security

Secure laravel core files controllers from direct access

8 Oct 2015

3.29K

No Comments

If hacker needs to get your absolute path they easily can go to any core file by direct access like showed in below, DIRECT ACCESS ANY CORE FILE OF LARAVEL domain.com/app/controllers/HomeController.php laravel-APP-Path/tests/TestCase.php Fatal Error: Class ‘Illuminate\Foundation\Testing\Testcase’ not found in laravel-APP-Path/tests/TestCase.php on line 3 DIRECT ACCESS LARAVEL HOME CONTROLLER domainname.com/laravel-APP-Path/controllers/HomeController.php Fatal Error:

Post in

File extension validation on upload will harmful for server

3 Nov 2014

0.64K

No Comments

File extension validation on upload will harmful for server

Please do not validate file extension on uploading file from user [php] $_FILE[‘file_name’]; $ext = pathinfo($_FILE[‘file_name’],PATHINFO_EXTENSION); $allow_ext=array(‘jpg’,’jpeg’,’png’,’gif’); if(in_array($ext,$allow_ext)){ //DO UPLOAD CODE } [/php] Hackers are created a fake jpg image with no preview and they add code encode on base64 or gzinflate on picture source when you will open that

Post in

PHP

WordPress theme development tricks

3 May 2014

0.6K

No Comments

WordPress theme development tricks don’t forget them. CALL WP_HEAD FUNCTION IN YOUR THEME’S HEADER.PHP FILE Call wp_head() function in your theme header.php file because many plugins even theme developer add javascript, css files through functions.php file with many some functions like wp_eneque_script() wp_eneque_style(), and many seo plugins like WordPress SEO, All

Post in

WordPress-WP

Protect your wordpress wpadmin panel

2 Apr 2014

0.9K

No Comments

users can easily access or hacker’s programmed bots will send login request to your yoursite.com/wp-login page, but #wordpress have a good security with admin login panel, I have a wrote little code using #wordpress #hooks to prevent from other all users from your site wordpress wp admin login page. Prevent

Post in