Bala-Krishna

i just login today on the Facebook and find new look of the profile page. New profile page is optional, after login you will receive “Try new Facebook” option to load new theme. Not sure this option is only available first time or every time i login until Facebook developer replace old profile page with new profile page. The new profile page look like similar to new other social network platform like Myspace. Facebook known to its simpler interface and people really enjoy the simplicity. There are several different view about the new look. Some users says, old profile page was good becuase most of the stuff was exist on one page but now new tab introduced and stuff move to a new tab that open a new page.  It look like new look not finalized yet.  We might see some new changes in new future.

Google Search Box History is a good tool for web surfer who want to track of their search history. It is very useful sometime when we forget what we have browsed. But at the same time it curious for the people who love their privacy. Because it make available to open what you have accessed though your web browser. Google do not store your browser activity, All such form data saved by browser itself. Note that Google Web Search History is different from Search Box History. If you login in to Google account, Google track your search activity to deliver better search result according to your habits.

Let see how we can stop browser habit to stop your search activity.

Instant Method:

Click on the search box drop down. Click on the “Clear Search History” to instantly clear search history. This method is same for IE and Firefox. Also work on google tool bar search box as well as Firefox search box. You can do this easily before leaving your computer.

I just received “Not Acceptable Error while i tried to edit post in Word Press 2.5. Earlier, It was working fine but in the previous post i get annoying error when i tried to save and continue my article. But soon i realize cause of the error. Again, the error was due to apache web server mod-security rules SecFilterEngine On. The exact text of the error is “Error 406, Not Acceptable. An appropriate representation of the requested resource /wp-admin/post.php could not be found on this server.”

Here is the quick fix the error:

1. Download .htaccess file from your root directory or create one if not exist.
2. Add following Line in .htaccess file.
3. <IfModule mod_security.c>
   <Files post.php>
   SecFilterEngine Off
   SecFilterScanPOST Off
   </Files>
   </IfModule>
4. If <IfModule mod_security.c> line already in your .htaccess file then place only <Files..></Files> block inside if module block.
5. Save file and upload file to your host root directory.
6. All done..

PHP compiler generate fatal error if you use function return value in read/write context. Although this is not applicable for all PHP supported function but PHP function like empty does not support use of the function in this way. In other words, php empty function cannot check the return value of a function or method. It can only check variables so use only variable inside empty function. Any other function or expression inside empty function will lead to generate fatal error.

Example Problem Solution:

Wrong
if(empty(trim($testimony))) echo “Empty”; else echo “Not Empty”;

Correct
$testimony = trim($testimony);
if(empty($testimony)) echo “Empty”; else echo “Not Empty”;

Wrong
if(empty($bobj->get_results(’post’)) { // Processing Code }

Correct
$tmp = $bobj->get_results(’post’);
if(empty($tmp)) { // Processing Code }

If you are using Alex popularity plug-in then you might face this error while upgrading plug-in automatically in WP 2.5. This error generate due to invalid wp-header file path in plug-in file. Unfortunately, Alex not released new fixed version of the this popular plug-in. However, fix is really very simple and anyone can fix issue just by editing one single plug-in file. Please follow steps below to fix this error in your installation:

1. Deactivate older version of the plugin. If you are installing first time skip this step.
2. Download the latest release from wordpress.org or plugin author website.
3. Open popularity-contest.php in your favorite editor and scroll down to line 59. Replace
   

   require('../../wp-blog-header.php');

   with

   require('../wp-blog-header.php');

4. Save file and upload file to your plugins folder.
5. Reactivate the plugin

Two vulnerabilities has been discoverd in CubeCart 4.xx by Russ McRee that can be use by hackers to exploit website by cross-site scripting attacks. The search input string is not properly sanitised before passed to script for execution. This behaviour can be used by attacker to execute malicious script code in the browser to affect website. This may allow to hacker to acess administration by stealing cookies-based aunthentication scheme and destroy website.

Solution:

CubeCart has been released security patch to fix this problem that can be download from following location.

• CubeCart_4.1.1_pl1.zip
• CubeCart_4.2.1_pl1.zip

Also, CubeCart user can fix this manually by editing a single file. Please follow steps described below:

Open ini.inc.php and find at around line 134:

$data[$key] = $this->safety($val);
}

return true;

Replace with:

$data[$key] = $this->safety($val);
}

All done.

This is common error occur due to wrong permission setting in Gallery2 data directory.� During module uninstall, gallery2 restore directory permission and other changes as it was before the module installation. This feature sometime break gallery directory permission and directory does not work.� See Image bellow for exact error description.

Solution:

Try changing gallery data directory “/g2data” permission to 777. If this does not fix your problem then try changing permission to “/g2data/smarty/templates_c“. After this step delete all content including directory inside “/g2data/smarty/templates_c” directory. This should fix ERROR_PLATFORM_FAILURE problem.

Recently, Microsoft has released a beta version of Internet Explorer 8 with the new cool features. This beta version comes with new exciting features. Let describe here what’s new in IE8.

• Web Slices Feature - This is new that enables users to subscribe to content directly within a webpage. WebSlices behave just like RSS feeds in that users can subscribe to them and receive notifications content updates.

• Activities - This feature allow you to access external services from current web page very quickly on mouse click based on information on the web page. This can be look up for information related to data in webpage or send content from web page to another application.

• Compatibility with old IE Engine - Internet Explorer 8 comes with three different rendering mode that can be change easily using the toolbar. The defualt render engine is IE8 Standard Mode. Following three mode supported now.
  • Quirks mode which supports Internet Explorer 5 and legacy browsers
  • Strict mode which supports Internet Explorer 7 and is accessed through the emulate Internet Explorer 7 button
  • Internet Explorer 8 standards mode
• Domain Highlighting - This feature highligh top level domain in address bar to identify top level domain quickly. The highlighted domain name is in bold black font, and rest of the URL display in Grey color.
• Improved security - Enhanced phishing filter to provide additional protection against various evolving threats.
• Inbuilt Developer Toolbar for development - The new own built-in Developer Toolbar enables developers to quickly debug HTML, cascading style sheets, and JavaScript in a visual development environment that is included with the web browser. Developers can quickly identify and resolve issues because of the deep insight the tool provides into the Document Object Model. The Developer Toolbar also allows the layout to be changed on the fly so that each rendering scenario can be tested thoroughly.

Download Microsoft Internet Explorer Beta1

Release Notes

This is the security issue primarily reported by Krit. and Pr0metheuS. ClipShare leading PHP video sharing script has an SQL injection exploit in user profile page(uprofile.php). ClipShare application does not properly sanitize user supplied UID data before using in an SQL query. Hackers can use this exploit to access or alter user database.

Exmple URI:

http://www.example.com/uprofile.php?UID=1+and+1=2+union+select+1,2,concat(uid,char(58),username,char(58),pwd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2
0,21,22,23,24,25,26,27,28,29,30,31,32+from+signup+limit+0,20/*

ClipShare not issued any patch to fix this issue. If you have any idea to fix this issue or have patch please share it here so others can benifited from your contribution.

Wordpress 2.3.3 version has been released today to fix security issues in XML-RPC implementation as well as vulnerability in the WP-Forum plugin. According to WP post, an special xml-rpc request can be made that allow one user to update post of another user. Here is full list of fixes in new version.

• Fixed flaw in XML-RPC implementation. you can update XML-RPC file without updating wordpress immediately. You just need to download updated xml-rpc file and overwrite new file in your existing installation.
• Discovered a vulnerability within this WP-Forum plugin that can be exploited by malicious users to conduct SQL injection attacks. WP recommend to remove this plug-in until new release.
• Fixed a function in wp-includes/gettext.php that fails to determine the correct byteorder on FreeBSD6.2-amd64.
• Fixed emails sent problem to certain addresses.
• Fixed issue with maybe_create_table function using a full path definition of the location of the wp-config.php file.

Upgrade with latest WordPress Release