PHP Programming Language - Cultural View
PHP Programming Language - Cultural View PHP Programming Language - Cultural View
Magic quotes 114 Other approaches • Some languages such as Perl [8] and Ruby [9] opt for an approach involving data tainting, where data from untrusted sources, such as user input, are considered "tainted" and can not be used for dangerous operations until explicitly marked as trustworthy, usually after validation and/or encoding. Since the construction of SQL queries is considered "dangerous" in this context, this forces the programmer to address the problem. Tainting does not solve the problem, but it does highlight those instances where there is a problem so that the programmer is able to solve them appropriately. • Joel Spolsky has suggested using a form of Hungarian notation that indicates whether data are safe or unsafe. [10] • Modern database engines and libraries use parametrised queries to pass data to the database separately from SQL commands, greatly reducing the need to escape data before constructing the queries. See also • SQL injection • PHP External links • PHP manual on magic quotes [11] References [1] [http:http://php.net/manual/en/security.magicquotes.php "PHP: Magic Quotes"]. http:. Retrieved 2009-05-02. [2] "PHP:Why use magic quotes?" (http://uk.php.net/manual/en/security.magicquotes.why.php). PHP documentation. . Retrieved 2007-02-19. [3] "PHP:Why not to use magic quotes" (http://uk.php.net/manual/en/security.magicquotes.whynot.php). PHP documentation. . Retrieved 2007-02-19. [4] "Quotation marks are double escaped when editing a comment" (http://trac.wordpress.org/ticket/2768). WordPress issue tracker. . Retrieved 2007-02-19. [5] Chris Shiflett. "addslashes() versus mysql_real_escape_string()" (http://shiflett.org/blog/2006/jan/ addslashes-versus-mysql-real-escape-string). . Retrieved 2007-02-19. [6] MySQL AB. "Changes in release 5.0.22 (24 May 2006)" (http://dev.mysql.com/doc/refman/5.0/en/news-5-0-22.html). MySQL 5.0 Reference Manual. . Retrieved 2007-02-19. [7] PHP Group (2005-11-12). "Minutes PHP Developers Meeting" (http://www.php.net/~derick/meeting-notes.html#magic-quotes). . Retrieved 2007-02-19. [8] Dan Ragle (2006-04-18). "Introduction to Perl's Taint Mode" (http://www.webreference.com/programming/perl/taint/). webreference.com. . Retrieved 2007-03-21. [9] "Locking Ruby in the Safe" (http://www.rubycentral.com/book/taint.html). Programming Ruby. . Retrieved 2007-03-21. [10] Joel Spolsky (2005-05-11). "Making Wrong Code Look Wrong" (http://www.joelonsoftware.com/articles/Wrong.html). Joel on Software: Painless Software Management. . Retrieved 2007-02-19. [11] http://www.php.net/manual/en/security.magicquotes.php
Mambo (software) 115 Mambo (software) Developer(s) Mambo Foundation Inc. Stable release 4.6.5 [1] / June 26, 2008 Written in PHP Operating system Cross-platform, PHP-compatible -- Linux preferred Type Content management system License GNU General Public License v2 Website http://mambo-foundation.org Mambo (formerly named Mambo Open Source or MOS) is a free software/open source content management system (CMS) for creating and managing websites through a simple web interface. Features Mambo includes advanced features such as page caching to improve performance on busy sites, advanced templating techniques, and a fairly robust API. It can provide RSS feeds and automate many tasks, including web indexing of static pages. Advanced interface features include printable versions of pages, news flashes, blogs, forums, polls, calendars, website searching, language internationalization, and many others. Mambo Foundation The rights to the Mambo CMS codebase, name and copyrights, are protected by the Mambo Foundation [2] , a non-profit corporation formed to support and promote the Mambo Open Source project. [3] The Mambo Foundation is a non-profit entity established under the laws of Australia. The Foundation is based on Eclipse and GNOME and is controlled by the members of the Foundation via an elected Board of Directors. The Mambo Foundation's brief is to foster the development of the Mambo system and to shelter the project from threats and misuse. Timeline of Mambo History • 2000: Miro Construct Pty Ltd, registered in March 2000 in Melbourne, and headed up by CEO Peter Lamont, a former advertising executive, starts development of Mambo, a closed-source, proprietary content management system. • 2001: The company adopted a dual licensing policy, releasing Mambo Site Server under the GPL on Sourceforge in April 2001. • May 2001: The mamboserver.com domain name is registered. • From this time until the middle of 2002, Miro was the only developer of Mambo, contributing bug-fixes and security patches but not really extending the code or adding to the feature sets. • 2002: Miro releases the commercial CMS called Mambo 2002. [4] • With version 3.0.x, the open source Mambo Site Server becomes "Mambo Open Source" (commonly referred to as "MOS"). • Robert Castley becomes Project Director of Mambo Open Source. [5] • By the end of 2002, Robert Castley had pulled together a volunteer team of developers.
- Page 69 and 70: EpesiBIM 63 See also • SugarCRM
- Page 71 and 72: Flash Gallery 65 See also • Photo
- Page 73 and 74: Flash MP3 Player 67 See also • Co
- Page 75 and 76: FluxBB 69 Future development FluxBB
- Page 77 and 78: Frog CMS 71 Frog CMS Developer(s) P
- Page 79 and 80: Gallery Project 73 Gallery Project
- Page 81 and 82: Gamboo Web Suite 75 Gamboo Web Suit
- Page 83 and 84: Gateway Anti-Virus 77 Gateway Anti-
- Page 85 and 86: Group-Office 79 Group-Office Develo
- Page 87 and 88: Habari 81 Habari Developer(s) Habar
- Page 89 and 90: Habari 83 Development model 0.6.4 F
- Page 91 and 92: Horde (software) 85 Horde (software
- Page 93 and 94: HuMo-gen 87 Display Features Beside
- Page 95 and 96: IPBWI 89 IPBWI Developer(s) Matthia
- Page 97 and 98: Icy Phoenix 91 Icy Phoenix Develope
- Page 99 and 100: Icy Phoenix 93 External links • O
- Page 101 and 102: Injader 95 Injader Developer(s) Ben
- Page 103 and 104: Intelestream 97 Partners Intelestre
- Page 105 and 106: Invision Power Board 99 Invision Po
- Page 107 and 108: Invision Power Board 101 References
- Page 109 and 110: Joomla 103 Joomla Developer(s) The
- Page 111 and 112: Joomla 105 [1] http://Joomla.org/ [
- Page 113 and 114: Joomsef 107 External links • Offi
- Page 115 and 116: KnowledgeBase Manager Pro 109 [5] "
- Page 117 and 118: List of PHP accelerators 111 Zend P
- Page 119: Magic quotes 113 Magic quotes Magic
- Page 123 and 124: Mambo (software) 117 • The former
- Page 125 and 126: Mambo (software) 119 [19] "NYS Depa
- Page 127 and 128: Merlintalk 121 • 2008: Released m
- Page 129 and 130: MetaBB 123 References [1] http://fo
- Page 131 and 132: Midgard (software) 125 Midgard (sof
- Page 133 and 134: Midgard (software) 127 See also •
- Page 135 and 136: Midgard Lite 129 Midgard Lite Midga
- Page 137 and 138: MindTouch Deki 131 History MindTouc
- Page 139 and 140: MindTouch Deki 133 Users of the Com
- Page 141 and 142: Moodle 135 Moodle Moodle course scr
- Page 143 and 144: Moodle 137 show, it has been cited
- Page 145 and 146: Moodle 139 See also • Learning ma
- Page 147 and 148: MyBB 141 MyBB A default installatio
- Page 149 and 150: MyBB 143 free software released und
- Page 151 and 152: NETSOFTWARE 145 Structure of compan
- Page 153 and 154: User:Nichescript/Affiliate Niche Sr
- Page 155 and 156: Ning (website) 149 Feature modifica
- Page 157 and 158: Ning (website) 151 [11] http://blog
- Page 159 and 160: NolaPro 153 In May 2005, NolaPro wa
- Page 161 and 162: ocPortal 155 ocPortal Developer(s)
- Page 163 and 164: ocPortal 157 Version history • Ma
- Page 165 and 166: Open Realty 159 References [1] Open
- Page 167 and 168: Opus (content management system) 16
- Page 169 and 170: osCommerce 163 osCommerce Developer
Magic quotes 114<br />
Other approaches<br />
• Some languages such as Perl [8] and Ruby [9] opt for an approach involving data tainting, where data from untrusted<br />
sources, such as user input, are considered "tainted" and can not be used for dangerous operations until explicitly<br />
marked as trustworthy, usually after validation and/or encoding. Since the construction of SQL queries is<br />
considered "dangerous" in this context, this forces the programmer to address the problem. Tainting does not solve<br />
the problem, but it does highlight those instances where there is a problem so that the programmer is able to solve<br />
them appropriately.<br />
• Joel Spolsky has suggested using a form of Hungarian notation that indicates whether data are safe or unsafe. [10]<br />
• Modern database engines and libraries use parametrised queries to pass data to the database separately from SQL<br />
commands, greatly reducing the need to escape data before constructing the queries.<br />
See also<br />
• SQL injection<br />
• <strong>PHP</strong><br />
External links<br />
• <strong>PHP</strong> manual on magic quotes [11]<br />
References<br />
[1] [http:http://php.net/manual/en/security.magicquotes.php "<strong>PHP</strong>: Magic Quotes"]. http:. Retrieved 2009-05-02.<br />
[2] "<strong>PHP</strong>:Why use magic quotes?" (http://uk.php.net/manual/en/security.magicquotes.why.php). <strong>PHP</strong> documentation. . Retrieved<br />
2007-02-19.<br />
[3] "<strong>PHP</strong>:Why not to use magic quotes" (http://uk.php.net/manual/en/security.magicquotes.whynot.php). <strong>PHP</strong> documentation. . Retrieved<br />
2007-02-19.<br />
[4] "Quotation marks are double escaped when editing a comment" (http://trac.wordpress.org/ticket/2768). WordPress issue tracker. .<br />
Retrieved 2007-02-19.<br />
[5] Chris Shiflett. "addslashes() versus mysql_real_escape_string()" (http://shiflett.org/blog/2006/jan/<br />
addslashes-versus-mysql-real-escape-string). . Retrieved 2007-02-19.<br />
[6] MySQL AB. "Changes in release 5.0.22 (24 May 2006)" (http://dev.mysql.com/doc/refman/5.0/en/news-5-0-22.html). MySQL 5.0<br />
Reference Manual. . Retrieved 2007-02-19.<br />
[7] <strong>PHP</strong> Group (2005-11-12). "Minutes <strong>PHP</strong> Developers Meeting" (http://www.php.net/~derick/meeting-notes.html#magic-quotes). .<br />
Retrieved 2007-02-19.<br />
[8] Dan Ragle (2006-04-18). "Introduction to Perl's Taint Mode" (http://www.webreference.com/programming/perl/taint/).<br />
webreference.com. . Retrieved 2007-03-21.<br />
[9] "Locking Ruby in the Safe" (http://www.rubycentral.com/book/taint.html). <strong>Programming</strong> Ruby. . Retrieved 2007-03-21.<br />
[10] Joel Spolsky (2005-05-11). "Making Wrong Code Look Wrong" (http://www.joelonsoftware.com/articles/Wrong.html). Joel on<br />
Software: Painless Software Management. . Retrieved 2007-02-19.<br />
[11] http://www.php.net/manual/en/security.magicquotes.php