Testing

Hi,

I’m going to mark this ticket as solved. In case there’s anything else you’d like to know, please let us know and we’ll be happy to help!

XSLT can be bulky to manage, and essentially adds an extra programming language that developers would have to work in (at least if I understand your description correctly). My experience has been that relatively few people know it, and even fewer can make it do what they want.

Since you are already using Smarty, you may want to consider the PEAR package HTML_QuickForm (this page says it’s being replaced by v2, but that’s still in alpha. V1 is pretty solid).

The package allows you to build and process your forms in an easy, straightforward API, and then has a renderer class that works with Smarty. Basically, you can spit out your entire form as an array of objects that Smarty can then render for you. You can control the look and feel with CSS. HTML_QuickForm can be configured to have client-side or server-side validation, or both. You just set up your rules for validation, and it just works. Hope that helps.

Arrays do violate normalization; in my experience with internationalization databases I’ve found that having a the phrases normalized is the best design,

I allows you to easily make wholesale copies of rows – for instance ‘es’ to ‘es-mx’ or ‘en’ to ‘en-US’, ‘en-GB’, and my favorite: ‘xx-piglatin’. In an array schema, you would either have to re-write every record or add complex parsing or use something more complex than arrays, like XML.

It is relatively easy to use LEFT JOINs for find untranslated phrases for work and also to use COALESCE to return a default so the program remains usable even if the phrase is not translated.

I’ve tested all exploits I know on HTML Purifier and it did very well. It filters not only HTML, but also CSS and URLs.

Once you narrow elements and attributes to innocent ones, the pitfalls are in attribute content – javascript: pseudo-URLs (IE allows tab characters in protocol name – java script: still works) and CSS properties that trigger JS.

Parsing of URLs may be tricky, e.g. these are valid: http://spoof.com:xxx@evil.com or //evil.com. Internationalized domains (IDN) can be written in two ways – Unicode and punycode.

Go with HTML Purifier – it has most of these worked out. If you just want to fix broken HTML, then use HTML Tidy (it’s available as PHP extension).

I used HTML Purifier with success and haven’t had any xss or other unwanted input filter through. I also run the sanitize HTML through the Tidy extension to make sure it validates as well.

Look at SuperTab for making tab-autocompletion in Vim a bit easier to use than the standard bindings. You may also want to look into ctags, if you’re into code indexing. Google “php vim ctags” and you’ll see plenty of articles describing how to set it up.

The official Vim Wiki has a PHP section with some good tips, like integrating the official PHP documentation.

You don’t necessarily need to use SVN to deploy the files to the server. Keep using FTP for that and just use SVN for revision history.

For quick updates I just run svn update from the server.

Sometimes for really really quick updates I edit the files using vim and commit them from the server.

It’s not very proper, but quick and quite reliable.

A session in PHP has the purpose of preserving some state over several requests, since HTTP in itself is stateless. To get a session from PHP, simply request a php page that starts a session, and keep the cookie you get back for subsequent requests.

Starting a session in php is simple – call the session_start() function. That function will resume an existsing session if the cookie exists in the request. When the session is started, persistent variables can be set using the superglobal array $_SESSION. It’s a good idea to store a ‘is logged in’-token there =) To end the PHP session, set $_SESSION to array(), so that the token is destroyed.

Session management changed some time back (I think it was around 4.4). The old mechanism still works, but is deprecated. It’s rather confusing, so I recommend staying clear of it. Today, you use sessions by accessing the global variable $_SESSION (It’s an array). You can put object instances in there, but you need to load the class definitions for those objects before starting the session on the next page. Using autoload can help you out here.

You must start a session before you can use $_SESSION. Since starting the session sends headers, you can’t have any output before. This can be solved in one of two ways: Either you always begin the session at the start of your script. Or you buffer all output, and send it out at the end of the script.

One good idea is to regenerate the session on each request. this makes hijack much less likely.
That’s (slightly) bad advice, since it can make the site inaccessible. You should regenerate the session-id whenever a users privileges changes though. In general that means, whenever they log in. This is to prevent session-fixation (A form of session-hijacking). See this recent thread @ Sitepoint for more on the subject.

Using cookiebased sessions only is OK, but if you regenerate session id’s on login, it doesn’t add any additional security, and it lowers accessibility a bit.

You can store PHP sessions in database, as described in this book. I have used this method and I find it secure and easy to implement, so I would reccomend it.

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident.

#activate_pack, .topic-pack {
    background-color: #1ABC9C;
    color:#fff;
    padding:10px 20px;
    cursor:pointer;
    display: inline-block;
}
.knowledge .breadcrumbs {
    background-color: #00a4ef;
    color: #ffffff;
    height: 70px;
    width: 100%;
}

Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident.
Thanks

Use eval :

userInput = 'hi'
hList = [2, 5, 3]
iList = [6, 6, 2]
userInputLen = len(userInput)
for i in range (0, userInputLen):
    for objects in eval(userInput[i] + 'List'):
        print(objects)

Without eval,userInput[i] + ‘List’ is a string;with eval,it points to a variable called hList or iList.