Jump to content

requinix

Administrators
  • Posts

    15,223
  • Joined

  • Last visited

  • Days Won

    427

Community Answers

  1. requinix's post in Avoid inheritance with exceptions was marked as the answer   
    Probably.
    Inheritance represents an "is a" relationship. Would it be accurate to say that your custom exception class "is an" InvalidArgumentException? If I had code that caught InvalidArgumentException, should that code also be able to catch your exception?
    Composition represents a "has a" relationship - or "needs a", or something else similar to that. Would it be accurate to say that your exception class "has an" InvalidArgumentException? Is your class a distinct form of exception separate, but not entirely unrelated to, an InvalidArgumentException?
    The answer seems like it would be the first one, however the $otherDetails is suspicious and suggests something more than an invalid argument, thus perhaps composition is more appropriate, however the fact that you chose to make it anonymous means it will be impossible to catch or type guard for that particular class in the first place, which makes composition almost useless.
    In other words, your example doesn't make sense. If you want a special exception class then it should be a full named class. If you want special exception data then it needs to be a full named class.
    And that is the real code smell.
  2. requinix's post in Lost in geolocation was marked as the answer   
    That's not an error. That's a link. Specifically, a link to https://goo.gl/Y0ZkNV.
    Pay more attention.
    Not if you want to do this from Javascript. But you should change to HTTPS regardless.
    To do it from PHP, if you can accept that you will not get an accurate location, you look up the remote IP address in some geolocation database - MaxMind's, for instance.
  3. requinix's post in Using SSL for connection to database server was marked as the answer   
    SSL is only if you are not using a Unix socket. Which you are. So you don't need it.
  4. requinix's post in Different regular expression match result in PHP 7.4.11 and 7.4.12 was marked as the answer   
    Most of the time, when you find an oddity like this that can't be explained any other way, the answer is going to be a JIT thing: PCRE isn't supposed to, but occasionally does behave in slightly different ways when JIT is on or off.
    ini_set("pcre.jit", 0); preg_match('/([^\.]|^)\s*a/', "a", $matches); But turning off JIT is not the best answer. Instead, do what kicken did and tweak the expression so it works.
    Anyway, that expression really should work even with JIT enabled, so feel free to file a bug report against PCRE2 about it.
    https://github.com/PCRE2Project/pcre2/issues
  5. requinix's post in How to stop google from flagging my site as Dangerous/Fishing. was marked as the answer   
    If I plug your site into that reporting link I gave earlier, it says there's nothing wrong. And if I visit it in my browser, it has no complaints.
    Has the problem gone away? Because unless you can find out why the site is (was) marked as unsafe, it'll be hard to fix it to be safe.
  6. requinix's post in NSFW filter conditionals was marked as the answer   
    If you know that the form was submitted then you could take the absence of a value as proof that it was unchecked.
    But yes, there is a simple solution that lets you keep checkboxes: use hidden inputs.
    <input type="hidden" name="checkbox" value="off"> <input type="checkbox" name="checkbox" value="on"> When checked, the checkbox's "on" overwrites the hidden input's "off".
  7. requinix's post in Get data out of array without for each was marked as the answer   
    "Simple" string interpolation only allows you to access a single level of an array. If you want multiple levels then use the "complex" syntax with braces:
    "value='{$rows[0]['itemName']}'>"  
  8. requinix's post in Redirect using special function was marked as the answer   
    Okay yeah no, you're missing the point.
    Look at this:
    <a class="color_black" id="btn" href="?dashboard=user&page=member&tab=viewmember&action=view&member_id=<?php echo esc_attr($retrieved_data->ID)?>"> You know what URL you want the user to go to. After all, it's right there in the link.
    So if you know what the URL is, why even bother having this page at all? Why give the user some HTML page when all you're going to do is trigger some Javascript that immediately sends them somewhere else? It's wasteful.
    Instead of giving them this page, do the redirect.
    In case you weren't aware, you can do it with some PHP code. Maybe that was the missing piece in this puzzle? It looks like this:
    $url = "?dashboard=user&page=member&tab=viewmember&action=view&member_id=" . esc_attr($retrieved_data->ID); header("Location: $url"); You execute that code before making any output at all. None at all. Then you stop executing after that - so no output after it either.
    And that's how you do a redirect from within PHP. One that doesn't require any HTML or Javascript.
  9. requinix's post in Passing Variables From Function to Function was marked as the answer   
    You've skipped past one very particular problem: you want an existing menu item's text to reflect something that can change. Using a variable for the addItem's label doesn't mean that you can change the variable's value later and the label will update. You would have to add and remove these items every time the custom-lc is clicked.
    So the truth is actually that no, the code you've posted doesn't work. Not that you're using it wrong but that it can't do what you want. And I don't see anything in the library you're using that lets you edit menu labels.
    I'm not sure how you came across that library, but when I search for "jQuery context menu" the very first result is this one, which looks like a much better option given that it's been updated during this year and, you know, it has actual documentation.
  10. requinix's post in XAMPP for Linux 8.2.4 - could not see javascript file was marked as the answer   
    1. You're using XAMPP on Linux? 😆 Just install Apache, PHP, and whatever else you need through your package manager. Normally.
    2. It's code. Singular. "Codes" are things you enter into videogames.
    3. Don't reference w3schools. Sometimes they tell you the right thing to do, sometimes they tell you the wrong thing to do, and if you're learning then you won't be able to tell the difference between them.
    Where did you put main.js? /opt/lampp/htdocs/js/main.js? Then the first form you had is correct. If not then (a) why not? and (b) the second form was correct (except "js/main.js" - no ./ - is cleaner and means the same thing), however you might discover problems with this approach...
    And changing that won't affect any of your PHP code. The thing with file_put_contents is a completely separate issue. That error is telling you that /opt/lampp/htdocs/pages does not exist.
    It's also a red flag that you're using code to create this filesList.txt file, but I'm going to ignore it.
    Also, please tell me you're not running this as root. Use your user account - give it ownership of /opt/lampp/htdocs and everything inside it.
  11. requinix's post in The last MySQL having Windows XP (64bit) support was marked as the answer   
    This page lists their supported platforms. It doesn't go back far enough to list MySQL versions that existed around the time of Windows XP. Unsurprisingly.
    If you look at the Important Platform Support Updates, you'll see they killed XP support around 2014. Pull up the platforms page on archive.org around that timeframe, or a little later, and I bet you'll have an answer.
  12. requinix's post in php creating onclick function - "missing )" was marked as the answer   
    String needs to be in quotes.
    You've got one set on the outside for PHP, another set on the inside for the HTML attribute, and now you need a third set for the Javascript string.
    You have three options:
    // raw double quotes, but escaped because of the PHP quotes $out .="<tr class='align-middle custom-lc' onclick='triggerClientContextMenu($cId, \"$coName\")'>" // double quotes as HTML entities, which won't conflict with PHP's quotes $out .="<tr class='align-middle custom-lc' onclick='triggerClientContextMenu($cId, &quot;$coName&quot;)'>" // single quotes as HTML entities, which won't conflict with the HTML's quotes $out .="<tr class='align-middle custom-lc' onclick='triggerClientContextMenu($cId, &apos;$coName&apos;)'>" These three options may leave you open to problems if $coName contains apostrophes and you haven't protected yourself against that.
    A fourth option is to run $coName through json_encode and then htmlspecialchars with the ENT_QUOTES flag (and them in that order), after which you can put it directly into the "code" without manually adding quotes.
    But the fifth option is better: take a whole different approach to this by not using 1990s' web techniques like inline Javascript handlers...
  13. requinix's post in Is this file suspicious? was marked as the answer   
    If the scanner cannot be told to ignore this warning, there is a minor modification you can make to the code that I suspect will "resolve" it...
  14. requinix's post in Problem with fixed/sticky header was marked as the answer   
    Seems to be working correctly. You do realize that you have nothing in that header except for a tiny image applied as the background, right?
  15. requinix's post in Adding a range to RegEx was marked as the answer   
    No.
    When testing software, your goal should be to break it. To make it do something you don't want, or to not do something you do want. Simply testing some examples of what you want and what you don't isn't enough.
    Since I have other things to do today,
    $pattern = "/^[A-Z][a-zA-Z '&-]{1,48}[A-Za-z]$/"; Try both your solution and my solution against the string
    AbcdefghijklmnopqrstuvwxyzAbcdefghijklmnopqrstuvwxyzAbcdefghijklmnopqrstuvwxyz
  16. requinix's post in Is there a website like php.net for JavaScript ? was marked as the answer   
    MDN, mostly. MSDN has some stuff too.
  17. requinix's post in getting both ipv4 and ipv6 address of user was marked as the answer   
    The way they do it is they give the user something to connect to that supports only IPv4, and then another that supports only IPv6. Then they combine the information together to give you the full results.
    Because all you can ever get from the user is how they connected to your site. If they used IPv4 then you can't know what their (public) IPv6 address is.
  18. requinix's post in Help with API was marked as the answer   
    That describes the "ListDevicesDB" API you can call.
    1. It uses the GET method.
    2. You need to include a "token" header that includes some value. If the value is what you included in your post then that needs to change because this was (probably) supposed to be a secret value and you've now shared it with the whole internet.
    3. The URL is as given there. It optionally supports a "deviceSerial" query string parameter, as the description indicates.
    4. It doesn't describe what the return value is.
    So you need to get a basic API calling thing in place. You can use libraries for it, or you can write the API calls yourself using cURL.
    Your first step should be to understand more about making API calls through PHP. It's all the same everywhere - only differences being exactly what the API wants, and that's the information they gave you.
    Once you understand a little more about API calls, then you can deal with the PHP code to try to make them. It's pretty simple but you do need to know more about what this is all about to be effective at it.
  19. requinix's post in What's the problem that tunneling is trying to solve? was marked as the answer   
    RDP servers are notoriously risk-prone. It's almost always a bad idea to have them open to the internet for anyone to connect to.
    By "tunneling" through the VPN, the RDP server remains disconnected from the internet, but you can still access it by connecting to the VPN (which is going to be much more secure).
    Ditto for the remote server. In your case apparently you need two hops, presumably because it's not accessible over the VPN directly, but the point is the same.
    It's very common to have a database server not connected to the internet, to minimize risk, so to allow access you can VPN or SSH into the network and then tunnel to get a direct database connection.
  20. requinix's post in How do promises program flow work in javascript? was marked as the answer   
    Basically anything that has "await" and/or "async" keywords works the same way.
  21. requinix's post in How to search for files whose suid bit is set? was marked as the answer   
    Try it and find out.
    Seriously. That would have been the easiest option this whole time. All you had to do is manually find a setuid executable, such as sudo, and run different find commands to see what happens.
  22. requinix's post in Is there a way to encrypt the directory names in a URL? was marked as the answer   
    You can't encrypt the location because the end result is that you're still giving someone a URL to the file. Having gibberish instead of the word "documents" doesn't change that.
    The actual answer here is pretty simple: don't give direct links to your PDFs. Use a PHP script which authenticates the user and then outputs the file.
    You can use URL rewriting to transform /documents/whatever.pdf to something like /document.php?filename=whatever.pdf (which means existing URLs still work), then do something like
    <?php session_start(); if (!isset($_SESSION["userid"])) { // or whatever so you know if the user isn't logged in http_response_code(403); exit; } if (!isset($_GET["filename"])) { http_response_code(400); exit; } $filename = $_GET["filename"]; if (!preg_match('/^[a-z0-9_.-]+$/i', $filename)) { // potentially other characters in there http_response_code(404); exit; } $path = $_SERVER["DOCUMENT_ROOT"] . "/documents/" . $filename; // or whatever the path should be if (!is_file($path)) { http_response_code(404); exit; } $extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); $mime = [ // default $extension => "application/octet-stream", // list of file types you might have "pdf" => "application/pdf", // ... ][$extension]; header("Content-Type: $mime"); header("Content-Length: " . filesize($path)); header("Content-Disposition: inline;filename=$filename"); readfile($path);  
  23. requinix's post in mysqli_sql_exception: Incorrect string value was marked as the answer   
    "Incorrect string value" means you're trying to insert data that isn't valid for the column. In your case, the column is defined as utf8mb4 (aka UTF-8) but your string is not UTF-8.
    If the value is binary data then do not use VARCHARs in the first place. Those are for character data. Use VARBINARY instead.
    https://dev.mysql.com/doc/refman/8.0/en/binary-varbinary.html
    Either that, or you aren't supposed to be inserting raw binary data but either hex digits or a base-64 encoded version of the data...
  24. requinix's post in How to change style when hover over div inside svg element? was marked as the answer   
    Works for me, provided that I'm not using Firefox and that I think the desired behavior is to change the background color of the SVG to red.
    If you're trying to change the background color of the .inside-svg element then you've vastly over-thought this...
  25. requinix's post in Match Two Types of Strings was marked as the answer   
    So you want to allow both (a) "TMP" plus 1-5 numbers, and (b) 1-5 numbers then "M"?
    1. You need ^ and $ anchors, otherwise the regex will only check if the string contains something that matches it.
    2. {5} means exactly 5, but you've been saying "up to".
    3. What about zeroes? That's not in the regex now but I'd be surprised if you didn't want to allow them.
    4. To allow both patterns, tell the regex that you want to allow both patterns using a |
    /^(\d{1,5}M|TMP\d{1,5})$/  
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.