Everyone knows that you need to be careful about what you let you users or the general public upload through a PHP script. At work this week I've seen two separate companies hosting site with us get stung by image upload scripts which allowed a PHP file to be uploaded. Surely this is obviously wrong you say! However, the image upload script did check the uploaded file to confirm it was an image, and it did so with the file command. However, the PHP file cunningly had GIF89a as it's first line - tricking file into believing it was an image.
jeffw's blog
The dangers of file uploads
By jeffw - Posted on August 21st, 2008
OpenSolaris snv_95
By jeffw - Posted on August 21st, 2008
Tagged:
Looks like snv_95 has fixed my issues - I'm up and running again. From my snv_90 version, Firefox 3.0 and the newer package manager are welcome additions - but I still can't get my wireless up and running. I've got a Dell Inspiron 6000 with an Intel Corporation PRO/Wireless 2200BG Network Connection (and to find that name I just found out that solaris' version of lspci is scanpci).
mod_fcgid and timeouts
By jeffw - Posted on August 19th, 2008
At work we use mod_fcgid to run php (libapache2-mod-fcgid from Debian to be exact). This makes php nice and fast, but more importantly, it runs each site's php pages as that site's user. However, if php scripts start running for a long time, we start seeing cryptic error messages in the browser ("Premature end of script headers: php4-fcgi" for example) and also as cryptic errors in Apache's error log. And those error.log messages seem quite hard to link back to the fcgid config so I thought I'd document them here.
exit(idle timeout), terminated by calling exit(), return code: 0
Problems with Open Solaris snv_94
By jeffw - Posted on August 12th, 2008
Tagged:
I've been running Open Solaris dual boot on my laptop (really should get around to installing it under Virtual Box). Mostly I've been wanting to have a play around with ZFS and get used to finding stuff. My major issue has been getting my Intel 2200BG wireless card connecting to my wireless and home and at work.
Anyway, I updated to snv_94 to see what excitement that had for me - to find that it doesn't boot. I get some error about genunix and the system reboots. I've attached the "screen shot" I took with my camera so I could get the error message.
