Skip to content

Instantly share code, notes, and snippets.

View RickKukiela's full-sized avatar

Rick Kukiela RickKukiela

View GitHub Profile
@RickKukiela
RickKukiela / README.md
Created October 26, 2022 18:25
Metraflex OCS Calc Readme

Metraflex Off-Center Seal Calculator

Created by Rick Kukiela rick@belniakmedia.com
Lead Developer at Belniak Media, Inc. (https://www.belniakmedia.com)

YOU MUST RUN THE BUILD COMMAND TO CREATE THE dist/ FOLDER AND COMPILED SCRIPTS!

Compiler Notes

This package was written in TypeScript under Node18. It is recommended that you use nvm (https://github.com/nvm-sh/nvm) to swap what node version you are using on a given terminal session. This software works on windows as long as you have GitBash or similar installed (this comes free with the windows version of git which you need to clone the repo.).

The actual Node version used at development time was node v18.9.0 and npm v8.19.1.

@RickKukiela
RickKukiela / disable-mod-security-craftcms-admin.md
Created October 6, 2022 19:29
CraftCMS Admin POST - Disable mod_security

I recently ran into an issue with MOD_SECURITY and false positives while posting content in the craftCMS admin. Previously I was able to disable mod_security for the entire admin by using a <LocationMatch> directive, but since the later version of craft, the entry editor posts the form directly to the platform entry url, usually /index.php. Therefore, using the old method your only option was to disable mod_security or the specific rules for the entire site. This new method works around that:

Add the following to your httpd.conf (.htaccess control is no longer supported after mod_security2)

<IfModule security2_module>
   SecRule REQUEST_URI "p=admin/actions" id:99999999,phase:1,pass,nolog,t:none,ctl:ruleEngine=Off
</IfModule>

The rule ID specified is required on mod_security >= 2.7 (I believe). Just give it a number that does not conflict with an existing rule. The number in the sample works fine for me.

@RickKukiela
RickKukiela / new-tech-to-watch.md
Created July 11, 2022 16:34
New Tech to Watch

List of Technologies to keep an Eye On

@RickKukiela
RickKukiela / gulp-dest-php-opcache.md
Last active July 11, 2022 16:08
gulp.dest() -> .php + via require() (with opcache) = no update / cached data

Warning to the Masses

If you use gulp.dest() to update a .php file that is used as an include via require(), require_once() and I belive the include() variants on a system with opcache enabled you're gonna have a bad time.

You're gonna have a bad time south park

On linux based systems, gulp.dest() sets the modified time stamp of the output file back to the source file's modified time after writing it. This leaves the mtime of the file unchanged when directly editing an exisiting file via gulp (this is not the case on windows). This is a problem if the .php file written is used as a PHP include on systems with opcache enabled. Opcache will assume the file has not changed and therefore not read the file again. It will instead just assume the result of the include file from the last time it was actually ran.

To work around this add gulp-touch-cmd via npm i gulp-touch-cmd --save or npm i gulp-touch-cmd --save-dev depending on you

@RickKukiela
RickKukiela / .htaccess-template
Last active January 21, 2023 21:30
HTACCESS Functions Template
# Set Security Headers
<IfModule mod_headers.c>
# -- START HSTS HEADER SPECIFICATION --
# UNCOMMENT ONLY ONE
# ------------------
## NON-PRELOAD - Initial implementation / testing period (PRELOAD is hard to undo)
#Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" "expr=%{HTTPS} == 'on'"