“Mail option not available!”
I spotted a strange PHP "feature" in the error_log() feature.
PHP checks for sendmail functionality once during ./configure for the mail() and error_log() functions.
Now, you can quite happily pass the sendmail path with the 'additional_parameters' flag to the mail() function, if you added mail support later but error_log() won't take that flag, so it fails with "Mail option not available!"
Rule: Install postfix/qmail/whatever BEFORE installing PHP if you want to use mail as an error_log() option.
Why does perl consume my entire CPU?
I use a perl script to convert an Excel file to CSV on an Ubuntu mail server. It's a reasonably high specification machine. But then again the Excel spreadsheet is quite large too. It takes about 5 minutes to convert. During that time, CPU use hits 100% but it only takes 16.5% of memory.
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5559 root 25 0 87520 83m 1688 R 100 16.5 0:06.35 xls2csv
Annoying.
I wish I could use the catdoc alternative written in C, but it freaks out with Japanese character sets.
Making user inputted data safe
I like to use the PEAR library HTML_Safe to clean up any user input I collect from forms and such before saving to a database. (It is also downloadable seperately from PixelApes).
It strips out any potentially dangerous HTML and code such as;
- opening tag without its closing tag
- closing tag without its opening tag
- any of these tags: “base”, “basefont”, “head”, “html”, “body”, “applet”, “object”,
“iframe”, “frame”, “frameset”, “script”, “layer”, “ilayer”, “embed”, “bgsound”,
“link”, “meta”, “style”, “title”, “blink”, “xml” etc. - any of these attributes: on*, data*, dynsrc
- javascript:/vbscript:/about: etc. protocols
- expression/behavior etc. in styles
- any other active content
It's been stuck at 0.9.9 beta since 2005 but the oldies are the goodies (See qmail, 1 & 2).
Useage, say for example, I want to make the $_GET['show'] variabl, which is passed in the query string safe;
require_once 'HTML/Safe.php';
$safehtml =& new HTML_Safe();
$show_safe = $safehtml->parse($_GET['show']);
For a lazy simple programmer it is simple to use even with ADODb's AutoExecute() function which I am using more and more recently;
$safehtml =& new HTML_Safe();
foreach ($_POST as $foo) {
$_POST[$foo] = $safehtml->parse($foo);
}
$insert_rs = $conn->AutoExecute('SOME_TABLE', $_POST, 'INSERT');
Simple as.
It is also worth looking at HTMLPurifer which seems to be more recently updated.
My Best Firefox Extensions
I've got several Firefox extensions that I simply cannot live without these days.
Cursed by '
' is not a valid HTML entity. So why do people use it in RSS?
Yeah, sure it is a valid XML entity, but in RSS, which will more than likely be displayed as HTML eventually, why use it?
