logs archiveIRC Archive / Freenode / #php / 2015 / August / 10 / 1
biberu
are we shoving spoons in our eyes?
sorabji
still waiting on jadew to actually explain what he wants to accomplish
jadew
I already told you
sorabji
instead we're going in circles arguing how he thinks he can do what he hasn't told us he wants to do
instead we could have a conversation about what he wants to accomplish, and discuss ways to get that done.
jadew
I already accomplished it
thanks tho
sorabji
ahh, very good then
jadew
I'll publish the code soon and I'll show you what I wanted to do and why
sorabji
a simple explanation is all i asked for
jadew
but I gave you the simple explanation
         

sorabji
you did not
jadew
I want stuff available in the object, before __construct is called
so I can use that stuff from __construct()
sorabji
that's how you want to accomplish something else
__adrian
not an explanation of how you want to do something. of what you want to accomplish (WHY you feel the need to do this).
sorabji
says nothing about the 'something else'
jadew
the stuff is put in there by the frameowork, while the __construct() is part of the user code
__adrian
jadew, just put the stuff in construct in the right order.
set properties, use properties
not vice versa
sorabji
(Action) fears this is going to go nowhere
__adrian
but the constructor should ONLY get things ready. it should never DO WORK.
jadew
__adrian, define work
__adrian
in this context, "anything which is not specifically part of making the object ready to use"
*specifically AND completely necessary
otherwise, you're trying to live in a house and build it at the same time
cofo
Hi
Please help. I have VMware running Ubuntu linux and it has server 127.0.0.1.1
jadew
cofo, that's an invalid IP address
cofo
127.0.1.1
jadew
mabye 127.0.0.1
and what server is that?
also, you failed to mention what you need help with
__adrian
^
cofo
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-14-04
I can't open it in my main os
the url that is 127.0.1.1
__adrian
you cannot start the VM?
or you cannot access the site in your browser
cofo
i can open it in VMware. I mean outside I can't
Or I don't know how
CoJaBo
..I should probably have put a fileextension filter on this form...... :/
         

__adrian
might be helpful to /join #vmware
this doesn't sound like a php issue.
CoJaBo at the risk of a really big headache... why does it matter what file extension the user provides
CoJaBo
__adrian: If I ask for a resume, and youve provided a .3gp, I think I can auto-reject that candidate's application
TML
Depends on the job.
__adrian
:)
also, you're assuming that the file extension is a reliable indicator of what the file *is*. it is completely not.
cofo
i made a sumbit button and i see it as a text
when i delete it i can move on to php file
TML
For some positions, my indie short film might very well be the best kind of "resumue" I can offer.
CoJaBo
__adrian: If thye can hack past it, I can bump them up in the line for the infosec positions; still helpful :P
cofo
https://www.irccloud.com/pastebin/jjF0Fhhe/
the sumbit problem
CoJaBo
TML: If you're submitting it as a 240x320 res file, I'd still reject it lol
__adrian
"hack" it? you mean, write their own file extension? you're qualifying a lot of people for infosec
cofo
lol
it's SUBMIT
i fixed
CoJaBo
__adrian: But that literally qualifies only the upper 1%; there are a LOT of stupid people out there
TML
CoJaBo: *shrug* Like I said, depends on the file. If you're looking someone to develop short video clips targeting low-end mobile devices, a 240x320 resolution short film showing what I can do is perfectly appropriate.
cofo
damn i made a XSS
:<
TML
s/file/position/
cofo
echo $_POST["Name"];
CoJaBo
TML: .exe is even more far off
cofo
please where i can find article to prevent it
CoJaBo
There's a few .dlls too, and several .gpg
__adrian
cofo, http://php.net/htmlspecialchars (assuming this is printed as html)
Alphos
cofo depends where you're attempting to prevent them
TML
you don't think a GPG key would be a good resume?
cofo
in html
Alphos
htmlspecialchars OR htmlentities if you're outputting html, json_encode if you're outputting javascript
__adrian
CoJaBo, what if i gave you a legit resume and just gave it that name+extension?
cofo
but later in SQL so please help
MSQl
__adrian
cofo, you DO NOT deal with xss in mysql.
Alphos
there's no such thing as xss in mysql
cofo
`then sqli
my bad
__adrian
you deal with it WHEN YOU ECHO IT.
cofo
i mean sqli
Alphos
there's injection, which you can prevent using prepared statements, for instance using PDO to connect to your mysql database
cofo
but i followed tutorial
TML
cofo: Use PDO and parameterized queries
cofo
Which is good article or good topics or good keywods so i can search
thanks
Are there any good article or tutorial because I don't understand.
CoJaBo
TML: It's a GPG-encrypted file. Which would be impressive, if it were encrypted with the co's pub key, but that isn't published on the site
TML
__adrian
cofo, problem: echo $_POST['something']; solution: echo htmlspecialchars( $_POST['something'],ENT_QUOTES,"UTF-8" );
TML
we have plenty of tutorials and links to 3rd party ones on our site
__adrian
nothing to do with the DB. the DB is the WRONG place to try to solve this.
CoJaBo
..what the fricking hell is .lis even
cofo
i gonna avoid php XD
its dangerous security
TML
cofo: Great. Good luck!
__adrian
cofo, any language is "dangerous security" if you don't understand security
« prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 next »