Comments (18)
Assigned to Enrico as he is the original developer of this module
from glastopf.
It could be a problem in the sandbox module, but I will look on it during this week.
from glastopf.
Hi Johnny, try to test the following snippet inside the apd_sandbox.py
"""
php5", "sandbox/apd_sandbox.php", "files/" + script]
"""
Create a test php /(test.php) file with the following content:
"""
"""
and run the sandbox from command line
php5 sandbox/apd_sandbox.php files/test.php
the expected output result is the string "testing". Otherwise there is an error inside the php sandbox installation from my point of view.
from glastopf.
Uhm, yes. you are right. Trying to figure out the exact problem. Unsure about the error message, does it mean that one have to have that exact version of Zend Engine API installed, or?
jkv@obelix:~/glas-dev/glastopf$ php5 sandbox/apd_sandbox.py files/test.php
Advanced PHP Debugger (APD) requires Zend Engine API version 220090626.
The Zend Engine API version 220100525 which is installed, is newer.
Contact George Schlossnagle at http://pear.php.net/ for a later version of Advanced PHP Debugger (APD).
from glastopf.
Johnny, APD is no longer working with your Zend API version. But I ripped it apart and build my own function replacer: https://github.com/glastopf/BFR Make sure to change your php.ini after building it.
from glastopf.
I think there is another issue inside the test_emulators.py in the function test_rfi_emulator.
The injected php file from http://1durch0.de/test_file.txt is:
"""
"""
the PHP sandbox should evaluate it and return the static string inside the echo command, but the assert is:
"""
self.assertIsNot(self.event.response, "test successful")
"""
it should be:
"""
self.assertEqual(self.event.response, "test successful")
"""
or not?
from glastopf.
Heh yes you are right.
from glastopf.
@glaslos Any chance you will fix/replace the APD in glastopf with you own sometime soon? :)
from glastopf.
There is no APD in Glastopf :)
from glastopf.
Ok, yes. you know... the whole function replace thingy stuff! :)
from glastopf.
You just have to install BFR instead of APD dude :)
from glastopf.
Oh my gawd. Now it makes sense - no wonder the test output from the CI server kept giving me the creeps.
from glastopf.
@glaslos the point about manually editing php.ini is missing from the install docs, yes?
from glastopf.
No, its just you :)
Modify your php.ini accordingly. Add:
zend_extension = /usr/lib/php5/20100525+lfs/bfr.so
from glastopf.
Hehe, i was talking about the docs for glaspot: https://github.com/glastopf/glastopf/blob/master/docs/source/installation/installation_ubuntu.rst
from glastopf.
Heh, you are right.
from glastopf.
I added the BFR part when I updated the docs, but I guess that the php.ini part got left behind.
from glastopf.
Created a new build environment with the instruction from Matthias, and everything works fine after all.
from glastopf.
Related Issues (20)
- hpfeeds wont shut off HOT 2
- How to make my own web template? HOT 8
- php-dev HOT 1
- error [98] Address already in use HOT 1
- Bugged behavior of wsgi_wrapper.py HOT 3
- row size too large HOT 1
- make && make install error HOT 2
- Glastop does not work with HTTPS traffic HOT 5
- there is a vulnerability of Server-Side Request Forgery HOT 13
- sql injection HOT 1
- How to disenable s3 log ?
- Install Glastopf failed HOT 4
- Help! Where does glastopf store comments? HOT 6
- Potential dependency conflicts between glastopf and chardet HOT 3
- Giving ImportError : No module named ordered_dict HOT 2
- Segmentation Fault on glastopf-runner HOT 2
- not work with docker...GPG with invalid signatures... HOT 1
- Does this glastopf provide for sql injection attack detection? HOT 3
- Dockerfile Error HOT 2
- Filtering Non-Invasive Behaviors in Glastopf Reports to MHN HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from glastopf.