[QUOTE=TerabyteS_;32809701]Regex to get rid of unwanted directory traversal:
[img]http://www.gabrielecirulli.com/p/20111016-131411.png[/img]
[editline]16th October 2011[/editline]
Am I doing it right?[/QUOTE]
You are not, regex will only bring more trouble. In the words of Jamie Zawinski, 1997:
"[I]Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems.[/I]"
I've had to deal with this when developing dirp, and my solution was the following:
[url]https://github.com/FilipeD/dirp/blob/master/dirp/file.php#L323[/url]
For reference, [b]app::conf()->files[/b] is the base directory that is accessible, that means anything above it on the file hierarchy is out of bounds. [b]DS[/b] is a shorthand I defined for the built-in [b]DIRECTORY_SEPARATOR[/b], which is an OS-specific path separator character (so it'll usually be "/" or "\\").
The first loop in that method is specific to dirp, as it matches directories against some user-defined patterns, what you want to focus on is the use of [b]realpath[/b], which expands dotted syntax to a fully qualified path (be sure to check the docs for it), and from there I slice the various path sections to make sure the input path is indeed relative to my defined base path.
Let me know if you have any more questions.
Just made a huge overhaul to my website. There are a few things I could do to make the files a little more readable and that's what I'm working on at the moment. But as it stands, I like the pages.
[img]http://i.imgur.com/yJWl3.png[/img]
[url]www.craigwilkinson.co.uk[/url]
[QUOTE=StinkyJoe;32810255]You are not, regex will only bring more trouble. In the words of Jamie Zawinski, 1997:
"[I]Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems.[/I]"
I've had to deal with this when developing dirp, and my solution was the following:
[url]https://github.com/FilipeD/dirp/blob/master/dirp/file.php#L323[/url]
For reference, [b]app::conf()->files[/b] is the base directory that is accessible, that means anything above it on the file hierarchy is out of bounds. [b]DS[/b] is a shorthand I defined for the built-in [b]DIRECTORY_SEPARATOR[/b], which is an OS-specific path separator character (so it'll usually be "/" or "\\").
The first loop in that method is specific to dirp, as it matches directories against some user-defined patterns, what you want to focus on is the use of [b]realpath[/b], which expands dotted syntax to a fully qualified path (be sure to check the docs for it), and from there I slice the various path sections to make sure the input path is indeed relative to my defined base path.
Let me know if you have any more questions.[/QUOTE]That won't protect me against traversing to directories that are in the document root though, will it?
[QUOTE=TerabyteS_;32810802]That won't protect me against traversing to directories that are in the document root though, will it?[/QUOTE]
It'll protect you against users trying to access files above your specified base directory. There are simpler methods if you're only looking to control horizontal access, for which you can probably limit file names to alphanumeric only and take care of the rest internally, or something. It really depends on what exactly you're working with.
[QUOTE=StinkyJoe;32810894]It'll protect you against users trying to access files above your specified base directory. There are simpler methods if you're only looking to control horizontal access, for which you can probably limit file names to alphanumeric only and take care of the rest internally, or something. It really depends on what exactly you're working with.[/QUOTE]Right now I just need a way to access and output the code of a template given a name. Templates are named something like "name.template.html" so I just add ".template.html" to the name and that's the name of my file. Then I strip the slashes and dots away through preg and finally look for the adequate file in the templates folder. Is this okay?
[editline]16th October 2011[/editline]
Right now the code
[img]http://gabrielecirulli.com/p/20111016-154642.png[/img]
does this
[img]http://gabrielecirulli.com/p/20111016-154621.png[/img]
That should be secure enough, right?
I'm experimenting with HTML 5 video as a substitute for animated GIFs in, say the screenshots thread in General Games discussion.
[url]http://83.84.18.218/dev/[/url]
I'm planning to release software to embed these videos in an image that will say the user needs to download an extension to see the video. An extension in the browser will detect these image embedded videos and load them as HTML 5 video.
What are your thoughts on this?
[QUOTE=Overv;32811173]I'm experimenting with HTML 5 video as a substitute for animated GIFs in, say the screenshots thread in General Games discussion.
[url]http://83.84.18.218/dev/[/url]
I'm planning to release software to embed these videos in an image that will say the user needs to download an extension to see the video. An extension in the browser will detect these image embedded videos and load them as HTML 5 video.
What are your thoughts on this?[/QUOTE]Why not just ask garry to add support for html video embedded in images?
[QUOTE=TerabyteS_;32811992]Why not just ask garry to add support for html video embedded in images?[/QUOTE]
Because then you still have the same scenario as with YouTube videos. They need to autoplay and loop.
[QUOTE=nos217;32810565]Just made a huge overhaul to my website. There are a few things I could do to make the files a little more readable and that's what I'm working on at the moment. But as it stands, I like the pages.
[img]http://i.imgur.com/yJWl3.png[/img]
[url]www.craigwilkinson.co.uk[/url][/QUOTE]
coolvetica :suicide:
I am starting [URL="http://untoldmagic.com"]this website[/URL] and I want to populate it with ten years old. I don't really have a plan rather than improving it little by little based on feedback and needs that could appear. So my concept is doing something that "will never work", "has been done 10 times already".
[IMG]http://img851.imageshack.us/img851/7681/untold1.jpg[/IMG]
[IMG]http://img846.imageshack.us/img846/7123/untold2.jpg[/IMG]
Gimme some feedback. I need inspiration. You are encouraged to come troll on my website, if its well done. But atm you would be alone since I haven't launched it officially.
[QUOTE=StinkyJoe;32787876]I got too lazy to fix/finish this. If anyone's interested:
[code]<?php
$pdo = new PDO('sqlite:forum.db'); $do=isset($_GET['x'])? $_GET['x']:null;$t =( array)isset($_GET['t'])?:array( 0)
;$pdo->exec('create table IF NOT'. ' EXISTS t(id INTEGER' .' PRIMARY KEY AUTO' .'INCREMENT,b TEXT,d INTEGER,p INT'
.'EGER)');if ($do!='p' ){$c = $pdo->prepare( 'SELECT * FROM t WHE' .'RE p=? ' . ' ORDER'
.' BY d DES' . 'C; '); $c->execute($t);$pos= $c->fetchAll(constant ('PDO::FET' . 'CH_OBJ'
));}else if( $do== 'p' ){$b=isset($_POST['b' ])?$_POST['b']: null; $a='b';if(! empty( $$a
)){$a=$pdo-> prepare( 'INSERT INTO t (b,d,p)VALUES(?,datetime(),?)'); $a->execute ( array (
$b,$t[0]));} header('Location: .'); exit;}?><head><title>super forum</title><style> html {font:14px sans-serif}</style>
<meta charset="utf-8"><body><h1>▐► <?php echo $t ? 'Viewing Thread' : 'Super Foru' .'m!'; ?></h1> <form method= "POST"
<?php echo ' action="?x=p&t='.$t[0] .'"><textarea name="' .'b" rows=6'
.' cols=60>' .'</textarea><input '. 'type="hidden" value' .'= "'.$t[0]
.'" name=t' .'><input type="subm'. 'it" value="post!!">' ; ?> </form>
<div class= 'forum'><?php foreach( $pos as $p):?> <div> <?php if($t
==0): ?><h1> <?php echo substr($p-> b,0, max(32,strlen($b ))) ?> </h1>
<?php break; else:?><?php echo $p-> b?><?endif;endforeach ;?> [B][U]poopdick[/U][/B][/code]
It's a forum. Right now it'll throw an error about an unexpected $end because I didn't bother fixing the two control statements near the end.[/QUOTE]
:v:
[QUOTE=Larikang;32797002]Anyone here use Rails? Ruby was the second programming language I ever learned and Rails was my first introduction to web development, so it's what I like. But it seems like it's still largely unaccepted despite years of stable development.[/QUOTE]\
Where the hell are you getting the idea that rails is widely unaccepted? Rails has a huge following.
You've probably noticed that a lot of people around these forums use large GIF files to show something (game footage, coding project, ...). Instead of using a YouTube video, they use a GIF to instantly attract attention. Nothing wrong with that, because GIFs were made for animation, right? Wrong. GIFs are perfect for frame-by-frame animation, but not for smooth animation like in a video. It is so bad at compressing smooth animation that even a 3 second clip can result in a 3 MB GIF file. So, why not use real video encoders instead? This is what my project is all about.
[b]Technical information[/b]
I've written a simple Greasemonkey/Chrome extension that looks for image tags like the following in posts:
[noparse][img]http://i.imgur.com/swILD.gif#video[/img][/noparse]
The GIF that is linked appears like a normal GIF image to a regular browser:
[img]http://i.imgur.com/hGEj4.gif[/img]
However, the #video tag hints that this is more than a simple GIF. This file is actually a GIF with a WebM video attached to it. The extension sees this and extracts the video from it and displays it. Because the file appears like a GIF image, it can be uploaded to regular image hosts like imgur, shown above.
[b]So, how do I use it?[/b]
[b]1.[/b] Install the [url=http://open.gl/fpvid.user.js]extension[/url] for your browser (supports latest Chrome and Firefox with Greasemonkey). To see if it's working, refresh this page and look at the bottom of this post.
[b]2.[/b] Capture a video with FRAPS, Camstudio or another method.
[b]3.[/b] Select the part of the video you want, resize it to something like 480x300 and save it in a video editor you prefer (I use VirtualDub and save as uncompressed AVI). So, now you have the video clip you want to share with a reasonable size.
[b]4.[/b] Now convert it to WebM (vp8) with a video converter like [url=http://www.mirovideoconverter.com/]Miro Video Converter[/url] or if you can save it in your video editor directly, do so. This should get you a file like video.webm.
[b]5.[/b] Extract this file: [url=http://open.gl/fpvideotoolkit.zip]fpvideotoolkit.zip[/url]
[b]6.[/b] Drop your video.webm file on the .bat script.
[b]7.[/b] Upload the generated video.gif on [url=http://imgur.com/]imgur.com[/url] or another site [b]that doesn't resize images[/b].
[b]8.[/b] Post the video in like this: [noparse][img]http://imgur.com/file.gif#video[/img][/noparse]
Result:
[img]http://i.imgur.com/swILD.gif#video[/img]
(Use this as test to see if the extension is installed successfully.)
[b]Conclusion[/b]
This may seem like a lot of steps, but remember that you won't be posting a video every single post and that converting a video to a GIF isn't really a smooth process either.
So, could you guys try installing the extension and see if it's showing the Battlefield 3 clip correctly in both Chrome and Firefox? If the extension is working for you, could you try uploading a clip and posting it here? I'd also like to hear feedback on the thing itself.
That is pretty freakin' sweet Overv. It's working great on FF 7.
Looks awesome, Overv. However, is there a way to have the video toolkit on OS X? I mainly run OS X and I would like to use it. (Extension is also working great in Chrome right now for me)
You should include a shortened link to the extension js in the GIF text that is displayed.
[editline]16th October 2011[/editline]
[QUOTE=anton;32814448]Looks awesome, Overv. However, is there a way to have the video toolkit on OS X? I mainly run OS X and I would like to use it. (Extension is also working great in Chrome right now for me)[/QUOTE]
All the bat does is join both files and output them as video.gif
You could use the osx terminal to do the same thing.
[QUOTE=anton;32814448]Looks awesome, Overv. However, is there a way to have the video toolkit on OS X? I mainly run OS X and I would like to use it. (Extension is also working great in Chrome right now for me)[/QUOTE]
Try this:
[code]cat header.gif video.webm >> video.gif[/code]
[QUOTE=Alcapwne;32812748]coolvetica :suicide:[/QUOTE]
Your opinion.
Something like this might work although I'm not 100% about it.
[code]
cat ~/Desktop/header.gif, ~/Desktop/video.webm > ~/Desktop/video.gif
[/code]
[editline]16th October 2011[/editline]
Does Unix have .bat style files?
[QUOTE=jaybuz;32814865]Something like this might work although I'm not 100% about it.
[code]
cat ~/Desktop/header.gif, ~/Desktop/video.webm > ~/Desktop/video.gif
[/code]
[editline]16th October 2011[/editline]
Does Unix have .bat style files?[/QUOTE]
Yes, shell scripts (.sh).
[editline]bla[/editline]
I've put up a new toolkit with info for Mac OS X/Linux and with a new GIF:
[img]http://i.imgur.com/hGEj4.gif[/img]
[QUOTE=nos217;32810565]Just made a huge overhaul to my website. There are a few things I could do to make the files a little more readable and that's what I'm working on at the moment. But as it stands, I like the pages.
-image-
[url]www.craigwilkinson.co.uk[/url][/QUOTE]
100% width :(
Would this work as shell script on OSX?
[code]
on open of finderObjects
repeat with currFile in finderObjects
set unixPath to POSIX path of currFile
set fname to do shell script "basename " & unixPath
do shell script "cat header.gif " & fname & " >> video.gif"
end repeat
end open
[/code]
I think it loops through all the files that are dropped on the script so it would probably overwrite the video.gif each time but oh well. That's if it even works.
[QUOTE=Overv;32814220]-video stuff-[/QUOTE] Just bringing a few ideas to the table:
Since this will allow for much longer videos at a much lower price, why not add a simple UI to the video so that when loaded it will automatically loop but there are buttons to disable looping or skip to other parts of the video.
Another thing: this might open up for a few unwanted things, like people posting porn clips, etc. I think you should make it so that when the video is loaded it won't run automatically and instead show a still of the first frame and possibly a close button, so that if an user sees an unwanted video popping up he'll be able to hide it instantly.
[QUOTE=TerabyteS_;32816566]Just bringing a few ideas to the table:
Since this will allow for much longer videos at a much lower price, why not add a simple UI to the video so that when loaded it will automatically loop but there are buttons to disable looping or skip to other parts of the video.
Another thing: this might open up for a few unwanted things, like people posting porn clips, etc. I think you should make it so that when the video is loaded it won't run automatically and instead show a still of the first frame and possibly a close button, so that if an user sees an unwanted video popping up he'll be able to hide it instantly.[/QUOTE]
At least it doesn't have sound. :v:
[QUOTE=TerabyteS_;32816566]Just bringing a few ideas to the table:
Since this will allow for much longer videos at a much lower price, why not add a simple UI to the video so that when loaded it will automatically loop but there are buttons to disable looping or skip to other parts of the video.
Another thing: this might open up for a few unwanted things, like people posting porn clips, etc. I think you should make it so that when the video is loaded it won't run automatically and instead show a still of the first frame and possibly a close button, so that if an user sees an unwanted video popping up he'll be able to hide it instantly.[/QUOTE]
Sound good, re-enable the UI. I'm not sure about not running automatically yet, since GIFs do that too and it has never been a problem.
I've updated the script (remove the old script and use the one from the new url) to support any GIF now. So you can use your own header.gif if you want to, although I don't recommend it.
Nice work Overv!
Another node, any opinions on the following idea?:
For developervps, instead of selling 'one vm' we sell the normal stuff (bandwidth, space, ram, burst) but all accounts are technically resellers, enabling you to create multiple VM's within the given limits. I'm not sure if it's been done before, but I've never found it and it could be a sweet little feature?
[QUOTE=Fizzadar;32817504]Nice work Overv!
Another node, any opinions on the following idea?:
For developervps, instead of selling 'one vm' we sell the normal stuff (bandwidth, space, ram, burst) but all accounts are technically resellers, enabling you to create multiple VM's within the given limits. I'm not sure if it's been done before, but I've never found it and it could be a sweet little feature?[/QUOTE]
I can see that working well if you had a sweet api to provision / delete VPSs
Another of many projects I'm working on:
[url]http://www.meikledesign.co.uk/host/grate/[/url]
[QUOTE=Meekal;32819339]Another of many projects I'm working on:
[url]http://www.meikledesign.co.uk/host/grate/[/url][/QUOTE]monospace whyyyyyyyyy
[QUOTE=TerabyteS_;32819525]monospace whyyyyyyyyy[/QUOTE]
I know :P
I just felt it looks nice with the theme.
Sorry, you need to Log In to post a reply to this thread.
