Entries in Programming (99)

Monday
Jan242011

CodeIgniter from Scratch: Searching Data without Query Strings

DateMon 2011-01-24

A Nettuts+ video by Burak Guzel on a subject area that I have been working on recently.  I found the video interesting and it contains lots of ideas that I could use, but I have a couple of points:

  • Keeping query strings in the database doesn't look all that scalable.  You are committed to keeping every query string ever used, forever, if you want your URI's to be permanent.
  • The set of movies on a given page will change if movies can be added or deleted from the database, so your URIs will not permanently specify a particular page of movies.  This problem also applies to most pagination systems, I think.

Still, the video is very good, as is the whole CodeIgniter from Scratch series, and I would recommend them to anyone interested in CodeIgniter.

AuthorTristram Brelstaff | CommentPost a Comment |
in , ,
Tuesday
Jan042011

Automatic Type Coercion

DateTue 2011-01-04

When I write PHP code to read in a user name or email address, I do not expect the run-time system to attempt to convert it into a denormalized double-length floating-point number.

AuthorTristram Brelstaff | CommentPost a Comment |
in , ,
Saturday
Aug282010

Filename Horrors

DateSat 2010-08-28

To my mind, one of the biggest mistakes that Microsoft made in Windows 95 was to put a space in the name of the main program installation directory: "C:\Program Files".  This caused untold grief to users as the default installation of lots of otherwise compatible Windows 3.1 programs would fail with messages such as "Can't find directory C:\Program".  And this seemed totally unnecessary: it was is if the marketing people at Microsoft were just showing off that Windows could now handle filenames with spaces in, but had forgotten that many of the programs that users might want to install couldn't handle them.  As a result of this, lots of programs defaulted to installing themselves in the top-level directory "C:\", and I learnt to avoid putting spaces in filenames (and directory names) altogether.  Even now, 15 years later, I will always name a file "some-name.txt" or "some_name.txt" rather than "some name.txt".

I had assumed that the designers of Unix and Linux would not have made such a silly mistake, but I have just come across Fixing Unix/Linux/POSIX Filenames: Control Characters (such as Newline), Leading Dashes, and Other Problems by David A. Wheeler (Via Avery Pennarum.), and the situation seems much worse.  These systems allow control characters such as newlines in filenames.  This is really appalling: you can't hope to build secure software on top of a system that subverts your expectations to such an extent.  As John DuBois said (quoted by Wheeler)  "Newlines in filenames are mainly something you would encounter in a malicious context..".  Anyone who develops software for Unix/Linux systems really should read through Wheeler's article.

AuthorTristram Brelstaff | CommentPost a Comment |
in ,
Tuesday
Jun292010

Another Reason to Learn Haskell

DateTue 2010-06-29

From Real World Haskell (O'Sullivan, Goerzen and Stewart, O'Reilly, 2009, page 38):

In "Function Types and Purity" on page 27 we talked about figuring out the behaviour of a function based on its type signature.  We can apply the same kind of reasoning to polymorphic functions.  Let's look again at fst:

  ghci :type fst
  fst :: (a, b) -> a

First of all, notice that its argument contains two type variables, a and b, signifying that the elements of the tuple can be of different types.

The result type of fst is a.  We've already mentioned that parameteric polymorphism makes the real type inaccessible.  fst doesn't have enough information to construct a value of type a, nor can it turn an a into a b.  So the only possible valid behaviour (omitting infinite loops or crashes) it can have is to return the first element of the pair.

...

There is a deep mathematical sense in which any nonpathological function of type (a,b) -> a must do exactly what fst does.  ...

If this doesn't surpise you when you first come across it, then you haven't been paying attention.

AuthorTristram Brelstaff | CommentPost a Comment |
in , ,
Friday
Jun252010

Gitignore Files disappearing from CodeIgniter Captcha Directory

DateFri 2010-06-25

I am using Git to manage the development and deployment of a website built using CodeIgniter and Tank Auth. In order to prevent git status from flagging captcha image files created during testing, I have placed a .gitignore file into the captcha directory. This file contains the single line:

  *.jpg

However, the captcha plugin supplied with CodeIgniter is a bit overzealous when it comes to cleaning up expired captcha image files: it also deletes the .gitignore file. This happens even when the web-server does not have write access to the .gitignore file. On Linux (I don't know about Windows) to delete a file from a directory you only need write access to the directory, not to the file itself.

[See the update at the foot of this post for a much simpler fix than this one.]

My fix for this was to change the Codeigniter captcha plugin so it only deletes *.jpg files. In file system/captcha_pi.php I changed:

  while($filename = @readdir($current_dir))
  {
    if ($filename != "." and $filename != ".." and $filename != "index.html")
    {
      $name = str_replace(".jpg", "", $filename);
    
      if (($name + $expiration) < $now)
      {
        @unlink($img_path.$filename);
      }
    }
  }

to:

  while($filename = @readdir($current_dir))
  {
    $name = str_replace(".jpg", "", $filename, $count);
  
    if ($count and ($name + $expiration) < $now)
    {
      @unlink($img_path.$filename);
    }
  }

I do not currently have the CodeIgniter cache or logging functions enabled, so I don't know if .gitignore files in the system/cache and system/logs directories will also suffer such deletions.

AuthorTristram Brelstaff | CommentPost a Comment |
in , ,
Page 1 ... 4 5 6 7 8 ... 20 Next 5 Entries ยป