LibTracker Updates 11/25/24: Simplify Dependency Management with this simple SBOM Tool

We are excited to announce the latest updates to *LibTracker*, our VSCode extension designed for professionals to simplify software bill of materials (SBOM) management. With LibTracker, you can effortlessly analyze and manage your apps, ensuring up-to-date versions, addressing security vulnerabilities, and resolving licensing issues—all at a glance.

Access it here: [LibTracker on VSCode Marketplace](https://marketplace.visualstudio.com/items?itemName=windmillcode-publisher-0.lib-tracker)

### New Features in the Latest Release:

- **Grouped Paths**: Added the ability to associate multiple apps with a root folder, easing project transfers between computers.

- **App Detail Page**:

  - **Subdependency Information**: View detailed info and license info for subdependencies.

  - Toggle between root and subdependency data to explore license and CVE details.

- **Bulk Group Path Update**:

  - Recursively searches for app basenames within directories. or the exact subPath. Can specify a recusion level

### Upcoming Features:

- **App Detail Page Enhancements**:

  - Integration of CVE details for all subdependencies.

  - Search functionality extended to include nested child rows.

  - Expand and collapse all subtables within rows for streamlined navigation.

  - Responsive design updates to allow a card-based layout for improved usability.

- **Toggle Select All Apps**: Introducing a select-all option on the project detail page.

- **Workspace Folder Management**: Development depends on VSCode API’s ability to support VSCode profiles.

- **SBOM Generation**: Investigating whether to retrieve license and CVE details for every version of each package used in the app.

### Future Milestones (Exploring Feasibility):

- **Git Backup Changes**: Enhancements to streamline version control and backup capabilities.

- **AI-Powered Summaries**: Considering automated generation of license and CVE category summaries.

- **Subdependency Navigation**: Exploring the possibility of linking subdependencies in the license pane to their locations in the dependency table

- **Advanced Table Features** - the current package does not support

  - child row search

  - expand and collapse all subtables in a given row

  - responsiveness (remove columns or using cards at a certain viewport)

nre who is the coolest scav in your regions rn

NRE: thats a really hard one..

NRE: all of them are so cool, and I wouldnt want to hurt anyones feelings by saying someone specific is the coolest

NRE: and it could also foster an unhealthy competitiveness, as everyone would want to be named "coolest"

NRE: I wouldnt want to start anything like that

NRE: so the coolest scav is.... All of them!

Custom Script For Saving back up to Your Sims 2 Neighborhood Folder in Linux

After watching @teaaddictyt's youtube video on protecting and managing your save files. I thought I'd give my own tip to fellow linux users.

I created a script that will zip a copy of your last written neighborhood file and send it to a drive or backup folder of your choice. You can even bind it to a keyboard shortcut if you are that much of sim's addict. ;) edit: Sorry if my instructions were a little unclear... you only have to provide two entires under source and destination paths -- that's it. Also I won't be able to really help you troubleshoot this if it doesn't work. I had some assistance with chatgpt.

!/bin/bash

# Source and destination paths

SRC_DIR="/you/only/input/source/documents/ea games/sims 2/neighborhoods" DEST_DIR="/you/only/input/destination/here"

# Find the latest modified folder

LATEST_FOLDER=$(find "$SRC_DIR" -mindepth 1 -maxdepth 1 -type d -printf "%T@ %p\n" | sort -nr | head -n 1 | cut -d' ' -f2-)

# Check if a folder was found

if [ -z "$LATEST_FOLDER" ]; then echo "No folders found in $SRC_DIR" exit 1 fi

# Get the folder name

FOLDER_NAME=$(basename "$LATEST_FOLDER")

#Create a timestamped backup file

TIMESTAMP=$(date +"%Y-%m-%d_%H-%M-%S") ZIP_FILE="$DEST_DIR/${FOLDER_NAME}backup$TIMESTAMP.zip"

# Zip the folder

echo "Zipping $LATEST_FOLDER to $ZIP_FILE…" zip -r "$ZIP_FILE" "$LATEST_FOLDER"

echo "Backup completed: $ZIP_FILE"

Path Manipulation Vulnerability in Symfony: A Developer’s Guide to Prevention

Path manipulation vulnerabilities are among the most critical and overlooked threats in modern web development. When left unchecked in frameworks like Symfony, attackers can exploit path inputs to access unauthorized files or directories, leading to data exposure, code execution, or even system compromise.

In this post, we’ll explore how path manipulation vulnerabilities manifest in Symfony applications, provide real-world code examples, show how to prevent them effectively and offer a free website vulnerability scanner to test your app now.

➡️ Try our tool at https://free.pentesttesting.com/ 📖 Read more cybersecurity articles at Pentest Testing Blog

🔍 What is a Path Manipulation Vulnerability?

Path manipulation (also known as path traversal) occurs when an attacker is able to alter file paths to gain unauthorized access to the filesystem. This typically happens when user-supplied input is concatenated into file paths without proper validation.

In Symfony applications, this risk can arise during file reads, uploads, or log file access when developers use input like:

$filename = $_GET['file']; $content = file_get_contents('/var/www/html/uploads/' . $filename);

An attacker could exploit this by accessing:

https://yourdomain.com/view-file?file=../../../../etc/passwd

The result? Unauthorized file disclosure. 😱

💻 Symfony Path Manipulation: Real-World Code Examples

🔴 Vulnerable Example

Here’s how a typical Symfony controller may become vulnerable:

// src/Controller/FileController.php public function view(Request $request) { $filename = $request->query->get('file'); $path = '/var/www/project/uploads/' . $filename; if (file_exists($path)) { return new Response(file_get_contents($path)); } return new Response('File not found.', 404); }

Attackers can easily manipulate the file parameter to traverse directories.

✅ Secure Version Using Symfony Validation

To avoid path traversal, always validate and sanitize input:

public function view(Request $request) { $filename = basename($request->query->get('file')); // Strips directory traversal $directory = '/var/www/project/uploads/'; $path = realpath($directory . $filename); // Validate the path exists inside the allowed directory if ($path && strpos($path, $directory) === 0 && file_exists($path)) { return new Response(file_get_contents($path)); } return new Response('File not found or access denied.', 404); }

This ensures users cannot break out of the designated upload folder.

🛡️ Automatically Detect Vulnerabilities (With Screenshot Below)

Want to see if your Symfony app is vulnerable to path manipulation or other security risks? Try our free website vulnerability scanner now.

📸 Screenshot of our Website Vulnerability Scanner homepage

Use our free Website Security Checker to scan for vulnerabilities in seconds.

📊 Example: Vulnerability Assessment Report

Once the scan completes, you’ll receive a detailed report showing all issues found, including Path Traversal vulnerabilities.

📸 Screenshot of a vulnerability assessment report to check Website Vulnerability

Example report highlighting Path Manipulation vulnerabilities discovered by our tool.

🧠 Pro Tips for Preventing Path Manipulation in Symfony

✔ Always sanitize file input using basename() ✔ Use realpath() to get absolute paths and validate scope ✔ Avoid exposing file paths directly in URLs ✔ Log all failed file access attempts ✔ Use Symfony’s built-in security components where possible

Also consider limiting access to sensitive directories using .htaccess or system-level permission rules.

🚀 Web App Security Matters — Get a Professional Pentest

Need deeper assurance beyond automated scanning?

Our Web Application Penetration Testing Services provide thorough manual assessments of your Symfony or PHP-based application. We simulate real-world hacker attacks and deliver actionable insights to keep your app secure.

✅ Manual & Automated Testing ✅ OWASP Top 10 Coverage ✅ Comprehensive Reporting ✅ Fast Turnaround Time

—

👉 Book your audit now and safeguard your app like a pro.

🔗 More Learning Resources

📰 Browse our blog for the latest on Laravel, Symfony, React.js & more: PentestTesting Blog

✉️ Subscribe to our newsletter for weekly security tips: Subscribe on LinkedIn

🔚 Conclusion

Symfony developers must proactively address path manipulation vulnerabilities before attackers find them. With strong input validation, secure file handling practices, and regular security scans, you can build safer applications for your users.

Don’t wait for a breach to start thinking about security — test your site today for a Website Security check.

Porady Admina: basename

W dzisiejszym tutorialu z cyklu Porady Admina zajmiemy się poleceniem basename. Polecenie „basename” w systemie Linux jest podstawowym narzędziem używanym do manipulacji plikami i pisania skryptów. https://linuxiarze.pl/porady-admina-coreutils-basename/

Enhances image quality by setting the JPEG compression quality to high.

Sets the JPEG quality to 100% for high quality.

Converts JPEG and PNG images to WebP upon upload.

functions.php

// Set image quality to highadd_filter('jpeg_quality', function() { return 100; });// Convert uploaded images to WebPfunction convert_to_webp($metadata, $attachment_id) { $upload_dir = wp_upload_dir(); $file_path = $upload_dir['basedir'] . '/' . $metadata['file']; $info = pathinfo($file_path); // Check if file is an image if (in_array(strtolower($info['extension']), ['jpg', 'jpeg', 'png'])) { $webp_file = $info['dirname'] . '/' . $info['filename'] . '.webp'; if ($info['extension'] == 'png') { $image = imagecreatefrompng($file_path); imagepalettetotruecolor($image); imagewebp($image, $webp_file, 80); imagedestroy($image); } else { $image = imagecreatefromjpeg($file_path); imagewebp($image, $webp_file, 80); imagedestroy($image); } // Update the metadata to point to the WebP version $metadata['file'] = str_replace($info['basename'], $info['filename'] . '.webp', $metadata['file']); } return $metadata;}add_filter('wp_generate_attachment_metadata', 'convert_to_webp', 10, 2);// Add title and description based on filenamefunction auto_add_image_title_desc($post_ID) { $attachment = get_post($post_ID); $filename = pathinfo(get_attached_file($post_ID), PATHINFO_FILENAME); if (empty($attachment->post_title)) { $title = str_replace(['-', '_'], ' ', $filename); wp_update_post([ 'ID' => $post_ID, 'post_title' => ucwords($title), 'post_content' => 'Image titled: ' . ucwords($title) ]); }}add_action('add_attachment', 'auto_add_image_title_desc');

find more:

Coinbase’s Base Network Unveils ‘Basenames’, A Revolutionary Onchain Identities Feature

Key Points

Coinbase’s Base network has launched ‘Basenames’, an onchain identities solution on Ethereum.

Basenames are designed to simplify complex hexadecimal wallet addresses into user-friendly names.

Coinbase’s Base network, a significant Layer 2 solution on Ethereum, has introduced an onchain identities solution, ‘Basenames’.

These Basenames, constructed using the Ethereum Name Service (ENS) infrastructure, aim to convert complicated hexadecimal wallet addresses into easily readable names.

Understanding Basenames

The principle behind ENS subnames resembles website subdomains. An existing ENS domain owner can create and manage multiple subnames or subdomains under their primary name. Basenames are a crucial part of the Base ecosystem, simplifying user interaction within the blockchain space.

Launch Details of Basenames

The introduction of Basenames ensures inclusivity, with all names accessible via a Dutch auction. This method guarantees equal opportunity for all to claim their preferred names, preventing automated systems and bots from dominating the process.

The auction starts with a premium fee of 100 ETH, which will gradually decrease to 0.39 ETH over a 36-hour period. After the auction ends, users can secure their names without any additional premium fees.

Initially, Basenames will be available for the first three days after the launch, with users required to register their wallets by August 21, 18:00 UTC, to claim their unique base.eth usernames.

Base network lead Jesse Pollak highlighted the simplicity that Basenames will bring to the platform, stating that Basenames will be the easiest way to get started building (or living) onchain.

Base Network’s Success

The launch of Basenames by Coinbase is a significant part of its ongoing efforts to enhance the functionality and reach of its Base network. As a Layer 2 solution on Ethereum, Base allows users to deploy any Ethereum Virtual Machine (EVM) codebase easily and enables seamless onboarding of users and assets from Ethereum’s Layer 1, Coinbase, and other interoperable blockchain networks.

Since its inception on August 9, 2023, Base has made a significant impact on the industry. It has nearly tripled its total value locked (TVL) over the past six months, reaching $1.5 billion. The decentralized exchange Aerodrome has contributed significantly to this growth, contributing $592 million to this TVL.

Coinbase’s success with Base is also reflected in its Q2 2024 earnings. The company reported a total revenue of $1.45 billion, surpassing analysts’ predictions of $1.4 billion. Coinbase’s stock (COIN) is currently trading around $204.5, an increase of 30% year-to-date.

Shell 掌握參數處理與用戶輸入技巧 | Shell 結構化 ＆輸入互動

Overview of Content 本文將介紹 Shell 腳本中在讀���選項（Option）跟變數時常用的指令 無論是從基礎的 basename 和 shift 指令開始，還是深入探討處理 options 的不同方法，包括手動處理、使用 getopt 和 getopts 命令，都將一覽無遺。此外，您還將了解如何使用 read 命令從鍵盤或 Pipe 中讀取輸入 寫文章分享不易，如有引用參考請詳註出處，如有指導、意見歡��留言（如果覺得寫得好也請給我一些支持），感謝 😀 個人程式分享時比較注重「縮排」，所以可能不適合手機的排版閱讀，建議切換至「電腦版」、「平板版」視窗看 處理 Shell 參數 以下介紹如何透過特定的命來來取得輸入給 shell 的參數；參數輸入給 Shell script 的方式如下所示 # 腳本名為「hello_script.sh」 # 參數為 「10…

View On WordPress

Shell

Manpage

Most of Unix systems are managed by using Shell. Just as you need to know a minimum number of words to have a discussion in a language, you need to know a minimum number of commands to be able to easily interact with a system. Unix systems all have, sometimes with slight differences, the same set of commands. While it is not too hard to remember commands, it might be hard to remember all of their options and how exactly to use them. The solution to this is the man command. Let’s go through a part of the ssh one, as there are few elements to know to be able to read a man page:

NAME ssh — OpenSSH SSH client (remote login program) SYNOPSIS ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q cipher | cipher-auth | mac | kex | key] [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command] DESCRIPTION ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP ports can also be forwarded over the secure channel.

Some tips:

The NAME will summarize what the command is doing. As it is usually super short, you might want to look at DESCRIPTION (bellow) if ever it does not gives clear enough information

The SYNOPSIS will help you to understand the structure of the command:

A shell command usually have this format: command options parameters

Options inside [] are optional

The string without [] are mandatory

ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-D [bind_address:]port]

ssh is mandatory

-1246AaCfgKkMNnqsTtVvXxYy is optional

-D [bind_address:]port is optional (with bind_address: being itself optional within -D [bind_address:]port

Commands

Here is the (non-exhaustive) list of commands & concepts you should master to be verbose with Unix systems:

awk # pattern scanning and processing language basename # strip directory and suffix from filenames bg # resumes suspended jobs without bringing them to the foreground cat # print files cd # change the shell working directory. chmod # change file mode chown # change file owner and group crontab # maintain crontab files curl # transfer a URL cut # remove sections from each line of files date # display or set date and time dig # DNS lookup utility df # report file system disk space usage diff # compare files line by line du # estimate file space usage echo # display a line of text find # search for files in a directory hierarchy fg # resumes suspended jobs and bring them to the foreground grep # print lines matching a pattern kill # send a signal to a process less # read file with pagination ln # create links ls # list directory contents lsb_release # print distribution-specific information lsof # list open files mkdir # create mv # move files nc # arbitrary TCP and UDP connections and listens netstat # print network connections, routing tables, interface statistics... nice # execute a utility with an altered scheduling priority nproc # print the number of processing units available passwd # change user password pgrep # look up processes based on name and other attributes pkill # send signal to processes based on name and other attributes printenv # print all or part of environment pwd # print name of current/working directory top # display Linux processes tr # translate or delete characters ps # report a snapshot of the current processes rm # remove files or directories rmdir # remove directories rsync # remote file copy scp # secure copy (remote file copy program) sed # stream editor for filtering and transforming text sleep # suspend execution for an interval of time sort # sort lines of text file ssh # OpenSSH SSH client (remote login program) ssh-keygen # SSH key generation, management and conversion su # substitute user identity sudo # execute a command as another user tail # output the last part of files tar # manipulate archives files tr # translate or delete characters uname # Print operating system name uniq # report or omit repeated lines uptime # show how long system has been running w # Show who is logged on and what they are doing whereis # locate the binary, source, and manual page files for a command which # locate a command wc # print newline, word, and byte counts for each file xargs # build and execute command lines from standard input | # redirect standard output to another command > # redirect standard output < # redirect standard input & # send process to background

Shortcuts

Some handy shortcuts:

CTRL+A # go to beginning of line CTRL+B # moves backward one character CTRL+C # stops the current command CTRL+D # deletes one character backward or logs out of current session CTRL+E # go to end of line CTRL+F # moves forward one character CTRL+G # aborts the current editing command and ring the terminal bell CTRL+K # deletes (kill) forward to end of line CTRL+L # clears screen and redisplay the line CTRL+N # next line in command history CTRL+R # searches in your command history CTRL+T # transposes two characters CTRL+U # kills backward to the beginning of line CTRL+W # kills the word behind the cursor CTRL+Y # retrieves last deleted string CTRL+Z # stops the current command, resume with fg in the foreground or bg in the background

画像自動生成の準備(Mac mini[M1])

作業内容 ・画像自動生成のため、Core ML Stable Diffusionを導入する ・参考：https://namileriblog.com/python/coreml-stable-diffusion_macos13-1/

手順１：事前準備 1.OS確認 ・ターミナルから下記のコマンド操作を行う taiyo@Mac-mini ~ % sw_vers ProductName: macOS ProductVersion: 14.2.1 BuildVersion: 23C71

2.python確認 ・ターミナルから下記のコマンド操作を行う taiyo@Mac-mini ~ % python3 -V Python 3.11.7 taiyo@Mac-mini ~ % pip list Package Version

certifi 2022.9.24 chardet 5.0.0 idna 3.4 pip 23.3.2 setuptools 68.2.2 urllib3 1.26.12 wheel 0.41.3

3.pyenvをインストールする ・ターミナルから下記のコマンド操作を行う taiyo@Mac-mini ~ % brew install pyenv ==> Downloading https://formulae.brew.sh/api/formula.jws.json ################################################################################################################################# 100.0% ==> Downloading https://formulae.brew.sh/api/cask.jws.json ################################################################################################################################# 100.0% ==> Downloading https://ghcr.io/v2/homebrew/core/pyenv/manifests/2.3.35 ################################################################################################################################# 100.0% ==> Fetching pyenv ==> Downloading https://ghcr.io/v2/homebrew/core/pyenv/blobs/sha256:d19469261f788c09404f05872bd75357213ee58e98426e05edb962962d5e1a06 ################################################################################################################################# 100.0% ==> Pouring pyenv--2.3.35.arm64_sonoma.bottle.tar.gz 🍺 /opt/homebrew/Cellar/pyenv/2.3.35: 1,132 files, 3.4MB ==> Running brew cleanup pyenv… Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP. Hide these hints with HOMEBREW_NO_ENV_HINTS (see man brew).

4.miniforgeをインストールする ・ターミナルから下記のコマンド操作を行う taiyo@Mac-mini ~ % brew install miniforge ==> Downloading https://formulae.brew.sh/api/formula.jws.json ################################################################################################################################# 100.0% ==> Downloading https://formulae.brew.sh/api/cask.jws.json ################################################################################################################################# 100.0% ==> Caveats Please run the following to setup your shell: conda init "$(basename "${SHELL}")"

==> Downloading https://github.com/conda-forge/miniforge/releases/download/23.3.1-1/Miniforge3-23.3.1-1-MacOSX-arm64.sh

[中略]

no change /opt/homebrew/Caskroom/miniforge/base/etc/profile.d/conda.csh modified /Users/taiyo/.zshrc

==> For changes to take effect, close and re-open your current shell. <==

5.ターミナルを閉じた後に再度開く

手順２：Stable Diffusionの設定 1.conda仮想環境を準備する ・ターミナルから下記のコマンド操作を行う (base) taiyo@Mac-mini ~ % conda create -n coreml_sd python=3.9 -y Collecting package metadata (current_repodata.json): done Solving environment: done

[中略]

Preparing transaction: done Verifying transaction: done Executing transaction: done # # To activate this environment, use # # $ conda activate coreml_sd # # To deactivate an active environment, use # # $ conda deactivate

2.conda仮想環境を有効にする ・ターミナルから下記のコマンド操作を行う (base) taiyo@Mac-mini ~ % conda activate coreml_sd (coreml_sd) taiyo@Mac-mini ~ % (coreml_sd) taiyo@Mac-mini ~ % python -V Python 3.9.18

3.Stable Diffusionを取得する ・ターミナルから下記のコマンド操作を行う (coreml_sd) taiyo@Mac-mini ~ % mkdir ~/coreml_sd (coreml_sd) taiyo@Mac-mini ~ % cd ~/coreml_sd (coreml_sd) taiyo@Mac-mini coreml_sd % git clone https://github.com/apple/ml-stable-diffusion.git Cloning into 'ml-stable-diffusion'… remote: Enumerating objects: 640, done. remote: Counting objects: 100% (392/392), done. remote: Compressing objects: 100% (175/175), done. remote: Total 640 (delta 300), reused 232 (delta 216), pack-reused 248 Receiving objects: 100% (640/640), 23.56 MiB | 9.20 MiB/s, done. Resolving deltas: 100% (354/354), done.

4.ライブラリを取得する ・ターミナルから下記のコマンド操作を行う (coreml_sd) taiyo@Mac-mini coreml_sd % cd ml-stable-diffusion (coreml_sd) taiyo@Mac-mini ml-stable-diffusion % pip install --upgrade pip Requirement already satisfied: pip in /opt/homebrew/Caskroom/miniforge/base/envs/coreml_sd/lib/python3.9/site-packages (23.3.2) (coreml_sd) taiyo@Mac-mini ml-stable-diffusion % pip install -e . Obtaining file:///Users/taiyo/coreml_sd/ml-stable-diffusion Preparing metadata (setup.py) … done Collecting coremltools>=7.0b2 (from python_coreml_stable_diffusion==1.1.0) Downloading coremltools-7.1-cp39-none-macosx_11_0_arm64.whl.metadata (2.4 kB)

[以下略]

5.ライブラリをアップグレードする ・ターミナルから下記のコマンド操作を行う (coreml_sd) taiyo@Mac-mini ml-stable-diffusion % pip install --upgrade diffusers transformers scipy Requirement already satisfied: diffusers in /opt/homebrew/Caskroom/miniforge/base/envs/coreml_sd/lib/python3.9/site-packages (0.25.0) Requirement already satisfied: transformers in /opt/homebrew/Caskroom/miniforge/base/envs/coreml_sd/lib/python3.9/site-packages (4.36.2)

[以下略]

6.git-lfsをインストールする ・ターミナルから下記のコマンド操作を行う (coreml_sd) taiyo@Mac-mini ml-stable-diffusion % brew install git-lfs ==> Downloading https://formulae.brew.sh/api/formula.jws.json ################################################################################################################################# 100.0% ==> Downloading https://formulae.brew.sh/api/cask.jws.json ################################################################################################################################# 100.0% ==> Downloading https://ghcr.io/v2/homebrew/core/git-lfs/manifests/3.4.1 ################################################################################################################################# 100.0% ==> Fetching git-lfs ==> Downloading https://ghcr.io/v2/homebrew/core/git-lfs/blobs/sha256:63461c3fbf6ddab9d90c8c6dcb51748a68c4446f222709b970dd688dd78a77f6 ################################################################################################################################# 100.0% ==> Pouring git-lfs--3.4.1.arm64_sonoma.bottle.tar.gz ==> Caveats Update your git config to finish installation: # Update global git config $ git lfs install # Update system git config $ git lfs install --system

==> Summary 🍺 /opt/homebrew/Cellar/git-lfs/3.4.1: 78 files, 13.1MB ==> Running brew cleanup git-lfs… Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP. Hide these hints with HOMEBREW_NO_ENV_HINTS (see man brew). (coreml_sd) taiyo@Mac-mini ml-stable-diffusion % git lfs install Updated Git hooks. Git LFS initialized.

7.mlpackageを取得する ・ターミナルから下記のコマンド操作を行う (coreml_sd) taiyo@Mac-mini ml-stable-diffusion % cd ~/coreml_sd (coreml_sd) taiyo@Mac-mini coreml_sd % git clone https://huggingface.co/apple/coreml-stable-diffusion-2-base Cloning into 'coreml-stable-diffusion-2-base'… remote: Enumerating objects: 193, done. remote: Total 193 (delta 0), reused 0 (delta 0), pack-reused 193 Receiving objects: 100% (193/193), 552.85 KiB | 4.16 MiB/s, done. Resolving deltas: 100% (40/40), done. Filtering content: 100% (72/72), 16.07 GiB | 20.78 MiB/s, done.

8.動作確認 ・ターミナルから下記のコマンド操作を行う (coreml_sd) taiyo@Mac-mini coreml_sd % cd ml-stable-diffusion (coreml_sd) taiyo@Mac-mini ml-stable-diffusion % python -m python_coreml_stable_diffusion.pipeline \ --prompt "a_high_quality_photo_of_an_astronaut_riding_a_horse_in_space" \ -i ../coreml-stable-diffusion-2-base/original/packages \ -o ~ --compute-unit CPU_AND_GPU --seed 11 \ --model-version stabilityai/stable-diffusion-2-base

9.conda仮想環境を無効にする ・ターミナルから下記のコマンド操作を行う (coreml_sd) taiyo@Mac-mini ml-stable-diffusion % conda deactivate (base) taiyo@Mac-mini ml-stable-diffusion %

PHP / basename

Esta funcion de PHP nos devuelve el ultimo elemento de un path, espero les sea de utilidad!

Bienvenidos sean a este post, hoy veremos una funcion de PHP. Esta funcion nos permite obtener el ultimo nombre de un path de filesystem, veamos primero su sintaxis: basename(path[, sufijo]); El primer dato es el path y este es obligatorio y de manera opcional podemos pasar un sufijo el cual nos servira para omitirlo en caso de existir en el resultado lo quita del mismo, un tema a tener en…

View On WordPress

Handling file uploads in PHP

PHP Training,

Handling file uploads in PHP is a crucial aspect of web development, enabling users to upload files like images, documents, and more to a server. Here's an overview of the process:

HTML Form: Create an HTML form with an input element of type "file". This allows users to select and submit files.

htmlCopy code

<form action="upload.php" method="post" enctype="multipart/form-data"> <input type="file" name="fileToUpload" id="fileToUpload"> <input type="submit" value="Upload File" name="submit"> </form>

PHP Script for Handling Upload: Create a PHP script (e.g., upload.php) to handle the uploaded file. This script should perform the following steps:a. Check if a file was uploaded:phpCopy codeif(isset($_FILES['fileToUpload'])) { // File was uploaded } b. Define a target directory:phpCopy code$target_dir = "uploads/"; c. Specify the path and name for the uploaded file:phpCopy code$target_file = $target_dir . basename($_FILES['fileToUpload']['name']); d. Check file type and size (optional): You can check the file type using $_FILES['fileToUpload']['type'] and size using $_FILES['fileToUpload']['size'].e. Move the uploaded file:phpCopy codeif(move_uploaded_file($_FILES['fileToUpload']['tmp_name'], $target_file)) { echo "The file ".basename($_FILES['fileToUpload']['name']). " has been uploaded."; } else { echo "Sorry, there was an error uploading your file."; } This code snippet moves the uploaded file from the temporary directory to the desired target directory.

Security Considerations:

Validate file type and size to prevent malicious uploads.

Rename uploaded files to avoid overwriting existing ones.

Use appropriate permissions on the upload directory.

Feedback to User: Provide feedback to the user after the upload process, indicating whether the upload was successful or if an error occurred.

By following these steps and considering security measures, you can implement file uploads in PHP effectively, enabling users to contribute content to your web application.

Prevent Directory Traversal in Symfony Apps

🚨 Directory Traversal Attack in Symfony: How to Detect & Prevent It

Directory traversal (also known as path traversal) is a serious web application vulnerability that allows attackers to access files and directories stored outside the web root folder. If your Symfony application is not properly validated, it could be an open door to sensitive system files.

In this blog post, we’ll explore how directory traversal works in Symfony, see real-world coding examples, and show you how to detect these vulnerabilities using our Website Vulnerability Scanner online free.

🧠 What Is a Directory Traversal Attack?

A directory traversal attack lets a malicious user manipulate input fields or URL parameters to access unauthorized directories or files on the server.

For example:https:

//example.com/download?file=../../../../etc/passwd

If not validated properly, this could reveal the system password file — a major security risk!

⚙️ Common Symfony Vulnerability Code Example

Here’s an insecure Symfony controller snippet that accepts a filename from user input:

// src/Controller/DownloadController.php public function download(Request $request) { $filename = $request->query->get('file'); $filePath = '/var/www/uploads/' . $filename; if (file_exists($filePath)) { return new BinaryFileResponse($filePath); } else { throw $this->createNotFoundException('File not found!'); } }

❌ Problem:

There’s no sanitization, allowing an attacker to manipulate the file parameter like this:

/file=../../../../etc/passwd

This could result in unauthorized file access.

✅ Secure Symfony Implementation Against Directory Traversal

Here’s how to fix it by sanitizing the input and preventing path traversal:

use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\ResponseHeaderBag; use Symfony\Component\HttpFoundation\BinaryFileResponse; public function secureDownload(Request $request) { $filename = basename($request->query->get('file')); // basename prevents traversal $uploadDir = '/var/www/uploads/'; $filePath = realpath($uploadDir . $filename); // Check if file is within upload directory if (strpos($filePath, realpath($uploadDir)) !== 0 || !file_exists($filePath)) { throw $this->createNotFoundException('Unauthorized file access!'); } $response = new BinaryFileResponse($filePath); $response- >setContentDisposition(ResponseHeaderBag:: DISPOSITION_ATTACHMENT, $filename); return $response; }

✅ This approach:

Prevents directory traversal

Confirms the file exists in the intended directory

Validates file paths using realpath()

🛡️ Automatically Detect Directory Traversal with Our Free Tool

You can use our Website Vulnerability Scanner to detect directory traversal and other critical vulnerabilities instantly.

Screenshot of the webpage for our free Website Vulnerability Scanner tool:

Screenshot of the free tools webpage where you can access security assessment tools.

Once you scan your site for a Website Security check, you’ll receive a detailed vulnerability report like this:

An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.

📊 Real-World Use Case

Let’s say you have this route in Symfony:

download_file: path: /download controller: App\Controller\DownloadController::secureDownload

And users upload documents to /var/www/uploads. With our secure implementation, malicious requests like:

/download?file=../../../../etc/passwd

Will not be executed. Instead, they will trigger a 404 Not Found error, keeping your server safe.

🔗 Learn More About Web Security

For more cybersecurity tutorials, real-world attack examples, and secure coding practices, visit our main blog at: ➡️ Pentest Testing Corp.

We regularly publish practical guides for developers and security professionals.

💼 Need Professional Help? Try Our Web App Penetration Testing Service

If you’re serious about security, don’t stop at free tools. Our Web Application Penetration Testing Services provide:

Manual vulnerability discovery

OWASP Top 10 testing

Detailed reporting & remediation guidance

Continuous testing and support

🔒 Get your web app tested by cybersecurity professionals and secure it before attackers do!

📝 Final Thoughts

Directory traversal attacks can expose sensitive files and break your application’s security. Symfony apps need extra attention to file path validation and secure file handling. Using realpath(), basename(), and limiting file access to specific directories can save you from a major breach.

💡 Don’t wait — run a free scan of your site using our tool at https://free.pentesttesting.com/ and fix any directory traversal vulnerabilities before attackers find them.