RobHoward

Ticketbooth, no… ConTikit, no… Effulgent…

I’ve been looking to change SMASH!’s current ticketing system for a long while now.

ConTikit (an online ticket purchase system) was meant be its replacement. Having subsequently found EventBrite, and with it looking more and more promising by the day, what was going to be tandem development of an online and on-the-day ticketing system is now completely focused on the latter.

To this end, I’ve just started reworking the existing Ticketbooth application into something compatible with EventBrite, which I’ve not-very-thoughtfully labeled Effulgent. You’ll find it on GitHub if you look hard enough.

(The GitHubbing being done for the purposes of a) sharing what’s been done, and b) publicly guilting me into actually doing something with it. Umm.)
 

effulgent, php, smash

Posted January 14th, 2010 | No Comments

Quick-&-Dirty Delicious Feeds for Wordpress

After looking around at the available Delicious plugins for Wordpress, I found two functioning ones, both of which that used and had broken tag support.

Ho hum.

Here’s what I used in a pinch; this’ll be turned into a Wordpress plugin with an interface to match the existing Delicious-for-Wordpress plugin. Until that happens:

// TODO: Make plugin, add count, feed and caching configurability.
$delicious_rss = 'http://feeds.delicious.com/v2/rss/damncabbage';
$delicious_item_count = 9;
$encoding = 'utf-8';

$feed = fetch_feed($delicious_rss);
$limit = $feed->get_item_quantity($delicious_item_count);
$items = $feed->get_items(0, $limit);

if ($limit == 0) {
    ?><li>No delicious for you today.</li><?php
} else {
    foreach ($items as $item) {
        $link = htmlentities($item->get_permalink(), ENT_QUOTES, $encoding);
        $title = htmlentities($item->get_title(), ENT_QUOTES, $encoding);
        $tags = $item->get_categories();
        ?>
        <li>
            <p class="link"><a href="<?php echo $link; ?>"><?php echo $title; ?></a></p>
            <p class="tags metadata"><?php
                $tag_links = Array();
                foreach ($tags as $tag) {
                    $term = htmlentities($tag->term, ENT_QUOTES, $encoding);
                    $url = htmlentities($tag->scheme.$tag->term, ENT_QUOTES, $encoding);
                    $tag_links[] = '<a href="'.$url.'">'.$term.'</a>';
                }
                echo implode(', ', $tag_links);
            ?></p>
        </li>
        <?php
    }//end foreach (items)
}//end else (items)

Default caching. Markup mixed with data retrieval. Not pretty.
Expect this one to be pluginified in a couple of days.

delicious, php, wordpress

Posted January 14th, 2010 | No Comments

Not-so-obvious Security Holes: include() and NUL.

Consider the following code:

  if (!empty($_GET['template']) && strpos('/', $_GET['template']) === FALSE) {
    include dirname(__FILE__).'/'.$_GET['template'].'.html';
  }

Save it in display.php, and access it using a URL that looks like:
http://example.com/display.php?template=blue

At first glance, it only includes files in the current directory with the extension “.html”. This isn’t true; access the URL with the following instead and see what happens:
http://example.com/display.php?template=display.php%00

Ouch.
Read the rest of it…

php, security

Posted January 4th, 2010 | No Comments

Archives

• 1 July 2010
• 3 January 2010