Tag: php

Fixing WPMU 2.8.4 and the ignored Banned Email Domains option

wpmufunctions_iconI’ve been having a heck of a time battling sploggers at UCalgaryBlogs.ca – roaches that create accounts and blogs so they can foist their spam links to game Google (thanks for providing spammers with such a powerful incentive, Google).

There’s an option in WordPress Multiuser to ban email domains – provide the domains, one per line, into a text box, and it will reject any roaches trying to create accounts from those domains.

The biggest offenders have been myspace.info and myspacee.info – and although they’ve been in my Banned Email Domains list for months, they just keep getting through. I figured there was some exploit they were using, but couldn’t find a thing.

So, today, I took a look through the code of WPMU 2.8.4, to see if I could find what was going on. Turns out, it’s a really simple fix. There’s a function in wp-includes/wpmu-functions.php, called is_email_address_unsafe() – it’s supposed to check the contents of the Banned Email Domains option field, and reject addresses from the flagged domains.

Except it wasn’t. Rejecting, I mean. It was letting everyone through, because of a simple bug in the code. It was written to treat the value of the option as an array and to directly walk through each item of the array. But, the option is stored as a string, so it needs to be converted to an array first. Easy peasy. Here’s my updated is_email_address_unsafe() function, which goes around line 880 of wpmu-functions.php:

function is_email_address_unsafe( $user_email ) {
	$banned_names_text = get_site_option( "banned_email_domains" ); // grab the string first
	$banned_names = explode("\n", $banned_names_text); // convert the raw text string to an array with an item per line
	if ( is_array( $banned_names ) && empty( $banned_names ) == false ) {
		$email_domain = strtolower( substr( $user_email, 1 + strpos( $user_email, '@' ) ) );
		foreach( (array) $banned_names as $banned_domain ) {
			if( $banned_domain == '' )
				continue;
			if (
				strstr( $email_domain, $banned_domain ) ||
				(
					strstr( $banned_domain, '/' ) &&
					preg_match( $banned_domain, $email_domain )
				)
			)
			return true;
		}
	}
	return false;
}

The fix is in the first 2 lines of the function – getting the value of the string, and then exploding that into the array which is then used by the rest of the function. I’ve tested the updated function out on UCalgaryBlogs.ca and it seems to work just fine. Hopefully the fix will get pulled into the next update of WPMU so everyone with Banned Email Domains can breathe a bit more easily.

Alternate PHP on MacOSX?

I'm working on a project where I'll need to demonstrate the process of importing static websites into Drupal, so I'm toying with the import_html module. The only problem is, it doesn't work on the PHP that comes with MacOSX. It requires XSLT to do it's magic (chunking through the DOM of the static site pages).

I've tried installing the Entropy.ch PHP5 package , but that just borked Drupal on my test system. Is there a sane way to install a more fully-featured PHP version that will work with Drupal on MacOSX?

Update: MAMP works like hot damn! What a handy way to have a separate PHP/MySQL stack to play with on my desktop, without worrying about borking the OS-installed versions… Thanks to Matt for the tip!

I'm working on a project where I'll need to demonstrate the process of importing static websites into Drupal, so I'm toying with the import_html module. The only problem is, it doesn't work on the PHP that comes with MacOSX. It requires XSLT to do it's magic (chunking through the DOM of the static site pages).

I've tried installing the Entropy.ch PHP5 package , but that just borked Drupal on my test system. Is there a sane way to install a more fully-featured PHP version that will work with Drupal on MacOSX?

Update: MAMP works like hot damn! What a handy way to have a separate PHP/MySQL stack to play with on my desktop, without worrying about borking the OS-installed versions… Thanks to Matt for the tip!

Teaching Resources Database

I’ve just updated our Teaching Resources database to use a copy of the lightweight asset management system I built for the Pachyderm project.

Previously, the TR database had been developed as a WebObjects application, connecting to an XStreamDB XML database. That performed really well, and made for nice reliable queries, but meant an editing interface was more difficult to develop.

Now that it’s just a simple MySQL database, and a simple PHP script running the queries and interface, it’s easy to manage, and performs quite well.

There are currently 622 teaching resources (books, websites, documents), in 28 different teaching-related topics. It is a collection of links, gathered by ourselves and the VP Academic’s office from relevant sources around the internet.

I’ve just updated our Teaching Resources database to use a copy of the lightweight asset management system I built for the Pachyderm project.

Previously, the TR database had been developed as a WebObjects application, connecting to an XStreamDB XML database. That performed really well, and made for nice reliable queries, but meant an editing interface was more difficult to develop.

Now that it’s just a simple MySQL database, and a simple PHP script running the queries and interface, it’s easy to manage, and performs quite well.

There are currently 622 teaching resources (books, websites, documents), in 28 different teaching-related topics. It is a collection of links, gathered by ourselves and the VP Academic’s office from relevant sources around the internet.