RSS Feed   Twitter

Integer promotion

Posted by Badr on August 24th, 2011

Integer promotion

Integer promotions probably happens in your code so many times, and most of us are not even aware of that fact and don’t understand the way it works. Here is the definition from MSDN: Objects of an integral type can be converted to another wider integral type (that is, a type that can represent a larger set of values). This widening type of conversion is called “integral promotion.”

Promotions in C++ are value-preserving. The value after the promotion is guaranteed to be the same as the value before the promotion. But value-preserving conversions do not preserve the “signedness” of the object. So when comparing signed and unsigned expressions of the same size, the compiler produces what it might be unexpected results.

Read More »

PHP floating point bug

Posted by Badr on August 24th, 2011

A bug in the way PHP converts certain numbers may cause it to exhaust all system resources. For example, on 32-bit systems, converting the string 2.2250738585072011e-308 into a floating point number using the function zend_strtod results in an infinite loop and consequent full utilisation of CPU.

PHP 5.2 and 5.3 are affected, but only on Intel CPUs which use x87 instructions to process floating point numbers. 64-bit systems use the SSE instruction set extension, under which the error does not occur. Processing the numbers 0.22250738585072011e-307, 22.250738585072011e-309 and 22250738585072011e-324 also triggers an infinite loop.

This bug can be used for DoS attacks. It is possible to remotely disable some server systems merely by sending this value as a parameter in a GET request. A lot of web applications typecast some input parameters (prices, weight, quantity, …) to float for security reasons.

Here is a sample script that you can try yourself:

<?php
$i = (float) "2.2250738585072011e-308";
?>
Read More »

PHP & TOR – Anonymity with PHP cURL

Posted by Badr on August 24th, 2011

For PHP CURL library we need to add an option to Curl to use a proxy to access the internet. The option is CURLOPT_PROXY which contains the proxy address and port. This address will point at TOR, which is located at 127.0.0.1 on port 9050 as SOCKS5 proxy.

Here is the code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

//URL
$url = 'http://www.example.com/post.php';
 
//Headers
$headers = array(
  'Host: www.example.com',
  'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
  'Referer: http://www.example.com/index.php'
);
 
//Tor address & port
$tor = '127.0.0.1:9050';
 
//cURL
$ch = curl_init();
 
//Set proxy
curl_setopt($ch, CURLOPT_PROXY, $tor);
 
//Set proxy type
curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
 
//The URL to which to POST the data
curl_setopt($ch, CURLOPT_URL, $url);
 
//Set request headers
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
 
//Prepare for the POST operation
curl_setopt($ch, CURLOPT_POST, 1);
 
//Set POST fields
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
 
//Follow any "Location: " header that the server sends
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
 
//Don't return HTTP headers
curl_setopt($ch, CURLOPT_HEADER, 0);
 
//Return the contentof the call
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 
//Execute
$result = curl_exec($ch);
Read More »

PHP op-code caches

Posted by Badr on August 24th, 2011

Running high traffic sites powered with PHP applications is impossible without a PHP op-code cache / accelerators. Op-code caches speed up PHP applications by parsing and tokenizing PHP scripts once, and executing them faster for every subsequent request.

There are 3 popular open-source op-code caches:

Alternative PHP Cache (APC) is a free, open source framework that optimizes PHP intermediate code and caches data and compiled code from the PHP bytecode compiler in shared memory. APC is quickly becoming the standard PHP caching mechanism. It will be included built-in to the core of PHP starting with PHP 6.

eAccelerator was born as a fork of the Turck MMCache project. Turck MMCache was created by Dmitry Stogov and much of the eAccelerator code is still based on his work. eAccelerator also contained a PHP encoder and loader, but the development staff discontinued the encoder and removed this feature.

XCache is a fast, stable PHP op-code cacher that has been tested and is now running on production servers under high load. It is tested on Linux and supported under Windows, for thread-safe and non-thread-safe versions of PHP. This relatively new op-code caching software has been developed by mOo, one of developers of Lighttpd, to overcome some of the limitations of the existing solutions at that time; such as being able to use it with new PHP versions as they arrive.

I have done some benchmarks for all of them with Magento 1.4 installation and come to the following conclusions:

  • All op-code caches provide a noticable improvement for Magento over a default PHP installation.
  • The speed gain is about 2X.
  • eAccelerator is better than the XCache or APC both in terms of speed and memory usage
  • Installation of each op-code cache is different: XCache has a Debian package, eAccelerator is installed from source and APC is via PECL.
Read More »

Remove up-sells, cross-sells, related products

Posted by Badr on August 24th, 2011

Data about up-sells, cross-sells and related products in Magento is stored in catalog_product_link table. The link_type_id column specifies the relation between product_id and linked_product_id. Possible relations are:

1 – Related products
2 – Bundle products
3 – Grouped products
4 – Up-sell
5 – Cross-sell

So if you want to remove all up-sells for all products you can execute:

DELETE FROM catalog_product_link WHERE link_type_id = 4

Analogously you can remove all cross-sells and related products.

Read More »
« Older Entries
Newer Entries »
Twitter Delicious Facebook Digg Stumbleupon Favorites More

  • Recent Posts