CakePHP security issue

Recently I have stumbled upon thechaw.com--written by CakePHP core dev and developed in CakePHP. I just wanted to check if they have fixed the old security issue in CakePHP and found that the issue is still open.

Proof of concept

CakePHP memory error

In another time, found a famous memory error even in bakery.cakephp.org

Bottom line

CakePHP is open source and so you can fix these issues by yourself

Comments

Stampede and the "Dirty" "Dark" Crowd

Actor Ajith Kumar’s recent interview has sparked quite a few conversations on social media. The part that caught my attention, was his take on crowds. About 30 years ago, when I first joined a college in Madurai after growing up in other places, I experienced a few cultural shocks. Perhaps these weren’t unique to Madurai, but that’s where I first noticed them. One major thing that stood out was the behavior of crowds. For instance, if you suddenly see people rushing to board a bus, chances are there’s a pickpocket in action. During one of Madurai's annual festivals, I noticed some young men carrying water bags — not to distribute water, but to spill it on women, often on their chests. Shockingly, this was almost normalized; parents would quietly tolerate it to avoid public embarrassment, walking a little farther behind the crowd. When some women happened to witness this, they would just shoo the boys away instead of confronting them. The crowd, in such cases, became a kind of...

IP to ISP/Country/City (GeoIP) using PHP

I've noted that many people are searching here about how to find out City/Country/ISP details from IP; often referred as GeoIP. Here, I've compiled my replies that once I posted to comp.lang.php Get the IP Refer http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml and see which whois server should be used for the whois lookup Now, do the whois lookup. e.g., whois -h whois.apnic.net 61.x.x.x Parse the results. AFAIK, it will have the ISP, City and Country info For whois lookup, may use rwhois protocol through below PHP code: <?php function whois($host, $command) { $fp = fsockopen ($host, 43, $errno, $errstr, 100); if (!$fp) { $result = $errstr . $errno . "\n"; } else { fputs ($fp, $command . "\r\n\r\n"); $result = ''; while (!feof($fp)) { $result .= fgets ($fp, 128); } fclose ($fp); } return $result; } //debug... echo whois('whois.internic.net', 'php.net'); ?> Re...

.fig extension used by Figma software - source of confusion

Recently one of our customers sent design files in fig format (with .fig extension). As .fig is an extension used by famous old Linux design tool Xfig , we tried to open in it and were getting errors. And then the designer came to rescue and informed about the online tool Figma . Figma provides easy prototyping options for lazy aka productive designers. In my opinion, it is somewhat comparable to Pingendo . It is more of an online tool developed in JavaScript. They also provide desktop version / downloadable software. I'd thought that its performance will be better in desktop tool, but noted that it is only an Electron app.