Re: [PHP] How define if javascript is on with php

2010-04-17 Thread Michiel Sikma 
On 16 April 2010 19:02, tedd  wrote:

> At 3:46 PM +0200 4/16/10, Michiel Sikma wrote:
>
>> On 16 April 2010 14:06, Paulo-WORK  wrote:
>>
>> -snip-
>>
>
> Paulo:
>
> I agree. Here's a working example with everything you need:
>
> http://sperling.com/examples/javascript-detection/
>
> Cheers,
>
> tedd
>
>
Another important thing to consider is that the web is meant to be
accessible to even those using a screen reader. Screen readers don't support
Javascript (to my knowledge) and instead rely on properly written HTML. By
having regular content and overriding it with Javascript, you're ensuring
that the visually impaired, among others, can also use your site.

Michiel

Re: [PHP] PHP include security

2010-04-17 Thread Michiel Sikma 
On 16 April 2010 06:57, Micky Hulse  wrote:

> Hi,
>
> -snip-
>
> The above code snippet is used in a class which would allow developers
> (of a specific CMS) to include files without having to put php include
> tags on the template view.
>
> The include path will be using the server root path, and the include
> files will probably be stored above the web root.
>
> My question:
>
> What would be the best way to "clean" and secure the include string?
>
> Maybe something along these lines (untested):
>
> $invalidChars=array(".","\\","\"",";"); // things to remove.
> $include_file = strtok($include_file,'?'); // No need for query string.
> $include_file=str_replace($invalidChars,"",$include_file);
>
> What about checking to make sure the include path is root relative,
> vs. http://...?
>
> What do ya'll think? Any suggestions?
>
> Many thanks in advance!
>
> Cheers,
> Micky
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Hi,

It depends. What's exactly do you want to prevent? It doesn't seem like a
very big problem if someone tries to include an improper adderss or
nonexistent file, since that would simply make $data an empty string
(depending on your level of error reporting and whether you display or hide
warnings). If the included file decides to call ob_get_clean() or something
like that $data will be false. I can't think of what else you realistically
want to prevent.

Building a page with multiple templates is best done by using a good
template class. Allowing the inclusion of external PHP files from a CMS will
pose a risk if non-developers have access to the CMS as well. You're
basically allowing anyone to add (potentially untested) code to a live site
and I would recommend against doing it. If you want people to be able to
include, say, additional HTML content, use file_get_contents() instead.

Michiel

Re: [PHP] limit to var_dump?

2010-04-17 Thread Michiel Sikma 
On 16 April 2010 16:15, Ashley Sheridan  wrote:

> I'm seeing some strange behaviour with var_dump. Is there a limit to how
> many levels deep that var_dump can display?
>
> -snip-
>
> However, when I var_dump the top-most object (the Gantt object) the
> predecessors array for Gantt_Task 1.2 just shows as '...'. If I var_dump
> that particular object, I can see that the correct array element does
> exist.
>
> Is this just a random bug I've found, or is there an intended limit to
> how complex and deep var_dump can go? Would it have anything to do with
> the fact that Gantt contains multiple instances of the Gantt_Task
> object?
>
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
There's a limit to var_dump if you have Xdebug installed. See the Xdebug
site:

http://www.xdebug.org/docs/display

On another note, iirc var_dump itself can detect and prevent infinite
recursion.

Michiel

Re: [PHP] How define if javascript is on with php

2010-04-17 Thread Ashley Sheridan 
On Sat, 2010-04-17 at 11:43 +0200, Michiel Sikma wrote:

> On 16 April 2010 19:02, tedd  wrote:
> 
> > At 3:46 PM +0200 4/16/10, Michiel Sikma wrote:
> >
> >> On 16 April 2010 14:06, Paulo-WORK  wrote:
> >>
> >> -snip-
> >>
> >
> > Paulo:
> >
> > I agree. Here's a working example with everything you need:
> >
> > http://sperling.com/examples/javascript-detection/
> >
> > Cheers,
> >
> > tedd
> >
> >
> Another important thing to consider is that the web is meant to be
> accessible to even those using a screen reader. Screen readers don't support
> Javascript (to my knowledge) and instead rely on properly written HTML. By
> having regular content and overriding it with Javascript, you're ensuring
> that the visually impaired, among others, can also use your site.
> 
> Michiel


Visually impaired aren't the only people that Javascript poses a problem
for. Consider someone with Arthritis or severe RSI who cannot use a
mouse as easily, if at all, as most people. A lot of Javascript uses
event handlers like onclick and onmouseover, which are specifically
geared towards using a mouse and won't work on a browser that is being
navigated by a keyboard.

Thanks,
Ash
http://www.ashleysheridan.co.uk

[PHP] solution

2010-04-17 Thread Paulo-WORK 

I have reached a solution for my problem with js.
Following all the sugestions and using jquery turned out to be quite simple.
using .ide( ) and .show( ) i am able to change the #div with Js enabled 
content and no js.

So defining with css for example:

#main{display:none;}
#main_nojs{display:block;}
if js is enabled on load Jquery will .hide( #min_nojs) and -.show(#main) 
if is off #main is already defined as display:none and #main_nojs as 
display:block.

Paulo Carvalho

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] solution

2010-04-17 Thread lala 

Paulo-WORK wrote:

I have reached a solution for my problem with js.
Following all the sugestions and using jquery turned out to be quite 
simple.
using .ide( ) and .show( ) i am able to change the #div with Js enabled 
content and no js.

So defining with css for example:

#main{display:none;}
#main_nojs{display:block;}
if js is enabled on load Jquery will .hide( #min_nojs) and -.show(#main) 
if is off #main is already defined as display:none and #main_nojs as 
display:block.

Paulo Carvalho



Here's how some others solved the problem.

http://thedailywtf.com/articles/bulletproof-javascript-detection.aspx

I took out all my money (both cents) and put it under my mattress ;D

Mike Wright


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How define if javascript is on with php

2010-04-17 Thread tedd 

At 11:43 AM +0200 4/17/10, Michiel Sikma wrote:

By having regular content and overriding it with Javascript


It's probably best that you use the term "progressive enhancement" 
rather than "overriding".


The point being is that you have a site that delivers it's content 
for those with javascript turned off and those who have javascript 
turned on, can enjoy an "enhanced" version of the presentation, but 
not have something provided that other's can't get.


Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How define if javascript is on with php

2010-04-17 Thread Paulo-WORK 

On 17/04/2010 23:13, tedd wrote:

At 11:43 AM +0200 4/17/10, Michiel Sikma wrote:

By having regular content and overriding it with Javascript


It's probably best that you use the term "progressive enhancement" 
rather than "overriding".


The point being is that you have a site that delivers it's content for 
those with javascript turned off and those who have javascript turned 
on, can enjoy an "enhanced" version of the presentation, but not have 
something provided that other's can't get.


Cheers,

tedd

I agree.
Now that i know what to do, the end result will be displaying exactlly 
the same content and look regardless if JS is on or off.



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP include security

2010-04-17 Thread Micky Hulse 
Hi Michiel! Thanks for the help, I really appreciate it. :)

> It depends. What's exactly do you want to prevent? It doesn't seem like a
> ..
> include, say, additional HTML content, use file_get_contents() instead.

Very good points. My goal was to write a plugin that would allow me to
include some static HTML template file and get the 
tags out of my CMS template. With that said, I think the only people
using this code will be the developers of the templates, and not your
standard user.

I opted to use output buffering and readfile() for the speed, and
include() would be an option if developers want to execute the code in
the included file.

Would file_get_contents() be faster than readfile and output
buffering? Would using file_get_conents() and eval() be faster than
using include() and output buffering?

Without boring you all to death, I am mostly interested in learning
new stuff! I actually don't think anyone will use this code other than
myself. :D

But I definitely agree with all your points.

Thanks so much for you help!

Have a great day!
Cheers,
Micky

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP include security

2010-04-17 Thread Micky Hulse 
> What do ya'll think? Any suggestions?

Sorry for the duplicate posting... I had some problems signing-up for
the list. :(

Also, I moved my test code to sniplr:



TIA!

Cheers
M

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: How define if javascript is on with php

2010-04-17 Thread Manuel Lemos 
Hello,

on 04/16/2010 08:50 AM Paulo-WORK said the following:
> Hello and thanks for any replies that this message may get.
> I have a issue to solve regarding PHP.
> My website relies heavlly  on jquery and does not dowgrade properly.
> I use codeigniter framework as this website has a backend .
> Is it possible to detect if js is on with php?
> And if so can it be set into a variable?
> Paulo Carvalho

This class does exactly what you are asking:

http://www.phpclasses.org/package/5297-PHP-Check-whether-Javascript-is-enabled-in-the-browser.html

-- 

Regards,
Manuel Lemos

Find and post PHP jobs
http://www.phpclasses.org/jobs/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php