| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
Comments:
<0> fopen with a url will not work on PHP 4.4.x (tested and confirmed against 4.4.0 and 4.4.2)
<1> connect.inc.php
<0> However it will with php 5.
<2> richardlynch so i use connect instead of pconnect ?
<3> yawn. PDO, oci, ref-cursor. Is it going to happen? tune into channel 69 tonight and find out!
<1> that way you know it's an include, but also a php file
<4> m00kie_: No, you couldn't, because that leaves you open to a DOS attack against your DB by somebody surfing to that connect.php script.
<0> The problem, is 5 chokes on the website code, so that is not a solution.
<5> has anyone done a ajax dropdown menu script before with php as the XML provider?
<4> ak_work: The choice of connect versus pconnect is best left to later, after testing.
<6> Motoko-chan: Stop abusineg the enter key
<7> richardlynch - sure you could. bad programmers cant, but the good ones can ;)
<6> *abusing
<0> Sorry.
<8> Motoko-chan, there is a directive in php.ini that prevents url opening in fopen
<6> !+sorry
<9> Don't be sorry, just don't do it.
<10> Abusineg?
<8> I forgot it's name, see documents
<0> cythrawll, confirmed that isn't the problem.
<8> ok
<6> Stephanie: I *did* corrected myself.
<10> Yes.
<10> It just reminds me of the time that I let awesmoe slip...
<10> Still haven't lived that one down.
<10> :P
<4> m00kie_: Sure, IF you add another layer of code at the top to deny access if it's not an include file... Or you could just MOVE the damn file, unclutter your URL-valid directory, and be done with it.
<0> It really seems to be some weird binary issue, but PHP does a clean compile on the box. Oh, and this is the only major bug I see.
<8> your not using ubuntu are yah?
<0> Nope. Slackware 10.2. Custom compiled Apache2 and PHP.
<8> oh i use that
<8> same kernel version too
<6> Stephanie: Ha... Noone is better than [RainMkr] :)
<8> but I have php5 and apache1.x
<0> I tested under stock 2.4 and also a custom 2.6
<7> richardlynch - or, you could simply put them in a /include/ folder, and add it to robots.txt, and properly configure your webserver to not display file listings :)
<5> hmm
<11> how do i update the phpbb forum that comes with phpnuke
<6> #phpbb or #nuclearexplosion
<4> m00kie_: Which any Bad Guy could guess at in about 5 seconds...
<12> maxwells: you might want to duck quickly, but this is the wrong place to ask that
<7> guess what?
<4> maxwells: Ask on phpbb or phpnuke forum.
<13> hey :)
<8> robots.txt is the first place to look for what files to try and sploit
<7> sure, but they still wont know which files, if they cant view a directory listing
<14> Any ideas why this doesn't work?:
<14> if ( mysql_error() ) {
<14> echo "<b>ERROR</b><BR><BR>An error has occured, one of the details you entered has aready been taken, please try again.";
<14> }
<14> Sorry, didn't mean to flood.
<14> Thought I had it on one line :|
<7> robots.txt is just to keep crawlers out.
<4> m00kie_: You mean they can't possibly GUESS you might have a connect.php in there? Duh.
<8> is that html?
<8> ew?
<6> em... Did you perhaps read the manuals, Thomazzz?
<14> Wolfpaws, well you see, I wanted it to say that if I got any errors at all
<6> !+TIAS
<9> [TIAS] Try It And See. If you want to know if or how something works, try it first.
<14> Wolfpaws, I did, and nothing happened.
<7> richardlynch - well, its not really worth it to continue arguing a pointless topic with you.. we'll just settle with 'it depends on your level of paranoia'.. and leave it at that :P
<8> im not to worry about crawlers finding my lib files, since they would produce a blank page and probably not indexed anyway
<6> Thomazzz: ... Have you checked the error log?
<4> Guys, this is not about crawlers finding lib files. It's about Bad Guys loading up snippets of PHP in ways you NEVER predicted, much less tested, to see what damage they can do.
<15> holy freaking crap, $$$x is valid syntax
<15> or any number of $'s for that matter.
<4> khaladan: Course it is. PHP "variable variables" in the manual. http://php.net
<6> khaladan: Of course... It's a variable
<0> On robots.txt, the crawlers won't index them, but someone looking for trouble will know right where to go.
<15> i just thought $$ was it.
<15> silly me.
<0> Turn off directory indexes for the includes areas, or stick a blank index up.
<6> $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$blah <-- variable (sorry)
<4> Motoko-chan: And if they "guess" what might be in your includes directory? And start pounding on it, loading in PHP sub-scripts at random?
<0> richardlynch, yes, that can be a cause of problems. At least keeping an index of files from being seen is one step to avoid them knowing _what_ to call.
<8> richardlynch, if your include files contained nothing but functions and cl***es, how would that be an issue?
<0> If you have access below the web root, putting includes and cl***es outside the webroot (so only real pages can call directly) also helps.
<4> Motoko-chan: Or just MOVE them out of the webtree. There is no reason to KEEP them in your webtree, is there?
<0> Some providers don't let you below your web root (sadly).
<4> cythrawll: A) Sooner or later, you'll have executable code in an include file somewhere, somehow.
<4> Find a new host.
<16> or
<16> stop making unreasonable demands
<0> If you are forced to keep includes in a web-accessible area, hiding a directory list is the minimal security you can do.
<17> hopefully they allow you to put a "deny from all" in .htaccess
<4> I give up. You guys are right. You should keep all that crap in the webtree, add an extra line of code to every file, never have any executable code in an include file, AND configure with .htaccess as "deny from all" instead of just moving the files.
<17> richardlynch: that was in the case of not being able to put files above the webroot
<0> richardlynch, not saying you are wrong. I am noting that sometimes there are circumstances where you can't.
<10> Wolfpaws: [RainMkr]?
<6> Stephanie: *nod*
<18> hello Wolfpaws
<10> I am Goddess of Inoportune Typos. :P
<6> Stephanie: http://quotes.concentrated.net/index.php?q=1106631167 *runs*
<10> Server not found.
<6> Stephanie: o.O
<19> whats the best way to go back to pages you posted to..... do people cache the entire content in a db ? then check session info ?
<6> Stephanie: Hit f5
<10> Hah.
<20> does anyone use PHP for system scripts?
<6> Tac: That'd be the biggest waste of room
<10> Ah, the antics of ops on IRC.
<6> spyro_boy: I had... Why?
<19> whats the best way to handle that ..... I am trying to figure out the best way to do "back to results" type links
<20> Wolfpaws, just wondering.
<20> I love making scripts with PHP.
<21> so do that
<20> I made a playlist creator with PHP. :)
<3> i love making brownies with marijuana.
<20> lmfao
<20> hash-browns :P
<6> you mean hash-browser
<19> Wolfpaws: whats the best way to handle that ..... I am trying to figure out the best way to do "back to results" type links
<6> Tac_Work: Regenerate the page.
<19> Wolfpaws: so I just put any variables used to generate the page, into the session, then check if that data exists next time the page is accessed?
<19> thats what I do now .... and it was just annoying and
<6> Tac_Work: I don't understand... Why the session?
<4> spyro_boy: I have a PHP script that dynamically prepends the ID3 tags to the MP3s for the playlists. Too bad the stupid mp3 players only show the ID3 info for local files. :-(
<4> http://uncommonground.com/radio_hifi.m3u -- You have to **** down the playlist, then all the files in the playlist, but it works.
<22> richardlynch: actualy that's more of a drawback of the mp3 tagging format when trying to stream and is why shoutcast was invented
<4> When I have free time, I'll add a shoutcast version... After the podcast version.
<6> scarry
<10> You know, it's looking at that quotes page that makes me realize the one thing I've been deluding myself about all along: I get every pun and joke on that thing...and that makes me just as big a geek as you people.
<23> podcast....what an utter waste of bandwidth
<10> I agere.
<10> er.
<6> *nod*
<10> I agree.
<22> Stephanie: welcome to the club
<4> Well, mainly so I can maybe get Apple to promote it on their homepage...
<6> right...
<10> ||cw: I've been a part of the club for a very, very long time. I just didn't pay my dues and never talked about it with friends.
<23> richardlynch: I didn't mean you. I meant podcasting in general.
<4> They pick one a week (day?) to add to their homepage. And, really, it's no different than the playlist version, except for a couple extra tags.
<24> anyone got tips where to hire an individual professional php/mysql programmer for longterm projects?
<6> I'm not a geek... I'm just very smart :)
<22> podcast...what an utter waste of coining a term. we had a name for it already, "recording"
<4> Oh. I think there a few valuable original source content "podcasts" out there.
<25> Vooloo: www.dice.com
<10> Anyone know someone who can get me a decently priced copy of OSX Tiger?
<10> :P
<22> I'm not saying that there isn't interesting recording to listen to, I'm sure there are, but "podcast" wtf
<25> Stephanie: www.apple.com :)
<10> The three thing I want most right now are Tiger, a microphone, and Skype.
<4> Vooloo: Craigslist.org
<10> This way I can actually TALK to some of you idiots. :D
<25> richardlynch: ah, good idea.
<24> More sites like that in us?
Return to
#php
or
Go to some related
logs:
#suse
FATAL ERROR: Cannot open disk drive
Press any key t
#web
#css
#css
Unable to lock the administration directory (/var/lib/dpkg/)
lamp ubuntu remove
< tPl0ch>
ubuntu apt-get iometer
Gnome keyboard preferences not working
|
|