Re: Using a heredoc in PHP as in Perl [message #171910 is a reply to message #171907] |
Thu, 20 January 2011 21:15 |
P E Schoen
Messages: 86 Registered: January 2011
Karma:
|
Member |
|
|
"P E Schoen" wrote in message news:gb0_o(dot)3626$LB4(dot)1808(at)newsfe06(dot)iad...
> I need to add authentication to the server side, and my Perl script is in
> the cgi-bin folder with permissions 711 where it can't be seen. I'm
> running the PHP script in another folder and it has permissions 755.
> I suppose the PHP document could be in the cgi-bin folder?
OK, I verified this, although I was concerned when the View|Source showed
something. However, it was only the HTML that was generated to stdin, so the
actual code is secure.
Now I'll see if I can use PHP to rewrite the entire EventProcessor, or just
call a short PHP script which will purify the HTML and then execute the perl
script.
Now, to help make the decision about Perl vs PHP, I found this:
http://www.thesitewizard.com/archive/phpvscgi.shtml
However I don't know if the example code is correct (I see two possible
errors):
<body>
<h1>My First PHP Script</h1>
<p>
Welcome, Internet user from IP address
<?echo $_SERVER['REMOTE_ADDR']?>.
Hope you like my first PHP page.
</body>
One downside to PHP may be the difficulty of installing it on my Windows
machine for local testing and debugging. It seems I must also install and
configure an Apache server, which is non-trivial. For Perl I am using
ActivePerl which installs with just a click of the mouse.
Another downside of PHP is the lack of "Taint" checking, which makes Perl
more secure in the case of subtle programming errors, or warnings really.
I will need to see if I can code the equivalent to the PHP for HTMLpurifier
in Perl:
<?php
require_once '../../library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', 'UTF-8'); // replace with your encoding
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional'); // replace with
your doctype
$purifier = new HTMLPurifier($config);
$html = '<b>Simple and short'; // untrusted input HTML
$pure_html = $purifier->purify($html);
echo '<pre>' . htmlspecialchars($pure_html) . '</pre>';
?>
Thanks for the help and patience with a newbie.
Paul
|
|
|