原来我一直以为不能够在chrome下的Sablog里面使用fck editor,直到coolcode.cn的andot在群里说改了点东西就支持了。
原来fckeditor.js里面有
JavaScript代码
- this.enableSafari =false;
- this.enableOpera = false;
于是,将这两行改成了true;
然后修改那两个PHP文件,在IsCompatible方面里面的判断加上
PHP代码
- else if ( strpos($sAgent, 'Opera/') !== false )
- {
- $fVersion = (float)substr($sAgent, strpos($sAgent, 'Opera/') + 6, 4) ;
- return ($fVersion >= 9.5) ;
- }
- else if ( preg_match( "|AppleWebKit/(\d+)|i", $sAgent, $matches ) )
- {
- $iVersion = $matches[1] ;
- return ( $matches[1] >= 522 ) ;
- }
于是,世界清静多了,菜单也出来了。
感谢andot给我们提供的方法。。。
不愿意手工改的朋友,可以直接到:
在 Google 浏览器(Chrome)中能够使用 SaBlog-X 发文章的方法
- http://www.coolcode.cn/show-305-1.html
进行下载。good Luck for you
从未想过,phpinfo页面居然有这么大的漏洞,在我想来,这纯粹是一个输出页面,怎么会有漏洞呢?
看了(抽烟的蚊子)写的:http://item.feedsky.com/~feedsky/phpv/~1232318/86146146/1235221/1/item.html,我才知道,原来还有这种事。
原文如下:
漏洞说明: php是一款被广泛使用的编程语言,可以被嵌套在html里用做web程序开发。phpinfo()是用来显示当前php环境的一个函数,许多站点和程序 都会将phpinfo放在自己的站点上或者在程序里显示,但是phpinfo里存在一些安全问题,导致精心构造数据就可以产生一个跨站脚本漏洞,可以被用 来进行攻击。
漏洞成因: phpinfo页面对输入的参数都做了详细的过滤,但是没有对输出的进行charset的指定,而在一些浏览器里如IE7里,你可以让它自动选择编码或者通过一个iframe页面给它指定编码,这样就可以饶过phpinfo的过滤而产生一个跨站脚本漏洞。
漏洞来源: http://www.80sec.com/release/phpinfo-xss.txt
漏洞利用: 利用代码如下:
<html>
<head>
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7">
</head>
<body>
<iframe src="http://www.80sec.com/phpinfo.php?+ADw-SCRIPT+AD4-alert(document.domain);+ADw-/SCRIPT+AD4-=1">
以上代码在IE7+php 5.2.6测试成功。phpinfo页面的xss甚至比其他页面更加危险,因为如果有phpinfo的存在,恶意攻击者可以利用phpinfo的输出bypass如httponly和一些基础认证。
漏洞影响: 影响所有版本的php和浏览器IE7
漏洞修补: 建议暂时删除站点的phpinfo页面避免被人利用。
太吃惊了
上传的时候,判断文件后缀名,然后再同时生成复杂名字的时候,总是会有烦恼,也确实是,使用PHP取文件后缀名的方法太多了。。这里稍列几个
1、
利用 pathinfo 函数
- <?php
- $urlname = 'http://www.neatcn.com/attachment/test.gif';
- $path_info = pathinfo($urlname );
- echo $path_info['extension'];
- ?>
2、discuz里面利用strrchr取得后缀名
PHP代码
- function fileext($filename) {
- return trim(substr(strrchr($filename, '.'), 1, 10));
- }
- //个人建议在$filename上加上basename(),这样可以对路径也处理一下
3、利用end函数
PHP代码
- $filename = 'http://www.neatcn.com/attachments/test.gif';
- echo(end(explode(".",$filename )));
最早以前判断都是判断strpos取得最后一个.的所在位置,现在都用strrchr了,毕竟它可以安全的操作二进制文件。
还可以通过finfo::file($filename);来取得文件的类型,然后再进行处理,不过。这已经不算是取文件名了。
大至是以上三种,其他一些方法类似的就不一一列出了
Introduction:
简价
We have been creating web-applications using PHP since it came into existence, now we can also develop Desktop or Stand alone Applications with PHP-GTK. Desktop Applications are one which does not need either a Web Server like IIS, Apache, PWS etc. or a web browser for their execution. One of the reasons why Java is so popular is because it can be used to build applications, web pages, applets and beans that can run on several platforms including Windows, Linux and Solaris. Java runs a virtual machine called JVM, and code is compiled into an intermediate format known as Java byte code, which is platform independent. When that particular piece of code is executed within the JVM, the JVM optimizes the code for the particular platform on which it is running as it is being compiled.
从PHP产生到现在,我们一直都是使用它创建WEB应用,如今,我们也可以使用PHP-GTK来创建桌面或者其他杰出的应用。桌面程序不再依靠WEB服务器(比如IIS、APACHE、PWS等等)或者通过浏览器运行他们。JAVA为什么这么流行其中之一的原因就是他不仅可以创建程序、WEB应用,小应用程序Applets和Beans,而是他可以运行在windows、linux和solaris平台上。当这些特定的代码在JVM上运行的时候,JVM会在编译的时候针对特定联台而对代码进行优化。
Microsoft's latest technology, .NET follows the same principles. Code is compiled into Microsoft Intermediate Language (MSIL) and is then executed within the .NET framework as an application domain. Microsoft is hoping to standardize C# and MSIL so that .NET code can run cross platform.
微软最近的技术声称,.net一直遵循着同样的工作原因,代码被编译成MSIL并且运行在.net framework上。微软一直希望C#和MSIL能够标准化,这样.net下的代码也就能够相对的跨平台运行了。
So what has all of this got to do with PHP-GTK? Well, both Java and .NET can be used to build windowed applications and web pages. Thanks to PHP-GTK, we can now build cross platform windowed applications with PHP as well.
可是这和使用PHP-GTK又有什么关系呢?OK,java和.net都能够创建“窗口式应用”(桌面应用软件)和网页。感谢PHP-GTK,我们也可以使用PHP创建跨平台的“winform应用”(windowed applications一直不知道怎么翻译比较好,下面如果再提到,我想,我还是用桌面应用软件来代替吧。)。
What is PHP-GTK?
PHP-GTK是什么?
GTK is an acronym for the GIMP Toolkit and GIMP is an acronym for GNU Image Manipulation Program, and is a fully featured graphics editing program that runs on Linux. It has many (if not all) of the features of popular Windows programs such as Photoshop and Paint shop. It's the graphics editor of choice for most Linux users.
GTK是GIMP ToolKit(GIMP工具包)的缩写,同时GIMP又是GNU Image Manipulation Program(开源图像处理软件)的缩写,是一个可以运行在LInux下的一款图像编辑程序。它拥有与windows平台下的photoshop和画笔程序一些相同的功能,但并非全部。它是大多数Linux用户所选择的图形编辑工作。
GTK is actually part of a set of libraries that was written in C called GTK+. GTK+ was built up over time and is now a main part of Gnome, which is a Linux GUI desktop environment. GTK+ is based on an object-oriented nature and also includes two other libraries:
GTK实际上是一套用C语言编码的代码库,一般称为GTK+。GTK+一直以来就是Gnome(Linux图形界面)的重要部件之一。GTK+采用了面向对象的方面,并且引入其他两个重要的库:
- GLib: A library of tools that can be used to assist developers when creating applications with GTK+.
- GDK: Similar to GDI for Win32, GDK standard for GIMP drawing kit and wraps a set of lower level drawing functions into classes that make developing applications with GTK+ easier. If you're thinking along the lines of MFC for C++ then you're making a fair comparison: MFC wraps several controls and hides the calls to the underlying Windows API's from the developer. GDK does the same thing for GTK+.
Where to get?
We can download binary as well as source code version of PHP-GTK from http://gtk.php.net/download.php . As a beginner, it would be a difficult process to download and install in this manner. Where we need to set up another php.ini file for PHP-GTK. Instead there is another way of installing it. We can get PHP-GTK2 in an executable form as we get WAMP.EXE. (Windows, Apache, Mysql, PHP) All we have to do is just download just download the files from http://www.gnope.org/download.php ,unzip them and double click on the icon GnopeSetup-1.5.1.exe . It will run through a step by step process where it will set up PHP-GTK automatically.
How to test the installation?
Once the installation is done we would eager to know about what is special in it? When we install PHP we would run phpinfo () from root directory .For this let us run a sample script which displays Hello world (as usual) .we can use Dreamweaver for editing the code. Another important point to be kept in mind is to save the file with extension .phpw it can be saved anywhere on your hard disk.
Here is the sample code:
<?PHP
if (!class_exists('gtk')) {
die("Please load the php-gtk2 module in your php.ini");
}
$wnd = new GtkWindow();
$wnd->set_title('Hello world');
$wnd->connect_simple('destroy', array('gtk', 'main_quit'));
$lblHello = new GtkLabel("hello world");
$wnd->add($lblHello);
$wnd->show_all();
Gtk::main();
?>
I have saved this sample file with the name hello.phpw at c:\test\. We should run this sample code from command line interface. (CLI) There may be a question rising in your mind asking, why we should run through command prompt than by just by double clicking it as it is a stand alone application. It is possible, for that we need to have a PHP compiler which converts our PHP-GTK code to EXE file . For now, let us try running it from the command prompt.
现在我们将上面这段代码保存在c:\test\目录下,取名为:hello.phpw。我们可以在命令行下运行它。或许你会有疑问,为什么我们不是编译成一个正常的程序,可以通过双击来运行?当然,这不是问题,那样的话,我们需要通过我们的PHP-GTK程序把PHP代码转换成EXE文件。现在,让我们尝试运行一下这个命令行先。
Steps for Executing a sample code:
执行部骤
- Start -> Run -> cmd (for xp sp2 and later version) or command (for windows 98).
点击开始菜单->运行,输入cmd,如果是windows2000以前的版本,请输入command。
- Now you could see a black window which is Command Prompt. Key in the following commands as shown below.
z:>c:
c:> cd test
c:\test>php hello.phpw
Once we finish this line and hit the Enter key, we should see the desired output.
This shows the successful installation of PHP-GTK2 and shouls us PHP output without a web-browser.
Some interesting Websites on PHP-GTK:
- http://www.kksou.com/php-gtk2/
- http://phpgtk.activeventure.com/gtk/gtk.gtkbox.html (describes about all base classes).
- http://gtk.php.net/download.php
- http://www.gnope.org/download.php
看新闻的时候,突然看到phpmyadmin出了3.0beta版本,只是好象新版本是基于5.2开发的。源码地址为:http://internap.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-3.0.0-beta-all-languages.zip,大家可以去下载,如果不能下载,可以先到:http://sourceforge.net/projects/phpmyadmin/,找到3.0beta版进行下载。
对于使用PHP进行开发的人员来说,phpmyadmin可以说是最常用的工具之一。其重要性不亚于一个好的IDE所带来的功效。
SF上面如此提示:
Welcome to the beta release of phpMyAdmin 3.0.0. This version supports various features of MySQL 5.1, the Maria and PBXT storage engines and
SweKey hardware authentication. The 3.0 series requires PHP 5.2+ and MySQL 5.0+.
看到cnbeta上有人评价说:phpmyadmin不是利器,而是神器。心中亦有此感啊。
下载源码,学习一下。oh yeah
