Category Archives: Blogging

wp-keitai-mail and PHP5

Posted on by Jon
Reply

Last month I finally got around to updating to PHP5 which had the unfortunate side effect of breaking Dr. Dave’s excellent wp-keitai-mail script. After upgrading it would throw the following error:

PHP Fatal error: Using $this when not in object context in /var/www/moblog/joncellini.com/mimedecode.php on line 168

Fortunately with a bit of googling I was able to come up with an easy fix. Altering the syntax on line 156 of wp-keitaimail.php does the trick.

Before:

$structure = Mail_mimeDecode::decode($mime_params);

After:

// hack to fix PHP5 error
// $structure = Mail_mimeDecode::decode($mime_params);
$mail_mimedecode=new Mail_mimeDecode($input);
$structure = $mail_mimedecode->decode($mime_params);

This fix got version 1.6b of the script working again :)

wp-keitai-mail and the PHPXMLRPC vulnerability

Posted on by Jon
2

I use Dr. Dave’s wp-keitai-mail script for my moblog postings which works great; however, it depends on some older XMLRPC files from WordPress 1.2 which unfortunately are vulnerable to remote code execution that has recently been exploited by a worm making its way around the Internet. It looks like Dr. Dave has lost interest in updating it and trying to rewrite it to use the new WP 1.5 XMLRPC libraries is non-trivial.

Fortunately the risk can be mitigated pretty easy with some Apache .htacess directives:

order deny,allow
deny from all
allow from localhost

order deny,allow
deny from all
allow from localhost

Placing that in the wp-includes directory keeps the older XMLRPC files from being accessible (and exploitable) from the Internet yet still allows them to be used by wp-keitai-mail. Tons easier than finding a new moblogging solution :)