SitePoint.com

Recent Blog Posts

Blogs » Archive for February, 2004

---

Running Performance Metrics on ColdFusion Functions and Operators

by davidjmedlock

…posted by davidjmedlock:

Have you ever noticed developers making statements about how well various operators and functions perform when compared with other functions and operators? For example, how well does perform when compared to ? Is there really a significant difference?

Well, in my recent article on queries, I used a block of code that output the columns in a query in a table and then output the values below that. In that query I used the Evaluate() function to display the values of the columns. One eagle-eyed reader pointed out to me that using array notation is preferable to the Evaluate function and that Evaluate should be avoided in any situation if at all possible. Here’s the code block I used:

#column#
…

Thursday, February 19th, 2004 | Posted in ColdFusion | 2 Comments »

cmd.exe inside Explorer

by miseldine

An essential little .NET coded app I now can’t live without is CommandBar, which embeds a command line window into a running Windows Explorer. It can even synchronize with Explorer, so no more “cd /thisdir/thatdir/whatdir/”.

And the icing on the cake is it comes with a comprehensive, user-definable set of script snippets for the .NET SDK.

Grab it now!

Thursday, February 19th, 2004 | Posted in .NET | 3 Comments »

Conditional Logging in Apache

by Blane Warrene

Often we find entries in our web logs which we seek to supress or block based on the fact that these entries may be skewing true statistics.

Most web log analysis software offers exclusion filters to block numerous types of entries. However, this can also be done natively in Apache.

For example, perhaps we would like to exclude our own IP address as well as requests for the favicon.ico from the logs.

(You will need to modify the IP address to a real one for this to work - i.e. either your machine IP address if using static IP or that of your proxy server/router if proxying Internet access from your local network.)

# Prevent entries from my host address
SetEnvIf Remote_Addr “10\.0\.0\.1″ dontlog
# Prevent entries for the favicon.ico file
SetEnvIf Request_URI “^/favicon\.ico$” dontlog
# Log what remains
CustomLog logs/web.log combined env=!dontlog

Additionally, you could additionally prevent requests for the robots.txt file from being logged as well.

# Prevent entries for robots.txt
SetEnvIf Request_URI “^/robots\.txt$” dontlog

NOTE: Remember to change the log type to that which you prefer, i.e. I use the combined log format instead of common. See your httpd.conf file for your current log format type.

Wednesday, February 18th, 2004 | Posted in Open Source | 16 Comments »

Make Better Use of Queries

by davidjmedlock

…posted by davidjmedlock:

You’ve probably noticed my latest article - Data Structures 4: Queries. I promise this is the last one about data structures. You can look forward to something new next month.

Queries are an integral part of ColdFusion, though. As I describe in the article, they are used for many, many purposes and they are part of what makes ColdFusion so incredibly simple to learn and use.

So, what are you waiting for? Stop reading this and go read the article!

Wednesday, February 18th, 2004 | Posted in ColdFusion | No Comments »

Perl, PHP and Sour Grapes?

by Harry Fuecks

Search CPAN (Perls repository of re-usable modules) for “PHP” and you might be surprised by the results.

For example PHP::Strings. What’s interesting about this module is it partly implements PHP’s string functions in Perl, or tells you where to look for more info.

The following code, for example;

#!/usr/local/bin/perl -w
use strict;

use PHP::Strings qw( :trim );

my $word = ” Hello World! “;
$word = trim($word);

Results in the following message;

.

…and refers you to the Perl FAQ on How do I strip blank space from the beginning/end of a string?. Nice stuff if you’re a PHP coder hacking away in Perl.

What’s not so nice is the related reading which links to a virtual web ring of “I hate PHP” rants. Trawling through the list, there are some valid technical points against PHP but largely mixed with misconceptions resulting from common “gotchas” that afflict Perl coders, when getting started with PHP. Although emphasis is technical comparison, the impression is that there’s some, more profound (irrational?) reason why (some) Perl coders feel the need to take a shot at PHP.

Why?

It’s tempting to suggest that some feel PHP stole Perl’s “rightful place” as …

Wednesday, February 18th, 2004 | Posted in PHP | 3 Comments »

Sitepoint Flash Community Requires…

by sgrosvenor

I’m going to reiterate what Davd said in the ColdFusion blog; What really interests you, and what subjects would you like to see more of in the Flash blog here at Sitepoint?

You let me know what you’d like to see more tech or design info on and i’ll make it happen.

Keep the ideas flowing…

Tuesday, February 17th, 2004 | Posted in Flash | 9 Comments »

Formmail.php and PHP-Nuke Vulnerabilities Reported

by Blane Warrene

SecurityFocus is a vendor-neutral site that provides objective, timely and comprehensive security information on both closed and open source software. Today’s vulnerability report (delivered via email as BugTraq) reported on two popular open source solutions used by web designers and developers - Formmail.php and PHP-Nuke.

5. Joe Lumbroso Jack’s Formmail.php Unauthorized Remote File Up…
BugTraq ID: 9591
Remote: Yes
Date Published: Feb 06 2004
Relevant URL: http://www.securityfocus.com/bid/9591
Summary:
Jack’s Formmail.php is a web based form to e-mail gateway. The
application is written in PHP, however, a Perl version is available as
well.

A vulnerability has been reported to exist in the software that may allow
a remote attacker to gain unauthorized access to a vulnerable server and
upload arbitrary files.

It has been reported that the software verifies the origin of a request
via HTTP referer. Due to improper validation performed in the
‘check_referer()’ function, an attacker can bypass the checks by supplying
an empty value for HTTP referer. This issue may then allow an attacker to
upload a file via the ‘css’ variable of ‘file.php’ script.

Successful exploitation of this issue may allow an attacker to save
malicious files to the system or potentially overwrite sensitive files.

Although unconfirmed, Formmail.php versions 5.0 and prior may be affected
by this issue.

14. PHP-Nuke ‘News’ Module Cross-Site Scripting Vulnerability
BugTraq …

Tuesday, February 17th, 2004 | Posted in Open Source | No Comments »

Things You Shouldn’t Do In SQL Server

by miseldine

Doug Seven has compiled a list of 26 bad practises to avoid when using SQL Server:

http://dotnetjunkies.com/WebLog/dougseven/archive/2004/02/16/7329.aspx

Tuesday, February 17th, 2004 | Posted in .NET | 4 Comments »

DevNet Resource Kit Volume 6

by sgrosvenor

Macromedia have released their next installment in the DevNet series of resource material, and whilst there are Dreamweaver and Coldfusion sample applications and extensions, most notably (for the Flash freaks amongst us) is the addition of two sample applications one highlighting simple web service consumption in Flash using multiple Flash components; the other an AS 2.0 based MineSweeper game.

Also on the list for Flash monkeys are a Slider Component and a set of ActionScript 2.0 classes for formatting locale specific numerical data. Sound interesting? Pop over to Macromedia for more information.

Unfortunately DevNet Volume 6 is not available for singular purchase and download unlike previous versions which means you need to become a DevNet subscriber to get it. This raises some important issues for me, as sometimes there is a specific focus for each of the releases, myself and others may not wish to purchase a DevNet volume that contains content unrelated to their needs.

Personally i think Macromedia should have kept options open for the user allowing them to subscribe to DevNet or allow them to download individual volumes if they needed to.

Now this may just be my thoughts, but i’d be interested in the view of the SitePoint Flash …

Tuesday, February 17th, 2004 | Posted in Flash | 2 Comments »

Line endings in Javascript

by Simon Willison

I spent much of today fighting with line endings in Javascript, and eventually turned up some results which are well worth sharing - if only to save other developers from descending in to the same debugging black hole.

As you may know, the humble line break actually has three forms depending on which operating system is doing the breaking. On Unix machines, a single newline character ‘\n’ does the job. On Macs, a carriage return ‘\r’ is used. DOS and Windows use both: ‘\r\n’. It’s one of those relatively subtle issues that can bite you hard if you don’t know what to look out for.

Today, I was tasked with the simple problem of building a Javascript function to turn single newlines in to double newlines within a textarea. My first attempt looked like this:

var doublenewlinesRE = /([^\n])\n([^\n])/g;
function doublenewlines(obj) {
obj.value = obj.value.replace(doublenewlinesRE, “$1\n\n$2″);
}

Double newlines

The above code uses a simple regular expression which finds all instances of something that is NOT a newline, followed by a newline, followed by something else that isn’t a newline. Instances of this pattern are then replaced by the same pattern with two newlines in the middle instead of one.

This worked fine in Firefox …

Monday, February 16th, 2004 | Posted in JavaScript & CSS | 16 Comments »