rollenc拼博 - Entries tagged as PHP

9月 18

Eclipse PDT (PHP Development Tools) 1.0发布

技术 1 回复 »

原文参见： http://download.eclipse.org/tools/pdt/downloads/
update地址： http://download.eclipse.org/tools/pdt/updates/
依赖： wst

SHIT！我使用update安装不了，系统告诉我：

Unable to complete action for feature "PDT Feature" due to errors.
The File "/tmp/1611919292/eclipse/.update/1190120959966/1190120959970/eclipse20065.tmp" is not a valid JAR file. [error in opening zip file]
error in opening zip file
The File "/tmp/1611919292/eclipse/.update/1190120959966/1190120959970/eclipse20065.tmp" is not a valid JAR file. [error in opening zip file]
error in opening zip file

昏死！无条件放弃，还是坚持 phpeclipse!

Defined tags for this entry: Eclipse, PHP

作者 rollenc

8月 31

PHP 5.2.4 发布

转载没有回复 »

Security Enhancements and Fixes in PHP 5.2.4:

* Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)
* Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)
* Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)
* Fixed integer overflow in str[c]spn(). (Reported by Stanislav Malyshev)
* Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)
* Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)
* Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Stanislav Malyshev)
* Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)
* Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)
* Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)
* Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)
* Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)
* Improved fix for MOPB-03-2007.
* Corrected fix for CVE-2007-2872.

Defined tags for this entry: PHP

作者 rollenc

8月 17

在apache配置中修改php.ini中的变量

技术没有回复 »

如果机器支持apache配置文件.htaccess（一般虚拟机都是支持的），但是并不容许你修改php.ini文件时，你可以使用以下代码来修改一些变量：
只适用于php做为apache的module的情况

<IfModule mod_php5.c>

php_value include_path ".:/usr/local/lib/php;"

</IfModule>

<IfModule mod_php4.c>

php_value include_path ".:/usr/local/lib/php"

</IfModule>

但是，不要使用

<IfModule mod_php5.c>

php_value error_reporting E_ALL

</IfModule>

这样的内容，因为E_ALL是php.ini中定义的常量，在apache中是无效的，任何没有定义的常量都被会解释为0或者空值。
因此以上内容将被解释为不报告任何错误，而不是所有错误。

如果php是做为cgi加载的，那么你可以通过ini_set来实现

$include_path = ini_get('include_path');
ini_set('include_path', $include_path.':/home/rollenc/myphplib'); //注意Linux目录分割符是 : 和windows使用的 ; 不同

Defined tags for this entry: apache, PHP

作者 rollenc

7月 18

drupal的db_query安全过滤

技术没有回复 »

Drupal通过C风格的字符串输出格式实现了对sql语句的安全过滤。
使用方法：

db_query("SELECT n.nid FROM {node} n WHERE n.type = '%s'", $type);//正确做法
//这不等于以下语句，使用sprintf并不能避免mysql注入。
db_query(sprintf("SELECT n.nid FROM {node} n WHERE n.type = '%s'", $type)); //不正确

drupal db_query核心代码如下：

/**
* Indicates the place holders that should be replaced in _db_query_callback().
*/
define('DB_QUERY_REGEXP', '/(%d|%s|%%|%f|%b)/');

/**
* Runs a basic query in the active database.
*
* User-supplied arguments to the query should be passed in as separate
* parameters so that they can be properly escaped to avoid SQL injection
* attacks.
*
* @param $query
* A string containing an SQL query.
* @param ...
* A variable number of arguments which are substituted into the query
* using printf() syntax. Instead of a variable number of query arguments,
* you may also pass a single array containing the query arguments.

* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
* in '') and %%.
*
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
* and TRUE values to decimal 1.
*
* @return
* A database query result resource, or FALSE if the query was not
* executed correctly.
*/
function db_query($query) {
$args = func_get_args();
array_shift($args);
$query = db_prefix_tables($query);
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
$args = $args[0];
}
_db_query_callback($args, TRUE);
$query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
return _db_query($query);
}

/**
* Helper function for db_query().
*/
function _db_query_callback($match, $init = FALSE) {
static $args = NULL;
if ($init) {
$args = $match;
return;
}

switch ($match[1]) {
case '%d': // We must use type casting to int to convert FALSE/NULL/(TRUE?)
return (int) array_shift($args); // We don't need db_escape_string as numbers are db-safe
case '%s':
return db_escape_string(array_shift($args));
case '%%':
return '%';
case '%f':
return (float) array_shift($args);
case '%b': // binary data
return db_encode_blob(array_shift($args));
}
}

参考： http://drupal.org/node/101496

Defined tags for this entry: drupal, php

作者 rollenc

5月 23

phpdoc命令行开关

技术没有回复 »

Command-line switches

-cp --converterparams dynamic parameters for a converter, separate values with commas
-ct --customtags comma-separated list of non-standard @tags to pass to the converter as valid tags
-d --directory name of a directory(s) to parse directory1,directory2
-dc --defaultcategoryname name to use for the default category. If not specified, uses 'default'
-dh --hidden set equal to on (-dh on) to descend into hidden directories (directories starting with '.'), default is off
-dn --defaultpackagename name to use for the default package. If not specified, uses 'default'
-ed --examplesdir full path of the directory to look for example files from @example tags
-f --filename name of file(s) to parse ',' file1,file2. Can contain complete path and * ? wildcards
-i --ignore file(s) that will be ignored, multiple separated by ','. Wildcards * and ? are ok
-is --ignoresymlinks Explicitly ignore symlinks, both symlinked directories and symlinked files. Valid options are "on" and "offn" default value is "off"
-it --ignore-tags tags to ignore for this parse. @package, @subpackage, @access and @ignore may not be ignored.
-j --javadocdesc use JavaDoc-compliant description (short desc is part of description, and is everything up to first .)
-o --output output information, format:converter:template (HTML:frames:phpedit for example)
-p --pear Parse a PEAR-style repository (package is directory, _members are @access private) on/off default off
-po --packageoutput output documentation only for selected packages. Use a comma-delimited list
-pp --parseprivate parse elements marked private with @access. Valid options are "on" and "off" default value is "off"
-q --quiet do not display parsing/conversion messages. Useful for cron jobs. Valid options are "on" and "off" default value is "off"
-ric --readmeinstallchangelog Specify custom filenames to parse like README, INSTALL or CHANGELOG files
-s --sourcecode generate highlighted sourcecode for every parsed file (PHP 4.3.0+ only) on/off default off
-t --target path where to save the generated files
-ti --title title of generated documentation, default is 'Generated Documentation'
-tb --templatebase base location of all templates for this parse. Note that if -tb /path/to/here, then templates for HTML:frames:default must be in /path/to/here/Converters/HTML/frames/templates/default/templates and the /path/to/here/Converters/HTML/frames/templates/default/templates_c directory must exist, or Smarty will bail on attempting to compile the templates.
-ue --undocumentedelements Enable warnings for undocumented elements. Useful for identifying classes and methods that haven't yet been documented. Valid options are "on" and "offn" default value is "off"

来源于： phpdoc manual

Defined tags for this entry: php, phpdoc

作者 rollenc

5月 23

几个特别的phpdoc标记（不完全）

技术没有回复 »

“{@*}” 用于在docblock中表示注释结束符号 */
“-, +, #, o” 用来简写<li>, &ul;ul>, 等列表项，但是不支持多层结构，你只能用它们来表示单层列表
“#@+and #@-” #@+是模板开始符，在此申明之后的所有申明，都会自动继承此申明的标记。直到出现模板结束符#@-

Defined tags for this entry: php, phpdoc

作者 rollenc

5月 23

phpdoc详细描述中支持的Html Tag

技术没有回复 »

<b>
<code> Use this to surround php code, some converters will highlight it
<br>
<i>
<kbd> denote keyboard input/screen display
<li>
<ol>
<p>
<pre>
<samp> denote sample or examples (non-php)
<ul>
<var> denote a variable name

源自：phpdoc manual

Defined tags for this entry: php, phpdoc

作者 rollenc

4月 20

今天又注册两域名

技术 1 回复 »

两域名分别为：
phpapp.cn
phpapplication.cn
这是为php系列的第三个重要域名了。
整个一条php社区线形成了:
function(phpfunction.cn) -> library(phplibrary.cn) -> application(phpapplication.cn)
目前我会重点做一下library。网址：http://www.phplibrary.cn
如三马说的，等解决了吃饭的问题，我们要好好做些事情出来！

Defined tags for this entry: php

作者 rollenc

4月 17

phplibrary上线

技术没有回复 »

phplibrary上线好几天了，一直没有什么动静。
发布一下，我最近会每天会更新一个library上线，也来希望大家能够多多参与。

Defined tags for this entry: php

作者 rollenc

4月 13

试验场

技术没有回复 »

经过一周的纯正PHP5环境下的工作，我确定了自己现在的事情：
把现有的环境当成试验场。
前一阵学习了不少的重构，设计模式等只是，但是，以前的开发一直要考虑PHP4的兼容性，故而在编码上看起来不伦不类的。受到语言限制，也有诸多的模式实现起来非常困难或者诡异。现在我可以大胆的进行完整的OOP。
把所有沉睡的知识召唤醒来吧！
UML，OOP，PHP5，Design patterns，Refactoring...

Defined tags for this entry: PHP, 学习, 技术, 设计模式

作者 rollenc

3月 21

magic_quotes_gpc＝1时的还原处理

技术

当magic_quotes_gpc设置为1时，GPCF的数据将被addslashes。
这里是使用程序还原原始数据的代码，相当于把magic_quotes_gpc设置为0。

if (get_magic_quotes_gpc()) { // check magic_quotes_gpc state
function strip_quotes(&$var) {
if (is_array($var)
array_walk($var, 'strip_quotes');
else
$var = stripslashes($var);
}
// Handle GPC
foreach (array('GET','POST','COOKIE') as $v)
if (!empty(${"_".$v}))
array_walk(${"_".$v}, 'strip_quotes');
// Original file names may contain escaped data as well
if (!empty($_FILES))
foreach ($_FILES as $k => $v) {
$_FILES[$k]['name'] = stripslashes($v['name']);
}

或者更快的解决方法：

if (get_magic_quotes_gpc()) {
$in = array(&$_GET, &$_POST, &$_COOKIE);
while (list($k,$v) = each($in)) {
foreach (