[PHP] Re: Displaying HTML safely

2005-07-16 Thread Lauri Harpf 
> Well, unless you have set your server up to execute PHP or CGI scripts in 
> .html files, which is a very bad idea, the only thing you need to worry 
> about is client-side scripting. You could just filter out all 
>  tags if client-side scripting isn't important for your 
> application...

That's one of the problems I have, but it seems a tough nut to crack. If I 
leave in the scripts, it opens a possibility of malicious scripts being fed 
to a user through the application.

On the other hand, if I take out the scripts, I will be providing a broken 
version of the original page. People are not going to be happy if my "llama 
to alpaca"-application has the side effect of deleting all of their scripts.

I've been thinking of limiting this problem by preventing the direct 
displaying of the code (ie. only allowing "Save As.." for the link to the 
user-submitted HTML). I guess a bit of JS could prevent accidental 
left-clicking on the link. I've also been thinking of passing a special 
header for the HTML source code file, "Content-type: 
application/octet-stream" to suggest downloading rather than displaying the 
contents, but IE seems to just ignore it and display the HTML anyhow.

- Lauri Harpf 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] not sure why form submission gives me error

2005-07-16 Thread Burhan Khalid 

Edward Vermillion wrote:

Bruce Gilbert wrote:


Hello,

I have a form on my site
http://www.inspired-evolution.com/Contact.php

produces this error on submission

Parse error: parse error, unexpected T_STRING in
/hsphere/local/home/bruceg/inspired-evolution.com/Thankyou.php on line
35



Well.. it says it's found a string it wasn't expecting on, or around, 
line 35 but I can't find it. Did you cut and past the code here or 
retype it when you posted?


BTW... A nice editor for windows is Crimson Editor, and for the mac 
TextWrangler works pretty good too. Both have built in FTP features that 
are easy to use and some decent syntax highlighting. And both are free. 
If your on *nix then I'm not gonna start that war... :P


A good website to go for that sort of information is php-editors.com

My personal recommendations:

Windows - EditPlus (syntax highlighting, edit-over-ftp, etc.)
- SciTE (syntax highlighting, code-complete (ie, IntelliSense))
- UltraEdit

Linux   - pick your favorite, I prefer vim for console editing
- for X11 editors, Kate, SciTE, etc. all work great

Mac - BBEdit (one of -- if not THE -- best text editor for Mac)
- SubethaEdit (great editor with unique features)

As for your PHP issue, check for im-properly nested " " marks.  Would be 
good if you highlighted what lines 33-37 were.


-- Burhan

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] getimagesize not working on images from MYSQL

2005-07-16 Thread timothy johnson 
$id = $_GET['id'];
$query = "SELECT * FROM myPhotos WHERE photoId='$id'";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
$im = imagecreatefromstring($row[photoData]);

$size = getimagesize($im);

header('Content-Type: image/jpeg');
imagejpeg($im, NULL, 100);

I have this nice little php page to return my images from a database,
and everything runs fine except then I try to  use getimagesize, I
then get..

Warning: getimagesize(Resource id #4): failed to open stream:

do I have to do something else, this function works fine if I am using
it on a fileimage, why not an image from a database???

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] getimagesize not working on images from MYSQL

2005-07-16 Thread Burhan Khalid 

timothy johnson wrote:

$id = $_GET['id'];
$query = "SELECT * FROM myPhotos WHERE photoId='$id'";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
$im = imagecreatefromstring($row[photoData]);

$size = getimagesize($im);

header('Content-Type: image/jpeg');
imagejpeg($im, NULL, 100);

I have this nice little php page to return my images from a database,
and everything runs fine except then I try to  use getimagesize, I
then get..

Warning: getimagesize(Resource id #4): failed to open stream:

do I have to do something else, this function works fine if I am using
it on a fileimage, why not an image from a database???


Because the function expects a filename, not an image.  Read the 
documentation for getimagesize.


Regards,
Burhan

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Unix sockets and fsockopen

2005-07-16 Thread Fredrik Tolf 
Hi List!

I'm writing an open source PHP application which uses (connects to) Unix
sockets. To that means, I'm using the fsockopen function.

However, when reading the fsockopen documentation on php.net and being
referred to Appendix N, it seems clear that one should use the notation
"unix:///path/to/socket". However, that doesn't work with any version of
PHP that I've tried myself -- they only work if I give them a normal
path (without the "unix://" specifier). Right now, I'm using PHP 4.2.2
(comes with RH9), but previously I was using some PHP 4.3 version,
although I don't remember which.

Recently, however, I've started receiving mails from people who say that
it only works if they replace the fsockopen call so that it uses the
"unix://" scheme. At least one of them was using PHP 4.3.11, and another
one was using PHP 5. I don't think I asked for the PHP versions of the
others.

So, what is one supposed to do with this really? Is there any particular
way that I can detect if I should use "unix://" and prepend it if
necessary? If you don't mind me asking, what's the reason for this
inconsistency?

Thanks for your attention!

Fredrik Tolf

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Core dumps

2005-07-16 Thread Adam Currey 
Hi all, new to the list, and a bit of a php cluebie.

I know I'll omit some details that you'll need, so tell me what you need to 
know.

I've been happily running mod_php4 (4.4.0) with apache 2.0.52 on FreeBSD 4.9 
for quite some time, no problems. Today I tried to install phpBB from 
/usr/ports/www/phpbb and it failed with a message about needing CLI, and having 
already installed a conflicting port.  Some googling suggested I needed to 
deinstall www/mod_php4 and install lang/php4 instead.  Once I did that, I found 
that I had broken my gallery and squirrelmail installs.  Apache logs entries 
thus:

[Sat Jul 16 20:25:36 2005] [notice] child pid 53883 exit signal Bus error (10)

Attempting to run a .php file from the command line results in a core dump, for 
example:

php /usr/local/www/data/gallery/index.php
Bus error (core dumped)

So can anyone explain in small words what to try next?

Thanks!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Usability review - OT

2005-07-16 Thread Dotan Cohen 
On 7/15/05, Mark Rees <[EMAIL PROTECTED]> wrote:
> Hello
> 
> Sorry for the OT request.
> 
> Does anyone know of anywhere I can get my website picked apart from a
> usability point of view? I'm thinking of general first impressions rather
> than an in-depth review of functionality.
> 
> Thanks
> 
> Mark
> www.itsagoodprice.com - top-brand electronics for less.
> 

I usually go to htmlforums.com. They have a bunch of good posters on the forum.

Dotan
http://x-christmas.com
Christmas

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Removing special characters

2005-07-16 Thread Dotan Cohen 
On 7/14/05, Computer Programmer <[EMAIL PROTECTED]> wrote:
> Is there a PHP built-in function to retrieve only the alphanumeric
> characters from a given string?
> 
> I know that I can check for alphanumeric characters using the
> function ctype_alphanum () but it won't retrieve the alphanum characters.
> 
> I also know that I can use str_replace to replace an array of special
> characters such as the example below:
> 
> $str = "I*m using  with special/chars like | how to get
> rid of it???";
> $removeChars = array ('*','?','|','>','<','/','\\');
> $str = str_replace ($removeChars, "", $str);
> 
> However, could there be a specific function for just retrieving
> alphanumeric characters? or a specific function for just stripping
> special characters? Or maybe a better way to do those things from the
> example given above?
> 
> Thanks in advance. :)
> 

Try this:
http://us2.php.net/manual/en/function.recode-string.php

Dotan
http://x-christmas.com
Christmas

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] skewed up images

2005-07-16 Thread Ryan A 
Thanks mate, works perfectly now.
-Ryan

On 7/16/2005 4:49:30 AM, Richard Davey ([EMAIL PROTECTED]) wrote:
> Hello Ryan,
>
> Saturday, July 16, 2005, 3:53:16 AM, you wrote:
>
> RA> in the beginning if the height is more, then its resizing
> RA> perfectly...but if the width is more I want to cut out 90pix from
> RA> the middle of the pic...instead its giving me a skewed image as
> RA> you can see from
>
> RA> Any ideas? I know I screwed up somewhere in the function...but just
> cant
> RA> figure it out...
>
> If the width is greater than the height
> you're calling CR_make_crop
> which has this line:
>
> imagecopyresized ($new, $img, 0, 0, 0, 0,
90,120,$width_orig2,$height_orig2);
>
> The problem is that what you're
> effectively saying is:
>
> Copy the entire original picture (0,0 to $width_orig2, $height_orig2)
> into an area 90x120, and resize it when you do it.
>
> That's not a crop :) That's a resize. You'd be better off with a
> function like imagecopy() instead - once you have that 90x120 cropped
> piece, then you can do whatever it is you wanted to do with it.
>
> Best regards,
>
> Richard Davey
> --
> http://www.launchcode.co.uk - PHP Development Services
> "I do not fear computers. I fear the lack of them." - Isaac Asimov
>
> --
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] session data not recorded

2005-07-16 Thread Alessandro Rosa 
I have a problem to record session data and I would you
help me. I suppose there's something I missed in the general
configurations during the last install, but I can't realize it.

I arranged a couple of simple files handling sessions, to show you my
problem.

I have a file index.php :
---


Go!
---

and then the file page2.php :

---
";
echo $_SESSION['psw'];

?>
---

But when page2.php is loaded, then a blank page is displayed.

What's wrong with this?
Thanks in advance.

Alessandro

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] session data not recorded (ADD-ON)

2005-07-16 Thread Alessandro Rosa 
I forgot to write that:
- my config is Win2000/php 4.4.0/apache 1.3
- Session files are correctly created and information stored therein.

Then there a trouble in reading such files, since when I call a session
variable, the content is not displayed.

So what to do?

Alessandro

Re: [PHP] PHP 5 Object Inheritance

2005-07-16 Thread Jochem Maas 

Chris wrote:

Jochem Maas wrote:


Chris wrote:


Hi,

I've got a collection of Element classes (about 8 different ones). 
They are all subclasses of a single parent element. I'm trying to 
extend their functionality (both the individual classes, and the 
parent class they inherit).


I can extend each Element subclass with it's new specific 
functionality, but I would also like to add specific functionality to 
all of the subclasses. Extending the parent element with the new 
functionality would *seem* to be the way to go, but I can't make it 
work None of the Subclasses inherit from the extended superclass. Any 
thoughts? I'd appreciate any ideas.





BaseElement
|- SubElement1
|  \- ExtendedSubElement
|- SubElement2
|- SubElement3
|- SubElement4
|- SubElement5
|- SubElement6
|- SubElement7
|- SubElement8
\- ExtendedBaseElement

ExtendedSubElement will never be able to inherit from 
ExtendedBaseElement.

there is no multiple inheritance in php.

Yeah, I understand... Is multiple inheritance something that true OOP 
languages can do?


many of them, may be all? although I'm not sure multiple inheritance is
a pre-requist, and I have read plenty of articles that say that MI is plain evil
and should be scrapped - at any rate MI gives you functionality which is 
sometimes
very handy but can also be the proverbial rope with which you hang your self
(imagine a class hierarchy 4 layers deep where each leaf class inherits from
2-3 base classes in someway, add a few interfaces, etc, etc ... and now you 
need to
make radical changes to one of your base classes ... have fun :-/ ).




So either change your 'tree':

BaseElement
\- ExtendedBaseElement
   |- SubElement1
   |  \- ExtendedSubElement
   |- SubElement2
   |- SubElement3
   |- SubElement4
   |- SubElement5
   |- SubElement6
   |- SubElement7
   |- SubElement8

... stick the functionality of ExtendedBaseElement into BaseElement
and get rid of the ExtendedBaseElement

I can't change the tree, because the non-extended elements still need to 
be able to function independantly.



... or figure out a neat way to use the 'Decorator Pattern'
(http://www.google.com/search?q=Decorator+Pattern) in order to
conditionally make extended functionality available in specific
descendant classes?

That seems like it would work, but itdoesn't feel very clean. I'll look 
into some more.



otherwise post some code (cutdown :-) for people to look at.


Well, here is my actual tree with all the internals pulled out:



They are the elements of a Form Object, to create the form and validate 
the input. The extended classes I'm working on now associate a database 
table with the Form object, and will Create, Delete, and Update rows in 
a database.


maybe the Form object (some kind of controller) should be the only object that 
is aware
of the DB connection and let it handle the binding/logic/etc - let the Element 
classes
just worry about what they have to display and how (i.e. build them do they 
don't care



This is my currently anticpated Structure.


When I was typing out this structure I realized that some of those have 
2 possible objects they'll need to inherit from, which further 


classes not objects. given the way php works if your objects _need_
to inherit from two or more classes (or one of many, to be decided at run
time) then you design is wrong (atleast wrong is so far as your chosen language
is not capable of implementing the design!).


complicates things.


maybe you should be looking at Interfaces?



An example: I'll want the CAdminForm_Boolean to optionally be Yes/No 
Radio buttons, or a Checkbox. Which is handled with two separate Form 
Elements.


how you display something shouldn't really affect its definition
(whether you show a checkbox or radiobutton is irrelevant - the underlying
'field' is still a 'boolean'). so maybe the instance of CAdminForm_Boolean
should state how it would like to be displayed?

$myBoolElement->getDisplayType()

which could be a std method for all Elements (and would probably return null
or 'default' or something similar for most classes), setting the displayType
woiuld be a matter of passing an arg to the constructor (or something similar)
when you are ... building the form / binding the Elements to DB fields / etc.



I'm *this* close to concluding that it would be better to not extend any 


shouldn't that be "I'm $this close" ;-)

of the new AdminForm classes from any of the old, but rather instantiate 
a Form Element class for each AdminForm Element, then use __call() to 


you said the "decorator" pattern didn't seem very clean, until you
realise that __call() provides a splendidly clean way of implementing
something that looks very much like 'decoration' :-)

pass methods through to the instantied, while overriding the necessary 
methods in almost the normal way.


__call() will not intercept call to method that actually exist (also
tru when the method exists in a base class)

anyway HTH,

Jochem



Thanks for your tim

Re: [PHP] Dynamic Images and File Permissions

2005-07-16 Thread Jochem Maas 

Brian V Bonini wrote:

On Thu, 2005-07-14 at 12:09, Adam Hubscher wrote:


My questions are this:

A) Is there any way to set the permissions on the file on creation of
the image?



Set umask 002 on the user php is running as.



or set the perms correctly on the relevant dir and turn the stickybit on
for that dir?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] session data not recorded : solved !

2005-07-16 Thread Alessandro Rosa 
It was due to my firewall. Highest level protection stopped any cookie
to be read. So, once realized, everything re-started to work as usual.

Alessandro

Re: [PHP] Question about apache-php concurrent process control

2005-07-16 Thread rouvas 
Hi Liang,

trying to get conclusive results with browsers is futile. Use a command-line 
tool (like curl) to invoke the web pages and get the results. Or you can use 
PHP's own function to query the web server and do your own timing with 
microtime() function or another suitable for your purposes.

In order for flush() results to reach you (in a browser) they have to pass 
from multiple caches like PHP's, Apache's, the occasional proxies and finally 
the browser's own cache. So you cannot get dependaple results measuring times 
or responses from your browser. Try the methods above.

And a final tip... When Rasmus speaks, you don't question him:-) Period. 

Have a nice day,
-Stathis

On Saturday 16 July 2005 04:41, Liang ZHONG wrote:
> Hi Rasmus,
>
> You are right. It was the problem with the browser. I used Mozilla Firefox
> to try, and do not know what consideration it just serialized the identical
> url http requests. I then turned to use 2 IE 6.0 windows, 2 tabs within
> Maxthon browser, one IE windows and one Firefox, to test. Then I got the
> conclusion as you told. Thank you very much for the help.
>
> BTW, I could not get the flush() work, neither flush() with ob_flush(). I
> tried almost all methods mentioned in the followed posts under
> http://us2.php.net/flush, but none of them can really pushed the buffer
> out. The site is configurated with http://liang.ns2user.info/php/info.php
> on Red head, kernel 2.4.29. What can I do to get it work?
>
> Thank you again.
>
> >Liang ZHONG wrote:
> > > Could you please explain it a little bit more?
> > > I did test this way.
> > >
> > > The code is the same for a.php and b.php
> > >  > >
> > >sleep(20);
> > >print  Done. ";
> > >
> > > ?>
> > >
> > > I place request from 2 browser windows.
> > > First time, I placed with http://baseURL/a.php with both 2 browsers,
> > > starting times have 5 second interval. Then the first "Done" shows
> > > after 20 seconds and the second "Done" shows 20 seconds after the first
> >
> >"Done".
> >
> > > Then, I placed one browser with http://baseURL/a.php and the second one
> > > with http://baseURL/b.php, with starting time of 5 second interval.
> > > Then I got the first browser showing "Done" after 20 seconds and 5
> > > seconds later, the second browser showed "Done", too.
> > >
> > > Thus it seems that the apache can spoon out multiple php interpreters
> > > responding to http requests, while php can not deal with concurrent
> > > process from one program.
> >
> >I have no idea what you did to configure it this way.  I wouldn't even
> >know how to do that if you asked me to.  As far as PHP is concerned it
> >has no idea which processes are handling which script files at any one
> >point.  So whether you request a.php and b.php at the same time or a.php
> >twice at the same time, it makes absolutely no difference to PHP.  If
> >you are really seeing this, then the limitation is in your browser or
> >somewhere else.  Try making a.php output stuff so it becomes easier to
> >see.  As in for($i=0;$i<20;$i++) { echo $i; flush(); sleep(1); }
> >You should see the counter start counting as soon as you hit the page.
> >
> >-Rasmus
> >
> >--
> >PHP General Mailing List (http://www.php.net/)
> >To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question about apache-php concurrent process control

2005-07-16 Thread Rory Browne 
On 7/16/05, rouvas <[EMAIL PROTECTED]> wrote:
> Hi Liang,
> 
> trying to get conclusive results with browsers is futile. Use a command-line
> tool (like curl) to invoke the web pages and get the results. Or you can use
Although personally I think that telnet-to-port-80 would be a better
idea, in this case when you're trying to check what is outputted
first. Either that or a TCP sniffer.

I also agree with the microtime() suggestion, mentioned below. It will
get you around the problem of caches - which is a major problem for
something like this. I'm not sure what the situation with apache is
regarding caches.

> PHP's own function to query the web server and do your own timing with
> microtime() function or another suitable for your purposes.
> 
> In order for flush() results to reach you (in a browser) they have to pass
> from multiple caches like PHP's, Apache's, the occasional proxies and finally
> the browser's own cache. So you cannot get dependaple results measuring times
> or responses from your browser. Try the methods above.
> 
> And a final tip... When Rasmus speaks, you don't question him:-) Period.

Unless you didn't understand what he said and want clarification. 


> 
> Have a nice day,
> -Stathis
> 
> On Saturday 16 July 2005 04:41, Liang ZHONG wrote:
> > Hi Rasmus,
> >
> > You are right. It was the problem with the browser. I used Mozilla Firefox
> > to try, and do not know what consideration it just serialized the identical
> > url http requests. I then turned to use 2 IE 6.0 windows, 2 tabs within
> > Maxthon browser, one IE windows and one Firefox, to test. Then I got the
> > conclusion as you told. Thank you very much for the help.
> >
> > BTW, I could not get the flush() work, neither flush() with ob_flush(). I
> > tried almost all methods mentioned in the followed posts under
> > http://us2.php.net/flush, but none of them can really pushed the buffer
> > out. The site is configurated with http://liang.ns2user.info/php/info.php
> > on Red head, kernel 2.4.29. What can I do to get it work?
> >
> > Thank you again.
> >
> > >Liang ZHONG wrote:
> > > > Could you please explain it a little bit more?
> > > > I did test this way.
> > > >
> > > > The code is the same for a.php and b.php
> > > >  > > >
> > > >sleep(20);
> > > >print  Done. ";
> > > >
> > > > ?>
> > > >
> > > > I place request from 2 browser windows.
> > > > First time, I placed with http://baseURL/a.php with both 2 browsers,
> > > > starting times have 5 second interval. Then the first "Done" shows
> > > > after 20 seconds and the second "Done" shows 20 seconds after the first
> > >
> > >"Done".
> > >
> > > > Then, I placed one browser with http://baseURL/a.php and the second one
> > > > with http://baseURL/b.php, with starting time of 5 second interval.
> > > > Then I got the first browser showing "Done" after 20 seconds and 5
> > > > seconds later, the second browser showed "Done", too.
> > > >
> > > > Thus it seems that the apache can spoon out multiple php interpreters
> > > > responding to http requests, while php can not deal with concurrent
> > > > process from one program.
> > >
> > >I have no idea what you did to configure it this way.  I wouldn't even
> > >know how to do that if you asked me to.  As far as PHP is concerned it
> > >has no idea which processes are handling which script files at any one
> > >point.  So whether you request a.php and b.php at the same time or a.php
> > >twice at the same time, it makes absolutely no difference to PHP.  If
> > >you are really seeing this, then the limitation is in your browser or
> > >somewhere else.  Try making a.php output stuff so it becomes easier to
> > >see.  As in for($i=0;$i<20;$i++) { echo $i; flush(); sleep(1); }
> > >You should see the counter start counting as soon as you hit the page.
> > >
> > >-Rasmus
> > >
> > >--
> > >PHP General Mailing List (http://www.php.net/)
> > >To unsubscribe, visit: http://www.php.net/unsub.php
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: not sure why form submission gives me error

2005-07-16 Thread Bruce Gilbert 
Thanks guys. I am on a Mac and have BBEdit light, which is not too
great for PHP editing, from m experience.

On 7/16/05, Burhan Khalid <[EMAIL PROTECTED]> wrote:
> Edward Vermillion wrote:
> > Bruce Gilbert wrote:
> > 
> >> Hello,
> >>
> >> I have a form on my site
> >> http://www.inspired-evolution.com/Contact.php
> >>
> >> produces this error on submission
> >>
> >> Parse error: parse error, unexpected T_STRING in
> >> /hsphere/local/home/bruceg/inspired-evolution.com/Thankyou.php on line
> >> 35
> > 
> > 
> > Well.. it says it's found a string it wasn't expecting on, or around, 
> > line 35 but I can't find it. Did you cut and past the code here or 
> > retype it when you posted?
> > 
> > BTW... A nice editor for windows is Crimson Editor, and for the mac 
> > TextWrangler works pretty good too. Both have built in FTP features that 
> > are easy to use and some decent syntax highlighting. And both are free. 
> > If your on *nix then I'm not gonna start that war... :P
> 
> A good website to go for that sort of information is php-editors.com
> 
> My personal recommendations:
> 
> Windows - EditPlus (syntax highlighting, edit-over-ftp, etc.)
>  - SciTE (syntax highlighting, code-complete (ie, IntelliSense))
>  - UltraEdit
> 
> Linux   - pick your favorite, I prefer vim for console editing
>  - for X11 editors, Kate, SciTE, etc. all work great
> 
> Mac - BBEdit (one of -- if not THE -- best text editor for Mac)
>  - SubethaEdit (great editor with unique features)
> 
> As for your PHP issue, check for im-properly nested " " marks.  Would be 
> good if you highlighted what lines 33-37 were.
> 
> -- Burhan
> 
> 
> 


-- 
::Bruce::

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Displaying HTML safely

2005-07-16 Thread Dotan Cohen 
On 7/16/05, Lauri Harpf <[EMAIL PROTECTED]> wrote:
> > Well, unless you have set your server up to execute PHP or CGI scripts in
> > .html files, which is a very bad idea, the only thing you need to worry
> > about is client-side scripting. You could just filter out all
> >  tags if client-side scripting isn't important for your
> > application...
> 
> That's one of the problems I have, but it seems a tough nut to crack. If I
> leave in the scripts, it opens a possibility of malicious scripts being fed
> to a user through the application.
> 
> On the other hand, if I take out the scripts, I will be providing a broken
> version of the original page. People are not going to be happy if my "llama
> to alpaca"-application has the side effect of deleting all of their scripts.
> 
> I've been thinking of limiting this problem by preventing the direct
> displaying of the code (ie. only allowing "Save As.." for the link to the
> user-submitted HTML). I guess a bit of JS could prevent accidental
> left-clicking on the link. I've also been thinking of passing a special
> header for the HTML source code file, "Content-type:
> application/octet-stream" to suggest downloading rather than displaying the
> contents, but IE seems to just ignore it and display the HTML anyhow.
> 
> - Lauri Harpf
> 

Forgot trying to work around IE. The browser is broken. It is
non-standard. It's bugs are not fixed. The more you bang your head
against the wall trying to fix what is Microsoft's responsibility to
fix, the less reason people will have to switch to a non-broken
browser (or OS!). Let them use a standards-compliant web browser.

Dotan Cohen
http://x-christmas.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Displaying HTML safely

2005-07-16 Thread Jasper Bryant-Greene 

Dotan Cohen wrote:

On 7/16/05, Lauri Harpf <[EMAIL PROTECTED]> wrote:

I've been thinking of limiting this problem by preventing the direct
displaying of the code (ie. only allowing "Save As.." for the link to the
user-submitted HTML). I guess a bit of JS could prevent accidental
left-clicking on the link. I've also been thinking of passing a special
header for the HTML source code file, "Content-type:
application/octet-stream" to suggest downloading rather than displaying the
contents, but IE seems to just ignore it and display the HTML anyhow.


Something like this (you might like to check the syntax, I'm working 
from memory here) might work:


header('Content-Disposition: attachment; filename=somefile.html');


Forgot trying to work around IE. The browser is broken. It is
non-standard. It's bugs are not fixed. The more you bang your head
against the wall trying to fix what is Microsoft's responsibility to
fix, the less reason people will have to switch to a non-broken
browser (or OS!). Let them use a standards-compliant web browser.


If only we lived in such a perfect world... remember that the majority 
of web users use IE, so unless you enjoy shutting out the majority of 
your customers, we do need to work around it.


Let's not get this thread OT though.

Jasper

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Trimming Text

2005-07-16 Thread Al 

André Medeiros wrote:

Greetings.

I am trying to trim some text containing HTML tags. What I want to do is
to trim the text without trimming the tags or html entities like  
and such, wich completelly break the design.

Has anyone succeded on doing such a thing? phpclasses.org won't help :(

Thanks in advance.
André


Consider...

Making a preg pattern to capture everything between tags and then use preg_replace_callback() 
process the "captured text" with the called function.


It will work; but it's a bit tricky.

Here is a similiar code snip to get you started...

$pattern= "%<[\w-/]+>%";

$text= preg_replace_callback($pattern, 		create_function('$matches', 'return 
strtolower($matches[0]);'), $text);	


This converts all tags to lowercase.

You probably should use a regular callback function rather than creating one.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Session warning

2005-07-16 Thread Thomas Bonham 
Hello All,
I'm working on session and I'm getting this warning. Maybe someone can
help fixing this problem. Below is the following code.

Warning: 
Warning: session_start() [function.session-start]: Cannot send session
cookie - headers already sent by (output started at
/var/www/html/bonham/cornerstone-data/property/adminlogin.php:2) in
/var/www/html/bonham/cornerstone-data/property/adminlogin.php on line
3

Warning: session_start() [function.session-start]: Cannot send session
cache limiter - headers already sent (output started at
/var/www/html/bonham/cornerstone-data/property/adminlogin.php:2) in
/var/www/html/bonham/cornerstone-data/property/adminlogin.php on line
3


Then I get my login fields.

Code:

   
   
 CIS166AE - Admin Login
 
   
   
   
   
   

Please Login
Username:

Password:


"

".$_SESSION['valid_user']."";
  
}
?>

Logout";}?>




Function FIle:
query($sql);
$db->close();
if($result->num_rows>0)
return true;
else
return false;
}

?>

Thank for the help.
Thomas
-- 
--
Thomas Bonham
[EMAIL PROTECTED]
bonhamlinux.org
Cell 602-402-9786

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Session warning

2005-07-16 Thread Jasper Bryant-Greene 

Thomas Bonham wrote:

Hello All,
I'm working on session and I'm getting this warning. Maybe someone can
help fixing this problem. Below is the following code.

Warning: 
Warning: session_start() [function.session-start]: Cannot send session

cookie - headers already sent by (output started at
/var/www/html/bonham/cornerstone-data/property/adminlogin.php:2) in
/var/www/html/bonham/cornerstone-data/property/adminlogin.php on line
3


Are you absolutely sure that there is *no* output before the 
session_start() in adminlogin.php?


If there is it won't work. Even a space before the first Unicode BOM, or any kind of output can screw it up.


Jasper

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Session warning

2005-07-16 Thread Thomas Bonham 

Jasper Bryant-Greene wrote:

Thomas Bonham wrote:


Hello All,
I'm working on session and I'm getting this warning. Maybe someone can
help fixing this problem. Below is the following code.

Warning: Warning: session_start() [function.session-start]: Cannot 
send session

cookie - headers already sent by (output started at
/var/www/html/bonham/cornerstone-data/property/adminlogin.php:2) in
/var/www/html/bonham/cornerstone-data/property/adminlogin.php on line
3



Are you absolutely sure that there is *no* output before the 
session_start() in adminlogin.php?


If there is it won't work. Even a space before the first Unicode BOM, or any kind of output can screw it up.


Jasper


The first thing at is in my code is the start session command.

Thomas

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Session warning

2005-07-16 Thread Rasmus Lerdorf 
On Sat, 16 Jul 2005, Thomas Bonham wrote:
> Jasper Bryant-Greene wrote:
> > Thomas Bonham wrote:
> >
> >> Hello All,
> >> I'm working on session and I'm getting this warning. Maybe someone can
> >> help fixing this problem. Below is the following code.
> >>
> >> Warning: Warning: session_start() [function.session-start]: Cannot
> >> send session
> >> cookie - headers already sent by (output started at
> >> /var/www/html/bonham/cornerstone-data/property/adminlogin.php:2) in
> >> /var/www/html/bonham/cornerstone-data/property/adminlogin.php on line
> >> 3
> >
> >
> > Are you absolutely sure that there is *no* output before the
> > session_start() in adminlogin.php?
> >
> > If there is it won't work. Even a space before the first  > Unicode BOM, or any kind of output can screw it up.
> >
> > Jasper
>
> The first thing at is in my code is the start session command.

The error message indicates that your start_session() call is on line 3
and that output was started at line 2.  Try pasting the first 5 lines of
that adminlogin.php script here.  The other thing that is normally useful
is to have a look at the raw bytes in the file.  Try this:

  od -c adminlogin.php | head

from your command line.  That will tell you exactly what is in the file.
Sometimes editors try to be a little bit too smart for their own good.

-Rasmus

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Session warning

2005-07-16 Thread Thomas Bonham 
Ok that is some help.

The first five lines of the file are the following.


   

od -c adminlogin.php | head out put the folowing.

[EMAIL PROTECTED] property]$ od -c adminlogin.php | head
000  \r  \n   <   ?   p   h   p  \r  \n  \t   s
020   e   s   s   i   o   n   _   s   t   a   r   t   (   )   ;  \r
040  \n  \t   r   e   q   u   i   r   e   (   "   f   u   n   c
060   t   l   i   b   .   p   h   p   "   )   ;  \r  \n
100   ?   >  \r  \n   <   h   t   m   l   >  \r  \n
120   <   h   e   a   d   >  \r  \n  \t   <   t   i
140   t   l   e   >   C   I   S   1   6   6   A   E   -   A
160   d   m   i   n   L   o   g   i   n   <   /   t   i   t   l
200   e   >  \r  \n  \t   <   l   i   n   k   r   e   l   =
220   "   s   t   y   l   e   s   h   e   e   t   "   t   y   p
[EMAIL PROTECTED] property]$


Thanks
Thomas


On 7/16/05, Rasmus Lerdorf <[EMAIL PROTECTED]> wrote:
> On Sat, 16 Jul 2005, Thomas Bonham wrote:
> > Jasper Bryant-Greene wrote:
> > > Thomas Bonham wrote:
> > >
> > >> Hello All,
> > >> I'm working on session and I'm getting this warning. Maybe someone can
> > >> help fixing this problem. Below is the following code.
> > >>
> > >> Warning: Warning: session_start() [function.session-start]: Cannot
> > >> send session
> > >> cookie - headers already sent by (output started at
> > >> /var/www/html/bonham/cornerstone-data/property/adminlogin.php:2) in
> > >> /var/www/html/bonham/cornerstone-data/property/adminlogin.php on line
> > >> 3
> > >
> > >
> > > Are you absolutely sure that there is *no* output before the
> > > session_start() in adminlogin.php?
> > >
> > > If there is it won't work. Even a space before the first  > > Unicode BOM, or any kind of output can screw it up.
> > >
> > > Jasper
> >
> > The first thing at is in my code is the start session command.
> 
> The error message indicates that your start_session() call is on line 3
> and that output was started at line 2.  Try pasting the first 5 lines of
> that adminlogin.php script here.  The other thing that is normally useful
> is to have a look at the raw bytes in the file.  Try this:
> 
>   od -c adminlogin.php | head
> 
> from your command line.  That will tell you exactly what is in the file.
> Sometimes editors try to be a little bit too smart for their own good.
> 
> -Rasmus
> 


-- 
--
Thomas Bonham
[EMAIL PROTECTED]
bonhamlinux.org
Cell 602-402-9786

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Session warning

2005-07-16 Thread Rasmus Lerdorf 
Thomas Bonham wrote:
> Ok that is some help.
> 
> The first five lines of the file are the following.
> 
> 
>session_start();
>require("functlib.php"); 
>?>
> 
> od -c adminlogin.php | head out put the folowing.
> 
> [EMAIL PROTECTED] property]$ od -c adminlogin.php | head
> 000  \r  \n   <   ?   p   h   p  \r  \n  \t   s
> 020   e   s   s   i   o   n   _   s   t   a   r   t   (   )   ;  \r
> 040  \n  \t   r   e   q   u   i   r   e   (   "   f   u   n   c
> 060   t   l   i   b   .   p   h   p   "   )   ;  \r  \n
> 100   ?   >  \r  \n   <   h   t   m   l   >  \r  \n
> 120   <   h   e   a   d   >  \r  \n  \t   <   t   i
> 140   t   l   e   >   C   I   S   1   6   6   A   E   -   A
> 160   d   m   i   n   L   o   g   i   n   <   /   t   i   t   l
> 200   e   >  \r  \n  \t   <   l   i   n   k   r   e   l   =
> 220   "   s   t   y   l   e   s   h   e   e   t   "   t   y   p

well, there is your answer.  Your file starts with \r\n
So your PHP tag is not the first thing in your file and PHP will output
that leading \r\n.

-Rasmus

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php