Search Results

Search found 390 results on 16 pages for 'escaping'.

Page 14/16 | < Previous Page | 10 11 12 13 14 15 16  | Next Page >

  • Grails: How to include an html link inside a <g:message> default attribute?

    - by Christoph
    Hi, I am starting with Grails and want to have one page with multilanguage content. I started using the tag which works fine. But here is what I want to do: I want to include the default text of the default language right in the text, to avoid switching back and forth in between files. <g:message code="homepage.feature.headline1" default="This is an english text" /> The above works. But now I a have a message which should include a link like this: <g:message code="homepage.feature.headline1" default="This is an english text with <a href='somefile.html'>a link</a>" /> This gives me an exception: org.codehaus.groovy.grails.web.pages.exceptions.GroovyPagesException: Error processing GroovyPageView: Grails tags were not closed! [[<g:message>]] in GSP How can I achieve that I can include a link there? I have tried escaping the < brackets but still no luck. I really would like to avoid splitting up this one sentence into multiple smaller sentences. Thanks Christoph

    Read the article

  • Find Users E-Mail via SID using VBScript and ADSI

    - by er4z0r
    Hi, I am parsing log messages about changes to user accounts on a windows system. I want to notify the user about the changes so I need to retrieve their personal information (First,Last, E-Mail) from Active Directory. I already found a way to retrieve the username but that is only via WMI and not ADSI: Function FindUser(Message) Dim objWMIService Dim strAccountRegex Dim objRegex Dim objMatch Dim strComputer Dim objUser Dim objShell strAccountRegex = "(\%\{[A-Z,0-9,\-]*\})" strComputer = "." Wscript.StdOut.writeLine "Querying WMI to retrieve user-data" Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set objShell = WScript.CreateObject("WScript.Shell") Set objRegex = new RegExp objRegex.Pattern= strAccountRegex for each objMatch in objRegex.Execute(Message) REM Wscript.StdOut.writeLine "Found an Account ID: " & objMatch.value Dim strSID strSID=NormalizeSID(objMatch.value) REM Wscript.Echo "SID after escaping: " & strSID Set objUser = objWMIService.Get _ ("Win32_SID.SID='" & strSID & "'") next FindUser=objUser.ReferencedDomainName & "\" & objUser.AccountName End Function It works fine, but I would like to do it via Active Directory instead of going via WMI. Can you help me?

    Read the article

  • Space in Directory Parameter of svcutil.exe

    - by Drew Frisk
    I'm attempting to download metadata for a WCF service using svcutil but I'm running into issues with the /directory:< parameter. The directory I want to save to has a space in it: C:\Service References\Logging so when I execute /t:metadata I receive the following error: Error: The directory 'C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\References\Logging' could not be found. Verify that the directory exists and that you have the appropriate permissions to read it. It looks to me like the space in "Service References" is causing the issue. From my understanding of command shell (which is very little) spaces act as delimiters for an executable. So I tried escaping the space with a carrot Service^ References and surrounding the path in double quotes "C:\Service References\Logging" but neither of those seem to be working, as the /directory: parameter doesn't recognize them as valid characters in the value. I haven't been able to find any direction in regards to this and svcutil, so I'm at a loss right now. I could download the files to a temp folder and then move them, but I would prefer not to take that approach. I would appreciate any direction that could be given on trying to resolve this. Thanks in advance.

    Read the article

  • Hyperlink regex including http(s):// not working in C#

    - by Rory Fitzpatrick
    I think this is sufficiently different from similar questions to warrant a new one. I have the following regex to match the beginning hyperlink tags in HTML, including the http(s):// part in order to avoid mailto: links <a[^>]*?href=[""'](?<href>\\b(https?)://[^\[\]""]+?)[""'][^>]*?> When I run this through Nregex (with escaping removed) it matches correctly for the following test cases: <a href="http://www.bbc.co.uk"> <a href="http://bbc.co.uk"> <a href="https://www.bbc.co.uk"> <a href="mailto:[email protected]"> However when I run this in my C# code it fails. Here is the matching code: public static IEnumerable<string> GetUrls(this string input, string matchPattern) { var matches = Regex.Matches(input, matchPattern, RegexOptions.Compiled | RegexOptions.IgnoreCase); foreach (Match match in matches) { yield return match.Groups["href"].Value; } } And my tests: @"<a href=""https://www.bbc.co.uk"">bbc</a>".GetUrls(StringExtensions.HtmlUrlRegexPattern).Count().ShouldEqual(1); @"<a href=""mailto:[email protected]"">bbc</a>".GetUrls(StringExtensions.HtmlUrlRegexPattern).Count().ShouldEqual(0); The problem seems to be in the \\b(https?):// part which I added, removing this passes the normal URL test but fails the mailto: test. Anyone shed any light?

    Read the article

  • NAMESPACE_SEPARATOR constant

    - by ts
    Hello, Having namespaces in PHP is great. Having '\' as namespace separator is a little bit ... awkward (but if there is someone who thinks that is cool & sexy, I am adding tag "rant" to this post. ;) . So, here goes the question: Are you using in your code NAMESPACE_SEPARATOR constant? As in code below: <?php if (!\defined('NAMESPACE_SEPARATOR') { \define('NAMESPACE_SEPARATOR', '\\'); } // if Pros: consistent with DIRECTORY_SEPARATOR (which all of us are using ;) no mess with escaping (think of '\Foo\Bar' but '\\' . Foo' . '\\' . 'Bar') more readable (IMHO) which gives us in effect an opportunity to write good, namespace-aware autoloaders can resist another change if something scary happens (as with ol'good '::' from PHP 6 alpha) can hide uniquess of '\' as namespace operator in programming language land from strangers ;) Cons: "The reason for DIRECTORY_SEPARATOR is that the value is platform dependent, the namespace separator isn't." (as stated in http://bugs.php.net/bug.php?id=43046) 19 characters instead of 1 ( \ ) or 4 ('\\') There are places where you can't use this (full qualified class names as default class variables) ie: class A { protected $sDefaultReporterClass = '\My\Namespace\DefaultReporter'; } So, what are you thinking ?

    Read the article

  • Is there a PHP library that performs MySQL Data Validation and Sanitization According to Column Type

    - by JW
    Do you know of any open source library or framework that can perform some basic validation and escaping functionality for a MySQL Db. i envisage something along the lines of: //give it something to perform the quote() quoteInto() methods $lib->setSanitizor($MyZend_DBAdaptor); //tell it structure of the table - colnames/coltypes/ etc $lib->setTableDescription($tableDescArray); //use it to validate and escape according to coltype foreach ($prospectiveData as $colName => $rawValue) if ( $lib->isValid($colName, $rawValue)) { //add it to the set clause $setValuesArray[$lib->escapeIdentifier($colName);] = $lib->getEscapedValue($colName,$rawValue); } else { throw new Exception($colName->getErrorMessage()); } etc... I have looked into - Zend_Db_Table (which knows about a table's description), and - Zend_Db_Adaptor (which knows how to escape/sanitize values depending on TYPE) but they do not automatically do any clever stuff during updates/inserts Anyone know of a good PHP library to preform this kind of validation that I could use rather than writing my own? i envisage alot of this kind of stuff: ... elseif (eregi('^INT|^INTEGER',$dataset_element_arr[col_type])) { $datatype='int'; if (eregi('unsigned',$dataset_element_arr[col_type])) { $int_max_val=4294967296; $int_min_val=0; } else { $int_max_val=2147483647; $int_min_val=-2147483648; } } (p.s I know eregi is deprecated - its just an example of laborious code)

    Read the article

  • PHP $_SERVER['HTTP_HOST'] vs. $_SERVER['SERVER_NAME'], am I understanding the man pages correctly?

    - by Jeff
    I did a lot of searching and also read the PHP $_SERVER man page. Do I have this right regarding which to use for my PHP scripts for simple link definitions used throughout my site? $_SERVER['SERVER_NAME'] is based on your web servers' config file (Apache2 in my case), and varies depending on a few directives: (1) VirtualHost, (2) ServerName, (3) UseCanonicalName, etc. $_SERVER['HTTP_HOST'] is based on the request from the client. Therefore, it would seem to me that the proper one to use in order to make my scripts as compatible as possible would be $_SERVER['HTTP_HOST']. Is this assumption correct? Followup comments: I guess I got a little paranoid after reading this article and noting that someone said "they wouldn't trust any of the $_SERVER vars": http://markjaquith.wordpress.com/2009/09/21/php-server-vars-not-safe-in-forms-or-links/ and also: http://www.php.net/manual/en/reserved.variables.server.php (comment: Vladimir Kornea 14-Mar-2009 01:06) Apparently the discussion is mainly about $_SERVER['PHP_SELF'] and why you shouldn't use it in the form action attribute without proper escaping to prevent XSS attacks. My conclusion about my original question above is that it is "safe" to use $_SERVER['HTTP_HOST'] for all links on a site without having to worry about XSS attacks, even when used in forms. Please correct me if I'm wrong.

    Read the article

  • Component returned failure code: 0x80600011 [nsIXSLTProcessorObsolete.transformDocument]

    - by Sean Ochoa
    So, I'm using the XSLT plugin for JQuery, and here's my code: function AddPlotcardEventHandlers(){ // some code } function reportError(exception){ alert(exception.constructor.name + " Exception: " + ((exception.name) ? exception.name : "[unknown name]") + " - " + exception.message); } function GetPlotcards(){ $("#content").xslt("../xml/plotcards.xml","../xslt/plotcards.xsl", AddPlotcardEventHandlers,reportError); } Here's the modified jquery plugin. I say that its modified because I've added callbacks for success and error handling. /* * jquery.xslt.js * * Copyright (c) 2005-2008 Johann Burkard (<mailto:[email protected]>) * <http://eaio.com> * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), * to deal in the Software without restriction, including without limitation * the rights to use, copy, modify, merge, publish, distribute, sublicense, * and/or sell copies of the Software, and to permit persons to whom the * Software is furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE * USE OR OTHER DEALINGS IN THE SOFTWARE. * */ /** * jQuery client-side XSLT plugins. * * @author <a href="mailto:[email protected]">Johann Burkard</a> * @version $Id: jquery.xslt.js,v 1.10 2008/08/29 21:34:24 Johann Exp $ */ (function($) { $.fn.xslt = function() { return this; } var str = /^\s*</; if (document.recalc) { // IE 5+ $.fn.xslt = function(xml, xslt, onSuccess, onError) { try{ var target = $(this); var change = function() { try{ var c = 'complete'; if (xm.readyState == c && xs.readyState == c) { window.setTimeout(function() { target.html(xm.transformNode(xs.XMLDocument)); if (onSuccess) onSuccess(); }, 50); } }catch(exception){ if (onError) onError(exception); } }; var xm = document.createElement('xml'); xm.onreadystatechange = change; xm[str.test(xml) ? "innerHTML" : "src"] = xml; var xs = document.createElement('xml'); xs.onreadystatechange = change; xs[str.test(xslt) ? "innerHTML" : "src"] = xslt; $('body').append(xm).append(xs); return this; }catch(exception){ if (onError) onError(exception); } }; } else if (window.DOMParser != undefined && window.XMLHttpRequest != undefined && window.XSLTProcessor != undefined) { // Mozilla 0.9.4+, Opera 9+ var processor = new XSLTProcessor(); var support = false; if ($.isFunction(processor.transformDocument)) { support = window.XMLSerializer != undefined; } else { support = true; } if (support) { $.fn.xslt = function(xml, xslt, onSuccess, onError) { try{ var target = $(this); var transformed = false; var xm = { readyState: 4 }; var xs = { readyState: 4 }; var change = function() { try{ if (xm.readyState == 4 && xs.readyState == 4 && !transformed) { var processor = new XSLTProcessor(); if ($.isFunction(processor.transformDocument)) { // obsolete Mozilla interface resultDoc = document.implementation.createDocument("", "", null); processor.transformDocument(xm.responseXML, xs.responseXML, resultDoc, null); target.html(new XMLSerializer().serializeToString(resultDoc)); } else { processor.importStylesheet(xs.responseXML); resultDoc = processor.transformToFragment(xm.responseXML, document); target.empty().append(resultDoc); } transformed = true; if (onSuccess) onSuccess(); } }catch(exception){ if (onError) onError(exception); } }; if (str.test(xml)) { xm.responseXML = new DOMParser().parseFromString(xml, "text/xml"); } else { xm = $.ajax({ dataType: "xml", url: xml}); xm.onreadystatechange = change; } if (str.test(xslt)) { xs.responseXML = new DOMParser().parseFromString(xslt, "text/xml"); change(); } else { xs = $.ajax({ dataType: "xml", url: xslt}); xs.onreadystatechange = change; } }catch(exception){ if (onError) onError(exception); }finally{ return this; } }; } } })(jQuery); And, here's my error msg: Object Exception: [unknown name] - Component returned failure code: 0x80600011 [nsIXSLTProcessorObsolete.transformDocument] Here's the info on the browser that I'm using for testing (with firebug v1.5.4 add-on installed): Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Here's my XML: <?xml version="1.0" encoding="ISO-8859-1"?> <plotcardCollection sortby="order"> <plotcard order="2" id="1378"> <name><![CDATA[[placeholder for name of plotcard 1378]]]></name> <content><![CDATA[[placeholder for content of plotcard 1378]]]></content> <tagCollection> <tag id="3"><![CDATA[[placeholder for tag with id=3]]]></tag> <tag id="7"><![CDATA[[placeholder for tag with id=7]]]></tag> </tagCollection> </plotcard> <plotcard order="1" id="2156"> <name><![CDATA[[placeholder for name of plotcard 2156]]]></name> <content><![CDATA[[placeholder for content of plotcard 2156]]]></content> <tagCollection> <tag id="2"><![CDATA[[placeholder for tag with id=2]]]></tag> <tag id="9"><![CDATA[[placeholder for tag with id=9]]]></tag> </tagCollection> </plotcard> </plotcardCollection> Here's my XSLT: <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/plotcardCollection"> <xsl:variable name="sortby" select="@sortby" /> <xsl:for-each select="plotcard"> <xsl:sort select="$sortby" data-type="number" order="ascending"/> <div> <!-- Start Plotcard --> <xsl:attribute name="class">Plotcard</xsl:attribute> <xsl:for-each select="@"> <xsl:value-of select="name()"/> <xsl:text>='</xsl:text> <xsl:if test="name() = 'id'"> <xsl:text>Plotcard-</xsl:text> </xsl:if> <xsl:value-of select="." /> <xsl:text>'</xsl:text> </xsl:for-each> <!-- Start Plotcard Name Section --> <div> <xsl:attribute name="class"> <xsl:text disable-output-escaping="yes">PlotcardName</xsl:text> </xsl:attribute> <xsl:value-of select="name/text()"/> </div> <!-- Start Plotcard Content Section --> <div> <xsl:attribute name="class"> <xsl:text disable-output-escaping="yes">PlotcardContent</xsl:text> </xsl:attribute> <xsl:value-of select="content/text()"/> </div> </div> </xsl:for-each> </xsl:template> </xsl:stylesheet> I'm really not sure what to do about this.... any thoughts?

    Read the article

  • Sanitizing user input that will later be e-mailed - what should I be worried about?

    - by Kevin Burke
    I'm interning for an NGO in India (Seva Mandir, http://sevamandir.org) and trying to fix their broken "subscribe to newsletter" box. Because the staff isn't very sophisticated and our web host isn't great, I decided to send the relevant data to the publications person via mail() instead of storing it in a MySQL database. I know that it's best to treat user input as malicious, and I've searched the SO forums for posts relevant to escaping user data for sending in a mail message. I know the data should be escaped; what should I be worried about and what's the best way to sanitize the input before emailing it? Form flow: 1. User enters email on homepage and clicks Submit 2. User enters name, address, more information on second page (bad usability, I know, but my boss asked me to) and clicks "Submit" 3. Collect the data via $_POST and email it to the publications editor (and possibly send a confirmation to the subscriber). I am going to sanitize the email in step 2 and the other data in step 3. I appreciate your help, Kevin

    Read the article

  • Sort by date in XSL

    - by bethhilson
    I am trying to sort by date for XML output. Here is my XSL: http://www.dnncreative.com -- <!-- Test to limit number of items displayed. Here only 5 items will be transformed --> <br></br> <!-- to open links in a new window, change target="_main" to target="_blank" --> <strong><a href="{link}" target="_blank"><xsl:value-of select="title"/></a></strong> <br> <!-- <xsl:value-of select="pubDate"/> --> </br> <!-- only display 100 characters of the description, and allow html --> <xsl:value-of disable-output-escaping="yes" select="description"/> I am trying to sort descending using the entereddate in my XML: Media Director 4/2/2009 01646359 Cleveland OH United States of America $0.00 - $0.00 / $0.00/hr - $0.00/hr http://employment.topechelon.com/web77391/jobseeker/sSetup.asp?runsearch=1&spJobAdId=01646359 http://employment.topechelon.com/web77391/jobseeker/sSetup.asp?runsearch=1&spJobAdId=01646359 Any help would be appreciated! Thanks Beth Hilson

    Read the article

  • How to Send Headers Through PHP Proxy?

    - by blabus
    Okay, so I have an issue with an AJAX request. I currently have this URL: http://www.google.com/images?hl=en&safe=off&gbv=2&tbs=isch%3A1&sa=1&q=cars+imagesize%3A500x500&aq=f&aqi=&aql=&oq=&gs_rfai=&start=0 I then pass it to my proxy script by modifying the string to this: proxy.php?url=http://www.google.com/images?hl=en&safe=off&gbv=2&tbs=isch%3A1&sa=1&q=cars+imagesize%3A500x500&aq=f&aqi=&aql=&oq=&gs_rfai=&start=0 I need to use the PHP proxy script to grab that page's HTML so that I can then parse through it with javascript. However, the problem is that the headers in that URL are also being sent to the proxy script, and as a result, I get a 'malformed or illegal request' error. I'm pretty sure the two different sets of headers are the problem, because if I just replace the original URL string with 'http://wwww.google.com', the proxy returns the HTML of the page correctly. So basically, I don't know how to fix this. I'm a complete PHP noob, and I tried escaping the original URL before I appended it to the 'proxy.php?url=', but that doesn't fix anything. Any ideas? Thanks!

    Read the article

  • start-stop-daemon quoted arguments misinterpreted

    - by Martin Westin
    Hi, I have been trying to make an init script using start-stop-daemon. I am stuck on the arguments to the daemon. I want to keep these in a variable at the top of the script but I can't get the quotations to filter down correctly. I'll use ls here so we don't have to look at binaries and arguments that most people wont know or care about. The end result I am looking for is for start-stop... to run ls -la "/folder with space/" DAEMON=/usr/bin/ls DAEMON_OPTS='-la "/folder with space/"' start-stop-daemon --start --make-pidfile --pidfile $PID --exec $DAEMON -- $DAEMON_OPTS Double escaping the options and trying innumerable variations of quotations do not help... Then they end up at the daemon they are always messed up. Enclosing $DAEMON_OPTS in quotes changes things... then they are seen as one since quote... never the right number though :) Echoing the command-line (start-stop...) prints exactly the right stuff to screen. But the daemon (the real one, not ls) complains about the wrong number of arguments. How do I specify a variable so that quotes inside it are brought along to the daemon correctly? Thanks, Martin

    Read the article

  • Python: Convert format string to regular expression

    - by miracle2k
    The users of my app can configure the layout of certain files via a format string. For example, the config value the user specifies might be: layout = '%(group)s/foo-%(locale)s/file.txt' I now need to find all such files that already exist. This seems easy enough using the glob module: glob_pattern = layout % {'group': '*', 'locale': '*'} glob.glob(glob_pattern) However, now comes the hard part: Given the list of glob results, I need to get all those filename-parts that matched a given placeholder, for example all the different "locale" values. I thought I would generate a regular expression for the format string that I could then match against the list of glob results (or then possibly skipping glob and doing all the matching myself). But I can't find a nice way to create the regex with both the proper group captures, and escaping the rest of the input. For example, this might give me a regex that matches the locales: regex = layout % {'group': '.*', 'locale': (.*)} But to be sure the regex is valid, I need to pass it through re.escape(), which then also escapes the regex syntax I have just inserted. Calling re.escape() first ruins the format string. I know there's fnmatch.translate(), which would even give me a regex - but not one that returns the proper groups. Is there a good way to do this, without a hack like replacing the placeholders with a regex-safe unique value etc.? Is there possibly some way (a third party library perhaps?) that allows dissecting a format string in a more flexible way, for example splitting the string at the placeholder locations?

    Read the article

  • Preventing HTML character entities in locale files from getting munged by Rails3 xss protection

    - by Chris S
    We're building an app, our first using Rails 3, and we're having to build I18n in from the outset. Being perfectionists, we want real typography to be used in our views: dashes, curled quotes, ellipses et al. This means in our locales/xx.yml files we have two choices: Use real UTF-8 characters inline. Should work, but hard to type, and scares me due to the amount of software which still does naughty things to unicode. Use HTML character entities (&#8217; &#8212; etc). Easier to type, and probably more compatible with misbehaving software. I'd rather take the second option, however the auto-escaping in Rails 3 makes this problematic, as the ampersands in the YAML get auto-converted into character entities themselves, resulting in 'visible' &8217;s in the browser. Obviously this can be worked around by using raw on strings, i.e.: raw t('views.signup.organisation_details') But we're not happy going down the route of globally raw-ing every time we t something as it leaves us open to making an error and producing an XSS hole. We could selectively raw strings which we know contain character entities, but this would be hard to scale, and just feels wrong - besides, a string which contains an entity in one language may not in another. Any suggestions on a clever rails-y way to fix this? Or are we doomed to crap typography, xss holes, hours of wasted effort or all thre?

    Read the article

  • xsl transform: problem with Ampersand URL parameters

    - by Rac123
    I'm having issues with transforming XSL with parameters in a URL. I'm at a point that I can't change the C# code anymore, only can make changes to xsl file. C# code: string xml = "<APPLDATA><APPID>1052391</APPID></APPLDATA>"; XmlDocument oXml = new XmlDocument(); oXml.LoadXml(xml); XslTransform oXslTransform = new XslTransform(); oXslTransform.Load(@"C:\Projects\Win\ConsoleApps\XslTransformTest\S15033.xsl"); StringWriter oOutput = new StringWriter(); oXslTransform.Transform(oXml, null, oOutput) XSL Code: <body> <xsl:variable name="app"> <xsl:value-of select="normalize-space(APPLDATA/APPID)" /> </xsl:variable> <div id="homeImage" > <xsl:attribute name="style"> background-image:url("https://server/image.gif?a=10&amp;Id='<xsl:value-of disable-output-escaping="yes" select="$app" />'") </xsl:attribute> </div> </body> </html> URL transformed: https://server/image.gif?a=10&Id='1052391' URL Expected: https://server/image.gif?a=10&Id='1052391' How do I fix this? The output (oOutput.ToString()) is being used in an email template so it's taking the URL transformed literally. When you click on this request (with the correct server name of course), the 403 (Access forbidden) error is being thrown.

    Read the article

  • Stop CDATA tags from being output-escaped when writing to XML in C#

    - by Smallgods
    We're creating a system outputting some data to an XML schema. Some of the fields in this schema need their formatting preserved, as it will be parsed by the end system into potentially a Word doc layout. To do this we're using <![CDATA[Some formatted text]]> tags inside of the App.Config file, then putting that into an appropriate property field in a xsd.exe generated class from our schema. Ideally the formatting wouldn't be out problem, but unfortunately thats just how the system is going. The App.Config section looks as follows: <header> <![CDATA[Some sample formatted data]]> </header> The data assignment looks as follows: HeaderSection header = ConfigurationManager.GetSection("header") as HeaderSection; report.header = "<[CDATA[" + header.Header + "]]>"; Finally, the Xml output is handled as follows: xs = new XmlSerializer(typeof(report)); fs = new FileStream (reportLocation, FileMode.Create); xs.Serialize(fs, report); fs.Flush(); fs.Close(); This should in theory produce in the final Xml a section that has information with CDATA tags around it. However, the angled brackets are being converted into &lt; and &gt; I've looked at ways of disabling Outout Escaping, but so far can only find references to XSLT sheets. I've also tried @"<[CDATA[" with the strings, but again no luck. Any help would be appreciated!

    Read the article

  • How to write a good PHP database insert using an associative array

    - by Tom
    In PHP, I want to insert into a database using data contained in a associative array of field/value pairs. Example: $_fields = array('field1'=>'value1','field2'=>'value2','field3'=>'value3'); The resulting SQL insert should look as follows: INSERT INTO table (field1,field2,field3) VALUES ('value1','value2','value3'); I have come up with the following PHP one-liner: mysql_query("INSERT INTO table (".implode(',',array_keys($_fields)).") VALUES (".implode(',',array_values($_fields)).")"); It separates the keys and values of the the associative array and implodes to generate a comma-separated string . The problem is that it does not escape or quote the values that were inserted into the database. To illustrate the danger, Imagine if $_fields contained the following: $_fields = array('field1'=>"naustyvalue); drop table members; --"); The following SQL would be generated: INSERT INTO table (field1) VALUES (naustyvalue); drop table members; --; Luckily, multiple queries are not supported, nevertheless quoting and escaping are essential to prevent SQL injection vulnerabilities. How do you write your PHP Mysql Inserts? Note: PDO or mysqli prepared queries aren't currently an option for me because the codebase already uses mysql extensively - a change is planned but it'd take alot of resources to convert?

    Read the article

  • How SQLite on Android handles long strings?

    - by Levara
    I'm wondering how Android's implementation of SQLite handles long Strings. Reading from online documentation on sqlite, it said that strings in sqlite are limited to 1 million characters. My strings are definitely smaller. I'm creating a simple RSS application, and after parsing a html document, and extracting text, I'm having problem saving it to a database. I have 2 tables in database, feeds and articles. RSS feeds are correctly saved and retrieved from feeds table, but when saving to the articles table, logcat is saying that it cannot save extracted text to it's column. I don't know if other columns are making problems too, no mention of them in logcat. I'm wondering, since text is from an article on web, are signs like (",',;) creating problems? Is Android automaticaly escaping them, or I have to do that. I'm using a technique for inserting similar to one in notepad tutorial: public long insertArticle(long feedid, String title, String link, String description, String h1,tring h2, String h3, String p, String image, long date) { ContentValues initialValues = new ContentValues(); initialValues.put(KEY_FEEDID, feedid); initialValues.put(KEY_TITLE, title); initialValues.put(KEY_LINK, link); initialValues.put(KEY_DESCRIPTION, description ); initialValues.put(KEY_H1, h1 ); initialValues.put(KEY_H2, h2); initialValues.put(KEY_H3, h3); initialValues.put(KEY_P, p); initialValues.put(KEY_IMAGE, image); initialValues.put(KEY_DATE, date); return mDb.insert(DATABASE_TABLE_ARTICLES,null, initialValues); } Column P is for extracted text, h1, h2 and h3 are for headers from a page. Logcat reports only column p to be the problem. The table is created with following statement: private static final String DATABASE_CREATE_ARTICLES = "create table articles( _id integer primary key autoincrement, feedid integer, title text, link text not null, description text," + "h1 text, h2 text, h3 text, p text, image text, date integer);";

    Read the article

  • How to filter what is shown in the for-each loop in XSL

    - by Denoteone
    I thought it would be as easy as tell the for-each to only select top_coach_sales_vw that has "Site" equal to "PB" but when I run the script it does not loop through any of the data in the XML. I am escaping the single quotes because it is part of a php echo. <xsl:for-each select="NewDataSet/top_coach_sales_vw[Site==\'PB\']"> <td><xsl:value-of select="name"/></td> <td><xsl:value-of select="Site"/></td> <td><xsl:value-of select="Status"/></td> </xsl:for-each> XML: <NewDataSet> <top_coach_sales_vw> <name>Mike</name> <Site>PB</Site> <State>Ready</State> </top_coach_sales_vw> <top_coach_sales_vw> <name>Bill</name> <Site>EL</Site> <State>Talking</State> </top_coach_sales_vw> <top_coach_sales_vw> <name>Ted</name> <Site>PB</Site> <State>Ready</State> </top_coach_sales_vw> </NewDataSet>

    Read the article

  • How to send a future email using AT command.

    - by BHare
    I just need to send one email into the future, so I figured i'd be best at using at rather than using cron. This is what I have so far, its messy and ugly and not that great at escaping: <pre> <?php $out = array(); // Where is the email going? $email = "[email protected]"; // What is the body of the email (make sure to escape any double-quotes) $body = "This is what is actually emailed to me"; $body = escapeshellcmd($body); $body = str_replace('!', '\!', $body); // What is the subject of the email (make sure to escape any double-quotes) $subject = "It's alive!"; $subject = escapeshellcmd($subject); $subject = str_replace('!', '\!', $subject); // How long from now should this email be sent? IE: 1 minute, 32 days, 1 month 2 days. $when = "1 minute"; $command= <<<END echo " echo \"$body\" > /tmp/email; mail -s \"$subject\" $email < /tmp/email; rm /tmp/email; " | at now + $when; END; $ret = exec($command, $out); print_r($out); ?> </pre> The output should be something like warning: commands will be executed using /bin/sh job 60 at Thu Dec 30 19:39:00 2010 However I am doing something wrong with exec and not getting the result? The main thing is this seem very messy. Is there any alternative better methods for doing this? PS: I had to add apache's user (www-data for me) to /etc/at.allow ...Which I don't like, but I can live with it.

    Read the article

  • Am I going the right way to make login system secure with this simple password salting?

    - by LoVeSmItH
    I have two fields in login table password salt And I have this little function to generate salt function random_salt($h_algo="sha512"){ $salt1=uniqid(rand(),TRUE); $salt2=date("YmdHis").microtime(true); if(function_exists('dechex')){ $salt2=dechex($salt2); } $salt3=$_SERVER['REMOTE_ADDR']; $salt=$salt1.$salt2.$salt3; if(function_exists('hash')){ $hash=(in_array($h_algo,hash_algos()))?$h_algo:"sha512"; $randomsalt=hash($hash,md5($salt)); //returns 128 character long hash if sha512 algorithm is used. }else{ $randomsalt=sha1(md5($salt)); //returns 40 characters long hash } return $randomsalt; } Now to create user password I have following $userinput=$_POST["password"] //don't bother about escaping, i have done it in my real project. $static_salt="THIS-3434-95456-IS-RANDOM-27883478274-SALT"; //some static hard to predict secret salt. $salt=random_salt(); //generates 128 character long hash. $password =sha1($salt.$userinput.$static_salt); $salt is saved in salt field of database and $password is saved in password field. My problem, In function random_salt(), I m having this FEELING that I'm just making things complicated while this may not generate secure salt as it should. Can someone throw me a light whether I m going in a right direction? P.S. I do have an idea about crypt functions and like such. Just want to know is my code okay? Thanks.

    Read the article

  • Simplest way to mix sequences of types with iostreams?

    - by Kylotan
    I have a function void write<typename T>(const T&) which is implemented in terms of writing the T object to an ostream, and a matching function T read<typename T>() that reads a T from an istream. I am basically using iostreams as a plain text serialisation format, which obviously works fine for most built-in types, although I'm not sure how to effectively handle std::strings just yet. I'd like to be able to write out a sequence of objects too, eg void write<typename T>(const std::vector<T>&) or an iterator based equivalent (although in practice, it would always be used with a vector). However, while writing an overload that iterates over the elements and writes them out is easy enough to do, this doesn't add enough information to allow the matching read operation to know how each element is delimited, which is essentially the same problem that I have with a single std::string. Is there a single approach that can work for all basic types and std::string? Or perhaps I can get away with 2 overloads, one for numerical types, and one for strings? (Either using different delimiters or the string using a delimiter escaping mechanism, perhaps.)

    Read the article

  • PHP & WP: Render Certain Markup Based on True False Condition

    - by rob
    So, I'm working on a site where on the top of certain pages I'd like to display a static graphic and on some pages I would like to display an scrolling banner. So far I set up the condition as follows: <?php $regBanner = true; $regBannerURL = get_bloginfo('stylesheet_directory'); //grabbing WP site URL ?> and in my markup: <div id="banner"> <?php if ($regBanner) { echo "<img src='" . $regBannerURL . "/style/images/main_site/home_page/mock_banner.jpg' />"; } else { echo 'Slider!'; } ?> </div><!-- end banner --> In my else statement, where I'm echoing 'Slider!' I would like to output the markup for my slider: <div id="slider"> <img src="<?php bloginfo('stylesheet_directory') ?>/style/images/main_site/banners/services_banners/1.jpg" alt="" /> <img src="<?php bloginfo('stylesheet_directory') ?>/style/images/main_site/banners/services_banners/2.jpg" alt="" /> <img src="<?php bloginfo('stylesheet_directory') ?>/style/images/main_site/banners/services_banners/3.jpg" alt="" /> ............. </div> My question is how can I throw the div and all those images into my else echo statement? I'm having trouble escaping the quotes and my slider markup isn't rendering.

    Read the article

  • XSLT special characters

    - by Apurv
    In the following XSL transformation how do I output the '<' and '' symbol? Input XML: <TestResult bugnumber="3214" testname="display.methods::close->test_ManyInvoke" errortype="Failure"><ErrorMessage><![CDATA[calling close() method failed - expected:<2>]]></ErrorMessage> XSLT: <xsl:template match="TestResult"> <xsl:variable name="errorMessage"> <xsl:value-of select="ErrorMessage" disable-output-escaping="yes"/> </xsl:variable> <Test name='{@testname}'> <TestResult> <Passed>false</Passed> <State>failure</State> <Metadata> <Entry name='bugnumber' value='{@bugnumber}' /> </Metadata> <TestOutput> <Metadata> <Entry name='ErrorMessage' value='{$errorMessage}' /> </Metadata> </TestOutput> </TestResult> </Test> </xsl:template> Output XML: <Test name="display.methods::close-&gttest_ManyInvoke"> <TestResult> <Passed>false</Passed> <State>failure</State> <Metadata> <Entry name="bugnumber" value="3214"/> </Metadata> <TestOutput> <Metadata> <Entry name="ErrorMessage" value="calling close() method failed - expected:&lt;2&gt;"/> </Metadata> </TestOutput> </TestResult> </Test>

    Read the article

  • Best practice how to store HTML in a database column

    - by tbrandao
    I have an application that modifies a table dynamically, think spreadsheet), then upon saving the form (which the table is part of) ,I store that changed table (with user modifications) in a database column named html_Spreadhseet,along with the rest of the form data. right now I'm just storing the html in a plain text format with basic escaping of characters... I'm aware that this could be stored as a separate file, the source table (html_workseeet) already is. But from a data handling perspective its easier to save the changed html table to and from a column so as to avoid having to come up with a file management strategy (which folder will this live in, now must include folder in backups, security issues now need to apply to files, how to sync db security with file system etc.), so to minimize these issues I'm only storing the ... part in the database column. My question is should I gzip the HTML , maybe use JSON, or some other format to easily store and retrieve the HTML from the database column, what is the best practice to store HTML content in a datbase? Or just store it as I currently am as an escaped text column?

    Read the article

< Previous Page | 10 11 12 13 14 15 16  | Next Page >