Re: [PHP] using disable_functions silently

Unfortunately we would need a solution without changing the PHP code of our users. No way to do that? Regards, Samy Chris schrieb: Samuel Vogel wrote: I would like to know, if there is any way, to use disable_functions silently. We are running an shared hosting environment and therefore forbi

RE: [PHP] Re: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

> -Original Message- > From: mike [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 22, 2007 6:22 PM > On 8/22/07, Chris <[EMAIL PROTECTED]> wrote: > > I'm agreeing with the ideas behind Grasp & Suhosin - I'm just > > disagreeing with Daevid's comment about them only being for 'newbie

[PHP] Upload and resize file

I downloaded this 'upload and resize image' script, and since I have no idea what I am looking at as this is something I have never done, could someone have a look and see what the problem might be. I've been searching around but haven't come across anything that makes any sense yet. When a pictu

Re: [PHP] Re: Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

On 8/22/07, Chris <[EMAIL PROTECTED]> wrote: > I'm agreeing with the ideas behind Grasp & Suhosin - I'm just > disagreeing with Daevid's comment about them only being for 'newbie' > installations. oh, most definately. i consider myself a very tight coder - but i'd prefer to have them in my PHP ins

Re: [PHP] Re: Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

mike wrote: On 8/22/07, Chris <[EMAIL PROTECTED]> wrote: That's a completely wrong assumption. PhpBB has had a lot of vulnerabilities in the past, as has php-nuke and other popular packages. They've been around for years and not written by newbie's as far as I know - but I don't have any link t

Re: [PHP] Re: Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

On 8/22/07, Chris <[EMAIL PROTECTED]> wrote: > That's a completely wrong assumption. PhpBB has had a lot of > vulnerabilities in the past, as has php-nuke and other popular packages. > > They've been around for years and not written by newbie's as far as I > know - but I don't have any link to eith

Re: [PHP] Recompiling PHP with mssql

Liz Kim wrote: Hi, I am trying to install Microsoft SQL server functions to PHP 4.3.9 on redhat. When PHP was first installed, it was not configured to include the MSSQL functions. I would like to only add these functions and not touch what is already there... There could be a php-mssql packag

Re: [PHP] Re: Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

Daevid Vincent wrote: -Original Message- From: mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 22, 2007 1:32 PM I thing a good FAQ entry would be how this patch fits in with Suhosin and what are the comparable/conflicting concepts, are they compatible with each other etc.

Re: [PHP] using disable_functions silently

Samuel Vogel wrote: I would like to know, if there is any way, to use disable_functions silently. We are running an shared hosting environment and therefore forbid the use of exec() etc. Many of our users, just seem to be to dumb to comment out exec() in phpBB etc. Since removing the exec()-c

[PHP] Recompiling PHP with mssql

Hi, I am trying to install Microsoft SQL server functions to PHP 4.3.9 on redhat. When PHP was first installed, it was not configured to include the MSSQL functions. I would like to only add these functions and not touch what is already there... How do I proceed? Any help would be greatly apprecia

Re: [PHP] Re: Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

On 8/22/07, M. Sokolewicz <[EMAIL PROTECTED]> wrote: > because such options slow down the execution of every PHP script, even > though "disabled". compile time options wouldn't be much of a slowdown. and in my mind, with CPU power being quite cheap, i could see it being more valuable to have more

RE: [PHP] Re: Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

> -Original Message- > From: mike [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 22, 2007 1:32 PM > > > I thing a good FAQ entry would be how this patch fits in > with Suhosin > > and what are the comparable/conflicting concepts, are they > compatible > > with each other etc. > > >

Re: [PHP] Re: Table shows even when if () is false

On 22/08/07, M. Sokolewicz <[EMAIL PROTECTED]> wrote: > > I'm pretty sure > if(!empty($result_deferred_comments)) { > > does something else than you think it does. > $result_deferred_comments = mssql_query($deferred_comments) or > die(mssql_error()); > > if it fetches any rows it will return a RESO

Re: [PHP] Table shows even when if () is false

Ah, I see. Changed and working. Thanks Jay! On 8/22/07, Jay Blanchard <[EMAIL PROTECTED]> wrote: > > [snip] > [snip] > $deferred_comments= "SELECT * FROM comments WHERE credit_card_id = > '$credit_card_id' AND request_type = 'D'"; > $result_deferred_comments = mssql_query($deferred_comments) or

Re: [PHP] Table shows even when if () is false

On 8/22/07, Dan Shirah <[EMAIL PROTECTED]> wrote: > From my understanding, if $result_deferred_comments is empty, than none of > the code below the if should be executed, correct? > > The actualy rows/columns that would contain the data do not appear, but I am > still seeing the "DEFERRED PAYMENT R

[PHP] Re: Table shows even when if () is false

I'm pretty sure if(!empty($result_deferred_comments)) { does something else than you think it does. $result_deferred_comments = mssql_query($deferred_comments) or die(mssql_error()); if it fetches any rows it will return a RESOURCE (yes, a resource which is NEVER empty()), if it has 0 rows, i

RE: [PHP] Table shows even when if () is false

[snip] [snip] $deferred_comments= "SELECT * FROM comments WHERE credit_card_id = '$credit_card_id' AND request_type = 'D'"; $result_deferred_comments = mssql_query($deferred_comments) or die(mssql_error()); if(!empty($result_deferred_comments)) { [/snip] $result_deferred_comments is not empty, a

RE: [PHP] Table shows even when if () is false

[snip] $deferred_comments= "SELECT * FROM comments WHERE credit_card_id = '$credit_card_id' AND request_type = 'D'"; $result_deferred_comments = mssql_query($deferred_comments) or die(mssql_error()); if(!empty($result_deferred_comments)) { [/snip] $result_deferred_comments is not empty, a query r

[PHP] Table shows even when if () is false

>From my understanding, if $result_deferred_comments is empty, than none of the code below the if should be executed, correct? The actualy rows/columns that would contain the data do not appear, but I am still seeing the "DEFERRED PAYMENT REQUEST COMMENTS" table. Is the only way to block out EVERY

Re: [PHP] Re: Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

mike wrote: I thing a good FAQ entry would be how this patch fits in with Suhosin and what are the comparable/conflicting concepts, are they compatible with each other etc. http://www.hardened-php.net/suhosin/a_feature_list.html Both systems are liable to appeal to the same sort of people so i

Re: [PHP] Re: Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

> I thing a good FAQ entry would be how this patch fits in with Suhosin > and what are the comparable/conflicting concepts, are they compatible > with each other etc. > > http://www.hardened-php.net/suhosin/a_feature_list.html > > > Both systems are liable to appeal to the same sort of people so it

Re: [PHP] Override parent class constants

I hate to disappoint you, but there's no real alternative. Same annoyance with get_class() and __CLASS__ always giving you the "class in which the call is defined" instead of the class which is actually being called when dealing with static methods. What you could do is define a protected static m

[PHP] Override parent class constants

Hello - I'm trying to find a (sane) way to, in an extended class, override the parent class's constants, something like the following (which doesn't actually work): class baseClass { const myBaseVar = "base value!"; protected $myVar; function __construct() { $this->myVar = self::myBa

[PHP] using disable_functions silently

I would like to know, if there is any way, to use disable_functions silently. We are running an shared hosting environment and therefore forbid the use of exec() etc. Many of our users, just seem to be to dumb to comment out exec() in phpBB etc. Since removing the exec()-calls works fine, is t

RE: [PHP] ptting the variable inside the input

Hi! You don't have to end your string when placing an array value. {} will tell the parser to interpret the text between as a variable. Try: echo ""; Jan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

Ezequiel Gutesman wrote: > CORE GRASP for PHP is a web-application protection software aimed at > detecting and blocking injection vulnerabilities and privacy violations. > As mentioned during its presentation at Black Hat USA 2007, GRASP is > being released as open source under the Apache 2.0 lice

RE: [PHP] ptting the variable inside the input

From: "Hulf" <[EMAIL PROTECTED]> This does not work echo $title=$row['title']; echo ""; Ta, R. I'll pull a Johnny Carson divining moment and say: Did you need the first 'echo'? Does $title need to be set? Try: $title=$row['title']; You missed a double quote after your backslash; the atte

RE: [PHP] mail() issue

try doing a trim($email) to remove any whitespace, just in case bastien> Date: Wed, 22 Aug 2007 08:27:36 -0400> From: [EMAIL PROTECTED]> To: [EMAIL PROTECTED]> CC: php-general@lists.php.net> Subject: Re: [PHP] mail() issue> > The "." (period) is simply the end of my sentance in the email.> > T

Re: [PHP] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

The correct URL is http://grasp.coresecurity.com Ezequiel Gutesman wrote: > CORE GRASP for PHP is a web-application protection software aimed at > detecting and blocking injection vulnerabilities and privacy violations. > As mentioned during its presentation at Black Hat USA 2007, GRASP is > bei

[PHP] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

CORE GRASP for PHP is a web-application protection software aimed at detecting and blocking injection vulnerabilities and privacy violations. As mentioned during its presentation at Black Hat USA 2007, GRASP is being released as open source under the Apache 2.0 license and can be obtained from http

[PHP] CURL problems posting data

Ave, We need to login to a client¹s website in order to feed some data to their database, using their forms. To automate it, I¹m trying to use Curl to login. This is their form: http://www.website.com/Login.aspx"; id="Form1"> I¹m not quite sure why their field names have a ³:² and what p

RE: [PHP] ptting the variable inside the input

[snip] [snip] echo $title=$row['title']; echo ""; [/snip] echo ""; You have to concatenate the value $title into the string [/snip] Actually don't have to do that, it was just one of the things that I thought of right off the top of my head. What is the result of echo $title=$row['title']; ?

[PHP] Re: ptting the variable inside the input

Hulf wrote: This does not work echo $title=$row['title']; echo ""; Ta, R. With my psychic powers I know it is because on line 20316 of file sdlhfdsbks.php you have a line that looks like bkdlnfblzdfng(); which has a huge typo! It should be bkdlnfblzdfnsdfdsfg(); instead! Ok, seriously n

Re: [PHP] ptting the variable inside the input

Hulf wrote: This does not work echo $title=$row['title']; echo ""; In what way does it "not work" and you do realise you're outputting $title on its own as well as the table row and input. This will appear above the table in most browsers since it's not actually part of the table. -Stut -

Re: [PHP] ptting the variable inside the input

Hulf wrote: This does not work echo $title=$row['title']; echo ""; In what way does it "not work" and you do realise you're outputting $title on its own as well as the table row and input. This will appear above the table in most browsers since it's not actually part of the table. -Stut -

RE: [PHP] ptting the variable inside the input

[snip] echo $title=$row['title']; echo ""; [/snip] echo ""; You have to concatenate the value $title into the string -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] ptting the variable inside the input

This does not work echo $title=$row['title']; echo ""; Ta, R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Outputting a PDF.

I have a pdfs saved in a database (created with pdflib). When I output them in firefox, it works just great everytime. But when I try in IE, it doesn't always work. I know, I know, it sounds like a browser issue, but here's the problem. I figured out that when I run session_start(), the pdf

RE: [PHP] export data of html table

Hi! I'm not quite sure if I got you right, but if you want a simple button to print the current web-page use the browsers built-in printing function. Just link to javascript:window.print(); to bring up the printing dialogue. Is this a simple html-table, or is it something special? Or render it int

Re: [PHP] mail() issue

Found the problem. At the very end of the include file was an extra break which was being pulled into the $user_email variable. Removed it and everything is working great now. Thanks so much! On 8/22/07, Edward Kay <[EMAIL PROTECTED]> wrote: > > > > -Original Message- > > From: Dan Shi

RE: [PHP] mail() issue

> -Original Message- > From: Dan Shirah [mailto:[EMAIL PROTECTED] > Sent: 22 August 2007 13:28 > To: Jay Blanchard > Cc: php-general > Subject: Re: [PHP] mail() issue > > > The "." (period) is simply the end of my sentance in the email. > > The "From" address is specified in the php.ini an

RE: [PHP] mail() issue

[snip] The "." (period) is simply the end of my sentance in the email.   The "From" address is specified in the php.ini and is fully qualified.   If I hard code the value of $to into the mail function it works fine.   $user_email = [EMAIL PROTECTED] $to = [EMAIL PROTECTED]   mail($to, $subject, $me

Re: [PHP] mail() issue

The "." (period) is simply the end of my sentance in the email. The "From" address is specified in the php.ini and is fully qualified. If I hard code the value of $to into the mail function it works fine. $user_email = [EMAIL PROTECTED] $to = [EMAIL PROTECTED] mail($to, $subject, $message); = P

RE: [PHP] mail() issue

[snip] PHP Warning: mail() [function.mail]: SMTP server response: 504 : Recipient address rejected: need fully-qualified address. The value of $user_email when it is echoed out above is [EMAIL PROTECTED] [/snip] Just a

[PHP] mail() issue

Hello All, I am having an issue with mail. include '../../Process/include/LDAP.php'; echo $user_email; $to = $user_email; $subject = 'Request Submitted Successfully!'; $message = "Congratulations!\nYour request has been successfully submitted.\nThis is an automated email, please do not reply."

[PHP] Soap .Net server & Php client Problem

i have a problem in nusoap, but there is no problem with the same code in php soap extension but my hosting provider is not allowing the php soap extension so i must use nusoap.. here is my .net soap service [WebMethod] public string Siparis(double FisTutar, double FisKdvTutari, double

Re: [PHP] LDAP

Hi, Have you tried in the php.ini to setup error_reporting to E_ALL and display error messages (display_errors = On) ? I had a similar problem 2 days ago and it was due to another mistake in my PHP code. But i did not get any error message or more precisely, i did not get any WARNING message. sin