Re: [PHP] Character encoding hell
> You say that in putty it is converted to a '?'? so, on linux, the file > name is no longer what you intended it to be, so wouldn't you then need > to call the file EXACTLY as it is on the linux server? I thought this too at first, but if I run htmlentites() on the filename it displays the  character so it must not have been lost completely, just encoded in a different way? I'm quite sure that the propblem with putty displaying it as a question mark is related to its display settings. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
> > Have you checked to see if that filename is what you think it is on the > > Linux server? > > The character is shown as a question mark in putty. I've tried > forcing a UTF-8 font to make sure it's not a rendering issue but it > didn't seem to make a difference. I'm not convinced the encoding > changed, though. You say that in putty it is converted to a '?'? so, on linux, the file name is no longer what you intended it to be, so wouldn't you then need to call the file EXACTLY as it is on the linux server? maybe storing a non-utf8 filename is not the way to go? it looks to me, that if the filename was fileÂ.pdf on windose, and is now file?.pdf on linux, no matter how much encoding you're going to do, you will never be able to reference the file on linux with fileÂ.pdf as it is now file?.pdf maybe i am just talking out my ass here... i have a tendency to do that once in a while :) side note: I had a script that was ported from windose to linux, and the guy who created it, used capitals in his file names, but referred to them in all lower case. windose and apache didn't care, it would just serve the page... ThisPage.php was the same as thispage.php... when we moved it to linux, non of the damned links worked...so we had to do a bunch of changes... Steve -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
On Tue, Oct 26, 2010 at 1:32 PM, Mari Masuda wrote:
>
> On Oct 26, 2010, at 10:10 AM, Marc Guay wrote:
>
>>> A windows server, or windows client to the same Linux server? I believe
>>> that this issue is starting to get a bit over my head, with the different
>>> operating systems involved and such.
>>
>> Windows server. This is over my head, too. I'm guessing that Windows
>> and Linux encode filenames differently and when I transferred the file
>> from one to the other, some kind of adjustment was made.
>>
>> Marc
>
> I think one way to do this is something like this (untested):
>
> 1. Put all of your files in some directory on the server.
>
> 2. Change your http://example.com/encoded-file-name.pdf";>my
> file to http://example.com/download-file.php?fileID=xxx";>my
> file where xxx is the urlencoded version of "encoded-file-name.pdf".
> (xxx could also be a fileID number if stored in a database.)
>
> 3. In download-file.php do something like this:
>
> $parent_directory = "/path/to/parent/directory/"; // can be in or out of web
> root
> if (file_exists($parent_directory . "encoded-file-name.pdf")) {
> $data = file_get_contents($parent_directory . "encoded-file-name.pdf");
> $file_name_with_french_chars = rawurldecode("encoded-file-name.pdf");
>
> header("Content-type: application/octet-stream");
> header("Content-disposition: Attachment;
> filename=\"$file_name_with_french_chars\""); // this line assigns the "nice"
> looking name as the file name
> echo $data;
> }
> ?>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
This approach is what I wanted to suggest as well. You can simulated a
db with an XML file if you wanted to and even assign the IDs as
numerical to make life really easy
--
Bastien
Cat, the other other white meat
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
> Where is the filename coming from? Is it hard-coded in the script or is your > script reading it from a directory listing? The filename is being read from the file via scandir(). File created on Windows, transferred to *nix. > Have you checked to see if that filename is what you think it is on the > Linux server? The character is shown as a question mark in putty. I've tried forcing a UTF-8 font to make sure it's not a rendering issue but it didn't seem to make a difference. I'm not convinced the encoding changed, though. > Was Apache the web server both times, or was iis used on windows? If it was, > look for any errant .htaccess files causing problems. Both are apache. > Lastly, what happens if you directly request that file from with the browser > itself, without php scripts in the equation. If I request the file directly from the Windows server, it opens Adobe Acrobat. If I request the same file directly from the Linux server, I get the 404 File Not Found. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
> I think one way to do this is something like this (untested): This is a good idea, but I'm stubborn and believe it can be solved without adding more code. Thanks, though, I'll probably end up using it once I've ruined every other possibility. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
Where is the filename coming from? Is it hard-coded in the script or is your script reading it from a directory listing? Have you checked to see if that filename is what you think it is on the Linux server? Was Apache the web server both times, or was iis used on windows? If it was, look for any errant .htaccess files causing problems. Lastly, what happens if you directly request that file from with the browser itself, without php scripts in the equation. Thanks, Ash http://www.ashleysheridan.co.uk - Reply message - From: "Marc Guay" Date: Tue, Oct 26, 2010 18:22 Subject: [PHP] Character encoding hell To: "a...@ashleysheridan.co.uk" Cc: "php-general" > Have you tried using the utf8 meta tag rather than using the htmlentities() > function? That should solve the first issue, as I reckon the problem lies > with the way your encoding the filename. The page is being encoded in UTF-8. Without htmlentities() the special character is displayed as a black triangle with a question mark in it. Does that indicate that the filename isn't being stored as UTF-8? > Lastly, have you made sure your php scripts are saved as utf8, as that can > sometimes solve some odd problems with character encoding. This didn't seem to change anything. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
On Oct 26, 2010, at 10:10 AM, Marc Guay wrote: >> A windows server, or windows client to the same Linux server? I believe that >> this issue is starting to get a bit over my head, with the different >> operating systems involved and such. > > Windows server. This is over my head, too. I'm guessing that Windows > and Linux encode filenames differently and when I transferred the file > from one to the other, some kind of adjustment was made. > > Marc I think one way to do this is something like this (untested): 1. Put all of your files in some directory on the server. 2. Change your http://example.com/encoded-file-name.pdf";>my file to http://example.com/download-file.php?fileID=xxx";>my file where xxx is the urlencoded version of "encoded-file-name.pdf". (xxx could also be a fileID number if stored in a database.) 3. In download-file.php do something like this: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
> Have you tried using the utf8 meta tag rather than using the htmlentities() > function? That should solve the first issue, as I reckon the problem lies > with the way your encoding the filename. The page is being encoded in UTF-8. Without htmlentities() the special character is displayed as a black triangle with a question mark in it. Does that indicate that the filename isn't being stored as UTF-8? > Lastly, have you made sure your php scripts are saved as utf8, as that can > sometimes solve some odd problems with character encoding. This didn't seem to change anything. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
Have you tried using the utf8 meta tag rather than using the htmlentities() function? That should solve the first issue, as I reckon the problem lies with the way your encoding the filename. Linux filesystems have far less limitations on filenames, so it could be that windows is doing something odd which coincides with what php is doing. I'm not at my machine right now to test, but you should be able to pass the filename in the url with url_encode and on the server convert it back with url_decode to give you the original filename back. Lastly, have you made sure your php scripts are saved as utf8, as that can sometimes solve some odd problems with character encoding. Thanks, Ash http://www.ashleysheridan.co.uk - Reply message - From: "Marc Guay" Date: Tue, Oct 26, 2010 18:00 Subject: [PHP] Character encoding hell To: "php-general" Again, if it helps, a link formatted in the same way to the same file links correctly on a windows machine. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
> A windows server, or windows client to the same Linux server? I believe that > this issue is starting to get a bit over my head, with the different > operating systems involved and such. Windows server. This is over my head, too. I'm guessing that Windows and Linux encode filenames differently and when I transferred the file from one to the other, some kind of adjustment was made. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
On Oct 26, 2010, at 12:00 PM, Marc Guay wrote: > Again, if it helps, a link formatted in the same way to the same file > links correctly on a windows machine. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > A windows server, or windows client to the same Linux server? I believe that this issue is starting to get a bit over my head, with the different operating systems involved and such. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
Again, if it helps, a link formatted in the same way to the same file links correctly on a windows machine. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
> If I am understanding correctly, you are referring to a HTML specific issue > where the HTML and browser configuration is displaying your characters > improperly? No, the browser is displaying the characters of the filename fine (using htmlentities converts the ? unknown character into an Â. The problem is with the link/href to the file with the special character in it's name. I get a 404 not found unless I rawurlencode the href, turning it into the rather unreadable "LE%20CH%C2T.pdf". -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
On Oct 26, 2010, at 11:38 AM, Marc Guay wrote: >> Are you using UTF-8? > > Could you be more specific? Do you mean in the browser/php header or > in the filesystem? I created the file on a Windows machine, > transferred them to a Linux machine, and the encoding of the page is > UTF-8. > > I just noticed a strange thing which might shed some light. If I just > run htmlentities() on the href, it shows this in the browser URL: > > LE CHÂT.pdf > > But the browser returns a "not found" error: > > LE%20CH%C3%82T.pdf > > It seems like the  character is being misunderstood as "Â" I apologize for the vagueness. I was referring to the browser/php header or a meta tag. Something to the effect of this quick copy paste from a site that uses accent marks and umlauts: If I am understanding correctly, you are referring to a HTML specific issue where the HTML and browser configuration is displaying your characters improperly?
Re: [PHP] Character encoding hell
> Are you using UTF-8? Could you be more specific? Do you mean in the browser/php header or in the filesystem? I created the file on a Windows machine, transferred them to a Linux machine, and the encoding of the page is UTF-8. I just noticed a strange thing which might shed some light. If I just run htmlentities() on the href, it shows this in the browser URL: LE CHÂT.pdf But the browser returns a "not found" error: LE%20CH%C3%82T.pdf It seems like the  character is being misunderstood as "Â" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reminder On Mailing List Rules
At 11:23 PM -0400 10/24/10, Paul M Foster wrote: On Fri, Oct 22, 2010 at 12:35:43PM -0400, tedd wrote: At 4:54 PM -0400 10/21/10, Marc Guay wrote: >Toilet seat. Up or down. Same thing? Sort of. No, everything down (seat and top) is the rule in my house. You should see how women often react when I tell them to put the top down -- it's like my dog hearing a high note. I used to do that just to aggravate women who hassled me about leaving the seat up. I've softened a bit in my old age, and no longer insist on it. Paul You sit down now? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
On Tue, 26 Oct 2010 11:56:17 -0400 Marc Guay wrote: > > I have a directory with a bunch of PDFs in it that my webpage displays > links to. All of the files have the french character  in them. The > operating system is Linux (I did not experience this problem on a > Windows machine). I don't want to type the display name of these files > twice and the website has no database capability If you are not constantly adding/changing the files there, you can use a csv file in place of a database. -- Simcha Younger -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Character encoding hell
On Oct 26, 2010, at 10:56 AM, Marc Guay wrote: > Hi folks, > > I've got a problem with character encoding that's threatening to kill > my little brain. Here we go: > > I have a directory with a bunch of PDFs in it that my webpage displays > links to. All of the files have the french character  in them. The > operating system is Linux (I did not experience this problem on a > Windows machine). I don't want to type the display name of these files > twice and the website has no database capability so it takes the > filename, rips off the extension, and runs htmlentities() on it before > displaying to the user. So far so good. Now to the anchor's href. > The only encoding method I found which creates a proper link to the > file is rawurlencode(), but the catch is that the filename isn't user > friendly at all. My question then is what is the best solution to > this problem? Ideally I would like the link to function and for the > filename to be readable. > > Any hope/help is appreciated. > > Marc > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > Are you using UTF-8? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Character encoding hell
Hi folks, I've got a problem with character encoding that's threatening to kill my little brain. Here we go: I have a directory with a bunch of PDFs in it that my webpage displays links to. All of the files have the french character  in them. The operating system is Linux (I did not experience this problem on a Windows machine). I don't want to type the display name of these files twice and the website has no database capability so it takes the filename, rips off the extension, and runs htmlentities() on it before displaying to the user. So far so good. Now to the anchor's href. The only encoding method I found which creates a proper link to the file is rawurlencode(), but the catch is that the filename isn't user friendly at all. My question then is what is the best solution to this problem? Ideally I would like the link to function and for the filename to be readable. Any hope/help is appreciated. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Check for existence of mail address
On Oct 26, 2010, at 9:28 AM, Bob McConnell wrote: > From: TR Shaw > >> On Oct 25, 2010, at 6:46 PM, Daniel P. Brown wrote: >>> On Mon, Oct 25, 2010 at 18:38, wrote: Is there any other function which checks whether this address really exists? >>> >>> Of course not! Can you imagine the implications, insecurities, >>> and privacy concerns that would be associated with that? Some >>> mailservers will confirm or deny if a local address exists, but not >>> most --- thankfully. > >> Not true or else you would never get mail. > > Of course it's true. Most servers will accept any email sent to a valid > domain name, then silently discard all messages that don't have valid > user names, expecting that set to be mostly SPAM. This created a new > problem where the legitimate senders no longer know when their mail > didn't get delivered due to a typo in the address. I don't know about most. If any well respected business did that they wouldn't stay in business long. Most servers disable VRFY and users who use spam assassin may trash mail that should have been rejected. Its the owner of the mailserver's call. Except on a spam trap domain, I would never accept mail for invalid users as it is a disservice to my clients and their domain's reputation to their users/clients. Accepting all and discarding it certainly isn't out of the box default behavior nor is it in MAAWG's BCP's nor others either. Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Check for existence of mail address
On Oct 26, 2010, at 8:49 AM, TR Shaw wrote:
> On Oct 25, 2010, at 6:38 PM, web...@blaettner.com wrote:
>
>> Hi, folks,
>>
>> I'm wondering how to checking existence of a given
>> mail address like f...@bar.com .
>>
>> At 1st I tried:
>>
>> if f (filter_var ($maddr, FILTER_VALIDATE_EMAIL) === false) {
>> /* some sort of error handling code here */
>> }
>>
>> where $maddr is the address to be checked.
>> But this checks only syntax.. :-(
>>
>> Is there any other function which checks whether this
>> address really exists?
>>
>> And, of course, I want to avoid sending a test mail just
>> for checking :-)
>>
>> Many THX in advance for suggestions, pointers...
>>
>
> Rolf,
>
> Since most mailservers have disabled VRFY long ago due to spammers and other
> miscreants.
>
> Easiest way is to use class.smtp.php form phpmailer using the following:
>
> $smtp = new SMTP
> if (empty($smtp->Connect())) return false;// Connect failure
> if (empty($smtp->Hello("yourmailerver.com")) return false;//Maybe not a
> mailserve
> if(empty($smtp->Recipient($to))) return false;//No such user
> $smtp->Close(); // Found user so abort transaction.
> return true;
>
> Tom
>
>
PS I didn't cover greylisting in the above.
PPS But why? If you are running a mailing list you need to generate different
mail froms and deal with rejections that way . It is spammy if you try to use
the above to clean a list and will probably cause you to be black listed. I
know I set my server list blacklist too many of these.
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: objects and $_SESSION access control
Lorenzo Marussi wrote:
hi List,
I have written a library of php classes to manage database objects.
So my application now access to this library instead of accessing
directly to the database.
Now, I need to add an access control to my classes, like a check to a
$_SESSION variable.
A solution can be add this lines in first rows in every method:
" session_start();if(!isset($_SESSION['user'])) { return 999; } "
ex:
class sysAccess{
.
function getName()
{
session_start();if(!isset($_SESSION['user'])) { return
999; }
..
}
}
In this way, I am sure that only trusted users have an access to the
methods.
But, If I forget to "protect" a single method, there will be a serious
vulnerability ..and this task will be long (and boring..)
Is there a better solution to protect access to publics object's methods
only to granted accounts?
I'm missing something here, how would a user (I assume a of website)
manage to run methods on classes which are part of server side code?
Regardless of your answer to the above question, this all points to
something being wrong in the architecture of the application - perhaps
if you give more details (show us the interfaces, the code, or PHP doc
the system to expose the API) we could help find where the problems are.
Best,
Nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Check for existence of mail address
On Tue, Oct 26, 2010 at 08:49, TR Shaw wrote: > > On Oct 25, 2010, at 6:46 PM, Daniel P. Brown wrote: >> >> Of course not! Can you imagine the implications, insecurities, >> and privacy concerns that would be associated with that? Some >> mailservers will confirm or deny if a local address exists, but not >> most --- thankfully. > Not true or else you would never get mail. What you mean is that most > mailservers have VRFY disabled Read what I said before saying it's not true: "Some mailservers will confirm or deny if a local address exists, but not most." Believe me, I know what I mean. (No matter how surprising that may seem. ;-P) -- Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Check for existence of mail address
From: TR Shaw > On Oct 25, 2010, at 6:46 PM, Daniel P. Brown wrote: >> On Mon, Oct 25, 2010 at 18:38, wrote: >>> >>> Is there any other function which checks whether this >>> address really exists? >> >>Of course not! Can you imagine the implications, insecurities, >> and privacy concerns that would be associated with that? Some >> mailservers will confirm or deny if a local address exists, but not >> most --- thankfully. > Not true or else you would never get mail. Of course it's true. Most servers will accept any email sent to a valid domain name, then silently discard all messages that don't have valid user names, expecting that set to be mostly SPAM. This created a new problem where the legitimate senders no longer know when their mail didn't get delivered due to a typo in the address. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Check for existence of mail address
On Oct 25, 2010, at 6:38 PM, web...@blaettner.com wrote:
> Hi, folks,
>
> I'm wondering how to checking existence of a given
> mail address like f...@bar.com .
>
> At 1st I tried:
>
> if f (filter_var ($maddr, FILTER_VALIDATE_EMAIL) === false) {
>/* some sort of error handling code here */
> }
>
> where $maddr is the address to be checked.
> But this checks only syntax.. :-(
>
> Is there any other function which checks whether this
> address really exists?
>
> And, of course, I want to avoid sending a test mail just
> for checking :-)
>
> Many THX in advance for suggestions, pointers...
>
Rolf,
Since most mailservers have disabled VRFY long ago due to spammers and other
miscreants.
Easiest way is to use class.smtp.php form phpmailer using the following:
$smtp = new SMTP
if (empty($smtp->Connect())) return false; // Connect failure
if (empty($smtp->Hello("yourmailerver.com")) return false; //Maybe not a
mailserve
if(empty($smtp->Recipient($to))) return false; //No such user
$smtp->Close(); // Found user so abort transaction.
return true;
Tom
Re: [PHP] Check for existence of mail address
On Oct 25, 2010, at 6:46 PM, Daniel P. Brown wrote: > On Mon, Oct 25, 2010 at 18:38, wrote: >> >> Is there any other function which checks whether this >> address really exists? > >Of course not! Can you imagine the implications, insecurities, > and privacy concerns that would be associated with that? Some > mailservers will confirm or deny if a local address exists, but not > most --- thankfully. Not true or else you would never get mail. What you mean is that most mailservers have VRFY disabled -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] objects and $_SESSION access control
hi List,
I have written a library of php classes to manage database objects.
So my application now access to this library instead of accessing
directly to the database.
Now, I need to add an access control to my classes, like a check to a
$_SESSION variable.
A solution can be add this lines in first rows in every method:
" session_start();if(!isset($_SESSION['user'])) { return 999; } "
ex:
class sysAccess{
.
function getName()
{
session_start();if(!isset($_SESSION['user'])) { return
999; }
..
}
}
In this way, I am sure that only trusted users have an access to the
methods.
But, If I forget to "protect" a single method, there will be a serious
vulnerability ..and this task will be long (and boring..)
Is there a better solution to protect access to publics object's methods
only to granted accounts?
Thanks in advance
Lorenzo Marussi
Re: [PHP] Re: Check for existence of mail address
Gary wrote: > Jonathan Tapicer wrote: >> You can use this class: >> http://www.webdigi.co.uk/blog/wp-content/uploads/2009/01/smtpvalidateclassphp.txt >> >> It may not work for some SMTPs. >> >> It uses the concepts explained here: >> http://www.webdigi.co.uk/blog/2009/how-to-check-if-an-email-address-exists-without-sending-an-email/ > > Please stop top-posting. > > The above idea is sound - it will work - but uses *others'* systems to > solve *your* problem, which is rude IMO. There is no other way. The SMTP protocol provides VRFY for exactly this purpose, but it is disabled on most servers. The closest approximation of "email address exists" is "MX will accept mail for it". -- Per Jessen, Zürich (5.4°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
