Archive for the 'Software' category

Debugging Zend Framework unit tests with Xdebug and NetBeans

published on July 24, 2011.
Heads-up! You're reading an old post and the information in it is quite probably outdated.

I’ve spent this weekend hacking on some unit tests for Zend\Dojo and I ran into an issue where I need Xdebug to, well, debug. Note, that this is not for debugging a Zend Framework application, but for debugging Zend Framework itself. I am using Netbeans + Xdebug to debug regular code, but debugging unit tests was something completely new for me. Turns out, it’s not entirely different from “regular” debugging.

Greatest help to figure out this was Raphael Dohms’ blog post “Debugging PHPUnit tests in Netbeans with Xdebug”. Almost worked out fine, but Netbeans complained about a missing index file and the autoload of files was… not really working. After a bit of poking around, the solution was to go to File -> Project Properties -> Run Configuration and set the “Index File” to /path/to/zend_framework_2/tests/_autoload.php - no more missing index file and the autoload works too!

Starting the debug session stays the same as explained in Raphael’s post: click “Debug project” (CTRL+F5), go to the terminal and just type something like:

robert@odin:~/www/zf2/tests$ /path/to/phpunit-debug Zend/Dojo/DojoTest.php

Netbeans will pick up the connection and debugging can start!

Happy hackin’!

pecl install apc fails on Ubuntu

published on April 10, 2011.
Heads-up! You're reading an old post and the information in it is quite probably outdated.

I was just installing APC on an Ubuntu server (what else to do on a Sunday morning?) with the standard set of commands:

sudo apt-get install php-pear php5-dev
sudo pecl install apc

but the pecl install apc died with a bunch of “/tmp/pear/temp/APC/apc.c:430: error: “apc_regex” has no member named “preg”” and similar messages. Luckily, I can use google which led me to this serverfault answer: I was missing the “libpcre3-dev” package. After doing a quick sudo apt-get install libcpre3-dev APC got installed correctly.

Tags: apc, libpcre3, pecl.
Categories: Development, Software.

Installing FreeBSD 8.2

published on March 27, 2011.
Heads-up! You're reading an old post and the information in it is quite probably outdated.

As I’m currently in the progress of installing FreeBSD on my first machine (out of 4), writing the process down for future reference sounds like a pretty good idea :)

I’ve installed it from the CD image. The installation process was straightforward, altho either the boot loader or freebsd was getting confused in the first few attempts because I was installing it on the slave HDD. After installing it on the master, everything went fine.

On this machine I’m using a LevelOne WNC0305 USB wireless card which uses realtek’s dreaded RTL8187 chipset. After a bit of a googling, I ended up on the freebsd 8.2 hardware notes page, which in the wireless section lists all the available wireless drivers. From there I figured I need to use the urtw driver, that is to add:

if_urtw_load="YES"

to the /boot/loader.conf file. After rebooting the machine, it recognised my wireless card as urtw0. Hooray! Now to connect to the wireless router and onto the world.

For that, this message about (not) getting the ifconfig scan results helped me out, this bit to be precise:

# ifconfig wlan0 create wlandev urtw0
# ifconfig wlan0 up list scan

and it listed my router correctly. To make it stay that way after rebooting, I’ve added this to the /etc/rc.conf file (I might note that it was empty before this):

wlans_urtw0="wlan0"

At this time I figured I just could ssh to one of the servers in the office (we run freebsds there) and “steal” rest of the configuration, so I ended up with a /etc/rc.conf file something like this:

hostname="freebsd_box"
wlans_urtw0="wlan0"
ifconfig_wlan0="inet 192.168.0.100 netmask 255.255.255.0"
defaultrouter="192.168.0.1"

Reboot once again and I can ping anything via IP, but not via hostnames. Again, this (ooold) message about DNS settings in freebsd showed me the right direction - /etc/resolv.conf:

nameserver ip.of.name.server1
nameserver ip.of.name.server2

Reboot and everything is working fine! Victory!

Next step was (is) to fetch/update the ports database:

# csup -L 2 -h cvsup.freebsd.org /usr/share/examples/cvsup/ports-supfile

From here I believe it’s all about installing software from the ports which should be all fine.

Happy hackin’!

Quick Netbeans tip - task filters

published on April 27, 2010.
Heads-up! You're reading an old post and the information in it is quite probably outdated.

I’m using Netbeans as my main IDE for PHP and Python projects for over a year now, yet only now I have stumbled upon this feature - creating filters for tasks that show up in the “Tasks” window (Ctrl+6 shortcut to show/hide the window).

To be honest, I wasn’t even using it (until now), cause, by default it shows all the todo-s and issues from all the files from the current project. This can produce a pretty big list if (like me) you have Zend Framework, Pear and other frameworks and libraries set on the include path for the project you’re working in, as the little @todo-s will show up from those files, too.

Filters to the rescue. On the “Tasks” window there’s that little icon of that whatever-it’s-called showed on the first image, where you can create and edit filters. I’ve created a simple one, which excludes todo-s from files that have “Zend” in their location and includes only from PHP files (second image).

Me likes this feature.

Tags: filters, ide, netbeans, tasks, tip.
Categories: Development, Software.

Bad Firebug!

published on December 21, 2009.
Heads-up! You're reading an old post and the information in it is quite probably outdated.

We all know about Firebug, probably the best developer add-on out there, and how awesome it is and how many times it helped us debug some nasty Javascript code, mess around with CSS and HTML on-the-fly, to track the time load of every external page element our app loads… It’s so cool that it even has it’s own add-ons! (FirePHP, YSlow and FireCookie). Really, it helps our developer lives to suck a bit less.

Note: the following text is not about bashing other developers and their works, but to highlight the importance of proper input filtering. I myself have failed on this, several times.

Let’s go back to the part where we mess with the HTML by the means of this, may I say, application. You can add, hide, remove HTML elements, add, alter, remove, attributes from HTML elements… Adding, hiding, deleting - boring; altering - fun! I have this urge to try to break every form on every website I find. Not to do any harm, just to take a look how my fellow developer did his job and if I see anything that’s not right, I try to contact him to fix that, cause, y’know, I’m a nice person… Anyhow, I recently found some sites where all the textfields and textareas were filtered properly and no harm could be done - all my “hack” attempts were caught by their application. Nice. Oh, look, a select box! Right-click, inspect element, value=“xyz”, change that to value=“abc”, submit the form… and poof! A sexy SQL error. All that with the help of our li’l friend, Firebug. The elements where the user is required to provide some information “by hand” were processed correctly, but the select box was not.

OK, let’s take this one step further. On a site where the user can register an account and afterwards can edit his or hers profile. I register, go to the user panel, the usual stuff - change email, password, location, DoB (Date of Birth)… A quick inspection of the source - a hidden field “id” with a number in it. Hmm… Quickly, I register another account, note the “id” on that second account, go back to the first account, change the “id” of the first account to the “id” of the second account, change the DoB (just to see any actual information changing), click submit… “Your profile has been updated successfully.” Mine? Not really, the DoB is like it was in the first place… Go to the second account… Oh boy. I successfully changed the DoB of the second account, with my first account. Now, I haven’t seen their source code, but I can imagine what was going on. Something like this:

<?php
$id = (int)$_POST['id'];
$dob = $_POST['dob'];

$sql = "UPDATE users SET dob = '" . $dob . "' WHERE id = " . $id;

On the positive side, when I entered letters in that hidden field, I was told by the app that I haven’t filled all the fields correctly, which means they filtered even the hidden field, but skipped to check if that “id” is actually me.

OK, I know, the title is “Bad Firebug!” and the problems are actually about filtering user input, but I needed a catchy title to have your attention on Twitter :P

Even tho a field seems “unchangeable”, with a help of an awesome little app, it becomes changeable. And dangerous.

Filter input, escape output :)

P.S.: On the image above you can see my profile on a bulletin board, where I changed my year of birth from 1986 to 986 with Firebug. The years are in a select box; the lowest value is 1910. You can see my actual profile here.

Robert Basic

Robert Basic

Software engineer, consultant, open source contributor.

Let's work together!

If you require outsourcing or consulting help on your projects, I'm available!

Robert Basic © 2008 — 2019
Get the feed