Rants on code, security, randomness and games
PHP – a widely used tool to make websites with.
I’ve been tinkering forever with parser generators; mostly to get behind how they work and what I can do with them.
A (long) while ago, I found myself in need for a Bison-like parser generator for PHP and there was none.
(more…)
A small comparison just cost me half an hour of valueable time.
In an ongoing series, I shall present another PHP WTF: **The Boolean paradox**.
While idly browsing [pastebin][1] (yes, sometimes I do that), I found [something interesting][2]. It’s some mildly obfuscated PHP scripted malware. Curious what it might do, I started reverse engineering it and found what must be the *worst coded trojan **ever.***
[1]: http://pastebin.com/
[2]: http://pastebin.com/7HU17uqA
As of version 5.3 of PHP, certain features and functions are [considered deprecated][1]. It comes with the territory. In major version changes, new features are added while old stuff is discarded. Unsurprisingly – and lucky for me, with that change in versions comes yet another WTF for me to rant about.
[1]: http://www.php.net/manual/en/migration53.deprecated.php
I recently installed [V.J. Catkick@’s Twitter Plugin for WordPress][1]. Shortly thereafter I noticed my [HTML validator Firefox Plugin][2] changing from a pleasing green check mark to a nasty red cross complaining about (X)HTML validation errors.
[1]: http://www.vjcatkick.com/?page_id=5475
[2]: https://addons.mozilla.org/en-US/firefox/addon/html-validator/
As the first entry to the list of my PHP-related WTFs, I present:
**The whitespace of death**
This one has taken me almost a **full hour** to sort out. There may be some good features to PHP, yet this one I don’t think is even one. It should be considered a bug. As my experience has grown in [reporting bugs myself][php-bug1] or trying to [report a bug][php-bug2], I reconsidered and chose not to report it as a “bug”.
[php-bug1]: https://bugs.php.net/bug.php?id=48458
[php-bug2]: https://bugs.php.net/bug.php?id=51112
When browsing [Stackoverflow][so] I often notice users [asking questions][so-q] somehow involving the use of `HTTP_HOST`. I nonchalantly hint on its vulnerable nature and fail to produce a hint on an article explaining why. Which is why I decided to take matters into my own hands.
[so]: http://stackoverflow.com/
[so-q]: http://stackoverflow.com/questions/4652464/how-to-chain-on-mod-rewrite