Jared Evans Global Microbrand

Learn how to use CSS to
control the style and layout of multiple Web pages all at once.

CSS Tutorial

The Atlas framework has two distinct elements – a client script framework, and a set of server extensions that integrate Atlas with ASP.NET. The client script framework is 100% Javascript, and works with any modern browser. But it is also completely server-agnostic, and works with any web server.

if you want to connect to the server, you’ll want to write server-side code to talk to the Atlas client. To build a web service class, you can just create a new PHP file, include AtlasService.php, and write a class that inherits from AtlasService.

Using Atlas with PHP

PHP Security Consortium: Library

We try to prevent that since some time with different approaches.
For example, we allow only certain tags in comments (with the help of
strip_tags()), we don’t make links clickable, and use tidy for further
clean up, but we also wrote a little method, which tries to clean the
most common exploit attempts with some preg magic. But I doubt, that we
catch every possible exploit…

The
source code of the method can be found here and you can test it out at http://php5.bitflux.org/xss.php.

Bitflux Blog :: XSS – How we try to prevent it.

Excellent intro to XSS attacks

Chris Shiflett: XSS Cheatsheet

and

PDF: PHP Security workbook

Bad Google…   They missed on an obvious XSS exploit in Gmail’s subject line/text preview: 

Ph3rny’s Blog: Vulnerability in Gmail

JavaScript Toolbox – Calendar Popup To Select Date

in name of cross-browser API

Atlas compatibility layer: why did we extend Firefox to implement IE-isms?

Automatically processing an email with attachment(s) using PHP and PEAR Mail class
from this blog entry

Prerequisites:
Linux/BSD
PHP with CLI enabled
PEAR
Sendmail with individual user account

Aim: Save attachments sent to christian@foo.bar.com to server storage.

1. Setup sendmail account to forward to PHP script.

In the home directory of christian(/home/christian) on the foo.bar machine make and edit a file called “.forward”. In this file put in the following.

|”/dir_to_php_script/process.php”

This will forward any email sent to christian@foo.bar.com to the php script.

2. PHP script to process email “/dir_to_php_script/process.php”
[Don't forget to chmod 755 process.php]

// begin contents of process.php
#!/usr/local/bin/php
<?php
// Need PEAR installed
include(’Mail.php’);
include(’Mail/mime.php’);
require_once ‘Mail/mimeDecode.php’;

// read email using stdin
$fd = fopen(”php://stdin”, “r”);
$email = “”;
while (!feof($fd)) {
        $email .= fread($fd, 1024);
}
fclose($fd);

$params['include_bodies'] = true;
$params['decode_bodies']  = true;
$params['decode_headers'] = true;

$message=new Mail_mimeDecode($email);
$mailObj=$message->decode($params);

// Who is it from
$from=$mailObj->headers['from'];
// Get Subject
$subj=$mailObj->headers['subject'];
// Get Message Body
$body=$mailObj->parts[0]->body;
$gather=”From:$from\nSubject:$subj\nBody:$body”;

// Get and Save the Attachments
foreach($mailObj->parts as $key=>$val):
        $tmpObj=$mailObj->parts[$key];
        $tmp=$tmpObj->d_parameters['filename'];
        if(!empty($tmp)):
                $fd = fopen($tmp, ‘w’);
                fwrite($fd, $tmpObj->body);
        endif;

endforeach;

?>
// end of contents of process.php

The list below almost makes me want to puke:
I was able to find at least, count ‘em, ten MVC frameworks for PHP!

Too many fragmented frameworks which makes it difficult for one to emerge as the clear winner.  I guess it’s off to Ruby on Rails which has just one framework to follow!

I’m at crossroads now:  VS.NET 2005/MS-SQL2005 ($$$) or RoR/PostgreSQL (free beer)…

Ambivalence:
WACT:
Achievo:
Phrame:
Studs:
Prado:
PHPOnTrax:
CakePHP:
Mojavi:
Symfony:

XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use – just download, extract and start.

There are several XAMPP distributions to choose from… For  MS Windows-

XAMPP for Windows
The distribution for Windows 98, NT, 2000 and XP. This version contains:
Apache,
MySQL,
PHP + PEAR,
Perl,
mod_php,
mod_perl,
mod_ssl,
OpenSSL,
phpMyAdmin,
Webalizer,
Mercury Mail Transport System for Win32 and NetWare Systems v3.32,
JpGraph,
FileZilla FTP Server,
mcrypt,
eAccelerator,
SQLite,
and WEB-DAV + mod_auth_mysql.

…Now only if PostgreSQL was included too!

While not perfect, it’s possible to know the likely locations of your web visitors.  MaxMind has free API in various languages:

MaxMind – Resources for Developers

F-Secure folks decided that the new command line interface for the next Windows Vista operating systems is already riddled with security problems just because it can simply run shell scripts!

Hello??? You can do the same whether or not it’s Monad, Perl, Cygwin bash, or even the old DOS batch files! You are at risk if you attempt to run any executable script files of any type from an untrusted source.

Are those drums I hear beating at the Anti-virus camps to boost their anti-virus software sales at expense of clueless users?

Programming Konfabulator Widgets

Konfabulator: The Beginning Widget Writer’s Guide