incorporate it. I prefer to be specific in my programming :) What I typically do with self submitting forms is: ?PHP $self = $_SERVER['PHP_SELF']; echo HTML form method=post action={$self} ... /form HTML; ? But to each his (Or her) own right? Wow, that's really low level... I haven't written a form tag in years. :) Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RewriteRules
On Jan 13, 2009, at 1:26 PM, Robert Cummings wrote: On Tue, 2009-01-13 at 13:14 -0500, Jason Pruim wrote: On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: At 2:33 PM + 1/13/09, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: I prefer to be specific in my programming :) What I typically do with self submitting forms is: ?PHP $self = $_SERVER['PHP_SELF']; echo HTML form method=post action={$self} ... /form HTML; ? But to each his (Or her) own right? Wow, that's really low level... I haven't written a form tag in years. So then the question is begged... How do you write your forms? :) If there's a better way to do it I'm all ears! Other then using CSS... My HTML knowledge came from the 90's! :P -- Jason Pruim japr...@raoset.com 616.399.2355
Re: [PHP] Re: RewriteRules
On Tue, Jan 13, 2009 at 1:14 PM, Jason Pruim japr...@raoset.com wrote: On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: At 2:33 PM + 1/13/09, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: Jason: In addition to what everyone else has said, try this: $self = basename($_SERVER['SCRIPT_NAME']) I use it for forms -- you might find it useful. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com No need to use it on forms, as leaving the action attribute empty means the form sends to itself anyway. Ash Ash: That's what I've said for years, but (I think it was on this list, but too lazy to look) there was a concern that some browsers may not follow that default behavior. However, using what I provided will work regardless. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com I've not yet seen a browser that doesn't do this, and it's pretty old HTML really, so I don't see a reason why any new browsers wouldn't incorporate it. I prefer to be specific in my programming :) What I typically do with self submitting forms is: ?PHP $self = $_SERVER['PHP_SELF']; echo HTML form method=post action={$self} ... /form HTML; ? But to each his (Or her) own right? -- Jason Pruim japr...@raoset.com 616.399.2355 You know that's asking for xss, right? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RewriteRules
On Tue, Jan 13, 2009 at 10:28 AM, Jason Pruim japr...@raoset.com wrote: On Jan 13, 2009, at 1:26 PM, Robert Cummings wrote: On Tue, 2009-01-13 at 13:14 -0500, Jason Pruim wrote: On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: At 2:33 PM + 1/13/09, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: I prefer to be specific in my programming :) What I typically do with self submitting forms is: ?PHP $self = $_SERVER['PHP_SELF']; echo HTML form method=post action={$self} ... /form HTML; ? But to each his (Or her) own right? Wow, that's really low level... I haven't written a form tag in years. So then the question is begged... How do you write your forms? :) If there's a better way to do it I'm all ears! Other then using CSS... My HTML knowledge came from the 90's! :P -- Jason Pruim japr...@raoset.com 616.399.2355 Build yourself a form builder :). Makes writing a page as east as 1 2 3! -- Kyle Terry | www.kyleterry.com
Re: [PHP] Re: RewriteRules
On Jan 13, 2009, at 1:30 PM, Kyle Terry wrote: On Tue, Jan 13, 2009 at 10:28 AM, Jason Pruim japr...@raoset.com wrote: On Jan 13, 2009, at 1:26 PM, Robert Cummings wrote: On Tue, 2009-01-13 at 13:14 -0500, Jason Pruim wrote: On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: At 2:33 PM + 1/13/09, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: I prefer to be specific in my programming :) What I typically do with self submitting forms is: ?PHP $self = $_SERVER['PHP_SELF']; echo HTML form method=post action={$self} ... /form HTML; ? But to each his (Or her) own right? Wow, that's really low level... I haven't written a form tag in years. So then the question is begged... How do you write your forms? :) If there's a better way to do it I'm all ears! Other then using CSS... My HTML knowledge came from the 90's! :P -- Jason Pruim japr...@raoset.com 616.399.2355 Build yourself a form builder :). Makes writing a page as east as 1 2 3! I'm getting there... But it works better for me if I understand how it all works before I try and write software to automate it :) -- Jason Pruim japr...@raoset.com 616.399.2355
Re: [PHP] Re: RewriteRules
On Jan 13, 2009, at 1:29 PM, Eric Butera wrote: On Tue, Jan 13, 2009 at 1:14 PM, Jason Pruim japr...@raoset.com wrote: On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: At 2:33 PM + 1/13/09, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: Jason: In addition to what everyone else has said, try this: $self = basename($_SERVER['SCRIPT_NAME']) I use it for forms -- you might find it useful. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http:// earthstones.com No need to use it on forms, as leaving the action attribute empty means the form sends to itself anyway. Ash Ash: That's what I've said for years, but (I think it was on this list, but too lazy to look) there was a concern that some browsers may not follow that default behavior. However, using what I provided will work regardless. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http:// earthstones.com I've not yet seen a browser that doesn't do this, and it's pretty old HTML really, so I don't see a reason why any new browsers wouldn't incorporate it. I prefer to be specific in my programming :) What I typically do with self submitting forms is: ?PHP $self = $_SERVER['PHP_SELF']; echo HTML form method=post action={$self} ... /form HTML; ? But to each his (Or her) own right? -- Jason Pruim japr...@raoset.com 616.399.2355 You know that's asking for xss, right? Not until just now But I'll be looking into that and changing it to something more secure very shortly. -- Jason Pruim japr...@raoset.com 616.399.2355
Re: [PHP] Re: RewriteRules
On Tue, Jan 13, 2009 at 1:32 PM, Jason Pruim japr...@raoset.com wrote: On Jan 13, 2009, at 1:29 PM, Eric Butera wrote: On Tue, Jan 13, 2009 at 1:14 PM, Jason Pruim japr...@raoset.com wrote: On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: At 2:33 PM + 1/13/09, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: Jason: In addition to what everyone else has said, try this: $self = basename($_SERVER['SCRIPT_NAME']) I use it for forms -- you might find it useful. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com No need to use it on forms, as leaving the action attribute empty means the form sends to itself anyway. Ash Ash: That's what I've said for years, but (I think it was on this list, but too lazy to look) there was a concern that some browsers may not follow that default behavior. However, using what I provided will work regardless. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com I've not yet seen a browser that doesn't do this, and it's pretty old HTML really, so I don't see a reason why any new browsers wouldn't incorporate it. I prefer to be specific in my programming :) What I typically do with self submitting forms is: ?PHP $self = $_SERVER['PHP_SELF']; echo HTML form method=post action={$self} ... /form HTML; ? But to each his (Or her) own right? -- Jason Pruim japr...@raoset.com 616.399.2355 You know that's asking for xss, right? Not until just now But I'll be looking into that and changing it to something more secure very shortly. -- Jason Pruim japr...@raoset.com 616.399.2355 This might help: http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RewriteRules
On Tue, 2009-01-13 at 13:28 -0500, Jason Pruim wrote: Wow, that's really low level... I haven't written a form tag in years. So then the question is begged... How do you write your forms? :) If there's a better way to do it I'm all ears! Other then using CSS... My HTML knowledge came from the 90's! :P I use my FormJinn engine... here's a login form as an example: ?php function createForm() { $formJinn = $this-getServiceRef( 'formJinn' ); $trans = $this-getServiceRef( 'translation' ); // // // Some pre-handling. // // // // // Set up data for options. // // // // // Setup form criteria. // // $fields = array(); $values = array(); $preProcessors = array(); $validators = array(); $postProcessors = array(); $fields['username'] = 'text'; $fields['password'] = 'password'; $fields['redirect'] = 'hidden'; $fields['continue'] = 'submit'; // // // Preset values. // // $redirect = trim( (string)$this-getHttpGetVar( 'redirect' ) ); if( $redirect ) { $values['redirect'] = $redirect; } // // // Field widget attributes. // // $widgetAtts = array ( 'username' = array ( ), 'password' = array ( 'secure' = true, ), 'continue' = array ( 'label' = $trans-get( 'Login' ), ), ); // // // Widgets for which a breakdown of elements is desired. // // $widgetElements = array(); // // // Field value validators. // // $validators = array ( 'username' = array ( array ( 'type' = 'mandatory', 'errorMessage' = $trans-expand( '[!Required][!:] [!email address]' ), ), ), 'password' = array ( array ( 'type' = 'mandatory', 'errorMessage' = $trans-expand( '[!Required][!:] [!password]' ), ), ), ); // // // Form handlers. // // $processHandler = array ( array ( 'type' = 'custom', 'source' = 'MyProject/modules/auth/controller.php', 'method' = 'processLoginSubmission', ), ); // // // Generate the form using formJinn. // // $criteria = array ( 'formInfo' = array ( 'name' = $this-formName, 'actionUrl' = $this-actionUrl, 'finalize' = $processHandler, 'aggregateFields' = 'redirect', ), 'fieldInfo' = array ( 'fields'= $fields, 'values'= $values, 'clearValues' = true, 'preProcessors' = $preProcessors, 'validators'= $validators, 'postProcessors'= $postProcessors, 'widgetAtts'= $widgetAtts, 'widgetElements'= $widgetElements, ), ); $this-slices
Re: [PHP] Re: RewriteRules
On Tue, 2009-01-13 at 13:29 -0500, Eric Butera wrote: On Tue, Jan 13, 2009 at 1:14 PM, Jason Pruim japr...@raoset.com wrote: On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: At 2:33 PM + 1/13/09, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: Jason: In addition to what everyone else has said, try this: $self = basename($_SERVER['SCRIPT_NAME']) I use it for forms -- you might find it useful. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com No need to use it on forms, as leaving the action attribute empty means the form sends to itself anyway. Ash Ash: That's what I've said for years, but (I think it was on this list, but too lazy to look) there was a concern that some browsers may not follow that default behavior. However, using what I provided will work regardless. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com I've not yet seen a browser that doesn't do this, and it's pretty old HTML really, so I don't see a reason why any new browsers wouldn't incorporate it. I prefer to be specific in my programming :) What I typically do with self submitting forms is: ?PHP $self = $_SERVER['PHP_SELF']; echo HTML form method=post action={$self} ... /form HTML; ? But to each his (Or her) own right? -- Jason Pruim japr...@raoset.com 616.399.2355 You know that's asking for xss, right? How would you go about XSS on this? As I see it, you'd need register_globals on for that to work. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: RewriteRules
On Tue, Jan 13, 2009 at 5:27 PM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Tue, 2009-01-13 at 13:29 -0500, Eric Butera wrote: On Tue, Jan 13, 2009 at 1:14 PM, Jason Pruim japr...@raoset.com wrote: On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:33 -0500, tedd wrote: At 2:33 PM + 1/13/09, Ashley Sheridan wrote: On Tue, 2009-01-13 at 09:20 -0500, tedd wrote: Jason: In addition to what everyone else has said, try this: $self = basename($_SERVER['SCRIPT_NAME']) I use it for forms -- you might find it useful. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com No need to use it on forms, as leaving the action attribute empty means the form sends to itself anyway. Ash Ash: That's what I've said for years, but (I think it was on this list, but too lazy to look) there was a concern that some browsers may not follow that default behavior. However, using what I provided will work regardless. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com I've not yet seen a browser that doesn't do this, and it's pretty old HTML really, so I don't see a reason why any new browsers wouldn't incorporate it. I prefer to be specific in my programming :) What I typically do with self submitting forms is: ?PHP $self = $_SERVER['PHP_SELF']; echo HTML form method=post action={$self} ... /form HTML; ? But to each his (Or her) own right? -- Jason Pruim japr...@raoset.com 616.399.2355 You know that's asking for xss, right? How would you go about XSS on this? As I see it, you'd need register_globals on for that to work. Ash www.ashleysheridan.co.uk Read the examples in the link I provided. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php