Welcome to my blog

I was getting PHP `unseralize` errors when working with some WordPress option values.

PHP Notice: unserialize(): Error at offset 4854 of 24578 bytes

One of the comments in the `unserialize` documentation was suggested matching all string values, and correct the string length. Working with that, and checking the area of breakage (byte 4854) I found a string which was declared as 64 characters, but serialized as 61. So I went ahead and adapted the 6 year snippet to work on PHP 7.1.

// $val = SERIALIZED_VALUE;

function fix_serialized_string_lengths($matches) {
	if ( strlen( $matches[2] ) == (int)$matches[1] ) return $matches[0];

	$idx = strpos( $matches[0], ':', 2 );

	return 's:' . strlen( $matches[2] ) . substr( $matches[0], $idx );
}

$arr = @unserialize( $val );

if ( $arr === FALSE ) {
	$val = preg_replace_callback(
		'!s:(\d+):"(.*?)";!s',
		'fix_serialized_string_lengths',
		$val
	);

	$arr = unserialize( $val );
}

If you ever find yourself using Apache as a frontend server or reverse proxy, as opposed to one Nginx, for example. You may want to be sure to pass the actual host IP and scheme information back to your application so that it may function properly. By default, mod_proxy sets the X-Forwarded-For header. But that header is a list, and is used by other types of proxies. You may want to set the X-Forwarded-Proto and X-Real-IP as well. The following entries into your VirtualHost or similar should do the job:

RequestHeader set X-Forwarded-Proto "%{REQUEST_SCHEME}s"
RequestHeader set X-Real-IP "%{REMOTE_ADDR}s"

If you’re getting “Incorrect format parameter” errors on attempts to import files into phpMyAdmin, be sure to get your post_max_size and upload_max_filesize settings in php.ini. More than likely, they are too small for the file that you’re uploading.

Currently, none of the major Selenium drivers (browsers) support the ability to easily take a screenshot of an entire web page. The following function takes multiple screenshots through the viewport and scrolls between screenshots, then stitches the resulting images into a single PNG.

def save_fullpage_screenshot(driver, url, output_path, tmp_prefix='selenium_screenshot', tmp_suffix='.png'):
	"""
	Creates a full page screenshot using a selenium driver by scrolling and taking multiple screenshots,
	and stitching them into a single image.
	"""

	# get the page
	driver.get(url)

	# get dimensions
	window_height = driver.execute_script('return window.innerHeight')
	scroll_height = driver.execute_script('return document.body.parentNode.scrollHeight')
	num = int( math.ceil( float(scroll_height) / float(window_height) ) )

	# get temp files
	tempfiles = []
	for i in xrange( num ):
		fd,path = tempfile.mkstemp(prefix='{0}-{1:02}-'.format(tmp_prefix, i+1), suffix=tmp_suffix)
		os.close(fd)
		tempfiles.append(path)
		pass

	try:
		# take screenshots
		for i,path in enumerate(tempfiles):
			if i > 0:
				driver.execute_script( 'window.scrollBy(%d,%d)' % (0, window_height) )
			
			driver.save_screenshot(path)
			pass
		
		# stitch images together
		stiched = None
		for i,path in enumerate(tempfiles):
			img = Image.open(path)
			
			w, h = img.size
			y = i * window_height
			
			if i == ( len(tempfiles) - 1 ):
				img = img.crop((0, h-(scroll_height % h), w, h))
				w, h = img.size
				pass
			
			if stiched is None:
				stiched = Image.new('RGB', (w, scroll_height))
			
			stiched.paste(img, (
				0, # x0
				y, # y0
				w, # x1
				y + h # y1
			))
			pass
		stiched.save(output_path)
	finally:
		# cleanup
		for path in tempfiles:
			if os.path.isfile(path):
				os.remove(path)
		pass

	return output_path

The following libraries are required:

• selenium
• Pillow

I have been writing some automation code a few dozen websites, and I wanted to generate SSL keys, and I couldn’t get the `subprocess` call to work properly, so I thought I would post the final solution. The argument to `communicate()` is critical.

import subprocess

filename = 'my.key'
numbits = 2048

cmd = ['openssl', 'genrsa', '-out', filename, str(numbits), '-passin', 'stdin']

p = subprocess.Popen(
	cmd,
	stdin = subprocess.PIPE,
	stdout = subprocess.PIPE,
	stderr = subprocess.PIPE,
	shell=False
)

out, err = p.communicate('\n')

Today, I had the need to replicate an encrypted query string token to inter-operate with a third-party commercial application. I was able to determine the library, symmetrical algorithm and secret key being used to create the token. Turns out, it was an ASP.net web application using the Chilkat .NET library to do the encryption and decryption. Specifically, it was the Chilkat AES (aka Rijndael) methods being used.
Read More

Step 1: Install Packages

Install yum repo, you can the correct one at https://yum.postgresql.org/:

yum install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm

Install the actual packages:

yum install pgadmin4-web

Step 2: Create system user

The packages do not create a user to run the web application now, so take some time to do so now:

useradd --create-home --home-dir /var/pgadmin --system --shell /sbin/nologin

Step 3: Run setup.py

It’s necessary to run setup.py to create the appropriate environement under the system user’s HOMEDIR:

su –shell /bin/sh -c “python /usr/lib/python2.7/site-packages/pgadmin4-web/setup.py” pgadmin

Step 4: Configure Apache HttpD

<VirtualHost *>
	ServerName pgadmin.example.com

	CustomLog "logs/pgadmin-access_log" combined
	ErrorLog "logs/pgadmin-error_log"
	LogLevel error
	
	WSGIDaemonProcess pgadmin processes=1 threads=25 user=pgadmin group=pgadmin
	WSGIScriptAlias / /usr/lib/python2.7/site-packages/pgadmin4-web/pgAdmin4.wsgi

	<Directory /usr/lib/python2.7/site-packages/pgadmin4-web>
		WSGIProcessGroup pgadmin
		WSGIApplicationGroup %{GLOBAL}
		Require all granted
	</Directory>
</VirtualHost>

Working with SSL certificates in Openfire are surprisingly troublesome, at least as compared to popular web servers (Apache hTTPd, Nginx, IIS).

I recently needed to update an expiring certificate (having once, previously, figured out how to successfully import a purchased, SSL certificate.

This time I found a nice tutorial: https://alpha-labs.net/2014/12/openfire-and-ciphers/. Thanks to Christian for that.

I’ve made some slight modifications to his Shell script, and I just wanted to share

#! /bin/bash
JavaDir="/opt/openfire/resources/security" 
PASS="changeit"
certdomain="im.example.com"
certname="im_example_com"
certdir="/etc/ssl"
tmp="/root/tmp"
 
 
## echo "stop openfire"
##/etc/init.d/openfire stop
 
echo "> deleting truststore and keystore"
test -e "${JavaDir}/truststore" && rm -f "${JavaDir}/truststore"
test -e "${JavaDir}/keystore" && rm -f "${JavaDir}/keystore"

echo "> merge domain certificate with CA certificate"
cat "${certdir}/${certname}.crt" "${certdir}/${certname}.ca-bundle" > "${certdir}/${certname}.combined.crt"

echo "> create a new trust store"
keytool -import -trustcacerts -storepass $PASS -alias "PositiveSSL" -file "${certdir}/${certname}.ca-bundle" -keystore "${JavaDir}/truststore"

echo "> create new p12 file"
openssl pkcs12 -export -in "${certdir}/${certname}.combined.crt" -inkey "${certdir}/${certname}.key" -out "${certdir}/${certname}.p12" -name "${certdomain}" -CAfile "${ca}" -passout pass:"${PASS}"

echo "> create new key store"
keytool -importkeystore -deststorepass "$PASS" -srcstorepass "$PASS" -destkeystore "${JavaDir}/keystore" -srckeystore "${certdir}/${certname}.p12" -srcstoretype PKCS12 -alias "${certdomain}"

echo "> change file perms"
chmod 644 "${JavaDir}/truststore" "${JavaDir}/keystore"

echo "> change ownership"
chown daemon:daemon "${JavaDir}/truststore" "${JavaDir}/keystore"

echo "> list directory"
ls -lha "${JavaDir}" *store*

## echo "start openfire"
##/etc/init.d/openfire start

Notes

A few quick notes:

• This _will_ delete your existing truststore and keystore, back them up first
• I disable stopping and starting of the OpenFire service, feel free to uncomment those
• This version expects the CA’s chain certificate to be named in the format `CERTIFCATE_NAME.ca-bundle`
• This only creates an RSA certificate

When I started with Django, the version at the time was 1.5. Back then, we prepended STATIC_URL to our static assets to reference them in our templates. With recent release, best practice is to you use the static ^[1]. I often find myself wanting to append a version number to my static files, at least my CSS and JS files to ensure that browser see my new versions when I push an update. In this post, I make use of the `static` tag and its URL building to easily append a version number.

The Code

The static tag uses the active storage engine to generate the URL for the static file, by default this is the StaticFilesStorage engine. So we’re going to want to subclass this engine and override the, url() method to generate our versioned URL.

# django imports
from django.conf import settings
from django.contrib.staticfiles.storage import StaticFilesStorage
from django.utils.encoding import filepath_to_uri
from django.utils.six.moves.urllib.parse import parse_qs
from django.utils.six.moves.urllib.parse import urlencode


VERSION_NAME = u'v'


# classes

class VersionedStaticFilesStorage(StaticFilesStorage):

	def url(self, name):
		"""
		Generates URL for static file.
		
		Requires STATICFILES_VERSION setting.
		"""
		
		# if there is a query string already, isolate it
		try:
			idx = name.index(u'?')
			qs = name[idx+1:]
			name = name[:idx]
		except ValueError:
			idx = -1
			qs = None
		
		# build a dictionary
		query = parse_qs(qs) if qs else {}
		
		# add in our version number
		query[VERSION_NAME] = settings.STATICFILES_VERSION
		
		# get url
		url = super(VersionedStaticFilesStorage, self).url(name)
		
		# rebuild query string
		qs = urlencode(query.items(), doseq=True)
		
		# return combined url
		return url + u'?' + qs

	pass

Add this code to a module, for example, storage.py in your app, and then reference it in the STATICFILES_STORAGE setting.

STATICFILES_STORAGE = 'myapp.storage.VersionedStaticFilesStorage'

Be sure to create your version value in settings.py:

STATICFILES_VERSION = '2.0'

And now you should have static URLs like this:

<script type="text/javascript" src="/static/js/bootstrap.min.js?v=2.0"></script>

Good luck, and happy coding.

If you’re seeing this exception, you’re probably using some combination of the Python requests library, and gevent.
Read More