This just in: Contact-Form-7 (WordPress) Vulnerability – 5 million websites at risk – CVE-2020-35489

A vulnerability has been discovered in Contact Form 7 that allows an attacker to upload malicious scripts. The publishers of Contact Form 7 have released an update to fix the vulnerability.

Unrestricted File Upload Vulnerability…

Noooo, I’m not going to steal/copy/plagiarize this article, just read the article on CVE 2020 35489 on searchenginejournal.com.

But I do have something to add. Continue reading “This just in: Contact-Form-7 (WordPress) Vulnerability – 5 million websites at risk – CVE-2020-35489”

WordPress REST-API nonce-sense.

Working with the WordPress REST-API is HELL. There. I said it. It is powerful, it is secure, it is everything a developer needs, but for the love of [fill in your favorite deity here], WordPress, be consistent!

Using the REST-API requires authentication. Well, that’s not a problem. Just create a route to log-in and one to log-out. WordPress has functions to do that.

wp_signon()
and
wp_logout()

The first hurdle is getting the WordPress REST API to function. Oh, wait, you need a nonce ?! Well, thank you WordPress for this ‘security’-measure. For everything else in WordPress the authentication cookies you get when logging in to /wp-admin are enough, but for REST-API you need a nonce … the F why !?

Sorry, but this is just NONCE-SENSE! Pun intented. If only it were funny. Continue reading “WordPress REST-API nonce-sense.”

BREAKING NEWS – WordPress 4.8.3 with WPML (sitepress multilingual cms) 3.8.0 and up cause Page Not Found

[UPDATE] WPML has released a new version with a permanent fix, download version 3.8.4 from wpml.org.

BREAKING NEWS … Literally!

If you experience inexplicable 404s on your WordPress site after you updated to version 4.8.3, and you are using WPML (sitepress multilingual cms) version 3.8.0 or higher, you will need a fix. (Duh!)

The cause is WPML not properly using WPDB->prepare(); [UPDATE] is too late with adding/removing the filters on the query. The priority is now fixed from 10 to -1.

Continue reading “BREAKING NEWS – WordPress 4.8.3 with WPML (sitepress multilingual cms) 3.8.0 and up cause Page Not Found”

Out with the old, in with the new — Switching from built-in software to one awesome piece of engineering: Local (by Flywheel)

A multitude of recent developments have aided me to make a choice. Some of them are

  • Apple going for thinner, lighter instead of stronger performance, and
  • Microsoft integrating Bash into Windows 10 with WSL (Windows Subsystem for Linux)

While the new Macbook Pro is quite a feet of engineering, it is hardly Pro”. Surely intel graphics are enough for typing letters and calculating spreadsheets, it’s not Pro. A 16GB memory limit (which with the compression tech used is like 24GB for any other OS) is great for battery life, but it’s not “Pro”. The keyboard is ultra thin and has good tactile feedback, but the keys need a firm press, and travel almost nothing. Great for thinning the device, but again, not “Pro”. For the same amount of money you can buy a portable powerhouse like the Asus ROG G752vy (seen in my post about this). This one has other issues, but at least it has got awesome graphics (nVidia 980), max 64 GB RAM and a “normal” laptop keyboard.

(Yeah, I know, I KNOW, I don’t need ‘awesome graphics’ for web development, but I like to game also, and to be honest; my favorite IDE – phpStorm – DOES prefer a sturdy GPU. Don’t know why, but it runs so much better on a discrete GPU than it does on intel Graphics)

Reasons to stay with macOS are rapidly diminishing, and reasons to start using Windows again are gaining support. Since the Windows 10 Anniversary Update, Windows offers Bash and all goodness that comes with Ubuntu linux, right at your fingertips. Well, not ALL goodness, but most of it.

Continue reading “Out with the old, in with the new — Switching from built-in software to one awesome piece of engineering: Local (by Flywheel)”

Development WebServer on OSX Lion – HomeBrew/MariaDB/PECL

Apache2 is already installed on any Mac and most setups (like MAMP or MacPorts) just ignore the built in Apache and install their own version. Shame. You wouldn’t ignore your own car just and get another one to pull a trailer while your own car can do the job perfectly.

Continue reading “Development WebServer on OSX Lion – HomeBrew/MariaDB/PECL”

How to activate FTP server on OSX

So, you’re running a development server on your OSX machine, ey?

No, how do you easily update your WordPress setup? Or install WordPress Plugins? You need FTP connectivity…

First you would check the ‘Sharing’ section in ‘System Preferences’ only to find FTP is not there. So you might think, OSX does not have an FTP server?

Continue reading “How to activate FTP server on OSX”

Development WebServer on OSX Lion

So you found yourself in need of a development server (or maybe a regular production server) on your Mac… Well, good for you, because your mac can do it all. I found myself in need of it as well and wanted a stable Apache2/PHP5/MySQL installation with the PHP SVN PECL module installed. (because I want to fool around with our SVN server :) )

I can tell you 4 ways of getting a real, life ‘n kickin’, web server on OSX. Continue reading “Development WebServer on OSX Lion”

Confidental Infomation
stop spam mail