Categories
Code PHP

What is a Dependency Injector

Sounds like a simple question right? I have had this question a number of times, and I had to question my self. What is the actually definition of this term? I know I use this design pattern, but how do I put it in words? Turns out it is actually pretty simple.

A great quote I found is:

“Dependency Injection is where components are given their dependencies through their constructors, methods, or directly into fields.”

http://www.picocontainer.org/injection.html

What does that mean? take for example is a user class needs to use the session class. Instead of creating a new instance of the session with in the user, it is created outside of the user class and then pass in via the constructor (or a method or directly into fields)

I found this site did a good job of explaining it with examples

http://fabien.potencier.org/what-is-dependency-injection.html

Categories
Code composer

Composer update vs install

During an interview today I was presented with a relative simple question. What is the difference between composer update and composer install. Easy!… Well so I thought. I know when to use the 2 different options. But I didn’t know the reasons why. Maybe I read it once and forgot, maybe I didn’t. So here is a basic difference of the 2 and when to use them.

Composer install works in 2 ways.

  1. if it is the first time that it has been run, it will fetch the most recent copies of your dependency based on what you have specified in your composer.json.
  2. The second way it can be used is if you have an existing composer.lock file. It will download the dependencies as stated in the lock file. The reason you would do this is when deploying to production. This way it will install the same version of a dependency as your local version. That is if the composer.lock file is added to the repository.

Composer update

This works in a much simpler way. It will go and fetch all the most recent updates for your dependencies. If you currently have version 1.2 and 1.3 has been release, it will go and get 1.3 (that is if your composer.json allows that). So it works much in the same way as composer install when there is no lock file.

Categories
Code PHP

Disabling WordPress XMLRPC.php

One of the sites that we manage was getting a large amount of traffic to xmlrpc.php reported by newrelic.com. It was causing the database connection to fall over and was bringing down the site. As we are not using this functionality on our site we can assume this traffic is suspicions.

“XML-RPC is a simple, portable way to make remote procedure calls over HTTP. It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages. Implementations are available for Unix, Windows and the Macintosh.”
http://tldp.org/HOWTO/XML-RPC-HOWTO/xmlrpc-howto-intro.html

A quick google search also brings back a lot of results of WordPress XML-RPC exploits, including New Brute Force Attacks Exploiting XMLRPC in WordPress.

Since wordpress 3.5 they have enabled xmlprc by default and don’t let you disable it via the admin anymore. As the site was down we wanted to get the site back up and running. The easiest way to do this was to blocked all traffic to xmlrpc.php via .htaccess with the following code:


<Files "xmlrpc.php">
Order Allow,Deny
deny from all
</Files>

A bit of a search turned up a way to also disable to module. By simply adding the following to your themes functions.php we are able to turn it off.


add_filter( 'xmlrpc_enabled', '__return_false' );

There is also a plugin for this https://wordpress.org/plugins/disable-xml-rpc/, though all it does is the above. So if you don’t want heaps of plugins just add the above code to your functions.php.

A quick restart of apache to kick all the users and traffic returned to normal.

So unless you are using XML-RPC I recommend disabling it.


EDIT.

It appears XML-RPC can also be used to perform DoS attacks on old versions of WordPress.
http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/

Categories
Code

Google AdWords Conversion Tracking with jQuery

So I had a need to fire off multiple Google AdWord Conversion codes on a single page, potentially multiple times, all without reloading the page. I was originally going to insert just the noscript code that comes with the tags, but ended up with this method of creating an iframe on the page and then firing off a request for a page to show the tracking code I want.

In this case I am using a PHP file which does a switch on the codes, but it could also be changed to accept .html files. This would mean that PHP or similar would not be required.

Categories
Uncategorized

Alternating row colours in objective-c (modulo)

Using the modulo function you can quickly and easily create an alternating row colour.

 

Categories
Code

Coldfusion CSV to Query Componet