TYPOlight webCMS - Home PRADO PHP Framework Chris Shiflett: Security Corner: Session Fixation Security is gaining more and more attention online. As PHP continues to be a key component of the web’s future, malicious attackers will begin to target weaknesses in PHP apps more frequently, and developers need to be ready. I am very pleased to introduce Security Corner, a new monthly column that is focused completely on web app security. This month’s topic is session fixation, a method of obtaining a valid session identifier without the need for predicting or capturing one. Session Fixation Session security is a vast and complex topic. There are numerous types of session-based attacks. There are at least three ways that a valid session identifier can be obtained by an attacker: Prediction Capture Fixation Prediction only involves guessing a valid session identifier. Capturing a valid session identifier is much more common, and there are numerous types of attacks that use this approach. A Simple Attack In the simplest case, a session fixation attack can use a link: Or, a redirect: Listing 1
CakePHP: the rapid development php framework. Home PHP best practices This guide will give you solutions to common PHP design problems. It also provides a sketch of an application layout that I developed during the implementation of some projects. php.ini quirks Some settings in the php.ini control how PHP interpretes your scripts. short_open_tag Always use the long PHP tags: <? asp_tags Do not use ASP like tags: <% echo "hello world"; %> gpc_magic_quotes I recommend that you include code in a global include file which is run before any $_GET or $_POST parameter or $_COOKIE is read. register_globals Never rely on this option beeing set. File uploads: The maximum size of an uploaded file is determined by the following parameters: file_uploads must be 1 (default) memory_limit must be slightly larger than the post_max_size and upload_max_filesize post_max_size must be large enough upload_max_filesize must be large enough Have one single configuration file You should define all configuration parameters of your application in a single (include) file. Generate code <?
How to Only Retrieve Posts With Custom Fields | Weblog Tools Col One question I come across a lot regarding custom fields is how to only retrieve posts based on a custom field. For example, if a post has a custom field of “MyData”, someone might want to only retrieve that particular post. The WordPress Codex has a technique for retrieving posts based on custom fields, which consists of writing your own query and going through the results. The technique in the Codex is good, but I’ve found a re-usable way one can retrieve only posts with certain custom fields. The technique I use makes use of two custom functions placed in a theme’s “functions.php” and a custom WordPress Loop. Let’s get started — The “functions.php” file First, let’s place the two custom functions in the “functions.php” file. Here are the two functions below: The function “get_custom_field_posts_join” makes use of an advanced WordPress filter called “posts_join“. The function “get_custom_field_posts_group” makes use of another advanced WordPress filter called “posts_group“. <? <? Conclusion
Open Atrium Open Atrium is an intranet in a box that has group spaces to allow different teams to have their own conversations and collaboration. Open Atrium 2.x for Drupal 7 A new architecture for Drupal 7 that is built upon Panopoly and intended as an extensible collaboration framework. Adds the ability to have private "sections" within a collaboration space with granular access control. Drag/drop layout control with dozens of widgets that can be placed on dashboards and landing pages. Please use the Issue Queue to post bug reports and patches for OA2 only (not OA1). Demos The following webinar videos for Open Atrium 2 are available: Open Atrium 2.x Projects These modules are part of the official Open Atrium project and are actively maintained and approved. Other Modules that work with Open Atrium 2.x Ginkgo theme from OA1 ported to OA2Organic Groups Theme for having a different theme on each Space.Contextual Help for an alternative to the OA Tours for adding contextual help to a site.
MapGuide Project Home | MapGuide Open Source