#php
Infosec: Seeking advice regarding CVSS scoring.
One of the hardest tasks in my dayjob (at WPScan.com) is to assign CVSS scores. Particularly the Availability impact metric is a source of internal arguments. Personally I think the CVSS v3.1 Users Guide is quite clear on the subject, but we still end up arguing how this should be understood in the context of WordPress plugins.
Typically the argument is that if a vulnerability lets an attacker upload arbitrary files or execute arbitrary code, that amounts to a high impact on availability. The way I read the CVSS docs, this would only affect the Confidentiality and Integrity impact metrics, leaving Availability at None or at most Low.
Does anybody have any advice or insights into how we should understand and score this metric?
Comment installer plusieurs version de PHP avec Homebrew ?
https://zonetuto.fr/php/comment-installer-plusieurs-ancienne-version-php-sur-macos-homebrew/
#php
I've written about a vulnerability I've been researching at work. Forking your dependencies without really knowing what you do may cause unintended consequences. If your project happens to be a WordPress plugin, you may risk that it appears on our blog. Don't appear on our blog!
https://jetpack.com/blog/vulnerabilities-found-in-the-3dprint-premium-plugin/
#Debian #Bullseye wants to install #php 8.2. I do not want this, since #Nextcloud will complain.
root@a:~# apt upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following package was automatically installed and is no longer required:
php8.1-intl
Use 'apt autoremove' to remove it.
The following NEW packages will be installed:
libapache2-mod-php8.2 php8.2 php8.2-bcmath php8.2-cli php8.2-common php8.2-intl php8.2-ldap php8.2-mysql
php8.2-opcache php8.2-readline php8.2-xml
The following packages will be upgraded:
php php-bcmath php-common php-intl php-ldap php-mysql php-xml
7 upgraded, 11 newly installed, 0 to remove and 0 not upgraded.
Need to get 4855 kB of archives.
After this operation, 22.8 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.
root@a:~#
How can I tell apt to ignore php8.2?
Hello @Friendica Support how compatible is #Friendica with #PHP 8.2?
It was released today, so soon I will be jumping from 8.1 to 8.2.
♲ Hypolite Petovan - 2022-11-16 16:46:53 GMT
#Friendica needs new contributors!
I'm not used to do this, but with the large influx of new users and node admins recently coming from #Twitter, our small team is now behind the curve for handling support requests, bug reports and bring about much-needed features.
The project is built on a #PHP / #MySQL platform, but we also need people to be able to assist others just using the software to give developers some space.
If you're willing and able to help, please follow @Friendica Support and the project on Github: https://github.com/friendica/friendica
Thank you!
#Friendica needs new contributors!
I'm not used to do this, but with the large influx of new users and node admins recently coming from #Twitter, our small team is now behind the curve for handling support requests, bug reports and bring about much-needed features.
The project is built on a #PHP/#MySQL platform, but we also need people to be able to assist others just using the software to give developers some space.
If you're willing and able to help, please follow @Friendica Support and the project on Github: https://github.com/friendica/friendica
Thank you! #Friendica
Spotted in the wild, binary operations on strings in #PHP apparently are faster than native string functions. 🤷♂️
// PHP_OS & "\xDF\xDF\xDF" == strtoupper(substr(PHP_OS, 0, 3)), but a lot faster
Découverte du composant workflow de Symfony
https://rherault.fr/blog/decouverte-du-composant-workflow-de-symfony
#dev #web #php
Laravel - Bootstrap : Afficher les erreurs de validation d’un formulaire
Un tutoriel pour afficher les messages d’erreur de validation avec
Laravel, sur un formulaire stylisé avec Bootstrap 5
https://www.akilischool.com/cours/laravel-bootstrap-afficher-les-erreurs-de-validation-dun-formulaire
#dev #web #php
web cms - wordpress still dominating - second comes no cms
https://w3techs.com/technologies/overview/content_management/
What is interesting, that 33% of all website creators, decide to not use any CMS at all (static HTML/manually editing it).
there is even a trend of creating cms inside wordperss, “cms inside the cms” so to speak, with plugins such as Enfold, elementor.com and wpastra.com
#linux #gnu #gnulinux #opensource #administration #sysops #web #html #php #css #javascript #cms #wordpress #wix #joomla #drupal #typo3
Originally posted at: https://dwaves.de/2022/07/12/web-cms-wordpress-still-dominating-second-comes-no-cms/
Was going to start working on https://gitlab.com/diasporg/poduptime again, any #php folks want to play?
Because I could
I keep thinking about a couple #Twitter threads criticizing #Mastodon (the #Fediverse, really) for being inherently different than closed commercial platforms using far-fetched hypotheticals and extraordinary occurrences; while I do not want to make a useless point-by-point response, instead I'll tell you what I like about federated social media and #Friendica in particular.
After #Facebook froze my account for using a pseudonym (a spottily enforced rule), I started hosting my own #Diaspora pod because I could.
I didn't know anyone so I initially made contacts with other podmins and progressively extended my circle through shared posts. This is how I learned about #Friendica, a platform that was compatible with both #Diaspora and #OStatus (#GNUSocial, #StatusNet ) because it could.
Written in #PHP, liked both the multi-protocol approach and that I could contribute code to it. So I started hosting my #Friendica node and I kept following the same Diaspora accounts, because I could.
When #Mastodon was first released based on OStatus, I started following several accounts on there because I could. When #ActivityPub was released and supported by Mastodon, we followed suite a few months later, because we could.
With popularity came the right-wing trolls and free speech extremists who organized their own federated instances, but they never bothered me much as I blocked their entire instance domains because I could.
None of these are currently possible with commercial platforms. Not all people will end up hosting their own node and it's fine, but the breadth of possibility is what makes federated social network attractive.
Bwahaha. I just tried to install the Rainloop webmail client. For the 4th or 5th time. And again it failed.
First I had to go in search of an .htaccess file that actually protects it. Then I had to create an application.ini file with hard-coded admin credentials, which didn't work after that.
I'm totally giving up on that thing; it's impossible to get it going.
Does anyone know of a nice PHP webmail client for home use, next to Squirrelmail or RoundcubeMail, that is actually setuppable?
