Thursday, June 26, 2008

Latex on wordpress blog

Some time back I came to know that wordpress blogs hosted at wordpress.com supports latex. But no such default functionality for self hosted wordpress blogs. But there are plugins (latexrender, wp-latex) which can facilitate similar things.

But for these to work you will need to install latex on your hosting account. (I have intalled latex on my hostmonster account some time back.).

Continue Reading >>

Tuesday, June 24, 2008

View contents of Zip/Jar files using firefox

With Firefox 3, you can use firefox browser to view contents of zip/jar files.
For viewing contents of filename.zip type following at location bar:

jar:file://< full path to filename.zip >!/
Example: jar:file:///home/user/Desktop/filename.zip!/
Also: jar:file:///home/user/Desktop/filename.zip!/dir/file1.js

This is specially very useful when you want to see contents (.js, .css, .html files) included in firefox extension’s jar file.


Continue Reading>>

Monday, June 23, 2008

Installing latex on hostmonster

In continuation with my previous post (Some times yahoo is better), I followed the steps on how to install latex/tetex on my web host from here (You can also get the Installation steps from QuickInstall file in source code or access the same file from tug.org).

But the problem is that on web hosts like hostmonster you won’t have root access so you will need to modify some of the things and do a local install in your home directory.

Continue Reading>>

Wednesday, April 23, 2008

Blog has moved

New home for my blog:

http://aburad.com/blog/
I am using wordpress for hosting and its fun playing with it. Please update your bookmarks and feeds. Also I have shifted my homepage to http://www.aburad.com

Wednesday, April 16, 2008

Creating Error 404 page

Helping lost visitors? Sometimes a link provided by you may end up as 404 page or viewer might have typed wrong URL that doesn't lead correct page on your site. To help your visitors you can actually use .htaccess file (for Apache servers) to redirect all such links to a special page which will be more useful than plain "404 File Not found" error.

You can add this one line to .htaccess file (create this file if it doesn't exist)

ErrorDocument 404 /web404.html
This will redirect all queries for files not found in that directory and sub directories to web404.html
On that page you can provide user with:
  • Link to homepage
  • Tell them to check the URL or Go Back
  • Search functionality for your website will be very useful.
So yesterday I added a 404 page for my website: Check it out

I have also added similar functionality for my wordpress blog. For setting up 404 Error page on wordpress follow this well compiled article: Creating an Error 404 Page

Interesting read: Creating User Friendly 404 Pages
Related Post:
Web Development Tools

Tuesday, April 15, 2008

View page source trick in firefox, flock

You may have read about firefox's special about: pages like about:config, about:cache etc. Or you can go through Firefox about: pages to have an idea about them. There is one similar functionality in firefox which allows you to view page source of a page. You can type

view-source:http://www.google.com/
this in location bar to view page source of google.com.
So i have made this Bookmarklet to view page source: View Source (So you can drag this to your bookmark toolbar to have quick access).

Similarly you can type javascript: in your location bar to open java script error console.

Related Post:
Firefox About Pages
Little tweaks with javascript : Bookmarklets.
Open webpages in sidebar

Monday, April 14, 2008

Cross-site Scripting (XSS)

Two days back, my shoutbox was hacked :). I was not aware that people are actually visiting this, which I made long back to have similar thing for Ethos in june, 2005. After that i haven't updated the code and many things were left in between.

What actually happened: Cross Site Scripting, when we want user to input some data (which may be html/javascript) and displays it back. So if html/script tags are not properly checked it can cause trouble. Earlier I hadn't checked for javascript, iframe inputs. So somebody just inserted an iframe as message input in my shout box. And the source of iframe contained redirection to another website. So when shouts were displayed on the page the iframe code was displayed as it is and page got redirected to other page.

Luckily I checked the page just after the day this happened, So that way i actually got chance to update this orphaned code and made some fixes.

Solution : Idea is to filter meta characters such as (< , >, ' , " etc) Which will prevent browser from processing them as part of some script, they will be processed as plain text only.
So while doing in php you can do:

$shout=str_replace("<","&lt;",$_GET["shout"]);

And to be on safer side we should also replace following characters:

replace ( with &#40;
replace ) with &#41;
replace & with &amp;
replace ' with &#39;
replace " with &#34;

Or If you are not expecting user to input these characters then you can simply replace these with null string;

So now you can enjoy Shout Box until some new bug is found or its hacked again [;)]

Related post:
SQL Attacks: Hacking (SQL injection)