Just another WordPress site

Tag: php

parseMe 20070602 Update
Here’s another update to parseMe (back story), my little GPL’ed PHP-based RSS/Atom feed reader for mobile phones and other web-capable devices.

You can find the appropriate links below:
- Online demo: See this mobile feed reader in action.
- parseMe-20070602-source.class.php.txt: PHP class source (for online viewing).
- parseMe-20070602.tar.gz: 14KB – Full app, tar/gzip archive.
- parseMe-20070602.zip: 16KB – Full app, zip archive.
- SHA1SUM: SHA1 sum for the above files.
- Docs and info: Bundled documentation.
Release notes:
- Moved my CVS repo to Subversion (svn), hence the revision number differences. I considered moving to a distributed revision control system, since they’re gaining in popularity, but I got lazy after the major rewrite. 😉 Maybe for the next release.
- This is a quasi-complete code rewrite. In this release, I have moved away from the initial goal of keeping within the 500 lines limit (including comments) and having an “educational” flavour, to focus instead on the code structure, the features, further increased security, etc. The security aspect does account for a lot of the extra lines, when coupled with the new features.
- The parseMe class has now been substracted from the index.php script and has been moved to lib/php/parseMe.class.php.
- One of the most significant features, on the user end, is that you can now request any number of feeds to be parsed at once. Keeping in mind that the main target audience for this tool is the mobile market (usually slow, tiny screens, low RAM, etc), the usual total number of feeds offered does not lead to major performance hits, unless of course the sources themselves are slow to answer the tool’s request(s). You can of course still set your feed selection in the cookie-based preferences, which now allow for multiple choices.
- With the multiple feeds feature, the next logical step was to enable some sort of sorting options. You can sort the entries by feeds, or from new to old (descending) or from old to new (ascending). Your favourite sort order can be saved.
- You can now opt in or out of using the Google Mobile Gateway for destination links, right from the query form, and save your preferred choice.
- On the server end, self-contained caching is now done through PHP data serialization, since there is no point in reparsing the same XML at every page load, after all.
- On the security front, and primarily with the concern that we do have an application-writable directory (cache), there are quite a few improvements. Since the data contained in the cache files is not very sensitive by design (and if it is, I’d suggest using ssl and password protecting the app), this is really more of an exercise in good coding practices. And there is of course the concern of php injection attacks.
  - The cache filenames are now generated as a sha1 sum, with the help of an admin-defined shared secret so that they cannot be easily guessed.
  - All cache files now start with a dot (.) so that most web servers will not even serve them, and to be invisible when directory listing is enabled at the server level.
  - On the other hand, there is still a very strong emphasis on user input sanitazation and usage in the logic itself (EG: no client-defined source URL, source validity tests, etc).
- Fully valid class documentation can be leveraged in IDEs such Eclipse, auto-documentation tool such as phpDocumentor, etc.
June 2, 2007
PHP 5.2.2 and 4.4.7 Released

“PHP 5.2.2 and 4.4.7 have been released with a plethora of security updates. Many of the security notifications come from the Month of PHP Bugs effort, and range from double freed memory to bugs in functions that allow attackers to enable register_globals, to memory corruption with unserialize(), to input validation flaws that allow e-mail header injections, with an unhealthy sprinkling of other bugs and flaws fixed. All administrators that run any version of PHP are encouraged to update immediately.”

Our sysadmin installed 5.2.2 on our test instances earlier today, and we’ll be testing (and closely watching for external reports) over the next few days before rolling it into production.

Via Slashdot.

May 4, 2007
parseMe 20070429 Update
Here’s another update to parseMe (back story), my little GPL’ed PHP-based RSS/Atom feed reader for mobile phones and other web-capable devices.
- Moved to object oriented, pretty much for the “fun” of it.
- Now passing a custom user-agent in the http query to avoid problems with sources that require it (Digg, among others).
You can find the appropriate links below:
- Online demo: See this mobile feed reader in action.
- parseMe-20070429-source.phps: PHP source, with comments (for online viewing).
- parseMe-20070429.tar.gz: 14KB – Full app, tar/gzip archive.
- parseMe-20070429.zip: 16KB – Full app, zip archive.
- SHA1SUM: SHA1 sum for the above files.
- RELEASES: Version history.
- INSTALL: Basic installation instructions to get you going.
- COPYING: Software license, GPL.
- AUTHORS: Credits file.
Keeps me from hating my phone until I can afford to get myself a nicer mobile solution.
April 29, 2007
March To Be Month of PHP Bugs

From the source article, on SecurityFocus (via Slashdot):

Stefan Esser is the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). Federico Biancuzzi discussed with him how the PHP Security Response Team works, why he resigned from it, what features he plans to add to his own hardening patch, the interaction between Apache and PHP, the upcoming “Month of PHP bugs” initiative, and common mistakes in the design of well-known applications such as WordPress.

Given the success of the Month of Apple Bugs project, I think it’s a fantastic idea. This said, our sys admin at work isn’t too thrilled by the prospect of having to patch our many PHP installs everyday in March… 😉

February 20, 2007
parseMe 20070213 Update
It’s time for another quick update to parseMe, my little GPL’ed PHP-based RSS/Atom feed reader for mobile phones and other web-capable devices. Pfew [deep breath], that was quite a mouthful, wasn’t it? 😉
- It now loads the destination links without images by default, for performance improvements on most sites. Links still go through the Google Mobile gateway.
- Small screen-related interface improvements for the feed selection form.
You can find the appropriate links below:
- Online demo: See this mobile feed reader in action.
- parseMe-20070213-source.phps: PHP source, with comments (for online viewing).
- parseMe-20070213.tar.gz: 14KB – Full app, tar/gzip archive.
- parseMe-20070213.zip: 15KB – Full app, zip archive.
- SHA1SUM: SHA1 sum for the above files.
- RELEASES: Version history.
- INSTALL: Basic installation instructions to get you going.
- COPYING: Software license, GPL.
- AUTHORS: Credits file.
Hoping you’ll enjoy it as much as I do in the bus, on the way to and from work.
February 13, 2007
parseMe 20070111 Update
Update: 2007-02-13: An upgraded version is now available.

I have released an upgraded version of my GPL’ed lightweight feed reader for web-enabled devices, parseMe, a couple of days ago.

I have added a couple of interesting new features:
- It now integrates with Google Mobile to provide full content browsing of the destination URLs. This is done by using their nifty (x)html parser, which reformats standard web pages for mobile/accessibility browsers.
- There is now a cookie-based feature that lets users define what their default source and item limit should be when first accessing the app. All cookie manipulation is done via PHP, on the server-side, as to not rely on Javascript, which is rarely available on the targeted browsers.
You can find the appropriate links below:
- Online demo: See this mobile feed reader in action.
- parseMe-20070111-source.phps: PHP source, with comments (for online viewing).
- parseMe-20070111.tar.gz: 14KB – Full app, tar/gzip archive.
- parseMe-20070111.zip: 15KB – Full app, zip archive.
- SHA1SUM: SHA1 sum for the above files.
- INSTALL: Basic installation instructions to get you going.
- COPYING: Software license, GPL.
- AUTHORS: Credits file.
I’m obviously quite a bit biased of course, but it’s still is my favourite mobile app. 🙂 And since I’m not seeing an iPhone (or similar smart phone) in any kind of recent future for me (availability in Canada, price, usage fees, etc), it probably will be for quite a while.
January 13, 2007
Lightweight Feed Reader for Web-Enabled Devices
Update: 2007-06-02: An upgraded version is now available.

If like me you commute to and from work by public transit, you might also enjoy spending some of that time catching up with the latest news. Newspapers still seem popular, but they aren’t the most up-to-date and are quite impractical in a crowd. TV phones and podcasts are very neat, but they all imply audio or video and are therefore not always the easiest way to scan through the info, at least in my opinion.

For quite some time now, what I found really fits my needs best is a simple web-based RSS/Atom feed reader that I can access from my mobile phone’s browser. So I wrote one, of course. Or more accurately, I recently rewrote my old one using the SimpleXML feature built in PHP 5+.

The 12 requirements I set myself were:
- K.I.S.S.: viewing tool is likely to be a small screen device, screen reader, etc.
- Use only PHP, XML, XHTML and CSS (no DB, Javascript […] this time).
- Typing-free user interface, selection-only user input.
- Output standard XHTML for maximum accessibility and portability.
- Have stylesheets for different viewing environment (handheld, screen, etc).
- Use local caching for the remote feeds, with a 30 minutes refresh interval.
- Clean and limit in size the entries’ descriptions to only provide an excerpt if the feed publishes all of the article’s content, instead of a synopsis.
- Have a paging feature to keep the output very light for low memory devices.
- Offer multiple pre-defined source selections.
- Let users choose the number of items per page.
- Be secure in regards to user input, caching, etc.
- And all this in less than 500 lines, including detailed comments.
With all this in mind, I came up with a little utility I call parseMe, which you can freely download below. Not a very creative name by any stretch, but a short one, which helps when thumb-typing the url on a phone numerical keyboard.
- Online demo: See this mobile feed reader in action.
- Downloads: Latest and historical packages.
- SHA1SUM: SHA1 sum for the above files.
- INSTALL: Basic installation instructions to get you going.
- COPYING: Software license, GPL.
- AUTHORS: Credits file.
There is not enough there for me to make it a full blown project, so feel free to do with it what you want. All the code is released under the GPL. The bundled feed icon is the current standard one, as provided by feedicons.com.

parseMe requires PHP 5+, a web server and a writable filesystem for caching. I have, so far, tested it under Apache 2+ on Fedora Core 5/6 and Ubuntu 6.10, as well as Apache 1.3.33 on Mac OS X (using PHP 5 from entropy.ch). It might also just run as is on Windows, using the various PHP and Web server options on that platform. Same goes for other platforms supported by PHP 5.

There you go, enjoy. And if you don’t have a web account to run your own copy of the app, feel free to access the above demo from your mobile devices, but you’ll probably find the default feed list quite limited very fast.

And for the record, if you are looking for more mobile browsing destinations, Google is starting to have quite a few nice products. The following links go to the mobile versions of the Google tools:
Unfortunately, my phone can’t remember my Google account info, as implemented in their login form, so having to sign-in every time still makes running my own little typing-free and customizable app that much more convenient for me. 🙂
December 15, 2006