PHP 5.6 EOL on December 31, what does this mean for the PHP saver?

122 views
Skip to first unread message

Lost Admin

unread,
Oct 29, 2018, 9:27:16 AM10/29/18
to tiddl...@googlegroups.com
Hi all,

I saw this in the tech news today:


When I first started with TiddlyWiki I used the store.php (Tobias Beer has a link http://tobibeer.github.io/tb5/#store.php). It wouldn't work with PHP 7 and required PHP 5. It appears at least one of us has updated it to run on PHP7 (https://groups.google.com/d/msg/tiddlywiki/72FpRZLyFMY/m_O6HQgNCAAJ).

I wonder how many of us that still use it need to make updates or otherwise don't care about running unsupported PHP? 


[EDIT] Summary of Options presented in the thread

Sven Wetzel suggested: https://quaraman.de/tw/storephp.htm


Sven Wetzel

unread,
Oct 29, 2018, 10:48:39 AM10/29/18
to tiddl...@googlegroups.com
Hi Lost Admin,

you can use my version from : https://quaraman.de/tw/storephp.html .

This version works under php 7 and can be used with https! 

So that should be no problem with the eol of php 5.6 .

Kind regards
quaraman

Lost Admin <thelos...@gmail.com> schrieb am Mo., 29. Okt. 2018, 14:27:
Hi all,

I saw this in the tech news today:


When I first started with TiddlyWiki I used the store.php (Tobias Beer has a link http://tobibeer.github.io/tb5/#store.php). It wouldn't work with PHP 7 and required PHP 5. It appears at least one of us has updated it to run on PHP7 (https://groups.google.com/d/msg/tiddlywiki/72FpRZLyFMY/m_O6HQgNCAAJ).

I wonder how many of us that still use it need to make updates or otherwise don't care about running unsupported PHP? 



--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/85cd97e8-6f38-43c5-bd02-de337978a25e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

TonyM

unread,
Oct 29, 2018, 10:10:01 PM10/29/18
to TiddlyWiki
Lost Admin,

Sven's solution sounds great, I am currently using another php solution, I should add to your choices https://github.com/sendwheel/tw-receiver


Sven,

Thanks for sharing, I will have to check out your updated store php. You may like to review https://github.com/sendwheel/tw-receiver as no doubt has possible techniques for you.

By the way given you skills in this area, how hard would it be for us to use http or php to to read or write files on a php host. Id love to allow json files to be exported to the host for others to import and other types of interaction..

Regards
Tony

Sven Wetzel

unread,
Oct 30, 2018, 4:07:28 AM10/30/18
to tiddl...@googlegroups.com
Hi TonyM,

it depends what you mean with writing files. The act to do this is easy. But to make it save against attacks can be harder. 

For example: If the php script has a failure in the checking who can upload and what is allowed to be saved on the server, you allow attackers to upload potential illegal/harmful files to your homepage space. 

Kind regards
quaraman

TonyM

unread,
Oct 30, 2018, 5:15:44 AM10/30/18
to TiddlyWiki
Sven,

If the functions exposed were limited like can only save to a specific filename etc could we make it safer?

If however this wiki would be behind a password and only trusted users had access, how far could we take this and would it be difficult?.

I would appreciate your advice.

Regards
Tony

Sven Wetzel

unread,
Oct 30, 2018, 8:27:02 AM10/30/18
to tiddl...@googlegroups.com
Hi Tony,

this is to unspecific to answer the questions.

What is your concrete case? 

This type of extension is easy to program - only to save a file. But as I described earlier : the difficult part is to decide how to handle the rights and/or the security and/or your need to proove against such things as illegal data (malware/copyrighted material/files that are only for adults...)

Regards,
quaraman


--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.

TonyM

unread,
Nov 8, 2018, 1:24:54 AM11/8/18
to TiddlyWiki
Quaraman,

Not withstanding your concerns, I still see value in being able to read and write using PHP independently of TiddlyWikis save steps. Remember such a website can be restricted to a single user with SSL and multiple levels of authentication, then all that would be permitted it to write to a particular filename, perhaps even one only the server can see. We could use the security method in https://github.com/sendwheel/tw-receiver which stops update access unless you have a long password/phrase set.

I am not asking for a PHP lesson, only some insight as to how easy and or versatile this would be, and how you may invoke PHP from inside a TiddlyWiki. If accessible I will go to the effort of learning more about PHP.

Thanks in advance
Tony

Sven Wetzel

unread,
Nov 8, 2018, 8:35:33 AM11/8/18
to tiddl...@googlegroups.com
Hi Tony,

without prooving against user failure it is very easy. But that is risky as explained before. 

from tiddlywiki perspective it could be a html form that you present with a submit button that trigger the php script.

the php script then read the data it gets.

That this function the tiddlywiki and the php script need to be served from the same domain.

But from your description it is a riddle for me how that you want.

and when for example you are in the eu and the new eu copyright reform is active this is illegal to use without a proove against copyright cases!

kind regards
quaraman

Am Do., 8. Nov. 2018, 07:24 hat TonyM <anthony...@gmail.com> geschrieben:

TonyM

unread,
Nov 8, 2018, 10:10:32 AM11/8/18
to TiddlyWiki
Quaraman,

Lets see if I can remove the riddle.

If I build a website for me, online but behind a passphrase and on PHP and store personal information and media on it, the only user is me, I will not be taking me to task, and if my partner or trusted colleague also has access I would not be too worried. Once I have developed a good solution I may translate this into a secure website, build the code into a WordPress site. I understand the obligations and privacy issues but their are plenty of applications and cases where such simply do not exist. Personally I produce a lot of my own, original content that I produce myself for consumption only by me, it does not include copy write material, or collecting information from people but may hold a repository of Open source material for me.

PHP services are now available from cloud providers so I can scale and prototype to my content.

I understand where you are coming from but are surprised you cant imagine a genuine use for this that does not present unacceptable security risks. By the way, I appreciate you reminding me of these issues, but I am not so concerned at this time with these, even considering to only place anything online I cant loose.

To be honest amongst my many roles in IT I also have a background in Security which I maintain an interest in.

One example is a NoteSelf TiddlyWiki of my own from which I can export changes as a form of backup, or generate json files that exist in another folder with different security rights. I may even host a php server on local host.

I hope that explains

Now, I wonder if it is easy to get traditional html/php post to work within tiddlywiki. My original Question

Thanks and Regards
Tony

Mark S.

unread,
Nov 8, 2018, 10:27:37 AM11/8/18
to TiddlyWiki
Is the EU looking at small sites that narrowly?

Where is tiddlyspot.com located? (All the whois info is redacted). Does tiddlyspot have to follow these rules?

-- Mark

On Thursday, November 8, 2018 at 5:35:33 AM UTC-8, Sven Wetzel wrote:

Sven Wetzel

unread,
Nov 8, 2018, 11:30:12 AM11/8/18
to tiddl...@googlegroups.com
Hi Mark,

the Eu is looking after youtube and other big player. 

But how that is affecting a small site is something we only see then the law is out next year.

And who defines what a small site in the context of this law is?

Welcome in #neuland where politicians see that something like internet exist!

Who is under this law? Everyone that want to have users living in the Eu!

kind regards
quaraman

Am Do., 8. Nov. 2018, 16:27 hat 'Mark S.' via TiddlyWiki <tiddl...@googlegroups.com> geschrieben:
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.

Lost Admin

unread,
Nov 8, 2018, 11:56:41 AM11/8/18
to TiddlyWiki
The IP address for tiddlyspot.com is issued to Dreamhost.com. Dreamhost is a California US based company. But they could have servers anywhere. 

Sven Wetzel

unread,
Nov 8, 2018, 1:21:45 PM11/8/18
to tiddl...@googlegroups.com
Tony,

first: the draft of this copyright proposal speaks about websites that offer user content upload.

And you are a user of your own site!

So you need an upload filter to monitor your own behavior! 

But they can be exceptions for some sites/companies...

At this time nobody can exactly answer you this! Because first it need to be made as law and then it need to be made as active law in the national states.

After that - I read somewhere in the middle of 2019 - this can be answered by a lawyer.

kind regards
quaraman

Am Do., 8. Nov. 2018, 16:10 hat TonyM <anthony...@gmail.com> geschrieben:

TonyM

unread,
Nov 8, 2018, 7:01:50 PM11/8/18
to TiddlyWiki
Quaraman,

I would rarely upload content, just type it into a tiddlywiki.

On one hand
I really can not see any way for such regulations to apply to my personal IP that no one can access (without hacking) has no information/copywrite material about anyone else that is not publicly available.

On the other hand
As a Website host there is a responsibility for me as a good global citizen to take what ever steps are required to insure my internet hosted services to not provide a method by which DOS (Denial of service attacks)  and other illegal (for the most) activities can be executed. 

If I open my tiddlywiki to php (update) but open my tiddlywiki to no one but me, how could I possibly be made to comply? 

These are serious issues when publishing on the internet, and we must take these into account for published material and storing private information. I am running an online shop, I need to comply and personally I am all for rules and regulations that set a minimum reasonable standard, why do I like such regulations when I also believe in freedom to choose?, because these regulations stop a race to the bottom which often occurs in competitive situations, placing a floor on which few venture below, and it is clear when they do. With a floor set we can all get about our business competing in other ways, its a level playing field that maintains the confidence of users in using online resources, and when "online resources" is what you do, confidence of your clients is essential.

Despite my position above the new regulations are really a list of common sense actions you should take when storing your own or other peoples data online.

Regards
tony 
Reply all
Reply to author
Forward
0 new messages