buy my book!

security hole for files with a dot at the end

I received an email this morning saying that KFM has a security hole – if a user creates a file named “test.php.” (note the ‘.’ at the end), then it is run as if it was “test.php”, even if you explicitly banned the .php extension in your settings.

I immediately added a line of code to [...]

October 13th, 2008 | Category: kfm, perl, php, programming, web development, webme, webworks | 4 comments

online autism test hack

I was speaking with m1 in the ILUG chatroom today, and he mentioned an online autism test on Wired.com.

When you fill that out, and submit it, though, you will be shown the source code of the script which was supposed to calculate the results.

To get it to work, download the source, copy it into a [...]

August 15th, 2007 | Category: areyoumad, autism, perl | Leave a comment

what am I up to?

My wife is in hospital with an absess on her eye, so I’m stuck at home minding Jareth, my 3yo son.

I don’t have time to work on KFM at the moment, but work is progressing anyway – Benjamin Ter Kuile has been hacking away at it feverishly – he’s currently working on the Image code. [...]

October 27th, 2006 | Category: ajax, databases, javascript, kfm, perl, php, web development | Leave a comment