When developing web applications that use APIs, it is usually necessary to have the development site accessible for API callback URLs. A good example would be when working with payment gateway systems, which typically post back success or failure of transactions. In this event it is convenient to use HTTP authorisation to prevent outside access (users, crawlers, etc.). The issue with this is that API systems don’t always work with the http://[user]@[password]:[url] method of manually passing through this authentication method.
I was working on a project which was randomly failing to load certain views outside the development environment. It turns out that the system was running out of memory. After searching some of the error messages output by the script, I stumbled upon the xhprof PHP module. It was originally created by Facebook, and released under an open source license.
I have been trying to disable the server signature for a while, but I found that turning off the ServerSignature directive didn’t work for all servers. The signature might read something like:
Apache/2.2.X (Ubuntu) mod_ssl/2.X.X OpenSSL/0.X.X
If your server exposes this information, it’s easier for an attacker to compromise a system based on flaws in a particular server software version (especially if your server software is allowed to become outdated, or your distribution is slow to release security updates). By default, it will display this on error pages in plain text, and also present it as a Server header on every request.
To disable completely, you should set the following directives in your Apache configuration:
ServerSignature Off ServerTokens Prod
via Nixtechnica
I came across a problem having developed a site with a PHP 5.3 environment, when moving the site to the live environment the server was running PHP 5.2. Whilst the server gets upgraded I looked into getting the code to work in some form in the meantime. The main issues are the functions lcfirst() and date_diff(). The former is a simple fix, a function which lower-cases the first letter of a string — I was surprised this was only introduced in 5.3!
I have been dealing with file uploads a lot recently, and I stumbled upon a few different methods for validating files which provide both basic file-type checking and file size checking before uploading.
The web app was already making use of jQuery with the excellent jQuery validation plugin; so I wrote a couple of extended validators.
I’m pretty new to working with the internals of WordPress. It seems very easy to settle for installing hundreds of plug-ins to achieve the simplest of tasks. Plug-ins are awkward for me, as they have the tendancy to not quite do what I want them to. I end up messing with them in some way which breaks updates.
Another snippet for the WordPress theme developers out there. I decided that the category widget didn’t display the post count in a very nice-looking way. So I found a nice support post that demonstrates the user of add_filter() to alter output of the category widget. Not the most ideal way to do things in my opinion, but it does the job.
add_filter('wp_list_categories', 'cat_count_span_inline'); function cat_count_span_inline($output) { $output = str_replace('</a> (','<span>',$output); $output = str_replace(')','</span></a>',$output); return $output; }
Via wordpress.org
The 4xx class of status code is intended for cases in which the client seems to have erred. Except when responding to a HEAD request, the server should include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition. These status codes are applicable to any request method. User agents should display any included entity to the user. These are typically the most common error codes encountered while online.
I find that the GUI tools in Ubuntu are buggy with some disks and drives that I use. The two lines that pretty much make “Brasero” redundant:
Record ISO to Disc
cdrecord -v dev=/dev/cdwriter isofile.iso
Blank a CDRW
sudo cdrecord blank=all -immed dev=/dev/cdrw
