Menu
▾
▴
binarycloud-dev — development list for binarycloud
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
(57) |
May
(287) |
Jun
(166) |
Jul
(286) |
Aug
(273) |
Sep
(254) |
Oct
(144) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Gerry K. <ge...@mc...> - 2001-08-13 08:58:05
|
At 11:41 AM 09/08/01 -0700, you wrote: > > At 10:34 PM 08/08/01 -0700, you wrote: > > > >oh yes, > >edit user/conf/file_permissions.conf - remove the whitespace at the end of >the file. There was only one blank line at the end of the file, which I deleted - why would this be a problem? >also, in prepend, comment out the breakcrumbs_and_tabs.lib Done. >_a However, I still get a blank screen. This has been a very disappointing start, so far. I don't have much more time to evaluate this dev framework, I'm afraid. Regards, Gerry |
|
From: Gerry K. <ge...@mc...> - 2001-08-13 07:06:43
|
I'm in the process of trying to get r1 working. I'm just wondering though, how much work will it be to migrate an application developed with r1 to r2? How soon will r2 be released? Thanks, Gerry |
|
From: Gerry K. <ge...@mc...> - 2001-08-13 07:06:25
|
This project sounds interesting. I'd like to know more about xml2php. Gerry |
|
From: Andreas A. <a.a...@th...> - 2001-08-12 14:52:17
|
Hi All,
i'm thinking about to enhance the Request class to fetch nested array
elements directly. And I'm not sure if this should be implemented because of
the needed overhead. But maybe you want this :-)
For example if you have a session/post/cookie variable
$modXSettings = array(
"foo" => array(
"name" => "Peter",
"other" => "Pan"
),
perms => "god"
);
and you need only the value $modXSettings['foo']['name'] you currently have
to do this:
$tmp = $Request->GetVar('modXSettings', 'SESSION');
$name =& $tmp['foo']['name'];
nice to have would be something like this:
$name = $Request->GetVar('modXSettings[foo][name]', 'SESSION');
but the logic to implement this would cause a descend overhead.
And with ZendEndige 2.0 real derefferencing will be possible:
$name = $Request->GetVar('modXSettings', 'SESSION')[foo][name];
What do you think? Is it worth to implement such a feauture? Im usnure.
pros:
- decoding does not have to walk the
entire array, just one element (big pro)
- simplicity
- code readbility
cons:
- code overhead
- ???
I'd love to hear your thoughts
Andi
|
|
From: Discount M. <yw...@ya...> - 2001-08-12 08:10:02
|
Magazine Subscriptions at the lowest prices anywhere!! www=2Emagazinemaniac=2Ecom=20 Automobile $5=2E95 Mademoiselle $7=2E95 Business 2=2E0 $6=2E95 Maxim $5=2E95 Car & Driver $6=2E95 Motor Trend $5=2E95 Cosmopolitan $11=2E95 New Yorker $18=2E95 Details $5=2E95 Outdoor Life $5=2E95 eCompany $5=2E95 PC Magazine $9=2E95 The Economist $48=2E75 PC World $9=2E95 Elle $7=2E95 Popular Science $6=2E95 Esquire $5=2E95 Reader's Diges $8=2E95 Fast Company $8=2E95 Road & Track $6=2E95 FHM $5=2E95 Rolling Stone $5=2E95 Field & Stream $5=2E95 Seventeen $5=2E95 Forbes $17=2E95 Spin $5=2E95 Fortune $15=2E95 Sports Afield $5=2E95 GQ $9=2E95 Stuff $5=2E95 Guns & Ammo $5=2E95 Teen $5=2E95 Inc=2E $5=2E95 Time $11=2E95 Jane $5=2E95 TV Guide $22=2E95 Kiplingers $7=2E95 Wired $8=2E95 And Hundreds of others at similarly cut-throat prices=2E You've never seen prices this low=2E You may never see them this low again=2E http://www=2Emagazinemaniac=2Ecom Respond with "Remove" in subject line to be taken off this list=2E |
|
From: alex b. <en...@tu...> - 2001-08-12 01:28:42
|
> Alex, I'm quite interested to make xml2php working. Some questions about it: > 1) I see you want to use binarycloud prepend.php & other stuff. Does it > mean that later [when xml2php script actually works] you're planning to > execute it at the end of make process when all BC files are copied/created? That's essentially correct - all files named .php.xml (I think that's what it will end up being) will be processed as xml-> php. We'll probably have to have some minimal "type specific" profile code that governs variable naming, etc... I'd like to see page definitions be functional first. Second, I have a static module rendering 'model' which I would like to implement in Page, which would allow people to write _vastly_ simplified pages with html right there.. (I'll spec this in a bit) > 2) The use of XMLUtils library in xml2php.php- do you have such library > already (if so, where can I download it), or are you going to start and > create it from the beginning? It exists, I'll put it in CVS if you'd like to play around with it :) best, _alex > Andris Spruds > > > ----- Original Message ----- > From: <bin...@li...> > To: <bin...@li...> > Sent: Wednesday, August 08, 2001 9:07 PM > Subject: binarycloud-dev digest, Vol 1 #203 - 2 msgs > > > > Send binarycloud-dev mailing list submissions to > > bin...@li... > > > > To subscribe or unsubscribe via the World Wide Web, visit > > http://lists.sourceforge.net/lists/listinfo/binarycloud-dev > > or, via email, send a message with subject or body 'help' to > > bin...@li... > > > > You can reach the person managing the list at > > bin...@li... > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of binarycloud-dev digest..." > > > > > > Today's Topics: > > > > 1. RE: CVS daily synch (Andreas Aderhold) > > 2. RE: CVS daily synch (Andreas Aderhold) > > > > --__--__-- > > > > Message: 1 > > From: "Andreas Aderhold" <a.a...@th...> > > To: <bin...@li...> > > Subject: RE: [binarycloud-dev] CVS daily synch > > Date: Tue, 7 Aug 2001 22:53:19 +0200 > > Reply-To: bin...@li... > > > > Hi Alex, > > > > > are there any other commits I should know about? > > > > yes > > > > r2/binarycloud/user/conf/datasources.php > > > > I fixed it to work with import (global $datasources) and quotet/caseified > > the array keys. > > > > > > Andi > > > > > > > > --__--__-- > > > > Message: 2 > > From: "Andreas Aderhold" <a.a...@th...> > > To: <bin...@li...> > > Subject: RE: [binarycloud-dev] CVS daily synch > > Date: Wed, 8 Aug 2001 10:34:44 +0200 > > Reply-To: bin...@li... > > > > Hi Alex, > > > > antoher sf-commit: > > > > r2/binarycloud/base/core/Request.php > > > > > > > > > > > > > > --__--__-- > > > > _______________________________________________ > > binarycloud-dev mailing list > > bin...@li... > > http://lists.sourceforge.net/lists/listinfo/binarycloud-dev > > > > > > End of binarycloud-dev Digest > > > > > > > > > > > > > _______________________________________________ > binarycloud-dev mailing list > bin...@li... > http://lists.sourceforge.net/lists/listinfo/binarycloud-dev > |
|
From: TAO R. <ron...@ho...> - 2001-08-11 08:26:42
|
>Ronald, as it later turned out, I had disabled register_argc_argv in my >php.ini, so >processprepend.php received no parameters. You might want to add this to >install.win32 in a section called Troubleshooting or whatever, because I'm >not the first one to have this kind of problem and probably not the last one >as well... thx a lot.... I have already made this note to the tutorial... roni _________________________________________________________________ 在 http://explorer.msn.com.tw/intl.asp 免費下載 MSN Explorer |
|
From: Andris S. <li...@ap...> - 2001-08-11 07:46:03
|
Ronald, as it later turned out, I had disabled register_argc_argv in my
php.ini, so
processprepend.php received no parameters. You might want to add this to
install.win32 in a section called Troubleshooting or whatever, because I'm
not the first one to have this kind of problem and probably not the last one
as well...
Alex, I'm quite interested to make xml2php working. Some questions about it:
1) I see you want to use binarycloud prepend.php & other stuff. Does it
mean that later [when xml2php script actually works] you're planning to
execute it at the end of make process when all BC files are copied/created?
2) The use of XMLUtils library in xml2php.php- do you have such library
already (if so, where can I download it), or are you going to start and
create it from the beginning?
Andris Spruds
----- Original Message -----
From: <bin...@li...>
To: <bin...@li...>
Sent: Wednesday, August 08, 2001 9:07 PM
Subject: binarycloud-dev digest, Vol 1 #203 - 2 msgs
> Send binarycloud-dev mailing list submissions to
> bin...@li...
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.sourceforge.net/lists/listinfo/binarycloud-dev
> or, via email, send a message with subject or body 'help' to
> bin...@li...
>
> You can reach the person managing the list at
> bin...@li...
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of binarycloud-dev digest..."
>
>
> Today's Topics:
>
> 1. RE: CVS daily synch (Andreas Aderhold)
> 2. RE: CVS daily synch (Andreas Aderhold)
>
> --__--__--
>
> Message: 1
> From: "Andreas Aderhold" <a.a...@th...>
> To: <bin...@li...>
> Subject: RE: [binarycloud-dev] CVS daily synch
> Date: Tue, 7 Aug 2001 22:53:19 +0200
> Reply-To: bin...@li...
>
> Hi Alex,
>
> > are there any other commits I should know about?
>
> yes
>
> r2/binarycloud/user/conf/datasources.php
>
> I fixed it to work with import (global $datasources) and quotet/caseified
> the array keys.
>
>
> Andi
>
>
>
> --__--__--
>
> Message: 2
> From: "Andreas Aderhold" <a.a...@th...>
> To: <bin...@li...>
> Subject: RE: [binarycloud-dev] CVS daily synch
> Date: Wed, 8 Aug 2001 10:34:44 +0200
> Reply-To: bin...@li...
>
> Hi Alex,
>
> antoher sf-commit:
>
> r2/binarycloud/base/core/Request.php
>
>
>
>
>
>
> --__--__--
>
> _______________________________________________
> binarycloud-dev mailing list
> bin...@li...
> http://lists.sourceforge.net/lists/listinfo/binarycloud-dev
>
>
> End of binarycloud-dev Digest
>
>
|
|
From: Alex B. <en...@tu...> - 2001-08-10 19:36:11
|
mail problems associated with a dns switch, just testing. _a |
|
From: Alex B. <tu...@tu...> - 2001-08-09 18:40:11
|
> At 10:34 PM 08/08/01 -0700, you wrote: > >> What happens if you comment out the error handler? > > I get a blank screen > >> And, what happens if you turn the error handler back on, and comment out >> permissions? > > I get a blank screen. > > Here's a summary of what I tried: > > Part commented out result > debug blank screen > auth blank screen > error blank screen > permission blank screen > auth + perm blank screen > debug + error + auth see attached file debug+error+auth.html > debug + error + auth + perm see attached file debug+error+auth+perm.html > >> I need to look in the archives on geocrawler, because I remember this >> problem... >> oh yes, edit user/conf/file_permissions.conf - remove the whitespace at the end of the file. also, in prepend, comment out the breakcrumbs_and_tabs.lib _a -- alex black, ceo en...@tu... the turing studio, inc. http://www.turingstudio.com vox+510.666.0074 fax+510.666.0093 |
|
From: TAO R. <ron...@ho...> - 2001-08-09 11:37:12
|
>Alex, you should add ash (because of sh.exe missing; another good idea is to >make a copy of bash.exe and rename it to sh.exe in the cygwin/bin directory) >and sed (sed.exe >missing) to the list of packages to download. > Now the build runs fine, except the old known problem with prepend.php: are using win95 or 98 or 2000???? did you follow the step to set the env $BCHOME using widnwos style path?? roni _________________________________________________________________ 在 http://explorer.msn.com.tw/intl.asp 免費下載 MSN Explorer |
|
From: Andreas A. <a.a...@th...> - 2001-08-09 11:32:18
|
Hi Alex, > don't know if you're subscribed to binarycloud-cvs-commit, I just synched > your commit of Request.php to my repository. Ah ok, cool. Hmm I think the time difference between the us and europe is playing tricks :( Andi |
|
From: Gerry K. <ge...@mc...> - 2001-08-09 10:59:15
|
Cjxicj4KPGI+V2FybmluZzwvYj46ICBDYW5ub3QgYWRkIGhlYWRlciBpbmZvcm1hdGlvbiAtIGhl YWRlcnMgYWxyZWFkeSBzZW50IGJ5IChvdXRwdXQgc3RhcnRlZCBhdCAvaG9tZS9iaW5hcnljbG91 ZC9iaW5hcnljbG91ZC91c2VyL2NvbmYvZmlsZV9wZXJtaXNzaW9ucy5jb25mOjE5MykgaW4gPGI+ L2hvbWUvYmluYXJ5Y2xvdWQvYmluYXJ5Y2xvdWQvY29yZS9iYXNlL3Blcm0vcGVybWlzc2lvbnMu cGhwPC9iPiBvbiBsaW5lIDxiPjYyPC9iPjxicj4K |
|
From: Andris S. <li...@ap...> - 2001-08-09 07:13:21
|
> Alex, you should add ash (because of sh.exe missing; another good idea is to > make a copy of bash.exe and rename it to sh.exe in the cygwin/bin directory) > and sed (sed.exe > missing) to the list of packages to download. Sorry, sed was already in the list. Again, sorry about my repeated messages on the list. Andris Spruds |
|
From: Andris S. <li...@ap...> - 2001-08-09 07:09:54
|
Alex, you should add ash (because of sh.exe missing; another good idea is to
make a copy of bash.exe and rename it to sh.exe in the cygwin/bin directory)
and sed (sed.exe
missing) to the list of packages to download.
Now the build runs fine, except the old known problem with prepend.php:
$ make
Building da site
in user
in user/htdocs
in base
in core
in bldr
in init
Could not open file for writing :
in lib
in mgr
Building en site
in user
in user/htdocs
in base
in core
in bldr
in init
Could not open file for writing :
in lib
in mgr
Andris Spruds
|
|
From: TAO R. <ron...@ho...> - 2001-08-09 05:41:16
|
Andris, >1)Downloaded & installed these packages >2)Followed the instructions on how to install BC >3)Typed make and got the following: > make: /bin/sh.exe: command not found > make: *** [langs] Error 127 check if sh.exe exist in /bin or not..., or find out where it is and set the right path in $BCHOME/base/utils/installcode.sh #!/path/to/sh roni > >Any ideas what can I have done wrong? > >P.S. >I think you mean Regex, not Reges [in the list of packages needed] > >Andris Spruds > _________________________________________________________________ 在 http://explorer.msn.com.tw/intl.asp 免費下載 MSN Explorer |
|
From: alex b. <en...@tu...> - 2001-08-09 05:37:20
|
> The virtual host is working. I've done everything listed in the > install.html file, except I couldn't use php_value in the virtual host > settings. I'm not sure it matters, because the same settings are in > httpd.conf, and I know the prepend file is being read. Yeah, you're fine. > When I go to the virtual site and use a PHP file I have created, it comes > up no problem. With the index.php file of binarycloud, I get a blank > screen, i.e. an HTML file with no data. I tried stepping through the > prepend file, commenting out parts, and I found that if I comment out a > section near the bottom, related to debug, error handling and > authentication, then some of the file appears with some error messages. What happens if you comment out the error handler? And, what happens if you turn the error handler back on, and comment out permissions? I need to look in the archives on geocrawler, because I remember this problem... _a > Right now, I'm stumped. Ideas welcomed. > > Gerry Kirk > > > _______________________________________________ > binarycloud-dev mailing list > bin...@li... > http://lists.sourceforge.net/lists/listinfo/binarycloud-dev > |
|
From: Gerry K. <ge...@mc...> - 2001-08-09 04:50:57
|
Hi, I've tried setting up r1 on a Mandrake 8.0 system, running PHP 4.0.4. The virtual host is working. I've done everything listed in the install.html file, except I couldn't use php_value in the virtual host settings. I'm not sure it matters, because the same settings are in httpd.conf, and I know the prepend file is being read. When I go to the virtual site and use a PHP file I have created, it comes up no problem. With the index.php file of binarycloud, I get a blank screen, i.e. an HTML file with no data. I tried stepping through the prepend file, commenting out parts, and I found that if I comment out a section near the bottom, related to debug, error handling and authentication, then some of the file appears with some error messages. Right now, I'm stumped. Ideas welcomed. Gerry Kirk |
|
From: Alex B. <tu...@tu...> - 2001-08-09 01:13:44
|
hi Andreas, don't know if you're subscribed to binarycloud-cvs-commit, I just synched your commit of Request.php to my repository. -a > Hi Alex, > > antoher sf-commit: > > r2/binarycloud/base/core/Request.php > > > > > _______________________________________________ > binarycloud-dev mailing list > bin...@li... > http://lists.sourceforge.net/lists/listinfo/binarycloud-dev > -- alex black, ceo en...@tu... the turing studio, inc. http://www.turingstudio.com vox+510.666.0074 fax+510.666.0093 |
|
From: Andris S. <li...@ap...> - 2001-08-08 22:31:52
|
1)Downloaded & installed these packages
2)Followed the instructions on how to install BC
3)Typed make and got the following:
make: /bin/sh.exe: command not found
make: *** [langs] Error 127
Any ideas what can I have done wrong?
P.S.
I think you mean Regex, not Reges [in the list of packages needed]
Andris Spruds
|
|
From: Alex B. <en...@tu...> - 2001-08-08 20:56:11
|
http://www.securereality.com.au/studyinscarlet.txt And... here we go :) 3. Global Variables --------------------- "The problem is that the code incorrectly assumes that the variable $auth will be empty unless it sets it. Remembering that an attacker can create variables in the global namespace, a url like 'http://server/test.php?auth=1' will fail the password check but the script will still believe the attacker has successfully authenticated." First: under no circumstances should you assume that a variable is set to "what you expect". Second, and more importantly, this is the reason there's a request class in r2: for explicitly requesting values from the "user space" instead of having register_globals on in php.ini and opening up your application to attack. register_globals is convenient, but it is dangerous, as this article points out. 4. Remote Files --------------------- This is actually not different from "Global Variables" above, and obviously you should never take entire paths from the user for inclusion. You should also, (of course) make sure that your webserver is running as a user in a group by itself, and ensure that permissions in your fs are properly set. Best is to chroot apache. 5. File Upload --------------------- Uh, notice a trend here? turn _off_ register_globals, and all is well :) 6. Library Files --------------------- Heh, don't include your library files in htdocs where thy can be served?! (duh!?! :) 7. Session Files --------------------- Again, global variables. 8. Loose Typing And Associative Arrays --------------------- I agree with this, though I don't think (including the above) that it poses a security risk. This is an extremely simple expression of the idea that an application needs "central" validation logic which is used everywhere.. the complex version is... entities! 9. Target Functions --------------------- I don't think there is a good place for eval() in a well written application. It is of course a security risk, unless you're _really_ sure of the content of the string you are evaling. In general, executing apps "on the command line" though php is a no-no, and a security risk. Of course if you're careful about how you do it, and you do really need to do it, it's fine. 10. Protecting PHP --------------------- heheh: * = Mostly painless ** = Vaguely painful *** = Seriously hurts **** = Chinese Water Torture **** - Set register_globals off (thus, the request class :) *** - Set safe_mode on (ick, this is a pain in the ass) ** - Set display_errors off, log_errors on (Agreed, this is a part of the error handling infrastructure in bc) 11. Responsibility - Language Vs Programmer --------------------- "I contend that it is very hard to write a secure PHP application (in the default configuration of PHP), even if you try." Bullshit. You do have to think about what you are doing, but really, in most cases all you have to do is use a little common sense. Don't use global variables to set include paths, don't blindly use values from globals, etc etc. All of this stuff has to do with globals! If you solve the globals problem, everything else is no big deal. ASP's 'Request' class (*cough*, yes I know MS n' all) - is the right idea. "Web designers and other non coders end up writing PHP applications." I'm part web designer, but I get the point. Of course this is sort of like saying stupid people don't drive well and it's the car's fault :) "In its search for the ultimate functionality PHP has undermined the programmer's ability to understand the workings of their code in all situations." Again, bullshit. I think proper namespaces would be nice, but php code (even if it's spaghetti) is almost _always_ easy to read. Anyone ever try debugging complex perl? Give me a razor! :) --------- With three commands I can turn an apache install into a blaring invitation to hack. I do agree that registering globals is bad. At the same time, that's what the config is there for. _a > Hello All: > I think the article link below is useful... depending on your php > experience/knowledge > it may/not be... > But what I want to know since I haven't thoroughly perused BC's yet > morphing codebase... How does BC cope with such potential security attacks? > -WD > > <-- snip --> > With the recent code red activity it has gotten me thinking about any > vulnerabilities within phpwebsite. I ran across this article > <http://www.securereality.com.au/studyinscarlet.txt> that details some > common problems with php based scripts. It makes for some really good > reading. There is some good supporting material that breaks down specific > scripts. How much has the development team looked into fixed security > holes? > > Thanks, > Eric > <-- snip --> > > __________________________________________________ > FREE voicemail, email, and fax...all in one place. > Sign Up Now! http://www.onebox.com > > > _______________________________________________ > binarycloud-dev mailing list > bin...@li... > http://lists.sourceforge.net/lists/listinfo/binarycloud-dev > -- alex black, ceo en...@tu... the turing studio, inc. http://www.turingstudio.com vox+510.666.0074 fax+510.666.0093 |
|
From: W.D.Sumilang <wa...@on...> - 2001-08-08 20:22:18
|
Hello All: I think the article link below is useful... depending on your php experience/knowledge it may/not be... But what I want to know since I haven't thoroughly perused BC's yet morphing codebase... How does BC cope with such potential security attacks? -WD <-- snip --> With the recent code red activity it has gotten me thinking about any vulnerabilities within phpwebsite. I ran across this article <http://www.securereality.com.au/studyinscarlet.txt> that details some common problems with php based scripts. It makes for some really good reading. There is some good supporting material that breaks down specific scripts. How much has the development team looked into fixed security holes? Thanks, Eric <-- snip --> __________________________________________________ FREE voicemail, email, and fax...all in one place. Sign Up Now! http://www.onebox.com |
|
From: Andreas A. <a.a...@th...> - 2001-08-08 08:35:00
|
Hi Alex, antoher sf-commit: r2/binarycloud/base/core/Request.php |
|
From: Andreas A. <a.a...@th...> - 2001-08-07 20:54:01
|
Hi Alex, > are there any other commits I should know about? yes r2/binarycloud/user/conf/datasources.php I fixed it to work with import (global $datasources) and quotet/caseified the array keys. Andi |
|
From: Alex B. <en...@tu...> - 2001-08-07 18:44:17
|
hi all, I'm building a list of packages we need from cygwin, and I think it's complete. The download I did was 7.7MB: Autoconf Automake Bash Binutils Clear Cygwin (both packages) Diff File Fileutils Findutils Grep gZip Inetutils Less Lynx Make Perl Readline Reges Rsync Sed Sh-Utils Tar Textutils Time Unzip w32API wGet Which (Ronald, I've "pasted" this list into your WIN32 file.) Note that the above is _much_ more that binarycloud actually needs, but it's all good stuff that's nice to have around. The _full_ cygwin download is pretty serious: Postgres, CVS, etc. No wonder the whole shebang is 50M, I'm actually surprised it's that small :) _alex -- alex black, ceo en...@tu... the turing studio, inc. http://www.turingstudio.com vox+510.666.0074 fax+510.666.0093 |
5 messages has been excluded from this view by a project administrator.
