Programming PHP

More documents

Recommendations

Info

HTTP or FTP URL as a filename, and the document identified by the URL will be opened. Here’s some exploitable code: If $username is set to "http://www.example.com/myfile", a remote file is opened, not a local one. The situation is even more dire if you let the user tell you which file to include( ): If the user passes a theme parameter of "http://www.example.com/badcode.inc" and your variables_order includes GET or POST, your PHP script will happily load and run the remote code. Never use parameters as filenames like this. There are several solutions to the problem of checking filenames.You can disable remote file access, check filenames with realpath( ) and basename( ), and use the open_basedir option to restrict filesystem access. Check for Relative Paths When you need to allow the user to specify a filename in your application, you can use a combination of the realpath( ) and basename( ) functions to ensure that the filename is what it ought to be.The realpath( ) function resolves special markers such as “.” and “..”. After a call to realpath( ), the resulting path is a full path on which you can then use basename( ).The basename( ) function returns just the filename portion of the path. Going back to our welcome message scenario, here’s an example of realpath( ) and basename( ) in action: $filename = $_POST['username']; $vetted = basename(realpath($filename)); if ($filename !== $vetted) { die("$filename is not a good username"); } In this case, we’ve resolved $filename to its full path and then extracted just the filename.If this value doesn’t match the original value of $filename, we’ve got a bad filename that we don’t want to use. Once you have the completely bare filename, you can reconstruct what the file path ought to be, based on where legal files should go, and add a file extension based on the actual contents of the file: include("/usr/local/lib/greetings/$filename"); 288 | Chapter 12: Security This is the Title of the Book, eMatter Edition Copyright © 2002 O’Reilly & Associates, Inc. All rights reserved.
Restrict Filesystem Access to a Specific Directory If your application must operate on the filesystem, you can set the open_basedir option to further secure the application by restricting access to a specific directory.If open_basedir is set in php.ini, PHP limits filesystem and I/O functions so that they can operate only within that directory or any of its subdirectories. For example: open_basedir = /some/path With this configuration in effect, the following function calls succeed: unlink("/some/path/unwanted.exe"); include("/some/path/less/travelled.inc"); But these generate runtime errors: $fp = fopen ("/some/other/file.exe", "r"); $dp = opendir("/some/path/../other/file.exe"); Of course, one web server can run many applications, and each application typically stores files in its own directory.You can configure open_basedir on a per-virtual host basis in your httpd.conf file like this: ServerName domainA.com DocumentRoot /web/sites/domainA php_admin_value open_basedir /web/sites/domainA Similarly, you can configure it per directory or per URL in httpd.conf: # by directory php_admin_value open_basedir /home/httpd/html/app1 # by URL php_admin_value open_basedir /home/httpd/html/app2 The open_basedir directory can be set only in the httpd.conf file, not in .htaccess files, and you must use php_admin_value to set it. File Uploads File uploads combine the two dangers we’ve seen so far: user-modifiable data and the filesystem.While PHP 4 itself is secure in how it handles uploaded files, there are several potential traps for unwary programmers. Distrust Browser-Supplied Filenames Be careful using the filename sent by the browser.If possible, do not use this as the name of the file on your filesystem.It’s easy to make the browser send a file identified This is the Title of the Book, eMatter Edition Copyright © 2002 O’Reilly & Associates, Inc. All rights reserved. File Uploads | 289
Page 2 and 3:
Programming PHP
Page 4 and 5:
Programming PHP by Rasmus Lerdorf a
Page 6 and 7:
Colophon Our look is the result of
Page 8 and 9:
Accessing Individual Characters 79
Page 10 and 11:
Concealing PHP Libraries 293 PHP Co
Page 12 and 13:
clarify the explanations, and the p
Page 14 and 15:
There is a web page for this book,
Page 17 and 18:
Chapter 2 CHAPTER 2 Language Basics
Page 19 and 20:
Comments Comments give information
Page 21 and 22:
*/ echo("l=$l m=$m n=$n\n"); ?> Now
Page 23 and 24:
change. Constants are referred to b
Page 25 and 26:
PHP recognizes floating-point numbe
Page 27 and 28:
• The empty string ("") and the s
Page 29 and 30:
Chapter 6 describes classes and obj
Page 31 and 32:
The old value of $black is lost. In
Page 33 and 34:
update_counter( ); update_counter(
Page 35 and 36:
Table 2-3. PHP operators P A Operat
Page 37 and 38:
The division and multiplication ope
Page 39 and 40:
Autoincrement and Autodecrement Ope
Page 41 and 42:
Bitwise Operators The bitwise opera
Page 43 and 44:
something is true. For example, you
Page 45 and 46:
Because all operators are required
Page 47 and 48:
if The if statement checks the trut
Page 49 and 50:
A switch statement is given an expr
Page 51 and 52:
if ($i == 5) break; // breaks out o
Page 53 and 54:
This program adds the numbers from
Page 55 and 56:
loops, and complain if the file bei
Page 57 and 58:
XML Style Because of the advent of
Page 59 and 60:
and other such niceties. Some will
Page 61 and 62:
Chapter 3 CHAPTER 3 Functions A fun
Page 63 and 64:
Typically, functions return some va
Page 65 and 66:
As we discussed in Chapter 2, the e
Page 67 and 68:
Example 3-5. Doubler redux function
Page 69 and 70:
Missing Parameters PHP lets you be
Page 71 and 72:
Anonymous Functions Some PHP functi
Page 73 and 74:
echo "$who was $where"; Kilroy was
Page 75 and 76:
As a special case, you can put a se
Page 77 and 78:
• A padding specifier denoting th
Page 79 and 80:
Boolean values and NULL are not mea
Page 81 and 82:
Changing Case PHP has several funct
Page 83 and 84:
The quote_style and charset argumen
Page 85 and 86:
Query-string encoding The urlencode
Page 87 and 88:
The comparison operators (=) also w
Page 89 and 90:
The Levenshtein algorithm calculate
Page 91 and 92:
The str_repeat( ) function takes a
Page 93 and 94:
print_r($a);Array ( [0] => Fred [1]
Page 95 and 96:
The c in strcspn( ) stands for comp
Page 97 and 98:
These three kinds of patterns can b
Page 99 and 100:
Subpatterns You can use parentheses
Page 101 and 102:
Table 4-8. POSIX anchors Anchor Mat
Page 103 and 104:
Example 4-1. Credit-card validator
Page 105 and 106:
Character Classes Perl-style regula
Page 107 and 108:
Trailing Options Perl-style regular
Page 109 and 110:
A simple use of positive lookahead
Page 111 and 112:
For example: preg_match('/y.*e$/',
Page 113 and 114:
Pass an array of strings as subject
Page 115 and 116:
Quoting for regular expressions The
Page 117 and 118:
Identifying Elements of an Array Yo
Page 119 and 120:
array is almost always a programmer
Page 121 and 122:
Two or more consecutive commas in t
Page 123 and 124:
echo "true!\n"; } if (array_key_exi
Page 125 and 126:
EXTR_PREFIX_SAME, which says that t
Page 127 and 128:
echo "$key is $value\n"; } 0 is spa
Page 129 and 130:
The default argument, if provided,
Page 131 and 132:
you need to answer questions like
Page 133 and 134:
Example 5-3. Sorting arrays (contin
Page 135 and 136:
Here’s how to randomize the order
Page 137 and 138:
Sets Arrays let you implement the b
Page 139 and 140:
Here’s the output from Example 5-
Page 141 and 142:
Terminology Everyobject-oriented la
Page 143 and 144:
You can use variable variables with
Page 145 and 146:
} function set_name ($new_name) { $
Page 147 and 148:
The object created bythe Person con
Page 149 and 150:
Example 6-1. Displaying all declare
Page 151 and 152:
Example 6-2. Object introspection f
Page 153 and 154:
Here are some sample classes and ob
Page 155 and 156:
PHP has two hooks for objects durin
Page 157 and 158:
Example 6-5 shows the file next.php
Page 159 and 160:
the request contains a blank line,
Page 161 and 162:
SERVER_NAME The hostname, DNS alias
Page 163 and 164:
The biggest difference between GET
Page 165 and 166:
Figure 7-1. The chunkify form and i
Page 167 and 168:
Example 7-4. Temperature conversion
Page 169 and 170:
Example 7-6. Multiple selection val
Page 171 and 172:
Example 7-8. Sticky multivalued che
Page 173 and 174:
Files are stored in the server’s
Page 175 and 176:
“me@aol” by requiring an at sig
Page 177 and 178:
To mark a document as already expir
Page 179 and 180:
A third technique for maintaining s
Page 181 and 182:
Example 7-10. Preference selection
Page 183 and 184:
Session basics To enable sessions f
Page 185 and 186:
Custom storage By default, PHP stor
Page 187 and 188:
When a session is completed, the de
Page 189 and 190:
Chapter 8 CHAPTER 8 Databases PHP h
Page 191 and 192:
columns, each of which has a name a
Page 193 and 194:
Figure 8-1. The movie page the data
Page 195 and 196:
$db = DB::connect($datasource); if
Page 197 and 198:
string(4) "1962" ["name"]=> string(
Page 199 and 200:
The executeMultiple( ) method takes
Page 201 and 202:
echo "$k"; if (is_array($v)) { a_to
Page 203 and 204:
Two HTML forms are needed to popula
Page 205 and 206:
Example 8-3. Database connection ab
Page 207 and 208:
Example 8-4. Backend administration
Page 209 and 210:
Example 8-5. Adding a business (con
Page 211 and 212:
Example 8-5. Adding a business (con
Page 213 and 214:
The business listings page is illus
Page 215 and 216:
The series of requests sent by the
Page 217 and 218:
many colors as you need. The latter
Page 219 and 220:
image-generating function. Example
Page 221 and 222:
Example 9-4. Adding text to an imag
Page 223 and 224:
Example 9-6. Displaying vertical Tr
Page 225 and 226:
Example 9-8. Caching dynamic button
Page 227 and 228:
You can also take this a step furth
Page 229 and 230:
For a signed integer, the leftmost
Page 231 and 232:
True Color Color Indexes The color
Page 233 and 234:
Chapter 10 CHAPTER 10 PDF Adobe’s
Page 235 and 236:
Figure 10-1. Hello world in a PDF d
Page 237 and 238: Type, Content-Disposition, and Cont
Page 239 and 240: Example 10-3. Changing the origin (
Page 241 and 242: Example 10-4. Text alignment within
Page 243 and 244: Example 10-5. Changing text attribu
Page 245 and 246: usr/share/fonts FontAFM LuciduxSans
Page 247 and 248: Adding an image to a PDF document i
Page 249 and 250: Example 10-8. Nonproportional scali
Page 251 and 252: Figure 10-9. A sample path The pdf_
Page 253 and 254: The width and height parameters spe
Page 255 and 256: Example 10-11. Using a template Th
Page 257 and 258: Example 10-12. Using bookmarks and
Page 259 and 260: Example 10-13. Specifying a link (c
Page 261 and 262: Figure 10-16. Closed note The conte
Page 263 and 264: In HTML, you often have an open tag
Page 265 and 266: Example 11-1. Generating an XML doc
Page 267 and 268: The end element handler is called w
Page 269 and 270: If your external entity reference h
Page 271 and 272: characters outside the target encod
Page 273 and 274: XML_ERROR_BAD_CHAR_REF XML_ERROR_BI
Page 275 and 276: Figure 11-2. Book details comment).
Page 277 and 278: Example 11-10. bookparse.xml (conti
Page 279 and 280: Example 11-12. News XSL transform
Page 281 and 282: more information). The xmlrpc exten
Page 283 and 284: equest, but it doesn’t know how t
Page 285 and 286: Chapter 12 CHAPTER 12 Security PHP
Page 287: These directives ensure that PHP er
Page 291 and 292: function or PHP’s copy( ) functio
Page 293 and 294: • Any system call (through functi
Page 295 and 296: You can globally disable particular
Page 297 and 298: Chapter 13 CHAPTER 13 Application T
Page 299 and 300: user.template. It uses the {DESTINA
Page 301 and 302: {ARTICLE} might be useful, as it wo
Page 303 and 304: } ob_start('rewrite'); ?> Visit our
Page 305 and 306: To turn off error reporting entirel
Page 307 and 308: Example 13-5. Log-rolling error han
Page 309 and 310: Before you begin optimization, ask
Page 311 and 312: changes you make to your code as yo
Page 313 and 314: • Only include or require files t
Page 315 and 316: MySQL replication Sometimes the dat
Page 317 and 318: Chapter 14 CHAPTER 14 Extending PHP
Page 319 and 320: examples, and you are strongly enco
Page 321 and 322: int Integer/long long Same as int a
Page 323 and 324: zend_module_entry rot13_module_entr
Page 325 and 326: for(i=0, ch=arg; i= 'A')&&(*ch
Page 327 and 328: if (extension_loaded($module)) { $s
Page 329 and 330: SWF_DIR=$i AC_MSG_RESULT(found in $
Page 331 and 332: If you compile the Apache module ve
Page 333 and 334: For example: zval **old, *new; *new
Page 335 and 336: The value returned from a PHP funct
Page 337 and 338: A More Complex Example Here’s an
Page 339 and 340:
Table 14-4. RETURN-related convenie
Page 341 and 342:
* ... */ }; PHP_MINIT_FUNCTION(foo)
Page 343 and 344:
using SEPARATE_ZVAL( ), initializes
Page 345 and 346:
The struct looks like this in the p
Page 347 and 348:
zend_hash_update(&EG(symbol_table),
Page 349 and 350:
Resources A resource is a generic d
Page 351 and 352:
Chapter 15 CHAPTER 15 PHP on Window
Page 353 and 354:
3. Windows 95/98/Me: the Windows sy
Page 355 and 356:
Then explicitly load the module wit
Page 357 and 358:
un under IIS, you will need to reim
Page 359 and 360:
External Commands PHP uses the defa
Page 361 and 362:
This creates a reference (VT_BYREF)
Page 363 and 364:
Figure 15-3. Gleaning syntax from W
Page 365 and 366:
Now we can complete the invoice wit
Page 367 and 368:
multiple Workbooks, each of which c
Page 369 and 370:
Example 15-4. Querying Excel via OD
Page 371 and 372:
• Applications that want to use t
Page 373:
Example 15-5. Add new phone number,
Page 376 and 377:
Files, directories, and filesystem
Page 378 and 379:
addcslashes string addcslashes(stri
Page 380 and 381:
array_merge array array_merge(array
Page 382 and 383:
array_search mixed array_search(mix
Page 384 and 385:
asort void asort(array array[, int
Page 386 and 387:
call_user_func mixed call_user_func
Page 388 and 389:
chown bool chown(string path, mixed
Page 390 and 391:
cos double cos(double value) Return
Page 392 and 393:
Any characters in the format string
Page 394 and 395:
each array each(array array) Create
Page 396 and 397:
Any number of these options can be
Page 398 and 399:
fflush int fflush(int handle) Commi
Page 400 and 401:
filemtime int filemtime(string path
Page 402 and 403:
If include is specified and is true
Page 404 and 405:
ftell int ftell(int handle) Returns
Page 406 and 407:
get_current_user string get_current
Page 408 and 409:
get_parent_class string get_parent_
Page 410 and 411:
getmypid int getmypid( ) Returns th
Page 412 and 413:
header void header(string header[,
Page 414 and 415:
implode string implode(array string
Page 416 and 417:
is_double bool is_double(mixed valu
Page 418 and 419:
is_scalar bool is_scalar(mixed valu
Page 420 and 421:
Calculates the Levenshtein distance
Page 422 and 423:
log double log(double number) Retur
Page 424 and 425:
mkdir int mkdir(string path, int mo
Page 426 and 427:
number_format string number_format(
Page 428 and 429:
openlog int openlog(string identity
Page 430 and 431:
parse_url array parse_url(string ur
Page 432 and 433:
phpinfo void phpinfo([int what]) Ou
Page 434 and 435:
printf int printf(string format[, m
Page 436 and 437:
eaddir string readdir(int handle) R
Page 438 and 439:
ound double round(double number[, i
Page 440 and 441:
setlocale string setlocale(mixed ca
Page 442 and 443:
sort void sort(array array[, int fl
Page 444 and 445:
str_pad string str_pad(string strin
Page 446 and 447:
%H Hour in 24-hour format, includin
Page 448 and 449:
strncmp int strncmp(string one, str
Page 450 and 451:
strtr string strtr(string string, s
Page 452 and 453:
tmpfile int tmpfile( ) Creates a te
Page 454 and 455:
unregister_tick_function void unreg
Page 456 and 457:
wordwrap string wordwrap(string str
Page 458 and 459:
old versions of aspell, you should
Page 460 and 461:
DBM For very simple database instal
Page 462 and 463:
Hyperwave Hyperwave is a database f
Page 464 and 465:
mcrypt This extension provides an i
Page 466 and 467:
pdflib pdflib provides support for
Page 468 and 469:
Sybase This extension provides supp
Page 471 and 472:
Symbols & (ampersand) &= (bitwise A
Page 473 and 474:
| (vertical bar) |= (bitwise OR ass
Page 475 and 476:
aspell PHP library, 457 assert() fu
Page 477 and 478:
checksums mhash library, 464 valida
Page 479 and 480:
cryptography mcrypt extension, 464
Page 481 and 482:
DTD (Document Type Definition), 263
Page 483 and 484:
System V Semaphores and Shared memo
Page 485 and 486:
calling, 61 for each array element,
Page 487 and 488:
H hash mark (#) in comments, 19 hea
Page 489 and 490:
interlacing GIF images, 246 interna
Page 491 and 492:
masks, using in string searches, 94
Page 493 and 494:
serialization of, 153-157, 438 _ _s
Page 495 and 496:
pdf_open_file() function, 234 pdf_p
Page 497 and 498:
with echo, 76 with print() function
Page 499 and 500:
S Sablotron C library (XSLT support
Page 501 and 502:
sql_regcase() function, 443 sqrt()
Page 503 and 504:
tan() function, 451 target encoding
Page 505 and 506:
function parameters, 33 functions f
Page 507:
xml_set_unparsed_entity_decl_handle
show all

Programming PHP

Create successful ePaper yourself

Delete template?

Save as template?