Search Results

Search found 128 results on 6 pages for 'sanitize'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 3/6 | < Previous Page | 1 2 3 4 5 6  | Next Page >

  • jquery with php loading file

    - by Marcus Solv
    I'm trying to use jquery with a simple php code: $('#some').click(function() { <?php require_once('some1.php?name="some' + index + '"'); ?> }); It shows no error, so I don't know what is wrong. In some1 I have: <?php //Start session session_start(); //Include database connection details require_once('../sql/config.php'); //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $name = clean($_GET['name']); ?> It's not complete because I want to make a sql command (insert). I want when I click in #some to execute that file (create a entry in the table that isn't define yet).

    Read the article

  • Security considerations processing emails

    - by Timmy O' Tool
    I have process that will be reading emails from an account. The objective of the process is saving to a database those emails with image(s) as attachments. I will be saving sender, subject body and image path (the image will be saved on the process). I will be showing this information on a page so I would like to know all (or most of them :) ) security aspects to cover. I plan to sanitize the subject and body of the email. I can remove most of the tags, probably it would be enough keeping the <p> tag. I'm not sure if I can trust just in a sanitizer. I would like to HTML encode everything except for the <p> tag after sanitize, just in case. Any suggestion? I'm only accepting images as attachment as I said above, any security risk I have to take into account in relation to the attachment? Thanks!

    Read the article

  • Embedded Youtube video in a Ruby on Rails page

    - by dan
    Hi, New to programming. I am trying to embed a YouTube video from a link stored in a database named "Promoter" into a ruby-on-rails page (.erb). I've looked at the source the code turns out, but the object video player does not appear (on heroku here: http://blazing-mountain-574.heroku.com/). The code in the home.html.erb file: <h1>Pages#home</h1> <p>Find me in app/views/pages/home.html.erb</p> <object width="640" height="385"> <param name="movie" value="<%= sanitize Promoter.first.link %>"> </param><param name="allowFullScreen" value="true"></param ><param name="allowscriptaccess" value="always"></param> <embed src="<%= sanitize Promoter.first.link %>" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object> Is there something real simple that I'm missing?

    Read the article

  • PHP - Use isset inside function not working..?

    - by pnichols
    I have a PHP script that when loaded, check first if it was loaded via a POST, if not if GET['id'] is a number. Now I know I could do this like this: if(isset($_GET['id']) AND isNum($_GET['id'])) { ... } function isNum($data) { $data = sanitize($data); if ( ctype_digit($data) ) { return true; } else { return false; } } But I would like to do it this way: if(isNum($_GET['id'])) { ... } function isNum($data) { if ( isset($data) ) { $data = sanitize($data); if ( ctype_digit($data) ) { return true; } else { return false; } } else { return false; } } When I try it this way, if $_GET['id'] isn't set, I get a warning of undefined index: id... It's like as soon as I put my $_GET['id'] within my function call, it sends a warning... Even though my function will check if that var is set or not... Is there another way to do what I want to do, or am I forced to always check isset then add my other requirements..??

    Read the article

  • sed syntax to remove xml

    - by mjb
    I'm trying to sanitize this output from it's metadata to plug this output into GreekTools, but I am getting stuck on sed. curl --silent www.brainyquote.com | egrep '(span class="body")|(span class="bodybold")' | sed -n '6p; 7p; ' | sed 's/\<*\>//g' [ex] <span class="body">Literature is news that stays news.</span><br> <span class="bodybold">Ezra Pound</span> Could someone help me along on this track?

    Read the article

  • Ban HTML comments from your pages and views

    Too many people dont realize that there are other options than <!-- --> comments to annotate HTML. These comments are harmful because they are sent to the client and thus make your page heavier than it needs to be. When doing ASP.NET, a simple drop-in replacement is server comments, which are delimited by <%-- --%> instead of <!-- -->. Those server comments are visible in your source code, but will never be rendered to the client. Heres a simple way to sanitize a web site. From...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Reverse proxying only a specific URL

    - by Bart Silverstrim
    I have a web server at www.ourcompany.com running Apache2. Using the proxy modules, I am able to (for example) get 172.16.0.5, an internal IP device, to be accessed on www.ourcompany.com/device. The trouble is that anyone can play with or explore the device using strings sent to www.ourcompany.com/device/change/settings/here.html. I'd like the reverse proxy to only work for a specific URL; www.ourcompany.com/device/you/must/use/this while anything else will be rejected if requested. Is there a setting that can be used to do this, or is it a simple rewrite condition placed in the virtualhost for the site under sites-enabled? What is the simplest, most maintainable way to sanitize requests to the internal device through the reverse proxy? Running Apache2 on Ubuntu.

    Read the article

  • Is this safe? <a href=http://javascript:...>

    - by KajMagnus
    I wonder if href and src attributes on <a> and <img> tags are always safe w.r.t. XSS attacks, if they start with http:// or https://. For example, is it possible to append javascript: ... to the href and src attribute in some manner, to execute code? Disregarding whether or not the destination page is e.g. a pishing site, or the <img src=...> triggers a terribly troublesome HTTP GET request. Background: I'm processing text with markdown, and then I sanitize the resulting HTML (using Google Caja's JsHtmlSanitizer). Some sample code in Google Caja assumes all hrefs and srcs that start with http:// or https:// are safe -- I wonder if it's safe to use that sample code. Kind regards, Kaj-Magnus

    Read the article

  • Stripping blank spaces and newlines from strings in C

    - by Nazgulled
    Hi, I have some input like this: " aaaaa bbb \n cccccc\n ddddd \neeee " And I need to sanitize it like this: "aaaaa bbb cccccc ddddd neeee" Basically: Trim all blank spaces at the beginning and end of the string Strip all new lines Strip all spaces when there is more than one, but always leave ONE space between words Is there any easy way to do this or I'll have to process the string, char by char and copy the appropriate chars to a different variable?

    Read the article

  • Explanation of this SQL sanitization code

    - by Derek
    I got this from for a login form tutorial: function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } Could some one explain exactly what this does? I know that the 'clean' var is called up afterwards to sanitize the fields; I.e. $email = clean($_POST['email']);

    Read the article

  • How to bundle a gem in Rails? urgent

    - by jaycode
    HELP!! I need to bundle a gem otherwise a published client's site will stay dead MacBook-Pros-MacBook-Pro:pn macbookpro$ sudo ruby script/generate sanitize Missing the Rails 2.3.5 gem. Please `gem install -v=2.3.5 rails`, update your RAILS_GEM_VERSION setting in config/environment.rb for the Rails version you do have installed, or comment out RAILS_GEM_VERSION to use the latest version installed.

    Read the article

  • Ruby gem to obscure data

    - by Jake
    Anyone know of a gem that will allow you to obscure/sanitize data? Usecase: Download a production database, run some sanitation so that real customers won't get emails, cards charged etc.

    Read the article

  • preg_replace on xss code

    - by proyb2
    Can this code help to sanitize malicious code in user submit form? function rex($string) { $patterns = array(); $patterns[0] = '/=/i'; $patterns[1] = '/javascript:/i'; $replacements = array(); $replacements[0] = ''; $replacements[1] = ''; return preg_replace($patterns, $replacements, $string); I have included htmlentities() to prevent XSS on client side, is all the code shown is safe enough to prevent attack?

    Read the article

  • Cleansing string / input in Coldfusion 9

    - by Jakub
    I have been working with Coldfusion 9 lately (background in PHP primarily) and I am scratching my head trying to figure out how to 'clean/sanitize' input / string that is user submitted. I want to make it HTMLSAFE, eliminate any javascript, or SQL query injection, the usual. I am hoping I've overlooked some kind of function that already comes with CF9. Can someone point me in the proper direction?

    Read the article

  • Where can I find a web-project "security checklist?"

    - by iaagty
    I'm looking for a complete list of security guidelines for programming and deploying PHP web sites and applications on an Apache (Linux) server. Basically, a "security check list" to run through before finishing a project. I.e., Cross Site Scripting Cross Site Request Forgery Sanitize form data that goes into database Disable register globals and error reporting in custom php.ini Upload files below web root ...(the list goes on) I did some searching on the internet and in this forum, but couldn't find a comprehensive, succinct, and complete list of guidelines. Thanks in advance.

    Read the article

  • php error message "Notice: Undefined index: aid"

    - by iaagty
    I'm looking for a complete list of security guidelines for programming and deploying PHP web sites and applications on an Apache (Linux) server. Basically, a "security check list" to run through before finishing a project. I.e., Cross Site Scripting Cross Site Request Forgery Sanitize form data that goes into database Disable register globals and error reporting in custom php.ini Upload files below web root ...(the list goes on) I did some searching on the internet and in this forum, but couldn't find a comprehensive, succinct, and complete list of guidelines. Thanks in advance.

    Read the article

  • Removing &NBSP; in Rails

    - by Trip
    I am trying to remove all &nbsp;'s in my model with the following method : def about_us_sans_spaces self.about_us = replace(self.about_us, "&nbsp;", " ") end Except! it turns out 'replace' isn't a method in rails. How would you remove the  s? Mind you, I have already tried sanitized, simple_format. My view looks like this right now: = truncate(sanitize(simple_format(organization.about_us_sans_spaces), :tags => ''), 125).titleize

    Read the article

  • Basic networking problem with Ubuntu 9.04 on Acer Extensa 5635Z laptop

    - by sapporo
    I just installed Ubuntu 9.04 on a brand new Acer Extensa 5635Z laptop, but ethernet networking does't work (wireless doesn't work either, but I'd be happy with ethernet for now). eth0 isn't listed in /etc/network/interfaces: $ cat /etc/network/interfaces auto lo iface lo inet loopback lshw does show the nic, but I can't make much sense out of the information: $ sudo lshw -class network -sanitize *-network DISABLED description: Wireless interface product: AR928X Wireless Network Adapter (PCI-Express) vendor: Atheros Communications Inc. physical id: 0 bus info: pci@0000:07:00.0 logical name: wmaster0 version: 01 serial: [REMOVED] width: 64 bits clock: 33MHz capabilities: pm msi pciexpress msix bus_master cap_list logical ethernet physical wireless configuration: broadcast=yes driver=ath9k latency=0 module=ath9k multicast=yes wireless=IEEE 802.11bgn *-network UNCLAIMED description: Ethernet controller product: Attansic Technology Corp. vendor: Attansic Technology Corp. physical id: 0 bus info: pci@0000:09:00.0 version: c0 width: 64 bits clock: 33MHz capabilities: pm msi pciexpress vpd cap_list configuration: latency=0 *-network DISABLED description: Ethernet interface physical id: 1 logical name: pan0 serial: [REMOVED] capabilities: ethernet physical configuration: broadcast=yes driver=bridge driverversion=2.3 firmware=N/A link=yes multicast=yes Thanks for your help!

    Read the article

  • Ban HTML comments from your pages and views

    - by Bertrand Le Roy
    Too many people don’t realize that there are other options than <!-- --> comments to annotate HTML. These comments are harmful because they are sent to the client and thus make your page heavier than it needs to be. When doing ASP.NET, a simple drop-in replacement is server comments, which are delimited by <%-- --%> instead of <!-- -->. Those server comments are visible in your source code, but will never be rendered to the client. Here’s a simple way to sanitize a web site. From Visual Studio, hit CTRL+H to bring the search and replace dialog. Choose “Replace in Files” from the second meny on top of the dialog. Open the find options, check “use” and make sure “Regular expressions” are selected. Use “*.aspx;*.ascx;” as the file types to examine. Choose “Entire Solution” under “Look in”. Here’s the expression to search for comments: \<!--{[^-]*}--\> And here’s the replacement string: <%--\1--%> I usually use the “Find Next” and “Replace” buttons rather than the more brutal “Replace All” in order to not apply the fix blindingly. Once this is done, I do a second manual pass of finds with the same expression to make sure I didn’t miss anything.

    Read the article

  • Is this PHP/MySQL login script secure?

    - by NightMICU
    Greetings, A site I designed was compromised today, working on damage control at the moment. Two user accounts, including the primary administrator, were accessed without authorization. Please take a look at the log-in script that was in use, any insight on security holes would be appreciated. I am not sure if this was an SQL injection or possibly breach on a computer that had been used to access this area in the past. Thanks <?php //Start session session_start(); //Include DB config require_once('config.php'); //Error message array $errmsg_arr = array(); $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: http://tapp-essexvfd.org/admin/index.php"); exit(); } //Create query $qry="SELECT * FROM user_control WHERE username='$login' AND password='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); //Collect details about user and assign session details $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['user_id']; $_SESSION['SESS_USERNAME'] = $member['username']; $_SESSION['SESS_FIRST_NAME'] = $member['name_f']; $_SESSION['SESS_LAST_NAME'] = $member['name_l']; $_SESSION['SESS_STATUS'] = $member['status']; $_SESSION['SESS_LEVEL'] = $member['level']; //Get Last Login $_SESSION['SESS_LAST_LOGIN'] = $member['lastLogin']; //Set Last Login info $qry = "UPDATE user_control SET lastLogin = DATE_ADD(NOW(), INTERVAL 1 HOUR) WHERE user_id = $member[user_id]"; $login = mysql_query($qry) or die(mysql_error()); session_write_close(); if ($member['level'] != "3" || $member['status'] == "Suspended") { header("location: http://members.tapp-essexvfd.org"); //CHANGE!!! } else { header("location: http://tapp-essexvfd.org/admin/admin_main.php"); } exit(); }else { //Login failed header("location: http://tapp-essexvfd.org/admin/index.php"); exit(); } }else { die("Query failed"); } ?>

    Read the article

  • Html LogIn form not functioning

    - by Tony C
    Ok, I have a login form that looks like this: <form id="loginForm" name="loginForm" method="post" action="login-exec.php"> <table width="300" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <td width="112"><b>Login</b></td> <td width="188"><input name="login" type="text" class="textfield" id="login" /></td> </tr> <tr> <td><b>Password</b></td> <td><input name="password" type="password" class="textfield" id="password" /></td> </tr> <tr> <td>&nbsp;</td> <td><input type="submit" name="Submit" value="Login" /></td> </tr> </table> </form> Now, This form is on a page in a directory called members. When i put it on a page in the home directory and change the action to "members/login-exec.php" When I try to logIn it just refreshes the page, but the name of the page in the browser changes to the actions taking place in the form. Any ideas on making this work guys? EDIT, heres the login-exec.php code: <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: members.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?>

    Read the article

  • Proper usage of JTidy to purify HTML

    - by Raj
    Hello, I am trying to use JTidy (jtidy-r938.jar) to sanitize an input HTML string, but I seem to have problems getting the default settings right. Often strings such as "hello world" end up as "helloworld" after tidying. I wanted to show what I'm doing here, and any pointers would be really appreciated: Assume that rawHtml is the String containing the input (real world) HTML. This is what I'm doing: InputStream is = new ByteArrayInputStream(rawHtml.getBytes("UTF-8")); Tidy tidy = new Tidy(); tidy.setQuiet(true); tidy.setShowWarnings(false); tidy.setXHTML(true); ByteArrayOutputStream baos = new ByteArrayOutputStream(); tidy.parseDOM(is, baos); String pure = baos.toString(); First off, does anything look fundamentally wrong with the above code? I seem to be getting weird results with this. Thanks in advance!

    Read the article

  • Rails remove parent HTML tag

    - by gshankar
    It's pretty easy to sanitize HTML and strip ALL instances of a HTML tag using Rails helpers... But how do you just remove ONE tag? In this case, I'm using a WYSIWYG editor that insists on wrapping all my text in a <p> tag. I want to remove this parent tag without stripping out any other <p> tags within the content of the text. I know I could do this in JQuery really easily but I feel like this should be done server-side in my controller before I save the text. Is there a way to do this?

    Read the article

  • Rails - Help with rake task

    - by jyoseph
    I have a rake task I need to run in order to sanitize (remove forward slashes) some data in the database. Here's the task: namespace :db do desc "Remove slashes from old-style URLs" task :substitute_slashes => :environment do puts "Starting" contents = Content.all contents.each do |c| if c.permalink != nil c.permalink.gsub!("/","") c.save! end end puts "Finished" end end Which allows me to run rake db:substitute_slashes --trace If I do puts c.permalink after the gsub! I can see it's setting the attribute properly. However the save! doesn't seem to be working because the data is not changed. Can someone spot what the issue may be? Another thing, I have paperclip installed and this task is triggering [paperclip] Saving attachments. which I would rather avoid.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6  | Next Page >