Blog

Findings on XML External Entity Behavior in PHP

Published: July 3, 2017

Tags:

Recently, I’ve been experimenting with XXE (XML External Entity) vulnerabilities in PHP.

I’ve found some inconsistent behavior and posts on the internet that don’t exactly line up with my experience. Here, I wanted to document what I’ve found…

An Intro To XSS For Magento Developers

Published: June 15, 2017

XSS is an abbreviation which stands for “Cross Site Scripting”. It is a classification of cyber-attack which is currently listed as #3 on the OWASP top 10. In this post, I’ll explain, in detail, what XSS is, and outline what you need to know about it, as a Magento developer

Scheduling tweets at specific times for twitter_ebooks bots

Published: June 2, 2017

Tags:

In the documentation for twitter_ebooks you’ll see the following code.

 def on_startup
  scheduler.every '24h' do
    # Tweet something every 24 hours
    # See https://github.com/jmettraux/rufus-scheduler
    # tweet("hi")
    # pictweet("hi", "cuteselfie.jpg")
  end
end

This will cause your ebooks_bot to tweet every 24 hours. However, what if you want your bot to Tweet at a specific schedule every day? We’ll take a look at how to set that up here…

What Magento's "Allow Symlinks" Setting Actually Does

Published: June 1, 2017

Tags:

As a follow up to Peter O’Callaghan’s excellent post about SUPEE-9767 and symlinks, I wanted to quickly take a look at what, exactly, the “Allow Symlinks” setting in Magento does. Here we’ll dive into the core Magento code to get an understanding of the functionality…

sort -h on a Mac

Published: May 30, 2017

Tags:

du -sh * | sort -hr is my favorite command for quickly looking at how much space directories are taking up on a machine. For example, in the root of a Magento 2 installation you’ll see the following…

$ du -sh * | sort -hr
317M	vendor
100M	pub
 35M	dev
 25M	var
 25M	lib
 19M	update
7.5M	setup
460K	composer.lock
428K	CHANGELOG.md
196K	app
 32K	LICENSE_EE.txt
 12K	phpserver
 12K	LICENSE_AFL.txt
 12K	LICENSE.txt
8.0K	nginx.conf.sample
8.0K	bin
4.0K	php.ini.sample
4.0K	package.json.sample
4.0K	index.php
4.0K	composer.json
4.0K	README_EE.md
4.0K	ISSUE_TEMPLATE.md
4.0K	Gruntfile.js.sample
4.0K	COPYING.txt
4.0K	CONTRIBUTING.md

However, if you run this command on a Mac here’s what you’ll get…

$ du -sh * | sort -hr
sort: invalid option -- h
Try `sort --help' for more information.

Consuming Multiple Archives Into A Single Model For A twitter_ebooks Bot

Published: May 25, 2017

Tags:

Recently, I launched my own ebooks bot.

If you read the twitter_ebooks README, you’ll see that you can use the command ebooks consume to generate a text model for the bot to work from based on a JSON archive of tweets, or a plain text file.

This is nice, but one question I had was, can I build my text model from multiple sources?