Search Results

Search found 330 results on 14 pages for 'unsafe'.

Page 8/14 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 | Next Page >

Problem with building with csc task in Ant

- by Wing C. Chen

I have an ant build target using csc: <target name="compile"> <echo>Starting compiling ServiceLauncher</echo> <csc optimize="true" debug="true" warnLevel="1" unsafe="false" targetType="exe" failonerror="true" incremental="false" mainClass = "ServiceLauncher.Launcher" srcdir="ServiceLauncher/Launcher/" outputfile="ServiceLauncher.exe" > <reference file="libs/log4net.dll"/> <define name="RELEASE"/> </csc> </target> When I run it, the following exception comes up: csc failed: java.io.IOException: Cannot run program "csc": CreateProcess error=2, The system cannot find the file specified However, it runs without the exception but never correctly builds the .exe file, when I manually add in an empty ServiceLauncher.exe. How can I correctly build this .Net project "ServiceLauncher"?

Read the article
Solving a math problem/expression, which is a string, in PHP

- by Koning WWWWWWWWWWWWWWWWWWWWWWW

The user can enter a math problem (expression) like 5 + 654, 6 ^ 24, 2!, sqrt(543), log(54), sin 5, sin(50). After some reformatting (e.g. change sin 5 into sin(5)), and doing an eval, PHP gives me the right result: $problem = "5 + 5324"; eval("$result = " . $problem); echo $problem . " = " . $result; However, this is quite unsafe: /* If you read this, please, plz don't be stupid and DO NOT EXECUTE this code!!!!! */ $problem = "shell_exec('rm -rf /')"; eval("$result = " . $problem); /* Nukes system */ echo $problem . " = " . $result; Can anyone point me in the right direction parsing and solving a math question like the examples above, which is safe? Thanks.

Read the article
Displaying untrusted HTML using PHP

- by esryl

I have a read a number of excellent questions and answers today about dealing with user input. I am now using htmlspecialchars() to display user data in the create/edit forms (but accepting the raw input via prepared PDO statements into my database). The main question I know have is, what do you do when you are allowing the user to submit HTML which will then be displayed to the public. Obviously htmlspecialchars() is no longer suitable as it just encodes the tags and renders the content useless for purpose. My application is currently accepting HTML from an admin for product descriptions. This would allow a malicious admin to inject potentially unsafe data into public facing pages. How do people cope with this?

Read the article
Syntax error in SWIG using __thread keyword

- by user366838

I am trying to make some code thread safe for use with pthreads. This code is written in C++, but is linked to using SWIG. g++ compiles this correctly, but when swig tries to create a wrapper, I get: fast_alloc.hh:109: Error: Syntax error in input(3) The original, unsafe code that compiles correctly is: static void *freeLists[Num_Buckets]; and the error occurs when I change it to: static __thread void *freeLists[Num_Buckets]; I have made other parts thread safe adding "__thread", for example, this works: static __thread unsigned newCount[Num_Buckets];

Read the article
PHP Dynamic include based on current file path

- by Adrian M.

Hello, I want to find a method to include some files based on the current file path.. for example: I have "website.com/templates/name1/index.php", this "index.php should be a unique file that I will use in many different directories on different depths, so I want to make the code universal so I don't need to change anything inside this file.. So if this "index.php" is located in "website.com/templates/name1/index.php" than it should include the file located here: "website.com/content/templates/name1/content.php" another example: "website.com/templates/name2/index.php" than it should include the file located here: "website.com/content/templates/name2/content.php" Also I want to overrun "*Warning: include_once() [function.include-once]: http:// wrapper is disabled in the server configuration by allow_url_include=0*" kind of error.. because is disabled and unsafe.. Is there a way to achieve this? Thank you!

Read the article
Reading contents of a text file using JavaScript throwing error

- by vix

I'm using the following code to read the content of a text file using javascript. But when I'm getting an alert message which says "An ActiveX control on this page might be unsafe to interact with other parts of the page. Do you want to allow this interaction?" When I click on yes nothing is happening. I'm using IE 6.0 function ieReadFile(filename) { try { var fso = new ActiveXObject("Scripting.FileSystemObject"); var fh = fso.OpenTextFile(filename,1); var contents = fh.ReadAll(); fh.Close(); alert(contents); //return contents; } catch (Exception) { return "Cannot open file :("; } } Can anyone please help me resolve this issue?

Read the article
Linux - How do i know the block map of the given file and/or the free space map of the partition.

- by Inso Reiges

Hello, I am on Linux and need to know either of the two things: 1) If i have a regular file on some file system on a partition under Linux is there a way to know the set of the physical blocks that this file occupies on the drive from user space? Or at least the set of the file system's clusters? 2) Is there a way to get the same information about the whole free space of the given file system? In both cases i understand that if there is any possible way to extract this info it will probably be totally unsafe and racy (anything could happen to these set of blocks between the time i see them and act on them somehow). I also really don't want an implementation that will have to know a lot about every filesystem.

Read the article
IntPtr arithmetics

- by Luca

I tried to allocate an array of structs in this way: struct T { int a; int b; } data = Marshal.AllocHGlobal(count*Marshal.SizeOf(typeof(T)); ... I'd like to access to allocated data "binding" a struct to each element in array allocated with AllocHGlobal... something like this T v; v = (T)Marshal.PtrToStructure(data+1, typeof(T)); but i don't find any convenient way... why IntPtr lack of arithmetics? How can I workaround this is a "safe" way? Someone could confirm that PtrToStructure function copy data into the struct variable? In other words, modifing the struct reflect modifications in the structure array data, or not? Definitely, I want to operate on data pointed by an IntPtr using struct, without copying data each time, avoiding unsafe code. Thank all!

Read the article
Should I convert overlong UTF-8 strings to their shortest normal form?

- by Grant McLean

I've just been reworking my Encoding::FixLatin Perl module to handle overlong UTF-8 byte sequences and convert them to the shortest normal form. My question is quite simply "is this a bad idea"? A number of sources (including this RFC) suggest that any over-long UTF-8 should be treated as an error and rejected. They caution against "naive implementations" and leave me with the impression that these things are inherently unsafe. Since the whole purpose of my module is to clean up messy data files with mixed encodings and convert them to nice clean utf8, this seems like just one more thing I can clean up so the application layer doesn't have to deal with it. My code does not concern itself with any semantic meaning the resulting characters might have, it simply converts them into a normalised form. Am I missing something. Is there a hidden danger I haven't considered?

Read the article
accessing and modifying tab opened using window.open in google chrome

- by sonofdelphi

I used to be able to this to create an exported HTML page containing some data. But the code is not working with the latest version of Google Chrome (It works alright with Chrome 5.0.307.11 beta and all other major browsers). function createExport(text) { var target = window.open(); target.title = 'Memonaut - Exported View'; target.document.open(); target.document.write(text); target.document.close(); } Chrome now complains that the domains don't match and disallows the Javascript calls as unsafe. How can I access and modify the document of a newly opened browser-tab in such a scenario?

Read the article
Is it okay to pass injected EntityManagers to EJB bean's helper classes and use it?

- by Zwei steinen

We have some JavaEE5 stateless EJB bean that passes the injected EntityManager to its helpers. Is this safe? It has worked well until now, but I found out some Oracle document that states its implementation of EntityManager is thread-safe. Now I wonder whether the reason we did not have issues until now, was only because the implementation we were using happened to be thread-safe (we use Oracle). @Stateless class SomeBean { @PersistenceContext private EntityManager em; private SomeHelper helper; @PostConstruct public void init(){ helper = new SomeHelper(em); } @Override public void business(){ helper.doSomethingWithEm(); } } Actually it makes sense.. If EntityManager is thread-unsafe, a container would have to do inercept business() this.em = newEntityManager(); business(); which will not propagate to its helper classes. If so, what is the best practice in this kind of a situation? Passing EntityManagerFactory instead of EntityManager?

Read the article
Calling member method on unmanaged C++ pointer from C# (I think)

- by Jacob G

I apologize in advance if this is a trivial question... I'm pretty C++ / unmanaged dumb. Here's a simplified analog to my setup: --In myUnmanagedObject.h in DLL: class myUnmanagedObject { public: virtual void myMethod(){} } --In MyControl.h in Assembly #1: #pragma make_public(myUnmanagedObject) [event_source(managed)] public ref class MyControl : public System::Windows::Forms::UserControl { public: myUnmanagedObject* GetMyUnmanagedObject(); } --in C# in Assembly #2: unsafe { MyControl temp = new MyControl(); myUnmanagedObject* obj = temp.GetMyUnmanagedObject(); obj-myMethod(); } I get a compile error saying that myUnmanagedObject does not contain a definition for myMethod. Assembly #2 references Assembly #1. Assembly #1 references DLL. If I compile the DLL with /clr and reference it directly from Assembly #2, it makes no difference. How, from C#, do I execute myMethod ?

Read the article
PHP eval() code in between <?php ?> from database

- by kr1zmo

Some of you may be annoyed with this question, and claim it's unsafe blah blah. I want to be able to put php into the database and run it. I have to do this because I store page layouts in the database and each our different for each other, however in some cases I want to use dynamic content for some of the pages. assume $query_from_db is the string returned from the database. php should only eval() the code in between <?php and ?> $query_from_db = '<div> <?php //php to run function dosomething() { //bleh } ?> </div> '; php echo eval($query_from_db);

Read the article
Parameter passed by const reference returned by const reference.

- by Alien01

Hello, I was reading C++ Faq Second Edition , faq number 32.08 . FAQ says that parameter passed by const reference and returned by const reference can cause dangling reference. But it is ok if parameter is passed by reference and returned by reference. I got it that it is unsafe in case of const reference but how is it safe in case when parameter is non const reference. Last line of FAQ says "Note that if a function accepts a parameter by non-const reference (for example, f(string& s)), returning a copy of this reference parameter is safe because a temporary cannot be passed by non-const reference." Need some insight on this!!

Read the article
String Functions in IIS Url Rewritting Module

- by Nariman

The IIS URL Rewrite Module ships with 3 built-in functions: * ToLower - returns the input string converted to lower case. * UrlEncode - returns the input string converted to URL-encoded format. This function can be used if the substitution URL in rewrite rule contains special characters (for example non-ASCII or URI-unsafe characters). * UrlDecode - decodes the URL-encoded input string. This function can be used to decode a condition input before matching it against a pattern. The functions can be invoked by using the following syntax: {function_name:any_string} The question is: can this list be extended by introducing a Replace function that's available for changing values within a rewrite rule action or condition?

Read the article
MacOSX: OSAtomic vs OSAtomicBarrier

- by anon

For the functions here: #include <libkern/OSAtomic.h> there are OSAtomic and OSAtomicBarrier versions. However, the documentation does not show sample code for: When is it safe to use just OSAtomic, without the OSAtomicBarrier version When is it that OSAtomic would be unsafe, but OSAtomiBarrier would be safe. Can anyone provide explainations + sample codes? [Random ramblings of "your opinion" without actual code is useless. Readers: please down vote such answers; and vigrously upvote answers with actual code.] [C/C++ code preferred; Assembly okay too.]

Read the article
String Functions in IIS Url Rewrite Module

- by Nariman

The IIS URL Rewrite Module ships with 3 built-in functions: * ToLower - returns the input string converted to lower case. * UrlEncode - returns the input string converted to URL-encoded format. This function can be used if the substitution URL in rewrite rule contains special characters (for example non-ASCII or URI-unsafe characters). * UrlDecode - decodes the URL-encoded input string. This function can be used to decode a condition input before matching it against a pattern. The functions can be invoked by using the following syntax: {function_name:any_string} The question is: can this list be extended by introducing a Replace function that's available for changing values within a rewrite rule action or condition? Another way to frame the question: is there any way to do a global replace on a URL coming in using this module? It seems that you're limited to using regular expressions and back-references to construct strings, without a search/replace functionality to replace every X with Y in {REQUEST_URI} before issuing a redirect.

Read the article
qapps runs well but breakpoint sometimes generates segmentation fault

- by yan bellavance

I have a qApp that generates a segmentation fault only when a breakpoint is inserted in the code (I can put it at different places) and only after 4-5 breakpoint stops. Do I have a problem with my code or is this a DBG bug. the method is part of a QThread Class. Basically what I did is i took the mandlebrot example, and have 3 instances of it in my program. So the program would look like a mainwindow that has 3 mandlebrot widgets in it, one besides the other. Is it possible that GDB doesnt support debugging qthread subclasses that are instantiated multiple times or is it thread-unsafe to do so. I dont have any problems at run-time.

Read the article
Cannot implicitly convert type 'char*' to 'bool'

- by neeraj

i was trying to passing pointer value in the function , i really got stuck here I am a beginner , not getting what value should be put this is programme from the reference of the book "Cracking the coding interview " By Gayle Laakmann McDowell, class Program { unsafe void reverse(char *str) { char* end = str; char tmp; if (str) //Cannot implicitly convert type 'char*' to 'bool' { while(*end) //Cannot implicitly convert type 'char*' to 'bool' { ++end; } --end; while(str<end) { tmp = *str; *str+= *end; *end-= tmp; } } } public static void Main(string[] args) { } }

Read the article
Accessing FILESTREAM from an SQL CLR assembly

- by superware

I'm trying to stream FILESTREAM data from an unsafe SQL CLR assembly. The connection string is Data Source=LAPTOP2\SQLEXPRESS;Initial Catalog=test;Integrated Security=True;Enlist=False When creating a new SqlFileStream (inside a SqlTransaction, of course), I'm getting: The request is not supported at OpenSqlFilestream. So I decided to try native OpenSqlFilestream, but then I'm getting an invalid handle (-1) while GetLastWin32Error returns that same: The request is not supported (ERROR_NOT_SUPPORTED). I have also tried SqlContext.WindowsIdentity.Impersonate() with no apparent effect. I couldn't find any documentation referencing this restriction. Is it really unsupported? If it is unsupported, is there a good reason? Does anyone know of a workaround?

Read the article
PHP Security checklist (injection, sessions etc)

- by NoviceCoding

So what kind of things should a person using PHP and MySql be focused on to maximize security. Things I have done: -mysql_real_escape_string all inputs -validate all inputs after escaping em -Placed random alpha numerics before my table names -50character salt + Ripemd passwords Heres where I think I am slacking: -I know know nothing about sessions and securing them. How unsafe/safe is it if all you are doing is: session_start(); $_SESSION['login']= $login; and checking it with: session_start(); if(isset($_SESSION['login'])){ -I heard something about other forms of injection like cross site injection and what not... -And probably many other things I dont know about. Is there a "checklist"/Quicktut on making php secure? I dont even know what I should be worried about.I kinda regret now not building off cakephp since I am not a pro.

Read the article
[c++] How to create a std::ofstream to a temp file?

- by dehmann

Okay, mkstemp is the preferred way to create a temp file in POSIX. But it opens the file and returns an int, which is a file descriptor. From that I can only create a FILE*, but not an std::ofstream, which I would prefer in C++. (Apparently, on AIX and some other systems, you can create an std::ofstream from a file descriptor, but my compiler complains when I try that.) I know I could get a temp file name with tmpnam and then open my own ofstream with it, but that's apparently unsafe due to race conditions, and results in a compiler warning (g++ v3.4. on Linux): warning: the use of `tmpnam' is dangerous, better use `mkstemp' So, is there any portable way to create an std::ofstream to a temp file?

Read the article
Why does OSX document atoi/atof as not being threadsafe?

- by Larry Gritz

I understand that strtol and strtof are preferred to atoi/atof, since the former detect errors, and also strtol is much more flexible than atoi when it comes to non-base-10. But I'm still curious about something: 'man atoi' (or atof) on OS X (though not on Linux!) mentions that atoi/atof are not threadsafe. I frankly have a hard time imagining a possible implementation of atoi or atof that would not be threadsafe. Does anybody know why the man page says this? Are these functions actually unsafe on OS X or any other platform? And if they are, why on earth wouldn't the library just define atoi in terms of strtol, and therefore be safe?

Read the article
Attach to Property's setter

- by StupidDeveloper

I haven't found similiar post so I'm asking this. Let's say I defined somewhere an application wide available static Property (I mean it's not local) and in one class I would like to know when this property is being changed. Apart from aop (transparentproxy etc.) which I think doesn't suit me well here (and I can't add that to project anyway), what are the options here? One solution I can think of, which is probably a very nasty one, is to use some event that would be executed in the setter and just attach it in the class(es) which needs that. Something like: public static event EventHandler CurrentNumberChanged= delegate {}; public static int CurrentNumber { get { return currentNumber; } set { currentNumber = value; CurrentNumberChanged(null, EventArgs.Empty); } } I know it's really unsafe to use such events ( read here ). And since I would use it in asp.net makes it even more ugly. Do you have any advices ?

Read the article
int[] to string c#

- by Robin Webdev

Hi I'm developing an client application in C# and the server is written in c++ the server uses: inline void StrToInts(int *pInts, int Num, const char *pStr) { int Index = 0; while(Num) { char aBuf[4] = {0,0,0,0}; for(int c = 0; c < 4 && pStr[Index]; c++, Index++) aBuf[c] = pStr[Index]; *pInts = ((aBuf[0]+128)<<24)|((aBuf[1]+128)<<16)|((aBuf[2]+128)<<8)|(aBuf[3]+128); pInts++; Num--; } // null terminate pInts[-1] &= 0xffffff00; } to convert an string to int[] in my c# client i recieve: int[4] { -14240, -12938, -16988, -8832 } How do I convert the array back to an string? I don't want to use unsafe code (e.g. pointers) Any of my tries resulted in unreadable strings.

Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 | Next Page >