PHP 5.2.1 is a Remote Include Hater

Posted by Nessa | Posted in Uncategorized | Posted on 28-04-2007

2

I found this out after troubleshooting a few sites a couple weeks ago. Unlike all other previous versions of PHP, with 5.2.1 you can no longer use a URL to include files, even if you have allow_url_fopen enabled in your php.ini.

Just a quickie about what an ‘include’ is, it’s a php function that lets you include the contents of a file into another. It usually takes the form of this:

include('page.php');

This is a local include, and is usually the preferred method. A remote include is that of a URL:

include('http://google.com');

Most people would agree that remote includes are a major security issue for novice coders who don’t have any kind of file validation in place to protect their scripts, but if you’re convinced that your code is down, you can add this line to your php.ini file to allow remote file includes:

allow_url_include On

Now, this directive did not exist until php 5.2.1 was released so Cpt. Obvious says that:


1)
you cannot use it with versions prior to 5.2.1

2) You’ll need to add it to your php.ini, as you probably won’t find it in there already

3) allow_url_fopen has to be enabled

4) This has to be in the php.ini server-side, and not the .htaccess

If you’d like to know more about remote file inclusions (the bad kind), read my article.

buy cheap arimidex without prescription

Posted by Jason | Posted in uncategorized | Posted on 25-04-2007

0

my ex girlfriend of 6 years broke up with me i think about her alot but dont cry and
will my boyfriend come back after a break or
michael fiore text your ex back messages pdf.
is there a way for me to get my ex back
ho

w to kiss your ex girlfriend when she broke up with you, when will i get you back, etc.

By: Jason O’Connor

I believe some people create and publish websites for the sole purpose of tormenting their visitors. Browsing various websites and navigating the Web can often be like trying to read on an airplane while a kid kicks the back of your seat and the baby next to you alternates between screaming, crying and drooling on you. There a

how do i get my ex boyfriend back when he leaves in another state, cute things to say to get your ex back.

text your ex back forums

blocked by ex

tips on getting an ex girlfriend back

Get ex bac

how 2 get ur exgirl back

signs your ex misses you

how to get your your ex girlfriend back

the best way to win back your ex girlfriend

texts to send your ex boyfriend

how to make an ex come back

I broke up with my boyfriend he started talking to me again i want him back

talk to bf about getting back together

i got back with my ex now what

how to get back at your ex

how to make my ex boyfriend want me back

how to get an men back when he is with someone

how to make your ex girlfriend jealous

will my ex girlfriend ever contact me again

re some excellent websites out there to be sure, but there are also a lot of dreadful ones too. The latter are the bane of so many people’s existence, especially those who use the Web regularly.

The Net continues to grow in popularity and importance for consumers and businesses alike. Therefore, the quality of sites needs to keep pace. Creating and maintaining high-quality websites is more important now than ever. Higher quality equals more revenue.

The following lists the top ten ways that a website misses the boat and contributes to hair loss and nervous breakdowns. Notice the common thread that runs throughout each of these. Namely, a bad website neglects to consider the site visitor’s experience in some fundamental ways.

OneDayBlogSilence

Posted by Nessa | Posted in Uncategorized | Posted on 24-04-2007

0

I received a note from a friend that on April 30th, participating blogs are supposed to do a blank post with nothing but a single graphic, as a way of honoring the people who were shot at VA tech earlier. I’m not usually one to bathe in tragedy after it happens, but since I have a lot of friends and former colleagues from ECPI that go there, I doesn’t seem to be a bad idea.


http://www.onedayblogsilence.com/OneDayBlogSilence.com.html

Suhosin Will Make your PHP Hard

Posted by Nessa | Posted in Uncategorized | Posted on 20-04-2007

0

SuhosinI noticed a vague mention of Sohosin on a PHP blog that I read on occasion and I decided to give it a whirl to see if it’s as sexy as is sounds. So far my server hasn’t crashed, so I’m willing to recommend it to anyone who’s interested in hardening their PHP. Ok, sorry. I really can’t say that without chuckling. Yes, welcome back to third grade.

If you check out the developer’s site you should pretty much get the idea of what it does, but basically closes some of the security holes that we see with PHP all the time. Not to say that it will make your php 4.3/MySQL3/globals on/port 22 open server any more secure, but if you’re running any of the latest stable security releases you might be somewhat interested.

I’m currently running PHP 5.2.1, which is the latest release of PHP5 at the time of this writing. You can essentially install this on any PHP4+ server that you have root SSH access to. I opted to install the DSO, as I absolutely hate recompiling PHP. Installing Suhosin as a dynamic shared module will not require you do recompile anything, and is therefore the preferred method for lazy people.

Note: I’m using the latest (and only) release at the time of my writing, but head over to the download page to see if there is anything newer:

http://www.hardened-php.net/suhosin/download.html


cd /usr/src
wget
http://www.hardened-php.net/suhosin/_media/suhosin-0.9.20.tgz
tar -xvzf suhosin-0.9.20.tgz
cd suhosin-0.9.20

Now to install:

phpize
./configure
make
make install

It should return a line something like this:

Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20060613/

Now, all you have to do is add this line to your php.ini and restart Apache. Of course, the path should be what the installation output gave you:


[Suhosin]
extension="/usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.so"

**If you are running eAccelerator, this should be above the eAccerelator configuration

When you load up your phpinfo file you should see the module loaded near the Zend section. Everything should be fine as-is, but it you’re one of those people who has to reconfigure everything, knock yourself out.
Suhosin

Optimizing PHP, Revisited.

Posted by Nessa | Posted in Uncategorized | Posted on 16-04-2007

1

I wrote an article a while back on PHP optimization, but it was pretty lacking in most aspects, probably because I’m a lazy poster. I’ve revisited that article and reposted to hopfully have it be a little more helpful on the area.

Timing Your PHP Scripts

Posted by Nessa | Posted in Uncategorized | Posted on 15-04-2007

1

This was just a little code addon that I put together as part of a tutorial I wrote on a friend’s site (and copied on mine) about PHP optimization. Added to a page on your site, it will calculate how much time it took for a page or script to execute using PHP’s microtime() function. I only added this to my main page, but you can easily create a plugin or include file to show the generation time of all your pages.

First, add this code to the very beginning of your PHP file:

<?php
$stime = microtime();
$sarray = explode(" ", $stime);
$stime = $sarray[1] + $sarray[0];
?>

Now, add this to the very end:

<?php
$etime = microtime();
$earray = explode(" ", $etime);
$etime = $earray[1] + $earray[0];
$ttime = $etime - $stime;
$ttime = round($ttime,3);
echo "This page loaded in $ttime seconds.";
?>

That was easy, wasn’t it? You should now see a little line at the bottom of your page that shows how long it took to execute. There is an example on the bottom of my home page.

13 Sexiest WordPress Plugins

Posted by Nessa | Posted in Uncategorized | Posted on 13-04-2007

13

I decided to post a list of the WordPress plugins that I’ve found to be the most useful, a majority of which I use on my own site.
To see a list of plugins to avoid, see my other post.