IRC Logs

Network: freenode Channel: #php

	Enter your search terms Submit search form
	Web www.irclog.org

[09:24]<jzgjgyw>deadroot, you ever seen that error
[09:24]<jzgjgyw>?
[09:24]<zufn>Oooh, muchly scary (and offtopic). http://news.bbc.co.uk/2/hi/uk_news/england/bristol/somerset/4753833.stm <- You can get DVT sitting at your desk too long.
[09:25]<mnzmzjjv>oreonix: it's a strange problem
[09:25]<jzgjgyw>indeed
[09:25]<jzgjgyw>heh
[09:26]<mnzmzjjv>oreonix: can you reproduce that problem in a simple script?
[09:26]<jzgjgyw>hmm
[09:26]<jzgjgyw>havent tried
[09:27]<jzgjgyw>http://loungin.mine.nu/test.php
[09:27]<jzgjgyw>one liner
[09:27]<fyvyffj>deadroot, well, I can do what I want in that two ways. I prefer making includes than a fopen. but is it secure?
[09:28]<mnzmzjjv>Zule: i get imagery from dr house md when i read that ;)
[09:28]<jzgjgyw>$text = preg_replace('/B\>/','',$fl_array[0]);
[09:28]<mnzmzjjv>oreonix: o.O
[09:28]<gfgaaxzjg>http://pastebin.com/721700 anyone know why the img src link isn't working?
[09:29]<jzgjgyw>Fatal error: Call to undefined function preg_replace() in /export/www/htdocs/test.php on line 3
[09:30]<mnzmzjjv>oreonix: something's really wrong with your php install..
[09:30]<jzgjgyw>:(
[09:30]<jzgjgyw>im running it on freebsd
[09:30]<mnzmzjjv>i just get undefined variables
[09:31]<mnzmzjjv>oreonix: what does phpinfo say?
[09:31]<mnzmzjjv>oreonix: "You can disable the pcre functions with --without-pcre-regex." <- from the manual
[09:32]<mnzmzjjv>pitillo: if you want to execute php code in another file, you should use include
[09:32]<jzgjgyw>yea i dont see that in the configure
[09:33]<mnzmzjjv>oreonix: i don't know of any other suggestion other than to rebuild php
[09:33]<fyvyffj>deadroot, but is it secure to do that?
[09:34]<mnzmzjjv>pitillo: secure in what way?
[09:35]<mnzmzjjv>pitillo: an attacker would have to modify the target include file to do something damaging
[09:35]<fyvyffj>deadroot, in thw php injection way. I read at web that isnt recomended
[09:35]<mnzmzjjv>pitillo: unless you allow the user to specify which include file
[09:35]<mnzmzjjv>*which file to include
[09:35]<fyvyffj>deadroot, and I tried to find an answer and another ways
[09:36]<mnzmzjjv>pitillo: tell me how you can compromise: include_once("hardcoded/path.php");
[09:37]<mnzmzjjv>pitillo: the only security problem with include is with bad design, the php programmer allowed the user to directly effect which files to include
[09:37]<fyvyffj>deadroot, well I need to read about include_once(). With static includes cant compromise the system.
[09:37]<mnzmzjjv>pitillo: example: include_once($_GET['user_defined_path']);
[09:38]<mnzmzjjv>now that example shows a clear security problem
[09:38]<fyvyffj>deadroot, yes, I understand it. Im using in a "static" way :) Need to read about include_once() in front of include()
[09:38]<fyvyffj>deadroot, thanks for that points :)
[09:39]<mnzmzjjv>include_once is like include, except that if you had included the file before, include_once won't include it again
[09:39]<mnzmzjjv>prevents redefining classes or functions
[09:40]<fyvyffj>deadroot, and may be a good way to get performance too?
[09:41]<mnzmzjjv>pitillo: any gains or losses won't be significant. any attempts to improve performance here would be a lot harder than looking for bad code
[09:42]<mnzmzjjv>just don't try to include too many files
[09:42]<fyvyffj>deadroot, well, Im looking fot both, errors at design and performance. Thanks for your help. :) Bit a bit Im trying to do it better.
[09:42]<fyvyffj>deadroot, why?
[09:43]<mnzmzjjv> including, say, 100 php files is a lot more taxing than including 10 php files :)
[09:43]<mnzmzjjv>keeping it at below 5 is good, for a small application
[09:44]<fyvyffj>deadroot, ahhh ok. Harder to find errors in 100 files than in 10.. Im using above 5.
[09:44]<mnzmzjjv>but that's just a rough figure. i don't have any numbers to support any particular number
[09:45]<fyvyffj>deadroot, perferct. My web is small and easy, nothing complicated, Im using includes to add menus. Learning bit a bit :)
[09:46]<mnzmzjjv>:)
[10:04]<govrzuzu>good morning
[10:05]<pnvpzjrr>god morgon
[10:16]<rzrrcj>anyone want to donate some time to me?
[10:16]<djjsnd>no
[10:16]<rzrrcj>hehe
[10:24]<tml>cracko: I'd buy other people's time, if a market for such could be located.
[10:28]<tml>Roughly 15 extra hours per day would do nicely
[10:30]<mrvym1>heh, what a thought! you wouldn't be the first to have such a desire
[10:31]<mr-2y2fn>how the hell do you kill a session?
[10:31]<mr-2y2fn>session.destroy wont do it
[10:32]<mr-2y2fn>er
[10:32]<mr-2y2fn>_
[10:32]<ow9w9792>amazing URL http://php.net/manual/en/keyword.paamayim-nekudotayim.php
[10:32]<ow9w9792>whats that weird paamayim meaning ?
[10:32]<mrvym1>da-bible: what type of session?
[10:32]<dywul>da-bible, destroy does do it. but you can also unset($_SESSION);
[10:33]<tml>Ox41464b: paamayim nekudotayim is hebrew for "double colon"
[10:33]<dywul>atah medaber ivrit?
[10:33]<ozznmumn>TML: Thanks, I was wondering that myself.
[10:33]<dywul>israel n00b
[10:33]<ozznmumn>Ox41464b: Israel
[10:39]<tml>Odd...suddenly, either my client or (less likely) my server has decided that .doc means "Open in Acrobat Reader" o.O
[10:40]<dywul>mishu medaber ivrit can?
[10:40]<tml>mixup: English, please.
[10:40]<dywul>dont pretend to know hebrew
[10:41]<tml>mixup: Who's pretending to know Hebrew?
[10:41]<dywul>exactly
[10:41]<tml>mixup: You misinterpreted something.
[10:41]<tml>No one pretended to know Hebrew
[10:50]<mrrrusvr>xml
[10:50]<mrrrusvr>blah
[10:50]<ggyza_lgvzjv>why? The Xml is new, modern languadge
[10:51]<ggyza_lgvzjv>many sistems and protocols are based on xml
[10:52]<ggyza_lgvzjv>wap sites, rss feeds, openoffice formats, and others...
[10:53]<2jj2r>hello... using mysql_real_escape_string... should'nt the database contain a field like this then " \'test "
[10:53]<mrrrusvr>eniac_petrov, wtf ;) was a typo
[10:56]<ggyza_lgvzjv>Mangusta, what is typo. sorry, my english is bad
[10:56]<mrrrusvr>lol, typographical error
[10:57]<mrrrusvr>I didn't mean to type xml, so I typed blah afterwards
[10:58]<ggyza_lgvzjv>ah, ok
[11:06]<anlx>i've got this project due in in 2 days, and i haven't even started on it. anyone have any good excuses i can use? the typical mom died/car accident is getting a bit old
[11:07]<ow9w9792>ceph, quit getting project
[11:07]<vrdr00>ceph, your dog ate your computer
[11:09]<mrscm_>just fess up and say you didnt do it, worked better then any excuse for me
[11:09]<mrrrusvr>tell them your pregnant....
[11:10]<vrdr00>ceph, why dont you stop making excuses and START DOING your project?
[11:10]<anlx>had more important stuff to do that came up

Back to #php
Or go to some related logs:
#gentoo
#gentoo
#macosx
#netbsd
#netbsd