More PCI compliance checks meant that we found a number of scripts in some of the simpler pages on our sites (email register for example) were subject to possible cross-site scripting attacks
(see the Wikipedia entry for a pretty good explanation of what they are and why you need to fix them http://en.wikipedia.org/wiki/Cross-site_scripting)
Anyway – here’s the quick code to fix pretty much any form using htmlspecialchars to encode the input.
Original: (note the weakness in using REQUEST_URI here)
<form method=”post” action=”<?php echo $_SERVER[‘REQUEST_URI’]; ?>” id=”registerTop” class=”smallForm”>
Fixed: (note the replacement of PHP_SELF for REQUEST_URI to stop injection of different pages)
<form method=”post” action=”<?php echo htmlspecialchars($_SERVER[‘PHP_SELF’],ENT_QUOTES); ?>” id=”registerTop” class=”smallForm”>
Happy days – PCI test passed 🙂
I found this last night while scanning for another document, the thankyou note from Microsoft sent to me for being one of the beta testers on Microsoft Internet Explorer 4 (IE4)!
Obviously I didn’t do a very good job as IE5 and IE6 both turned out to be horribly buggy browsers, but then again they didn’t pay me for the pleasure so it can’t be all bad 🙂
Upgrade Plesk 8.0.3 to Plesk 9.0.x on a Media Temple DV server and it dies 🙁
Error 500, nothing in the log files, no where to turn.
Anyways… after a chunk of digging around the problem is to do with running out of memory on the container that Mediatemple allocate for the DV server.
So… you can fix it by lowering the PHP memory requirements in the Plesk 9 PHP.ini file
cd /usr/local/psa/admin/conf/
vi php.ini
Then the setting you want to change is apc.shm_size from the default setting of 40 (Mb?) to 10
apc.shm_size = 10
And then check Plesk to see if it is working
/usr/bin/sw-engine-cgi -c /usr/local/psa/admin/conf/php.ini -d auto_prepend_file=auth.php3 -u psaadm
..and with a bit of luck you should be away! More details in a good discussion on the Plesk forums here
Boot IE6 or IE7 virtual machines on your Mac like our team do without needing to pay Parallels a penny!
http://gizmodo.com/5383982/how-to-virtualize-any-os-for-free
Awesome 🙂
PCI compliance … grrrr… understand why it needs to be done but crikey is it a boring process to do.
Anyway, turns out that Plesk 8.3, the default from our lovely hosting provider at Media Temple, isn’t PCI compliant as it uses an old Apache install
However, never fear, easy fixes at hand 🙂
Upgrade 8.3 to 8.6
/usr/local/psa/admin/sbin/autoinstaller --select-release-id PLESK_9_2_2 --upgrade-installed-components
Upgrade 8.3 to 9.0 (latest)
/usr/local/psa/admin/sbin/autoinstaller --select-release-latest --upgrade-installed-components
or you can run the upgrade interactively using just
/usr/local/psa/admin/sbin/autoinstaller
Yum is great – it really is a blessing when it is installed as you can upgrade a whole Linux system really easily.
The problem is that most shared hosting providers use CentOS so that they can provide ‘virtual’ servers to customers, and as it is basically a very good free copy of RedHat Linux.
CentOS however doesn’t come with Yum so you need to install it, and here’s the common errors when installing and how to fix
1. No module named yum
Error:
There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:
No module named yum
Please install a package which provides this module, or
verify that the module is installed correctly.
It's possible that the above module doesn't match the
current version of Python, which is:
2.4.3 (#1, May 24 2008, 13:47:28)
[GCC 4.1.2 20070626 (Red Hat 4.1.2-14)]
If you cannot solve this problem yourself, please go to
the yum faq at:
http://wiki.linux.duke.edu/YumFaq
This is actually Python complaining that it can’t find the Yum library to install when it runs. You can try installing it into Python (run python, type ‘import yum’) however this never seems to work for me, so alternatives are to add the directory the Yum source is in to the python path, or to run Yum directly with python using ‘python yummain.py ‘. This works quite well 🙂
2. AttributeError: CHECKSUM_VALUE
This seems to be a mismatch in versions between the Yum package you are installing and the version of the Yum Metadata Parser you have installed. Best trick is to remove the one you have, and install a new one from fresh
rpm -qa | grep yum-metadata-parser
rpm -ev --nodeps yum-metadata-parser-VERSIONFROMABOVECMD
Download the version you want from the Yum homepage – http://yum.baseurl.org/download/yum-metadata-parser/
and install this – should fix it nicely 🙂
Also – found this list of requirements for Phthon etc. based on the version of Yum installing
* yum 3.0.1 – Stable Release, Python 2.4+ and rpm 4.3+ systems only. Requires repomd repositories. Works under FC5, FC6 and rawhide.
* yum-metadata-parser 1.0.2 – C-based metadata parser to quickly parse xml metadata into sqlite databases.
* yum 2.6.X – Stable Release, Python 2.3+ and rpm 4.1.1+ systems requires repomd repositories: 2.6.1 latest known to work with some FC3, FC4, FC5, RHEL4 and compatible distributions
* yum 2.4.X – Stable Release, Python 2.3+ and rpm 4.1.1+ systems requires repomd repositories: 2.4.2 latest known to work with: FC3, FC4, RHEL4 and compatible distributions
* yum 2.0.X – for python 2.1+ and rpm 4.1.1-4.3.1 systems: 2.0.8 latest
* yum 1.0.X – for python 1.5.2+ and rpm 4.0.4 systems: 1.0.3 latest – considered obsolete
references:
http://docs.python.org/install/index.html
http://wiki.centos.org/HowTos/PackageManagement/YumOnRHEL
http://yum.baseurl.org/download/2.9/
