César Galvani cfgalvani
cfgalvani
/ protect.conf
Created
August 7, 2021 21:20
— forked from VirtuBox/protect.conf
Nginx Configuration to block SQL Injection and similar attacks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| location ~* "(eval\()" { deny all; } | |
| location ~* "(127\.0\.0\.1)" { deny all; } | |
| location ~* "([a-z0-9]{2000})" { deny all; } | |
| location ~* "(javascript\:)(.*)(\;)" { deny all; } | |
| location ~* "(base64_encode)(.*)(\()" { deny all; } | |
| location ~* "(GLOBALS|REQUEST)(=|\[|%)" { deny all; } | |
| location ~* "(<|%3C).*script.*(>|%3)" { deny all; } | |
| location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; } | |
| location ~* "(boot\.ini|etc/passwd|self/environ)" { deny all; } | |
| location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { deny all; } |
cfgalvani
/ add-checkout-form-key.sh
Created
November 6, 2018 15:15
— forked from schmengler/add-checkout-form-key.sh
Magento SUPEE-9767 Checkout Form Key Theme Patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| find -L app/design/frontend -regex '.*\(shipping\|billing\|shipping_method\|payment\).phtml' -exec grep -L formkey {} \; \ | |
| | xargs sed -i 's/<\/form>/<?php echo $this->getBlockHtml("formkey") ?><\/form>/g' | |
| find -L skin/frontend -name 'opcheckout.js' -exec grep -L form_key {} \; \ | |
| | xargs sed -i 's/if (elements\[i\].name=='\''payment\[method\]'\'') {/if (elements[i].name=='\''payment[method]'\'' || elements[i].name == '\''form_key'\'') {/g' |
cfgalvani
/ patch-7136
Created
July 20, 2018 17:05
— forked from molotovbliss/patch-7136
Magento v1 SUPEE-7136 Cookies : 'frontend_cid' is never renewed, compared to 'frontend' one. So session often expires.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sauce: https://community.magento.com/t5/Technical-Issues/Cookies-frontend-cid-is-never-renewed-compared-to-frontend-one/td-p/41077 | |
| The core code seems to have forgotten to include the logic to renew the frontend_cid cookie. | |
| I have contacted Magento support regarding this and they provided me a patch - SUPEE-7136, however I'm not seeing it published online anywhere... | |
| The issue lies in this file: | |
| app/code/core/Mage/Core/Model/Session/Abstract/Varien.php | |
| What the patch does is replace this: |