Jump to content

phdphd

Members
  • Posts

    248
  • Joined

  • Last visited

Everything posted by phdphd

  1. Hi All, In one HTML page, I have 2 onclick events like this : onclick="clear_input('button1', 'hello1','world1');" onclick="clear_input('button2','hello2','world2');" In a JS file I have this : function clear_input(a, b, c) { var text = document.getElementById(b); var button = document.getElementById(a); … } It all works. Now I want to get rid of the inline JS and implement in the JS file an addEventListener that could process any one of the 2 onclick events. How do I pass the right series of arguments ? Thanks!
  2. Shame on me, I should have paid attention to the dots' meaning.
  3. Hi All, I would like to implement a content security policy in my htaccess file. My website uses maps, and one of the URLs I want to allow has variables. https://{s}.basemaps.cartocdn.com/light_all/{z}/{x}/{y}{r}.png I use this URL in a js file ("var tiles = L.tileLayer('https://{s}.basemaps.cartocdn.com/light_all/{z}/{x}/{y}{r}.png', ....") What syntax should I use to express this URL in a Content-Security-Policy statement ? Can I use it as is or do I need some wildcards for the variables? I know there exists the "*" wildcard, but I think that if I used it to match the beginning "{s}", any malicious URL starting with a sequence of characters followed by ".basemaps.cartocdn.com" might match. Would such a risk exists? Thanks!
  4. Hi All, Thank you for your answers. When the invoice is sent by mail to the user, it is also BCC'd to the webmaster. By doing this I have a copy of the invoice as it was sent, at the time it was sent. However, storing it on the server may be useful if for any reason, sending the mail fails. In this case, I just need to grab the invoice from the server and email it manually. Another advantage of storing it on the server is if I need to print a copy of the invoice. I would not need to search for it in the email system.
  5. Hi All, Is there a security risk with PDF files in the following registration process ? 1. A user fills in a form with values that are then regex-checked and stored into session variables. 2. The user details are sent to a table using a parameterized query. 3. The user goes through a payment process. 4. When the user has successfully paid, an invoice as a PDF file is stored on the server and also sent by mail to the user as an attachement. This PDF file is built up with some of the session variables’ values previously entered by the user. Is there any risk that those values cause issues server side (when the file is stored) or user side (when the user opens the email or the attached PDF file) ? Does any sanitizing need to be done for values to be included into a PDF file? Thank you! Regards, PhD
  6. Thanks a lot kicken for your clear and detailed answer!
  7. Hi All, I have the following autocomplete function : when the user enters at least one character, some js code triggers a query that retrieves all matching values from a database and displays them in a scrolling box. The js code that builds the list of items looks like this : list.append('<div onclick=" myfunction('+records[i].id+')">'+records[i].label+''); where id and label represent the 2 fields of the result set. When the user clicks an item, it triggers a js function that submits the form. That function simply starts like this function myfunction(a) { where a is the id of the selected item. All that works very well. Now I want to put the label in the input so that the choice of the user appears in there just before the form is submitted. So I made the two following changes : list.append('<div onclick=" myfunction('+records[i].id+','+records[i].label+')">'+records[i].label+''); and function myfunction(a,b) { document.getElementById('id_of_the_input').value=b; It does not work. The debugger says «Uncaught ReferenceError: XXXX is not defined » where XXXX is the string of the label. But if instead I use list.append('<div onclick=" myfunction('+records[i].id+','+records[i].id+')">'+records[i].label+''); Then the Id will appear in the input. I do not understand why the Id is taken into account, but not the label, since they are both processed at the same time when building the list of items. Thanks !
  8. Hi All, I am presently using a Debian VPS to which, if I need, I can add another disk. In my website, users can upload images, that are then stored in the primary disk into a child directory of a directory called httpdocs. Instead of the primary disk, would it be possible to have them stored in a secondary disk ? I am asking this because I am not sure that a user connected to my website is allowed to run a PHP script intended to write a file in a directory that actually does not belong to the httpdocs directory. Thanks
  9. The maximum number of subarrays is 12, and each may contain up to 20 values.
  10. Hi All, Suppose I have the following array, with a series of subarrays. Is there a quicker/better way than the one below to delete the subarrays whose ALL values are contained in another subarray ? Thanks! $global_array = array( $sub_array1 = array ( 0 => 8661, 1 => 8662 ), $sub_array2 = array ( 0 => 8662 ), $sub_array3 = array ( 0 => 8667, 1 => 8770 ), $sub_array4 = array ( 0 => 8672, 1 => 8770, 2 => 8772, ), $sub_array5 = array ( 0 => 8706, 1 => 8707, 2 => 8805, ), $sub_array6 = array ( 0 => 8707, 1 => 8805 ), $sub_array7 = array ( 0 => 8714, 1 => 8811, 2 => 8816, ), $sub_array8 = array ( 0 => 8718, 1 => 8720, 2 => 8816, ), $sub_array9 = array ( 0 => 8720 ), $sub_array10 = array ( 0 => 8724, 1 => 8726, 2 => 8727, ), $sub_array11 = array ( 0 => 8726, 1 => 8727 ), $sub_array12 = array ( 0 => 8727 ) ); print_r($global_array); $tobedeleted=array(); foreach ($global_array as $k=>$v ){ foreach ($global_array as $k2=>$v2){ if(($k<>$k2) &&(count($global_array[$k])<=count($global_array[$k2]))) { $count=count(array_diff($global_array[$k], $global_array[$k2])); if($count==0 && !in_array($k,$tobedeleted)) { $tobedeleted[]=$k; } } } } print_r($tobedeleted); foreach ($tobedeleted as $k=>$v ) { unset ($global_array[$v]); } print_r($global_array);
  11. Hi All, I want to insert a Google static map. I noticed that there may be some loss of information (e.g., loss of the name of narrow streets) when using lower value for the size attribute of the map. For example, http://maps.googleapis.com/maps/api/staticmap?&size=600x600 may show more details than http://maps.googleapis.com/maps/api/staticmap?&size=150x150. On the other hand I want the static map to display on smartphones, adjusted to their width. With some JS I could get the width of the smartphone and inject it in the size attribute, but that could lead to some loss of details. So here is my question : is it possible to load the map, say, at 600x600, then shrink it to the width of the smartphone (in the same way as shrinking a jpg image where details are not lost, but just rescaled) ? Thanks !
  12. Thanks. mysqldump -uroot -p --databases db_name --routines --events --result-file=file_name.sql did the trick.
  13. Hi All, I am in the process of moving my database from a local Windows system to a Debian VPS server. So far to back up my database I have been using this syntax : mysqldump -uroot -p --databases database_name --routines --events> filename.sql In this page http://www.it-iss.com/mysql/mysql-copying-a-database-users-and-privileges-between-two-servers/ the author recommends to use also the --result-file to prevent line end issues when moving from a Windows system to a Linux system. Would the right syntax be as follows then ? mysqldump -uroot -p --databases database_name --result-file= filename.sql --routines --events Thanks!
  14. And the winner is .... mac_gyver (output buffering is turned on in the php.ini file). Thanks !
  15. Thanks to all of you for answering. Here is a simplified -yet operational- code, to illustrate the case where the warning is NOT fired. Instead the redirect works normally. <!DOCTYPE html> <html> <head> <meta charset="utf-8" /> </head> <body> <div> <?php if (!isset($hello))//actually, $hello does not exist so far { header('Location: another_file.php'); exit(); } ?> Shouldn't the warning be fired ?
  16. Hi All, I am reorganizing my code in order to avoid output before any header function. In one of my files, there are two header('Location: anotherfile.php') lines, for when a given condition is not met. Shame on me, in both cases, the lines occur after the html has begun. In one case, If I force the condition not to be met, the header('Location: anotherfile.php') line is executed without the warning being fired. Thanks for shedding some light on this ! I thought that even raw html could make the warning fire. (In the other case, it is fired as expected.)
  17. Is it safe/necessary to run a "mysql real escape" against the result of the above bcrypt_hash($password, $cost) function before storing it in a database ? I would say yes, based on the first answer to this question.
  18. Thank you, Jacques! Very much appreciated (as usual ).
  19. Thanks Jacques. What would be the right password_verify() syntax ? I applied your function to "hello" as password, and obtained string(60) "$2y$12$4HJ4ttxHjrmhnNamYZPftehUIlZ.IkQndxDca50kid.lmSXLjhTqy". Then I ran : $hash = '$2y$12$4HJ4ttxHjrmhnNamYZPftehUIlZ.IkQndxDca50kid.lmSXLjhTqy'; if (password_verify('hello', $hash)) { echo 'Password is valid!'; } else { echo 'Invalid password.'; } And got "Invalid password."
  20. Not so much related with the above subject/comments, but might be interesting to know; I have been playing with an online php editor (http://sandbox.onlinephpfunctions.com/). $string='hel$lo'; echo 'string is '.$string."\n";//displays "string is hel$lo" echo password_hash($string, PASSWORD_DEFAULT)."\n"; is ok, while $string="hel$lo"; echo 'string is '.$string."\n";//displays "string is hel" echo password_hash($string, PASSWORD_DEFAULT)."\n"; would still generate a hash, but also an "Undefined variable: lo" warning, apparently due to double quotes. Actually only "hel" is taken into account.
  21. Hi All, I guess that people who developed password_hash did it with salt uniqueness in mind. However is it possible that two users defining the same password get the same "hash-salted" version of it ? If so, how to prevent this situation? Thanks.
  22. Hi All, I am very new to Opcache. Suppose I have a form in File_A.php with an input field where users enter their name. When they validate the form, their name is saved in a variable, and File_B.php is called and displays "Your name is [variable_value]". Let's say Peter fills the form, then Mary does. To which extend does Opcache come into play in this scenario ? Is there a risk that Mary gets "Your name is Peter"? Thanks.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.