Custom code. WordPress – adding custom HTML code


If you need to insert arbitrary code into posts and pages of a WordPress site, you can use the Global Content Blocks plugin. The plugin is not heavy, it allows you to quickly and conveniently insert HTML, PHP codes, custom codes, subscription forms, AdSense advertising, text blocks into an article or page. With its help, you can insert php code into a website template and place blocks in two or three columns. The plugin is constantly updated and can be considered one of the best WordPress plugins.

Download and install

We go through the standard steps. If you install plugins using , I give the address of the official page of the plugin: https://ru.wordpress.org/plugins/global-content-blocks/

Setting up the Global Content Blocks plugin

There are no plugin settings as such. After activating the plugin, a menu appears in the console: Global Content Blocks. On the plugin page we see control tabs:

  • Manage Blocks (1) - manage plugin blocks;
  • Add a Content Blocks (2) - adding blocks;
  • Setting (3) - import blocks from another site.

Also, a button for adding plugin blocks appears in the site editor.


button to add Global Content Blocks in the editor

Insert custom code into WordPress posts and pages using the Global Content Blocks plugin

Working with the plugin is easy:

  • Go to the block adding page;
  • Give the new block a name (1),
  • We give it a Latin name for the shortcode (2);
  • Select the content type (3);
  • You can select a picture (5) to be placed in the block;
  • Insert the contents of the block (4).

Create a new Global Content Blocs

Processing "Custom code" is intended for compiling and executing custom 1C:Enterprise 8 code in user mode. This processing is primarily intended for implementers and advanced users. Developed based on Query Console processing.

Processing provides functions:

  • execution of arbitrary code (entirely or selected text),
  • designing queries (with re-opening for editing) with automatic or manual filling of parameters,
  • setting the values ​​of variables found in the code text (via context menu or drag-and-drop),
  • inserting the described variables (parameters) into the code text,
  • error analysis during code execution,
  • saving code fragments and parameter values ​​to a file for storage between work sessions.

Thus, processing can be used as a repository of universal mechanisms that can be executed within a single procedure.

Description of the dialogue

The processing dialog is divided into three main blocks.

Tree of code snippets

In the upper left part of the processing there is a tree of code fragments compiled by the user. It is possible to add, delete, or move elements of this list. By double-clicking on a line in the tree, the selected code fragment is executed. The tree is controlled using a block of buttons on the processing command panel.

The processing provides a mode for automatically saving code fragments. To do this, you need to use the command panel button to call up the autosave settings dialog, enable autosave mode and set the desired interval for automatically saving queries to a file.

Code snippet options

The "Parameters" button opens a panel in which you can specify a list of query parameters and variables used in the code.

The first column indicates the name of the parameter.

The second column indicates the actual code parameter, which can be specified directly by the value.

The parameters are filled in automatically when the request is developed by the designer. In addition, parameters can be added manually by adding rows to the table or from the context menu of the code text field, or by dragging a variable into the parameters table.

Code text

At the bottom of the processing is the actual code text. The snippet that is displayed depends on the current line of the code snippet tree.

A critical vulnerability in the corporate version of the popular version control system GitHub allows any authorized user to execute arbitrary code on the system. To exploit this vulnerability, you need to use several techniques at once: injection into the caching service and object injection.

General information

The Addressable::URI.parse method parses the passed URL and checks it against the specifications RFC 3986, RFC 3987 and RFC 6570. This means that we can send requests to any servers. No other address checks are performed.

Only when you try to use local addresses localhost, 127.0.0.1 and the like, the system returns an Invalid host error. However, not just a localhost! This bug can be worked around by simply using the address 0.0.0.0 or 0 for short.

Let's check how it works. Let's listen to port 31337 (nc -lp 31337 -vvv) on the virtual machine. And then we will create a webhook, specifying http://0.0.0.0:31337/test as the URL. After clicking the “Add” button, a request immediately arrives to us.



We can congratulate ourselves, we have discovered an SSRF vulnerability. Yes, not a simple one, but which also shows the server’s response if it is formatted as a valid HTTP response.

Now we need to figure out what we can do with it.

It’s not for nothing that I tried so zealously to get onto localhost. GitHub Enterprise is a large and complex application, so there are a number of support services running inside. Just look at the status bar.


Here we have “Elastic”, and “Radish”, and “Memkesh”. Choose - I don’t want it!

Let's start with Memcached. The protocol for communicating with him is text-based, so you can try an injection. Let's try to split the request (HTTP Request Splitting), for this we will create a hook with carriage return characters.

Http://0:31337/Hello%0D%0Aworld

It didn't work out. Okay, don’t despair, there is still something to profit from on this server.

Finding suitable services

Now it's time to look at open ports. Let's run the command sudo netstat -anp | grep -i LISTEN .



Here is an impressive list of services that are available over the network. There is room to roam, even port 1337 is open 😉

If you remember, I said that SSRF allows you to read the response. This can be used during black box penetration tests. For example, let's see what's on the notorious port 1337. Let's create a hook http://0:1337/, open it and scroll to Recent Deliveries. There, in the Response tab, you can see the response from the server. If we want to resend the request, then the Redeliver button is at your service.

Continuation is available only to members

Option 1. Join the “site” community to read all materials on the site

Membership in the community within the specified period will give you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score rating!

  • " onclick="window.open(this.href,"win2","status=no,toolbar=no,scrollbars=yes,titlebar=no,menubar=no,resizable=yes,width=640,height=480,directories =no,location=no"); return false;" > Print
  • Email

In this tutorial, we'll look at how to display additional content on your site using the Custom HTML module. It will also show how to translate the contents of this module into another language using the component Joom!Fish.

Introduction

Module " Custom HTML code"is a standard module CMS Joomla, with which we can add HTML code to any place on the site page that is allowed by the site template. Using this module, it is convenient to add not only text with graphics, but also various scripts and informers.
In this tutorial we will show you how to use the "Custom HTML Code" module, as well as how to use this module in a component to create translations into other languages ​​- Joom!Fish.

First, we will create a “Custom HTML Code” and add this module to the main page of the “We Ride Ourselves” website. Then we will show how to make changes in this module for the Russian and Ukrainian languages ​​of the site. More precisely, we will change the heading “New Year in the Carpathians...” to “In the Carpathians...”, and then replace the object “Chervona Ruta” with “Polyana Kvasova”.

Creating a module based on "Custom HTML code"

To create a module "Custom HTML code" you need to go to the "Modules Manager" (in the "Extensions" menu). Then you need to click the “Create” button and select the “Custom HTML code” module from the list. A module window will open, where you need to enter a title, enable it, and also enter the desired (your) HTML code in the “Custom text” form. We entered “Hot Deals” as the title and set the position at the bottom of the site by selecting “footer” from the list for the “Position:” item. Since we want our content to be displayed only on the main page, we need to check “Select from list” in the “Menu Purpose” column opposite “Menu:” and select only “Home” in the list (Fig. 1). and click the “Save” button. Working with the “Custom HTML code” module is described in more detail in the lesson “Adding custom HTML in the joomla module using the example of a weather forecast informer”.

Working with module translation using the Joom!Fish component

After creation, our module will appear on the main page.
To change anything in a module, you just need to go to the “Modules Manager” in the admin panel and then go to our module, where we visually make our changes.

In some cases, it is convenient to make a translation in another way - through the control panel of the Joom!Fish component.
To translate the module in the second way, you need to go to the “Components” menu and select “Joom!Fish” - “Translation Management”. Next, click the “Copy of the original as a translation” button, select the “Modules” item from the list and select the desired language from the “Languages” drop-down menu (located on the right). We have two languages ​​on our website: Russian (by default) and Ukrainian (Fig. 2). In our case, we choose the Ukrainian language.


After selecting the language, a list of modules will appear in which we must find our module and go into it. A window called “Translation” will appear, in which we can translate our module into another language. In our case, we replace the object “Chervona Ruta” with “Polyana Kvasova” (Fig. 3). After clicking the “Save” button, our translation of the module will appear on the main page of the site (Fig. 4).




If you want to look video lesson with detailed all the steps, you can download the archive with the video lesson from the link.


2024 gtavrl.ru.