Fixing VTiger “Illegal request” for links from other domains

Problem:

You’ve got a link to your VTiger installation from another domain, but any time you open it, you get an Illegal request error message, even though you are logged in correctly.

Solution:

The reason for this error message is that vtiger validates the Referer (i.e. source URL of the request) as a protection layer against certain security issues, for example CSRF (cross-site request forgery). We will disable the referer check. Be sure to understand the implications before you do as suggested.

Disabling involves only editing a single code line. I tested this with VTiger 6.5.0, but likely only minor adjustments have to be made for other versions.

Steps to fix:

  • Open <your vtiger directory>/includes/http/Request.php in a text editor
  • In the editor. search for Illegal request. You will see a code block like this:
protected function validateReferer() {
$user=  vglobal('current_user');
        // Referer check if present - to over come 
        if (isset($_SERVER['HTTP_REFERER']) && $user) {//Check for user post authentication.
                global $site_URL;
                if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) && ($this->get('module') != 'Install')) {
                        throw new Exception('Illegal request');
                }
        }
        return true;
}
 
  • Comment out throw new Exception('Illegal request'); with // (results in //throw new Exception('Illegal request');)
  • The code block should now look like this:
protected function validateReferer() {
$user=  vglobal('current_user');
        // Referer check if present - to over come 
        if (isset($_SERVER['HTTP_REFERER']) && $user) {//Check for user post authentication.
                global $site_URL;
                if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) && ($this->get('module') != 'Install')) {
                        //throw new Exception('Illegal request');
                }
        }
        return true;
}
 
  • Save the file
  • The fix should be in effect immediately, else restart your webserver.

Script user input

Problem

You want to remote control a program but unfortunately this program has only a “klick&gaudy”(*) interface.
(*) Okok – only has a graphical user interface (short GUI).

Solution

You may use xdotool in order to script user actions. To install this tool, use:

sudo apt-get install xdotool

Now you can get the position of the mouse pointer with:

xdotool getmouselocation

or set it via:

xdotool mousemove 400 300 (This means set the mouse to position x=400, y=300; Point of origin is the top left corner of the screen.)

In order to click use:

xdotool click 1

And in order to type a text (e.g. into a control field of the GUI)

xdotool type 'Hello World'

(P.S.: xdotool has much more options … Once this tool got installed type man xdotool in order to see them all.)

Play a sound in a Webbrowser

Problem:

You want to play some sounds in a webbrowser.

Solution:

Modern Browsers have a fancy integrated AudioContext that allows you to play sounds. Here is an example (JavaScript Code):

// get the AudioContext
window.AudioContext = window.AudioContext || window.webkitAudioContext;

// Initialize audio context
var context = new AudioContext();

// Create an oscillator ... via this oscillator we can then play different sounds
var oscillator = context.createOscillator();
oscillator.frequency.value = 440; // this is an "A"
oscillator.type = "square";

// attach the oscillator to the sound output
oscillator.connect(context.destination);

oscillator.start(0); // start the oscillator (0=now) ...
oscillator.stop(1);  // stop playing this sound after 1 second

Graph layouting via Graphviz

Problem:

You want to display a Graph.

Solution:

Create a simple text file describing your graph and save it with a .dot file extension:

graph {
node1 -- node2;
node2 -- node3;
node3 -- node4;
node4 -- node1;
}

Afterwards you can use a program of the graphviz package (sudo apt-get install graphviz) in order to visualize the graph. This package contains different layouting programs like dot, neato, fdp (all from the GraphViz project) etc. Simply call one of these programs in order to visualize the graph:

neato -Tsvg yourFile.dot -o outputFile.svg

Output from this command:

Yet another Atom Arduino blinker

While experimenting with Atom I produced a minimal example for making my old Arduino Uno blink its LED periodically.

Although there are plenty of examples out there (some of them even work!) I didn’t want to introduce any dependency to the Arduino libraries. Besides making it harder to build (even if arscons is quite nice) it increases the object size and Arduino only supports a limited range of processors. I need the flexibility to use the code on controlles like the ATTiny45

Read more

Mapping STRING aliases to UniProt IDs

In a recent project, I needed to compare STRING records to other PPI databases. However, this is not always as easy as it sounds, because STRING uses KEGG protein identifiers. Fortunately, at the STRING download page, a list of alias mappings is freely downloadable.

There’s still one major problem left, though: I couldn’t find any documentation about the format. It seems to be somewhat easy once you’ve figured out the basics, but I created a reusable Python function that filters a given organism and outputs a STRING ID, UniProt ID CSV:

Read more

Filtering STRING PPI dumps by taxonomy

Recently I needed to filter a STRING protein-view database dump (e.g. protein.links.full.v9.05.txt.gz) by taxonomy ID. The original dataset was way too large (it had more than 670 million records).

In order to filter with constant memory (After all, the full STRING dump is 47GB large), I created this script that allows to filter for binary PPIs both matching the given organism (NCBI taxonomy ID), but also allows to filter for binary PPIs with at least one interacting protein of the given organism. Usually this doesn’t really make a difference for STRING.

Read more

gtf2gff.py: A replacement for gtf2gff.pl

Recently we had to work with the gtf2gff.pl tool to convert CONTRAST and TwinScan GTF output to the GFF format which can be read by many annotation tools.

Working with that script was really hard, it did not report errors at all, plus it is not programmatically reusable at all. There are different versions of the perl script on the internet, but what we needed was a standardized, short, readable version that does proper command line parsing using a standard tool like argparse and a conversion function that is usable from other scripts.

Read more

Building LevelDB Debian (.deb) packages

Problem:

You intend to install LevelDB, but you don’t want to manually install & compile it as described here.

Instead, you just want to use the debian packaging system and some reproducible method of creating a DEB package from LevelDB.

Reasons for preferring not to compile & install manually could be:

  • You want to deploy LevelDB to one ore more environments that don’t have a complete build environment
  • You prefer a clean install-uninstall-purge package lifetime management
  • You need a reproducible process to deploy LevelDB

Read more

ffmpeg / avconv : List supported codecs

You can list all codecs supported by libavconv (the library used by ffmpeg / avconv) by using this command:

ffmpeg -codecs

If you don’t have the ffmpeg executable simply use

avconv -codecs

Note that avconv and ffmpeg are essentially the same, but the projects split at some time and then re-merged. Starting from Ubuntu 15.04, ffmpeg is available in the repositories again, whereas previously, ffmpeg was replaced by avconv.

For details, see this StackOverflow thread and this detailed post about the ffmpeg/libav situation.