Autarchy of the Private Cave

Tiny bits of bioinformatics, [web-]programming etc

    • Archives

    • Recent comments

    Archive for the 'Web' Category

    Anything web-related. Just anything.

    SQL injection walkthrough

    11th May 2009

    SecuriTeam has an old, but still very useful article on SQL injection.

    I’ve created a PDF of that article, containing some of the comments (all the ‘thank-you’ and ‘help-me-hack’ comments were removed): sql injection walkthrough pdf download.

    Note: there were no specific license terms attached to the article; I believe that the word “free” on the SecuriTeam site logo refers to the “right of free use and copying”. If you know this is not the case – please let me know to remove this PDF from public access. (see Brian’s comment)

    Share

    Posted in how-to, Links, Software, Web | 3 Comments »

    Drupal Views: how to display random nodes/content

    4th May 2009

    Today I had a task of displaying random node in a Views-generated sidebar block.

    This is how to do that in Drupal 7 (Views 3):

    1. edit the view which makes the block available (follow http://your.site/admin/build/views/viewname/edit)
    2. in the Sort Criteria section (under Filter), look for and add Global:Random.

    This is how to do that in Drupal 6 (Views 2):

    1. edit the view which makes the block available (follow http://your.site/admin/build/views/viewname/edit)
    2. in the Sort Criteria section, add the Random criteria.

    It can’t be simpler than that.

    Share

    Posted in Drupal, Notepad, Software | 13 Comments »

    Email address to image converter

    21st April 2009

    After trying several of the kind, I found CHXO email address to image converter a reliable and working one.
    It supports transparent PNGs, and just works. Also, it comes with a complete PHP source, so it looks like you can embed it into your own web-applications. (As it is GPLed, I’ve saved a copy for myself.)

    For Gmailers, there’s a nicer generator.

    If you’d like to convert larger amounts of text to images, then use hidetext.net:
    hidetext.net

    Share

    Posted in Links, Software, Web | No Comments »

    Ensembl Genomes launches Protists, Bacteria and Metazoa

    21st April 2009

    The following sites are available:

    http://bacteria.ensembl.org
    http://protists.ensembl.org
    http://metazoa.ensembl.org

    During summer, two more sites – for Fungi and Plants – should be made available.

    Learn more about Ensembl Genomes project.

    Share

    Posted in Bioinformatics, Links, Science, Software, Web | No Comments »

    WordPress and Google Analytics external nofollow problem in comment links

    13th February 2009

    Since some WP release, the comment author’s link in comments is broken – it has ‘ external nofollow’ attached straight to the href attribute (which breaks the link).

    I assume that the problem is caused by Google Analytics, namely the “track outgoing clicks” feature (as recalled, might be inaccurate feature name). “Track outgoing links” adds some JavaScript code to all outgoing links, and that script has tick characters like this one ‘ which, incidentally, are also used for delimiting the values of comment anchor tags.

    To fix:
    Read the rest of this entry »

    Share

    Posted in CMS, how-to, PHP, Programming, Software, Web | 2 Comments »

    Best online favicon.ico generator/editor

    28th January 2009

    favicon.cc has cool real-time previews and allows creating animated favicons.

    Update: check the comments below for more online favicon editors/generators!

    Share

    Posted in Links, Notepad, Software, Web | 3 Comments »

    ExpressionEngine contact form (email module) spam vulnerability

    26th January 2009

    Yesterday I had a look at mod.email.php – the Email module of ExpressionEngine CMS.

    It appears that it is very easy to use ExpressionEngine’s contact form (which uses Email module) to send emails to arbitrary addresses – simply put, send spam using someone’s EE.

    And here’s why:

    • recipients hidden field is passed to the client; it is encrypted, but with access to the mod.email.php code, it is a matter of several minutes to write your own email-encoding function which will produce a completely valid recipients field
    • there’s also XID field, which seems to be unique for each page load

    Spamming algorithm is clear, so I won’t elaborate. (I could have missed some session variables, though – didn’t check them.)

    This information is valid as of ExpressionEngine 1.6.6, but nothing in the change-logs indicates that this mechanism was modified in the newer versions of EE.

    Update: I’ve tested, and this vulnerability does exist. The simplest prevention measure is to enable Captcha for Contact Form.

    I’ve notified the developers.

    Share

    Posted in CMS, PHP, Programming, Software, Web | 1 Comment »