Category Archives: Surviving the Internet

XPath Null Byte Injection in PHP

Back in July this year, in Mitigating XPath Injection Attacks in PHP I was writing about how to properly quote a string in PHP’s Xpath 1.0. The code presented there was based on the assumption that the resulting expression is … Continue reading

Posted in Hakre's Tips, PHP Development, Pressed, Surviving the Internet | Tagged , , , , , , , | Leave a comment

The Negative Influence of WordPress on PHP

The current The TIOBE Programming Community Index for July 2013 shows an increase for PHP, gaining grounds fast and as an ongoing trend over the last year: If compared to January 2013, PHP is the fastest climber with an increase … Continue reading

Posted in Hakre's Tips, Linked, Pressed, Surviving the Internet | Tagged , , , , , | 2 Comments

Mitigating XPath Injection Attacks in PHP

PHP has two libxml based extensions that allow to execute XPath 1.0 expressions: DOM (by the DOMXPath class) and SimpleXML (with its xpath() method). Both extensions are prone to XPath Injection Attacks, a common attack form. Albeit all this, and … Continue reading

Posted in Hakre's Tips, PHP Development, Pressed, Surviving the Internet | Tagged , , , , , , , | 1 Comment

Dive Into HTML5 (by Mark Pilgrim with contributions from others)

Link | Posted on by | Tagged , | Leave a comment

Prepared Statements

In Programming With Anthony – Prepared Statements (by Anthony Ferrara; 12 Dec 2012) the author needs only two minutes and 17 seconds (Youtube Video) to explain *Prepared Statements*. Worth to watch. See as well the Playlist of Programming With Anthony … Continue reading

Posted in Hakre's Tips, Linked, PHP Development, Pressed, Surviving the Internet | Tagged , , , , , , , , , | Leave a comment

The Daily Mistake: Not to Proxy Remote Services

“Just gimme a min, I glue that HTTP based remote service in.” – Whether the standard file_get_contents + Json *bam* or complete SOAP, a developer should have the time to wrap each (remote) data-source inside it’s own interface that is … Continue reading

Posted in Code Smells, PHP Code Smells, PHP Development, Pressed, Surviving the Internet | Tagged , , , , , , , , , , , | 3 Comments

Architecture the Lost Years (Robert Cecil Martin; 4 Nov 2011)

Did worldwide Hypertext turned software developers out in the field upside-down? In Architecture the Lost Years (1h 06m) Robert C. Martin talks about the web and how it influenced development design decisions in the last decade(s). Is the system the … Continue reading

Posted in Developing, Hakre's Tips, Linked, Pressed, Surviving the Internet | Tagged , , , , , , , , , | 1 Comment

Will Automattic join Dec 29 move away from GoDaddy day?

With all the reports about SOPA and GoDaddy (Mashable, PC World, ars technica, Read Write Web, VentureBeat, …) I was wondering if Automattic, one of GoDaddy’s customers, has been taking note of selfprodigy’s reddit posting: I’m suggesting Dec 29th as … Continue reading

Posted in Pressed, Save the Date, Surviving the Internet | Tagged , , , , , | 3 Comments

How-To Block Alexa Robot

It’s easy and can save you some bandwidth per month, just add the following to your robots.txt file: Additionally it saves you to get too much information concentrated on alexa.com. You can contact them to delete existing content as well. … Continue reading

Posted in Surviving the Internet | Tagged , , , | Leave a comment

Best Practice robots.txt

I did some research month ago and wrote a longer article about robots.txt. But for a quick lookup it’s too much to read, so today it’s time a for a simple best-practices check-list: Use ASCII encoding for robots.txt (see as … Continue reading

Posted in Pressed, Surviving the Internet | Tagged , , , , , | 2 Comments

Websocket Protocol Vulnerability

Linked: Disabling the WebSocket protocol (by Anne van Kesteren; 08 Dec 2010). This HTML 5 looks to be a scary mess security wise. I hope the browser vendors do their jobs.

Posted in Linked, Surviving the Internet, Uncategorized | Tagged , | Leave a comment

WordPress Licensing Issues – Plugins are GPL, Right?

If you thought that the wordpress package you can download from wordpress.org is re-distributable under GPL, then you’re thinking wrong. Why do I say so? Thanks to a ticket opened by novasource, it came to my attention, that the Hello … Continue reading

Posted in Hacking The Core, Linked, Pressed, Surviving the Internet, Wordpress Licensing | Tagged , , , , , , , , , , , , | 5 Comments

Slow Crawling Fixes

WordPress 3.0.2 went out some days ago. Announced as security release (full 3.0.2 Changelog) for the stable wordpress version. While taking a look into the changelog, I got a little flashback. The most prominent security issue was in fact an … Continue reading

Posted in Pressed, Surviving the Internet | Tagged , , , , | 3 Comments

Display Errors on Production Sites – Today: Adult Swim

Geeeez! The purple pixel robot is talking to me: Warning: Invalid argument supplied for foreach() in _adultswim_get_term_name() (line 395 of / docrootas20/ sites/ all/ modules/ publicreative/ adultswim/ adultswim.module). (Source) How sweet, this will be my new friend. I’ve just fallen … Continue reading

Posted in Pressed, Surviving the Internet | Tagged , , , , , | Leave a comment

Disable Stylesheets in Internet Explorer

Microsofts Browser, the Internet Explorer, is somehow hated by Webdesigners and Developers throughout the world. But still there is discussion over here and there whether or not to support the Browser any longer, for example version 6. I won’t go … Continue reading

Posted in Pressed, Surviving the Internet | Tagged , , , , , , , , , , , , | Leave a comment

Team playing the hashcat card in Korelogic’s “Crack Me If You Can” DEFCON 2010 competition

A relativly small team has had great success at DEFCON 2010 in this years “Crack Me If you can” competition sponsored by Korelogic Inc, a US-based information security company.

Posted in Pressed, Reports, Surviving the Internet | Tagged , , , , , , , , , , , , , , , , , , , , | Leave a comment

Resource Expert Droid – Analyze HTTP Requests

The Resource Expert Droid – or Redbot in short, is an online tool to analyze HTTP requests. It provides decent information about response headers and the request headers can be configured as well (javascript required).

Posted in Hakre's Tips, Pressed, Scripts, Surviving the Internet, Tools, Webtools | Leave a comment

Twitpic does not like it’s users to use a computer

Via TechCrunch: Twitpic Blocks Posterous’ Import Tool Read on: EFF Seeks to Protect Innovation for Social Network Users

Posted in Pressed, Surviving the Internet | Tagged , , , , , , , | Leave a comment

wordpress HTTP and header related tickets

I’ve done some massive HTTP stuff lately which included a full re-read of some (all?) HTTP releated RFCs – some of them I first studied years ago. It’s not that simple as it was back those years, but it’s good … Continue reading

Posted in Hacking The Core, Pressed, Surviving the Internet | Tagged , , , , , , , , | 2 Comments