A River of Words - Tools and Languages

Bob Ippolito on JSON Hijacking

nospam@example.com (TML) — Tue, 04 Nov 2008 13:14:00 -0700

The always brilliant author of the `from future import *` blog brings us an article discussing a potential JavaScript Hijacking [pdf] scenario – the simple answer is “Don’t send JSON data as a list, send it as an object instead”. That is, if you wanted to send:

["foo", "bar"]

you can avoid the security hole by sending something like this instead:

{"data": ["foo", "bar"]}

and then stripping the object on the other end.

Stupid JavaScript Tricks: Make Page Editable

nospam@example.com (TML) — Thu, 16 Oct 2008 15:17:45 -0600

Drag this Make Page Editable link to your “Bookmarks Toolbar” in recent versions of Firefox, and click on it to enable the built-in “Page Composer”, allowing you to edit any page you want!

Project Euler, Problem #2 in Python

nospam@example.com (TML) — Tue, 14 Oct 2008 02:10:00 -0600

As a Code Kata, I’ve been working my way through the Project Euler stuff.

Here’s the problem.

Here’s my solution:



	# A generator to derive the Fibonacci sequence

def fib():
    x, y = 0, 1
    yield x
    yield y
    while 1:
        x, y = y, x+y
        yield y

	if name == ‘main‘:
    idx = 0
    sum = 0
    gen = fib()

    while idx <= 4000000:
        idx = gen.next()
        if (g % 2 == 0): h = h+g
    print h

Note: You want to be careful how you use infinite generators like the ‘fib()’ I created above.

One guy on the forums noted:

Now, replacing an odd number with O and an even with E, we get: O, O, E, O, O, E, O, O, E, O, O, E, O, O, E…And so each third number is even. We don’t need to calculate the odd numbers. Starting from an two odd terms x, y, the series is: x, y, x + y, x + 2y, 2x + 3y, 3x + 5y

Pylons References

nospam@example.com (TML) — Thu, 02 Oct 2008 15:02:05 -0600

Spent the day poking at Pylons 0.9.7rc2 as well as the new documentation site that came out with the release of Python 2.6 – some sweet stuff in there.

WebOb: The New Middleware Layer on 0.9.7, its Reference page, How WebOb is different and Ian Bicking’s Blog Post about it – Ian is one of those guys who is so smart it fills me with a jealous rage. I’ve already found a lot of useful stuff in WebOb that was missing or hard to do with the older Pylons middleware.

Base Pylons Documentation, AuthKit Cookbook, Roadmap to Pylons 1.0 – just some good links to pylonshq

Python modules I need to brush up on, or just links I used in the course of today’s work:
2.6 Documentation Index, shutil, xdrlib, functools – a lot of functional paradigm stuff moved here?, StringIO, tempfile – probably the best tempfile implementation by a programming language, ever, simpleJSON revved to 2.0.1, 2.6 ‘Standard Library’ Index

Mako – I’m not sure why there are so dang many Pythons template layers. In fact, Preppy is another one that I might use more in the future due to its integration with ReportLab’s PDF Toolkit

The Pylons Book – I’ve already pre-purchased, but wish it had more “nuts and bolts” based on what I’ve seen so far.

Return from hiatus, and a quick jQuery example

nospam@example.com (TML) — Thu, 21 Aug 2008 22:37:10 -0600

Sorry for the break – I spent the past week or so frantically preparing for, and then attending, my Director’s annual off-site planning meeting. As always, it was a valuable experience – the opportunity to interact with Managers in a more relaxed setting, and to see how each of us attacks a given problem from so many different angles, is incredibly cool. Plus, I got to play golf again.

Today I’m bringing you a quick example of how to use jQuery to check with a Service to see whether the user should be allowed to toggle the state of a given checkbox. In my example, the “Service” only allows you to check boxes labelled with a prime number. I’m sure there’s a more jQuery-approved method, but this one was simpler to figure out than .val() – I couldn’t figure out how to make that *un*check a box.

XMLReader punts on clone

nospam@example.com (TML) — Tue, 12 Aug 2008 23:12:32 -0600

PHP5’s XMLReader – which I used for my JSON-Like XML post, doesn’t implement a ‘clone’ handler, which came as quite a shock when I attempted to implement a wrapper class that would allow me to push values back into the stream when I had to read-ahead to implement ‘nested data structures’ as suggested by Davey. I had a hard time finding a good example of how to internally implement clone (even Sara Golemon’s book only gives it a brief mention¹), but I finally came up with something – I’m building it now to see how well it works, or even if it works at all.

¹ zend_object_value clone_obj(zval *object TSRMLS_DC) – Used to generate a new object copied from an already instantiated one. The default behavior is to create a new object instance, associate the original’s handler table with it, copy the properties table and, if the class entry for the object in question defines a __clone() method, call that to allow the new object to perform additional duplication work.

JSON-like XML

nospam@example.com (TML) — Sun, 10 Aug 2008 22:01:40 -0600

#phpc on Freenode had a discussion tonight about how there’s nothing in XML that’s quite as simple as JSON for encoding types. I came up with this off-the-cuff – as opposed to WDDX, this is more JSON-like in that each ‘XML Document’ encodes only a single value – but that value might be mapped to any of the built-in types.
Of course, the <object> stuff would only work with pretty simple objects – but the fact that it tries at all to instance a class is a step beyond what JSON does, which is ALWAYS an instance of stdClass. You could drop this extra ‘feature’ by ~~remove~~ removing line 43 ($class = ...) and changing line 44 to:

$data = new stdClass;

Continue reading "JSON-like XML"

Refinement of ringBuffer

nospam@example.com (TML) — Sat, 09 Aug 2008 14:38:32 -0600

    public function offsetSet($key, $value) {
        if ($key === NULL) return $this->push($value);
        $this->throwEx(array(‘Do not directly set indices in a %s, use push() instead’, CLASS));
        return false;
    }

This allows the use of PHP’s ‘push’ syntax: $foo[] = ‘bar’;
Full class after the jump.

Continue reading "Refinement of ringBuffer"

Using SPL to implement a ringBuffer

nospam@example.com (TML) — Fri, 08 Aug 2008 15:39:18 -0600

I liked the SPL I used in my last post, so I cracked open my Python Cookbook to a random location and decided to try and implement whatever it landed on in PHP using SPL – that led to the following implementation of a ring buffer.
There certain may be better ways to do it, but this was my first pass, and I think it behaves much how you’d expect a ring buffer to.

Continue reading "Using SPL to implement a ringBuffer"

Case-insensitive Array access in PHP

nospam@example.com (TML) — Thu, 07 Aug 2008 21:21:48 -0600

Someone in ##PHP was looking for an array that had ‘case-insensitive’ keys, so I threw this together using SPL

Continue reading "Case-insensitive Array access in PHP"