I hereby claim:
- I am justthomas on github.
- I am justthomas (https://keybase.io/justthomas) on keybase.
- I have a public key whose fingerprint is BD76 69E9 D631 C156 DDB3 832F D815 E4AD 5C9A E6D9
To claim this, I am signing this object:
JustThomas
JustThomas
/ wordpress_https_workaround.php
Last active
August 29, 2015 14:13
Workaround for redirects with WordPress HTTPS and WordPress MU Domain Mapping
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Plugin Name: Workaround for HTTPS with Domain Mapping | |
| Description: Disables redirect from MU Domain Mapping Plugin on SSL-secured pages | |
| Author: Thomas Ulrich | |
| Author URI: https://github.com/JustThomas | |
| Version: 0.1 | |
| */ | |
| function tu_wordpress_https_workaround() { |
JustThomas
/ keybase.md
Created
April 11, 2015 13:28
JustThomas
/ resolve_wordpress_mu_domains.sh
Last active
February 25, 2017 21:49
Resolve all domains from a CSV export of the wp_domain_mapping database table
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| INPUT=wp_domain_mapping.csv | |
| OLDIFS=$IFS | |
| IFS=, | |
| [ ! -f $INPUT ] && { echo "$INPUT file not found"; exit 99; } | |
| while read domainid siteid domain active | |
| do | |
| domain=${domain//\"} # Remove quotes | |
| domainid=${domainid//\"} # Remove quotes | |
| ip=`dig +short $domain | tail -n 1` # Resolve domain name |
JustThomas
/ sqli_wp_user_control.md
Last active
May 22, 2021 16:36
SQL injection vulnerability in WordPress "User Control" plugin
The User Control plugin gives administrators the possibility to disable user accounts in WordPress. Users whose accounts have been disabled cannot sign in to WordPress anymore. Unfortunately, the plugin has some serious vulnerabilites which anyone can use to perform SQL queries on the WordPress SQL database.
The plugin has been removed from the official WordPress plugin repository. If this plugin is installed on your WordPress installation, you should remove it ASAP.
The plugin contains the following code which is executed on every pageload:
JustThomas
/ nginx_remove_double_slashes.md
Created
February 4, 2018 17:16
nginx: Remove double slashes from URLs
Put the following directives in your server block. nginx will then redirect URLs with double (or triple or multiple) slashes to the corresponding URL with a single slash.
merge_slashes off;
rewrite ^(.*?)//+(.*?)$ $1/$2 permanent;
JustThomas
/ wordpress-multisite-internal-redirect-loop.md
Last active
March 27, 2024 14:45
WordPress Multisite: How to fix error "too many redirects"
I am running a WordPress multisite network with sub-directory setup. When I check my error.log file, it is full of entries like this one:
Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'Limit InternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
The problem was, in my case, one specific rewrite rule in the .htaccess file.