| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
Comments:
<0> n0x: so probably you need what i wrote above. $PHORUM['data']['bodybackground'] = $foo
<1> n0x: well, the beauty of python is that you can write in whatever style you wish ;-)
<2> ok, thank you avel ;)
<3> Hello, how can I split string into array so that I use for seperation space, but in case of quotes till end of quotes it will skip seperation for spaces. For example: string "a \"b c d\" f" I would like to split string and get out a, "b c d", f elements into array. How can i do this?
<4> you could use PCRE
<5> Yawn
<5> Morning fools!
<2> :) good morning Touqen
<6> is the function nl2br UTF-8 save?
<5> ries, I don't think so.
<5> I think php will be unicode safe as of php6
<5> Actually, it _should_ still work though since nl and br fall within the ASCII range of utf.
<6> Touqen: I am using typo3 a lot, and they claim to be unicode safe..... ?
<1> you can always use mb-enabled functions
<1> hehe
<6> Touqen: indeed, it will work most of the time since my sites are mosly europeon sites....
<7> Will register globals = off have any affect on how <Directory ..> with htaccess works?
<4> um... no?
<7> hm,k
<7> ty
<6> domas: typo3 is abotu 40MB of php code... would you suggest converting it?
<4> I'd suggest not typo 3
<6> domas: or just wait for php6 and ***ume that alll string functions will be unicode save
<6> Stormchaser: not to use typo3?
<8> Which piece of php-based blog-software would you recommend if security is a major concern?
<4> ries: indeed so...
<6> Stormchaser: can I ask you what to use instead?
<4> ries: I'd probably choose mambo or drupal, but that's me...
<4> Better yet, I'd wrote my own CMS :)
<9> is it possible to execute a shell command that takes input from the STDIN if I have a variable with the data I need to send the command?
<6> Stormchaser: We are not all in the position in which you are... Joomla didn't work for us, drupal I don't know... but we needed a pagetree concept... and back then Mambo didn't provide us that
<6> Stormchaser: is your CMS open source?
<8> Stormchaser, I don't know... Drupal doesn't look very secure to me.
<8> Stormchaser, neither does mambo.
<8> Stormchaser, Drupal: http://www.securityfocus.com/bid/14110,
<6> tdn: there where some exploits on typo3 aswell
<5> Has anyone had any experience with Miva Merchant?
<8> Stormchaser, mambo there are SQL injections and stuff in mambo.
<5> I think I want to shoot myself.
<6> most of type of typo3 are from eurly 2005
<8> ries, well... Code executions vulns are just not acceptable. Neither are SQL incejtions vulns. This is just awful.
<8> ries, Remote File Include Vulnerability: http://www.securityfocus.com/bid/12608/discuss. Now this is clearly not going to run on my production environment.
<6> tdn: well... I don't work with Mambo....
<6> tdn: II just work with typo3
<8> ries, ok. Well I don't want a full CMS. I just want some blog software.
<6> tdn: that's different, don't use typo3 then for just blogging :D
<8> ries, hehe. I wouldn't.
<9> is it possible to execute a shell command that takes input from the STDIN if I have a variable with the data I need to send the command?
<8> ingrato, why don't you just ask one more time. Then people would probably answer... Or maybe if you made a script that posted the same question 100 times?
<9> what is your problem
<4> tdn: So? That voulnerabilities have been patched quite some time ago... Besides I doubt that there is an OSS-style CMS, that wouldn't suffer some sort of vulnerability...
<9> when the question scrolls off the screen, I type it again, hoping someone will see it if they didn't
<4> !+g2
<10> Guideline #2) Don't repeat.
<5> ingrato, I have my window at full screen...
<5> It didn't scroll off for me yet..
<5> ingrato, From what I can tell, yes...
<9> Tougen, how, i haven't figured out how to specify to use my variable data for the stdin
<8> Stormchaser, they are not just "some sort of vulnerabilities". SQL-injections can be avoided unless you code badly. For the execution vulnerability I just don't see why the f... a piece of blog software should even have the ability to execute anything.
<8> ingrato, well... Don't do that. That is just spamming and it will not get you any help.
<4> tdn: I have a suggestion: Write a CMS of your own and stop yer' bitchin'
<5> ingrato, have you tried doing exec("echo $myvar > myappthatreadsstdin"); ?
<5> err
<5> no
<5> ingrato, have you tried doing exec("echo $myvar | myappthatreadsstdin"); ?
<8> Stormchaser, I don't want a CMS. I want some blog software. Thats all. I currently doesn't have the time to write my own... Thats why I will use some OSS for now.
<5> tdn, wordpress
<8> Touqen, ok.
<8> Touqen, WordPress has several SQL-injection problems.
<5> ...
<4> Um... How *HARD* is it to write a *blog*
<5> tdn, For the 2.1?
<5> 2.1 is like brand new as of last week or so
<4> heh :)
<5> I mean come the **** on. How much of a pessismist do you have to be?
<4> Touqen: Um... I have a feeling he left :)
<5> I know.
<5> I'm just ranting at the ever so prevalent idiocy.
<4> heh... That's granted :)
<5> By the way, I have miva merchant.
<4> what is that?
<5> Some stupid for-profit ecommerce package.
<6> Stormchaser: according to rails about 15 minutes... but it looked pritty ugly ....
<4> ries: :)
<9> Touqen, no I haven't tried piping, because piping is for piping a command output, not for a variable
<5> ...
<4> um...
<5> Do you understand what echo does?
<4> I need a bath... LAters...
<9> oh, yeah didn't see echo, let me try that
<9> Tougen, pipe didn't work
<4> echo gives STDOUT
<9> I know, but exec ("echo $myVar | myApp", $buffer); does not work
<5> ingrato, quotes around $myVar
<4> ingrato: Have you read php.net/fratures.command-line?
<4> *features
<4> !+cli
<10> [CLI] Command Line Interface
<4> bah :/
<9> quotes like \"$myVar\" ? that doesn't work
<5> single quotes
<9> Stormchaser, no
<5> the shell is really picky about quoting
<5> Stormchaser, tdn tried defending himself via pm...
<9> Stormchaser, i think you meant features.command-line, but page not found
<9> Touqen, with the quotes around the $var it works, but for simple strings
<5> so maybe addslashes to the strings...
<9> and not really, the $array variable only contained 1 line of output, when it should've had at least 7
<9> so it doesn't seem to be working
<9> sorry, the html source indicates it did work
<9> but simple strings, i have source code in my string
<5> ingrato, Return Values
<5> The last line from the result of the command
<5> From the exec man page
<9> $myVar = the text inside a source file
<9> basically I read in a source file into the variable and I wanna send it to a program on the command line
<5> why not use cat?
<5> ***uming you are on *nix
<9> yes
<9> cat what?
<9> don't say the file
<5> You said you were reading in the file so it must be on disk somewhere
<5> So why not let cat do all the heavy lifting?
<9> ok, i'm not reading a source file, didn't think you were gonna go that route, I'm reading in source paged into a form <textarea>
<9> pasted
<9> not paged
<11> how do i convert any type of image to png?
<11> (usnig php)?
<9> and I wanna take that text from the ,textarea from the $var to the command line
<5> Drakas, php.net/image
<5> ingrato, okay so you need to escape some of the things that the shell my try to interpret
<5> like single quotes if you have it surrounded by single quotes in the cmd line
<11> ok, how am i supposed to find out what type of image it is?
<5> Drakas, getimagesize
<9> Touqen, like \ ?
<5> ingrato,yes
<11> ok cheers
<9> hrm
<11> i always ask for things and i get the answer when somebody starts helping me :}
<12> morning everyone
<11> hi itrebal
<12> how are ya
<13> hi, can someone help me out, I think it`s not so hard just im a beginner yet and i cant figure it out... i just want one form to be submited and to be one field for a p***word and you could submit the form If you know the p***word..
<13> the p***word could be in one plain text file
<12> pityux: how are you with the manual?
<13> im just seeking php.net/manual..
<13> but i didnt find anyhting yet
<12> well, php.net/file_get_contents (to get the p***word out of the file) php.net/sha1 (to add a hash, so people cant open the file and have the p***word)
<13> thanks I`ll check it out
Return to
#php
or
Go to some related
logs:
compose_namespace can't locate object method
adding mime types to ubuntu
dpkg alternative tightvnc
xsane ubuntu cant scan a4
openafs force_evtchn_callback
Badness in interruptible_sleep_on_timeout
ubuntu cant open display
#web
#perl
northcol
|
|