With a little side of applesauce...

Thursday, February 17, 2011

ContentDM - DMLANG vulnerability

Just a heads-up, everyone who has a DMLANG vulnerable ContentDM installation will need to clear the 'planted' files from their docroot after patching the files. The easiest way to do this on GNU/Linux is to:
cd /path/to/your/Content/docs
$ for f in
$(grep -rlE 'na_pass|UpdateFilds' *); do sudo rm $f ; done


1. na_pass -> finds the published file which, in turn, creates the proxy files
2. UpdateFilds -> finds the proxy files, which are php files with an
UpdateFilds() function in them.

It is recursive, plus it matches both types of files that we are aware
of. You should cd to your docs dir to run it, but otherwise, it is
pretty straight-forward.

Do a Google search for 'site:mycontentdm.domain.edu viagra' to see if you are still proxying requests.

Monday, February 7, 2011

My First HTML 5 code

Nice! Instead of a javascript-y way of showing hints in a text box, use the 'placeholder' attribute:
<input name="phone_evening" type="text" placeholder="123-123-1234" id="phone_evening" tabindex="13" size="15" />


UPDATE:

Use the cool ezpz-hint jQuery plug-in for browsers which don't support HTML 5 yet.

<script type="text/javascript"
src="https://my.server.edu/forms/js/jquery.ezpz_hint.min.js"></script>
<script type="text/javascript" charset="utf-8">
$(document).ready(function(){
$("input#phone_day").ezpz_hint();
$("input#phone_evening").ezpz_hint();
});
</script>


Then add this style to make the hint light-gray:
.ezpz-hint { color: #AAAAAA; } 


All of this, thanks to Joey Nelson!