Archive for July 11th, 2007
PHP Developer - July 11th, 2007
From the Mindloop blog today, there’s a quick new tutorial on getting HtmlPurifier to work happily with the CodeIgniter framework.
HtmlPurifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant. […] Although Codeigniter comes with it’s own XSS filtering method, I prefer the use of the HtmlPurifier.
Installation is simple, involving only a four step process (including the download) and using it is just as easy. It’s (basically) just a matter of loading the library and calling the purify method to output the corrected HTML.
Continue Reading ·
PHP Developer - July 11th, 2007
On the ParanoidFerret.com blog today, there’s a new tutorial showing how to get the Adobe Flex technology to talk happily with PHP over a JSON interface. Their example is a simple form that, given a person’s information, finds matches from a backend XML.
To make sure we don’t get too stuck in a rut with our tutorial posts I decided to branch out a little bit and talk about Adobe Flex 2.0. I recently spent a lot of time figuring out how to do this. Basically what I am going to go over here is how to use php and json to send data to your flex application, and then how to use that data in Flex.
He includes an example of the app in action plus all of the PHP and Flex code you’ll need to make it work on your system. Since Flex has built-in JSON functionality, it makes it simple to query the resource and pull back the information that matches.
Continue Reading ·
PHP Developer - July 11th, 2007
On the Secunia.com site today, there’s a new vulnerability posted that users of the CodeIgniter framework should pay attention to - a “weakness and directory traversal vulnerability”.
Lukasz Pilorz has reported a vulnerability and a weakness in CodeIgniter, which can be exploited by malicious people to disclose sensitive information and conduct cross-site scripting and header injection attacks.
There are two problems that lead to this issue - a non-sanitized input parameter and unsanitized data being passed to the xss_clean function. These issues affect CodeIgniter version 1.5.3 and, as of the time of this post, no update has been made in an official release. It is mentioned, however, that the problem has been fixed in the CVS and is waiting for a release.
Continue Reading ·
PHP Developer - July 11th, 2007
Michael Kimsal mentions the posting of his latest show for his podcast - WebDevRadio, episode #34:
[This show contains a] quick overview of upcoming interviews, and mentions of the projectzero webdev project from IBM, Sheeri Kritzerâs OurSQL podcast, my upcoming SOLR presentation @ OSCON, and a bit more.
Also included in this show is a look at a PHP4->PHP5 XML wrapper that looks to take care of some of the transition of XML functionality when making the move between PHP4 and PHP5.
You can grab this latest show here or subscribe to the feed and get more shows, both past and future.
Continue Reading ·
PHP Developer - July 11th, 2007
According to a new post on John Mertic’s blog the PHP Windows installer is celebrating its one year anniversary (as of July 24th, 2007).
I am always looking for any suggestions for improvements to the installer. I’m also curious how people are using it; is it just for personal development, or is there anyone using it to deploy to a group of desktops or servers?
According to the original message on the php.internals list, John based it off of the functionality of the installer of Phil Driscoll with extra features like selective installation of components, automatic configuration of the php.ini and that it’s made as a MSI file (scriptable and open source).
Continue Reading ·