Serious shortcomings with PHP5 get_headers() function

I was writing some code to find out if a file exists on a server and if it does, have it return the size in bytes.  I found a useful function built into PHP 5, get_headers().  For getting file sizes, it works flawlessly.  For situations where the file does not exist on the server, the behavior of this function was less than desirable.

Be forewarned, none of the user contributed get_headers() functions on the get_headers() documentation page on PHP.net will replicate the behavior of PHP 5’s get_headers() for URLs that use the ‘Location:’ redirect header or return File Not Found headers.

According to RFC1945, A user agent should never automatically redirect a request more than 5 times, since such redirections usually indicate an infinite loop.  For true compatibility, the functions below should be able to handle up to 5 Location redirects within one function call.  Only the native get_headers() function exhibits this behavior.  None of the user contributed functions on PHP.net handle the ‘Location’ redirection.

The native PHP >= 5 get_headers() function will not return headers in some instances where the user contributed functions would.  For example, if the server returns a 404 status, get_headers() will throw a PHP warning.  Unfortunately, the 404 error can only be known by looking at the headers.  From first glance, all of the user contributed functions will return 404 headers, which may be a desired effect but does not replicate the behavior of the native get_headers() function.

The function I created is included below.  It works well if the file exists.  Unfortunately for the project I am using the code for, I also need to verify if the file exists on the server.  I will not be able to use this function.

<CODE>
function remotefsize($url) {
$sch = parse_url($url, PHP_URL_SCHEME);
if (($sch != “http”) && ($sch != “https”) ) {
return false;
}
$headers = array_change_key_case(get_headers($url, 1),CASE_LOWER);
if ((!array_key_exists(“content-length”, $headers)))
return false;
if( is_array($headers[“content-length”]) )
return array_pop($headers[“content-length”]);
return $headers[“content-length”];
}
</CODE>

Quick .htaccess to list files in directory on apache web server

If your web server to supports .htaccess files and you can specify “Options” from within your .htaccess file, then the following is a quick 1 line solution to your file listing needs.

So you just uploaded a tun of pictures to a web directory and you want a list of all the images.  Since the only types of files in the directory are images, the security risk of displaying the list diminishes.  In actuality, the list of images can be quite useful especially when trying to find a specific one.

The answer, create a 1 line .htaccess file with the following: Options Indexes

If you don’t have control over your apache configuration files and this option is not available to you, don’t fret.   Chris Snyder created an excellent php script that allows you to list the contents of a web directory.

Link: http://chxo.com/scripts/image-list.php

This script is very useful, I’ve customized it for my subversion repository in order to display a list of repositories in the root of the subversion web server.

CW9 – June 3, 2007 – Subversion revision control system

One Topic:Subversion, a open-source, cross platform revision control system. Tonight I talk about how to install, configure and understand how to use a Subversion repository.

Don’t forget to E-mail comments and suggestions to compiledweekly AT gmail.com.

File Download (14:46 min / 10.2 MB)

CW7 – July 13, 2006

Two topics: TinyMCE, a cross browser HTML rich text editor and solutions for SPAM. TinyMCE is an excellent html styled text editor that has an endless number of settings and is extendable. In the second topic I address SPAM and talk about two server solutions; SpamAssassin and MIMESweeper. Software recommendation of the week: nLite, web site of the week: nerdvittles.com test

  • nLite :: Update Windows installation CD’s quick and easily.
  • TinyMCE :: TinyMCE, a cross browser html rich text editor.
  • Nerd Vittles :: Awesome site, more than just informaton on TrixBox here!
  • SpamAssassin :: SpamAssassin server based anti-spam tool.
  • MIMESweeper :: MIMESweeper, product of Clearswift, a full blown supported SMTP service with SPAM controls.
  • Thunderbird :: E-mail client with spam filtering built in


CW6 – June 8, 2006

Two topics, ModRewrite for Apache and TrixBox PBX. ModRewrite lets you do some really cool things with Apache you thought you couldn’t do. TrixBox is a Voice Over IP PBX Phone system built on CentOS Linux. Software recommendation, UltraVNC and Web Script recommendation, IMP Webmail.


CW5 – April 20, 2006

This week we look at phpMailer, a PHP E-mailing class and wxWidgets basics. Show also includes 3 useful Firefox extensions for web development, phpMyAdmin recommendations.


CW4 – April 6, 2006

This week, CompiledWeekly explains ghow to make quick and reliable SQL queries with a set of MySQL Assisting functions in PHP. Plus software application of the week 7-Zip, web site of the week foldershare.com and PodProducer podcast software reviewed.


CW3 – March 30, 2006

This week, CompiledWeekly gets you started with the Nullsoft Install System (NSIS) and how to handle PHP magic quotes. Plus software application of the week KeePass and web site of the week is the Javascript sectiono of Codelifter.com


CW2 – March 23, 2006

This week, CompiledWeekly gets you started with wxWidgets and Visual C++ 2005 Express Edition and explains what is E-mail injection and how to prevent it. Plus software application of the week WinMerge and web site of the week www.codeproject.com.