There is an important Debian update for PHP today to fix a number of vulnerabilities such as regression and buffer overflows. The crypt_blowfish function also had a bug that did not properly handle 8-bit characters, which could lead to passwords being cracked easier. This is one of the larger security fixes for PHP in the past year, so you should update your PHP package immediately.

Package        : php5

Vulnerability  : several

Problem type   : remote

Debian-specific: no

CVE ID         : CVE-2011-1938 CVE-2011-2483 CVE-2011-4566 CVE-2011-4885

CVE-2012-0057

 

A regression was found in the fix for PHP’s XSLT transformations (CVE-2012-0057). Updated packages are now available to address this regression. …

I’ve looked at a number of cURL PHP tutorials on the web and noticed “curl_setopt($RESTsession, CURLOPT_SSL_VERIFYPEER, false);” is often used for accessing secure websites via cURL. This is often seen when people ask “I cannot connect to HTTPS site using cURL” or have the “SSL certificate problem, verify that the CA cert is OK” error with cURL.

Ideally, you should set the SSL_VERIFYPEER value to true unless the server you are connecting to does not have a signed certificate. If you are sending confidential data, wouldn’t you want to make sure you are connecting to the correct server?

This guide will help you get the CA certificate from the remote server using Mozilla Firefox 6 and then use PHP with cURL to retrieve the information from the remote https server.

After about a month of using NetBeans (www.netbeans.org), I’m making it my main code editor/IDE. I’m writing code on both Mac OSX and Windows, so its nice to have one editor to use for both. The built-in CVS, Subversion, Mercurial, and file transfer tools is really good. The built-in syntax validation works decently as it will catch any missing semi-colons and brackets. Code completion works good with all the PHP functions listed and it will pull all matching functions in your namespace. Performance is a bit slower since its running on Java, but it should run ok on newer computers. Its also free, which is probably the #1 selling point.

Here’s a quick guide to enabling the CAPTCHA plugin in Squirrelmail. Its generally a good idea for adding a way to limit the automation of login attempts.

I ran across this error today after noticing a file_get_contents was not working. This was on a page that had been working fine for about a year.
“php_network_getaddresses: getaddrinfo failed: Name or service not known”

This issue is typically caused by the Apache/PHP host unable to contact the DNS server.

The first thing to check is to see if you can ping the remote host using console.

• If no, then your primary name server on /etc/resolv.conf (Debian) is not working. Find a working DNS and restart Apache.
• If yes, then Apache is still connecting to the broken DNS server. You should try restarting Apache …
  

Interested in installing nginx on a Fedora system? The configuration with nginx is more complicated than Apache since it requires the setup of the nginx server and a separate daemon for running PHP. I prefer creating the daemon from scratch rather than going with the fpm route in Fedora 14 since there isn’t official support for it. I’d certainly install the fpm package once its available in Fedora.

Why switch to nginx?

If you have a site with heavy CPU and memory load in Apache, then nginx is a great choice. I recently made the switch to nginx and have noticed a reduction in CPU and memory usage. Nginx loads static content very fast and efficiently.

Here’s a graph of my nginx server load test. Courtesy of LoadImpact‘s free load testing service.

The user load time on my server is minimally impacted with 50 clients viewing the site simultaneously.

Looking for some good plugins for your WordPress blog? Here’s a list of the top 5 essential WordPress plugins that I’ve found. These 5 plugins will help with reducing spam on your blog, improving security, adding mobile device support, blog statistics, and improving search engine visibility with your site.

1. Akismet. This is the first line of defense for spam on your blog. Its available in the base install of WordPress. All you need to do is to sign-up for the Akismet API key (free) and enter it into your WordPress configuration. It also helps the community when you tag a comment as spam.
2. Login lockdown. This prevents your blog from getting hit by sites trying to run dictionary or brute force attacks on your WordPress logins. You can configure the maximum login retries, retry time in minutes, and lockout length. Highly recommended.

Importing large RSS files in WordPress has its share of bugs and problems. A major cause is due to the latest configuration changes with PHP 5.2. Regular expressions are now capped at 100KB in PHP. WordPress uses the PHP function preg_match_all() to parse out the RSS entries.

If you import a post greater than 100KB, the import function to fail completely.

If you don’t have access to change the PHP server settings, simply edit the RSS file and remove the large RSS posts from the file.

If you have access to a server:
To import large RSS posts into WordPress, you will need to change the php.ini configuration on your …

The best way to parse out the port number from a URL (e.g. http://example.com:8080) is to use regular expressions. The PHP function parse_url() will not return port numbers that are specified in the URL. However, I’ve found parse_url() to be useful for retrieving the host name from a long string.

By default, SELinux will block the ability for Apache/webapps to write to files in Fedora. This is a security feature to limit what folders Apache can write to. You can notice this issue if you get errors in your Apache logs such as:

PHP Warning:  move_uploaded_file(): Unable to move ‘/tmp/…’ to ‘…….’

Command to set permissions:

chcon -R -t httpd_sys_rw_content_t [Name of Folder]

You can check the SELinux permissions via the following command:
ls -halZ