Category: Code


WordPress auto update config

By Zilli,

1. disable FTP commands from config.php
2. add to config.php

// Update core
define( 'WP_AUTO_UPDATE_CORE', true );

optionally for Synology NAS

# reset chown for Synology user nobody
chown -R nobody:nobody /web/wordpress/dir

# reset files and folders chmod in /web/wordpress/dir
find . -type f -exec chmod 0644 {} \;
find . -type d -exec chmod 0755 {} \;

PHP / SQL data protection – anti SQL-Injection function

By Zilli,

SQL Injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.
Injected SQL commands can alter SQL statement and compromise the security of a web application.

SQL Injection Based on 1=1 is Always True
Look at the example above, one more time.
Let’s say that the original purpose of the code was to create an SQL statement to select a user with a given user id.
If there is nothing to prevent a user from entering “wrong” input, the user can enter some “smart” input like this:

UserId:

How to protect

PHP functions

The function

//Blind SQL-INJECTION Escape sequence. Line codes anti SQL-Injection
function anti_injection($input){
$clean=strip_tags(addslashes(trim($input)));
$clean=str_replace('"','\"',$clean);
$clean=str_replace(';','\;',$clean);
$clean=str_replace('--','\--',$clean);
$clean=str_replace('+','\+',$clean);
$clean=str_replace('(','\(',$clean);
$clean=str_replace(')','\)',$clean);
$clean=str_replace('=','\=',$clean);
$clean=str_replace('>','\>',$clean);
$clean=str_replace('<','\<',$clean);
return $clean;
}

How to use

$id=$_GET['id'];
$id_clean=anti_injection($id);

Hide email headers in Postfix

By Zilli,

Write this code in /etc/postfix/header_checks

/^Received:/                    IGNORE
/^X-PHP-Originating-Script:/    IGNORE
/^X-Originating-IP:/            IGNORE
/^X-Mailer:/                    IGNORE
/^Mime-Version:/                IGNORE

Apache – mod_rewrite rules

By Zilli,

Examples to configure rewrite rules in .htaccess file:
http://yourdomain.com/test

RewriteEngine On
RewriteRule ^test/?$ /testpage.php [L,NC]


Rewrite localization url with $_GET[‘lang’] variable
http://yourdomain.com/english

RewriteEngine On
RewriteRule ^(.*)/$ /$1 [R=permanent]
RewriteRule ^([a-z]{2})$ /index.php?lang=$1


Redirect 301

http://www.yourdomain.com/ to http://yourdomain.com/

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.yourdomain\.com$ [NC]
RewriteRule ^(.*)$ http://yourdomain.com/$1 [L,R=301]