Apache Mod Security Remote File Injection Attempt jEditable

Another server migration and another error with one of my applications!

This took ages to figure out and needs to be remembered. With the latest version of mod security you can’t run any AJax calls that pass just a URL as a variable.

For example value=http://vimeo.com throws the following error with mod_security.

[shell]
[msg "Atomicorp.com UNSUPPORTED DELAYED Rules: URL detected as argument, possible Remote File Injection attempt detected"] [data "TX:1"] [severity "CRITICAL"]
[/shell]

Even if the URL is escaped it still throws this error which is very annoying. The only way I could fix it was by applying this patch to jEditable around line 335.

[code]
submitdata[settings.name] = input.val().replace(‘http’, ‘ http’);
[/code]

This basically adds white space to the first occurrence of http which means the AjAx URL that is now submitted looks like value=+http://vimeo.com etc. By just having the + lets me beat mod security. Then on your server end if you run a trim() function you won’t get any white space of death anyway.

Phew…

iOS Apps With Adobe Air Guide On Windows

Thanks to iOS 7 breaking my app I am having to revisit the death of making an app on windows. So I am going to blog the helpful stages properly this time round.

First up certificates of doom.

Right you need to install openssl and set up your environment variable path so you can run openssl anywhere in cmd. See here: http://www.computerhope.com/issues/ch000549.htm

Second make sure you are always running openssl as administrator. Right click run as… etc. Here is a helpful .reg edit that allows this easily: http://www.sevenforums.com/tutorials/47415-open-command-window-here-administrator.html

Next follow these steps to create your .p12 file so we can use it with Flash: http://marcosiebert.com/2011/06/ios-and-flex-4-5-getting-the-certificate-to-p12/

For APNS certs we need to create a private key with pass phrase see here: http://stackoverflow.com/questions/4294689/how-to-generate-a-key-with-passphrase-from-the-command-line

More useful openssl commands: http://www.sslshopper.com/article-most-common-openssl-commands.html

If all went well nice. Have a deep breath.

Now back in the day you had to overlay the latest Adobe Air SDK into Flash which was pretty intense and had loads of room for error. Now with CS6 you can do it via a UI. See here: http://www.yeahbutisitflash.com/?p=4141

Just before we go elsewhere you need to create all your icons and there are a lot of them. This really useful tool helps with that: http://www.gieson.com/Library/projects/utilities/icon_slayer/#.UhNhGz_3Ot4

Next we if we need to use some native extensions such as native dialog or push notifications we need to set up Flash CS6 like so: http://www.adobe.com/devnet/air/articles/using-ane-in-flash.html

Here is a very useful native extension pack: http://distriqt.com/native-extensions

Here is also a useful info on how to set minimum OS version: http://forums.adobe.com/thread/970959

Here is a useful list of what icons and launch images to include: http://help.adobe.com/en_US/air/build/WS901d38e593cd1bac1e63e3d129907d2886-8000.html

Here is also useful information on how to send push notification including certificate generation to work with PHP files: http://www.raywenderlich.com/32960/apple-push-notification-services-in-ios-6-tutorial-part-1

Fixing Blank HTML Emails in Random Clients (Hotmail)

Well this is an odd error that I better remember. It seems even from using the standard http://htmlemailboilerplate.com/ there is some offending code that causes random email clients to fail to render your HTML email at all, tested in Hotmail especially. I only found this out as we started getting complaints from users that our emails were blank… great!

Anyway I finally managed to track down that removing the following code fixed the issue.

[code]
<!– Targeting Windows Mobile –>
<!–[if IEMobile 7]>
<style type="text/css">

</style>
<![endif]–>

<!– ***********************************************
****************************************************
END MOBILE TARGETING
****************************************************
************************************************ –>

<!–[if gte mso 9]>
<style>
/* Target Outlook 2007 and 2010 */
</style>
<![endif]–>
[/code]

To be honest I wasn’t even using any of that code but just left it in for simplicity sake. It seems perhaps any HTML conditional statements causes some email clients to ‘freak’ out and render the email blank…. Remove them and all seemed to be good after.

Alps Trip 2013 Day 13

Woke up at 5:30am to get on the road to head to Les Arcs. Was very cold this early in the morning.

image

After about 7 hours we got to Les Arcs.

image

image

image

We then quickly checked in and managed to get a couple of runs in.

Once we got back to the hotel we went for a quick swim whilst Nigel was fixing his breaks.

image

Then we headed out for dinner and sipped a few pints of stella.

image

Alps Trip 2013 Day 14

Up early today to make the most of the last days riding.

image

Rode the top section until lunch.

image

image

After lunch we did the run down to the bottom. Went back up the top and did one more run then decided to call it a day. Nigel broke his pedal too so probabaly for the best. Rou and Mary stayed out and did a run right from the top to the bottom.

Came back and chilled then went for beers and dinner at about 7ish. Nigel played golf in the hotel and some French lady played the piano very well!

image

image

image

Watched the fireworks at 10pm as it was Bastian day, was a nice end to a trip! Me and Nigel then went back to the hotel and listened to the continued celebration music outside. Was quite pleasant.

image

Alps Trip 2013 Day 15

Driving home today, had breakfast at 8:30 then packed up and loaded the van. Set off at about 11am and stopped in Bourg to grab some lunch at the Super U. Had some fun and games there as the till lady refused to give us a bag so we had to grab a cardboard box. We then ran over the 6 pack of water we forgot to put in the van! Managed to salvage 3 bottles though. Then we finally got on our way.

image

image

image

image

Arrived home at about 10pm nice!

Alps Trip 2013 Day 11

Rou and Mary got up at 4am to go film on top of the mountain and watch the sunrise. When they got back at about 10:30am we headed to Mottolino to film for the day.

image

Filming went really well, managed to nail a massive hip sort of jump into a berm, did it second time, was very scary. Filming took about 4 hours still somehow.

Once we got down I changed my back brake pads and Mary went home as she was too tired and had been up since 4am! Me Rou and Nigel went back up with the go pro on my helmet. Grabbed a quick bite to eat at the top.

I did some chasing with the go pro on the way down. Then we went back up for another run this time with the go pro facing backwards so the guys chased me.

After that we cycled up the death hill and grabbed a quick beer.

image

image

Got back to the hotel and showered, then headed out for dinner and beer at about 7 ish.

Mary found out you can use the hotels bikes to ride down into town. This was comedy genius. They were so shit we were all crying with laughter.

image

Ate some good horse steak.

We then checked out the brewery and some night clubs. Rou and Mary left at about 1am. Me and Nigel stayed out for a couple more beers and did some stupid dancing.

Riding the bikes up the hill back to the hotel was mote than amusing!

This is how I found Nigel at 6am.