phdphd
Members-
Posts
248 -
Joined
-
Last visited
Profile Information
-
Gender
Not Telling
phdphd's Achievements
-
Hi All, In one HTML page, I have 2 onclick events like this : onclick="clear_input('button1', 'hello1','world1');" onclick="clear_input('button2','hello2','world2');" In a JS file I have this : function clear_input(a, b, c) { var text = document.getElementById(b); var button = document.getElementById(a); … } It all works. Now I want to get rid of the inline JS and implement in the JS file an addEventListener that could process any one of the 2 onclick events. How do I pass the right series of arguments ? Thanks!
-
Using url names with variables in a Content-Security-Policy statement
phdphd replied to phdphd's topic in Apache HTTP Server
Shame on me, I should have paid attention to the dots' meaning. -
Hi All, I would like to implement a content security policy in my htaccess file. My website uses maps, and one of the URLs I want to allow has variables. https://{s}.basemaps.cartocdn.com/light_all/{z}/{x}/{y}{r}.png I use this URL in a js file ("var tiles = L.tileLayer('https://{s}.basemaps.cartocdn.com/light_all/{z}/{x}/{y}{r}.png', ....") What syntax should I use to express this URL in a Content-Security-Policy statement ? Can I use it as is or do I need some wildcards for the variables? I know there exists the "*" wildcard, but I think that if I used it to match the beginning "{s}", any malicious URL starting with a sequence of characters followed by ".basemaps.cartocdn.com" might match. Would such a risk exists? Thanks!
-
Hi All, Thank you for your answers. When the invoice is sent by mail to the user, it is also BCC'd to the webmaster. By doing this I have a copy of the invoice as it was sent, at the time it was sent. However, storing it on the server may be useful if for any reason, sending the mail fails. In this case, I just need to grab the invoice from the server and email it manually. Another advantage of storing it on the server is if I need to print a copy of the invoice. I would not need to search for it in the email system.
-
Hi All, Is there a security risk with PDF files in the following registration process ? 1. A user fills in a form with values that are then regex-checked and stored into session variables. 2. The user details are sent to a table using a parameterized query. 3. The user goes through a payment process. 4. When the user has successfully paid, an invoice as a PDF file is stored on the server and also sent by mail to the user as an attachement. This PDF file is built up with some of the session variables’ values previously entered by the user. Is there any risk that those values cause issues server side (when the file is stored) or user side (when the user opens the email or the attached PDF file) ? Does any sanitizing need to be done for values to be included into a PDF file? Thank you! Regards, PhD
-
Autocomplete : Cannot Insert The User's Choice In Input
phdphd replied to phdphd's topic in Javascript Help
Thanks a lot kicken for your clear and detailed answer! -
Hi All, I have the following autocomplete function : when the user enters at least one character, some js code triggers a query that retrieves all matching values from a database and displays them in a scrolling box. The js code that builds the list of items looks like this : list.append('<div onclick=" myfunction('+records[i].id+')">'+records[i].label+''); where id and label represent the 2 fields of the result set. When the user clicks an item, it triggers a js function that submits the form. That function simply starts like this function myfunction(a) { where a is the id of the selected item. All that works very well. Now I want to put the label in the input so that the choice of the user appears in there just before the form is submitted. So I made the two following changes : list.append('<div onclick=" myfunction('+records[i].id+','+records[i].label+')">'+records[i].label+''); and function myfunction(a,b) { document.getElementById('id_of_the_input').value=b; It does not work. The debugger says «Uncaught ReferenceError: XXXX is not defined » where XXXX is the string of the label. But if instead I use list.append('<div onclick=" myfunction('+records[i].id+','+records[i].id+')">'+records[i].label+''); Then the Id will appear in the input. I do not understand why the Id is taken into account, but not the label, since they are both processed at the same time when building the list of items. Thanks !
-
Hi All, I am presently using a Debian VPS to which, if I need, I can add another disk. In my website, users can upload images, that are then stored in the primary disk into a child directory of a directory called httpdocs. Instead of the primary disk, would it be possible to have them stored in a secondary disk ? I am asking this because I am not sure that a user connected to my website is allowed to run a PHP script intended to write a file in a directory that actually does not belong to the httpdocs directory. Thanks
-
Hi All, Suppose I have the following array, with a series of subarrays. Is there a quicker/better way than the one below to delete the subarrays whose ALL values are contained in another subarray ? Thanks! $global_array = array( $sub_array1 = array ( 0 => 8661, 1 => 8662 ), $sub_array2 = array ( 0 => 8662 ), $sub_array3 = array ( 0 => 8667, 1 => 8770 ), $sub_array4 = array ( 0 => 8672, 1 => 8770, 2 => 8772, ), $sub_array5 = array ( 0 => 8706, 1 => 8707, 2 => 8805, ), $sub_array6 = array ( 0 => 8707, 1 => 8805 ), $sub_array7 = array ( 0 => 8714, 1 => 8811, 2 => 8816, ), $sub_array8 = array ( 0 => 8718, 1 => 8720, 2 => 8816, ), $sub_array9 = array ( 0 => 8720 ), $sub_array10 = array ( 0 => 8724, 1 => 8726, 2 => 8727, ), $sub_array11 = array ( 0 => 8726, 1 => 8727 ), $sub_array12 = array ( 0 => 8727 ) ); print_r($global_array); $tobedeleted=array(); foreach ($global_array as $k=>$v ){ foreach ($global_array as $k2=>$v2){ if(($k<>$k2) &&(count($global_array[$k])<=count($global_array[$k2]))) { $count=count(array_diff($global_array[$k], $global_array[$k2])); if($count==0 && !in_array($k,$tobedeleted)) { $tobedeleted[]=$k; } } } } print_r($tobedeleted); foreach ($tobedeleted as $k=>$v ) { unset ($global_array[$v]); } print_r($global_array);
-
Hi All, I want to insert a Google static map. I noticed that there may be some loss of information (e.g., loss of the name of narrow streets) when using lower value for the size attribute of the map. For example, http://maps.googleapis.com/maps/api/staticmap?&size=600x600 may show more details than http://maps.googleapis.com/maps/api/staticmap?&size=150x150. On the other hand I want the static map to display on smartphones, adjusted to their width. With some JS I could get the width of the smartphone and inject it in the size attribute, but that could lead to some loss of details. So here is my question : is it possible to load the map, say, at 600x600, then shrink it to the width of the smartphone (in the same way as shrinking a jpg image where details are not lost, but just rescaled) ? Thanks !
-
Thanks. mysqldump -uroot -p --databases db_name --routines --events --result-file=file_name.sql did the trick.
-
Hi All, I am in the process of moving my database from a local Windows system to a Debian VPS server. So far to back up my database I have been using this syntax : mysqldump -uroot -p --databases database_name --routines --events> filename.sql In this page http://www.it-iss.com/mysql/mysql-copying-a-database-users-and-privileges-between-two-servers/ the author recommends to use also the --result-file to prevent line end issues when moving from a Windows system to a Linux system. Would the right syntax be as follows then ? mysqldump -uroot -p --databases database_name --result-file= filename.sql --routines --events Thanks!
-
Why Warning "Cannot modify header information" Is NOT Fired ?
phdphd replied to phdphd's topic in PHP Coding Help
And the winner is .... mac_gyver (output buffering is turned on in the php.ini file). Thanks ! -
Why Warning "Cannot modify header information" Is NOT Fired ?
phdphd replied to phdphd's topic in PHP Coding Help
Thanks to all of you for answering. Here is a simplified -yet operational- code, to illustrate the case where the warning is NOT fired. Instead the redirect works normally. <!DOCTYPE html> <html> <head> <meta charset="utf-8" /> </head> <body> <div> <?php if (!isset($hello))//actually, $hello does not exist so far { header('Location: another_file.php'); exit(); } ?> Shouldn't the warning be fired ?