Blog posts tagged "php"

bbPress vs. Vanilla?

February 6th, 2006

I’m not really a web forums type guy, but the light weight interfaces of bbPress and Vanilla do a lot to redeem the medium. Anyone got a preference from using them?

Also anyone have a mbox import script for importing old list traffic?

Part of the very slow, long running process of re-launching the Magpie site, and breaking my Sourceforge dependency.

Tagged: Uncategorized , , , , ,

Session “Flash” in PHP

December 7th, 2005

Doing some PHP hacking tonight, I was missing Rails’ “flash”. So I coded up a quick and dirty implementation of the read-once session status notification pattern. The code

Tagged: Uncategorized , , , ,

PHP Wiki Experience?

November 21st, 2005

Thought I’d check to see if anyone has any experience with the PHP wiki offerings, especially DokuWiki, or PmWiki?

I’m looking for something suitable for building out a FAQ, and docs site for Magpie. I’m disinclined towards MediaWiki because I’ve found Kwiki’s approach of using the filesystem for data storage a plus, and because I don’t anticipate a need for MathML support, or other such esoterica.

Currently leaning towards DokuWiki partially on the suggestive nature of the name (sounds like “documentation”), and partially on Harry’s 2004 SitePoint review. Possibly supplemented by Bamboo, which is a lot like a Hieraki for PHP.

Praise, disagreement, experiences, resources?

Tagged: Uncategorized , , ,

Towards MagpieRSS 0.8: repeating elements, attributes, and Atom 1.0

November 5th, 2005

Now that we’ve got the security release out of the way, its time to move on top something a little more interesting. I finally got a chance to add a huge patch from RadGeek (of FeedWordPress fame) that adds:

  • uniform access to attributes
  • support for repeating elements
  • Atom 1.0 support

I’ve struggled for forever to figure out how to provide simple, uniform access to the increasingly rich data that people are syndicating (finally!). Eventually I gave up, and decided that the only solution was to rewrite the parser and make it simple to add per field custom logic. (kind of like the enclosure patch adds custom logic). I never got past the initial sketches.

So I’m thrilled that RadGeek has come up with a syntax (and code!) to extend rss_parser.inc to add support, while staying transparently backwards compatible. I’ve got out a dev build for people to play with, and written up some of the new features.

Access Repeating Elements

Lets assume we have a basic RSS item, with several dc:subjects:

<item>
<title>Some Exciting Title</title>
<dc:subject>exciting</dc:subject>
<dc:subject>example</dc:subject>
<dc:subject>whoohoo</dc:subject>
</item>

echo $item['title'] 
=> "Some Exciting Title"

echo $item['dc']['subject']
=> "exciting"

So far, so normal. Now we get special.

echo $item['dc']['subject#2']
=> "example"

echo $item['dc']['subject#3']
=> "whoohoo"

So how many dc:subjects do we have?

echo $item['dc']['subject#']
=> 3

And this isn’t just for dc:subject, it works with whatever elements you like to repeat. (though we’ll need to decide what to do with the Atom link reltype munging hack, I’ll touch on that in a future post)

Access Attributes

Lets assume, we now have an Atom item with a category like:

<category term='atom' scheme='http://del.cio.us/tags' label='Atom' />

echo $item['category@term']
=> "atom"

echo $item['category@scheme']
=> "http://del.cio.us/tags"

echo $item['category@label']
=> "Atom"

echo $item['category@']
=> "term,scheme,label"   // that might want to change to an array

And if we had a second category for that item?

<category term='calendar' />

echo $item['category#2@term']
=> 'calendar'

or maybe an RSS 2.0 guid element

<guid isPermaLink="true">http://inessential.com/2002/09/01.php#a2</guid>

echo $item['guid']
=> "http://inessential.com/2002/09/01.php#a2"

echo $item['guid@ispermalink']
=> "true"

Where from here

So give the dev build a spin, kick the tires etc. This is the largest new feature in a while, and would be good to give it a workout. (ps. I’ve affair the normalization methods are throwing notices currently.)

Also any show stoppers people might see with this new syntax.

Once we’ve got this working smoothly, there are several other new features looking for inclusion in next release.

And finally I’m debating whether to break backward compatibility with how we currently do Atom link munging, in order to get more consistency with this new syntax, and I’d like to get some feedback on that.

Tagged: Uncategorized , , ,

MagpieRSS 0.72

November 5th, 2005

MagpieRSS 0.72 is now available. This release addresses last week’s security advisory by applying the patch I released to the list last week.

In particular this advisory applies to you if you accept unflitered URLs from strangers for passing to Magpie, and you have curl+SSL support compiled into Magpie.

Tagged: Uncategorized , ,

Boston PHP Tonight

November 3rd, 2005

Been meaning to make it to Boston PHP all year, and while tonight’s topic doesn’t look terribly compelling, better late then never.

Tagged: Uncategorized ,

Magpie Vulnerability

October 27th, 2005

In (hopefully) unrelated news, I was just notified that there is a security vulnerability in Snoopy, and hence Magpie. Apparently there is an attack that leverages the fact that Snoopy passes unfiltered arguments to curl that allows for arbitrary code execution. Here is a note I just sent to the mailing list

If you’re running Magpie in a context where you allow people to submit unreviewed URLs, and you have PHP compiled with cURL SSL support then this vulnerability effects you.

Given a specially crafted (and very simple) URL, an attacker can execute arbitrary code in the web server context. There is no escalation possibly with this vulnerability, though potentially it could be combined with other attacks to allow some sort of permissions escalation.

I’ll will release a patch, and a new version this evening unless someone beats me to it. (unfortunately we haven’t been given a grace period here)

Its a variation on the traditional PHP null terminated string attack. (Does make me wish I had made it to Chris’ talk when he was here a few weeks ago, rather then being 1 of 3000 people turned away from the Murakami talk at MIT)

update 2005-10-28T15:33Z: I’ve got a patch out, waiting for a few people to sanity check it, before rolling out a new release.

Tagged: Uncategorized , , ,

Upcoming to Yahoo

October 5th, 2005

Congrats to Andy, Gordon, and Leonard, and about damn time. I first saw Upcoming almost exactly two years ago and thought “Wow, now that is how to do calendaring.” (and apparently I was jealous even back then!) Good luck!

Now we can all speculate on what calendar.google.com will be, but I’m thinking this round might be going to Yahoo.

update: And dear god, where I can get some of whatever Gordon is on, Upcoming and Ning!?!? No kidding “bred for skill in magic.”

update2: Flickr, Upcoming, and Ning, all built on PHP.

Web Thursday in Boston

July 31st, 2005

This Thursday (Aug 4th) is the next meeting of the Boston PHP (out of date) user group [Boston University Office of Information Technology – 111 Cummington Street]( http://www.bu.edu/it/directions/) at 6:30PM, and the next New England Web Designers (NEWD) meetup at Cambridge Brewing Company, at 7:30pm. You’ll have to choose as at that time of day, with the Red Sox playing at home, I wouldn’t recommend trying to do both.

Haven’t decided if I’ll be re-cuped enough to make it to either yet.

Tagged: Uncategorized , ,

Status Update: XML::RSS, Magpie, cvs2rss, wp-agg, etc

May 28th, 2005

Dan from GeekUprising is now the official maintainer of XML::RSS. I imagine his first major change will be to incorporate the patch he sent me last Fall splitting the RSS creation logic from the RSS parsing logic (while still being transparent to people who don’t want that kind of thing). Congratulations, and welcome.

cvs2rss has been missing since the last server move, but well placed nudge from Phil got me to dig up the archives today, so voila, as they.

My aggregator for WordPress, affectionately known as wp-agg is officially superseded by FeedWordPress. Charles has done a great job growing the idea to something useful to someone other then me, and polished it off by actively maintaining it. Nice work. I’ll be switching the Magpie blog as soon as I get a chance.

Sourceforge stats after a 6 month hiatus (or was it 18 months? now I’m forgetting), are finally back, now with largely useless graphs. I had a hunch that usage had continued to grow and it has, with 5,000 page views a day, and 6,000 downloads a month. Wow. Really need to revive the website to handle the enlarged community. Need a good domain name first.

You know, now that I’m a contractor again, if someone wanted to hire me for 20-25 hours of work I’ve got a list of features that I’d love to have time to roll out as MagpieRSS version 0.8.

Tagged: Uncategorized , , , , , ,