Skip to main content

Posts

Showing posts from May 21, 2012

Can something "bad' happen via img src?

I know, I know, title is quite bad, but I'll try to explain what I mean here. So, I ask my members to show their photos. They upload it somewhere, then paste their photos' URL into input and I save it to my database (MYSQL). Then, the photo is being seen on their profiles. I get the URL from database and do something like that: <img src="<?=$photo;?>" height="123px" width="123px">"> where $photo is URL taken from MYSQL. Is it totally safe? Can somebody upload for example .php file and harm my website? Do I need to check if URL's ending is .gif, .png, .jpg?

What should a JSON service return on failure / error

I'm writing a JSON service in C# (.ashx file). On a successful request to the service I return some JSON data. If the request fails, either because an exception was thrown (e.g. database timeout) or because the request was wrong in some way (e.g. an ID that doesn't exist in the database was given as an argument) how should the service respond? What HTTP status codes are sensible, and should I return any data, if any?

Detecting Unsaved Changes using JavaScript

I have a requirement to implement an "Unsaved Changes" prompt in an ASP .Net application. If a user modifies controls on a web form, and attempts to navigate away before saving, a prompt should appear warning them that they have unsaved changes, and give them the option to cancel and stay on the current page. The prompt should not display if the user hasn't touched any of the controls.

Easiest way to simulate no free disk space situation?

I need to test my web app in a scenario where there’s no disk space remaining, i.e. I cannot write any more files. But I don’t want to fill my hard drive with junk just to make sure there’s really no space left. What I want is to simulate this situation withing a particular process (actually, a PHP app).

"How the sausage is made' tour of apache/php/mysql interaction

I am having trouble understanding how apache/php/mysql stack works on a low level (including interaction with the browser). Is there a good description somewhere (a book, a website, etc) that will walk me through the whole path and explaining how starting with a browser reqesting a url, http requests is being sent, how apache talks to php, how php talks to mysql (persistant and non-persistant connections), etc, etc. I want to understand what waits for what in this chain, where timeouts are handled, how long sockets are opened and closed. A book, an article maybe? There is a lot of documentation on each individual component, but I can't find a "walkthrough".

How can I get `find` to ignore .svn directories?

I often use the find command to search through source code, delete files, whatever. Annoyingly, because Subversion stores duplicates of each file in its .svn/text-base/ directories my simple searches end up getting lots of duplicate results. For example, I want to recursively search for uint in multiple messages.h and messages.cpp files:

Add rounded corners to UIImageView

I would like to add some rounded corners to all of the UIImageViews in my project. I have already got the code working, but am having to apply it to every image; should I subclass UIImageView to add this? If so, can someone give me some pointers as to how to do this?