Blog

Findings on XML External Entity Behavior in PHP

Published: July 3, 2017

Recently, I’ve been experimenting with XXE (XML External Entity) vulnerabilities in PHP.

I’ve found some inconsistent behavior and posts on the internet that don’t exactly line up with my experience. Here, I wanted to document what I’ve found…

An Intro To XSS For Magento Developers

Published: June 15, 2017

XSS is an abbreviation which stands for “Cross Site Scripting”. It is a classification of cyber-attack which is currently listed as #3 on the OWASP top 10. In this post, I’ll explain, in detail, what XSS is, and outline what you need to know about it, as a Magento developer

Scheduling tweets at specific times for twitter_ebooks bots

Published: June 2, 2017

In the documentation for twitter_ebooks you’ll see the following code.

 def on_startup
  scheduler.every '24h' do
    # Tweet something every 24 hours
    # See https://github.com/jmettraux/rufus-scheduler
    # tweet("hi")
    # pictweet("hi", "cuteselfie.jpg")
  end
end

This will cause your ebooks_bot to tweet every 24 hours. However, what if you want your bot to Tweet at a specific schedule every day? We’ll take a look at how to set that up here…

What Magento's "Allow Symlinks" Setting Actually Does

Published: June 1, 2017

As a follow up to Peter O’Callaghan’s excellent post about SUPEE-9767 and symlinks, I wanted to quickly take a look at what, exactly, the “Allow Symlinks” setting in Magento does. Here we’ll dive into the core Magento code to get an understanding of the functionality…

sort -h on a Mac

Published: May 30, 2017

du -sh * | sort -hr is my favorite command for quickly looking at how much space directories are taking up on a machine. For example, in the root of a Magento 2 installation you’ll see the following…

$ du -sh * | sort -hr
317M	vendor
100M	pub
 35M	dev
 25M	var
 25M	lib
 19M	update
7.5M	setup
460K	composer.lock
428K	CHANGELOG.md
196K	app
 32K	LICENSE_EE.txt
 12K	phpserver
 12K	LICENSE_AFL.txt
 12K	LICENSE.txt
8.0K	nginx.conf.sample
8.0K	bin
4.0K	php.ini.sample
4.0K	package.json.sample
4.0K	index.php
4.0K	composer.json
4.0K	README_EE.md
4.0K	ISSUE_TEMPLATE.md
4.0K	Gruntfile.js.sample
4.0K	COPYING.txt
4.0K	CONTRIBUTING.md

However, if you run this command on a Mac here’s what you’ll get…

$ du -sh * | sort -hr
sort: invalid option -- h
Try `sort --help' for more information.

Consuming Multiple Archives Into A Single Model For A twitter_ebooks Bot

Published: May 25, 2017

Recently, I launched my own ebooks bot.

If you read the twitter_ebooks README, you’ll see that you can use the command ebooks consume to generate a text model for the bot to work from based on a JSON archive of tweets, or a plain text file.

This is nice, but one question I had was, can I build my text model from multiple sources?