Archive for November 2nd, 2006
PHP Developer - November 2nd, 2006
The Hardened-PHP project has released another vulnerability today, this time for the popular phpMyAdmin database management package concerning an issue with the “error.php” file being open to an XSS vulnerability.
It was discovered that phpMyAdmin comes with a script to display error messages that supports displaying the error in a user supplied charset. Unfortunately the encoding of the error message is not taking the charset into account which can result into XSS when UTF-7 is selected. (Other charsets like US-ASCII can also be used to exploit this in some browsers.)
There is no proof of concept posted for this exploit and, since it only effects phpMyAdmin versions 2.9.0.2 and lower, it’s suggested that you update to the latest release as soon as possible to correct the issue.
Continue Reading ·
Dev Shed - November 2nd, 2006
In this final part of a three-part series on unit testing we discuss the use of graphical interfaces unit testing in a web environment and more. The article is excerpted from chapter six of the book em Advanced PHP Programming em written by George Schlossnagle Sams ISBN 672325616 ….
Rackspace-Managed Servers, Fanatical Support Full-Scale Microsoft & Linux Solutions & 0% Network Downtime! Click here now!
Continue Reading ·
PHP Developer - November 2nd, 2006
On PHPBuilder.com, there’s a new tutorial, an excerpt from the APress book “Pro PHP Security” by Chris Snyder and Michael Southwell talking about how to prevent SQL injections in your web applications.
They take a complete look at SQL injections, including:
- What SQL injections are
- How they work
- Why it’s an issue with PHP
- The types of user input
This is just the first part in the series, so stay tuned for even more great security content from the new APress book.
Continue Reading ·
PHP Developer - November 2nd, 2006
In the final part of their series looking at unit testing in PHP, DevShed has this new tutorial that looks at using graphical interfaces with the unit tests you’ve already generated. It’s another excerpt from the George Schlossnage book “Advanced PHP Programming”.
Because PHP is a Web-oriented language, you might want an HTML-based user interface for running your unit tests. PHPUnit comes bundled with this ability, using PHPUnit_WebUI_TestRunner::run(). This is in fact a nearly identical framework to TextUI; it simply uses its own listener to handle generate HTML-beautified output.
He looks at test driven design, a simple “Flesch Score Calculator” class, testing a “Word” class (with PHPUnit), and creating the Bug Report of the output of it all. Finally, he builds up a simple web interface to make running the tests and getting the reports nice and easy.
Continue Reading ·
PHP Developer - November 2nd, 2006
It’s always interesting to get an outsider’s perspective on the language that we all work with and love (or hate, just depends on how debugging’s going). In his latest blog post, Chris Justis does just that with some of his comments from an interview with IEEE magazine about why Java will outlive PHP.
I had the good fortune to be interviewed by an IEEE magazine in February to comment on the demise of Java (vs. PHP). A 45-minute interview turned into a paragraph in the article, but I thought that I might put all of my thoughts up on my blog.
There’s some interesting ideas here, but I’m not sure that most of them mean the “victory” of Java over PHP. In fact, most of them seem to reinforce the thought that PHP and Java will coexist happily for a good long while.
Continue Reading ·