News Feed
Jobs Feed
Sections

Recent Jobs

News Archive
feed this:

ProDevTips.com:
HTML entity encoding everything
by Chris Cornutt January 30, 2008 @ 12:57:00

On the ProDevTips site, Henrik has pointed out a handy application that can make HTML encoding characters outside the norm in PHP simple.

The standard htmlentities() function will encode special characters so that they display OK in the browser. However, sometimes you might want to encode different languages to entities too. I just found a script that will do that in the form of an html encode application.

He includes an example showing how to encode a string of non-english characters out to an easy-to-display HTMLified string.

0 comments voice your opinion now!
html encode entity anything script application download brianhuisman



International PHP Magazine:
Poll Question What is the Top Mistake That PHP Coders Commit?
by Chris Cornutt February 07, 2007 @ 10:43:00

The International PHP Magazine has posted results from their latest PHP community poll as voted on by visitors to their site. The question for this poll asked developers what they thought, of the choices on the list, was the most common mistake that PHP developers make.

Coming in at number one by an overwhelming lead was "Not escaping entities and SQL input" (a definite problem indeed) with the next highest option, "Not using a Framework" a full twenty percent lower. The next two options were closer (descending) - "Using old PHP versions" and "No or little use of Object Orientation".

There's a new poll this week for your consideration - this time asking which stage, of the five options, should come first in the development cycle of a typical content management system. Head on over and cast your vote today!

0 comments voice your opinion now!
mistake coder escape entity sql framework version oop cms mistake coder escape entity sql framework version oop cms


Hardened-PHP Project:
PHP HTML Entity Encoder Heap Overflow Vulnerability
by Chris Cornutt November 03, 2006 @ 12:58:00

The Hardened-PHP Project has put out another advisory for the PHP distribution itself, versions 5.1.6/4.4.4 and below dealing with the HTML entity encoder heap.

While we were searching for a hole in htmlspecialchars() and htmlentities() to bypass the encoding of certain chars to exploit a possible eval() injection hole in another application we discovered that the implementation contains a possible bufferoverflow that can be triggered when the UTF-8 charset is selected.

The issue has been corrected in the latest PHP 5 release - version 5.2 - but is still present in the PHP 4.4 series (they have a recommended patch until the new version is posted). You can get complete information about this issue from the full vulnerability listing.

0 comments voice your opinion now!
html entity encoded heap overflow vulnerability download update html entity encoded heap overflow vulnerability download update



Community Events











Don't see your event here?
Let us know!

book package application framework mysql developer ajax example conference job PHP5 security cakephp PEAR releases zendframework code database release zend

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework