I have just upgraded to Symfony 5.4 and i'm hitting a deprecation notice on my usage of the HEADER_X_FORWARDED_ALL constant.
trigger_deprecation('symfony/http-foundation', '5.2', 'The "HEADER_X_FORWARDED_ALL" constant is deprecated, use either "HEADER_X_FORWARDED_FOR | HEADER_X_FORWARDED_HOST | HEADER_X_FORWARDED_PORT | HEADER_X_FORWARDED_PROTO" or "HEADER_X_FORWARDED_AWS_ELB" or "HEADER_X_FORWARDED_TRAEFIK" constants instead.');
Up until now I have be calling setTrustedProxies with the following:
Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')), Request::HEADER_X_FORWARDED_ALL);
What is the recommended approach for getting rid of this? I am looking at calling setTrustedProxies for each header, but i'm not sure if that's correct. There's nothing clear in the documentation around this.
Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')), Request::HEADER_X_FORWARDED_FOR);
Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')), Request::HEADER_X_FORWARDED_HOST);
Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')), Request::HEADER_X_FORWARDED_PROTO);
Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')), Request::HEADER_X_FORWARDED_PORT);
Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')), Request::HEADER_X_FORWARDED_PREFIX);
Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')), Request::HEADER_X_FORWARDED_AWS_ELB);
Is HEADER_X_FORWARDED_FOR enough? (I also have the application sitting behind an ELB).
Related
I'm trying to migrate a system in codeigniter 2 to version 4 of the same framework, but when I want to execute the function $nomUsr = $ security-> xss_clean ($ this-> input-> post ('nomUsr')); in CI4 this returns an error. I'm forgetting to load something into another file or xss_clean is just no longer used in codeigniter 4?
Thank you very much!!
There is no xss_clean function for CI4 because that is the wrong way to prevent XSS. here is the official reply
XSS_clean should be conspired deprecated. That's a not a recommended
practice to rely on. You should filter your inputs AND escape your
outputs.
Input:
https://codeigniter4.github.io/userguide/libraries/validation.html
https://codeigniter4.github.io/userguide/incoming/incomingrequest.html#retrieving-input
"Filtering Input Data"
Output:
https://codeigniter4.github.io/userguide/outgoing/view_renderer.html#escaping-data
https://codeigniter4.github.io/userguide/outgoing/view_renderer.html#escaping-contexts
I have called global 'set_no_cache' function in intialize action in my extesion.
$GLOBALS['TSFE']->set_no_cache();
but unfortunately it is not working From typo3 version 6.2.17 onwards
So Is there any alternative solution?
If you have any idea then please share.
Please note that set_no_cache completely disables any output cache in TYPO3. You most certainly dont need that while developing and should never set it in productive systems.
You can control what actions are cached and which aren't in the ext_localconf.php of your extension.
\TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin(
'Vendor' . $_EXTKEY,
$pluginName
$controllerActionCombinations,
$uncachedActions
);
Basically, you just state your controllers actions in either $controllerActionCombinations or $uncachedActions to set up wether they're cached. Look up this Reference page for more information: https://docs.typo3.org/typo3cms/ExtbaseFluidBook/b-ExtbaseReference/Index.html
If you really need to put a system into uncachable mode, I found it to be a good practice to bind that to the development context as a Typoscript condition in your setup like so:
[applicationContext = Development]
config.no_cache = 1
[end]
More information on these conditions regarding Application Context here: http://usetypo3.com/application-context.html
I'm attempting to port a portion of a Laravel 4 app to Lumen, but I'm unable to figure out the equivalent of Laravel 4's Redirect::away(...); function for Lumen.
I've tried keeping it the same which doesn't work. I've also tried return redirect()->away($location); as suggested in a similar question I found, but that also fails with the error Call to undefined method Laravel\Lumen\Http\Redirector::away().
I feel like the answer to this is really simple, but unfortunately it's not documented anywhere and I can't figure out the right combination of things to get it to work.
My fallback is to use header('Location : '.$location); but would prefer to avoid it if there's a built in way to do it.
You should be fine to do return redirect($location) in most cases.
See https://medium.com/#zwacky/laravel-redirect-to-vs-redirect-away-dd875579951f for the minor differences (it'll trim() your URL and check that it's valid).
I work in a php project with multiple independent developers and recently we had case where a function getmicrotime() was twice defined.
all worked fine, because they were defined in different files that were not both included in a single call ... until some refactory.
in the standardcase php would just output a fatal error, but here the output was blocked. (because a thirdparty website called a website ...) so we did not get the output, just the information that nothing worked anymore.
To the point:
Is there any method, external script, etc to check if functions with the same name are defined twice in the project?
i thought about reg. expr search, but ofcourse class methods can have the same name like a::meth1 and b:meth1 .... so its not that easy.
i am talking about a project with ~100.000 lines of ugly code ... so manual checking is not possible
Thanks in advance.
Consider static code analysis. I would suggest Sonar + PHP plugin: http://docs.codehaus.org/display/SONAR/PHP+Plugin
Here is the life example how it works:
http://nemo.sonarqube.org/dashboard/index/net.php.pear.phpcodesniffer
You can always write a simple script (i.e. perl or python) which will find all duplicates. The algorithm would be simple...
I have quite an interesting (and annoying) problem here. For some reason, the PHP method ReflectionClass::getDocComment() is returning false on my production environment (while there actually is a block comment in the class of course...).
Causing the Doctrine AnnotationReader / DocParser to fail:
(Doctrine\Common\Annotations\AnnotationReader.php:143)
public function getClassAnnotations(ReflectionClass $class)
{
$this->parser->setTarget(Target::TARGET_CLASS);
$this->parser->setImports($this->getImports($class));
$this->parser->setIgnoredAnnotationNames($this->getIgnoredAnnotationNames($class));
return $this->parser->parse($class->getDocComment(), 'class ' . $class->getName());
}
I've looked around and haven't seen very much about this problem, so I'm wondering why this is happening on my Production server when it does not on my Local environment.
Would it be because of some PHP config??
Would it be because of some read / write / file access rights (chown, etc...)??
Would it be because of some caching configuration??
I must say I am running out of ideas.
Any help is much appreciated.
Thanks.
Ok. This appeared to be linked to some strange behavior of eAccelerator stripping all the comments when caching the byte code...
http://wildlyinaccurate.com/eaccelerator-and-doctrine-2/
(Re-)Quoting beberlei from the Doctrine team:
This premature optimization to remove the docblocks should be
reverted. Docblocks are a PHP Token for a reason, they are part of the
language and should be used that way. Please revise your stand on this
otherwise projects must suggest NOT to use eAccelerator by default.
Solution is either to disable eAccelerator OR to reconfigure it with the option:
--with-eaccelerator-doc-comment-inclusion
(Source: https://eaccelerator.net/ticket/229)