Monthly Archives: October 2006

06 Oct

use .php as your extension for all included files

I just ran a search for PHP code which included files call db.inc.

It was surprising to find so many (100 results).

The problem with this, is that I can now use the knowledge that those projects include files called “db.inc” to read said files, and use the database details I would guess is contained therein for my own nefarious plans.

A quick and simple way to make your configuration repositories unreadable to the casual viewer is to use the .php extension for those files (ie; db.php instead of db.inc).

A different way is to still use the .inc extension, but add a .htaccess to the root of your web directory, containing this:

<FilesMatch "\.inc$">
  order allow,deny
  deny from all
</FilesMatch>

That would ban casual browsers from reading anything with the extension “.inc”.

03 Oct

converting html to pdf in php

I have a client who asked us to generate PDF reports that he can then send out to his own clients.

The way we are settling on (through long and arduous twisty paths!) is to generate HTML versions of the report, which can then be “tweaked” in FCKeditor before being finalised as PDF reports.

When converting the final HTML report to PDF, I started off using HTML_ToPDF (huh? why not “HTML_To_PDF” or “HTMLtoPDF”?).

The API was very simple to use, and conversion was simple and almost perfect – except that it ignored the CSS that our designer had placed in. Specifically, the most obvious example was that tables were missing their solid black borders.

So, I went searching for other APIs that might render the CSS correctly.

I tried DOMPDF, which claims to be CSS 2.1 compliant, but failed to render anything – it kept falling down with some obscure errors such as “Frame not found in cellmap” – what? I don’t use Frames, so the error makes no sense to me – I /guess/ that cellmap refers to the table cells, but there’s no problem with my HTML code, damnit!

Then I tried HTML2FPDF, which is very similar to HTML_ToPDF in API style. It also did not render the border.

I finally tried shifting how the CSS was entered – instead of adding it in a style block in the head of the document, I placed the CSS inline, in each element – such as <table style="border:black 1px solid">

That didn’t work in HTML2FPDF, but /did/ work in HTML_ToPDF.

Long story short? Write your CSS inline if you want to convert to PDF. As a side-effect, writing the code inline also made the CSS render in FCKeditor.