Category Archives: Web Dev

Protect files and folders from being deleted

Just to make sure we’re on the same page, I’m going to give these instructions from the beginning (also to help future visitors).  To get to the true heart of the permissions, you have to click though a bunch of steps.  My only guess is that this is to scare away the faint of heart, lol.

  1. Right-click the folder you want to protect (I’m using c:\users\chris\pictures) and choose Properties.
  2. On the Security tab, click Advanced.  The ‘Advanced Security Settings for Pictures’ dialog options.
  3. Click the Change Permissions… button.
  4. Click the Add… button, and type “everyone” (no quotes) into the box, then click OK.  A ‘Permission Entry’ dialog appears.
  5. Scroll to the bottom.  Place a checkmark in the ‘Deny’ column for “Delete”.  Do not add any other checkmarks.

  6. Turn on (checkmark) the option at the bottom called ‘Apply these permissions to objects and/or containers within this container only’, then click OK.  You should be back at a screen that looks something like this.

  7. Turn on (checkmark) the option at the bottom called ‘Replace all child object permissions with inheritable permissions from this object’, then click OK.
  8. Windows will set the deny permission on every file and subfolder under this folder, unless you have set up one to not inherit permissions from its parent (you probably haven’t done that).
Note: Deny permissions take precedence over allow permissions, so no one will be able to delete any file until/unless this permission item is removed.  This will block other apps from being able to delete either (for example, the Photo Gallery or Media Center).

Targeting IE10 & Edge Browsers with CSS

@media screen and (-ms-high-contrast: active), (-ms-high-contrast: none) {
/* IE10+ specific styles go here */
}

Magento CE 2.0.0 – Step 1: Readiness Check

PHP Settings Check
Your PHP Version is 5.6.15, but always_populate_raw_post_data = 0. $HTTP_RAW_POST_DATA is deprecated from PHP 5.6 onwards and will be removed in PHP 7.0. This will stop the installer from running. Please open your php.ini file and set always_populate_raw_post_data to -1. If you need more help please call your hosting provider.

There are two solutions to this error:

  1. In php.ini,  add always_populate_raw_post_data = -1
  2. or in .htaccess, add php_value always_populate_raw_post_data -1 under <IfModule mod_php5.c>

Upgrade Magento Community Edition ver. 1.7.0.2 to ver 1.9.1.0

  • Take a backup of current database and current 1.7 code. place maintenance.flag file inside 1.7 code folder to put website offline.
  • Download latest magento from the http://www.magentocommerce.com/download
  • Remove all folders and files from your 1.7 code except maintenance.flag (but you should have backup somewhere) and place all folders and files from the 1.9.
  • Now from your 1.7 merge your following custom folders into the 1.9
    • Community app/code/community
    • Local app/code/local
    • Media
    • your theme or package (app/design/frontend/default/<your theme> or app/design/frontend/<your package>)
    • custom folders from Skin (both for adminhtml and frontend).
    • copy your custom xml files from app/etc/modules/ to current app/etc/modules/
    • any custom admin theme folder from adminhtml/default/yourtheme.
    • copy your custom folders from adminhtml/default/default/ (1.7) to adminhtml/default/default/ (1.9).
    • custom js files if any from app/js/.
  • Now go to app/etc/local.xml.Edit database details their.put your database username and password and database name.
  • Remove maintenance.flag file and check the site in the browser. it is done.

C‌SRF v‌ulner‌abili‌ty in‌ allo‌ws ma‌licio‌us us‌ers t‌o mak‌e fak‌e pos‌ts. Affected URL: /wp-comments-post.php

Warning: Incorrectly following these instructions could cause damage to your site. Always back up your files and database before attempting a manual fix. If you are not comfortable editing code, we can automatically fix the vulnerability for you! Simply use the ”Automatic Fix” button on your dashboard.

CSRF vulnerability is possible to execute, because WordPress comment system does not check the source.

Please back up your website before making this change, as we cannot be responsible for problems that occur during this manual fix.

  1. Login to your WordPress FTP
  2. Go to WordPress root directory
  3. Backup the wp-comments-post.php file
  4. Edit the wp-comments-post.php file
  5. Find the line, that begins with “/** Sets up the WordPress Environment. */”
  6. Prepend that line with the next code:
    
    if ( ! isset( $_SERVER[ "HTTP_REFERER" ] ) )
    	die();
    
    $referrer_url = $_SERVER[ "HTTP_REFERER" ];
    $server_name = str_replace( "." , "\." , $_SERVER[ "HTTP_HOST" ] );	
    /*Escape the dots for following regexp search */
    $server_name = str_replace( '/' , '\/' , $server_name );	
    /*Escape the '/' for following regexp search */
    
    $referr_pattern = "/^((http(s)?):\/\/)?(www.)?$server_name/";
    
    if ( ! preg_match( $referr_pattern, $referrer_url ) )
    	die();
    
  7. Save
  8. Done

How to exclude Alaska and Hawaii from US Free Shipping in Magento?

You will want to use the Table Based Shipping module for this. Go into System > Configuration and change Current Configuration Scope: to Main Website (the drop-down in the upper left corner). Then in the Shipping Methods screen, export the file. Then you edit that with all the states (minus Hawaii) with a minimum amount and then reupload the file and you are good to go.

“Country”,”Region/State”,”Zip/Postal Code”,”Order Subtotal (and above)”,”Shipping Price”

USA,AL,*,0.0000,0.0000

USA,AR,*,0.0000,0.0000

USA,AZ,*,0.0000,0.0000

USA,CA,*,0.0000,0.0000

USA,CO,*,0.0000,0.0000

USA,CT,*,0.0000,0.0000

USA,DE,*,0.0000,0.0000

USA,FL,*,0.0000,0.0000

USA,GA,*,0.0000,0.0000

USA,IA,*,0.0000,0.0000

USA,ID,*,0.0000,0.0000

USA,IL,*,0.0000,0.0000

USA,IN,*,0.0000,0.0000

USA,KS,*,0.0000,0.0000

USA,KY,*,0.0000,0.0000

USA,LA,*,0.0000,0.0000

USA,MA,*,0.0000,0.0000

USA,MD,*,0.0000,0.0000

USA,ME,*,0.0000,0.0000

USA,MI,*,0.0000,0.0000

USA,MN,*,0.0000,0.0000

USA,MO,*,0.0000,0.0000

USA,MS,*,0.0000,0.0000

USA,MT,*,0.0000,0.0000

USA,NC,*,0.0000,0.0000

USA,ND,*,0.0000,0.0000

USA,NE,*,0.0000,0.0000

USA,NH,*,0.0000,0.0000

USA,NJ,*,0.0000,0.0000

USA,NM,*,0.0000,0.0000

USA,NV,*,0.0000,0.0000

USA,NY,*,0.0000,0.0000

USA,OH,*,0.0000,0.0000

USA,OK,*,0.0000,0.0000

USA,OR,*,0.0000,0.0000

USA,PA,*,0.0000,0.0000

USA,RI,*,0.0000,0.0000

USA,SC,*,0.0000,0.0000

USA,SD,*,0.0000,0.0000

USA,TN,*,0.0000,0.0000

USA,TX,*,0.0000,0.0000

USA,UT,*,0.0000,0.0000

USA,VA,*,0.0000,0.0000

USA,VT,*,0.0000,0.0000

USA,WA,*,0.0000,0.0000

USA,WI,*,0.0000,0.0000

USA,WV,*,0.0000,0.0000

USA,WY,*,0.0000,0.0000

You may follow these simple instructions: http://www.magentocommerce.com/knowledge-base/entry/how-do-i-set-up-table-rate-shipping

Disable update checking of WordPress

When you designing a website for client with WordPress, you may not want your client click the “Upgrade” button for any reasons (mostly, by curiosity). We all know that it may cause unusable of customized theme. Here’s how to disable it. Open functions.php of your theme and add following lines.

add_filter('pre_site_transient_update_core', create_function('$a', "return null;"));

Including latest jQuery Library to your WordPress Site

First off, the basic code. This would go into your header.php. I put it directly above the

<?php wp_head(); ?>

call. If you don’t have that in your theme, you have bigger issues, as it is vital. Check out the info on that. The code looks like this:

<?php
wp_deregister_script('jquery');
wp_register_script('jquery', 'http://code.jquery.com/jquery-1.8.2.min.js');
wp_enqueue_script('jquery');
?>

That’s it really. That’ll deregister WordPress’ jquery and start using Google’s.

Use Module Title as link in Joomla 2.5

  1. Open your module .xml file example – modules/mod_articles_news/mod_articles_news.xml
  2. Add the following line between the first set of <fieldset name=”basic”></fieldset> tags
    <field name="title_link" type="text" default="" label="Title link" description="" />
  3. Save your XML file.
  4.  Now go to templates/system/html/modules.php open it & find the xhtml function or find this line “xhtml (divs and font headder tags)” here you can find this functionfunction modChrome_xhtml($module, &$params, &$attribs)
    {
    if (!empty ($module->content)) : ?>
    <div class="moduletable<?php echo htmlspecialchars($params->get('moduleclass_sfx')); ?>">
    <?php if ($module->showtitle != 0) : ?>
    <h3><?php echo $module->title; ?></h3>
    <?php endif; ?>
    <?php echo $module->content; ?>
    </div>
    <?php endif;
    }
    & replace with
    function modChrome_xhtml($module, &$params, &$attribs)
    {
    if (!empty ($module->content)) : ?>
    <div class="moduletable<?php echo htmlspecialchars($params->get('moduleclass_sfx')); ?>">
    <?php if ($module->showtitle != 0) : ?>
    <?php $title_link = $params->get('title_link'); ?>
    <h3><?php if($title_link) { ?> <a href="<?php echo $params->get('title_link'); ?>"> <?php } ?><?php echo $module->title; ?><?php if($title_link) { ?></a><?php } ?></h3>
    <?php endif; ?>
    <?php echo $module->content; ?>
    </div>
    <?php endif;
    }
  5.  Now you have link area in your module basic parameter add your link 🙂

Conclusion – It’s very simple hack or trick in joomla I hope in joomla! 3.0 joomla add this feature by default.

How To Increase The Maximum Upload File Size On phpMyAdmin On CentOS

In your php.ini find this line and change to what you want.

upload_max_filesize = 2M --> upload_max_filesize = 8M

You find your php.ini here: /etc/php.ini

You must restart Apache after changing.