PHP Input Filter

We just released our version based on http://www.phpclasses.org/browse/package/2189.html

almost an complete rewrite plus more filters for different types of data

here an example of how to use our version

//creates the object

$filter =& input::get_instance();

// some xss string

$description = ‘<A HREF=”http://www.gohttp://www.google.com/ogle.com/”>XSS</A>’;

// strips the tags or converts them to plain text

$description = $filter->clean($description, ‘string’);

please note there is no docs for these scripts as they have been designed for dazzle cms but can work in your projects too.

docs will come later when we give our scripts there own home as this is just our development blog.

all we ask is you give us credit and link us too www.dazzlecms.com

2010
01/11
CATEGORY
PHP
Write comment

Benefits of Running IIS7.5 Over IIS6 Or Apache

IIS7.5 – The latest and greatest from Microsoft.

IIS7.5 is the latest iteration of the Microsoft’s web server. Formerly know as the Internet Information Server, IIS has come to dominate most of the servers belonging to Fortune 100 companies though Apache remains the market leader overall. According to the latest statistics over a third of all sites are backed by IIS.

Benefits of IIS7.5 over IIS6

IIS7.5 is one of the more significant updates to the IIS platform. The biggest change is the modular nature of the engine. This means that one can configure IIS7.5 to support only features that are needed, adding more as and when necessary. In addition to improving it’s flexibility, this leads to a significant leap in security. For example, you can add modules from scripting and even backward compatibility.

Another significant improvement, is the use of an XML based web.config file (just like in .NET applications) to handle the configuration of the entire server configuration. This leads to improvements in portability, fine tuning as well as ease of access compared with the previous hierarchical metabase storage up until IIS6.

There is also good news for VPN users. IIS7.5 has improved it’s remote management capability by providing secure HTTP connections though you have to enable remote management manually. But that can be good as some viewed the earlier setup as more vulnerable.

Though there are many more improvements, let us look at some reasons why you should an IIS7.5 engine over a more traditional server like Apache.

Benefits of IIS7.5 over Apache

For most people the ability to use PHP scripts on IIS used to deter them from using a Windows platform. Even a hosting provider like Godaddy disallows the use of a PHP based application like WordPress on a Windows server. However, the latest releases of IIS and especially IIS 7.5 give massive performance improvements while running PHP scripts to the extent that PHP is no longer the sole reason not to choose IIS.

Today more and more site owners are turning to Windows to host their PHP based applications, and WordPress on windows is picking up a huge following.  Thanks to improvements around PHP and IIS through the cooperative efforts of Zend and Microsoft, PHP performance is much more stable, reliable and faster than it was on earlier versions.

Of course, if you plan to make use of the awesome .NET platform, then IIS 7.5 is your only choice. With the latest release of ASP.NET 3.5 and full support for the MVC framework there has never been a more compelling time to develop applications in .NET. In addition, Microsoft’s Web PI  has made it easier than ever to install all .NET related components. IIS 7.5 has also significantly improved it’s usability interface eschewing the full MMC framework it had earlier.

IIS7.5 also features improved diagnostics capability with advanced error tracking that allows you to trace errors based on the conditions you want IIS to look out for. This could be tracking down timed out pages or other errors through it’s “failed request tracing” capability.

Summary

All in all, this is the time to switch over to a Windows platform if you’ve been sitting on the fence till now. The new security features coupled with the flexibility, ease of use and diagnostics have made IIS 7.5 quite an irresistible choice for those looking to host their web applications.

2009
12/18
CATEGORY
Apache
IIS
6 comments

FTP Servers Being Replaced With Online Services

FTP Servers are still the most popular way to store and transfer large files. As browsers get better suited to dealing with file uploads and downloads, new web services are emerging to replace FTP. Online file transfer and sharing services provide an affordable, easy-to-use alternative to traditional FTP servers.

Why should you consider replacing your FTP server?

1. Easy to Use: Online file transfer sites are easier to use than FTP, can be accessed through a web browser, require no additional downloads and can be accessed from anywhere.

2. More Secure: With most web-based transfer services, passwords are always sent over an encrypted connection.

3. Branded Experience: You can customize the look and style of your file transfer service and upload your company logo for a branded experience.

4. Activity Notifications: Receive notifications when users upload or download files, leave comments, or make any changes to files.

5. View Files Online: With file previews, you can view images and common office documents online without the need to download.

6. Search: Quickly find documents by searching through the title and content of Word documents, PowerPoint files, Spreadsheets, PDF documents and more.

7. Integrate with Your Website: Web-based services can be easily linked to from your existing website to provide a seamless experience to your clients and partners.

8. Manage Users: Controlling access to files is simple and does not require calling the IT department any time you need to add users, remove users, or reset your password.

9. Comments: Post comments on files to leave messages and communicate with other members of the Hub.

10. Version Control: Version history lets you view the history of previous versions, compare them to one another and restore an older document.

2009
12/18
CATEGORY
Apache
FTP
Servers
Write comment

PHP 5.2.12 Release Announcement

PHP 5.2.12 Release Announcement

The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.12:

  • Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
  • Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
  • Added “max_file_uploads” INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)
  • Added protection for $_SESSION from interrupt corruption and improved “session.save_path” check, identified by Stefan Esser. (CVE-2009-4143, Stas)
  • Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

Key enhancements in PHP 5.2.12 include:

  • Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)
  • Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
  • Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
  • Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe)
  • Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
  • Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia)
  • Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe)
  • Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
  • Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe)
  • Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe)
  • Fixed bug #49098 (mysqli segfault on error). (Rasmus)
  • Over 50 other bug fixes.
2009
12/18
CATEGORY
PHP
Write comment

PHP 5.3.1 Released!

The PHP development team is proud to announce the immediate release of PHP 5.3.1. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.1:

  • Added “max_file_uploads” INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
  • Added missing sanity checks around exif processing.
  • Fixed a safe_mode bypass in tempnam().
  • Fixed a open_basedir bypass in posix_mkfifo().
  • Fixed bug #50063 (safe_mode_include_dir fails).
  • Fixed bug #44683 (popen crashes when an invalid mode is passed).

Key Bug Fixes in PHP 5.3.1 include:

  • Fixed crash in com_print_typeinfo when an invalid typelib is given.
  • Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection.
  • Fixed crash when instantiating PDORow and PDOStatement through Reflection.
  • Fixed bug #49910 (no support for ././@LongLink for long filenames in phar tar support).
  • Fixed bug #49908 (throwing exception in __autoload crashes when interface is not defined).
  • Around 100 other bug fixes
2009
11/21
CATEGORY
PHP
PHP-Nuke
PHPBB
Smarty
Write comment