php-general Digest 12 Oct 2009 18:10:52 -0000 Issue 6387
php-general Digest 12 Oct 2009 18:10:52 - Issue 6387 Topics (messages 298849 through 298870): Re: security/deployment issue 298849 by: James McLean Re: Need unrounded precision 298850 by: Arno Kuhl 298851 by: Chetan Rane 298858 by: Diogo Neves 298862 by: Jaime Bozza 298865 by: Andrea Giammarchi 298866 by: Jaime Bozza 298868 by: Andrea Giammarchi 298869 by: Jaime Bozza Re: php exception handling 298852 by: kranthi VC9 x86 Non Thread Safe or VC9 x86 Thread Safe ? 298853 by: loki 298855 by: Tommy Pham Re: Insult my code! 298854 by: David Otton Re: How do YOU set default function/method params? 298856 by: Stephan Ebelt 298857 by: David Otton Wrighting to $_POST array 298859 by: hessiess.hessiess.com 298860 by: Jay Ess 298861 by: Jim Lucas 298863 by: Andrea Giammarchi exec() confused by a specially crafted string 298864 by: Soner Tari 298867 by: Jonathan Tapicer 298870 by: Soner Tari Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- On Mon, Oct 12, 2009 at 4:06 PM, Augusto Flavio afla...@gmail.com wrote: i have a doubt about my security and deployment methods. Today i manage several projects and these projects are versioned with subversion. My environment is something like this: 1. The developer make some update in the source code of a project. (from your IDE, generally netbeans) 2. The developer commit the modifications to the subversion server after test it(sure). 3. The project manager sync the files from the dev server to the prod server(using rsync). Sounds mostly fine. I assume you have other testing going on before deployment to production, though. Well, my questions are 2. All about the rsync: 1. For each project we have a ssh user that is used to sync the files(source code) to the prod server. The problem that i see here is that for each project i need to have a ssh account to sync these files. This is not so cool because i need to have severals actived ssh accounts in my prod server. I'm thinking about the root account to do this work. Is this a good practice? The root account is not a very good idea for this. You could create a 'service' account that is used exclusively for transferring the files to the server. To allow this user access to the various source directories you can use something like ACL's or perhaps even regular UNIX file permissions may work if your needs aren't very complex. 2. Does have some another way, more better than the rsync for this deployment issue? Rsync should work fine, but personally I like to see exactly which changes are being deployed especially when deploying to production. While I realise this recommendation is not Open Source software, I have found it to be an excellent piece of software for this task. I use Beyond Compare which has the ability to connect over SFTP or SCP as well as regular FTP. It allows you to 'diff' the files as you go and view exact changes and you can transfer only the changes you want or whole files if you choose to. I would not be surprised if an Open Source equivalent exists. Cheers, James ---End Message--- ---BeginMessage--- -Original Message- From: Andre Dubuc [mailto:aajdu...@webhart.net] Sent: 02 January 2010 03:20 AM To: php-gene...@lists.php.net Subject: [PHP] Need unrounded precision Hi, I need to extract the first digit after the decimal point from a number such as 28.56018, which should be '5'. I've tried a few methods to accomplish this. If I use 'ini_set' I would need to know the number of digits before the decimal (which, unfortunately, I would not have access to). Then I've tried: ?php $elapsed = 28.56018; $digit = round($elapsed, 1); // rounds result is '6' $digit = number_format($elapsed, 1); // still rounds result to '6' ? What I need is only the first digit after the decimal -- all the rest could be 'chopped' or discarded but without rounding the first digit after the decimal point. Is there any way of doing this? I'm stumped. Tia, Andre -- One way that should work regardless the number of digits before/after the decimal is: - convert to string (sprintf or typecast) - strpos the decimal - grab the char from the next position Cheers Arno ---End Message--- ---BeginMessage--- May be this will work $elapsed = 28.56018; $elapsed_rel = (int) 28.56018; $elapsed_deci = $elapsed - $elapsed_rel; $deci = ((int) ($elapsed_deci * 10))/10; $final = $elapsed_rel + $deci; With regards, Chetan Dattaram Rane | Software Engineer | Persistent Systems chetan_r...@persistent.co.in
RE: [PHP] Need unrounded precision
-Original Message- From: Andre Dubuc [mailto:aajdu...@webhart.net] Sent: 02 January 2010 03:20 AM To: php-general@lists.php.net Subject: [PHP] Need unrounded precision Hi, I need to extract the first digit after the decimal point from a number such as 28.56018, which should be '5'. I've tried a few methods to accomplish this. If I use 'ini_set' I would need to know the number of digits before the decimal (which, unfortunately, I would not have access to). Then I've tried: ?php $elapsed = 28.56018; $digit = round($elapsed, 1); // rounds result is '6' $digit = number_format($elapsed, 1); // still rounds result to '6' ? What I need is only the first digit after the decimal -- all the rest could be 'chopped' or discarded but without rounding the first digit after the decimal point. Is there any way of doing this? I'm stumped. Tia, Andre -- One way that should work regardless the number of digits before/after the decimal is: - convert to string (sprintf or typecast) - strpos the decimal - grab the char from the next position Cheers Arno -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need unrounded precision
May be this will work $elapsed = 28.56018; $elapsed_rel = (int) 28.56018; $elapsed_deci = $elapsed - $elapsed_rel; $deci = ((int) ($elapsed_deci * 10))/10; $final = $elapsed_rel + $deci; With regards, Chetan Dattaram Rane | Software Engineer | Persistent Systems chetan_r...@persistent.co.in | Cell: +91 9766646714 | Tel: +91 (0832) 30 79228 Innovation in software product design, development and delivery- www.persistentsys.com -Original Message- From: Arno Kuhl [mailto:ak...@telkomsa.net] Sent: Monday, October 12, 2009 12:07 PM To: 'Andre Dubuc'; php-general@lists.php.net Subject: RE: [PHP] Need unrounded precision -Original Message- From: Andre Dubuc [mailto:aajdu...@webhart.net] Sent: 02 January 2010 03:20 AM To: php-general@lists.php.net Subject: [PHP] Need unrounded precision Hi, I need to extract the first digit after the decimal point from a number such as 28.56018, which should be '5'. I've tried a few methods to accomplish this. If I use 'ini_set' I would need to know the number of digits before the decimal (which, unfortunately, I would not have access to). Then I've tried: ?php $elapsed = 28.56018; $digit = round($elapsed, 1); // rounds result is '6' $digit = number_format($elapsed, 1); // still rounds result to '6' ? What I need is only the first digit after the decimal -- all the rest could be 'chopped' or discarded but without rounding the first digit after the decimal point. Is there any way of doing this? I'm stumped. Tia, Andre -- One way that should work regardless the number of digits before/after the decimal is: - convert to string (sprintf or typecast) - strpos the decimal - grab the char from the next position Cheers Arno -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: php exception handling
cant http://us3.php.net/manual/en/function.set-exception-handler.php be used ?
?php
function exception_handler($e) {
//mail('to', 'exception', $e-getMessage());
}
set_exception_handler('exception_handler');
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] VC9 x86 Non Thread Safe or VC9 x86 Thread Safe ?
Hello, We use Php-cgi.exe as FastCGI with our own custom WebServer on Windows Server What to choose, VC9 x86 Non Thread Safe or VC9 x86 Thread Safe ? We have these enviroment variable : PHP_FCGI_CHILDREN: 8 Thanks you by advance stephane -- Http://www.arkadia.com/fra/ Http://www.arkadia.com/usa/ Http://www.arkadia.com/rus/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Insult my code!
2009/10/11 Eric Bauman baum...@livejournal.dk:
As before, please feel free to insult my code. ;-) Any and all feedback is
of course most appreciated.
I know you're more concerned with structure, but your checkInt()
method is arguably buggy/has an un-noted assumption. It accepts ints
formatted as ints and strings, but not floats:
?php
require_once 'PHPUnit/Framework/TestCase.php';
require_once 'BankModel.php';
class BankModelTest extends PHPUnit_Framework_TestCase
{
function testSetBalanceAcceptsInts()
{
$fixture = new BankModel();
$int = 1351236;
$this-assertNull( $fixture-setBalance($int) );
}
function testSetBalanceAcceptsFloats()
{
$fixture = new BankModel();
$float = (float)1351236;
$this-assertNull( $fixture-setBalance($float) );
}
function testSetBalanceAcceptsStrings()
{
$fixture = new BankModel();
$string = (string)1351236;
$this-assertNull( $fixture-setBalance($string) );
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] VC9 x86 Non Thread Safe or VC9 x86 Thread Safe ?
- Original Message From: loki loki5100-newsgr...@yahoo.fr To: php-general@lists.php.net Sent: Mon, October 12, 2009 3:13:41 AM Subject: [PHP] VC9 x86 Non Thread Safe or VC9 x86 Thread Safe ? Hello, We use Php-cgi.exe as FastCGI with our own custom WebServer on Windows Server What to choose, VC9 x86 Non Thread Safe or VC9 x86 Thread Safe ? We have these enviroment variable : PHP_FCGI_CHILDREN: 8 Thanks you by advance stephane -- Http://www.arkadia.com/fra/ Http://www.arkadia.com/usa/ Http://www.arkadia.com/rus/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Stephane, If my memory serves, use NTS. Regards, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How do YOU set default function/method params?
On Sun, Oct 11, 2009 at 01:17:00PM -0700, Jim Lucas wrote:
Stephan Ebelt wrote:
On Mon, Oct 05, 2009 at 05:48:32PM -0700, Jim Lucas wrote:
Here is a problem that I have had for years now. I have been trying to
come up
with the perfect solution for this problem. But, I have come down to two
different methods for solving it.
Here is the problem...
[...]
Now, we all have a function or method like this floating around somewhere.
My question is, how do YOU go about setting the required entries of the
$headers
array() ?
[...]
END of examples...
Now, IMO, the last one is the simplest one and for me, I think it will be
the
new way that I solve this type of problem.
But, my question that I put out to all of you is...
How would you solve this problem?
I have use this array_merge() approach mentioned in other posts for
quite some time but found that it introduced many bugs when fieldnames
changed.
Ie. if the defaults come from a database table and I changed the schema it
caused undefined values during the merging and - worse - sometimes messed
up the
inner workings of functions...
Then I heard of the value object approach somewhere and found that much
more
solid. One would basically define a class where default values are
represented
by its properties. Ie:
class vo_email extends vo {
public $to = '';
public $from = '';
public $subject = '(no subject)';
public $body = '';
...
}
the constructor can make sure that absolutly necessary values are required
and
set properly - and could complain if something is not right. There could be
methods that add() or set() or change() things. These could also be
inherited
from a very generic class vo so that this stuff is written once and
applies
to all sorts of defaults in the program.
In my app the inherited constructor accepts arrays as parameter and assigns
their elements to the object properties and - by that - overwrites the
default
settings. If elements do not match with the defined properties it will
trigger
a very visible call trace.
A function like sendEmail() would then require a object of type vo_email as
parameter and would work with its properties internally and can rely on it
as
the vo's constructor should have catched anything bad.
If additional logic for the input values is required, it can be added
easily:
class dao_email extends vo_email {
...
public function encode_body() {
...
}
public function sanitize_mail_address() {
}
...
}
This is a very interesting approach. How would you initialize the class?
Using
a Singleton Method, or a Globally available class variable
as far as I understood/use it: I try to hardcode as many workable defaults in
the vo class as possible (ie. see $subject in the example). Then I create
objects
by passing result records from the database (arrays) to the constructor. That
either returns a object or crashes the application if something is wrong.
Optionally I can create objects without any passed-in parameter which will give
one with only the defaults set. Depending on the class' definition those may
have empty properties. These can be set by subsequent code like
$object-empty_property='bla'. This way its not much different than using plain
arrays except that its still an object which might have additional
functionality.
in the email example the constructor should probably refuse to return a object
unless $to and $from are given. I can't see much use without these two.
stephan
sendEmail() would then require a dao_email object (dao=data access object)
as
input.
stephan
TIA
Jim Lucas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How do YOU set default function/method params?
2009/10/12 Stephan Ebelt s...@shared-files.de: as far as I understood/use it: I try to hardcode as many workable defaults in the vo class as possible (ie. see $subject in the example). Then I create objects by passing result records from the database (arrays) to the constructor. That either returns a object or crashes the application if something is wrong. Optionally I can create objects without any passed-in parameter which will give one with only the defaults set. Depending on the class' definition those may Ok, I'm going to make a case against the use of default values hard-coded within the class here: a) Default values mean more code. The less code you have, the less bugs. Just strip the defaults out, and they'll never cause errors. b) Default values hide missing values. If a value gets mislaid during the build process, the class will still work, kinda, sortof, but it won't behave as expected. Better to exit loudly and let the build manager fix the missing value, rather than try to muddle through on partial data, and fail /really/ impressively further down the road. c) You should store all your config options in the same place. This is simply good practice - it makes life easier for anyone coming after you who knows that /everything/ is in one place. Zend_Config is a nice approach - the Config object parses an ini file, and you pass fragments of the config object to your class constructors. Eg: $conf = new Zend_Config_Ini( 'config/settings.ini', 'live' ); $db = Zend_Db::factory( $conf-application-databasesettings ); d) Default values lead to assumptions. MyClass assumes that DbClass connects to localhost if nothing is passed. This means that MyClass is relying on a feature of DbClass where it doesn't strictly have to, and DbClass is a little bit less of a black box. e) Defaults aren't. What makes sense on one machine (eg a default of 'localhost' for the db) may not make sense on another. Rather than tweak the class defaults to fit the local conditions every time you deploy it, and have dozens of slightly different versions hanging around, just be explicit and push the parameters in from outside. Comments welcome of course, but I've strayed off PHP and into OO design, here. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need unrounded precision
A simple way to do that would be: $elapsed = strval( 28.56018 ); $pos = strpos( $elapsed, '.' ); echo $elapsed[ ++$pos ]; On Sat, Jan 2, 2010 at 2:20 AM, Andre Dubuc aajdu...@webhart.net wrote: Hi, I need to extract the first digit after the decimal point from a number such as 28.56018, which should be '5'. I've tried a few methods to accomplish this. If I use 'ini_set' I would need to know the number of digits before the decimal (which, unfortunately, I would not have access to). Then I've tried: ?php $elapsed = 28.56018; $digit = round($elapsed, 1); // rounds result is '6' $digit = number_format($elapsed, 1); // still rounds result to '6' ? What I need is only the first digit after the decimal -- all the rest could be 'chopped' or discarded but without rounding the first digit after the decimal point. Is there any way of doing this? I'm stumped. Tia, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Thanks, Diogo Neves Web Developer @ SAPO.pt by PrimeIT.pt
[PHP] Wrighting to $_POST array
I have some code which will loop over the whole $_POST array, runs it
through mysql_real_escape_string and then writes it all back to the array
again, which seams to work. Are there any incompatibility problems or such
like with writing into the $_POST or $_GET array?
function clean_post()
{
$npost = array();
while ($value = current($_POST))
{
$key = key($_POST);
$npost += array($key = mysql_real_escape_string($value));
next($_POST);
}
$_POST = $npost;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Wrighting to $_POST array
hessi...@hessiess.com wrote:
I have some code which will loop over the whole $_POST array, runs it
through mysql_real_escape_string and then writes it all back to the array
again, which seams to work. Are there any incompatibility problems or such
like with writing into the $_POST or $_GET array?
function clean_post()
{
$npost = array();
while ($value = current($_POST))
{
$key = key($_POST);
$npost += array($key = mysql_real_escape_string($value));
next($_POST);
}
$_POST = $npost;
}
There could be problems when introducing slashes if you use other
peoples codes. But if this is for your own code it probably wont matter.
And here is a shorter version of your code :
foreach($_POST as $key=$val)
$_POST[$key] = mysql_real_escape_string($val);
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Wrighting to $_POST array
Jay Ess wrote:
hessi...@hessiess.com wrote:
I have some code which will loop over the whole $_POST array, runs it
through mysql_real_escape_string and then writes it all back to the array
again, which seams to work. Are there any incompatibility problems or
such
like with writing into the $_POST or $_GET array?
function clean_post()
{
$npost = array();
while ($value = current($_POST))
{
$key = key($_POST);
$npost += array($key = mysql_real_escape_string($value));
next($_POST);
}
$_POST = $npost;
}
There could be problems when introducing slashes if you use other
peoples codes. But if this is for your own code it probably wont matter.
And here is a shorter version of your code :
foreach($_POST as $key=$val)
$_POST[$key] = mysql_real_escape_string($val);
But, first, you need to use get_magic_quotes_gpc() to see if magic_quotes_gpc is
turned on. If so, you need to run stripslashes() on your variables before you
run the mysql_real_escape_string() on them.
if ( get_magic_quotes_gpc() ) {
$_POST = array_map('stripslashes', $_POST);
}
$_POST = array_map('mysql_real_escape_string', $_POST);
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Wrighting to $_POST array
But, first, you need to use get_magic_quotes_gpc() to see if magic_quotes_gpc
is
turned on. If so, you need to run stripslashes() on your variables before you
run the mysql_real_escape_string() on them.
if ( get_magic_quotes_gpc() ) {
$_POST = array_map('stripslashes', $_POST);
}
$_POST = array_map('mysql_real_escape_string', $_POST);
I would totally remove magic_quotes_gpc rather than this for each request:
if ( get_magic_quotes_gpc() ) {
$_GET = array_map('stripslashes', $_GET);
$_POST = array_map('stripslashes', $_POST);
// $_REQUEST = array_map('stripslashes', $_REQUEST);
$_COOKIES = array_map('stripslashes', $_COOKIES);
}
there is a reason if magic_quotes has been removed by PHP defaults since ages
Regards
_
Windows Live: Make it easier for your friends to see what you’re up to on
Facebook.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009
[PHP] exec() confused by a specially crafted string
When shell command returns a specially crafted string, I get an empty
array as $output of exec(), instead of the string. I can very easily
reproduce this issue as follows:
Put the following lines in bug.php:
?php
exec('php echostr.php', $output);
print_r($output);
echo \n;
?
Then put the following in echostr.php (the string is just one line
actually, new lines may be inserted by this mail agent, I provide a link
below):
?php
echo 'a:25:{i:0;a:4:{s:4:Date;s:6:Aug
7;s:4:Time;s:8:16:00:01;s:7:Process;s:16:newsyslog[23117];s:3:Log;s:19:logfile
turned over;}i:1;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:76:OpenVPN
2.1_rc18 x86_64-unknown-openbsd4.5 [SSL] [LZO1] built on Jun 26
2009;}i:2;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:102:NOTE:
OpenVPN 2.1 requires \'--script-security 2\' or higher to call user-defined
scripts or executables;}i:3;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:27:LZO
compression initialized;}i:4;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:63:Control
Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0
];}i:5;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:70:Data
Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1
];}i:6;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:39:Local
Options hash (VER=V4): \'41690919\';}i:7;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:49:Expected
Remote Options hash (VER=V4): \'530fdded\';}i:8;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:48:Socket
Buffers: R=[41600-65536] S=[9216-65536];}i:9;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:25:UDPv4
link local: [undef];}i:10;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:38:UDPv4
link remote: 81.215.105.114:1194;}i:11;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:98:TLS
Error: TLS key negotiation failed to occur within 60 seconds (check your
network connectivity);}i:12;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:31:TLS
Error: TLS handshake failed;}i:13;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:23:TCP/UDP:
Closing socket;}i:14;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:52:SIGUSR1[soft,tls-error]
received, process restarting;}i:15;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:26:Restart
pause, 2 second(s);}i:16;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:102:NOTE:
OpenVPN 2.1 requires \'--script-security 2\' or higher to call user-defined
scripts or executables;}i:17;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:24:Re-using
SSL/TLS context;}i:18;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:27:LZO
compression initialized;}i:19;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:63:Control
Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0
];}i:20;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:70:Data
Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1
];}i:21;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:39:Local
Options hash (VER=V4): \'41690919\';}i:22;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:49:Expected
Remote Options hash (VER=V4): \'530fdded\';}i:23;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:48:Socket
Buffers: R=[41600-65536] S=[9216-65536];}i:24;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:25:UDPv4
link local: [undef];}}';
?
When you execute bug.php, you will get an empty array printed out:
Array
(
)
But actually, $output should have contained the string above as element
0 of the array.
If you delete or add a character in the string, exec() runs
correctly and you get the intended result. So the issue is specific to
this special string. You can download echostr.php contents at this link:
http://comixwall.org/dmdocuments/echostr
The problem is not with the size of the string, because much longer
strings are fine.
Also this issue does *not* exists with passthru(), shell_exec()
functions and backtick operator. Furthermore, exec() return value, i.e.
the last line of shell command output seems fine too (it contains the
string correctly). So I believe the issue is internal to exec(),
effecting $output
Re: [PHP] exec() confused by a specially crafted string
Confirmed, it also happens to me on Linux, PHP version:
PHP 5.2.4-2ubuntu5.7 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 21
2009 19:52:39)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
And adding a single character to the echoed string makes it work fine,
seems like a bug to me.
Regards,
Jonathan
On Mon, Oct 12, 2009 at 1:10 PM, Soner Tari so...@comixwall.org wrote:
When shell command returns a specially crafted string, I get an empty
array as $output of exec(), instead of the string. I can very easily
reproduce this issue as follows:
Put the following lines in bug.php:
?php
exec('php echostr.php', $output);
print_r($output);
echo \n;
?
Then put the following in echostr.php (the string is just one line
actually, new lines may be inserted by this mail agent, I provide a link
below):
?php
echo 'a:25:{i:0;a:4:{s:4:Date;s:6:Aug
7;s:4:Time;s:8:16:00:01;s:7:Process;s:16:newsyslog[23117];s:3:Log;s:19:logfile
turned over;}i:1;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:76:OpenVPN
2.1_rc18 x86_64-unknown-openbsd4.5 [SSL] [LZO1] built on Jun 26
2009;}i:2;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:102:NOTE:
OpenVPN 2.1 requires \'--script-security 2\' or higher to call user-defined
scripts or executables;}i:3;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:27:LZO
compression initialized;}i:4;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:63:Control
Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0
];}i:5;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:70:Data
Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1
];}i:6;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:39:Local
Options hash (VER=V4): \'41690919\';}i:7;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:12:openvpn[226];s:3:Log;s:49:Expected
Remote Options hash (VER=V4): \'530fdded\';}i:8;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:48:Socket
Buffers: R=[41600-65536] S=[9216-65536];}i:9;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:25:UDPv4
link local: [undef];}i:10;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:43:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:38:UDPv4
link remote: 81.215.105.114:1194;}i:11;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:98:TLS
Error: TLS key negotiation failed to occur within 60 seconds (check your
network connectivity);}i:12;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:31:TLS
Error: TLS handshake failed;}i:13;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:23:TCP/UDP:
Closing socket;}i:14;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:52:SIGUSR1[soft,tls-error]
received, process restarting;}i:15;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:55;s:7:Process;s:14:openvpn[31938];s:3:Log;s:26:Restart
pause, 2 second(s);}i:16;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:102:NOTE:
OpenVPN 2.1 requires \'--script-security 2\' or higher to call user-defined
scripts or executables;}i:17;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:24:Re-using
SSL/TLS context;}i:18;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:27:LZO
compression initialized;}i:19;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:63:Control
Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0
];}i:20;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:70:Data
Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1
];}i:21;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:39:Local
Options hash (VER=V4): \'41690919\';}i:22;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:49:Expected
Remote Options hash (VER=V4): \'530fdded\';}i:23;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:48:Socket
Buffers: R=[41600-65536] S=[9216-65536];}i:24;a:4:{s:4:Date;s:6:Aug
10;s:4:Time;s:8:22:44:57;s:7:Process;s:14:openvpn[31938];s:3:Log;s:25:UDPv4
link local: [undef];}}';
?
When you execute bug.php, you will get an empty array printed out:
Array
(
)
But actually, $output should have contained the string above as element
0 of the array.
If you delete or add a character in the string, exec() runs
correctly and you get the intended result. So the issue
RE: [PHP] Need unrounded precision
Hmmm... Didn't think about this, but % only works with int values it was just future prof precaution since this statement is false for many other languages. In few words I am not sure PHP6 does the same ... never mind so far Regards _ Keep your friends updated—even when you’re not signed in. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010
RE: [PHP] Need unrounded precision
Hmmm... Didn't think about this, but % only works with int values it was just future prof precaution since this statement is false for many other languages. In few words I am not sure PHP6 does the same ... never mind so far Good to know. In that case, I would probably just use intval() instead of since it's clearer and bitwise shifts aren't necessarily integer only either. Jaime -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need unrounded precision
Couldn't this be done with just simple math functions? indeed: $a = 28.56018; $b = $a * 10 % 10 0; Regards _ Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail®. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009
RE: [PHP] Need unrounded precision
-Original Message- From: Diogo Neves [mailto:dafne...@gmail.com] Sent: Monday, October 12, 2009 9:19 AM To: Andre Dubuc Cc: php-general@lists.php.net Subject: Re: [PHP] Need unrounded precision A simple way to do that would be: $elapsed = strval( 28.56018 ); $pos = strpos( $elapsed, '.' ); echo $elapsed[ ++$pos ]; On Sat, Jan 2, 2010 at 2:20 AM, Andre Dubuc aajdu...@webhart.net wrote: Hi, I need to extract the first digit after the decimal point from a number such as 28.56018, which should be '5'. Couldn't this be done with just simple math functions? $a = 28.56018; $b = intval(($a*10)-(intval($a)*10)); or: $a = 28.56018; $b = intval(($a-intval($a))*10); Jaime -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need unrounded precision
Couldn't this be done with just simple math functions? indeed: $a = 28.56018; $b = $a * 10 % 10 0; Hmmm... Didn't think about this, but % only works with int values, so $b = $a * 10 % 10; Should work as well. Jaime -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] exec() confused by a specially crafted string
On Mon, 2009-10-12 at 13:21 -0300, Jonathan Tapicer wrote: Confirmed, it also happens to me on Linux, PHP version: PHP 5.2.4-2ubuntu5.7 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 21 2009 19:52:39) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies And adding a single character to the echoed string makes it work fine, seems like a bug to me. Thanks, filed the bug report: http://bugs.php.net/bug.php?id=49847 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How do YOU set default function/method params?
On Mon, Oct 12, 2009 at 01:44:56PM +0100, David Otton wrote: 2009/10/12 Stephan Ebelt s...@shared-files.de: as far as I understood/use it: I try to hardcode as many workable defaults in the vo class as possible (ie. see $subject in the example). Then I create objects by passing result records from the database (arrays) to the constructor. That either returns a object or crashes the application if something is wrong. Optionally I can create objects without any passed-in parameter which will give one with only the defaults set. Depending on the class' definition those may Ok, I'm going to make a case against the use of default values hard-coded within the class here: [...] I skip a) and b) for now as I mostly agree and first like to clarify... c) You should store all your config options in the same place. ... that I do not use this approach for global program config options. If this was the intent of the original question I may have mistaken it entirely. (I actually use constants for all on-site configurations and all are defined in one file, there aren't so many and they can't be modified at runtime (I think)). My primary objective for using VOs was to have very strict and clear definitions for data structures inside the program. Passing loosely defined arrays from function to function caused too many bugs in my code. Now things crash much earlier and I get to know problems quicker. (besides: phpdoc creates nice crosslinks that tell precisely what some method needs, no long parameter lists but thats also straying off). stephan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] exec() confused by a specially crafted string
On Mon, Oct 12, 2009 at 2:10 PM, Soner Tari so...@comixwall.org wrote: On Mon, 2009-10-12 at 13:21 -0300, Jonathan Tapicer wrote: Confirmed, it also happens to me on Linux, PHP version: PHP 5.2.4-2ubuntu5.7 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 21 2009 19:52:39) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies And adding a single character to the echoed string makes it work fine, seems like a bug to me. Thanks, filed the bug report: http://bugs.php.net/bug.php?id=49847 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Confirmed (again) here: PHP Version = 5.3.0 Build Date = Jul 1 2009 17:55:55 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need unrounded precision
bitwise right shift is probably the fastest cast to int so far ... still in many languages, intval is a function call being a cast in both cases (int) is good as well ... bitwise, casting, works with strings, arrays, boolean, whatever as well. I don't think there is any difference in php, except when the integer is too big ... but this was not the case, we had to deal with 1 to 10 :-) Regards From: jbo...@mindsites.com To: an_...@hotmail.com CC: php-general@lists.php.net Date: Mon, 12 Oct 2009 11:33:10 -0500 Subject: RE: [PHP] Need unrounded precision Hmmm... Didn't think about this, but % only works with int values it was just future prof precaution since this statement is false for many other languages. In few words I am not sure PHP6 does the same ... never mind so far Good to know. In that case, I would probably just use intval() instead of since it's clearer and bitwise shifts aren't necessarily integer only either. Jaime _ Windows Live: Make it easier for your friends to see what you’re up to on Facebook. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009
[PHP] libphp5.so rebuild required?
Hi, We are looking to upgrade php 5.2.1 to 5.2.8. Do we need to rebuild the libphp5.so also to detect the new version of underlying php or will the same old version of libphp5.so build for php 5.2.1, automatically detect a new underlying php installation? thanks
[PHP] How to bypass (pipe) curl_exec return value directly to a file?
Newbie question. I need to download a very large amount of xml data from a site using CURL. How to bypass (pipe) curl_exec return value directly to a file, without using memory allocation? set_time_limit(0); $ch = curl_init($siteURL); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $mixed = curl_exec($ch); How to set/pipe $mixed as a (disk) file, so that data returned by curl_exec is directly saved to the disk-file, and not involving memory allocation? Thank you. -PHP 5 -Windows XP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Insult my code!
On 12/10/2009 9:21 PM, David Otton wrote: 2009/10/11 Eric Baumanbaum...@livejournal.dk: As before, please feel free to insult my code. ;-) Any and all feedback is of course most appreciated. I know you're more concerned with structure, but your checkInt() method is arguably buggy/has an un-noted assumption. It accepts ints formatted as ints and strings, but not floats: *sigh* sometimes I really wish PHP allowed one to be a bit more heavy-handed with types (optional real type hinting would be nice). I guess I only ever worried about string (from DB) and int (internal call) as in my specific use I would never be passing a float. You make an excellent point however; I suppose in the interests of completeness, forward compatibility etc. I should take into account more possibilities. Perhaps I should just throw an exception in deposit() etc. if the argument isn't int and worry about converting elsewhere. Also thanks for the sample TestCase code! I've never really thought about unit testing in PHP, despite doing so in Java etc. Reading about PHPUnit brought me on to phpUnderControl - interesting stuff! Best regards, Eric -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
