[openbeos] Re: Haiku software site
- From: Alex <netster403@xxxxxxxxxxxxxxx>
- To: openbeos@xxxxxxxxxxxxx
- Date: Sat, 20 Jan 2007 12:53:06 -0600
Thank you sir! may i have another?
On Sat, 20 Jan 2007 18:05:50 +0100, Charlie Clark <charlie@xxxxxxxxxxxxxx>
wrote:
>
> Am 20.01.2007 um 15:18 schrieb Alex:
>
>> ack ok. i have received lots of recommendations of content
>> management systems. All of which have failed :)
>
> One has to ask the question: what actually failed? Actually I haven't
> understood why you are building another system rather than getting a
> Haiku category created somewhere.
>
I tried drupal and joomla. The currently available modules for these systems
did not do as expected, and did not provide me with the flexibility i needed.
>> I've decided to go with what i do best, php and mysql.
>
> You might want to look at some of the security issues related to that
> combination particularly if you are using PHP 4.x
>
> eg. http://www.haikubytes.com/beta/?category=''
>
Php is secure unless you program insecurely. For example the link you posted:
http://www.haikubytes.com/beta/?category=''
This will not work. my php code scans 'category' to ensure it's an integer
with regex, if it is not an integer it dies. I plan to implement several
security checks such as these throughout the site.
>> You can watch the progress of the site at:
>> http://www.haikubytes.com/beta
>>
>>
>> please note that the database system is in HEAVY development and
>> all things may not work at all times (err or at any times :D)
>
> You mean you don't have a development system?
>
> WTF are you doing with "embedded" images?
>
have you ever tried to extract images from a mysql database and place them
inline in html? The category images are stored mysql datablobs. I could
reference the image to an external php file which could query the database and
return a png header, but im lazy, and who uses IE anyway? :P /me got no lub
for IE users. anyway it works with all other browsers out there anyway so, blah
You may ask why I don't extract the image to a file in a temp directory and
reference it in the html? Temp directory's are a bad idea in php. they are too
easily compromised. Its a well known and well utilized hack to upload files
through php and execute them as the apache user.
> Sorry to be so negative but I suggest you reevaluate some of the
> systems that have been suggested.
Like i stated before its in HEAVY development, things will improve it kno it's
a little ugly but im more concerned with functionality right now :)
>
> Charlie
> --
> Charlie Clark
> Helmholtzstr. 20
> Düsseldorf
> D- 40215
> Tel: +49-211-938-5360
> GSM: +49-178-782-6226
-----------------------------------
Alexander von Gluck
Linux Systems Administration
Other related posts:
