IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Internet Forum / The security hole was on file uploads
Post #11,521
by drewk
Picture of drewk
10/3/01 2:48:28 PM
Reply
New The security hole was on file uploads
There was a script you could use to patch it. Basically, PHP was putting system-generated variables in user space where they could be overwritten by user-supplied values in a form. That's been fixed in later versions, so if you're using the latest you shouldn't have a problem.

As for the session stuff, get thee to [link|http://www.php.net/manual/en/ref.session.php|the source]. Actually, the online documentation is fairly thorough. There are occasional oddities, but the user-contributed notes on each page usually cover that. I wouldn't bother with a book on it at first. You should be able to get most of what you need to get started from the [link|http://www.php.net/manual/en/|online manual].
We have to fight the terrorists as if there were no rules and preserve our open society as if there were no terrorists. -- [link|http://www.nytimes.com/2001/04/05/opinion/BIO-FRIEDMAN.html|Thomas Friedman]
Post #11,690
by tablizer
10/4/01 2:36:54 AM
Reply
New Books easier on the eyes than screens
But, Thanks for the info.

Well written books are also better than most OSS docs IMO. The hard part is finding a good book. It is kind of like 70 percent are worse than the online docs, 25 percent are about the same, and 5 percent are better.

I might be a matter of finding an author who thinks like you (but the guards rarely untie those kind of authors :-)




________________
oop.ismad.com
Post #11,708
by wharris2
10/4/01 6:31:56 AM
Reply
New 90% of everything is crap
but that other 10% can be jewelry.
Who knows how empty the sky is
In the place of a fallen tower.
Who knows how quiet it is in the home
Where a son has not returned.

-- Anna Akhmatova (1889-1966)
Post #15,362
by tablizer
10/27/01 12:34:21 AM
Reply
New PHP "session" variables are lacking
You have to keep "re-registering" them on every page in order to keep them according to PHP 4 Bible.

However, I set up some routines to automatically re-register a single associative array that holds scalar "session variables". That way it feels more like the ASP approach, which the book admits does sessions better than PHP.

And, the dollar signs, semicolons, case-sensitivity, and braces are still annoying. But it is almost worth the feeling of getting out from under Gates.
________________
oop.ismad.com
     PHP Questions - (tablizer) - (5) - Oct. 3, 2001, 02:15:48 PM EDT
         The security hole was on file uploads - (drewk) - (3) - Oct. 3, 2001, 02:48:28 PM EDT
             Books easier on the eyes than screens - (tablizer) - (1) - Oct. 4, 2001, 02:36:54 AM EDT
                 90% of everything is crap - (wharris2) - Oct. 4, 2001, 06:31:56 AM EDT
             PHP "session" variables are lacking - (tablizer) - Oct. 27, 2001, 12:34:21 AM EDT
         Ghost book? - (tablizer) - Oct. 13, 2001, 08:58:52 PM EDT

And suddenly it occurred to me where these guys had learned their tactics. They'd seen Beau Geste, and were copying the Foreign Legionaires at Fort Zinderneuf.
58 ms