php

There are two bugs in Text_CAPTCHA_Numeral Pear Module. Here is the patch. diff -Nuar Text\_CAPTCHA\_Numeral-1.3.0.ok/php-pear-Text-CAPTCHA-Numeral.xml Text\_CAPTCHA\_Numeral-1.3.0/php-pear-Text-CAPTCHA-Numeral.xml --- Text\_CAPTCHA\_Numeral-1.3.0.ok/php-pear-Text-CAPTCHA-Numeral.xml 2010-10-24 04:16:40.000000000 +0200 +++ Text\_CAPTCHA\_Numeral-1.3.0/php-pear-Text-CAPTCHA-Numeral.xml 2010-11-18 23:15:05.000000000 +0100 @@ -43,7 +43,7 @@ - + diff -Nuar Text\_CAPTCHA\_Numeral-1.3.0.ok/Text/CAPTCHA/Numeral.php Text\_CAPTCHA\_Numeral-1.3.0/Text/CAPTCHA/Numeral.php --- Text\_CAPTCHA\_Numeral-1.3.0.ok/Text/CAPTCHA/Numeral.php 2010-10-24 04:16:39.000000000 +0200 +++ Text\_CAPTCHA\_Numeral-1.3.0/Text/CAPTCHA/Numeral.php 2010-11-18 23:13:58.000000000 +0100 @@ -355,7 +355,7 @@ \*/ private function setOperation($type = null) { - if (!stristr($type, 'F')) { + if (stristr($type, 'F')) { $this->operation = $this->getFirstNumber() . [Read More]

Here we go with a small patch to implement DNSBL for Horde. I have again used PEAR package, this time it is the Net_DNSBL, and as usually CentOS package is in my repos - http://fs12.vsb.cz/hrb33/el5/hrb/stable/i386/repoview/php-pear-Net-DNSBL.html. The first patch is the important one. We let the attacker to log in, just to make sure he/she owns valid stolen credentials. \--- imp/lib/Auth/imp.php.orig 2011-01-05 10:21:05.224155622 +0100 +++ imp/lib/Auth/imp.php 2011-01-05 10:39:24.699438519 +0100 @@ -146,6 +146,36 @@ return false; } + # DNSBL START + ini\_set('include\_path', ini\_get('include\_path'). [Read More]

Here is small patch to implement captcha on Horde login page. We have implemeteded Text_CAPTCHA_Numeral. Package for Centos is here: http://fs12.vsb.cz/hrb33/el5/hrb/stable/i386/repoview/php-pear-Text-CAPTCHA-Numeral.html. Here is the patch. \--- horde-webmail-1.2.8.orig/imp/login.php 2010-10-25 17:10:05.000000000 +0200 +++ horde-webmail-1.2.8/imp/login.php 2010-11-30 17:36:27.571023703 +0100 @@ -398,6 +398,7 @@ $t->set('user\_vinfo', Horde::callHook('\_imp\_hook\_vinfo', array('vdomain'), 'imp')); } $t->set('password\_tabindex', ++$tabindex); +$t->set('captch\_tabindex', ++$tabindex); $t->set('change\_smtphost', (!empty($conf\['server'\]\['change\_smtphost'\]))); if ($t->get('change\_smtphost')) { @@ -446,7 +447,16 @@ 'var imp\_auth = ' . intval($imp\_auth), 'var nomenu = ' . intval(empty($conf\['menu'\]\['always'\])), )); -echo $t->fetch(IMP\_TEMPLATES . [Read More]

chown apache: /etc/squirrelmail/* chown apache: -R /var/lib/squirrelmail/ chown apache: -R /usr/share/squirrelmail chown apache: -R /var/spool/squirrelmail/attach/ cd /usr/share/squirrelmail/plugins/ wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fcompatibility-2.0.15-1.0.tar.gz tar xvzf compatibility-2.0.15-1.0.tar.gz cd /usr/share/squirrelmail/plugins/compatibility patch -p0 < patches/compatibility_patch-1.4.8.diff chown apache: -R /usr/share/squirrelmail cd /usr/share/squirrelmail/plugins/ wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fmsg_flags-1.4.20-1.4.3.tar.gz tar xvzf msg_flags-1.4.20-1.4.3.tar.gz cd /usr/share/squirrelmail/plugins/msg_flags patch -p0 < patches/msg_flags-squirrelmail-1.4.3a.diff chown apache: -R /usr/share/squirrelmail #safemode php_admin_value safe_mode_include_dir /usr/share/pear/ php_admin_value safe_mode_exec_dir /usr/share/squirrelmail php_admin_value open_basedir "/usr/share/pear/:/usr/share/squirrelmail/:/var/lib/squirrelmail/prefs/:/etc/squirrelmail/:/var/spool/squirrelmail/attach/" --- class/deliver/Deliver.class.php.orig 2010-01-30 23:22:20.000000000 +0100 +++ class/deliver/Deliver.class.php 2010-01-30 23:22:39.000000000 +0100 @@ -430,7 +430,7 @@ if (isset($encode_header_key) && trim($encode_header_key)! [Read More]

As we are very extensively using techniques to speed up web applications we build or host, I’d like to share some benchmarks. One of our clients is running site on our machines which is using SOAP/WSDL to get data. The application is extremely slow, result are very poor. Apache is able to server this webapp within cca 23 pages per second, which is bad. Here are the ab results: [root@webmel4 ~]# ab -n 400 -c 5 http://beta. [Read More]