Skip to content

Instantly share code, notes, and snippets.

Avatar
🔒
https://localhost/?bbq="omg">'wtf'

Michal Špaček spaze

🔒
https://localhost/?bbq="omg">'wtf'
View GitHub Profile
@spaze
spaze / optimg.sh
Created Jun 21, 2022
Optimize images in the current dir with Zopfli (for PNGs), Guetzli (for JPEGs), WebP (for both lossy and lossless conversions). Keeps the smaller file of those.
View optimg.sh
#!/bin/bash
# Optimize images for talk slides
# Run in directory with images, it does the following:
# 1. runs zopfli on all PNGs
# 2. runs guetzli on all JPEGs
# 3. creates lossy and lossless WebP, keeps the smaller one
# 4. keeps the WebP if smaller than original
GREEN=$(tput setaf 2)
@spaze
spaze / README-azure-storage-php-patches.md
Last active Mar 24, 2022
azure-storage-php composer patches for cweagans/composer-patches
View README-azure-storage-php-patches.md
  1. Install composer-patches plugin
composer require cweagans/composer-patches
  1. Download all the files (*.diff & *.json) to patches subdirectory of your project

  2. Add the following to your composer.json:

	"extra": {
@spaze
spaze / cert.pem
Created Jun 5, 2021
Self signed cert expiring in one day
View cert.pem
-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIUHaHTeqKOXVJAuOJtLu3vqYfgVaAwDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCQ1oxDDAKBgNVBAgMA0ZvbzEMMAoGA1UEBwwDQmFyMQww
CgYDVQQKDANCYXoxDjAMBgNVBAsMBVdhbGRvMRcwFQYDVQQDDA5zZWxmLnNpZ25l
ZC5jejAeFw0yMTA2MDUyMTExMjRaFw0yMTA2MDYyMTExMjRaMGAxCzAJBgNVBAYT
AkNaMQwwCgYDVQQIDANGb28xDDAKBgNVBAcMA0JhcjEMMAoGA1UECgwDQmF6MQ4w
DAYDVQQLDAVXYWxkbzEXMBUGA1UEAwwOc2VsZi5zaWduZWQuY3owggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUYp5WfN2Btdd1bg7uMP7nlUO5l4AXZXFq
XIM/Vdv+1tZMaMeKMW9mwYJoXySUNJS5/ix8pPdZL7szGZ8tqMMAisdjmNMfvg0e
mZu9/9yMh7vRDe/KU4u2rKPw4gvZNVx42ptIa1hAecjBwoVxysumBJh9HPo3z1d7
@spaze
spaze / index.php
Created Apr 10, 2021
xsssk sources snippet
View index.php
<?php
function index()
{
echo ascii('xsssk');
}
function rick()
{
header('Location: https://media.giphy.com/media/Vuw9m5wXviFIQ/giphy.gif', true, 301);
}
@spaze
spaze / find-cve-2020-15227.sh
Last active May 20, 2021
CVE-2020-15227 nette/application RCE in-place patch
View find-cve-2020-15227.sh
#!/bin/bash
# Find files in CVE-2020-15227 nette/application issue
# by @spazef0rze
# Run with `bash find-cve-2020-15227.sh`, works on Linux, FreeBSD, tested on Ubuntu 18.04, FreeBSD 11.4
# This is a universal finder for all affected versions.
# Requirements: find, grep, bash (might work with your default shell but YMMV)
# The fixes:
@spaze
spaze / cz-stripped-subdomains.txt
Last active Mar 3, 2020 — forked from kokes/cz.txt
.cz domains *potentially* affected by this CAA problem https://letsencrypt.org/caaproblem/ - test at https://unboundtest.com/caaproblem.html
View cz-stripped-subdomains.txt
# Stripped subdomains (foo.example.com => example.com, doesn't mean example.com was in the original list)
# regex [a-z*0-9\-]+\.cz(?=[ \]])
05.cz
0e.cz
0oo.cz
1000miglia.cz
1000oken.cz
1000zkh.cz
1001.cz
1001hry.cz
View haveibeencaffeinated.php
<?php
// https://en.wikipedia.org/wiki/Category:Coffee_brands
$covfefes = [
'alterracoffeeroasters',
'angiangcoffee',
'angelinus',
'autocrat',
'barcaffe',
'batdorfbronson',
'bewleys',
@spaze
spaze / pbkdf2-symfony-polyfill.php
Last active Oct 12, 2018
Symfony's PBKDF2 polyfill benchmark (TL;DR it's slow, DO NOT USE, use hash_pbkdf2 available in PHP 5.5+ if you must use PBKDF2 but just use password_hash) for the thread here https://twitter.com/spazef0rze/status/1050436425559302147
View pbkdf2-symfony-polyfill.php
<?php
function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0)
{
// Number of blocks needed to create the derived key
$blocks = ceil($length / strlen(hash($algorithm, null, true)));
$digest = '';
for ($i = 1; $i <= $blocks; $i++) {
$ib = $block = hash_hmac($algorithm, $salt . pack('N', $i), $password, true);
// Iterations
for ($j = 1; $j < $iterations; $j++) {
@spaze
spaze / 307timing.txt
Created Mar 8, 2018
The 307 timing includes 200's content download
View 307timing.txt
662538: URL_REQUEST
http://www.michalspacek.cz/
Start Time: 2018-03-09 00:52:52.274
t=10702 [st= 0] +REQUEST_ALIVE [dt=76]
--> priority = "HIGHEST"
--> url = "http://www.michalspacek.cz/"
t=10702 [st= 0] URL_REQUEST_DELEGATE [dt=1]
t=10703 [st= 1] +URL_REQUEST_START_JOB [dt=0]
--> load_flags = 37122 (BYPASS_CACHE | MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE | VERIFY_EV_CERT)
View result.txt
id select_type table partitions type possible_keys key key_len ref rows filtered Extra
1 SIMPLE foo ref code code 34 const 1 100.00 Using index
id select_type table partitions type possible_keys key key_len ref rows filtered Extra
1 SIMPLE foo index code code 34 12 10.00 "Using where; Using index"