News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paul Jones' Blog:
When Possible, Use File *Resources* Instead Of File *Names*
July 04, 2012 @ 14:10:49

In this new post to his blog Paul Jones makes a suggestion when you're working with files or external connections in your PHP applications - pass the resource, not the file/path name for more flexibility.

In testing the Aura.Http package, I have realized that it's much more flexible, testing wise, to pass around file resources (a.k.a. handles, pointers, or streams) than it is to pass around file names. When you do that, you can use a php://memory stream instead of attempting to touch the file system.

He shows how using this method can make it easier to test with a simple bit of refactoring by passing in the "php://memory" stream rather than the actual file reference. The comment (from Chris Hartjes) also suggests an alternative tool for working with tests that need the file system, vfsStream.

0 comments voice your opinion now!
file resource filename opinion unittest phpmemory stream


DZone.com:
File Path Injection in PHP <= 5.3.6 File Update (CVE 2011-2202)
June 21, 2011 @ 08:44:02

On DZone.com's PHP on Windows section today Krzysztof Kotowicz has a new post talking about a file path injection exploit in PHP versions lower than 5.3.6.

Since the thing went public before new PHP version has been released, I present full details of the latest PHP vulnerability I reported - together with some sweet demo exploit. The issue was found with fuzzing being part of my recent file upload research. And I still have some more to show in the future :)

The issue, described in more detail here on bugs.php.net (as of the time of this post, unfortunately unavailable) and his code to reproduce the issue is here. Due to a bug in the code that should strip down the upload to just the filename, certain kinds of file paths can make it through. The real problem comes in when an application blindly uses this filename to write to, possibly overwriting important files. You can see a screenshot of it in action here.

0 comments voice your opinion now!
file path injection bug filename


Tobias Schlitt's Blog:
My first patch to PHP
July 19, 2006 @ 20:00:38

Tobias Schlitt mentions today in his latest post about his first patch to PHP, an update to the pathinfo function's code being commited.

Hehe, some might say, that those 10 lines of C code are not even worth calling it a patch. Especially, since it was mostly copy and paste work and since Christian Schneider also adviced me for some improvement. Anyway, Marcus just commited my enhancement to pathinfo(), which adds a new field "filename" to the returned array of path elements.

His patch adds a much needed output parameter to the pathinfo function's results - filename. He talks briefly about the process of making the change and how long it took him on the first shot (2 hours), but now his hard work has paid off. The update will be a part of PHP 5.2.

0 comments voice your opinion now!
patch first pathinfo filename output parameter patch first pathinfo filename output parameter



Community Events





Don't see your event here?
Let us know!


language series release threedevsandamaybe framework list install podcast opinion introduction developer testing interview code unittest community wordpress refactor api laravel

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework