WEB + BLOG

Integrar un blog de WP en un sitio web

Seamlessly Integrating a Blog into Your Non-Blog Website

http://idratherbewriting.com/2008/10/23/seamlessly-integrating-a-blog-into-your-non-blog-website/

Otra forma es tener la web en un servidor y en otro el blog.

En el sitio web podemos usar el feed RSS para incorporar las últimas noticias. En el template del blog agregamos las direcciones al sitio web para las páginas. Hay que tener la forma de mantener las barras de menú sincronizadas. Una forma es que el blog “consulte al sitio web” la barra de menú actual.

 

Expresiones regulares con Notepad++

Me tocaba cambiar en el código HTML de la página de contactos, un montón de correos, que había que borrar, así que para no andar línea por línea busqué:

expresiones regulares notepad++

https://duckduckgo.com/?q=expresiones+regulares+notepad%2B%2B&t=ffsb

y encontré

http://www.forosdelweb.com/f14/expresiones-regulares-notepad-1044573/

que explicaba en español  un poco de qué va la cosa, para alguien que no entiende nada

y también este ejemplo

http://markantoniou.blogspot.com.ar/2008/06/notepad-how-to-use-regular-expressions.html

Que estaba mucho mejor para lo que necesitaba, en varios pasos (en inglés) mostrando qué necesitaba hacer y cómo lo hacía.

Básicamente lo que hice fue basarme en el ejemplo

Find what: (\+.*)(Item)
Replace with: \1\r\n\2

Y poner lo que necesitaba

Find what: (<a href="mailto:.*)(</a></h5>)
Replace with: </h5>

El código busca cualquier link que tenga el mailto hasta el fin del contacto

y chau.

 

Google Analytics y seguridad

Critical Security Vulnerability in Google Analytics by Yoast #319

About Vulnerability

This plugin is vulnerable to a Stored Cross Site Scripting vulnerability,This issue was exploited when administrator users with access to “Google Analytics by Yoast” Setting in wordpress above listed vulnerable parameter is vulnerable for stored XSS. A malicious administration can hijack other users session, take control of another administrator’s browser or install malware on their computer.

————-

————–

Google Analytics — Yes, it is a security risk

Obama’s website, Mountain View’s javascript

Analysis Judging from some of the comments responding to our story about security sloppiness on Barack Obama’s website, it’s clear a discussion about the risks of third-party javascript is in order. Contrary to what many commentators believe, widgets used by Google Analytics and similar services do represent a threat, especially if you’re a high-profile target.

http://www.theregister.co.uk/2008/11/22/google_analytics_as_security_risk/

+ http://www.theregister.co.uk/2008/11/20/barack_obama_website_insecurity/

————-

Security and privacy in Universal Analytics

https://support.google.com/analytics/answer/2838718?hl=en

———–

! Este post “desaparece” porque Google redirecciona automáticamente

https://productforums.google.com/forum/#!topic/analytics/GdmiI_-VvsQ

———–

 

Piwigo y seguridad

PIWIGO

Reportes de seguridad:

Piwigo Blind SQL Injection Vulnerabilities

8 May. 2015

SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit.

Vulnerable Systems:
* Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2

Immune Systems:
* Piwigo after 2.7.2

This bug was found using the portal without authentication. To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact with the application. It is possible to inject SQL code in the variable “rate” on the page “picture.php”.

CVE Information:
CVE-2014-9115

Disclosure Timeline:
Original release date: 12/23/2014
Last revised: 12/23/2014

http://www.securiteam.com/securitynews/5PP2V2AFQA.html

 

Piwigo LocalFiles Editor Plug-in Cross-Site Request Forgery Vulnerability

https://tools.cisco.com/security/center/viewAlert.x?alertId=31407

Version Summary: Piwigo LocalFiles Editor plug-in contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks on a targeted system. Updates are unavailable.
Description
A vulnerability in the LocalFiles Editor plug-in of Piwigo versions prior to 2.4.7 could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks.

The vulnerability is due to improper validation of certain user-supplied HTTP requests by the /admin.php script. An attacker could exploit this vulnerability by convincing an authenticated administrative user to follow a malicious URL. When processed, the URL could allow the attacker to hijack the authentication of the administrator and could create arbitrary PHP files on the remote server. Successful exploitation could allow the attacker to conduct further attacks.

Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.

Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit this vulnerability.

For additional information about CSRF attacks and potential mitigation methods, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Request Forgery Threat Vectors.

Piwigo has released a bug report at the following link: Bug ID 0002844

Piwigo has released updated software at the following link: Piwigo 2.4.7

 

———-