Thursday, October 29th 2009


Fixing cross-site scripting attacks in PHP for PCI Compliance
posted @ 9:49 am in [ Fixing Things -Technology -Web Design -Web2.0 ]

More PCI compliance checks meant that we found a number of scripts in some of the simpler pages on our sites (email register for example) were subject to possible cross-site scripting attacks

(see the Wikipedia entry for a pretty good explanation of what they are and why you need to fix them http://en.wikipedia.org/wiki/Cross-site_scripting)

Anyway – here’s the quick code to fix pretty much any form using htmlspecialchars to encode the input.

Original: (note the weakness in using REQUEST_URI here)

<form method=”post” action=”<?php echo $_SERVER[‘REQUEST_URI’]; ?>” id=”registerTop” class=”smallForm”>

Fixed: (note the replacement of PHP_SELF for REQUEST_URI to stop injection of different pages)

<form method=”post” action=”<?php echo htmlspecialchars($_SERVER[‘PHP_SELF’],ENT_QUOTES); ?>” id=”registerTop” class=”smallForm”>

Happy days – PCI test passed 🙂




Thursday, October 29th 2009


Just in case you wondered who was responsible for all of IE6’s bugs…
posted @ 6:49 am in [ Technology -Web Design -Web2.0 ]

I found this last night while scanning for another document, the thankyou note from Microsoft sent to me for being one of the beta testers on Microsoft Internet Explorer 4 (IE4)!

Obviously I didn’t do a very good job as IE5 and IE6 both turned out to be horribly buggy browsers, but then again they didn’t pay me for the pleasure so it can’t be all bad 🙂


MicrosoftIE4BetaTestersLetter




Tuesday, October 20th 2009


Plesk error 500 and [apc-error] apc_mmap: mmap failed: No space left on device
posted @ 10:55 am in [ Media Temple -PHP -Technology -Web Design ]

Upgrade Plesk 8.0.3 to Plesk 9.0.x on a Media Temple DV server and it dies 🙁

Error 500, nothing in the log files, no where to turn.

Anyways… after a chunk of digging around the problem is to do with running out of memory on the container that Mediatemple allocate for the DV server.

So… you can fix it by lowering the PHP memory requirements in the Plesk 9 PHP.ini file


cd /usr/local/psa/admin/conf/
vi php.ini

Then the setting you want to change is apc.shm_size from the default setting of 40 (Mb?) to 10


apc.shm_size = 10

And then check Plesk to see if it is working


/usr/bin/sw-engine-cgi -c /usr/local/psa/admin/conf/php.ini -d auto_prepend_file=auth.php3 -u psaadm

..and with a bit of luck you should be away! More details in a good discussion on the Plesk forums here




Monday, October 19th 2009


How To Virtualize Any OS For Free
posted @ 6:53 am in [ Technology -Web Design ]

Boot IE6 or IE7 virtual machines on your Mac like our team do without needing to pay Parallels a penny!

http://gizmodo.com/5383982/how-to-virtualize-any-os-for-free

Awesome 🙂




Friday, October 16th 2009


Upgrading Plesk 8.3 for PCI compliance to 9.x
posted @ 3:53 am in [ Fixing Things -Media Temple -Web Design ]

PCI compliance … grrrr… understand why it needs to be done but crikey is it a boring process to do.

Anyway, turns out that Plesk 8.3, the default from our lovely hosting provider at Media Temple, isn’t PCI compliant as it uses an old Apache install

However, never fear, easy fixes at hand 🙂

Upgrade 8.3 to 8.6
/usr/local/psa/admin/sbin/autoinstaller --select-release-id PLESK_9_2_2 --upgrade-installed-components

Upgrade 8.3 to 9.0 (latest)

/usr/local/psa/admin/sbin/autoinstaller --select-release-latest --upgrade-installed-components

or you can run the upgrade interactively using just

/usr/local/psa/admin/sbin/autoinstaller




Thursday, October 15th 2009


More YUM and how to fix
posted @ 5:32 am in [ Technology ]

Yum is great – it really is a blessing when it is installed as you can upgrade a whole Linux system really easily.

The problem is that most shared hosting providers use CentOS so that they can provide ‘virtual’ servers to customers, and as it is basically a very good free copy of RedHat Linux.

CentOS however doesn’t come with Yum so you need to install it, and here’s the common errors when installing and how to fix

1. No module named yum

Error:
There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:

No module named yum

Please install a package which provides this module, or
verify that the module is installed correctly.

It's possible that the above module doesn't match the
current version of Python, which is:
2.4.3 (#1, May 24 2008, 13:47:28)
[GCC 4.1.2 20070626 (Red Hat 4.1.2-14)]

If you cannot solve this problem yourself, please go to
the yum faq at:
http://wiki.linux.duke.edu/YumFaq

This is actually Python complaining that it can’t find the Yum library to install when it runs. You can try installing it into Python (run python, type ‘import yum’) however this never seems to work for me, so alternatives are to add the directory the Yum source is in to the python path, or to run Yum directly with python using ‘python yummain.py ‘. This works quite well 🙂

2. AttributeError: CHECKSUM_VALUE

This seems to be a mismatch in versions between the Yum package you are installing and the version of the Yum Metadata Parser you have installed. Best trick is to remove the one you have, and install a new one from fresh

rpm -qa | grep yum-metadata-parser
rpm -ev --nodeps yum-metadata-parser-VERSIONFROMABOVECMD

Download the version you want from the Yum homepage – http://yum.baseurl.org/download/yum-metadata-parser/

and install this – should fix it nicely 🙂

Also – found this list of requirements for Phthon etc. based on the version of Yum installing

* yum 3.0.1 – Stable Release, Python 2.4+ and rpm 4.3+ systems only. Requires repomd repositories. Works under FC5, FC6 and rawhide.
* yum-metadata-parser 1.0.2 – C-based metadata parser to quickly parse xml metadata into sqlite databases.
* yum 2.6.X – Stable Release, Python 2.3+ and rpm 4.1.1+ systems requires repomd repositories: 2.6.1 latest known to work with some FC3, FC4, FC5, RHEL4 and compatible distributions
* yum 2.4.X – Stable Release, Python 2.3+ and rpm 4.1.1+ systems requires repomd repositories: 2.4.2 latest known to work with: FC3, FC4, RHEL4 and compatible distributions
* yum 2.0.X – for python 2.1+ and rpm 4.1.1-4.3.1 systems: 2.0.8 latest
* yum 1.0.X – for python 1.5.2+ and rpm 4.0.4 systems: 1.0.3 latest – considered obsolete

references:
http://docs.python.org/install/index.html
http://wiki.centos.org/HowTos/PackageManagement/YumOnRHEL
http://yum.baseurl.org/download/2.9/