Re: [PHP] translations for PHP app
On Mon, Sep 8, 2008 at 10:12 AM, Shawn McKenzie [EMAIL PROTECTED] wrote: Hi All, I'm looking for professional translations from English of the following: - admin.php lang file just under 150 PHP defines - user.php lang file just under 30 PHP defines - a javascript file with about 25 single word defines - about 19 PHP files with 2 defines in each Most defines are 1 or 2 words with a few being sentences. I need translations from English into the most common languages of my users: Spanish, French, Italian, Chinese, Indian, Russian. Also, anyone having expertise in other languages, I would love to have them, please contact me. I also have a 30+ page user guide for using my software. Many pages contain large graphics, but the English text I woul love to have translated. Of course I will pay. PayPal only. Thanks! -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Hi, I can do the Chinese tranlation. Both simplified and traditional. I've made Chinese translation of AbsoluteTelent. -- Regards, Wang Yi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: What font/size do you use for programming?
On Sat, Jul 12, 2008 at 12:40 AM, Eric Butera [EMAIL PROTECTED] wrote: On Thu, Jul 10, 2008 at 5:29 PM, Philip Thompson [EMAIL PROTECTED] wrote: On Jul 10, 2008, at 3:35 PM, Omar Noppe wrote: Is there any reason to pick a black background en white fonts in your editor (for example writability)? I think a black background is much easier on the eyes I use a big font on a black background because it doesn't strain my eyes as much. I started out with Monaco 9pt (or bitstream vera sans mono 9pt on linux) on white. Slowly though I kept getting more frequent headaches. Now I use black with big fonts and I'm fine. I have really good vision and all that, but just hours of coding will get to me. As a side bonus, using a bigger font also helps me adhere to wrapping at the 80 character margin too. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Consolas 14pt editplus on server 2008 -- Regards, Wang Yi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] phpinfo shows wrong value of post_max_size
Hi, These day I'm working around large file uploading. php runs on the windows server 2003. I changed the post_max_size value in the registry. Then phpinfo reports the value changed from 8M to 200M (local value. Master value stayed still 8M.). I think phpinfo should report that value as 8M, not 200M. So does ini_get. -- Regards, Wang Yi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good HTML parser needed
On 5/15/08, Eric Butera [EMAIL PROTECTED] wrote: On Wed, May 14, 2008 at 10:56 PM, Yi Wang [EMAIL PROTECTED] wrote: Can anyone provide some code that can't be stripped by strip_tags? On 5/15/08, Eric Butera [EMAIL PROTECTED] wrote: On Wed, May 14, 2008 at 11:38 AM, Robert Cummings [EMAIL PROTECTED] wrote: On Wed, 2008-05-14 at 11:18 -0400, Eric Butera wrote: On Tue, May 13, 2008 at 4:07 AM, James Dempster [EMAIL PROTECTED] wrote: http://htmlpurifier.org/ -- /James This is the only real solution. That depends... if I'm the webmaster and I want to input arbitrary HTML, then htmlpurifier is unnecessary. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP OP said users. Strip tags doesn't bother with tag attributes so that is a security hole. Any regex type solution will encounter the same set of issues. Htmlpurifier actually strips down and re-builds your html from the ground against a nice whitelist filtering system that you can customize to your needs. No nasty tags/attributes will get through unless you want them to. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Regards, Wang Yi I meant if you used the allow tags parameter. If you allow say the b tag, then you could say b key=value and it would pass right through. ?php $str = bhi/bb onMouseOver='alert(/xss/);'xss/b; echo raw:\n; var_dump($str); echo strip tags:\n; var_dump(strip_tags($str)); echo allow b:\n; var_dump(strip_tags($str, 'b')); ? raw: string 'bhi/bb onMouseOver='alert(/xss/);'xss/b' (length=47) strip tags: string 'hixss' (length=5) allow b: string 'bhi/bb onMouseOver='alert(/xss/);'xss/b' (length=47) Yes, you are right. I always used to involved plain text. Thanks! -- cheers, Yi Wang -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good HTML parser needed
Can anyone provide some code that can't be stripped by strip_tags? On 5/15/08, Eric Butera [EMAIL PROTECTED] wrote: On Wed, May 14, 2008 at 11:38 AM, Robert Cummings [EMAIL PROTECTED] wrote: On Wed, 2008-05-14 at 11:18 -0400, Eric Butera wrote: On Tue, May 13, 2008 at 4:07 AM, James Dempster [EMAIL PROTECTED] wrote: http://htmlpurifier.org/ -- /James This is the only real solution. That depends... if I'm the webmaster and I want to input arbitrary HTML, then htmlpurifier is unnecessary. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP OP said users. Strip tags doesn't bother with tag attributes so that is a security hole. Any regex type solution will encounter the same set of issues. Htmlpurifier actually strips down and re-builds your html from the ground against a nice whitelist filtering system that you can customize to your needs. No nasty tags/attributes will get through unless you want them to. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Regards, Wang Yi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Validating Form input
client validation is a way to provide quick response to the user for whether their input is correct or not. It doesn't guarantee correctness of the posted data. Because everything from client can't be trusted. On 5/15/08, Chris W [EMAIL PROTECTED] wrote: I was wondering what others think of my approach to form validation. I know many use Java script to do various validation. However, since there is no way to be sure the data sent to the server is actually valid, you have to check it in your php code on the server anyway. Granted you don't have to, but if you don't, you are just asking for someone to hack your system, or at the very least screw up your data. So my question is since you have to do a validity check on the server, why bother with the Java script? The only advantage I can see to doing it with Java script is it will cut down on the errors in data that get to the server and then in turn reduce the number for resubmits and keep traffic down a little. However since none of the projects I have worked on are very high traffic sites, that hasn't been much of a concern. Any thoughts? -- Chris W KE5GIX Protect your digital freedom and privacy, eliminate DRM, learn more at http://www.defectivebydesign.org/what_is_drm; Ham Radio Repeater Database. http://hrrdb.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Regards, Wang Yi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good HTML parser needed
Gabriel Sosa wrote:
this one
strip_tags('%3C%68%31%3E%68%65%6C%6C%6F%20%77%6F%72%6C%64%3C%2F%68%31%3E');
aka h1hello world/h1 using urlencode from http://ha.ckers.org/xss.html
take care the possible xss
saludos
gabriel
On Wed, May 14, 2008 at 11:56 PM, Yi Wang [EMAIL PROTECTED] wrote:
Can anyone provide some code that can't be stripped by strip_tags?
On 5/15/08, Eric Butera [EMAIL PROTECTED] wrote:
On Wed, May 14, 2008 at 11:38 AM, Robert Cummings [EMAIL PROTECTED] wrote:
On Wed, 2008-05-14 at 11:18 -0400, Eric Butera wrote:
On Tue, May 13, 2008 at 4:07 AM, James Dempster [EMAIL PROTECTED] wrote:
http://htmlpurifier.org/
--
/James
This is the only real solution.
That depends... if I'm the webmaster and I want to input arbitrary HTML,
then htmlpurifier is unnecessary.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
OP said users. Strip tags doesn't bother with tag attributes so
that is a security hole. Any regex type solution will encounter the
same set of issues.
Htmlpurifier actually strips down and re-builds your html from the
ground against a nice whitelist filtering system that you can
customize to your needs. No nasty tags/attributes will get through
unless you want them to.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Regards,
Wang Yi
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Yes, this raw string can't be stripped by strip_tags. But actually, how
the string take xss? The string has been urldecoded before we use it.
for example:
assuming url is
test.php?test_string=%3C%68%31%3E%68%65%6C%6C%6F%20%77%6F%72%6C%64%3C%2F%68%31%3E
?php
var_dump( strip_tags( $_GET[ 'test_string' ] ) );
?
should be produce string(11) hello world.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] convert query result to array
I think flance's meaning is whether there is a build-in function that can convert the result set to an array. The short answer is: do it yourself. On 5/12/08, Stut [EMAIL PROTECTED] wrote: On 12 May 2008, at 15:56, It flance wrote: is there any function that can convert the result of query to an associative array? what i want is the following: $query = select * from tablename; $result = mysql_query($query); $arr = somefunction($result); where $arr should be an assoiative array whose indices have the same name as the fields names of table tablename. http://php.net/mysql_fetch_assoc Please please please read the manual: http://php.net/mysql -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Regards, Wang Yi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good HTML parser needed
strip_tags does the tricks. www.php.net/manual/en/function.strip-tags.php BTW, Why cn2 dot php.net blocked by the mail server? The rejected message: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: php-general@lists.php.net Technical details of permanent failure: PERM_FAILURE: Gmail tried to deliver your message, but it was rejected by the recipient domain. The error that the other server returned was: 550 550-5.7.1 mail rejected by policy. SURBL hit 550-Spammy URLs in your message 550 See http://master.php.net/mail/why.php?why=SURBL. We recommend contacting the other email provider for further information about the cause of this error. Thanks for your continued support. (state 17) On 5/13/08, Shelley [EMAIL PROTECTED] wrote: Hi all, The fact is that I have a site that allow users to post hypertext articles. However, I saw that sometimes, because of their careless input, the articles is not rendered correctly. I want to know whether there are some good HTML parsers written in PHP. That is, the parser checks whether html tags like table, tr, td, div, dt, dl, dd, script, ul, li, span, h1, h2, etc. are nested correctly. If any tags not matched, just remove them. Any suggection is greatly appreciated. -- Regards, Shelley -- Regards, Wang Yi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Good HTML parser needed
You should pass the secend parm to the function. Like this: $allowable_tags = 'patdtable'; strip_tags( $text, $allowable_tags ); On 5/13/08, Shelley [EMAIL PROTECTED] wrote: Not that. It will just remove all html tags, you know. -- Regards, Shelley -- Regards, Wang Yi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] cn2 dot php.net can't be included in the mail.
Hi, I sent a mail to this mailling list just now. But the mailling list rejected my mail for the mail including cn2 dot php.net. Replace ' dot ' with '.'. Why this mirror site can't be included in the mail? Maybe it's not in the whitelist? -- Regards, Wang Yi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
