PHP 中巧用数组降低程序的时间复杂度
OpenX adserver version 2.8.1 and lower is vulnerable to remote code
execution. To be exploited, this vulnerability requires banner / file
upload permissions, such as granted to the 'advertiser' and
'administrator' roles.
This vulnerability is caused by the (insecure) file upload mechanism of
affected OpenX versions. These would check magic bytes of an uploaded
file to determine its MIME type, and erroneously assume this
information to be reliable. Additionally, while the file name of
uploaded files is changed, the file extension is not.
As such, it is possible to upload image files with embedded PHP code and
.php file extension. Unless PHP script execution is explicitly prevented
for the file upload location (which has not been documented in the OpenX
manual so far and it is not the result of a default installation), the
PHP code will execute as soon as HTTP access to the file location will
cause it to be executed by the web server.
To clarify, an attacker exploiting this security issue does require
prior access to OpenX, i.e. exploitation is only possible after
successful authentication. On the other hand, advertiser access is a
rather low permission level and should not allow for system access.
If these bugs were not hidden from OpenX' bug tracker, you could read up
more about issue X-5747 here:
https://developer.openx.org/jira/browse/OX/fixforversion/10910
OpenX 2.8.2 has already been released in October to fix this issue and
can be downloaded from Roll forming machine
http://www.openx.org/ad-server/download
Moritz Naumann
Naumann IT Security Consulting
Berlin, Germany
http://www.moritz-naumann.com/
相关文档:
在PHP中使用过SESSION的朋友可能会碰到这么一个问题,SESSION变量不能跨页传递。这令我苦恼了好些日子,最终通过查资料思考并解决了这个问题。我认为,出现这个问题的原因有以下几点:
1、客户端禁用了cookie
2、浏览器出现问题,暂时无法存取cookie
3、php.ini中的session.use_trans_sid = 0或者编译时没有打开--enable ......
http://hi.baidu.com/honfei/blog/item/5e992bfb2704542b4f4aea1a.html
NuSoap介绍 (php调用webservice)
2009年07月04日 星期六 09:41
NuSOAP 是 PHP 环境下的 WEB 服务编程工具,用于创建或调用 WEB 服务。它是一个开源软件,当前版本是 0.7.2 ,支持 SOAP1.1 、 WSDL1.1 ,可以与其他支持 SOAP1.1 和 WSDL1.1 的 ......
PHP的发展
PHP 原本的简称为 Personal Home Page,是Rasmus Lerdorf 为了要维护个人网页,而用c语言开发的一些CGI工具程序集,来取代原先使用的 Perl 程序。最初这些工具程序用来显示 Rasmus Lerdorf 的个人履历,以及统计网页流量。他将这些程序和一些表单直译器整合起来,称为 PHP ......
转自本人个人网站 【PHP探路者
】,欢迎各位访问站点!
在使用PHP获取浏览器信息时,通常有两种方式:
第一种是:使用$_SERVER[HTTP_USER_AGENT]选项
此方式获取的是格式不规则的数据,如
Mozilla/4.0 (compatible; MSIE 8.0
; Windows NT 5.1; Trident/4.0; GTB6; CIBA; .NET CLR 2.0.50727)
Mozilla/5.0 (Windows ......
1.如果一个方法可静态化,就对它做静态声明。速率可提升至4倍。
2.echo 比 print 快。
3.使用echo的多重参数(译注:指用逗号而不是句点)代替字符串连接。
4.在执行for循环之前确定最大循环数,不要每循环一次都计算最大值。
5.注销那些不用的变量尤其是大数组,以便释放内存。
6.尽量避免使用__get,__se ......