Search Results

Search found 10480 results on 420 pages for 'session cookies'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 242/420 | < Previous Page | 238 239 240 241 242 243 244 245 246 247 248 249  | Next Page >

  • What are the PHP Dos and Donts on XSS?

    - by AuGhost Ice
    Could any guru tell me the Dos and Donts of PHP when dealing with XSS issue? What de facto principles shoud I use when passing parameters between forms and dbs to prevent XSS? Are any of these maintaining state techniques of using 1. hidden form fields, 2.URL rewriting and 3.using cookies are vunerable to XSS? Also, can any one recommend me a good article that gives basic guidelines on how to prevent such vunerabilites been expolited? Or any coding examples?

    Read the article

  • Why ????? is displayed instead of non-english characters?

    - by smhnaji
    I first created a simple HTML page that uses UTF-8 as its character encoding. Then I moved the HTML content as a view in codeigniter and it was still ok (I had used non-english characters that were ok as always) I added a simple dynamic functionality (there is a contact us form in it that emails users feedback to site admin). Please note that the characters were ok at localhost (which is a LAMP server running on Ubuntu 12.04 LTS) Strange is that when I uploaded the app to server, all persian characters are shown as ???? (For example ??? (which means Name) is shown ??? and so so...) I have not even connected to mysql or any other DBMS. It's the only page in the website (it's more an under construction page) and nothing else has been used in it. Maybe I should state that I have also used session library to thank the user after his feedback was sent to admins, nothing else. I have really no idea about the problem. UPDATE Now I can see that the problem is only with cPanel. On Directadmin I can see that everything is normal. Both Chromium and Firefox DO use UTF-8 as page's character encoding. URL is http://WEBSITE.COM/dmf/dynamic/ (dmf is the abbreviation of the project name!). There is nothing non-english in the URL. The page's code is as follows: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>??? ???????</title> <link rel="stylesheet" type="text/css" href="<?php echo base_url('template/css/style.css'); ?>" /> <!-- 1. jquery library --> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"> </script> <!-- 2. flowplayer --> <script src="http://releases.flowplayer.org/5.1.1/flowplayer.min.js"></script> <!-- 3. skin --> <link rel="stylesheet" type="text/css" href="http://releases.flowplayer.org/5.1.1/skin/minimalist.css" /> </head> <body> <div id="wrapper"> <header> <h1>??? ???????</h1> </header> <section id="box-container"> <?php echo form_open('contact', "id='contact-us'"); echo form_fieldset('???? ?? ??'); if ($this->session->userdata('mailsent')) { echo '<div>??????? ???? ??? ????? ??</div>'; $this->session->sess_destroy(); } echo '<input tabindex="1" id="name-in" value="???" type="text" name="name"/> <input tabindex="2" id="mail-in" value="?????" type="email" name="email"/> <textarea tabindex="3" id="content-in" name="message">???????</textarea> <input tabindex="4" id="submit" type="submit" value="?????" />'; echo '<div class="clear"></div>'; echo form_fieldset_close(); echo form_close(); ?> <div id="sms-comp"> <h2>?????? ??????</h2> <p> <span id="comp-title">?? ??? ????</span> ???? ??????? ???? ??? </p> </div> <div id="last-program"> <h2>?????? ????? ??????</h2> <div class="flowplayer"> <video id="my_video_1" width="212" height="126" poster="<?php echo base_url('template/images/img.jpg'); ?>" controls="controls" src="http://archive.org/download/Pbtestfilemp4videotestmp4/video_test.ogv" type='video/mp4'> </video> </div> </div> <div class="clear"></div> </section> </div> <footer> ????? ? ????? : <a href="http://powered-by.com/" target="_blank">????? ???</a> </footer> </body> </html>

    Read the article

  • how to set(get) cookie value in ext.net

    - by user591587
    scene: when I click item in ext:ComboBox and want to set the item selected value to cookie variable. Finally, after I click ext:Button, the ext:Label get cookie value and display it. But I get a error :Ext.Ajax Communication Failure , any help will be appreciated. aspx: <ext:ComboBox ID="ComboBox1" runat="server" StoreID="Store1" Width="100" Editable="false" DisplayField="name" ValueField="value" Mode="Local" TriggerAction="All`enter code here`" EmptyText="Select a locale..."> ..... aspx.cs protected void lngIndexChanged(object sender, DirectEventArgs e) { //Sets the cookie that is to be used by Global.asax HttpCookie cookie = new HttpCookie("CultureInfo"); cookie.Value = ComboBox1.SelectedItem.Value ; Response.Cookies.Add(cookie); Label1.Text = cookie.Value; //Set the culture and reload for immediate effect. //Future effects are handled by Global.asax Thread.CurrentThread.CurrentCulture = new CultureInfo(ComboBox1.SelectedItem.Value); Thread.CurrentThread.CurrentUICulture = new CultureInfo(ComboBox1.SelectedItem.Value); }

    Read the article

  • WordPress front page (homepage) fails to redirect when static front page is set.

    - by Keyslinger
    I have configured WordPress to display a static front page as described here: http://codex.wordpress.org/Settings_Reading_SubPanel#Reading_Settings When save changes and try to visit my front page, my browser displays the following error: "The page isn't redirecting properly. Firefox has detected that the server is redirecting the request for this address in a way that will never complete." Disabling cookies does not remedy the situation. I'm using the theme, Constructor (http://wordpress.org/extend/themes/constructor), which I suspect may be contributing to the problem. How can I make WordPress properly display my front page?

    Read the article

  • Fixing lots of broken references in a working asp.net mvc project

    - by davidbuttrick
    The last time I worked on this project everything was fine. That was about 4 days ago. Now, when I open the project, all the references to .Net are not working, I cannot build my project any more. I have tried following the advice in posts here, but to no avail. Even simple things, like Request.cookies - Request is underlined in curlies, and I get 'Request is undefined' when I roll over it. That doesnt seem like I need to just remove and recreate the reference to System.Web.Mvc - which I have tried, and had no luck. Any ideas? Surely there are other issues that can cause this problem... Thank you.

    Read the article

  • Parsing a website

    - by Phenom
    I want to make a program that takes as user input a website address. The program then goes to that website, downloads it, and then parses the information inside. It outputs a new html file using the information from the website. Specifically, what this program will do is take certain links from the website, and put the links in the output html file, and it will discard everything else. Right now I just want to make it for websites that don't require a login, but later on I want to make it work for sites where you have to login, so it will have to be able to deal with cookies. I'll also want to later on have the program be able to explore certain links and download information from those other sites. What are the best programming languages or tools to do this?

    Read the article

  • Setting current culture with threads in ASP.NET MVC

    - by mare
    Here's an example of SetCulture attribute which inside does something like this: public void OnActionExecuting(ActionExecutingContext filterContext) { string cultureCode = SetCurrentLanguage(filterContext); if (string.IsNullOrEmpty(cultureCode)) return; HttpContext.Current.Response.Cookies.Add( new HttpCookie("Culture", cultureCode) { HttpOnly = true, Expires = DateTime.Now.AddYears(100) } ); filterContext.HttpContext.Session["Culture"] = cultureCode; CultureInfo culture = new CultureInfo(cultureCode); System.Threading.Thread.CurrentThread.CurrentCulture = culture; System.Threading.Thread.CurrentThread.CurrentUICulture = culture; } I was wondering how does this affect a site with multiple users logged on and each one setting their own culture? What is the scope of a thread here with regards to the IIS worker process (w3wp) that the site is running in?

    Read the article

  • create cookie in web method

    - by quantum62
    i have a web method that check user in data base via a jquery-ajax method i wanna if client exists in db i create a cookie in client side with user name but i know that response is not available in staticmethod .how can i create a cookie in a method that call with jquery ajax and must be static. its my code that does not work cuz response is not accesible if (olduser.Trim() == username.Trim() && password.Trim()==oldpass.Trim()) { retval =olduser; HttpContext context = HttpContext.Current; context.Session[retval.ToString()] = retval.ToString(); HttpCookie cook = new HttpCookie("userath"); cook["submituser"] = "undifiend"; Response.Cookies.Add(cook); }

    Read the article

  • align WMD editor's preview HTML with server-side HTML validation (e.g. no embedded javascript)

    - by Justin Grant
    There are many SO questions (e.g. here and here) about how to do server-side scrubbing of Markdown produced by the WMD editor to ensure the HTML generated doesn't contain malicious script, like this: <img onload="alert('haha');" src="http://www.google.com/intl/en_ALL/images/srpr/logo1w.png" /> This doesn't affect the WMD client's preview box. I doubt this is a big deal since if you're scrubbing the HTML on the server, an attacker can't save the bad HTML so no one else will be able to see it later and have their cookies stolen or sessions hijacked by the bad script. But it's still kinda odd to allow an attacker to run any script in the context of your site, and it's probably a bad idea to allow the client preview window to allow different HTML than your server will allow. StackOverflow has clearly plugged this hole. How did they do it? [NOTE: I already figured this out but it required some tricky javascript debugging, so I'm answering my own question here to help others who may want to do ths same thing]

    Read the article

  • Auto login on website

    - by jacktol
    I'm working on an application which consists of a Web Application and a Standalone Application. Both of the applications use the same database and require authentication and authorization. Within the Standalone Application a web browser needs to be opened, going to a page within the Web Application. This page is for authorized users only. Could anyone tell me if there is an easy way to automatically login within the Web Application via the Standalone Application? Besides using cookies or providing a token in the url. Thank you.

    Read the article

  • asp.net forms authentication timing out after 1 minute

    - by user548929
    I'm using ASP.NET MVC 3 with the Authorize attribute, but it keeps kicking me to the logon page after 1 minute, but even though my expiration is set to a very high value, it times out quickly. I check the cookie in my browser and its still there and not set to expire until about a month later, and it's set to be persistent, so I'm not sure why it keeps booting me. It only happens on my published location, locally it works just fine. var ticket = new FormsAuthenticationTicket(username, true, 500000); var encryptedTicket = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); cookie.Expires = ticket.Expiration; Response.Cookies.Add(cookie); web.config: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="7200" slidingExpiration="false"/> </authentication>

    Read the article

  • Thread Local Memory for Scratch Memory.

    - by Hassan Syed
    I am using Protocol Buffers and OpensSSL to generate, HMACs and then CBC encrypt the two fields to obfuscate the session cookies -- similar Kerberos tokens. Protocol Buffers' API communicates with std::strings and has a buffer caching mechanism; I exploit the caching mechanism, for successive calls in the the same thread, by placing it in thread local memory; additionally the OpenSSL HMAC and EVP CTX's are also placed in the same thread local memory structure ( see this question for some detail on why I use thread local memory and the massive amount of speedup it enables even with a single thread). The generation and deserialization, "my algorithms", of these cookie strings uses intermediary void *s and std::strings and since Protocol Buffers has an internal memory retention mechanism I want these characteristics for "my algorithms". So how do I implement a common scratch memory ? I don't know much about the rdbuf of the std::string object. I would presumeably need to grow it to the lowest common size ever encountered during the execution of "my algorithms". Thoughts ?

    Read the article

  • Saving a Join Model

    - by Thorpe Obazee
    I've been reading the cookbook for a while now and still don't get how I'm supposed to do this: My original problem was this: A related Model isn't being validated From RabidFire's commment: If you want to count the number of Category models that a new Post is associated with (on save), then you need to do this in the beforeSave function as I've mentioned. As you've currently set up your models, you don't need to use the multiple rule anywhere. If you really, really want to validate against a list of Category IDs for some reason, then create a join model, and validate category_id with the multiple rule there. Now, I have these models and are now validating. The problem now is that data isn't being saved in the Join Table: class Post extends AppModel { var $name = 'Post'; var $hasMany = array( 'CategoryPost' => array( 'className' => 'CategoryPost' ) ); var $belongsTo = array( 'Page' => array( 'className' => 'Page' ) ); class Category extends AppModel { var $name = 'Category'; var $hasMany = array( 'CategoryPost' => array( 'className' => 'CategoryPost' ) ); class CategoryPost extends AppModel { var $name = 'CategoryPost'; var $validate = array( 'category_id' => array( 'rule' => array('multiple', array('in' => array(1, 2, 3, 4))), 'required' => FALSE, 'message' => 'Please select one, two or three options' ) ); var $belongsTo = array( 'Post' => array( 'className' => 'Post' ), 'Category' => array( 'className' => 'Category' ) ); This is the new Form: <div id="content-wrap"> <div id="main"> <h2>Add Post</h2> <?php echo $this->Session->flash();?> <div> <?php echo $this->Form->create('Post'); echo $this->Form->input('Post.title'); echo $this->Form->input('CategoryPost.category_id', array('multiple' => 'checkbox')); echo $this->Form->input('Post.body', array('rows' => '3')); echo $this->Form->input('Page.meta_keywords'); echo $this->Form->input('Page.meta_description'); echo $this->Form->end('Save Post'); ?> </div> <!-- main ends --> </div> The data I am producing from the form is as follows: Array ( [Post] => Array ( [title] => 1234 [body] => 1234 ) [CategoryPost] => Array ( [category_id] => Array ( [0] => 1 [1] => 2 ) ) [Page] => Array ( [meta_keywords] => 1234 [meta_description] => 1234 [title] => 1234 [layout] => index ) ) UPDATE: controller action //Controller action function admin_add() { // pr(Debugger::trace()); $this->set('categories', $this->Post->CategoryPost->Category->find('list')); if ( ! empty($this->data)) { $this->data['Page']['title'] = $this->data['Post']['title']; $this->data['Page']['layout'] = 'index'; debug($this->data); if ($this->Post->saveAll($this->data)) { $this->Session->setFlash('Your post has been saved', 'flash_good'); $this->redirect($this->here); } } } UPDATE #2: Should I just do this manually? The problem is that the join tables doesn't have things saved in it. Is there something I'm missing? UPDATE #3 RabidFire gave me a solution. I already did this before and am quite surprised as so why it didn't work. Thus, me asking here. The reason I think there is something wrong. I don't know where: Post beforeSave: function beforeSave() { if (empty($this->id)) { $this->data[$this->name]['uri'] = $this->getUniqueUrl($this->data[$this->name]['title']); } if (isset($this->data['CategoryPost']['category_id']) && is_array($this->data['CategoryPost']['category_id'])) { echo 'test'; $categoryPosts = array(); foreach ($this->data['CategoryPost']['category_id'] as $categoryId) { $categoryPost = array( 'category_id' => $categoryId ); array_push($categoryPosts, $categoryPost); } $this->data['CategoryPost'] = $categoryPosts; } debug($this->data); // Gives RabidFire's correct array for saving. return true; } My Post action: function admin_add() { // pr(Debugger::trace()); $this->set('categories', $this->Post->CategoryPost->Category->find('list')); if ( ! empty($this->data)) { $this->data['Page']['title'] = $this->data['Post']['title']; $this->data['Page']['layout'] = 'index'; debug($this->data); // First debug is giving the correct array as above. if ($this->Post->saveAll($this->data)) { debug($this->data); // STILL gives the above array. which shouldn't be because of the beforeSave in the Post Model // $this->Session->setFlash('Your post has been saved', 'flash_good'); // $this->redirect($this->here); } } }

    Read the article

  • MVC4 link automatically redirected to default INDEX page/action even if defined action name with controller

    - by Raj Tamakuwala
    i am creating web mobile application in mvc4. My problem is when I click on particular link in my application,it works well, but sometimes it automatically redirected to INDEX page that is set as default page in global.asax as routes.MapRoute( "Default", // Route name "{controller}/{action}/{id}", // URL with parameters new { controller = "Home", action = "Index", id = UrlParameter.Optional } // Parameter defaults ); Now I don't know why its automatically redirected to INDEX page,even if I have already defined controller and action name where it show redirected as, <a href='@(Url.Action( "ActivityWall", "Home"))' > </a> logically it should redirect to "ActivityWall" page,which it does.but sometime only it goes to INDEX page.then when I clear my cookie problem will again solved but after some time it again start redirecting to INDEX page. I also posted question related to cookies issue yesterday,but I think that is nit main issue. can someone help please ?

    Read the article

  • Station ID - more than IP

    - by bensiu
    Hello I am working on internal PHP application where users login only from our network (we are on dedicated IP and application is checking $_SERVER['REMOTE_ADDR'] and if is match our IP go thru if not - Bye However how I can identify from which station user is login ? Using cookie not gonna work - those are windows station working under control MS StedyState and all cookies are deleted every login I don't need nothing fancy like full MAC address just any unique ID (can not be application username - because users use different stations) Any ideas ? Maybe Javascript is able to grab some Unique detail from station's browser (IE 8) and pass this as hidden input? bensiu

    Read the article

  • download file in iframe in IE

    - by Estelle
    in a webpage I have a link to let the user download file, such as, "showfile.aspx?filename=xxx" in showfile.aspx, I send the file using Response.OutputStream.Write method. now I get some problem when somebody put this webpage in an IFrame and open in IE, as I checked the code, showfile.aspx is requested twice when clicks the link, and in the second time the cookies of authorization and session Id are missing. I tried to add the p3p header but not working. my question is, is this how the IE designed with iframe? is there anyway to work around? thanks.

    Read the article

  • jQuery resetting value of form input when hidden

    - by RyanP13
    Hi, I am trying to clear the value attribute of an 'Other' form input when it is hidden from the user like so: // hide 'Other' inputs to start $('.jOther').hide(); // event listener on all select drop downs with class of jTitle $("select.jTitle").change(function(){ //set the select value var $titleVal = $(this).val(); if($titleVal != 'Other') { $(this).parent().find('.jOther').hide(); $(this).parent().find('input.jOther').attr("value", ""); } else { $(this).parent().find('.jOther').show(); } // Sets a cookie with named after the title field's ID attribute var $titleId = $(this).attr('id'); $.cookies.set('cpqb' + $titleId, $titleVal); }); It doesn't seem to be working and i have tried the following to no avail as well: $(this).parent().find('input.jOther').val(""); I have managed to alter other attributes in this way, such as the name, maxlength etc. Any ideas?

    Read the article

  • JAXWS and sessions

    - by Pace
    I'm fairly new to writing web services. I'm working on a SOAP service using JAXWS. I'd like to be able to have users log-in and in my service know which user is issuing a command. In other words, have some session handling. One way I've seen to do this is to use cookies and access the HTTP layer from my web service. However, this puts a dependency on using HTTP as the transport layer (I'm aware HTTP is almost always the transport layer but I'm a purist). Is there a better approach which keeps the service layer unaware of the transport layer? Is there some way I can accomplish this with servlet filters? I'd like the answer to be as framework agnostic as possible.

    Read the article

  • IsAuthenticated is false!

    - by Naor
    This is how I login ('user' holds the data of the user): HttpResponse Response = HttpContext.Current.Response; HttpRequest Request = HttpContext.Current.Request; FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.UserId.ToString(), DateTime.Now, DateTime.Now.AddHours(12), false, UserResolver.Serialize(user)); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.Path = FormsAuthentication.FormsCookiePath; Response.Cookies.Add(cookie); string redirectUrl = user.HomePage; Response.Redirect(redirectUrl); After this login I get IsAuthenticated == false. Why?? It worked for me before an hour but I don't know what is wrong now.

    Read the article

  • Web programming: Apache modules: mod_python vs mod_php

    - by Olivier Pons
    Hi! I've been using for more than 12 years PHP with Apache (a.k.a mod_php) for my web development work. I've recenlty discovered python and its real power (I still don't understand why this is not always the best product that becomes the most famous). I've just discovered mod_python for Apache. I've already googled but without success things like mod_python vs mod_php. I wanted to know the differences between the two mod_php and mod_python in terms of: speed productivity maintainance (I know `python is most productive and maintainable language in the world, but is it the same for Web programming with Apache) availability of features e.g, cookies and session handling, databases, protocols, etc.

    Read the article

  • How necessary is using PHP filters?

    - by Jamie
    I'm a relatively newbie to PHP and just making my way through the W3Schools tut. The tut makes a big point of saying you must always filter external data (i.e. cookies, form data etc). I'm writing a fairly simple system that talks with a third party Joomla extension. It's at a prototype stage where I'm just wanting to demonstrate the functionality in a minimum viable product. Basically, I'd like to know... what's the worst that could happen in I don't filter content. Are we talking 'I might get a bunch of spam', or 'a good hacker could get root server access'? Have hunted around online, but would love any of your experience / insight on the matter!

    Read the article

  • Windows Phone 7 HttpRequest Unable to see true Error Code and response details

    - by Bob
    I have to call a somewhat broken API from a Windows Phone 7 application. The API returns a 302 error and a cookie to the authentication request. I've tried every way I've been able to find in the MSDN documentation for using ClientHTTP instead of BrowserHTTP (registering the prefix, using the call to explicitly create a ClientHTTP using Request), but the 302 is getting translated to a 404 and I'm not seeing the cookies on the response. I've tried a WebClient, I've tried an HttpRequest and it is always the translated error message. If I allocate a CookieContainer for the HttpRequest, I get a null argument exception when the client stack is parsing the returned message. I can see that the response is coming back as expected via Fiddler.

    Read the article

  • httpCookie cause the page not to load

    - by jvcoach23
    I'm using VS 2010, vb.net and asp 3.5. I have a simple default.aspx page that has Dim ctx As HttpContext = HttpContext.Current Dim cookie As HttpCookie = ctx.Request.Cookies("SessionGUID") Me.lbl1.Text = cookie.Value.ToString the page loads fine when running it from within VS, but when i build the site and run the page, it doesn't load.. it doesn't give me an error, but nothing shows up. This is what the view source looks like HTMLHEAD META content="text/html; charset=windows-1252" http-equiv=Content-Type/HEAD BODY/BODY/HTML I took out the < in the tags so that it would display here... If i take out the Me.lbl1.Text = cookie.Value.ToString the page loads fine.. All i'm putting to the page is some text and the label control. anyone have any ideas

    Read the article

  • VisualSVN Server + Trac Authentication Problems

    - by danscott
    I have Trac set up on my VisualSVN server (using Subversion authentication), however every time I navigate to the Trac home page after opening the browser, I get the basic authentication dialog asking me for my username/password. What I would like to do is have a login form in Trac, which would allow me to log in forever using cookies. I have tried installing the AccountManagerPlugin, but I am completely unsure of how to correctly set it up. (I am used to working with IIS on corporate intranets, so this is kind of alien to me) I have managed to bypass the basic authentication dialog by setting this in my httpd-custom.conf: AuthName "Trac" AuthType Basic AuthBasicProvider file AuthUserFile "E:/Repositories/htpasswd" #Require valid-user I have tried using SvnServePasswordStore as my password store but I do not know which of the files in the repository directory to point it at. Help would be appreciated!

    Read the article

  • Passing domain name to PayPal

    - by ilhan
    I'm trying to sell something to domain owners. I need to know their domain names. Before the payment procedure I'll ask their domain names in my web site, I'll store the data in the cookies or the url, then I want to pass the data (domain name) to the PayPal so that I'll know who paid for what domain name. I know PHP and HTML in advanced level but I don't know how to pass the data to PayPal. How I'll do that? Thanks in advance!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 238 239 240 241 242 243 244 245 246 247 248 249  | Next Page >