If your web server to supports .htaccess files and you can specify “Options” from within your .htaccess file, then the following is a quick 1 line solution to your file listing needs.

So you just uploaded a tun of pictures to a web directory and you want a list of all the images.  Since the only types of files in the directory are images, the security risk of displaying the list diminishes.  In actuality, the list of images can be quite useful especially when trying to find a specific one.

The answer, create a 1 line .htaccess file with the following: Options Indexes

If you don’t have control over your apache configuration files and this option is not available to you, don’t fret.   Chris Snyder created an excellent php script that allows you to list the contents of a web directory.

Link: http://chxo.com/scripts/image-list.php

This script is very useful, I’ve customized it for my subversion repository in order to display a list of repositories in the root of the subversion web server.

One Topic:Subversion, a open-source, cross platform revision control system. Tonight I talk about how to install, configure and understand how to use a Subversion repository.

Don’t forget to E-mail comments and suggestions to compiledweekly AT gmail.com.

• Subversion :: An open-source revision control system
• Subversion on Wikipedia :: Wikipedia information on Subversion
• Setup Subversion Server Linux :: Setup Apache on Linux to support a Subversion Server
• Setup Subversion Server Windows :: Setup Apache on Windows to support a Subversion Server
• TortoiseSVN :: Enables Subversion commands directly in Windows explorer.
• wxTimer :: wxTimer class allows you to execute code at specified intervals

File Download (14:46 min / 10.2 MB)

Two topics: TinyMCE, a cross browser HTML rich text editor and solutions for SPAM. TinyMCE is an excellent html styled text editor that has an endless number of settings and is extendable. In the second topic I address SPAM and talk about two server solutions; SpamAssassin and MIMESweeper. Software recommendation of the week: nLite, web site of the week: nerdvittles.com test

• nLite :: Update Windows installation CD’s quick and easily.
• TinyMCE :: TinyMCE, a cross browser html rich text editor.
• Nerd Vittles :: Awesome site, more than just informaton on TrixBox here!
• SpamAssassin :: SpamAssassin server based anti-spam tool.
• MIMESweeper :: MIMESweeper, product of Clearswift, a full blown supported SMTP service with SPAM controls.
• Thunderbird :: E-mail client with spam filtering built in

Two topics, ModRewrite for Apache and TrixBox PBX. ModRewrite lets you do some really cool things with Apache you thought you couldn’t do. TrixBox is a Voice Over IP PBX Phone system built on CentOS Linux. Software recommendation, UltraVNC and Web Script recommendation, IMP Webmail.

• UltraVNC :: PCAnywhere / Remote Desktop Alternative
• ModRewrite :: ModRewrite Module for Apache
• ModRewrite Getting Started :: ModRewrite Getting Started Guide
• IMP Webmail :: IMP Webmail
• TrixBox :: TrixBox, your own VOIP Server
• TrixBox Getting Started :: TrixBox Getting Started Guide
• VOIP Provider Search :: Search for a VOIP Providor for your specific needs
• TelaSIP :: TelaSIP seems to have the best of both worlds

This week we look at phpMailer, a PHP E-mailing class and wxWidgets basics. Show also includes 3 useful Firefox extensions for web development, phpMyAdmin recommendations.

• HTML Validator :: HTML Validator extension for Firefox
• Web Developer :: Web Developer extension for Firefox
• MeasureIt :: MeasureIt extension for Firefox
• phpMailer :: phpMailer, PHP E-mail class
• phpMyAdmin :: PHP MySQL administration tool
• wxWidgets Rough Guide :: wxWidgets Rough Guide
• wxWidgets Hello World :: wxWidgets Hello World example

This week, CompiledWeekly explains ghow to make quick and reliable SQL queries with a set of MySQL Assisting functions in PHP. Plus software application of the week 7-Zip, web site of the week foldershare.com and PodProducer podcast software reviewed.

• 7-Zip :: 7-Zip file compression utility
• MySQL Assisting functions in PHP :: MySQL Assisting functions in PHP
• FolderShare :: Share and synchronize files and folders over the Internet
• PodProducer :: Free Podcast producer that works great!

This week, CompiledWeekly gets you started with the Nullsoft Install System (NSIS) and how to handle PHP magic quotes. Plus software application of the week KeePass and web site of the week is the Javascript sectiono of Codelifter.com

• NSIS :: Nullsoft Insatll System
• Venis :: Visual Enviornment for Nullsoft Install System
• HM NIS :: HM NIS EDIT
• EclipseNSIS :: NSIS plugin for Eclipse
• KeePass :: KeePass Password Safe
• PHP Magic Quotes :: PHP Magic Quotes
• Code Lifter Javascript :: Code Lifter Javascript
• Geek News Central :: Geek News Central Podcast

This week, CompiledWeekly gets you started with wxWidgets and Visual C++ 2005 Express Edition and explains what is E-mail injection and how to prevent it. Plus software application of the week WinMerge and web site of the week www.codeproject.com.

• PodcastPromos.com :: Promote your podcast and get promoted.
• wxWidgets and Visual C++ Express :: Get started with wxWidgets and Visual C++ Express.
• wxWidgets Book :: Get the wxWidgets book, free PDF edition on web page.
• WinMerge :: WinMerge text comparision application.
• PHP E-mail injection :: Briefly explain E-mail injection and how to prevent it.
• CodeProject :: Free C++ articles and code snippets.

E-mail injection is caused when form fields entered by hackers who add unexpected lines of text to the from and/or subject lines of your form.

For instance, many web sites add a contact us page to their web site to allow a web visitor an opportunity to send comments and suggestions. Usually these forms ask the user for a subject and an E-mail address. The risk of injection occurs when these fields are placed into the headers of the E-mail sent from the script to the E-mail address assigned to the contact submission.

The injection works when the hacker adds extra lines to the field before sending it to your script. IF your script does not check the E-mail address entered then the injection will find its way to the PHP mail() function. Then the rest is history.

The PHP mail() function takes multi lines in the to field and may treat them as additional lines for the headers of the E-mail message.

Click here http://securephp.damonkohler.com/index.php/Email_Injectionfor some better detailed examples of E-mail injections.

You can prevent E-mail injections in a number of ways. The easiest is to only place data that is submitted by the user in the message body of the E-mail. If you want your script to automatically generate a response message to the user, then you will need to verify the E-mail address entered is valid and does not contain additional lines of information.

Click here http://www.bl0g.co.uk/?d=060214 for an alternative method for protecting your script from E-mail injections.

Welcome to the first podcast of Compiled Weekly. Today’s podcast I introduce myself, promote the PodcasterNews.com podcast network, review the open source Ravencore web control panel, recommend the SciTE text editor, and cover Cross Site Scripting XSS and how to prevent it.

• PodcasterNews.com :: Podcaster News Network
• RavenCore Web Control Panel :: RavenCore Web Control Panel for Linux
• SciTE :: A free source code editor
• Cross Site Scripting :: Cross Site Scripting questions and answers from CGI Security.com
• htmlspecialchars PHP function :: PHP documentation of htmlspecialchars function