Search Results

Search found 7586 results on 304 pages for 'header only'.

Page 67/304 | < Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >

  • mysql to excel exporting data using php getting html code also

    - by pmms
    hi all following is code for getting xlsheet from mysql using php ` if( ($_POST['Submit']=='generateexcel')) { $tblname=$_GET['generateexcel']; global $obj_mysql; $table="tbl_js_login"; // this is the tablename that you want to export to csv from mysql. function exportMysqlToCsv($table,$filename = 'export.csv') { $csv_terminated = "\n"; $csv_separator = ","; $csv_enclosed = '"'; $csv_escaped = "\"; $sql_query = "select fld_id, fld_fname,fld_lname from $table"; // Gets the data from the database $result = mysql_query($sql_query); $fields_cnt = mysql_num_fields($result); $schema_insert = ''; for ($i = 0; $i < $fields_cnt; $i++) { $l = $csv_enclosed . str_replace($csv_enclosed, $csv_escaped . $csv_enclosed, stripslashes(mysql_field_name($result, $i))) . $csv_enclosed; $schema_insert .= $l; $schema_insert .= $csv_separator; } // end for $out = trim(substr($schema_insert, 0, -1)); $out .= $csv_terminated; // Format the data while ($row = mysql_fetch_array($result)) { $schema_insert = ''; for ($j = 0; $j < $fields_cnt; $j++) { if ($row[$j] == '0' || $row[$j] != '') { if ($csv_enclosed == '') { $schema_insert .= $row[$j]; } else { $schema_insert .= $csv_enclosed . str_replace($csv_enclosed, $csv_escaped . $csv_enclosed, $row[$j]) . $csv_enclosed; } } else { $schema_insert .= ''; } if ($j < $fields_cnt - 1) { $schema_insert .= $csv_separator; } } // end for $out .= $schema_insert; $out .= $csv_terminated; $out1 = strip_tags($out); } // end while header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Length: " . strlen($out1)); // Output to browser with appropriate mime type, you choose ;) header("Content-type: text/x-csv"); //header("Content-type: text/csv"); //header("Content-type: application/csv"); header("Content-Disposition: attachment; filename=$filename"); echo $out1; exit; } exportMysqlToCsv($table); } include_once $path."includes/jobseeker_form.php"; /* function is_duplicate($login_name) { global $obj_mysql; $sql="SELECT * FROM tbl_admin_details WHERE fld_login ='$login_name'"; $num=$obj_mysql-get_num_rows($sql); if($num==0) return false; else return true; }*/ ?` the above code we are using for genrating the xlsheet along with xlsheet we are getting html at th top . following is the screen shot of xlsheet please provide some help how to remove the html code from xlsheet

    Read the article

  • 10000's+ UI elements, bind or draw?

    - by jpiccolo
    I am drawing a header for a timeline control. It looks like this: I go to 0.01 millisecond per line, so for a 10 minute timeline I am looking at drawing 60000 lines + 6000 labels. This takes a while, ~10 seconds. I would like to offload this from the UI thread. My code is currently: private void drawHeader() { Header.Children.Clear(); switch (viewLevel) { case ViewLevel.MilliSeconds100: double hWidth = Header.Width; this.drawHeaderLines(new TimeSpan(0, 0, 0, 0, 10), 100, 5, hWidth); //Was looking into background worker to off load UI //backgroundWorker = new BackgroundWorker(); //backgroundWorker.DoWork += delegate(object sender, DoWorkEventArgs args) // { // this.drawHeaderLines(new TimeSpan(0, 0, 0, 0, 10), 100, 5, hWidth); // }; //backgroundWorker.RunWorkerAsync(); break; } } private void drawHeaderLines(TimeSpan timeStep, int majorEveryXLine, int distanceBetweenLines, double headerWidth) { var currentTime = new TimeSpan(0, 0, 0, 0, 0); const int everyXLine100 = 10; double currentX = 0; var currentLine = 0; while (currentX < headerWidth) { var l = new Line { ToolTip = currentTime.ToString(@"hh\:mm\:ss\.fff"), StrokeThickness = 1, X1 = 0, X2 = 0, Y1 = 30, Y2 = 25 }; if (((currentLine % majorEveryXLine) == 0) && currentLine != 0) { l.StrokeThickness = 2; l.Y2 = 15; var textBlock = new TextBlock { Text = l.ToolTip.ToString(), FontSize = 8, FontFamily = new FontFamily("Tahoma"), Foreground = new SolidColorBrush(Color.FromRgb(255, 255, 255)) }; Canvas.SetLeft(textBlock, (currentX - 22)); Canvas.SetTop(textBlock, 0); Header.Children.Add(textBlock); } if ((((currentLine % everyXLine100) == 0) && currentLine != 0) && (currentLine % majorEveryXLine) != 0) { l.Y2 = 20; var textBlock = new TextBlock { Text = string.Format(".{0}", TimeSpan.Parse(l.ToolTip.ToString()).Milliseconds), FontSize = 8, FontFamily = new FontFamily("Tahoma"), Foreground = new SolidColorBrush(Color.FromRgb(192, 192, 192)) }; Canvas.SetLeft(textBlock, (currentX - 8)); Canvas.SetTop(textBlock, 8); Header.Children.Add(textBlock); } l.Stroke = new SolidColorBrush(Color.FromRgb(255, 255, 255)); Header.Children.Add(l); Canvas.SetLeft(l, currentX); currentX += distanceBetweenLines; currentLine++; currentTime += timeStep; } } I had looked into BackgroundWorker, except you can't create UI elements on a non-UI thread. Is it possible at all to do drawHeaderLines in a non-UI thread? Could I use data binding for drawing the lines? Would this help with UI responsiveness? I would imagine I can use databinding, but the Styling is probably beyond my current WPF ability (coming from winforms and trying to learn what all these style objects are and binding them). Would anyone be able to supply a starting point for tempting this out? Or Google a tutorial that would get me started?

    Read the article

  • DataGrid : Binding with two different classes with lists ? WPF C#

    - by MyRestlessDream
    It is my first question on StackOverflow so I hope I am doing nothing wrong ! Sorry if it is the case ! I need some help because I can not find the solution of my problem. Of course I have searched everywhere on the web but I can not find it (can not post the links that I am using because of my low reputation :( ). Moreover, I am new in C# and WPF (and self-learning). I used to work in C++/Qt so I do not know how everything works in WPF. And sorry for my English, I am French. My problem My basic classes are that an Employee can use a computer. The id of the computer and the date of use are stored into the class Connection. I would like to display the list information in a DataGrid and in RowDetailsTemplate like here : http://i.stack.imgur.com/Bvn1z.png So it will do a binding to the Employee class but also to the Connection class with only the last value of the property (here the last value of the list "Computer ID" and the last value of the list "Connection Date" on this last computer). So it is a loop in the different lists. How can I do it ? Is it too much to do ? :( I succeed to get the Employee informations but I do not know how to bind the list of computer. When I am trying, it shows me "(Collection)" so it does not go inside the list :( Summary of Questions How to display/bind a value from a list AND from a different class in a DataGrid ? How to display all the values of a list into the RowDetailsTemplate ? Under Windows 7 and Visual Studio 2010 Pro version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ EDIT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution I have used the solution of Stefan Denchev. Here the modification of my class : http://i.stack.imgur.com/Ijx5i.png And the code used: <DataGrid ItemsSource="{Binding}" Name="table"> <DataGrid.Columns> <DataGridTextColumn Header="First Name" Binding="{Binding FirstName}"/> <DataGridTextColumn Header="Last Name" Binding="{Binding LastName}"/> <DataGridTextColumn Header="Gender" Binding="{Binding Gender}"/> <DataGridTextColumn Header="Last computer used" Binding="{Binding LastComputerID}"/> <DataGridTextColumn Header="Last connection date" Binding="{Binding LastDate}"/> </DataGrid.Columns> <DataGrid.RowDetailsTemplate> <DataTemplate> <DataGrid ItemsSource="{Binding ListOfConnection}"> <DataGrid.Columns> <DataGridTextColumn Header="Computer ID" Binding="{Binding ComputerID}"/> <DataGridTemplateColumn> <DataGridTemplateColumn.CellTemplate> <DataTemplate> <ListView ItemsSource="{Binding ListOfDate}"/> </DataTemplate> </DataGridTemplateColumn.CellTemplate> </DataGridTemplateColumn> </DataGrid.Columns> </DataGrid> </DataTemplate> </DataGrid.RowDetailsTemplate> </DataGrid> With in code behind : List<Employee> allEmployees = WorkflowMgr.Instance.AllEmployees; table.DataContext = allEmployees; And it works ! I have tryed to improve my fake example :) Hope it will help to another developer !

    Read the article

  • mysql connect error issue

    - by Alex
    I've php page which update Mysql Db. I don't understand why my following php code is saying that "Could not update marker. No database selected". Strange!! can you please tell me why it's showing error message. Thanks. Php code: <?php // database settings $db_username = 'root'; $db_password = ''; $db_name = 'parkool'; $db_host = 'localhost'; //mysqli $mysqli = new mysqli($db_host, $db_username, $db_password, $db_name); if (mysqli_connect_errno()) { header('HTTP/1.1 500 Error: Could not connect to db!'); exit(); } ################ Save & delete markers ################# if($_POST) //run only if there's a post data { //make sure request is comming from Ajax $xhr = $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'; if (!$xhr){ header('HTTP/1.1 500 Error: Request must come from Ajax!'); exit(); } // get marker position and split it for database $mLatLang = explode(',',$_POST["latlang"]); $mLat = filter_var($mLatLang[0], FILTER_VALIDATE_FLOAT); $mLng = filter_var($mLatLang[1], FILTER_VALIDATE_FLOAT); $mName = filter_var($_POST["name"], FILTER_SANITIZE_STRING); $mAddress = filter_var($_POST["address"], FILTER_SANITIZE_STRING); $mId = filter_var($_POST["id"], FILTER_SANITIZE_STRING); /*$result = mysql_query("SELECT id FROM test.markers WHERE test.markers.lat=$mLat AND test.markers.lng=$mLng"); if (!$result) { echo 'Could not run query: ' . mysql_error(); exit; } $row = mysql_fetch_row($result); $id=$row[0];*/ //$output = '<h1 class="marker-heading">'.$mId.'</h1><p>'.$mAddress.'</p>'; //exit($output); //Update Marker if(isset($_POST["update"]) && $_POST["update"]==true) { $results = mysql_query("UPDATE parkings SET latitude = '$mLat', longitude = '$mLng' WHERE locId = '94' "); if (!$results) { //header('HTTP/1.1 500 Error: Could not Update Markers! $mId'); echo "coudld not update marker." . mysql_error(); exit(); } exit("Done!"); } $output = '<h1 class="marker-heading">'.$mName.'</h1><p>'.$mAddress.'</p>'; exit($output); } ############### Continue generating Map XML ################# //Create a new DOMDocument object $dom = new DOMDocument("1.0"); $node = $dom->createElement("markers"); //Create new element node $parnode = $dom->appendChild($node); //make the node show up // Select all the rows in the markers table $results = $mysqli->query("SELECT * FROM parkings WHERE 1"); if (!$results) { header('HTTP/1.1 500 Error: Could not get markers!'); exit(); } //set document header to text/xml header("Content-type: text/xml"); // Iterate through the rows, adding XML nodes for each while($obj = $results->fetch_object()) { $node = $dom->createElement("marker"); $newnode = $parnode->appendChild($node); $newnode->setAttribute("name",$obj->name); $newnode->setAttribute("locId",$obj->locId); $newnode->setAttribute("address", $obj->address); $newnode->setAttribute("latitude", $obj->latitude); $newnode->setAttribute("longitude", $obj->longitude); //$newnode->setAttribute("type", $obj->type); } echo $dom->saveXML();

    Read the article

  • Extended JMS Support

    - by ACShorten
    In a previous post I discussed the real time JMS integration we added in FW4.1 and also as patches for FW2.2. There are some additional aspects of this integration I did not mention which may be of interest: JMS Topic Support - In the post I concentrated on talking about JMS Queue support but failed to mention that the MDB and outgoing real time JMS also supports JMS Topics. JMS Queues are typically used for point to point decoupled integration and JMS Topics are used for hub integration that uses Publish and Subscribe. JMS Selector Support - By default the MDB will process every message from a JMS resource (Queue or Topic). If you want to alter this behaviour to selectively filter JMS messages then you can use JMS Selectors to specify the conditions for the MDB to selectively process JMS messages based upon conditions. JMS Selectors allow filters to be specified on elements in the JMS Header and JMS Message Properties using SQL like syntax. Note: JMS Selectors do not support filters on the body elements. JMS Header Support - It is possible to place custom information in the JMS Header and JMS Message Properties for outgoing messages (so that other applications can use JMS selectors if necessary as well). This is only available when installing Patches 11888040 (FW4.1) and 11850795 (FW2.2). These facilities coupled with the JMS facilities described in the previous posts gives the product integration capabilities in JMS which can be used with configuration rather than coding. Of course, the JMS facility I have described can also be used in conjunction with SOA Suite to provide greater levels of traceability and management.

    Read the article

  • SQL SERVER – Copy Column Headers from Resultset – SQL in Sixty Seconds #027 – Video

    - by pinaldave
    SQL Server Management Studio returns results in Grid View, Text View and to the file. When we copy results from Grid View to Excel there is a common complaint that the column  header displayed in resultset is not copied to the Excel. I often spend time in performance tuning databases and I run many DMV’s in SSMS to get a quick view of the server. In my case it is almost certain that I need all the time column headers when I copy my data to excel or any other place. SQL Server Management Studio have two different ways to do this. Method 1: Ad-hoc When result is rendered you can right click on the resultset and click on Copy Header. This will copy the headers along with the resultset. Additionally, you can use the shortcut key CTRL+SHIFT+C for coping column headers along with the resultset. Method 2: Option Setting at SSMS level This is SSMS level settings and I kept this option always selected as I often need the column headers when I select the resultset. Go Tools >> Options >> Query Results >> SQL Server >> Results to Grid >> Check the Box “Include column header when copying or saving the results.” Both of the methods are discussed in following SQL in Sixty Seconds Video. Here is the code used in the video. Related Tips in SQL in Sixty Seconds: Copy Column Headers in Query Analyzers in Result Set Getting Columns Headers without Result Data – SET FMTONLY ON If we like your idea we promise to share with you educational material. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: Database, Pinal Dave, PostADay, SQL, SQL Authority, SQL in Sixty Seconds, SQL Query, SQL Scripts, SQL Server, SQL Server Management Studio, SQL Tips and Tricks, T SQL, Technology, Video

    Read the article

  • SQL SERVER – Copy Column Headers from Resultset – SQL in Sixty Seconds #026 – Video

    - by pinaldave
    SQL Server Management Studio returns results in Grid View, Text View and to the file. When we copy results from Grid View to Excel there is a common complaint that the column  header displayed in resultset is not copied to the Excel. I often spend time in performance tuning databases and I run many DMV’s in SSMS to get a quick view of the server. In my case it is almost certain that I need all the time column headers when I copy my data to excel or any other place. SQL Server Management Studio have two different ways to do this. Method 1: Ad-hoc When result is rendered you can right click on the resultset and click on Copy Header. This will copy the headers along with the resultset. Additionally, you can use the shortcut key CTRL+SHIFT+C for coping column headers along with the resultset. Method 2: Option Setting at SSMS level This is SSMS level settings and I kept this option always selected as I often need the column headers when I select the resultset. Go Tools >> Options >> Query Results >> SQL Server >> Results to Grid >> Check the Box “Include column header when copying or saving the results.” Both of the methods are discussed in following SQL in Sixty Seconds Video. Here is the code used in the video. Related Tips in SQL in Sixty Seconds: Copy Column Headers in Query Analyzers in Result Set Getting Columns Headers without Result Data – SET FMTONLY ON If we like your idea we promise to share with you educational material. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: Database, Pinal Dave, PostADay, SQL, SQL Authority, SQL in Sixty Seconds, SQL Query, SQL Scripts, SQL Server, SQL Server Management Studio, SQL Tips and Tricks, T SQL, Technology, Video

    Read the article

  • Why does display:table-cell not center content without display:table?

    - by Samuel
    I'm looking for the most efficient (or elegant) way to vertically and horizontally center content of variable height. I've come up with this: http://cssdeck.com/t/2veysdkg/16, which uses css tables to vertically center the main content. My demands for writing this particular piece of code were: Must be able to center variable and fixed width content vertically and horizontally Centered content must be inside the normal document flow (so no overlapping) Sticky footer and normal header of 100% width As few hacks, ugly code or non-semantic html as possible I didn't care about support for IE6, IE7 (I'll use a different stylesheet for them) The weird thing is that the demands above are only met when the header and footer are set to table-row, and the body-tag to display:table. Which is weird because as I understand it the css will generate anonymous table elements when parent table elements are missing. So table-cell should work without all the surrounding elements, but yet I've not been able to make it work. If it were up to me I would prefer to not mess with the display mode for the body tag, and leave the header and footer on display:block. But I've not been able to make it work. Does anyone understand why this doesn't work?

    Read the article

  • Customize Your WordPress Blog & Build an Audience

    - by Matthew Guay
    Want to quickly give your blog a fresh coat of paint and make it stand out from the pack?  Here’s how you can customize your WordPress blog and make it uniquely yours. WordPress offers many features that help you make your blog the best it can be.  Although it doesn’t offer as many customization features as full WordPress running on your own server, it still makes it easy to make your free blog as professional or cute as you like.  Here we’ll look at how you can customize features in your blog and build an audience. Personalize Your Blog WordPress make it easy to personalize your blog.  Most of the personalization options are available under the Appearance menu on the left.  Here we’ll look at how you can use most of these. Add New Theme WordPress is popular for the wide range of themes available for it.  While you cannot upload your own theme to your blog, you can choose from over 90 free themes currently available with more added all the time.  To change your theme, select the Themes page under Appearance. The Themes page will show random themes, but you can choose to view them in alphabetical order, by popularity, or how recently they were added.  Or, you can search for a theme by name or features. One neat way to find a theme that suites your needs is the Feature Filter.  Click the link on the right of the search button, and then select the options you want to make sure your theme has.  Click Apply Filters and WordPress will streamline your choices to themes that contain these features. Once you find a theme you like, click Preview under its name to see how your blog will look. This will open a popup that shows your blog with the new theme.  Click the Activate link in the top right corner of the popup if you want to keep this theme; otherwise, click the x in the top left corner to close the preview and continue your search for one you want.   Edit Current Theme Many of the themes on WordPress have customization options so you can make your blog stand out from others using the same theme.  The default theme Twenty Ten lets you customize both the header and background image, and many themes have similar options. To choose a new header image, select the Header page under Appearance.  Select one of the pre-installed images and click Save Changes, or upload your own image. If you upload an image larger than the size for the header, WordPress will let you crop it directly in the web interface.  Click Crop Header when you’ve selected the portion you want for the header of your blog. You can also customize your blog’s background from the Background page under Appearance.  You can upload an image for the background, or can enter a hex value of a color for a solid background.  If you’d rather visually choose a color, click Select a Color to open a color wheel that makes it easy to choose a nice color.  Click Save Changes when you’re done. Note: that all themes may not contain these customization options, but many are flexible.  You cannot edit the actual CSS of your theme on free WordPress blogs, but you you can purchase the Custom CSS Upgrade for $14.97/year to add this ability. Add Widgets With Extra Content Widgets are small addons for your blog, similar to Desktop Gadgets in Windows 7 or Dashboard widgets in Mac OS X.  You can add widgets to your blog to show recent Tweets, favorite Flickr pictures, popular articles, and more.  To add widgets to your blog, open the Widgets page under Appearance. You’ll see a variety of widgets available in the main white box.  Select one you want to add, and drag it to the widget area of your choice.  Different themes may offer different areas to place Widgets, such as the sidebar or footer. Most of the widgets offer configuration options.  Click the down arrow beside its name to edit it.  Set them up as you wish, and click Save on the bottom of the widget. Now we’ve got some nice dynamic content on our blog that’s automatically updated from the net. Choose Blog Extras By default, WordPress shows previews of websites when visitors hover over links on your blog, uses a special mobile theme when people visit from a mobile device, and shows related links to other blogs on the WordPress network at the end of your posts.  If you don’t like these features, you can disable them on the Extras page under Appearance. Build Your Audience Now that your blog is looking nice, we can make sure others will discover it.  WordPress makes it easy for you to make your site discoverable on search engines or social network, and even gives you the option to keep your site private if you’d prefer.  Open the Privacy page under Tools to change your site’s visibility.  By default, it will be indexed by search engines and be viewable to everyone.  You can also choose to leave your blog public but block search engines, or you can make it fully private. If you choose to make your blog private, you can enter up to 35 usernames of people you want to be able to see it.  Each private visitor must have a WordPress.com account so they can login.  If you need more than 35 private members, you can upgrade to allow unlimited private members for $29.97/year. Then, if you do want your site visible from search engines, one of the best ways to make sure your content is discovered by search engines is to register with their webmaster tools.  Once registered, you need to add your key to your site so the search engine will find and index it.  On the bottom of the Tools page, WordPress lets you enter your key from Google, Bing, and Yahoo! to make sure your site is discovered.  If you haven’t signed up with these tools yet, you can signup via the links on this page as well. Post Blog Updates to Social Networks Many people discover the sites they visit from friends and others via social networks.  WordPress makes it easy to automatically share links to your content on popular social networks.  To activate this feature, open the My Blogs page under Dashboard. Now, select the services you want to activate under the Publicize section.  This will automatically update Yahoo!, Twitter, and/or Facebook every time you publish a new post. You’ll have to authorize your connection with the social network.  With Twitter and Yahoo!, you can authorize them with only two clicks, but integrating with Facebook will take several steps.   If you’d rather share links yourself on social networks, you can get shortened URLs to your posts.  When you write a new post or edit an existing one, click the Get Shortlink button located underneath the post’s title. This will give you a small URL, usually 20 characters or less, that you can use to post on social networks such as Twitter.   This should help build your traffic, and if you want to see how many people are checking out your site, check out the stats on your Dashboard.  This shows a graph of how many people are visiting, and popular posts.  Click View All if you’d like more detailed stats including search engine terms that lead people to your blog. Conclusion Whether you’re looking to make a private blog for your group or publish a blog that’s read by millions around the world, WordPress is a great way to do it for free.  And with all of the personalization options, you can make your it memorable and exciting for your visitors. If you don’t have a blog, you can always signup for a free one from WordPress.com.  Also make sure to check out our article on how to Start Your Own Blog with WordPress. Similar Articles Productive Geek Tips Manage Your WordPress Blog Comments from Your Windows DesktopAdd Social Bookmarking (Digg This!) Links to your Wordpress BlogHow-To Geek SoftwareMake a Backup Copy of your Production Wordpress Blog on UbuntuOops! Sorry About the Feed Errors TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips CloudBerry Online Backup 1.5 for Windows Home Server Snagit 10 VMware Workstation 7 Acronis Online Backup Windows Firewall with Advanced Security – How To Guides Sculptris 1.0, 3D Drawing app AceStock, a Tiny Desktop Quote Monitor Gmail Button Addon (Firefox) Hyperwords addon (Firefox) Backup Outlook 2010

    Read the article

  • Adding graph in excel based on the content of ADFdi Table

    - by Arun
    Often we tend to represent the data present in the table in a graphical format to give a visual impression of the data. This article would be explaining the way to achieve it using the data we have in ADFdi table of the integrated workbook. Pre-requisites: Microsoft Office 2007 JDeveloper 11.1.1.1.0 and above Assuming we are already having an ADFdi enabled workbook with a table based on an Employee table as shown in the image below. Also, add the table.download to the ribbon toolbar as menu item / as action for the startup event. From excel, we'll add a new 3D bar chart Now, we need to select the data range for the chart. We will take an example of chart based on the salary of the employees. So, the data for the X-Axis of the chart would be the Ename and the data for the Y-Axis being the salary. We can do that by right clicking on the Chart and selecting Select Data. We would select the Legend Entry Series name as the Sal header column in the table, and for the data, we select both the header row and the row below it (by holding Shift key). And, for the Category Axis, we select the Ename header row and the row below it (by holding Shift key). We can get the chart now, by running the Workbook and downloading the data into the table. This simple example can be enhanced for complex graphs by using the data from the ADFdi table to use the power of excel along with ADF Desktop Integration.

    Read the article

  • How to force browsers to always reload xslt files?

    - by bitmask
    Related: Apache: How can I force the browser to reload CSS files? I'm building an xml page (on an apache2) that is supposed to be translated to xhtml by the browser, so my server also serves a main.xslt which is used as stylesheet by the xml file, similar to the scenario with the css files in the linked question. However, none of tricks provided in either that answer, nor some issues on SO solve the issue for Opera. While Firefox responds to F5 by fetching not only the xml file but also the xslt file, Opera only reloads the xml file. I tried both, setting the Last-Modified HTTP header via an .htaccess file and using the expires module of apache2. This is what my .htaccess looks right now: AddType text/xsl;charset=utf-8 .xslt ExpiresByType text/xsl "modification plus 1 second" Header set Last-Modified "Wed, 08 Jan 2000 23:11:55 GMT" #Header set Last-Modified "Wed, 08 Jan 2020 23:11:55 GMT" If I open the xsl myself and manually reload it, the xml presentation is updated as well, but this is tedious for development. Note: There is no php or any kind of scripting involved. Everything is static.

    Read the article

  • Top 10 solution documents for Weblogic Server J2EE Feb 2014 - May 2014

    - by jhpierce -Oracle
    The following are the top 10 documents linked to SRs as solutions, for Weblogic Server J2EE issues, from Feb 2014 thru May 2014. 1163020.1 How to configure Filtering class loader in weblogic.xml   To configure the Filtering Class Loader to specify a certain package is loaded from an application, add a prefer-application-packages descriptor element. 1276593.1 WLS - How to supress servlet/JSP version details In WebLogic HTTP response header The string "X-Powered-By: Servlet/2.4 JSP/2.0" is showing up in the servlet response header.How to stop Weblogic from including servlet/JSP version details in the x-powered-by HTTP response header. 1490080.1 WebLogic Server 12.1.1.0 in a Cluster Environment Throws NotSerializableException for CDI Applications at com.sun.jersey.server.impl.cdi.CDIExtension When running in clustered environment, server start-up is not clean when you have CDI applications deployed. 1268138.1 Sample TwoWay SSL implementation for JAX-WS Webservice!   In this sample provided the recipient checks for the initiator's public certificate. Note that the client certificate can be used for authentication. 1584779.1 Socket Leaks When Calling Web-Service Over SSL This is a known bug 16810786 1598617.1 Secure WebService call throwing CANNOT RESOLVE URL FOR PROTOCOL HTTP/HTTPS through web server(APACHE) plug-in.    1056121.1 How to Timeout Weblogic Webservice Client   How to timeout a WebService client with and without using Stubs. 1568638.1 When packaging Jersey JAX-RS libraries into webapp throws NoSuchMethodError()  When attempting to include custom Jersey implementation libraries in to web application in a OSB domain. 1118264.1 WLS 10.3: Intermittent XA error: XAResource.XAER_RMERR In WebLogic 10.3, a CMP EJB sometimes throws the exception.   1608951.1 How to get More Details About Error BEA-101215 Malformed Request. Request parsing failed Code: -1   Which was seen when accessing the application via loadbalancer?

    Read the article

  • Unable to print login-required images in IE

    - by Tim Fountain
    I have some images in a section of a site that require the user to be logged in in order to view. These images are served by a PHP script, which checks the user's login state and if valid, serves the binary data with the appropriate headers. This all works fine. The issue comes when a user tries to print one of these images. In Internet Explorer, when they go to print preview they get the broken image box with a red cross in the corner instead of the actual file. This is what gets printed also. All other browsers can print the images without issue. I have some images elsewhere on the site that are also served via. PHP but these don't require a login. These print fine. The PHP-powered HTML pages on the site that require a login also print fine in IE. It's just login-required images. The user hitting print preview does not seem to result in additional HTTP request to the server for the file. However I do see an additional HTTP request a few seconds later that comes from the same IP (may or may not be related), This request includes no host header, no REQUEST_URI and no user agent. The 'please login' page sends an appropriate 403 header. I've also added a far-in-future expires header to the image response itself to ensure that browsers can serve/print the files from their own cache but this hasn't made any difference. Why can't IE print the images and what else can I do to investigate or fix the problem?

    Read the article

  • Removing 301 redirect from site root

    - by Jon Clements
    I'm having a look at a friends website (a fairly old PHP based one) which they've been advised needs re-structuring. The key points being: URLs should be lower case and more "friendly". The root of the domain should be not be re-directed. The first point I'm happy with (and the URLs needed tidying up anyway) and have a draft plan of action, however the second is baffling me as to not only the best way to do it, but also whether it should be done. Currently http://www.example.com/ is redirected to http://www.example.com/some-link-with-keywords/ using the follow index.php in the root of the Apache2 instance. <?php $nextpage = "some-link-with-keywords/"; header( "HTTP/1.1 301 Moved Permanently" ); header( "Status: 301 Moved Permanently" ); header("Location: $nextpage"); exit(0); // This is Optional but suggested, to avoid any accidental output ?> As far as I'm aware, this has been the case for around three years -- and I'm sorely tempted to advise to not worry about it. It would appear taking off the 301 could: Potentially affect page ranking (as the 'homepage' would disappear - although it couldn't disappear because of the next point...) Introduce maintainance issues as existing users would still have the re-directed page in their cache Following the above, introduce duplicate content Confuse Google/other SE's as to what the homepage actually is now I may be over-analysing this but I have a feeling it's not as simple as removing the 301 from the root, and 301'ing the previous target to the root... Any suggestions (including it's not worth it) are sincerely appreciated.

    Read the article

  • Repeat use of Schema / Rich Snippets Markup i.e LocalBusiness Data

    - by bybe
    I am unable to find official wording and I'm hoping that some Rich Snippets/Schema Guru can give me some insight into proper usage of repeated content when it comes to using markup. I'm building a site that wants to use Schema as the markup type and the owner would like as much usage as possible. The business name, telephone and address will appear on every page now is it valid or even useful to use Rich Snippets on every page where this information is displayed. For example this information appears in the header, and footer of every page of the site and too give you an example of my current markup see below: <body itemscope itemtype="http://schema.org/LocalBusiness"> <header> <a itemprop="url" href="http://www.domain.co.uk/"> <img itemprop="logo" src="image.png" alt="Company Name Logo" /> </a> <span itemprop="telephone">01202 000 000</span> </header> <div> This is where the content will go</div> <footer> <span itemprop="name">Company Name</span> <span itemprop="description"> A small little bit about this company</span> <div itemprop="address" itemscope itemtype="http://schema.org/PostalAddress"> <span itemprop="streetAddress">Address Goes here</span> <span itemprop="addressLocality">Area Here</span>, <span itemprop="addressRegion">Region Here</span> </div> </footer> </body> !-- Local Business Schema Now Closed --> So as you can see above this information will be displayed on every single page.... Is this valid or bad to repeat usage of this information in schema format...

    Read the article

  • Obscure SPUtility.SendMail Behavior When Manually Passing in Mail Headers

    - by Damon
    There are two ways to send mail in SharePoint: you can either use the mail components from the System.Net namespace, or you can send email using SharePoint's SPUtility.SendMail method.  One of the benefits of the SPUtility.SendMail method is that it uses the mail configuration from SharePoint, so you can manage settings in Central Administration instead of having to go through and modify your web.config file.  SPUtility.SendMail can get the job done, but it's defiantly not as developer friendly as the components from the System.Net namespace.  If you want to CC someone on an email, for example, you do NOT have a nice CC parameter - you have to manually add the CC mail header and pass it into the SPUtility.SendMail method.  I had to do this the other day, and ran into a really obscure issue. If you do NOT pass the headers into the method then SharePoint sends the email using the From Address configured in the Outgoing Mail settings in Central Admin.  If you pass headers into the method, but do not include the from header, then SharePoint sends the mail using the email address of the current user. This can be an issue if your mail server is setup to reject an email from an invalid email address or an email address that is not on your domain.  The way to fix this issue is to always pass in the from header.  If you want to use the configured From address, then you can do the following: SPWebApplication webApp = SPWebApplication.Lookup(new Uri(SPContext.Current.Site.Url)); StringDictionary headers = new StringDictionary(); headers.Add("from", webApp.OutboundMailSenderAddress);

    Read the article

  • Flow Fields in Dynamics NAV

    - by T
    I don’t know the exact business reason but someone asked how to identify all sales shipping orders with any negative quantities on them.  They needed to print these separately from the shipments that only have all positive quantities. Here is one way to solve this problem In NAV, open Sales Shipment Header Add a field of type Boolean (The field type should match the value you expect to return from the flow field method.  In this case we will use an exist so we expect a bool but we could have used a Sum, Average, Min, Max, Count, or a Lookup to return a value). Define it as a flow field and click on the ellipse next to CalcFormula Now [Has Negative Qty] is false if no negatives exist And [Has Negative Qty] and true if a negative exist So it is ready to be used as a filter on the report. Don’t forget that if you are using it in code, you may need to CalcFields. Hope that helps.  If you really can’t afford the field in your header, you can use code to check the lines for a negative value each time and use a skip or break function to skip that header record but it seems expensive to check them all if you only want a few to print. Please let me know if you think of a better solution.

    Read the article

  • Halloween: Season for Java Embedded Internet of Spooky Things (IoST) (Part 3)

    - by hinkmond
    So, let's now connect the parts together to make a Java Embedded ghost sensor using a Raspberry Pi. Grab your JFET transistor, LED light, wires, and breadboard and follow the connections on this diagram. The JFET transistor plugs into the breadboard with the flat part facing left. Then, plug in a wire to the same breadboard hole row as the top JFET lead (green in the diagram) and keep it unconnected to act as an antenna. Then, connect a wire (red) from the middle lead of the JFET transistor to Pin 1 on your RPi GPIO header. And, connect another wire (blue) from the lower lead of the JFET transistor to Pin 25 on your RPi GPIO header, then connect another (blue) wire from the lower lead of the JFET transistor to the long end of a common cathode LED, and finally connect the short end of the LED with a wire (black) to Pin 6 (ground) of the RPi GPIO header. That's it. Easy. Now test it. See: Ghost Sensor Testing Here's a video of me testing the Ghost Sensor circuit on my Raspberry Pi. We'll cover the Java SE app needed to record the ghost analytics in the next post. Hinkmond

    Read the article

  • What is wrong with this HTML5 <address> element? [closed]

    - by binaryorganic
    <div id="header-container"> <address> <ul> <li>lorem ipsum</li> <li>(xxx) xxx-xxxx</li> </ul> </address> </div> And the CSS looks like this: #header-container address {float: right; margin-top: 25px;} When I load the page, it looks fine in Chrome & IE, but in Firefox it's ignoring the styling completely. When I view source in firefox it looks like above, but in Firebug it looks like this: <div id="header-container"> <address> </address> <ul> <li>lorem ipsum</li> <li>(xxx) xxx-xxxx</li> </ul> </div>

    Read the article

  • Is it justified to use project-wide unique function and variable names to help future refactoring?

    - by kahoon
    Refactoring tools (like ReSharper) often can't be sure whether to rename a given identifier when, for example refactoring a JavaScript function. I guess this is a consequence of JavaScript's dynamic nature. ReSharper solves this problem by offering to rename reasonable lexical matches too. The developer can opt out of renaming certain functions, if he finds that the lexical match is purely accidental. This means that the developer has to approve every instance that will be affected by the renaming. For example let's consider we have two Backbone classes which are used completely independently from each other in our application: var Header = Backbone.View.extend({ close: function() {...} }) var Dialog = Backbone.View.extend({ close: function() {...} }) If you try to rename Dialog's close method to for example closeAndNotify, then ReSharper will offer to rename all occurences of Header's close method just because they are the same lexically prior to the renaming. To avoid this problem, please consider this: var Header = Backbone.View.extend({ closeHeader: function() {...} }) var Dialog = Backbone.View.extend({ closeDialog: function() {...} }) Now you can rename closeDialog unambiguously - given that you have no other classes having a method with the same name. Is it worth it to name my functions this way to help future refactoring?

    Read the article

  • Requiring a specific order of compilaiton

    - by Aber Kled
    When designing a compiled programming language, is it a bad idea to require a specific order of compilation of separate units, according to their dependencies? To illustrate what I mean, consider C. C is the opposite of what I'm suggesting. There are multiple .c files, that can all depend on each other, but all of these separate units can be compiled on their own, in no particular order - only to be linked together into a final executable later. This is mostly due to header files. They enable separate units to share information with each other, and thus the units are able to be compiled independently. If a language were to dispose of header files, and only keep source and object files, then the only option would be to actually include the unit's meta-information in the unit's object file. However, this would mean that if the unit A depends on the unit B, then the unit B would need to be compiled before unit A, so unit A could "import" the unit B's object file, thus obtaining the information required for its compilation. Am I missing something here? Is this really the only way to go about removing header files in compiled languages?

    Read the article

  • Security Issues with Single Page Apps

    - by Stephen.Walther
    Last week, I was asked to do a code review of a Single Page App built using the ASP.NET Web API, Durandal, and Knockout (good stuff!). In particular, I was asked to investigate whether there any special security issues associated with building a Single Page App which are not present in the case of a traditional server-side ASP.NET application. In this blog entry, I discuss two areas in which you need to exercise extra caution when building a Single Page App. I discuss how Single Page Apps are extra vulnerable to both Cross-Site Scripting (XSS) attacks and Cross-Site Request Forgery (CSRF) attacks. This goal of this blog post is NOT to persuade you to avoid writing Single Page Apps. I’m a big fan of Single Page Apps. Instead, the goal is to ensure that you are fully aware of some of the security issues related to Single Page Apps and ensure that you know how to guard against them. Cross-Site Scripting (XSS) Attacks According to WhiteHat Security, over 65% of public websites are open to XSS attacks. That’s bad. By taking advantage of XSS holes in a website, a hacker can steal your credit cards, passwords, or bank account information. Any website that redisplays untrusted information is open to XSS attacks. Let me give you a simple example. Imagine that you want to display the name of the current user on a page. To do this, you create the following server-side ASP.NET page located at http://MajorBank.com/SomePage.aspx: <%@Page Language="C#" %> <html> <head> <title>Some Page</title> </head> <body> Welcome <%= Request["username"] %> </body> </html> Nothing fancy here. Notice that the page displays the current username by using Request[“username”]. Using Request[“username”] displays the username regardless of whether the username is present in a cookie, a form field, or a query string variable. Unfortunately, by using Request[“username”] to redisplay untrusted information, you have now opened your website to XSS attacks. Here’s how. Imagine that an evil hacker creates the following link on another website (hackers.com): <a href="/SomePage.aspx?username=<script src=Evil.js></script>">Visit MajorBank</a> Notice that the link includes a query string variable named username and the value of the username variable is an HTML <SCRIPT> tag which points to a JavaScript file named Evil.js. When anyone clicks on the link, the <SCRIPT> tag will be injected into SomePage.aspx and the Evil.js script will be loaded and executed. What can a hacker do in the Evil.js script? Anything the hacker wants. For example, the hacker could display a popup dialog on the MajorBank.com site which asks the user to enter their password. The script could then post the password back to hackers.com and now the evil hacker has your secret password. ASP.NET Web Forms and ASP.NET MVC have two automatic safeguards against this type of attack: Request Validation and Automatic HTML Encoding. Protecting Coming In (Request Validation) In a server-side ASP.NET app, you are protected against the XSS attack described above by a feature named Request Validation. If you attempt to submit “potentially dangerous” content — such as a JavaScript <SCRIPT> tag — in a form field or query string variable then you get an exception. Unfortunately, Request Validation only applies to server-side apps. Request Validation does not help in the case of a Single Page App. In particular, the ASP.NET Web API does not pay attention to Request Validation. You can post any content you want – including <SCRIPT> tags – to an ASP.NET Web API action. For example, the following HTML page contains a form. When you submit the form, the form data is submitted to an ASP.NET Web API controller on the server using an Ajax request: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> </head> <body> <form data-bind="submit:submit"> <div> <label> User Name: <input data-bind="value:user.userName" /> </label> </div> <div> <label> Email: <input data-bind="value:user.email" /> </label> </div> <div> <input type="submit" value="Submit" /> </div> </form> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { user: { userName: ko.observable(), email: ko.observable() }, submit: function () { $.post("/api/users", ko.toJS(this.user)); } }; ko.applyBindings(viewModel); </script> </body> </html> The form above is using Knockout to bind the form fields to a view model. When you submit the form, the view model is submitted to an ASP.NET Web API action on the server. Here’s the server-side ASP.NET Web API controller and model class: public class UsersController : ApiController { public HttpResponseMessage Post(UserViewModel user) { var userName = user.UserName; return Request.CreateResponse(HttpStatusCode.OK); } } public class UserViewModel { public string UserName { get; set; } public string Email { get; set; } } If you submit the HTML form, you don’t get an error. The “potentially dangerous” content is passed to the server without any exception being thrown. In the screenshot below, you can see that I was able to post a username form field with the value “<script>alert(‘boo’)</script”. So what this means is that you do not get automatic Request Validation in the case of a Single Page App. You need to be extra careful in a Single Page App about ensuring that you do not display untrusted content because you don’t have the Request Validation safety net which you have in a traditional server-side ASP.NET app. Protecting Going Out (Automatic HTML Encoding) Server-side ASP.NET also protects you from XSS attacks when you render content. By default, all content rendered by the razor view engine is HTML encoded. For example, the following razor view displays the text “<b>Hello!</b>” instead of the text “Hello!” in bold: @{ var message = "<b>Hello!</b>"; } @message   If you don’t want to render content as HTML encoded in razor then you need to take the extra step of using the @Html.Raw() helper. In a Web Form page, if you use <%: %> instead of <%= %> then you get automatic HTML Encoding: <%@ Page Language="C#" %> <% var message = "<b>Hello!</b>"; %> <%: message %> This automatic HTML Encoding will prevent many types of XSS attacks. It prevents <script> tags from being rendered and only allows &lt;script&gt; tags to be rendered which are useless for executing JavaScript. (This automatic HTML encoding does not protect you from all forms of XSS attacks. For example, you can assign the value “javascript:alert(‘evil’)” to the Hyperlink control’s NavigateUrl property and execute the JavaScript). The situation with Knockout is more complicated. If you use the Knockout TEXT binding then you get HTML encoded content. On the other hand, if you use the HTML binding then you do not: <!-- This JavaScript DOES NOT execute --> <div data-bind="text:someProp"></div> <!-- This Javacript DOES execute --> <div data-bind="html:someProp"></div> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { someProp : "<script>alert('Evil!')<" + "/script>" }; ko.applyBindings(viewModel); </script>   So, in the page above, the DIV element which uses the TEXT binding is safe from XSS attacks. According to the Knockout documentation: “Since this binding sets your text value using a text node, it’s safe to set any string value without risking HTML or script injection.” Just like server-side HTML encoding, Knockout does not protect you from all types of XSS attacks. For example, there is nothing in Knockout which prevents you from binding JavaScript to a hyperlink like this: <a data-bind="attr:{href:homePageUrl}">Go</a> <script src="Scripts/jquery-1.7.1.min.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { homePageUrl: "javascript:alert('evil!')" }; ko.applyBindings(viewModel); </script> In the page above, the value “javascript:alert(‘evil’)” is bound to the HREF attribute using Knockout. When you click the link, the JavaScript executes. Cross-Site Request Forgery (CSRF) Attacks Cross-Site Request Forgery (CSRF) attacks rely on the fact that a session cookie does not expire until you close your browser. In particular, if you visit and login to MajorBank.com and then you navigate to Hackers.com then you will still be authenticated against MajorBank.com even after you navigate to Hackers.com. Because MajorBank.com cannot tell whether a request is coming from MajorBank.com or Hackers.com, Hackers.com can submit requests to MajorBank.com pretending to be you. For example, Hackers.com can post an HTML form from Hackers.com to MajorBank.com and change your email address at MajorBank.com. Hackers.com can post a form to MajorBank.com using your authentication cookie. After your email address has been changed, by using a password reset page at MajorBank.com, a hacker can access your bank account. To prevent CSRF attacks, you need some mechanism for detecting whether a request is coming from a page loaded from your website or whether the request is coming from some other website. The recommended way of preventing Cross-Site Request Forgery attacks is to use the “Synchronizer Token Pattern” as described here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet When using the Synchronizer Token Pattern, you include a hidden input field which contains a random token whenever you display an HTML form. When the user opens the form, you add a cookie to the user’s browser with the same random token. When the user posts the form, you verify that the hidden form token and the cookie token match. Preventing Cross-Site Request Forgery Attacks with ASP.NET MVC ASP.NET gives you a helper and an action filter which you can use to thwart Cross-Site Request Forgery attacks. For example, the following razor form for creating a product shows how you use the @Html.AntiForgeryToken() helper: @model MvcApplication2.Models.Product <h2>Create Product</h2> @using (Html.BeginForm()) { @Html.AntiForgeryToken(); <div> @Html.LabelFor( p => p.Name, "Product Name:") @Html.TextBoxFor( p => p.Name) </div> <div> @Html.LabelFor( p => p.Price, "Product Price:") @Html.TextBoxFor( p => p.Price) </div> <input type="submit" /> } The @Html.AntiForgeryToken() helper generates a random token and assigns a serialized version of the same random token to both a cookie and a hidden form field. (Actually, if you dive into the source code, the AntiForgeryToken() does something a little more complex because it takes advantage of a user’s identity when generating the token). Here’s what the hidden form field looks like: <input name=”__RequestVerificationToken” type=”hidden” value=”NqqZGAmlDHh6fPTNR_mti3nYGUDgpIkCiJHnEEL59S7FNToyyeSo7v4AfzF2i67Cv0qTB1TgmZcqiVtgdkW2NnXgEcBc-iBts0x6WAIShtM1″ /> And here’s what the cookie looks like using the Google Chrome developer toolbar: You use the [ValidateAntiForgeryToken] action filter on the controller action which is the recipient of the form post to validate that the token in the hidden form field matches the token in the cookie. If the tokens don’t match then validation fails and you can’t post the form: public ActionResult Create() { return View(); } [ValidateAntiForgeryToken] [HttpPost] public ActionResult Create(Product productToCreate) { if (ModelState.IsValid) { // save product to db return RedirectToAction("Index"); } return View(); } How does this all work? Let’s imagine that a hacker has copied the Create Product page from MajorBank.com to Hackers.com – the hacker grabs the HTML source and places it at Hackers.com. Now, imagine that the hacker trick you into submitting the Create Product form from Hackers.com to MajorBank.com. You’ll get the following exception: The Cross-Site Request Forgery attack is blocked because the anti-forgery token included in the Create Product form at Hackers.com won’t match the anti-forgery token stored in the cookie in your browser. The tokens were generated at different times for different users so the attack fails. Preventing Cross-Site Request Forgery Attacks with a Single Page App In a Single Page App, you can’t prevent Cross-Site Request Forgery attacks using the same method as a server-side ASP.NET MVC app. In a Single Page App, HTML forms are not generated on the server. Instead, in a Single Page App, forms are loaded dynamically in the browser. Phil Haack has a blog post on this topic where he discusses passing the anti-forgery token in an Ajax header instead of a hidden form field. He also describes how you can create a custom anti-forgery token attribute to compare the token in the Ajax header and the token in the cookie. See: http://haacked.com/archive/2011/10/10/preventing-csrf-with-ajax.aspx Also, take a look at Johan’s update to Phil Haack’s original post: http://johan.driessen.se/posts/Updated-Anti-XSRF-Validation-for-ASP.NET-MVC-4-RC (Other server frameworks such as Rails and Django do something similar. For example, Rails uses an X-CSRF-Token to prevent CSRF attacks which you generate on the server – see http://excid3.com/blog/rails-tip-2-include-csrf-token-with-every-ajax-request/#.UTFtgDDkvL8 ). For example, if you are creating a Durandal app, then you can use the following razor view for your one and only server-side page: @{ Layout = null; } <!DOCTYPE html> <html> <head> <title>Index</title> </head> <body> @Html.AntiForgeryToken() <div id="applicationHost"> Loading app.... </div> @Scripts.Render("~/scripts/vendor") <script type="text/javascript" src="~/App/durandal/amd/require.js" data-main="/App/main"></script> </body> </html> Notice that this page includes a call to @Html.AntiForgeryToken() to generate the anti-forgery token. Then, whenever you make an Ajax request in the Durandal app, you can retrieve the anti-forgery token from the razor view and pass the token as a header: var csrfToken = $("input[name='__RequestVerificationToken']").val(); $.ajax({ headers: { __RequestVerificationToken: csrfToken }, type: "POST", dataType: "json", contentType: 'application/json; charset=utf-8', url: "/api/products", data: JSON.stringify({ name: "Milk", price: 2.33 }), statusCode: { 200: function () { alert("Success!"); } } }); Use the following code to create an action filter which you can use to match the header and cookie tokens: using System.Linq; using System.Net.Http; using System.Web.Helpers; using System.Web.Http.Controllers; namespace MvcApplication2.Infrastructure { public class ValidateAjaxAntiForgeryToken : System.Web.Http.AuthorizeAttribute { protected override bool IsAuthorized(HttpActionContext actionContext) { var headerToken = actionContext .Request .Headers .GetValues("__RequestVerificationToken") .FirstOrDefault(); ; var cookieToken = actionContext .Request .Headers .GetCookies() .Select(c => c[AntiForgeryConfig.CookieName]) .FirstOrDefault(); // check for missing cookie or header if (cookieToken == null || headerToken == null) { return false; } // ensure that the cookie matches the header try { AntiForgery.Validate(cookieToken.Value, headerToken); } catch { return false; } return base.IsAuthorized(actionContext); } } } Notice that the action filter derives from the base AuthorizeAttribute. The ValidateAjaxAntiForgeryToken only works when the user is authenticated and it will not work for anonymous requests. Add the action filter to your ASP.NET Web API controller actions like this: [ValidateAjaxAntiForgeryToken] public HttpResponseMessage PostProduct(Product productToCreate) { // add product to db return Request.CreateResponse(HttpStatusCode.OK); } After you complete these steps, it won’t be possible for a hacker to pretend to be you at Hackers.com and submit a form to MajorBank.com. The header token used in the Ajax request won’t travel to Hackers.com. This approach works, but I am not entirely happy with it. The one thing that I don’t like about this approach is that it creates a hard dependency on using razor. Your single page in your Single Page App must be generated from a server-side razor view. A better solution would be to generate the anti-forgery token in JavaScript. Unfortunately, until all browsers support a way to generate cryptographically strong random numbers – for example, by supporting the window.crypto.getRandomValues() method — there is no good way to generate anti-forgery tokens in JavaScript. So, at least right now, the best solution for generating the tokens is the server-side solution with the (regrettable) dependency on razor. Conclusion The goal of this blog entry was to explore some ways in which you need to handle security differently in the case of a Single Page App than in the case of a traditional server app. In particular, I focused on how to prevent Cross-Site Scripting and Cross-Site Request Forgery attacks in the case of a Single Page App. I want to emphasize that I am not suggesting that Single Page Apps are inherently less secure than server-side apps. Whatever type of web application you build – regardless of whether it is a Single Page App, an ASP.NET MVC app, an ASP.NET Web Forms app, or a Rails app – you must constantly guard against security vulnerabilities.

    Read the article

  • h:dataTable alternating rows in JSF2

    - by Benchik
    Hello. I'm trying to make alternating rows in JSF2 h:dataTable (no richfaces or such) but i get an unexpected result. the table is built but it has a white grid shown (but i didn't specifiy any border) and there's no buttom line under each row. The CSS: .order-table{ border-collapse:collapse; } .order-table-header{ text-align:center; background:none repeat scroll 0 0 #E5E5E5; border-bottom:1px solid #95bce2; padding:16px; } .order-table-odd-row{ text-align:center; background:none repeat scroll 0 0 #FFFFFFF; border-top:1px solid #000000; } .order-table-even-row{ text-align:center; background:none repeat scroll 0 0 #ecf6fc; border-top:1px solid #BBBBBB; } table.order-table tr.over { background-color: #bcd4ec; } The table: <h:dataTable id="personsTable" value="#{personController.allPersons}" var="bean" styleClass="order-table" headerClass="order-table-header" rowClasses="order-table-odd-row,order-table-even-row"> <h:column> <f:facet name="header"> <h:outputText value="First Name" /> </f:facet> <h:outputText value="#{bean.firstName}"/> </h:column> <h:column> <f:facet name="header"> <h:outputText value="Last Name" /> </f:facet> <h:outputText value="#{bean.lastName}"/> </h:column> <h:column> <f:facet name="header"> <h:outputText value="Phone" /> </f:facet> <h:outputText value="#{bean.phone}"/> </h:column> </h:dataTable> and a small JQuery script: <script type="text/javascript"> $(document).ready(function(){ $(".order-table tr").mouseover(function(){ $(this).addClass("over"); }); $(".order-table tr").mouseout(function(){ $(this).removeClass("over"); }); }); </script> The result is (notice the white grid that came from i don't know where. And also no underline which should come from the CSS): http://imagebin.org/132574

    Read the article

  • JFace ApplicationWindow: createContents isn't working

    - by jasonh
    I'm attempting to create a window that is divided into three parts. A non-resizable header and footer and then a content area that expands to fill the remaining area in the window. To get started, I created the following class: public class MyWindow extends ApplicationWindow { Color white; Font mainFont; Font headerFont; public MyWindow() { super(null); } protected Control createContents(Composite parent) { Display currentDisplay = Display.getCurrent(); white = new Color(currentDisplay, 255, 255, 255); mainFont = new Font(currentDisplay, "Tahoma", 8, 0); headerFont = new Font(currentDisplay, "Tahoma", 16, 0); // Main layout Composites and overall FillLayout Composite container = new Composite(parent, SWT.NO_RADIO_GROUP); Composite header = new Composite(container, SWT.NO_RADIO_GROUP); Composite mainContents = new Composite(container, SWT.NO_RADIO_GROUP);; Composite footer = new Composite(container, SWT.NO_RADIO_GROUP);; FillLayout containerLayout = new FillLayout(SWT.VERTICAL); container.setLayout(containerLayout); // Header Label headerLabel = new Label(header, SWT.LEFT); headerLabel.setText("Header"); headerLabel.setFont(headerFont); // Main contents Label contentsLabel = new Label(mainContents, SWT.CENTER); contentsLabel.setText("Main Content Here"); contentsLabel.setFont(mainFont); // Footer Label footerLabel = new Label(footer, SWT.CENTER); footerLabel.setText("Footer Here"); footerLabel.setFont(mainFont); return container; } public void dispose() { cleanUp(); } @Override protected void finalize() throws Throwable { cleanUp(); super.finalize(); } private void cleanUp() { if (headerFont != null) { headerFont.dispose(); } if (mainFont != null) { mainFont.dispose(); } if (white != null) { white.dispose(); } } } And this results in an empty window when I run it like this: public static void main(String[] args) { MyWindow myWindow = new MyWindow(); myWindow.setBlockOnOpen(true); myWindow.open(); Display.getCurrent().dispose(); } What am I doing wrong that I don't see three labels the way I'm trying to display them? The createContents code is definitely being called, I can step through it in Eclipse in debug mode.

    Read the article

  • TinyMCE is modifying the XHTML 1.0 Strict HTML I input. How can I stop it?

    - by Matt
    The code I want to have saved through TinyMCE is as follows: <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="550" height="90" id="homepage-banner"> <param name="movie" value="/images/header.swf" /> <param name="wmode" value="transparent" /> <!--[if !IE]>--> <object type="application/x-shockwave-flash" data="/images/header.swf" width="550" height="90"> <param name="wmode" value="transparent" /> <!--<![endif]--> <img src="/images/header.jpg" width="550" height="90" alt="" border="0" /> <!--[if !IE]>--> </object> <!--<![endif]--> </object> Sadly, what I end up with is: <object data="/images/header.swf" height="90" type="application/x-shockwave-flash" width="550"> <param name="id" value="homepage-banner" /> <param name="wmode" value="transparent" /> <param name="src" value="/images/header.swf" /> </object> The purpose of the stripped parts of the code is to provide a fallback image if flash is not available on the client. In my tinyMCE.init({ ... }); I am using verify_html: true and valid_elements is set as per this forum topic whereby all valid XHTML 1.0 Strict elements are allowed. I have checked and the above code does comply with the XHTML 1.0 Strict standard. I have tried just setting verify_html to false but it had no effect. How can TinyMCE be configured to leave my HTML alone?!

    Read the article

< Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >