Configuring Automatic Background Updates – WordPress

December 12, 2019December 12, 2019 by Zilli

Update Types

Automatic background updates were introduced in WordPress 3.7 in an effort to promote better security, and to streamline the update experience overall. By default, only minor releases – such as for maintenance and security purposes – and translation file updates are enabled on most sites. In special cases, plugins and themes may be updated.

Check HTTP headers with cURL

January 16, 2020September 8, 2019 by Zilli

Open terminal:

curl -I https://www.apple.com

Removes old simulators Xcode

May 27, 2019April 6, 2019 by Zilli

This command via terminal removes old simulators Xcode no longer use:

$ xcrun simctl delete unavailable

How to move bootstrap carousel caption below images?

August 4, 2018August 4, 2018 by Zilli

.carousel-control.right
# view hero-carousel.bloc# https://forum.blocsapp.com/t/automatically-changing-background-of-a-page/1313/7
.hero-carousel { margin-bottom: -100px; }

I’ve just added the navigation bloc above fullscreen carousel, and used negative margin custom class to hide this nav bloc behind carousel.

WordPress auto update config

July 28, 2018May 20, 2017 by Zilli

1. disable FTP commands from config.php
2. add to config.php

// Update core
define( 'WP_AUTO_UPDATE_CORE', true );

optionally for Synology NAS

# reset chown for Synology user nobody
chown -R nobody:nobody /web/wordpress/dir

# reset files and folders chmod in /web/wordpress/dir
find . -type f -exec chmod 0644 {} \;
find . -type d -exec chmod 0755 {} \;

Xcrud layout – Search and Pagination to the top

January 17, 2017April 14, 2016 by Zilli

Edit this file:
xcrud/themes/your_theme/xcrud_list_view.php

Startup Design Framework – slide autoscrolling

January 17, 2017June 22, 2015 by Zilli

Startup Framework – How to implement Parallax

January 17, 2017June 22, 2015 by Zilli

PHP / SQL data protection – anti SQL-Injection function

January 17, 2017May 23, 2015 by Zilli

SQL Injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.
Injected SQL commands can alter SQL statement and compromise the security of a web application.

SQL Injection Based on 1=1 is Always True
Look at the example above, one more time.
Let’s say that the original purpose of the code was to create an SQL statement to select a user with a given user id.
If there is nothing to prevent a user from entering “wrong” input, the user can enter some “smart” input like this:

UserId:

How to protect

PHP functions

The function

//Blind SQL-INJECTION Escape sequence. Line codes anti SQL-Injection
function anti_injection($input){
$clean=strip_tags(addslashes(trim($input)));
$clean=str_replace('"','\"',$clean);
$clean=str_replace(';','\;',$clean);
$clean=str_replace('--','\--',$clean);
$clean=str_replace('+','\+',$clean);
$clean=str_replace('(','\(',$clean);
$clean=str_replace(')','\)',$clean);
$clean=str_replace('=','\=',$clean);
$clean=str_replace('>','\>',$clean);
$clean=str_replace('<','\<',$clean);
return $clean;
}

How to use

$id=$_GET['id'];
$id_clean=anti_injection($id);

Hide email headers in Postfix

January 17, 2017April 28, 2015 by Zilli

Write this code in /etc/postfix/header_checks

/^Received:/                    IGNORE
/^X-PHP-Originating-Script:/    IGNORE
/^X-Originating-IP:/            IGNORE
/^X-Mailer:/                    IGNORE
/^Mime-Version:/                IGNORE

Update Types #

SQL Injection

How to protect

Update Types