Laravel <= v8.4.2 debug mode: Remote code execution In late November of 2020, during a security audit for one of our clients, we came accross a website based on Laravel. While the site’s security state was pretty good, we remarked that it was running in debug mode, thus displaying verbose error messages including stack traces: Upon further inspection, we discovered that these stack traces were generated by Ignition, which were the default Laravel error page generator starting at version 6. Having exhausted other vulnerability vectors, we started to have a more precise look at this package. Ignition <= 2.5.1 In addition to displaying beautiful stack traces, Ignition comes with solutions, small snippets of code that solve problems that you might encounter while developping your application. For instance, this is what happens if we use an unknown variable in a template: By clicking “Make variable Optional”, the {{ $username }} in our template is automatically replaced by {{ $username ? '' }}. If we check our HTTP log, we can see the endpoint that was invoked: Along with the solution classname, we send a file path and a variable name that we want to replace. This looks interesting. Let’s first check the class name vector: can we instanciate anything ? class SolutionProviderRepository implements SolutionProviderRepositoryContract { ... public function getSolutionForClass(string $solutionClass): ?Solution { if (! class_exists($solutionClass)) { return null; } if (! in_array(Solution::class, class_implements($solutionClass))) { return null; } return app($solutionClass); } } No: Ignition will make sure the class we point to implements RunnableSolution. Let’s have a closer look at the class, then. The code responsible for this is located in...
If you optimize your JavaScript code with these hacks, it can help you write cleaner code, save resources, and optimize your programming time. According to RedMonk, JavaScript is the most popular programming language. Furthermore, SlashData estimates that around 12.4 million developers use JavaScript, which also includes CoffeeScript and Microsoft’s TypeScript. This means that millions of people use JavaScript to work as programmers, take freelance gigs through sites like UpWork and Freelancer, or even start their own web developing businesses. freeCodeCamp has an excellent basics course on JavaScript. But, if you’re already familiar with the fundamentals and want to advance your proficiency in JavaScript, then here are ten hacks you should learn and integrate into your workflow. 1. How to Use Shortcuts for Conditionals JavaScript allows you to use certain shortcuts to make your code easier on the eyes. In some simple cases you can use logical operators && and || instead of if and else. Let’s look at the && operator in action. Example snippet: The || operator functions as an “or” clause. Now, using this operator is a bit trickier since it can prevent the application from executing. However, we can add a condition to get around it. Example snippet: 2. How to Convert to an Integral Using the ~~ Operator Removing decimals to return an integral using math.floor or math.round takes up resources. A more efficient way is using the ~~ operator. Example snippet: 3. Resize or Empty an Array Using array.length Sometimes you need to adjust the size of your array or empty it. The most efficient way to do this is using array.length. Example snippet:...
A guide to government financial assistance for small businesses. Over the past year, lockdowns and restrictions have rapidly brought forward timelines on plans to digitise business for many organisations. New technologies across industries have been implemented to allow companies to remain in business as well as connected to colleagues and clients from anywhere. The uptake and use of cloud-based technology, e-commerce platforms, and new digital technologies is expanding, and the Singapore government has stepped in to support small to medium sized businesses in going digital. SMEs are an essential foundation of the Singapore economy, employing two thirds of the workforce and contributing nearly half of Singapore’s GDP. While the uptake and roll-out of digital tools started as a necessity to enable businesses to continue operating, there has been a growing acceptance and appreciation for the benefits of a digitised workplace. The Singapore IMDA launched the SMEs Go Digital programme, promoting the use and update of digital technologies to build stronger digital capabilities. These alongside other existing government grants can make a huge difference to businesses who have been hard hit over the past year. Productivity Solutions Grant The Productivity Solutions Grant (PSG) supports businesses in the adoption of IT solutions or equipment that improves business productivity. The PSG grant supports sector-specific solutions as well as solutions which benefit all industries. Solutions are pre-scoped by government agencies, including Enterprise Singapore, the National Environmental Agency (NEA) and the Singapore Tourism Board (STM). How much is the Productivity Solutions Grant? In 2020, PSG was enhanced to encourage the digitisation of small business, to counter the effects of restrictions due to COVID-19. As...
1 TL;DR Cheatsheet For those of you in a hurry, the following chart is a “too long; didn’t read” summary. 1 Framework Comparison DISCLAIMER: The following comparisons are subjective. What would be counted as a strength in one case could be considered a drawback in another. For example, using complex CSS3 selectors in jQuery lets you do a lot with a single line of code, but that does not mean it is the most efficient way to interact with the Document Object Model. 1.1 The jQuery Library The jQuery library is a modular set of cross-browser methods for making AJAX requests, manipulating elements, triggering and listening for events, selecting elements from the DOM, running animations and effects, getting and setting form input values, traversing the DOM, using deferred promises to manage future events, and more. It works as a facade to standardize and ease the task of programmatically interacting with elements on a web page. 1.1.1 Intuitive API Even as modern browsers are becoming more standardized, there is no doubt that cross-browser DOM manipulation is still painful. One of the greatest strengths of the jQuery library is its clean and intuitive API. New developers have no trouble picking it up quickly, yet it is powerful enough for JavaScript experts to leverage as well. Suppose we have the following HTML markup, and we want to add the text ‘World’ to the message ‘Hello’ when the button is clicked the first time. The following Vanilla JavaScript code demonstrates one way to do this (live example). In contrast, it is trivial to do the exact same thing with jQuery (live example). Pretty...
Considering the ongoing efforts to improve the world’s ecosystem and climate conditions, more countries are investing in smart technologies and micromobility. This led to a boost in the bike-sharing industry where companies managed to get good amounts of funding from many investors. In recent years, there have been man bike-sharing startups that received millions of funding from big companies. Here is an overview of the fundings received by famous e-scooter apps: Lots of fundings to date! Isn’t it? Now, let have a look at the E-scooter valuations and investors in the chart diagram below: Image Source: Forbes Why are Micro-Mobility & Lime like Escooter Ride Apps Growing? The E-scooter market is expected to grow at a very high pace in the coming years, and people will start using e-scooter services for any kind of everyday activities like going to the office, going to the supermarket to buy groceries, attending classes, and much more. Here are the major reasons for the growing demand for e-scooter apps and services: Managing and carrying e-scooters is hassle-free as one doesn’t need to worry more about finding the parking space. Environment Friendly In comparison to cars and the other fuel-based vehicles that produce a lot of air and noise pollution, e-scooters are totally environment friendly which is good for maintaining the good climate conditions that are much needed in the whole world. Easy to Move E-scooters being adjustable and easy to move helps in avoiding traffic congestion that saves time and maintaining a good mood while going to the office or any other place. Less Expensive While hiring a cab can be a bit...
website design singapore,web design singapore,web development singapore,ruby on rails developer singapore,design firms in singapore,app developer singapore,graphic designer in singapore,singapore web development,android developer singapore,website developer singapore,web designer singapore,singapore mobile application developer,singapore mobile app developer,app development singapore,mobile application development singapore,developers in singapore,web application singapore,web design company singapore,mobile apps development singapore,website designer singapore,ios app development singapore,developer in singapore,mobile application developer singapore,ios developer singapore,design agency singapore,mobile app developer singapore,mobile game developer singapore,singapore web design services,singapore website design,mobile apps singapore,singapore web design,mobile app development singapore,web development company singapore,mobile developer singapore,website development singapore,web design services singapore,singapore app developer
