This just in: Contact-Form-7 (WordPress) Vulnerability – 5 million websites at risk – CVE-2020-35489

A vulnerability has been discovered in Contact Form 7 that allows an attacker to upload malicious scripts. The publishers of Contact Form 7 have released an update to fix the vulnerability.

Unrestricted File Upload Vulnerability…

Noooo, I’m not going to steal/copy/plagiarize this article, just read the article on CVE 2020 35489 on searchenginejournal.com.

But I do have something to add. Continue reading “This just in: Contact-Form-7 (WordPress) Vulnerability – 5 million websites at risk – CVE-2020-35489”

Handy script: lbf

[Edit: This script is defunct since Local rebuilt the application and ditched the virtual machine. This script works only with the old “Local by Flywheel”  and not with the “Local Lightning” app. For the latter, see my lbl script]

Local (by Flywheel) is great, but for a terminal type of person as I am, I find it way more convenient to SSH into a VM and use the WP-CLI to perform WordPress tasks. With a platform like Vagrant, one has the

vagrant ssh
command to shell into the virtual environment.

With Local, you can do this with the push of a button in Local, but as said, I like the terminal better.

lbf ssh
is waaaaay faster than going to the Local app, find the site, click the SSH button.

But wait, there is much more ;) Continue reading “Handy script: lbf”

WordPress REST-API nonce-sense.

Working with the WordPress REST-API is HELL. There. I said it. It is powerful, it is secure, it is everything a developer needs, but for the love of [fill in your favorite deity here], WordPress, be consistent!

Using the REST-API requires authentication. Well, that’s not a problem. Just create a route to log-in and one to log-out. WordPress has functions to do that.

wp_signon()
and
wp_logout()

The first hurdle is getting the WordPress REST API to function. Oh, wait, you need a nonce ?! Well, thank you WordPress for this ‘security’-measure. For everything else in WordPress the authentication cookies you get when logging in to /wp-admin are enough, but for REST-API you need a nonce … the F why !?

Sorry, but this is just NONCE-SENSE! Pun intented. If only it were funny. Continue reading “WordPress REST-API nonce-sense.”

Google Tag Manager restart after AJaX page-reload

Quick Tip

So you have this very fast AJaX page loader (InstantClick) on your website, but you want to use Google Tag Manager and track your pageview with Analytics etc; here’s how you reset Tag Manager and re-load it after your AJaX page is loaded; Continue reading “Google Tag Manager restart after AJaX page-reload”

BREAKING NEWS – WordPress 4.8.3 with WPML (sitepress multilingual cms) 3.8.0 and up cause Page Not Found

[UPDATE] WPML has released a new version with a permanent fix, download version 3.8.4 from wpml.org.

BREAKING NEWS … Literally!

If you experience inexplicable 404s on your WordPress site after you updated to version 4.8.3, and you are using WPML (sitepress multilingual cms) version 3.8.0 or higher, you will need a fix. (Duh!)

The cause is WPML not properly using WPDB->prepare(); [UPDATE] is too late with adding/removing the filters on the query. The priority is now fixed from 10 to -1.

Continue reading “BREAKING NEWS – WordPress 4.8.3 with WPML (sitepress multilingual cms) 3.8.0 and up cause Page Not Found”

Out with the old, in with the new — Switching from built-in software to one awesome piece of engineering: Local (by Flywheel)

A multitude of recent developments have aided me to make a choice. Some of them are

  • Apple going for thinner, lighter instead of stronger performance, and
  • Microsoft integrating Bash into Windows 10 with WSL (Windows Subsystem for Linux)

While the new Macbook Pro is quite a feet of engineering, it is hardly Pro”. Surely intel graphics are enough for typing letters and calculating spreadsheets, it’s not Pro. A 16GB memory limit (which with the compression tech used is like 24GB for any other OS) is great for battery life, but it’s not “Pro”. The keyboard is ultra thin and has good tactile feedback, but the keys need a firm press, and travel almost nothing. Great for thinning the device, but again, not “Pro”. For the same amount of money you can buy a portable powerhouse like the Asus ROG G752vy (seen in my post about this). This one has other issues, but at least it has got awesome graphics (nVidia 980), max 64 GB RAM and a “normal” laptop keyboard.

(Yeah, I know, I KNOW, I don’t need ‘awesome graphics’ for web development, but I like to game also, and to be honest; my favorite IDE – phpStorm – DOES prefer a sturdy GPU. Don’t know why, but it runs so much better on a discrete GPU than it does on intel Graphics)

Reasons to stay with macOS are rapidly diminishing, and reasons to start using Windows again are gaining support. Since the Windows 10 Anniversary Update, Windows offers Bash and all goodness that comes with Ubuntu linux, right at your fingertips. Well, not ALL goodness, but most of it.

Continue reading “Out with the old, in with the new — Switching from built-in software to one awesome piece of engineering: Local (by Flywheel)”

Hey Siri, what do I need to do to get my development environment working again after upgrading to macOS Sierra?

Hello, macOS Sierra!

macOS… that name… so… long… ago…

It has been, what?, 11 years? 12? … System 9, that was the last OS to be called macOS. The name change does not change anything regarding the update cycle, although on one of my macs, the upgrade went horrifically bad! I ended up rebooting in Recovery mode and installing macOS from there.

For getting the development enviroment back up, not much to be done!

Apache could not find the default server certificates in

/private/etc/apache2/server.crt
so after correcting those paths in
/etc/apache2/extra/httpd-ssl.conf
and restarting Apache, all’s well!

Shell commandsudo nano /etc/apache2/extra/httpd-ssl.conf
Shell commandsudo apachectl restart

As always; feel free to comment or ask questions :)

Bye Bye Yosemite – Hello El Capitan! — another post-upgrade fixing session

In the series “How to fix your development environment after an upgrade” ( referring to this and this post ) I present you;

“Fix your development environment after upgrade to El Capitan”

Continue reading “Bye Bye Yosemite – Hello El Capitan! — another post-upgrade fixing session”

Another Upgrade, Another Fixing session – Upgrade Development Environment – Yosemite edition

While Redmond is starting their photocopiers (the age old story of how Microsoft keeps copying instead of innovating), we Mac users start our updates. OSX 10.10 Yosemite brings Apache 2.4 and PHP 5.5 to our playground, but not everyone is happy with that. Also, not all software survives the upgrade. Here is what I had to do to fix my development environment.

Continue reading “Another Upgrade, Another Fixing session – Upgrade Development Environment – Yosemite edition”

Test your code for PHP (in-)compatibility

PHP Upgrades are a pain in the ass but from time to time, it’s desperately needed. For a hobbyist with one or two websites, it’s not that much of a deal to check your code and update, but what if you have hundreds of websites running on your servers? Automated tools would be the better choice.

Luckily there’s PHPCS – the PHP CodeSniffer – to check your code for appliance to a certain set of coding standards.

Continue reading “Test your code for PHP (in-)compatibility”

Confidental Infomation
stop spam mail