易截截图软件、单文件、免安装、纯绿色、仅160KB

HTTP Only cookies without PHP 5.2


HTTP Only cookies without PHP 5.2
by Matt Mecham
on September 12, 2006
For a while, Microsoft have had a flag
for cookies called ‘httponly’. This doesn’t sound particularly
exciting, but it is a vital step forward for web application security.
This flag tells Internet Explorer to make this cookie ‘invisible’ to
javascript (and other scripting languages) which means that an XSS
attack will no longer be able to steal your sensitive cookies.
The problem is that ‘http only’ support has only just been added into PHP 5.2
. This makes this feature unavailable to most webservers.
However, there appears to be a way to force this flag to be written
regardless of your PHP version by simply adding “; HttpOnly” at the end
of the domain name when setting the cookie. PHP’s “setcookie” function
merely formats the data into a “set-cookie” header. Fortunately, PHP
doesn’t appear to filter out or escape the semi-colon so it’s added to
the end of the “set-cookie” request.
if ( PHP_VERSION < 5.2 )
{
  @setcookie( $name, $value, $expires, $path, $domain. '; HttpOnly' );
}
else
{
  @setcookie( $name, $value, $expires, $path, $domain, NULL, TRUE );
}
I've tested this out and it appears to work fine. IE7 shows the
"sensitive" cookie data in the document.cookie string without adding
the flag. Adding the flag onto the domain string causes the sensitive
cookies to disappear from the document.cookie string.
Firefox ignores it and sets cookies as does Safari and Opera. I'll
do some more testing and report in on my findings. I also have a
Firefox friendly version to stop access to the document.cookie which
I'll post up tomorrow.
UPDATE 14th September
I've downloaded the source to PHP 5 to make confirm that this 'hack'
will work across different platforms. The source code confirms that no
cleaning takes place on


相关文档:

用php调整图片宽高

<?php
/**
* 改变图片的宽高
*
* @author flynetcn (2009-12-16)
*
* @param string $img_src 原图片的存放地址或url
* @param string $new_img_path 新图片的存放地址
* @param int $new_width 新图片的宽度
* @param int $new_height 新图片的高度
* @return bool 成功true, 失败false
* ......

php 目录和文件操作

<?php
//新建目录
mkdir("/path/to/my/dir", 0700); //0700表示权限最大
//删除目录
rmdir("/path/to/my/dir");
//遍历目录
$p =dir(/etc/php5);
echo "handler:".$p->handler;
while(false!=$entry=$p->read()){
    echo $entry."\n" ;
}
$p->close();
//输出文件内容
$handle=@ ......

PHP读取MSSQL数据出现乱码的问题

PHP读取MYSQL数据库或MSSQL数据库时,有时出现乱码,这是PHP.ini中配置和.php页面编码不一致引起的。
解决办法:
1、首先,将PHP.ini中设置为default_charset = "gb2312",然后重启Apache。
   这时从数据库中提取的结果集可以正常显示中文了,但.php页面中的列名也有可能显示乱码了。这样解决,
2、然后,PH ......

linux 64bit _ php 添加 tidy 支持 _ 笔记

# 安装tidy
yum install tidy libtidy-devel
# 给php添加tidy模块
wget http://pecl.php.net/get/tidy-1.2.tgz
tar -xvzf tidy-1.2.tgz
cd tidy-1.2
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --libdir=/usr/lib64
make
make install
echo "extension="tidy.so"" ......

jquery php ajax

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> TEST </title>
<meta name="generator" content="editplus" /> ......
© 2009 ej38.com All Rights Reserved. 关于E健网联系我们 | 站点地图 | 赣ICP备09004571号