Web Conference 2005 Writing PHP for ITS/ASET Web services Errata

Errata

Here are the corrections I've made since the presentations:

Since the Monday morning tutorial

• (Jun 13 4:19pm) Updated bottom of the Cookie management page to correct the procedure of creating session cookies: leave out the third argument. To set the third argument to 0 would ask to expire the cookie by that name. Also, augmented the section to include examples of HTTP Set-Cookie response headers for the cookies described.

During the Tuesday Conference

• (Jun 14 2:28pm) Updated SQLite examples of SQL injection so that the example code actually worked (both vulnerable and invulnerable) and added some helpful code to help illustrate the table changes during the exercise.

After the Conference

• (Jun 15 11:11pm) Updated WebAccess example code to correctly redirect automatically to the secure WebAccess URL (if linked) and provide logout links. (Jun 15 11:51pm) Updated WebAccess and Directory page with the same. NOTE: You may need a WebAccess link to demonstrate the examples. You may attempt mine: phpclass folder.

• (June 17 1:21pm) I have yet to duplicate the bug witnessed during the pre-conference tutorial when the session manager showed all session values as named "Jeff" that I and a few others in the class demonstrated on our workstations. If you have any experience in seeing this, please feel free to share what you know.

• (June 17 1:23pm) FYI, I'll be out on vacation from June 23 thru July 5th and have limited access to email June 20 - 22, so I may not get back to your questions until after July 5th. Thanks.

• (Mar 30, 2007 3:18pm) Added announcement of new LDAP server hostname for directory enabled applications: dirapps.aset.psu.edu, on Using The Penn State Directory (currently LDAP).

• (Apr 27, 2007 10:06am) Added link to Phase II, Build 4 update which added support for SQLite version 3 to php.scripts.psu.edu via PDO.Saving Data in SQLite Database Files.

• (Aug 24, 2007 4:28pm) Fixed bug in example code on the Using Cookies page by removing the extra, leading <head> tag before the setcookie() php function. These extraneous tags were actually the byproduct of a workaround gone wrong.

  I found the highlight_string() function had a bug in an older version of php (unconfirmed) that caused it to display colors in weird and inconsistent ways between invocations. I also found that it could be forced to behave properly by giving it a string that started with the <?php ?> and <html> tags. I had a workaround in my print_code() function in functions.php to add these tags to the string before it was passed through highlight_string() then removed again (along with their added markup) on the way out. Evidently, this failed on the cookie page, probably due to a flawed search and replace regular expression in the preg_replace() call. Since we are now at a much newer version of php that doesn't seem to demonstrate the earlier problem, I removed the workaround which also fixed the cookie page.

  Thanks to Rupert Russell for catching this!

• (Dec 28, 2008 8:15pm) Updated Penn State Specifics, Saving Data in Files and Saving Data in SQLite Database Files pages:

  • ITS/ASET has dissolved since the 2005 Conference. My work group (AIT) has been moved into ITS/CSS.

  • PASS was migrated from DCE/DFS to GPFS (integrated with Kerberos and LDAP) in 2008. Tools such as the ACL Explorer have been updated.

• (Jun 29, 2009 10:30am) This site was updated to prevent XSS attacks.

If you have any questions, feel free to ask me. Content by: Jeff D'Angelo <jcd@psu.edu> © 2005 See the source for this page Last update on: Mon Jun 29, 2009, 10:30:27 AM