Category: Web Building

Cleaning up and Preventing HTTP Injection Attacks

Posted on September 14, 2008 by ellen

I recently had the (undesired) opportunity to learn about HTTP and SQL injection attacks. It took a great deal of effort to diagnose and clean up, but hopefully what I learned from the experience may help you prevent these attacks on your own site or clean up after such an attack.

I first found out my site had been compromised because one of the subdomains started displaying “403” errors (permission denied) and one of the users notified me that the site could no longer be reached. At this time, the rest of the site seemed fine, so I had not noticed anything was wrong with it myself.

On examining the subdomain files, it turned out that the .htaccess file had some new directives written into it, which had the effect of blocking all access to the site. When I further examined the file, it appeared that the actual intent had been to redirect only the users that arrived at the site through a search engine, while allowing direct visitors to see the site as usual.

Getting the WYSIWYG module to work in Drupal 6

Posted on August 13, 2008 by ellen

I had a lot of trouble getting TinyMCE text editor to work consistently in Drupal 5.9, so when I installed Drupal 6 and was scanning through the available modules, I was very glad to see that the WYSIWYG editor module could function as a replacement.

Although the easy-to-use WYSIWYG editor is popular with our site’s users, sometimes I find it gets in the way, and want to turn it off.

Drupal multisite – symlinking, a key step

Posted on July 31, 2008 by ellen

Setting up a multisite system is very easy with Drupal and is well documented both in the settings.php file and in the multi-site section of the handbook on Drupal.org. However there is one step that is usually left out of the instructions or mentioned only in passing, and it requires SSH access. You must create a symlink from the folders your multi-sites will be accessed at to the actual folder that the Drupal core files reside in.

So if you will have several sites like:

http://yoursite.com/site1 (the core files are located here)
and you want a second and third site to be accessed at

http://yoursite.com/site2
and
http://yoursite.com/site3

then you must create symlinks from site2 and site3 that point to site1.

GooberGuide to Adobe Captivate

Posted on July 25, 2008 by ellen

I got a chance to take a look at a new Captivate eBook the other day, “GooberGuides – Captivate Tips & Tricks,” and I really wish I’d had this months ago. Captivate Tips and Tricks is a compendium of all the time-saving answers the other books never tell you. For example the tip on how to use wildcard text in text entry boxes would have been well worth the modest price of the ebook when I ran into that problem on a recent project.

The chapter on preventing project corruption is brief but extremely useful. If you’ve worked with Captivate for a while, you’ve probably corrupted a project. The tips in this chapter should be on the opening splash screen when you first launch Captivate.

dotProject Recipe: Add journal entries from the project view page

Posted on July 2, 2008 by ellen

NOTE (07-02-08): The modified Journal module has now been updated to work with v. 2.x of dotProject.

J. Christopher Pereira created a journal module which is quite handy: it lets you add notes to projects – any type of note, without creating a task.

The module is very useful, but a coworker requested that we modify it so you could add a journal note without ever leaving the project view page. Instead of a new window opening to enter the journal note, you simply enter the note into a text box that is always visible on the project view page.

You just enter text in the new text field, hit “save”…

dotProject error: “date() expects parameter 2 to be long”

Posted on June 30, 2008 by ellen

Ever since we installed version 2.x of dotProject, creating a new task now causes a non-fatal error: Warning: date() expects parameter 2 to be long, string given in /[…pathtodotproject…]/lib/PEAR/Date.php on line 179 Thanks to glynnsmith

Dotproject error: Call to a member function Execute() on a non-object in query.class.php

Posted on June 4, 2008 by ellen

Hostgator recently migrated all its customers to php5. So far I’ve found very few problems with this but I had an old dotproject version on one site, and began getting the error: Fatal error: Call

Using the JW player to run javascripts at specific time points in the video

Posted on June 1, 2008 by ellen

Note: this tutorial is still very much in draft form. Additional instructions for those not familiar with javascript and more examples will be added soon.

The Jeroen Wijering Media Player is a widely used free, open-source Flash-based media player, available for download from Jeroenwijering.com.

The JW player has an extensive Javascript API which allows it to communicate with events and elements on the page it is embedded in. Using this feature, the player can execute javascript functions on the page whenever the video reaches a specific time point.

Timing issues with IE6 and SWFObject

Posted on May 23, 2008 by ellen

iPresent is new software for Windows that creates synchronized powerpoint and video presentations. It outputs to a variety of formats, but I purchased it for its Flash output capabilities.

However, when I output a file using the latest version, I found that IE6 was giving an error whenever a Table of contents button or slide thumbnail was clicked on:

Dealing with comment spam on Gallery 2

Posted on May 18, 2008 by ellen

Finally! I found a query that effectively deletes the comment spam from the Gallery 2 database. These can be run through phpMyAdmin, but my next task is to turn this into a php script that can be run as a cron job.

To delete comments posted by an IP, or a few IPs, run this SQL statement:

delete ce, e, co from g2_ChildEntity ce, g2_Entity e, g2_Comment co where ce.g_id=e.g_id and e.g_id=co.g_id and e.g_entityType='GalleryComment' and (co.g_host='67.104.112.176' or co.g_host='209.31.123.128')

To delete comments based on the comment itself, run this SQL statement:

delete ce, e, co from g2_ChildEntity ce, g2_Entity e, g2_Comment co where ce.g_id=e.g_id and e.g_id=co.g_id and e.g_entityType='GalleryComment' and (co.g_comment like '%[url=http://%')