What are these all about???

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
arpowers
Forum Commoner
Posts: 76
Joined: Sun Oct 14, 2007 10:05 pm
Location: san diego, ca

What are these all about???

Post by arpowers »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Ok so I would say i'm an intermediate programmer, but I 'm mostly a front end guy... 

I've been trying to learn more about php & programming in general.   
Basically I've stumbled across three things that I don't understand and I wanted to ask the community for a little explanation...
Maybe this will test your knowledge 
  

1.  in the media wiki code there is this section...

Code: Select all

$control=<<<CONTROL
[Process]
Type=Diff text
Engine=MediaWiki
Script={$wgServer}{$wgScript}
Special namespace={$special}

[File]
Extension=wiki
URL=$url1

[File 2]
Extension=wiki
URL=$url2
CONTROL;
my text editor recognizes it but I've never seen the : "<<<CONTROL" thing before... what does it do>????????

2. on the leaked Facebook code they reference all their includes as follows....

Code: Select all

include_once $_SERVER['PHP_ROOT'].'/html/init.php';
include_once $_SERVER['PHP_ROOT'].'/lib/home.php';
include_once $_SERVER['PHP_ROOT'].'/lib/requests.php';
include_once $_SERVER['PHP_ROOT'].'/lib/feed/newsfeed.php';
include_once $_SERVER['PHP_ROOT'].'/lib/poke.php';
as I understand it the "$_SERVER['PHP_ROOT']" is defined by Facebook but what can we assume it contains, or is defined as??? and why are they using it?

3. this ones easy...
I just want a little more explanation of what this notation:

Code: Select all

../.../../
does... I understand it allows for some file traversing? but why is a security concern? what do I need to know about the two, three period thing..?

THANKS IN ADVANCE...

Having some explanation of these things will help me sleep at night:)

Andrew


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

1. Heredoc notation is a way to encapsulate strings. Read about it in the manual: http://www.php.net/types.string

2. $_SERVER is a superglobal variable declared by PHP that contains information about the server. Create a the following file and run it to see a lot of information about your PHP installation (do not leave this file in a public directory though):

Code: Select all

<?php
phpinfo();
3. In Unix filesystems ".." is the directory that is the parent of the current directory. The syntax "../../.." references up three directory levels (the parent's, parent's, parent directory). For security reasons it is important to clean untrusted values to only allow relative paths in a known directory tree.
(#10850)
User avatar
arpowers
Forum Commoner
Posts: 76
Joined: Sun Oct 14, 2007 10:05 pm
Location: san diego, ca

Post by arpowers »

Thanks..

One point though about the $_SERVER in the Facebook code is that the PHP_ROOT isn't an automatic variable created by the software... the only place it shows up is in FB... so what have they defined it as and where did they define it??
(does that make sense?)

AP
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

...curious why it matters?

I would imagine they use it to store the path where their PHP code is stored, which I'd guess is out of the web root.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

When you define environment variables in your httpd.conf file, it shows up in the $_SERVER[] array in PHP. I'll bet this is what they're using.

There was a link to an environment variable tutorial a few days ago in a database access thread that explains it all in more detail. Anyone remember the link/thread?
Post Reply