On Monday 15 May 2006 10:53, Richard Lynch wrote:
> On Sat, May 13, 2006 5:11 pm, Nick Wilson wrote:
> > are there any security concerns with uploaded images?
>
> YES!!!
Just what are the security concerns exactly? Assuming we're only focusing
on attacks to the webserver[1] then I can only think
D. Dante Lorenso wrote:
I'm on the latest and greatest PHP 5.1.4. I can see the function I
think I want in the manual:
http://us3.php.net/manual/en/function.xmlwriter-write-raw.php
But the manual says it's only in CVS. I confirmed that I don't have it:
*Fatal error*: Call to undefine
I'm on the latest and greatest PHP 5.1.4. I can see the function I
think I want in the manual:
http://us3.php.net/manual/en/function.xmlwriter-write-raw.php
But the manual says it's only in CVS. I confirmed that I don't have it:
*Fatal error*: Call to undefined function xmlwriter_writ
On Sat, May 13, 2006 5:11 pm, Nick Wilson wrote:
> are there any security concerns with uploaded images?
YES!!!
> My thought is that it wouldnt be too hard to have some kind of script
> masquerade as a gif file, and perhaps cause damage.
>
> I cant find anyway to check a file really is a gif/png/
On Sun, May 14, 2006 8:49 am, Fourat Zouari wrote:
> On 5/14/06, Fourat Zouari <[EMAIL PROTECTED]> wrote:
> it's not a bug :)
> i shoul wait for stream to be returned, i use :
>
> while(($buff = stream_get_contents($socket[$i]))=="");
> echo $buff;
> ---
http://php.net/substr
On Sun, May 14, 2006 12:13 pm, Ross wrote:
>
> Not so good with the string functions but I want to remove the last 15
> characters from a query. Thought this would work.
>
> echo "the query is".rtrim($query, 15);
>
> Ross
>
> --
> PHP General Mailing List (http://www.php.ne
Way back in Olden Times (PHP 3.0) $_ENV used to be called $ENV, back
when $_POST was $HTTP_POST_VARS and similarly for GET and such-like.
You've got some old code relying on the deprecated syntax.
You can either hack your php.ini to support old-school var names, or
you can change all $ENV to $_EN
On Sun, May 14, 2006 2:10 pm, John Meyer wrote:
> try {
> $conn = mysql_connect("localhost","webuser","testme") or die("Could
> not
> connect");
Seems to me you ought to use throw() here...
> mysql_select_db("bookcollection",$conn) or die("Could not select
> database");
Ditto.
>
On Sun, May 14, 2006 7:51 pm, Ryan A wrote:
> --
> $stdin = fopen('php://stdin', 'r');
>
> while ($line = fgets($stdin))
> {
> $line=trim($line);
> ryan_debug_write_to_file('In while(),STDIN,
> Start..'.$line.'---End ');
You *DO* see this bit in the log righ
Ryan A wrote:
Hi,
This is my script:
(ryan_debug_write_to_file is my debug function that
writes stuff into a txt file instead of using a
print(), its working without a problem)
--
$stdin = fopen('php://stdin', 'r');
while ($line = fgets($stdin))
{
$line=tri
I periodically make some changes to this little "project-o-mine".
This new version fixes a few things:
* multiple lans and segments supported (CIDR)
* device names can contain spaces now -- finally!
* duplicate MACs are handled
(I realized my VMWare has the same MAC as my notebook in the ARP t
Hi,
This is my script:
(ryan_debug_write_to_file is my debug function that
writes stuff into a txt file instead of using a
print(), its working without a problem)
--
$stdin = fopen('php://stdin', 'r');
while ($line = fgets($stdin))
{
$line=trim($line);
No one has any thoughts or advice on this?
Chris
On May 12, 2006, at 3:31 PM, Chris Bruce wrote:
I have a dedicated server and my host just did an upgrade of PHP to
4.4.1. This has caused a couple of major errors and I wanted to
share them to see if anyone has any answers or has experienced
Hey guys,
Thanks for replying.
I have figured out what he is trying to do
basically he wants to know if the script is being
called via the web or via CLI... if called via the web
he wants to display the welcomeScreen() if not he
wants to do other stuff...
Problem is, that ENV thing is wrong s
Unless there is an other piece of code filling up the $ENV array - possibly
a cleaning routine.
On 5/14/06, Rory Browne <[EMAIL PROTECTED]> wrote:
Sorry - what's your question?
I think that $ENV should be $_ENV, which in turn should be $_SERVER.
On 5/14/06, Ryan A < [EMAIL PROTECTED]> wrote:
Sorry - what's your question?
I think that $ENV should be $_ENV, which in turn should be $_SERVER.
On 5/14/06, Ryan A <[EMAIL PROTECTED]> wrote:
Hi,
I am going through another persons script (which is
not working) and have come accross this:
if (isset($ENV['SCRIPT_FILENAME']))
{
$CLIENT
At 11:59 AM -0700 5/14/06, Ryan A wrote:
Hi,
I am going through another persons script (which is
not working) and have come accross this:
if (isset($ENV['SCRIPT_FILENAME']))
{
$CLIENT_PATH= dirname($ENV['SCRIPT_FILENAME']);
WelcomeScreen();
TestSetup($TH_HASH);
exit;
}
I
do you know what a php exception is and when/where/what generates them?
(if your coming from another language that supports exceptions you may need
to adjust your knowledge - php's exceptions are a little different -
for instance they are not ever generated by the engine itself)
does mysql_query(
I have the following script:
try {
$conn = mysql_connect("localhost","webuser","testme") or die("Could not
connect");
mysql_select_db("bookcollection",$conn) or die("Could not select
database");
//first, check to see if there is an author
if ($_POST["neworoldauthor"] == "new"
Hi,
I am going through another persons script (which is
not working) and have come accross this:
if (isset($ENV['SCRIPT_FILENAME']))
{
$CLIENT_PATH= dirname($ENV['SCRIPT_FILENAME']);
WelcomeScreen();
TestSetup($TH_HASH);
exit;
}
I am just starting on CLI stuff but I cant f
Ross wrote:
Not so good with the string functions but I want to remove the last 15
characters from a query. Thought this would work.
echo "the query is".rtrim($query, 15);
echo "the query is".substr($query,0,-15);
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, vis
Not so good with the string functions but I want to remove the last 15
characters from a query. Thought this would work.
echo "the query is".rtrim($query, 15);
Ross
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
cajbecu, am talking about non-blocking sockets, that's a simple blocking
socket
On 5/14/06, cajbecu <[EMAIL PROTECTED]> wrote:
$var = file ("http://www.some.server.net:someport";);
then $var=explode ... bla bla..
that never crash.
cheers,
cajbecu
On 5/14/06, Fourat Zouari <[EMAIL PROTECTED]
$var = file ("http://www.some.server.net:someport";);
then $var=explode ... bla bla..
that never crash.
cheers,
cajbecu
On 5/14/06, Fourat Zouari <[EMAIL PROTECTED]> wrote:
On 5/14/06, Fourat Zouari <[EMAIL PROTECTED]> wrote:
>
> ok
> this is returning the retrived data from open sockets :
>
On 5/14/06, Fourat Zouari <[EMAIL PROTECTED]> wrote:
ok
this is returning the retrived data from open sockets :
http://pastebin.com/716768
this is returning an empty string :
http://pastebin.com/716767
it's not a bug :)
i shoul wait for stream to be returned, i use :
ok
this is returning the retrived data from open sockets :
http://pastebin.com/716768
this is returning an empty string :
http://pastebin.com/716767
On 5/14/06, chris smith <[EMAIL PROTECTED]> wrote:
On 5/14/06, Fourat Zouari <[EMAIL PROTECTED]> wrote:
> Code 1 :
> -
>
D_C wrote:
> hi list -
>
> am wondering what approaches people take for multilanguage sites? were
> working on a CMS system and need to have the UI / links show up in
> many languages and be easily localizable by people.
>
> we're using smarty, so one approach is to use smarty config files and
>
IraqiGeek wrote:
> I'm learning PHP on a Debian Etch with Apache 2.0.54 and PHP 4.3.10, and
> using Firefox 1.5.3 on a Windows XP box to browse the sample site. I wrote
> a small form to get user input. If I use METHOD=GET, then the form works
> fine, without any glitches. However, if I use METHO
On 5/14/06, php @ net mines <[EMAIL PROTECTED]> wrote:
I'm building a site which will be hosted on a shared server (hosting company
won't change any php.ini settings), and the client wants to upload his
clients' data (let's say a zip) so they can loggin and download it from the
site.
Depends on
hi list -
am wondering what approaches people take for multilanguage sites? were
working on a CMS system and need to have the UI / links show up in
many languages and be easily localizable by people.
we're using smarty, so one approach is to use smarty config files and
then smarty tags for all t
I'm building a site which will be hosted on a shared server (hosting company
won't change any php.ini settings), and the client wants to upload his
clients' data (let's say a zip) so they can loggin and download it from the
site.
- Original Message -
From: "Rory Browne" <[EMAIL PROTEC
On 5/13/06, IraqiGeek <[EMAIL PROTECTED]> wrote:
[snip]
test script
//If I use METHOD=GET here, the script works flawlessly
[/snip]
The form action should be $_SERVER['PHP_SELF']. Here case
matters, since this is a string and not a variable name.
If action is empty, I believe browsers simpl
* and then chris smith declared
> Check the file extension and the mimetype, make sure they are both
> valid.. or as someone else suggested, use getimagesize on it - if that
> returns false or empty then it's not an image.
Ok thanks guys. I'll do extension and mime and getimagesize() before
s
33 matches
Mail list logo
