Menu
▾
▴
phpshell-devel — Discuss the development of PHP Shell
You can subscribe to this list here.
| 2006 |
Jan
(2) |
Feb
(3) |
Mar
|
Apr
(6) |
May
(5) |
Jun
|
Jul
(7) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(16) |
Jun
(11) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2010 |
Jan
(1) |
Feb
|
Mar
(2) |
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(12) |
Jul
(4) |
Aug
(5) |
Sep
|
Oct
(3) |
Nov
|
Dec
(6) |
| 2013 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2015 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
|
From: Stephen I. <ste...@gm...> - 2015-09-30 15:06:10
|
I added the following features. I would like to submit my changes.
1) windows port:
a) converted cwd to use "/"
b) added 'pwd' builtin command
2) save editor button using ajax. Use case: I am editing a file and don't
want to exit editor mode, basically want to see changes to file w/o
exiting.
3) added environment variable section in config.php, needed for hosted
systems with no login. Use case installing php reports.
config.php
[environment]
COMPOSER_HOME = "${DOCUMENT_ROOT}/tmx/composer"
Steve
|
|
From: John B. <joh...@gm...> - 2013-02-11 18:48:06
|
Hi, I made a small change (which worked), and then attempted to make it an
option, but got in trouble with an undeclared value (cannot see where
values are declared or why).
Also, I attempted to add the editor back to editor feature, but got lost in
flow, and figured big changes may have to be made to make all the input
filters in a single, malleable structure -- but not by me, because the flow
confuses me.
If I have to do it, I will start rewriting from my google docs replacement
(GDR), but in perl, because I understand those things. Is there any
assistance available before I fork?
Please write soon, John
Below:
fixing the filetoedit (or filetowrite?) works but the ini stuff was an
attempt that failed
Code:
/* Save content from 'editor' */
if (isset($_POST["filetoedit"]) && ($_POST["filetoedit"] != "")) {
$filetoedit_handle = fopen($_POST["filetoedit"], "w");
// if (($ini['settings']['no-ctl-M']) && ($no-ctl-M == true)) {
$_POST["filecontent"] = str_ireplace("\x0D", "",
$_POST["filecontent"]);
// }
fputs($filetoedit_handle, str_replace("%0D%0A", "%0D%0A",
$_POST["filecontent"]));
fclose($filetoedit_handle);
}
And keeping editing going (necessary for online development). I added the
input, but I cannot see a filter for the incoming $_POST structures of
hidden structures:
<input type="submit" value="Execute command">
<input type="submit" name="clear" value="Clear screen">
<?php } else { /* for 'editor-mode' */ ?>
<input type="hidden" name="filetoedit" id="filetoedit" value="<?php
print($filetoedit) ?>">
<input type="submit" value="Save and Exit">
<input type="submit" name="Save and Continue editing" value="Save and
Continue editing">
<input type="reset" value="Undo all Changes">
<input type="submit" value="Exit without saving"
onclick="javascript:document.getElementById('filetoedit').value='';return
true;">
|
|
From: John B. <joh...@gm...> - 2012-12-20 16:37:11
|
The "better circles" seem to prefer mercurial, which, I believe is more python-oriented, which is closer to perl. I like recursion, and PHP seemed to fail when I used it like a "find" command in many different ways, and I know that perl does it very well (will have to check windows). Php shell may ultimately be the easiest way to do posix-type work on windows. I have a google docs replacement working (with TinyMCE in a tiny php script on oddmuse) that is actually far better than the old or new google docs, and can easily be integrated with Mobwrite to prevent edit collisions. Mobwrite has a python server, and I am thinking mobwrite is where the file control should happen including document versioning and maybe google drive could be integrated for free disk space (and mercurial is the python preference). The main advantage of TinyMCE is that one can ctl-V paste from the snipping tool (on firefox), and the image is embedded into the document. On Thu, Dec 20, 2012 at 12:07 PM, Jan Kanis <jan...@ja...> wrote: > @John: Good luck building a google docs replacement. > > OT: > - I think mercurial or git are both much better than svn. I prefer > mercurial and in fact use that to interface to the sourceforge svn server. > But if git has more traction among PHP developers, as it apparently does, > that would probably be a better option. I am in favor of upgrading to > either of those, but like I said, I don't have a lot of time to put into > phpshell. > - Sourceforge also has a wiki, but it requires upgrading the project to a > new sourceforge version. It appears to be just one click. Is anyone against > me pressing the 'upgrade' button? > > > On 20 December 2012 16:03, John Bessa <joh...@gm...> wrote: > >> I had a 10 yr lapse of tech after the y2k tech crash til recently, when I >> started doing a massive documenting (social-psych) and google docs failed >> us -- so I am not familiar with SVN, GIT, etc. >> >> However, I am planning a search engine for my google docs replacement >> (GDR) which will put it on higher ground, and SHOULD be in git, or >> something, so I should get interested -- GIT seems the to be most popular. >> >> Also I am experimenting with Perl inside PHP which may be helpful for >> WIndows vs. Posix conflicts. I am formerly linux, but now support a native >> L4 w/o any linux that explores a new paradigm for both driver support and >> VM management, web servers being a kind of VM. >> >> I am not pleased w/ Wikipedia, but believe that wiki is nearly the only >> way to go if one supports a constructive web, as I do. So, I guess I am >> suggesting, that php shell go into GIT and discussion be on a wiki, >> independent or through wiki media foundation. >> >> What do you think? >> >> John >> >> >> >> On Wed, Dec 19, 2012 at 6:04 PM, Jan Kanis <jan...@ja...> wrote: >> >>> I thought the svn version has a file upload capability (but maybe it >>> needs to be enabled in the config file). A 'save and continue editing' >>> option for the editor would be a good addition, but I'm not currently >>> working a lot on phpshell, and I don't currently have time for it. >>> >>> Jan >>> >>> >> >> >> ------------------------------------------------------------------------------ >> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial >> Remotely access PCs and mobile devices and provide instant support >> Improve your efficiency, and focus on delivering more value-add services >> Discover what IT Professionals Know. Rescue delivers >> http://p.sf.net/sfu/logmein_12329d2d >> _______________________________________________ >> phpshell-devel mailing list >> php...@li... >> https://lists.sourceforge.net/lists/listinfo/phpshell-devel >> >> > > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > phpshell-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpshell-devel > > -- Photography and sculpture: http://thinan.com/john_bessa/photography Empathy and Emotional Communication http://en.wikiversity.org/wiki/Empathy_Model http://johnbessa.com/empathy Technology and Education: http://thinman.com |
|
From: Jan K. <jan...@ja...> - 2012-12-20 16:07:48
|
@John: Good luck building a google docs replacement. OT: - I think mercurial or git are both much better than svn. I prefer mercurial and in fact use that to interface to the sourceforge svn server. But if git has more traction among PHP developers, as it apparently does, that would probably be a better option. I am in favor of upgrading to either of those, but like I said, I don't have a lot of time to put into phpshell. - Sourceforge also has a wiki, but it requires upgrading the project to a new sourceforge version. It appears to be just one click. Is anyone against me pressing the 'upgrade' button? On 20 December 2012 16:03, John Bessa <joh...@gm...> wrote: > I had a 10 yr lapse of tech after the y2k tech crash til recently, when I > started doing a massive documenting (social-psych) and google docs failed > us -- so I am not familiar with SVN, GIT, etc. > > However, I am planning a search engine for my google docs replacement > (GDR) which will put it on higher ground, and SHOULD be in git, or > something, so I should get interested -- GIT seems the to be most popular. > > Also I am experimenting with Perl inside PHP which may be helpful for > WIndows vs. Posix conflicts. I am formerly linux, but now support a native > L4 w/o any linux that explores a new paradigm for both driver support and > VM management, web servers being a kind of VM. > > I am not pleased w/ Wikipedia, but believe that wiki is nearly the only > way to go if one supports a constructive web, as I do. So, I guess I am > suggesting, that php shell go into GIT and discussion be on a wiki, > independent or through wiki media foundation. > > What do you think? > > John > > > > On Wed, Dec 19, 2012 at 6:04 PM, Jan Kanis <jan...@ja...> wrote: > >> I thought the svn version has a file upload capability (but maybe it >> needs to be enabled in the config file). A 'save and continue editing' >> option for the editor would be a good addition, but I'm not currently >> working a lot on phpshell, and I don't currently have time for it. >> >> Jan >> >> > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > phpshell-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpshell-devel > > |
|
From: John B. <joh...@gm...> - 2012-12-20 15:03:23
|
I had a 10 yr lapse of tech after the y2k tech crash til recently, when I started doing a massive documenting (social-psych) and google docs failed us -- so I am not familiar with SVN, GIT, etc. However, I am planning a search engine for my google docs replacement (GDR) which will put it on higher ground, and SHOULD be in git, or something, so I should get interested -- GIT seems the to be most popular. Also I am experimenting with Perl inside PHP which may be helpful for WIndows vs. Posix conflicts. I am formerly linux, but now support a native L4 w/o any linux that explores a new paradigm for both driver support and VM management, web servers being a kind of VM. I am not pleased w/ Wikipedia, but believe that wiki is nearly the only way to go if one supports a constructive web, as I do. So, I guess I am suggesting, that php shell go into GIT and discussion be on a wiki, independent or through wiki media foundation. What do you think? John On Wed, Dec 19, 2012 at 6:04 PM, Jan Kanis <jan...@ja...> wrote: > I thought the svn version has a file upload capability (but maybe it needs > to be enabled in the config file). A 'save and continue editing' option for > the editor would be a good addition, but I'm not currently working a lot on > phpshell, and I don't currently have time for it. > > Jan > > |
|
From: Wolfgang D. <da...@oe...> - 2012-12-19 23:40:37
|
Am 19.12.2012 23:04, schrieb Jan Kanis: > I thought the svn version has a file upload capability (but maybe it > needs to be enabled in the config file). A file-upload feature is already in release 2.4 (it is currently disabled by default (because I was not really satisfied with the user-interface, when I implemented it), you can enable it with the option "file-upload = true" in config.php). And - thank you, Jan - the handling of the "cd" command is much better in current SVN version (so the wildcard-issue is solved there). I should make a release soon. I hope I can do it after Xmas. Best regards, Wolfgang |
|
From: Jan K. <jan...@ja...> - 2012-12-19 22:36:18
|
I thought the svn version has a file upload capability (but maybe it needs to be enabled in the config file). A 'save and continue editing' option for the editor would be a good addition, but I'm not currently working a lot on phpshell, and I don't currently have time for it. Jan On 19 December 2012 21:45, John Bessa <joh...@gm...> wrote: > Hi Jan, > > It would be helpful if the editor built-in would have a forth submit > option, which is to update and reopen the editor rather than existing, as > another edit is forever to follow. > > Another convince feature would be a built in file upload, though I cannot > imagine how that would be implemented. > > I am using PHP-SHELL exclusively now because SSH now that I have it is > unusable, too slow. As all I have is windows at home, and my new project > Google Docs Replacement, (GDR) in PHP has to be debugged using a remote > linux webserver. The code is small enough to be on my tech blog thingy: > http://www.oddmuse.org/cgi-bin/oddmuse/John_Bessa > > Ta, John > > > > > > > > On Thu, Oct 4, 2012 at 4:57 AM, Jan Kanis <jan...@ja...> wrote: > >> Yes, that is known behaviour. In v2.4, cd commands are not actually >> executed by the shell, but by php itself using the chdir() function, >> so it does not do wildcard expansion. But in SVN trunk 'cd' handling >> works very differently, and it should do wildcard expansion. >> >> Jan >> >> >> On Thu, Oct 4, 2012 at 12:21 AM, John Bessa <joh...@gm...> wrote: >> > Hello all, ere is the output (just installed v 2.4): >> > >> > $ echo php*l >> > phpshell >> > $ ls php*l >> > AUTHORS ChangeLog README config.php phpshell.ico pwhash.php* >> > COPYING INSTALL SECURITY ls.php* phpshell.php style.css >> > $ cd php*l >> > chdir() [<a href='function.chdir'>function.chdir</a>]: No such file or >> > directory (errno 2) >> > cd: could not change to: /home/content/j/o/h/johnvan/html/adm/php*l >> > >> > HTH, John >> > >> > >> ------------------------------------------------------------------------------ >> > Don't let slow site performance ruin your business. Deploy New Relic APM >> > Deploy New Relic app performance management and know exactly >> > what is happening inside your Ruby, Python, PHP, Java, and .NET app >> > Try New Relic at no cost today and get our sweet Data Nerd shirt too! >> > http://p.sf.net/sfu/newrelic-dev2dev >> > _______________________________________________ >> > phpshell-devel mailing list >> > php...@li... >> > https://lists.sourceforge.net/lists/listinfo/phpshell-devel >> > >> >> >> ------------------------------------------------------------------------------ >> Don't let slow site performance ruin your business. Deploy New Relic APM >> Deploy New Relic app performance management and know exactly >> what is happening inside your Ruby, Python, PHP, Java, and .NET app >> Try New Relic at no cost today and get our sweet Data Nerd shirt too! >> http://p.sf.net/sfu/newrelic-dev2dev >> _______________________________________________ >> phpshell-devel mailing list >> php...@li... >> https://lists.sourceforge.net/lists/listinfo/phpshell-devel >> > > > > -- > Photography and sculpture: > http://thinan.com/john_bessa/photography > > Empathy and Emotional Communication > http://en.wikiversity.org/wiki/Empathy_Model > http://johnbessa.com/empathy > > Technology and Education: > http://thinman.com > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > phpshell-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpshell-devel > > |
|
From: John B. <joh...@gm...> - 2012-12-19 20:45:19
|
Hi Jan, It would be helpful if the editor built-in would have a forth submit option, which is to update and reopen the editor rather than existing, as another edit is forever to follow. Another convince feature would be a built in file upload, though I cannot imagine how that would be implemented. I am using PHP-SHELL exclusively now because SSH now that I have it is unusable, too slow. As all I have is windows at home, and my new project Google Docs Replacement, (GDR) in PHP has to be debugged using a remote linux webserver. The code is small enough to be on my tech blog thingy: http://www.oddmuse.org/cgi-bin/oddmuse/John_Bessa Ta, John On Thu, Oct 4, 2012 at 4:57 AM, Jan Kanis <jan...@ja...> wrote: > Yes, that is known behaviour. In v2.4, cd commands are not actually > executed by the shell, but by php itself using the chdir() function, > so it does not do wildcard expansion. But in SVN trunk 'cd' handling > works very differently, and it should do wildcard expansion. > > Jan > > > On Thu, Oct 4, 2012 at 12:21 AM, John Bessa <joh...@gm...> wrote: > > Hello all, ere is the output (just installed v 2.4): > > > > $ echo php*l > > phpshell > > $ ls php*l > > AUTHORS ChangeLog README config.php phpshell.ico pwhash.php* > > COPYING INSTALL SECURITY ls.php* phpshell.php style.css > > $ cd php*l > > chdir() [<a href='function.chdir'>function.chdir</a>]: No such file or > > directory (errno 2) > > cd: could not change to: /home/content/j/o/h/johnvan/html/adm/php*l > > > > HTH, John > > > > > ------------------------------------------------------------------------------ > > Don't let slow site performance ruin your business. Deploy New Relic APM > > Deploy New Relic app performance management and know exactly > > what is happening inside your Ruby, Python, PHP, Java, and .NET app > > Try New Relic at no cost today and get our sweet Data Nerd shirt too! > > http://p.sf.net/sfu/newrelic-dev2dev > > _______________________________________________ > > phpshell-devel mailing list > > php...@li... > > https://lists.sourceforge.net/lists/listinfo/phpshell-devel > > > > > ------------------------------------------------------------------------------ > Don't let slow site performance ruin your business. Deploy New Relic APM > Deploy New Relic app performance management and know exactly > what is happening inside your Ruby, Python, PHP, Java, and .NET app > Try New Relic at no cost today and get our sweet Data Nerd shirt too! > http://p.sf.net/sfu/newrelic-dev2dev > _______________________________________________ > phpshell-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpshell-devel > -- Photography and sculpture: http://thinan.com/john_bessa/photography Empathy and Emotional Communication http://en.wikiversity.org/wiki/Empathy_Model http://johnbessa.com/empathy Technology and Education: http://thinman.com |
|
From: John B. <joh...@gm...> - 2012-10-04 13:57:32
|
Thanks, minor issue--mostly wanted to show you that I am giving it a good "workout" ;) I am writing a lot about this "family" of serious web apps as with the email conversations we had a while before. The big picture for me is "wiki" because, well, wiki is the big construction that object-orients all known information, which includes this, of course. Downside is that I stopped programming in the mid-2000s. It was making me depressed as I had no job, but, on the other hand, was making huge amounts (and getting genuine appreciation) as a long-haul US truck driver. Downside was that the trucking bosses had brains the size of walnuts... Ultimately chose teaching and therapy--which I am about to finish learning and start practicing. Thing is, I think I can implement this "family" of programming officially, rather than through clubs. For one thing, it teaches collaboration and increases mental activity in important brain parts. Cheers, John On Thu, Oct 4, 2012 at 5:57 AM, Jan Kanis <jan...@ja...> wrote: > Yes, that is known behaviour. In v2.4, cd commands are not actually > executed by the shell, but by php itself using the chdir() function, > so it does not do wildcard expansion. But in SVN trunk 'cd' handling > works very differently, and it should do wildcard expansion. > > Jan > > > On Thu, Oct 4, 2012 at 12:21 AM, John Bessa <joh...@gm...> wrote: > > Hello all, ere is the output (just installed v 2.4): > > > > $ echo php*l > > phpshell > > $ ls php*l > > AUTHORS ChangeLog README config.php phpshell.ico pwhash.php* > > COPYING INSTALL SECURITY ls.php* phpshell.php style.css > > $ cd php*l > > chdir() [<a href='function.chdir'>function.chdir</a>]: No such file or > > directory (errno 2) > > cd: could not change to: /home/content/j/o/h/johnvan/html/adm/php*l > > > > HTH, John > > > > > ------------------------------------------------------------------------------ > > Don't let slow site performance ruin your business. Deploy New Relic APM > > Deploy New Relic app performance management and know exactly > > what is happening inside your Ruby, Python, PHP, Java, and .NET app > > Try New Relic at no cost today and get our sweet Data Nerd shirt too! > > http://p.sf.net/sfu/newrelic-dev2dev > > _______________________________________________ > > phpshell-devel mailing list > > php...@li... > > https://lists.sourceforge.net/lists/listinfo/phpshell-devel > > > > > ------------------------------------------------------------------------------ > Don't let slow site performance ruin your business. Deploy New Relic APM > Deploy New Relic app performance management and know exactly > what is happening inside your Ruby, Python, PHP, Java, and .NET app > Try New Relic at no cost today and get our sweet Data Nerd shirt too! > http://p.sf.net/sfu/newrelic-dev2dev > _______________________________________________ > phpshell-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpshell-devel > -- Photography and sculpture: http://thinan.com/john_bessa/photography Empathy and Emotional Communication http://en.wikiversity.org/wiki/Empathy_Model http://johnbessa.com/empathy Technology and Education: http://thinman.com |
|
From: Jan K. <jan...@ja...> - 2012-10-04 08:58:02
|
Yes, that is known behaviour. In v2.4, cd commands are not actually executed by the shell, but by php itself using the chdir() function, so it does not do wildcard expansion. But in SVN trunk 'cd' handling works very differently, and it should do wildcard expansion. Jan On Thu, Oct 4, 2012 at 12:21 AM, John Bessa <joh...@gm...> wrote: > Hello all, ere is the output (just installed v 2.4): > > $ echo php*l > phpshell > $ ls php*l > AUTHORS ChangeLog README config.php phpshell.ico pwhash.php* > COPYING INSTALL SECURITY ls.php* phpshell.php style.css > $ cd php*l > chdir() [<a href='function.chdir'>function.chdir</a>]: No such file or > directory (errno 2) > cd: could not change to: /home/content/j/o/h/johnvan/html/adm/php*l > > HTH, John > > ------------------------------------------------------------------------------ > Don't let slow site performance ruin your business. Deploy New Relic APM > Deploy New Relic app performance management and know exactly > what is happening inside your Ruby, Python, PHP, Java, and .NET app > Try New Relic at no cost today and get our sweet Data Nerd shirt too! > http://p.sf.net/sfu/newrelic-dev2dev > _______________________________________________ > phpshell-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpshell-devel > |
|
From: John B. <joh...@gm...> - 2012-10-03 22:21:47
|
Hello all, ere is the output (just installed v 2.4): $ echo php*l phpshell $ ls php*l AUTHORS ChangeLog README config.php phpshell.ico pwhash.php* COPYING INSTALL SECURITY ls.php* phpshell.php style.css $ cd php*l chdir() [<a href='function.chdir'>function.chdir</a>]: No such file or directory (errno 2) cd: could not change to: /home/content/j/o/h/johnvan/html/adm/php*l HTH, John |
|
From: Jan K. <jan...@ja...> - 2012-08-29 14:25:52
|
On Wed, Aug 29, 2012 at 9:57 AM, Jimmy Hermansson
<ji...@ha...> wrote:
> Hi Jan!
>
> Glad you liked it and had the time to read the code. Here are some comments
> on your comments :-)
>
>
> Jan wrote:
> ...
> Jan wrote:
>
> "Reading a bit about windows encoding stuff, I discovered that it may
> be possible to remove all the CP850 handling altogether. The command
> "chcp 65001" switches the cmd.exe interpreter to use utf-8 instead of
> cp850. So would it be possible to execute "chcp 65001 > nul" as the
> first command every time a subprocess is invoked, and not needing that
> part of the conversion anymore? (Encoding will still be needed for
> calls to php filesystem functions)."
>
> This is not entirely true, actually, if you type that and try to list
> (commando dir) folders with strange UTF-8 characters in them the dir
> commando stops and fails.
> I will try to get around the CP850 but I did put a lot of time into
> researching how Windows cmd handles encodings.
Hmm, I did some testing today on a virtual winXP+apache+php. It sucks.
After attempting to change to cp 65001 any further commands are not
executed at all. Single byte codepages work fine. If you think the
current solution works best then so be it. There may be some other
possibilities with cmd.exe's /U switch, but that probably won't be
easy either (if it works at all).
> Jan wrote:
> "What is 'OBS!' that you use several times in comments?"
>
> Leftover notes I wrote while coding/researching. Most of them can be removed
> but I think I used some to explain why I wrote the code as I did. For
> example the
> bug under windows with the deadlock and such.
>
>
> Jan wrote:
> "- On phpshell.php:135 you try to work around a possible deadlock bug
> by using different code to read the file descriptors on windows.
> However, I'm quite sure that this code can deadlock as well (assuming
> non buggy php behaviour). Try executing the foillowing php program as
> a subprocess:"
>
> Yes I know this CAN deadlock but since the other code ALWAYS deadlocks this
> was an alternative until the fixed PHP. I tried to read one line each from
> the pipes but that also deadlocked. This was the only thing I could get some
> results from.
Ah, then I misread your comment of "However, the old code seem to work
good (in all cases I've tried) but I know it _MIGHT_ casuse
deadlock!". I tried it, and I can confirm that your code works better
than the *nix code for windows.
> Jan wrote:
> ....
> Jan wrote:
> "- It's probably more readable to replace the dozen print statements on
> line phpshell.php:1346 by going to html mode."
>
> Here is where I don't agree. The switching back and forth is a horror in my
> opinion. with this I can easy comment out stuff and use correct indent.
We'll agree to disagree then. And it's not like the current code is
formatted very strictly.
> Jan wrote:
> "- I noticed you created a substr_unicode function, however it is not
> used anywhere."
>
> It was used before and I left it as a good utility for later. I guess it can
> be removed.
>
>
> Jan wrote:
> "- Just a note: the code in your zipfile appears to have old versions
> of some of the documentation files."
>
> The zip file was just a way to send you the code. The other files are not up
> to date no. :-)
>
> / Jimmy
And I think you have svn access now right? Then I won't do any commits
for you. If you don't want to commit to the main repo yet, you could
also consider creating a branch while you're still working on it. That
way it would be easier for me and others to see your code, and make
fixes to it.
Also, I prefer having these kinds of mails on the mailing list so
others can find why certain choices were made.
keep up the good work,
Jan
> -----Original Message----- From: Jan Kanis
> Sent: Friday, August 24, 2012 9:14 AM
> To: ji...@ha... ; phpshell-devel
> Subject: Re: PHP shell 2.4.1
>
>
> Hi Harding,
>
> Great to see what you did and that the subprocess approach can
> actually be used on windows as well. Too bad of all the necessary
> encoding stuff.
>
> I had a look through most of the code (though I didn't test it). Here
> are a number of things I noticed.
>
> First of all regarding the encoding conversions. In the code, all the
> additional encoding conversions are making the code more hairy. More
> code goes with having more features, but I have the feeling that all
> the encoding stuff could be done in less lines.
>
> You have a lot of instances of code like
>
> $foo = getfoo();
> if ($server_is_windows)
> $foo = mb_convert_encoding($foo,
> $_SESSION['env']['windows-encoding'], "UTF-8");
>
> I think some lines of code (and complexity) can be saved by defining a
> function tonative and the analogous fromnative like so:
>
> function tonative($str) {
> global $server_is_windows;
> if($server_is_windows)
> return mb_convert_encoding($str,
> $_SESSION['env']['windows-encoding'], "UTF-8");
> return $str;
> }
>
> then every instance of the previous pattern can be replaced with just
>
> $foo = tonative(getfoo());
>
> Reading a bit about windows encoding stuff, I discovered that it may
> be possible to remove all the CP850 handling altogether. The command
> "chcp 65001" switches the cmd.exe interpreter to use utf-8 instead of
> cp850. So would it be possible to execute "chcp 65001 > nul" as the
> first command every time a subprocess is invoked, and not needing that
> part of the conversion anymore? (Encoding will still be needed for
> calls to php filesystem functions).
>
>
> Some other things I noticed:
>
> - What is 'OBS!' that you use several times in comments?
>
> - On phpshell.php:135 you try to work around a possible deadlock bug
> by using different code to read the file descriptors on windows.
> However, I'm quite sure that this code can deadlock as well (assuming
> non buggy php behaviour). Try executing the foillowing php program as
> a subprocess:
>
> $data = str_repeat("a", 10000);
> fwrite(STDOUT, "Starting subprocess");
> fwrite(STDERR, $data);
> fwrite(STDOUT, "Finished");
> exit(0);
>
> I think this will deadlock trying to write all the data to stderr,
> while phpshell is stuck in an infinite loop on line 138 trying to read
> more data from the subprocesses stdout. The regular solution for that
> would be something like the *nix code, but I don't know when the 51800
> bug will bite or not.
>
>
> - The encoding detection code is probably better refactored into it's
> own function, so the exec_command code flow doesn't get unnecessary
> complicated. (If it is needed at all)
>
> - You don't always htmlescape stuff you output, e.g. at line
> phpshell:1304. If you use htmlescape you also don't need the
> str_replace('"', '"', $dir) anymore.
>
> - Good to have secure randomness on Windows. But I think your
> implementation has a problem: you hash the returned random string, but
> after that hashing it always has the same length instead of the
> requested length.
>
> - I think the unregister_GLOBALS function should be moved with the
> other function definitions, instead of defining it in the middle of a
> block of imperative code.
>
> - regarding the comment on line phpshell.php:991: The reason to do
> things through subprocesses instead of using the php functions is to
> work around possible OPEN_BASEDIR restrictions. So using the old code
> for windows is fine.
>
> - It's probably more readable to replace the dozen print statements on
> line phpshell.php:1346 by going to html mode.
>
> - I noticed you created a substr_unicode function, however it is not
> used anywhere.
>
> - Just a note: the code in your zipfile appears to have old versions
> of some of the documentation files.
>
> Anyway, good job so far.
>
>
> Jan
>
>
> On Tue, Aug 21, 2012 at 7:26 PM, Harding <no...@so...> wrote:
>>
>> Jan wrote: I\'m also interested in how you got windows
>> compatibility working. Are
>> you sure your changes are based on the latest svn version
>> and not on
>> the released version? There are quite a few changes in svn
>> which I
>> thought could not be made windows compatible, but maybe I\'m
>> wrong. So is your code somewhere available online?
>>
>> Harding: Yes I checked out the new code from the SVN and
>> continued from that base. I had to solve some parts \"ugly\"
>> for the windows version due to some bugs in PHP for windows
>> :-( (https://bugs.php.net/bug.php?id=51800) But most of the
>> code is the same with some encoding magic due to Windows
>> specific encoding depending on your location in the world. I
>> have made quite some changes to the core code, UI and the
>> config and I hope you got time to read it.
>>
>> You can find the code at
>> http://hardingonline.se/phpshell_2.4.1.zip
>>
>> I would love to hear what you think about it :-)
>>
>> --
>> This message was sent to your SourceForge.net email alias via the web mail
>> form. You may reply to this message via
>> https://sourceforge.net/sendmessage.php?touser=3934724
>> To update your email alias preferences, please visit
>> https://sourceforge.net/account
>
>
|
|
From: Jan K. <jan...@ja...> - 2012-08-24 07:14:56
|
Hi Harding,
Great to see what you did and that the subprocess approach can
actually be used on windows as well. Too bad of all the necessary
encoding stuff.
I had a look through most of the code (though I didn't test it). Here
are a number of things I noticed.
First of all regarding the encoding conversions. In the code, all the
additional encoding conversions are making the code more hairy. More
code goes with having more features, but I have the feeling that all
the encoding stuff could be done in less lines.
You have a lot of instances of code like
$foo = getfoo();
if ($server_is_windows)
$foo = mb_convert_encoding($foo,
$_SESSION['env']['windows-encoding'], "UTF-8");
I think some lines of code (and complexity) can be saved by defining a
function tonative and the analogous fromnative like so:
function tonative($str) {
global $server_is_windows;
if($server_is_windows)
return mb_convert_encoding($str,
$_SESSION['env']['windows-encoding'], "UTF-8");
return $str;
}
then every instance of the previous pattern can be replaced with just
$foo = tonative(getfoo());
Reading a bit about windows encoding stuff, I discovered that it may
be possible to remove all the CP850 handling altogether. The command
"chcp 65001" switches the cmd.exe interpreter to use utf-8 instead of
cp850. So would it be possible to execute "chcp 65001 > nul" as the
first command every time a subprocess is invoked, and not needing that
part of the conversion anymore? (Encoding will still be needed for
calls to php filesystem functions).
Some other things I noticed:
- What is 'OBS!' that you use several times in comments?
- On phpshell.php:135 you try to work around a possible deadlock bug
by using different code to read the file descriptors on windows.
However, I'm quite sure that this code can deadlock as well (assuming
non buggy php behaviour). Try executing the foillowing php program as
a subprocess:
$data = str_repeat("a", 10000);
fwrite(STDOUT, "Starting subprocess");
fwrite(STDERR, $data);
fwrite(STDOUT, "Finished");
exit(0);
I think this will deadlock trying to write all the data to stderr,
while phpshell is stuck in an infinite loop on line 138 trying to read
more data from the subprocesses stdout. The regular solution for that
would be something like the *nix code, but I don't know when the 51800
bug will bite or not.
- The encoding detection code is probably better refactored into it's
own function, so the exec_command code flow doesn't get unnecessary
complicated. (If it is needed at all)
- You don't always htmlescape stuff you output, e.g. at line
phpshell:1304. If you use htmlescape you also don't need the
str_replace('"', '"', $dir) anymore.
- Good to have secure randomness on Windows. But I think your
implementation has a problem: you hash the returned random string, but
after that hashing it always has the same length instead of the
requested length.
- I think the unregister_GLOBALS function should be moved with the
other function definitions, instead of defining it in the middle of a
block of imperative code.
- regarding the comment on line phpshell.php:991: The reason to do
things through subprocesses instead of using the php functions is to
work around possible OPEN_BASEDIR restrictions. So using the old code
for windows is fine.
- It's probably more readable to replace the dozen print statements on
line phpshell.php:1346 by going to html mode.
- I noticed you created a substr_unicode function, however it is not
used anywhere.
- Just a note: the code in your zipfile appears to have old versions
of some of the documentation files.
Anyway, good job so far.
Jan
On Tue, Aug 21, 2012 at 7:26 PM, Harding <no...@so...> wrote:
> Jan wrote: I\'m also interested in how you got windows
> compatibility working. Are
> you sure your changes are based on the latest svn version
> and not on
> the released version? There are quite a few changes in svn
> which I
> thought could not be made windows compatible, but maybe I\'m
> wrong. So is your code somewhere available online?
>
> Harding: Yes I checked out the new code from the SVN and
> continued from that base. I had to solve some parts \"ugly\"
> for the windows version due to some bugs in PHP for windows
> :-( (https://bugs.php.net/bug.php?id=51800) But most of the
> code is the same with some encoding magic due to Windows
> specific encoding depending on your location in the world. I
> have made quite some changes to the core code, UI and the
> config and I hope you got time to read it.
>
> You can find the code at
> http://hardingonline.se/phpshell_2.4.1.zip
>
> I would love to hear what you think about it :-)
>
> --
> This message was sent to your SourceForge.net email alias via the web mail form. You may reply to this message via https://sourceforge.net/sendmessage.php?touser=3934724
> To update your email alias preferences, please visit https://sourceforge.net/account
|
|
From: Jan K. <jan...@ja...> - 2012-08-21 22:06:55
|
On Tue, Aug 21, 2012 at 11:14 PM, Wolfgang Dautermann <da...@oe...> wrote: > He already have SVN commit permissions - perhaps Martin Geisler has > added these permissions. Martin added them yesterday. |
|
From: Wolfgang D. <da...@oe...> - 2012-08-21 21:39:25
|
Am 21.08.2012 16:13, schrieb Jan Kanis: > Hi Harding, Hi! Welcome to the Phpshell-team! > I had not responded yet due to vacation. I'm also not sure if > someone else has already answered you (or if you even sent this > message to other people as well). No, I got no mail... > I don't have admin rights, so I can't give you commit access. He already have SVN commit permissions - perhaps Martin Geisler has added these permissions. Best regards from austria, Wolfgang (I will be on vacation from tomorrow, sorry, if I do not answer mail immediately) |
|
From: Jan K. <jan...@ja...> - 2012-08-21 14:36:10
|
Hi Harding, I had not responded yet due to vacation. I'm also not sure if someone else has already answered you (or if you even sent this message to other people as well). I don't have admin rights, so I can't give you commit access. For that you will need to contact Wolfgang Dautermann. But I can commit myself, so I could commit your changes for you if you want to. I'm also interested in how you got windows compatibility working. Are you sure your changes are based on the latest svn version and not on the released version? There are quite a few changes in svn which I thought could not be made windows compatible, but maybe I'm wrong. So is your code somewhere available online? Jan On Fri, Aug 3, 2012 at 7:15 PM, Harding <no...@so...> wrote: > Hi! > > I found PHP Shell the other day and liked it very much but I > started to make some changes to the code and now I realized > it\'s quite much and when I tried to commit them via SVN I > couldn\'t (cause I\'m not on this team I guess) > > Here is what I tried to post in the update: > Major changes: > + Added Windows support! This however will break the > backwards compatibility (but only if you are on windows!) > since we need to use mb_convert_encoding() > / *nix users should not notice any difference. > + Added tab-completion (both *nix and windows) with the help > of AJAX in jQuery > / Changed the layout to be less bloaty. All info is still > there but a little more compact > / Made the command input width = the width of the browser > / Moved some functions to the file include.php since I need > those functions in the tab-completion file > (autocomplete_filename.php) > / Emulates register_globals = OFF if it\'s on. > + Added settings for cols, rows and windows-encoding to the > config > > File details: > + Added config.php -> cols and rows for number of a user set > number of columns and rows > + Added config.php -> windows encoding for windows servers > + Added PasswordHash.php -> Better entropy source for > windows users > / style.css -> Changed some minor stuff since special > non-ASCII chars where not rendered properly. To be more > specific the Swedish characters å ä ö > > -- > This message was sent to your SourceForge.net email alias via the web mail form. You may reply to this message via https://sourceforge.net/sendmessage.php?touser=3934724 > To update your email alias preferences, please visit https://sourceforge.net/account |
|
From: Jan K. <jan...@ja...> - 2012-07-10 11:38:59
|
On Tue, Jul 10, 2012 at 8:58 AM, Wolfgang Dautermann < da...@oe...> wrote: > Am 09.07.2012 22:39, schrieb Jan Kanis: > > Wolfgang, > > > > I saw you used phpcs on the code. > > And concerning the subject - the tool I use is called "PHP_CodeSniffer" > (http://pear.php.net/package/PHP_CodeSniffer/) > I saw the typo just after I had clicked 'send' :) > Best regards, Wolfgang > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > phpshell-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpshell-devel > |
|
From: Wolfgang D. <da...@oe...> - 2012-07-10 06:58:59
|
Am 09.07.2012 22:39, schrieb Jan Kanis: > Wolfgang, > > I saw you used phpcs on the code. And concerning the subject - the tool I use is called "PHP_CodeSniffer" (http://pear.php.net/package/PHP_CodeSniffer/) Best regards, Wolfgang |
|
From: Wolfgang D. <da...@oe...> - 2012-07-10 06:50:11
|
Am 09.07.2012 22:39, schrieb Jan Kanis: > Wolfgang, > > I saw you used phpcs on the code. I'm not familiar with that tool, > but I gave it a try, but what profile (if any) are you using? Hi Jan, I use no special profile. Just "phpcs phpshell.php" (or another php file). I use it just to get some ideas/suggestions how to structure the code (so that control-structures look consistent) or what should be ommited (because it's deprecated, etc.) - no 'strict enforcement' of all rules... ;-) Bye, Wolfgang P.S. Thank you for your contributions. The idea with "pwd >&9" to get the current working directory is great - I thought about adding a ";pwd" at the end, but did not know how to be sure, where the output of the command ends and where the output of pwd starts. I have to look at the further code-improvements soon. |
|
From: Jan K. <jan...@ja...> - 2012-07-09 20:46:33
|
Wolfgang, I saw you used phpcs on the code. I'm not familiar with that tool, but I gave it a try, but what profile (if any) are you using? Jan |
|
From: Jan K. <jan...@ja...> - 2012-06-29 14:54:36
|
Since nobody has responded to my previous mail I have taken the liberty to merge my branch into trunk. There are quite a few changes compared to trunk, so anyone looking at the code may have to get used to the differences. Jan On Tue, Jun 26, 2012 at 1:29 AM, Jan Kanis <jan...@ja...> wrote: > I have some changes (currently in my branch 'jan') that will break > phpshell's compatibility with windows servers (if it ever had any, I've > never tested it). The reason is that with these changes phpshell avoids > open_basedir restrictions, and there are some other minor features as well. > > So, is there anyone who runs phpshell on a windows server, or who cares > about compatibility? If so, I'll need to make the new behaviour optional. > Please let me know. > > Jan > |
|
From: Jan K. <jan...@ja...> - 2012-06-25 23:36:20
|
I have some changes (currently in my branch 'jan') that will break phpshell's compatibility with windows servers (if it ever had any, I've never tested it). The reason is that with these changes phpshell avoids open_basedir restrictions, and there are some other minor features as well. So, is there anyone who runs phpshell on a windows server, or who cares about compatibility? If so, I'll need to make the new behaviour optional. Please let me know. Jan |
|
From: Jan K. <jan...@ja...> - 2012-06-18 13:51:10
|
The problem that phpass solves is not specifically a weakness in md5, but that all cryptographic hashes are insecure to store passwords by themselves. Computers are getting faster and especially with GPUs and FPGAs brute forcing password hashes is getting faster and faster. The solution is to use a slower hash function, or using a standard hash function but applying it 10000 times instead of once. The slowdown from (say) 10 microseconds to 10 milliseconds is insignificant for logging in, but slows down brute force cracking of a stolen hash by 1000 times. But see the article at http://www.openwall.com/articles/PHP-Users-Passwords for a more complete explanation. Phpass checks which cryptographic functions are available, first trying bcrypt (a.k.a. CRYPT_BLOWFISH in php), then CRYPT_EXT_DES, and falls back to applying md5 a few thousand times. Both crypt_blowfish and crypt_ext_des are specialized password hash functions that use a configurable number of rounds of an underlying cryptographic hash. On Fri, Jun 15, 2012 at 6:51 PM, Wolfgang Dautermann < da...@oe...> wrote: > > > Am 13.06.2012 22:37, schrieb Jan Kanis: > > Thanks! I'll have a look at what the admin side of sourceforge > > brings. > > > > Regarding password storage, the problem is that /password/ hashing > > should be (relatively) slow, to prevent brute force searches on ever > > faster hardware. I want to use phpass > > <http://www.openwall.com/phpass/> for that, > > I did a quick look on the code - does it use a more secure hash than > md5()? I think, there is my solution (if function_exists(sha1), use it) > better. > > (I am going to a bike tour tomorrow and will be offline for some days...) > > > I also intend to keep everything php4 compatible, when I first > > started using phpshell I also needed that. > > Ok. > Best regards, Wolfgang > > |
|
From: Jan K. <jan...@ja...> - 2012-06-13 20:38:00
|
Thanks! I'll have a look at what the admin side of sourceforge brings. Regarding password storage, the problem is that /password/ hashing should be (relatively) slow, to prevent brute force searches on ever faster hardware. I want to use phpass <http://www.openwall.com/phpass/> for that, which is also used by Drupal, Wordpress, phpBB and other projects. It supports even php version 3, using stronger hashes when available. See this<http://www.openwall.com/articles/PHP-Users-Passwords>for more explanation. I also intend to keep everything php4 compatible, when I first started using phpshell I also needed that. On Wed, Jun 13, 2012 at 9:20 PM, Wolfgang Dautermann < da...@oe...> wrote: > > > Am 13.06.2012 09:46, schrieb Jan Kanis: > > Hi Wolfgang, > > > > SVN access would be easiest for me. > > Hi Jan! > You are now a member of the project with SVN access. > > Welcome to the team. > > > I currently just intend to add the changes I already made to the > > official repo and I'll probably add a better password hashing since > > just SHA is not considered secure anymore for password storage. > > Hm. Concerning password hashing - I believe sha1() *with salt* should be > okay. There is no (native) sha2() function in PHP - yes you have the > hash()-function, but there are recent PHP versions (>= 5.1.2) required. > And I think a self-coded sha2()-function (in PHP) might be more insecure > than (salted) sha1(). > > Even for the move from md5() to sha1() I checked, if sha1() is > available, because it is only present in PHP >= 4.3.0: > > if ( function_exists('sha1') ) { > $fkt = 'sha1' ; > } else { > $fkt = 'md5' ; > } ; > > Would be fine, if phpshell works even with older PHP versions (because > that is my use-case. I need it sometimes on a server with PHP 4.3.1 (no, > I am not the admin there...), to remove some files created by apache, ...) > > Best regards from Austria, > Wolfgang > |
|
From: Jan K. <jan...@ja...> - 2012-06-13 07:59:50
|
I don't get exactly what you intend to communicate in this mail, but converting phpshell to a different language would not be a good idea. I use phpshell for crappy webhosts that don't provide normal ssh access (or do it very poorly). These webhosts often have just php available and no other scripting languages. As far as I know just about all python/ruby webhosts also provide ssh, so just use that then. If you want to access a shell through a webbrowser where you can run your own programs, have a look at Shell in a Box. On Tue, Jun 12, 2012 at 5:31 PM, John Bessa <joh...@gm...> wrote: > Hi all, It is nice to have all this attention (all of a sudden) > > In fairness to Perl and Shell(s), they are very good in their contexts > which is low level control of the OS. Perl was first to be a Web > server, but that was 17 yrs ago, and 12 yrs ago it was basically > "killed" by the tech crash of 2000, and also the terror event on Sept > 11, 2001 at the World Trade Center, as influential NYC CPU community > was meeting in those very buildings and thriving because of financial > technology. > > The history of Perl is a long topic far beyond the scope of this > group, but suffice to say it halted on a certain date with all its > projects becoming sad shipwrecks on the beaches of the information > sea. There were unquestionably maladaptive issues along (such as > continual violent flaming sometimes manifested as physical threats) > that may have added to its demise by allowing, well, mental illness to > control the basic design. I actually heard Larry Walls say a certain > concept should be inserted by saying it "is sick." Telling indeed! > > Having said that, I am planning to deconstruct the Oddmuse wiki, which > is written in perl, to created a tool for collaborative creation to > understand its structure. > > SInce mobwrite is the collaboration vehicle of choice (used and tested > by Google Docs which has suddenly become useless because of Ajax > problems) then the suggestion for using Python seems appropriate > because the server is written in Python. As is, the document state > control in Mobwrite is separate from the saving features when it is > implemented with, say, a wiki. > > So perhaps the underlying toolset of this PHP shell should be > converted to Python so that it can be implemented into bigger systems. > Or perhaps PHP be organized to give it the benefits of Python and > mobwrite binaries inserted into a PHP. > > Thus one gets the two necessary features of web expression: textual > creation and system control. Within this needs to be a development > system (so that the user can actually control his technological > destiny) that actually wraps the two. > > As is you barely get either, and nothing combines them. Pretty sad > after about a 1/4 century of Internet, wouldn't you say? > > Regards, John > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > phpshell-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpshell-devel > |
