devuri

Secured PHP Contact Form

<?php
  if(isset($_POST['submit'])){
    $name = htmlspecialchars(stripslashes(trim($_POST['name'])));
    $subject = htmlspecialchars(stripslashes(trim($_POST['subject'])));
    $email = htmlspecialchars(stripslashes(trim($_POST['email'])));
    $message = htmlspecialchars(stripslashes(trim($_POST['message'])));
    if(!preg_match("/^[A-Za-z .'-]+$/", $name)){

devuri

<?php

// get latest german WordPress file
$ch = curl_init();
$source = "https://de.wordpress.org/latest-de_DE.zip"; // THE FILE URL
curl_setopt($ch, CURLOPT_URL, $source);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec ($ch);
curl_close ($ch);

devuri

# Apache Server Configs v2.14 | MIT License
# https://github.com/h5bp/server-configs-apache

# (!) Using `.htaccess` files slows down Apache, therefore, if you have
# access to the main server configuration file (which is usually called
# `httpd.conf`), you should add this logic there.
#
# https://httpd.apache.org/docs/current/howto/htaccess.html.

# ----------------------------------------------------------------------

devuri

## Set security headers per https://observatory.mozilla.org
Header set Strict-Transport-Security "max-age=15768000" env=HTTPS
Header set Content-Security-Policy "frame-ancestors 'self'"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"

## Add some rewrite rules per https://stackoverflow.com/a/13997498/266535
RewriteEngine On

devuri

#Header: X-Frame-Options for XSS Protection
add_header X-Frame-Options SAMEORIGIN;
#Header: X-Content-Type Options
add_header X-Content-Type-Options nosniff;
#Header: X-XSS Protection Header
add_header X-XSS-Protection "1; mode=block";
#Header: Strict-Transport-Security
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
#Header: Content-Security-Policy
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.api.twitter.com https://gist.github.com https://syndication.twitter.com https://platform.twitter.com https://js-agent.newrelic.com https://*.nr-data.net https://*.wp.com  https://*.gravatar.com https://*.wp.com https://pagead2.googlesyndication.com https://ssl.google-analytics.com https://connect.facebook.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com; img-src 'self' data: https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://dashb

devuri

Dr Ross Williams' collection of security related HTTP headers

• See https://www.owasp.org/index.php/List_of_useful_HTTP_headers
• See http://en.wikipedia.org/wiki/List_of_HTTP_header_fields
• See http://blog.veracode.com/2014/03/security-headers-on-the-top-1000000-websites-march-2014-report/
• See http://ibuildings.nl/blog/2013/03/4-http-security-headers-you-should-always-be-using

Reject all HTTP connections. Convert them to HTTPS or generate an error.

• See http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

devuri

Basic CRUD operations with PDO

CRUD = Create, Read, Update, Delete

Open a database connection

$host = '127.0.0.1';
$dbname = 'test';
$username = 'root';

devuri

<?php

use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;

class CreateCountriesTable extends Migration
{
    /**
     * Run the migrations.

devuri

<?php
/*
Plugin Name: Editors Add Users
Description: Allow editors to add user roles
Author: Christopher Davis
Author URI: http://www.christopherguitar.me
License: GPL2
*/

register_activation_hook( __FILE__, 'wpse42003_activation' );

devuri

<?php 
add_shortcode( 'give5stars', 'get_give_five_stars' );

function get_give_five_stars() {

    $plugin_slug = 'give';

    // Get any existing copy of our transient data
    if ( false === ( $cachedresults = get_transient( 'wp-plugin-repo-data-' . $plugin_slug ) ) ) {
        // It wasn't there, so regenerate the data and save the transient