Page 1 of 1

What are these all about???

Posted: Thu Oct 18, 2007 2:59 pm
by arpowers
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Ok so I would say i'm an intermediate programmer, but I 'm mostly a front end guy... 

I've been trying to learn more about php & programming in general.   
Basically I've stumbled across three things that I don't understand and I wanted to ask the community for a little explanation...
Maybe this will test your knowledge 
  

1.  in the media wiki code there is this section...

Code: Select all

$control=<<<CONTROL
[Process]
Type=Diff text
Engine=MediaWiki
Script={$wgServer}{$wgScript}
Special namespace={$special}

[File]
Extension=wiki
URL=$url1

[File 2]
Extension=wiki
URL=$url2
CONTROL;
my text editor recognizes it but I've never seen the : "<<<CONTROL" thing before... what does it do>????????

2. on the leaked Facebook code they reference all their includes as follows....

Code: Select all

include_once $_SERVER['PHP_ROOT'].'/html/init.php';
include_once $_SERVER['PHP_ROOT'].'/lib/home.php';
include_once $_SERVER['PHP_ROOT'].'/lib/requests.php';
include_once $_SERVER['PHP_ROOT'].'/lib/feed/newsfeed.php';
include_once $_SERVER['PHP_ROOT'].'/lib/poke.php';
as I understand it the "$_SERVER['PHP_ROOT']" is defined by Facebook but what can we assume it contains, or is defined as??? and why are they using it?

3. this ones easy...
I just want a little more explanation of what this notation:

Code: Select all

../.../../
does... I understand it allows for some file traversing? but why is a security concern? what do I need to know about the two, three period thing..?

THANKS IN ADVANCE...

Having some explanation of these things will help me sleep at night:)

Andrew


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Thu Oct 18, 2007 3:33 pm
by Christopher
1. Heredoc notation is a way to encapsulate strings. Read about it in the manual: http://www.php.net/types.string

2. $_SERVER is a superglobal variable declared by PHP that contains information about the server. Create a the following file and run it to see a lot of information about your PHP installation (do not leave this file in a public directory though):

Code: Select all

<?php
phpinfo();
3. In Unix filesystems ".." is the directory that is the parent of the current directory. The syntax "../../.." references up three directory levels (the parent's, parent's, parent directory). For security reasons it is important to clean untrusted values to only allow relative paths in a known directory tree.

Posted: Thu Oct 18, 2007 3:56 pm
by arpowers
Thanks..

One point though about the $_SERVER in the Facebook code is that the PHP_ROOT isn't an automatic variable created by the software... the only place it shows up is in FB... so what have they defined it as and where did they define it??
(does that make sense?)

AP

Posted: Thu Oct 18, 2007 4:12 pm
by pickle
...curious why it matters?

I would imagine they use it to store the path where their PHP code is stored, which I'd guess is out of the web root.

Posted: Thu Oct 18, 2007 10:58 pm
by Kieran Huggins
When you define environment variables in your httpd.conf file, it shows up in the $_SERVER[] array in PHP. I'll bet this is what they're using.

There was a link to an environment variable tutorial a few days ago in a database access thread that explains it all in more detail. Anyone remember the link/thread?