Skip to content

Instantly share code, notes, and snippets.

Steve Clay mrclay

Block or report user

Report or block mrclay

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
mrclay /
Created Aug 21, 2019
docker-compose logs -f but auto restarting
function dclogs {
while :
docker-compose logs -f --tail=3
[ $? -eq 0 ] || break
echo "Awaiting a container to restart"
sleep 5
# wait around for startup
mrclay / fewest-meetings.js
Last active Aug 13, 2019
Exercise: From given list of meetings of varying lengths, find the shortest number of meetings that can fit in the day
View fewest-meetings.js
// Recursively create all combinations of the remaining items--at least those
// that are valid and aren't longer than those we've tested so far.
function buildCombinations(remaining, combo, process) {
for (let i = 0; i < remaining.length; i++) {
if (process.isDone()) {
// global short-circuit
mrclay / ClassList.php
Created Dec 9, 2017
HTML class list based on DOMTokenList
View ClassList.php
namespace MrClay;
* HTML class list based on DOMTokenList
* @link
class ClassList
mrclay / AjaxForm.js
Created Nov 11, 2015
Sets up Drupal so that any form can be fetched and submitted over Ajax. Unlike Drupal's ajax module, there are no modifications required to the form at all. Even redirects are captured and sent back to the client.
View AjaxForm.js
* Notes:
* - This is not the complete JS module
* An object to simplify fetching Drupal forms via Ajax
* @param {object} spec Object with keys:
mrclay / elgg-profile-queries.php
Last active Oct 21, 2015
Elgg: profile MySQL queries on Elgg 1.10 - 1.x
View elgg-profile-queries.php
* Query profiler for Elgg 1.10-1.12
* Require this script inside settings.php and the JavaScript console will report all
* queries with their time in seconds, and the total time spent in mysql_query().
* This will not include queries performed after the "output", "page" hook.
* On production you could include this only if a particular query string is set:

More details on the WordPress XSS vulnerability found by Klikki. Both real exploits include a style attribute to widen the mouseover area to the whole viewport; I've left it out here to keep it simple.

The exploit comment is valid HTML and won't be altered by an HTML santizer:

<a title='x onmouseover=alert(unescape(/hello%20world/.source)) AAAAAAAAAAAA...[64 kb]..AAA'></a>

But once truncated by MySQL, the comment will become malformed HTML (note the attribute is left open):

<a title='x onmouseover=alert(unescape(/hello%20world/.source)) AAAAAAAAAAA
mrclay / runsAfter.js
Created Jan 19, 2015
Jasmine helper to cleanup tests that have async operations without a callback.
View runsAfter.js
* Jasmine helper: Call func sequentially after blocking for {delay} milliseconds
* @param {Number} delay
* @param {Function} func
* @link
function runsAfter(delay, func) {
var blocking = true;
mrclay / elgg_mem.php
Created Nov 28, 2014
Elgg: Graph memory usage loading a large number of entities
View elgg_mem.php
require __DIR__ . '/engine/start.php';
$md_cache = _elgg_services()->metadataCache;
$mem_initial = 0;
$show_mem_delta = function () use (&$mem_initial) {
mrclay / elgg_prune_entities.sql
Last active Aug 29, 2015
Elgg: Delete entity rows where the associated secondary table rows no longer exist
View elgg_prune_entities.sql
DELETE FROM elgg_entities
WHERE guid in (
SELECT e.guid FROM elgg_entities AS e
LEFT JOIN elgg_users_entity AS u ON (e.guid = u.guid)
WHERE e.type = 'user'
AND u.guid IS NULL
) AS q1
mrclay / annotation_test.php
Created Oct 6, 2014
Help me determine the best-supported flavor of variable annotations across PHP IDEs.
View annotation_test.php
* Help me determine the best-supported flavor of variable annotations across PHP IDEs.
* 1. Open this file in your IDE
* 2. Place your cursor at the bottom of the file and see which variables are understood
* as instances of the class Foo
* 3. Report your findings to
You can’t perform that action at this time.