Category Archives: PHP

Javo Themes Spot LFI Vulnerability

Whew, it’s been a while…

I’ve had the misfortune to work with yet another theme from ThemeForest. A $60 premium theme and nothing less! Meet Javo Spot by Javo Themes…

Javo Theme Vulnerability

Within half an hour of fiddling with it, trying to filter the output of their Listings Directory (which ended up being a 5-hour pain-in-the-butt task, which is a story for another day), I came across a glaring unauthenticated Local File Inclusion vulnerability (an LFI for short).

Continue reading



Advertisement Proposal Scam

So a couple of nights ago I got a weird e-mail from “Diana” at dianabem501@gmail.com. It said:

I have visit your blog https://codeseekah.com/
I can pay you $200 per month. Contact me for more info.

Intrigued, decided to respond and see where this scam went. I replied “What for?”…

Continue reading



Profiling PHP Code in WordPress

I was honored to give a talk at the second WordCamp Russia event. Like last year, I decided to speak about a general development topic and how it can be applied to WordPress. This time my talk was on profiling.

Here’s a video. English subtitles are available by selecting “Subtitles” in the player.

And here’s wptop on GitHub, an XHProf-based WordPress plugin that gives you an overview of your WordPress website performance. Feel free to give it a spin and let me know what you think.



Multiple Development Environments on One Domain

While it’s true that distributed development should be managed by source control, with each participating party pushing or issuing pull requests from within their own environments, this is sometimes not possible.

Participants might not be able to setup their own development environments in light of many possible reasons and limitations. So remote development environments are usually setup for such participants so that they can work on their own forks of a project without interfering with others’ work. S/FTP/S is usually used, due to their inability to use version control remotely.

Here’s an interesting strategy that came to mind that allows participants to have their own environments on one single domain, single server, with the ability to switch between them without having to edit their hosts files or any other magic.

Continue reading



PrestaShop Variable Shipping Carrier

PrestaShop Variable Shipping

Sometimes complex shipping and handling rules make it impossible for customers to place orders in PrestaShop. Lack of instant shipping quotes, huge quantities and large weights, limited shipping addresses, etc. And while PrestaShop administrators are able to create orders manually via the back-end, these manual orders are still subject to the same shipping carrier rules.

Continue reading



File Upload Progress in PHP 5.4

With the release of PHP 5.4 the file upload progress feature becomes available. Yes, “available” as in “you can use it in your project now”.

PHP 5.4 File Upload Progress

This is a quick start guide with the least amount of code required, using jQuery’s compact AJAX requests and iframes.

Continue reading



PHP 5.4 – A Week In

It’s been a week since I switched over to PHP 5.4 and here’s what I can say, even though I haven’t had much time to use the new features I was looking forward to.

PHP 5.4

First of all, you won’t find PHP in your distribution repositories, it’s too early. Grab the source and compile.

Continue reading



What To Expect In PHP 5.4

What To Expect In PHP 5.4

With Release Candidate 7 available for download PHP is moving moving towards the final release of the much-anticipated (almost 3 years since PHP 5.3) 5.4 version. Here are a some things you’ll be able to enjoy or rant about.

Continue reading



How To Setup Multiple IPN Receivers in PayPal

Instant Payment Notifications (IPN) allow your applications to receive notifications from PayPal on payments made. This means that your application can fulfill an order automatically upon receiving such a notification. However, when you get your second application up with its own IPN you suddenly find out that PayPal lets you set only one Notification URL.

Of course there’s the whole notify_url charade and counterparts for all of PayPal’s APIs, but, unfortunately, there are cases when you simply can’t get to set those:

  • Plugins that are hard-coded, where you can’t alter their core and they just force you to set the URL, so you end up locked in; this may be true for all sorts of applications in all sorts of languages (especially true for compiled ones)
  • Third-party billing services like e-Junkie, Kajabi, 1shoppingcart and many others, they just lock you in, and tell you to set the IPN in PayPal
  • Subscriptions and Recurring Payments; yep, PayPal does not allow you to bind a specific IPN for subscriptions at all (let me know if I’m incorrect, but I’ve spent days looking at the manuals)
  • Multiplexing one IPN to two or more sources, for synchronization, custom alerts etc.

For everything else, modify your forms and API calls to include the notify_url attribute.

Multiple Notification URLs in PayPal

The easiest and most straightforward solution would be to get multiple PayPal accounts, right? Right, BUT:

No Multiple Accounts. Should you register for more than one Personal Account, PayPal reserves the right to terminate all of your accounts and will restrict you from the system going forward. Users may register and hold one Personal Account and either one Premier or one Business Account.

…from PayPal’s Terms and Conditions

So unless you have a separate legal business entity (company) for each Business Account), you’re out of luck. However, there a simple and sweet way to overcome this single IPN URL business – receive IPN and broadcast it.

Continue reading