Yesterday, Melvin Lammerts wrote an article on the account creation with elevated privileges vulnerability in Joomla! < 3.6.4. And included a PoC exploit. This Joomla! vulnerability makes it easy for an attacker to create an user account, even when user registration is turned off. Yikes!
Having trouble installing or updating Magento with PHP 5.6? Does Magento 2 throw an error about
always_populate_raw_post_data being set to
0? Then read on, because here is how to fix upgrades to Magento 2.0 in PHP 5.6.
Zen Cart is an open source shopping cart software. Unfortunately, Zen Cart has had some difficulties in the past sending authenticated SMTP email from a website. Here is how to let Zen Cart send email over an encrypted TLS connection, when the following condition is met: StartTLS is required. Since Zen Cart v1.5.2 StartTLS support is available.
An important note for everyone who’s upgrading from PHP 5.4 and PHP 5.5, to PHP 5.6: the PHP
default_charset in php.ini changed from “empty” to UTF-8, making UTF-8 the default charset in PHP. This may break HTML output if you try to set a different charset in your HTML head. It may also break functions like
htmlspecialchars. For example:
Years ago, I noticed that PHP connections to MySQL were significantly slower over IPV6 (where a hostname has an IPv6 address or AAAA record), when no MySQL service is listening on that address. The connection is refused, and PHP has to fallback to IPv4. The fallback takes a significant amount of time. Too much time if you’d asked me. Unfortunately this fallback to IPv4 is still slow today…
Convert ext/mysql to MySQLi how-to. This post will show you how to convert your old PHP mysql extension functions to PHP MySQLi extension. Migrating away from ext/mysql to MySQLi – or PHP Data Object (PDO) – is important, because the ext/mysql functions are deprecated as of PHP 5.5.0. If you do not update your PHP code, your website will fail soon!
The PHP setting
realpath_cache_size sets the size of the realpath cache to be used by PHP. Increasing
realpath_cache_size may greatly improve PHP performance, as PHP states: this value should be increased on systems where PHP opens many files. Setting a correct value for PHP realpath_cache_size can greatly improve PHP performance and optimize WordPress – and other CMS’s – websites.
Redirect pages with PHP. If you’ve moved some old PHP pages, or URLs, to new pages and URLs, you can use the following PHP code snippet to easily redirect all visitors and incoming requests to the new location. This PHP code snippet uses a 301 Moved Permanently redirect, perfect for SEO.
PHP script to check website availability with PHP/cURL. The following PHP function checks if your website is online available or not. Website uptime and availability is important and you want your website to be always online available. When your website is down, you want to be notified about the downtime.
Configure TLS for wordpress email. I was suprised WordPress is not able to send email using an SMTP server out-of-the-box. Not to mention using authenticated SMTP or TLS transport for security. A quick Google search showed me multiple plugins to handle this, but I wanted to create something myself. Here is how to override the
wp-mail() function and send email using authenticated SMTP and StartTLS from WordPress.
Chmod.php, change file attributes with PHP, to make files read only or normally accessible on Windows IIS servers. Sometimes you need
chmod to make files read only on your website, or make them normally accessible in case they already are read only. For instance Drupal’s
settings.php configuration file, or WordPress Contact Form 7 temporary captcha files, are examples of read-only files.
PHP file upload security: How to validate MIME types in PHP. It is important to validate the MIME type of files in your web application. Especially MIME types of files uploaded by an upload form on your website. With PHP, the best way to validate MIME types is with the PHP extension Fileinfo. Any other method might not be as good or secure, and unfortunately those other methods are still wildly used…
The PHP MySQLi extension supports multiple queries, which are concatenated by a semicolon, with
mysqli->multi_query. We use this to optimize all MySQL tables, in a single multi-query statement. Neat! Optimizing MySQL tables is important to keep tables small and fast. This boosts MySQL, PHP and website performance and we all love that, don’t we? :)
An often heard solution to PHP cURL errors with SSL is to turn off
CURLOPT_SSL_VERIFYPEER. Please don’t turn off
CURLOPT_SSL_VERIFYPEER, but fix your PHP config instead. This article provides you with two solutions to solve CA certificate validation errors with PHP cURL and OpenSSL. For system administrators and end-users.
Connect to an SQL Server database with PHP 5.3+ using the SQLSRV API and
sqlsrv_connect. As of PHP 5.3.2 you have to use the SQLSRV API functions to connect to an MS SQL Server database from PHP. For example, use
sqlsrv_connect() to create a connection resource and open a connection. The main difference with the older mssql functions of PHP is that SQLSRV requires an Array() with connection information, instead of strings.