How use CSRF with multi part form Not work - node.js

Im try build a form to upload images, but when use csrf this donw work for me and, I was reading that need this code in you form enctype tag:
<form method="post" action="/?_csrf=<%=csrfToken%>">
this work for me but if want save one image only, but if want Edit or Delete, don't work, because use override method ?_method=PUT and return a URl with me CSRF
http://localhost:3030/stories/5bafe7a5abe3a7110c5f386b?_csrf=wkhEeV2x-06M_KPnZRoSTPJ3mUZSnuZ6dl7s
Cannot POST
<form class="col s12" action="/stories/{{storieEdit.id}}?_csrf={{csrfToken}}" enctype="multipart/form-data" method="POST">
<input type="hidden" name="_method" value="PUT">
<div class="row">
<div class="file-field input-field col s12">
<div class="btn">
<span>File</span>
<input type="file" name="fileUpload" onchange="previewFile()">
</div>
<div class="file-path-wrapper">
<input class="file-path validate" type="text">
<img src="/uploads/{{storieEdit.image}}" alt="Image" style="width: 25rem;">
</div>
</div>
</div>
</form>
any suggestions
Thanksfor read me

For multiple images you need to add to your form enctype atribute like this: enctype="multipart/form-data"
For method override you need to add method type as well as csrfToken to action query string:
action="/stories/{{storieEdit.id}}?_method=PUT&_csrf={{csrfToken}}"
I have similar code and works fine.
Bellow you can find the required changes directly in your code.
<form class="col s12" enctype="multipart/form-data" action="/stories/{{storieEdit.id}}?_method=PUT&_csrf={{csrfToken}}" enctype="multipart/form-data" method="POST">
<input type="hidden" name="_method" value="PUT">
<div class="row">
<div class="file-field input-field col s12">
<div class="btn">
<span>File</span>
<input type="file" name="fileUpload" onchange="previewFile()">
</div>
<div class="file-path-wrapper">
<input class="file-path validate" type="text">
<img src="/uploads/{{storieEdit.image}}" alt="Image" style="width: 25rem;">
</div>
</div>
</div>
</form>

Related

NodeJs project how to make user input in a form unsanitized?

I have a form in a NodeJs project where I am using:
app.use(bodyParser.urlencoded({extended: true}));
I want to make it where if a user enters <h1>hello</h1> into the form that it will show up as "hello" formatted as an h1 instead of <h1>hello</h1>
<form action="/blogs" method="POST">
<div class="form-group">
<input class="form-control" type="text" name="name" placeholder="name">
</div>
<div class="form-group">
<input class="form-control" type="text" name="image" placeholder="image url">
</div>
<div class="form-group">
<input class="form-control" type="text" name="description" placeholder="description">
</div>
<div class="form-group">
<button class="btn btn-lg btn-primary btn-block">
Submit
</button>
</div>
</form>
I found a solution to my problem.
In Node.js if you want to display information as HTML, in the index.ejs file
you need to do a
<%- blog.description %>
, where that dash is the key.
Before i had
<%= blog.description %>.

Redirected after submit form Formit Modx

I got redirected after I submit the form, and I want to remain on the same page. I am not sure why I got redirected, I am not using &redirectTo for this.
I try some things but nothing worked till now.
[[!FormIt?
&hooks=`spam,email,FormItSaveForm,successMess`
&formName= `Contact Form`
&emailTpl=`emailChunkTpl`
&emailTo=`email#gmail.com`
]]
<form action="[[~[[*id]]]]" method="post" class="contactForm">
<input type="hidden" name="nospam:blank" value="" />
<div class="row input-section-child">
<div class="col input-contact">
<input value="[[!+fi.input-name]]"class="input-name" name="input-name" id="input-name" type="text" placeholder="your name" />
<span class="error-message error" > [[!+fi.error.input-name]] </span>
<input value="[[!+fi.input-email]]" class="input-email" name="input-email" id="input-email" type="text" placeholder="email address" />
<span class="error-message error" >[[!+fi.error.input-email]] </span>
</div>
<div class="col input-contact-text">
<input value="[[!+fi.input-textare]]"class="input-textare" name="input-textare" id="input-textare" type="textare" placeholder="message" />
</div>
</div>
<div class="row second-row">
<div class="col">
<button type="submit" class="send-button">SEND</button>
</div>
[[+placeholder]]
</div>
</div>
</from>
As in my answer on your other post, you should remove all the hooks and try one at a time (after you've cleaned up the markup for this form).
And what is successMess? Is that a custom snippet you've made? It's not a Formit hook that I have heard of. If it's your custom snippet you should paste the code into your question so we can see it.

Error Laravel 5.6, Symfony \ Component \ HttpKernel \ Exception \ MethodNotAllowedHttpException"

I have adjust controller name with route and send form that post method but it didnt work, i send it from modal
I have add {{ method_field('patch') }} but it still didnt work
This is from view :
<form action="{{route('edit kode', 'test')}}" method="post">
{{ method_field('patch') }}
{{ csrf_field() }}
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<i class="material-icons">clear</i>
</button>
<h5 class="modal-title">Edit Data</h5>
</div>
<div class="modal-body">
<div class="row">
<div class="col-sm-12">
<div class="form-group">
<label class="bmd-label-floating">Kode</label>
<input type="hidden" class="form-control" id="modalidkode">
<input type="text" class="form-control" id="modalkode" readonly>
</div>
</div>
<div class="col-sm-12">
<div class="form-group">
<label class="bmd-label-floating">Nama Kode</label>
<input type="text" class="form-control" id="modalnamakode" required>
</div>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-danger" data-dismiss="modal"
style="margin-right: 10px">Batal
</button>
<button type="submit" class="btn btn-info">Simpan Perubahan</button>
</div>
Controller
public function editCode(Request $request){
dd($request->all());
$edCode="05.01";
return redirect()->back()->withSuccess($edCode. " changed");
}
Route
Route::post('/pengaturan/edit', 'AllCodeController#editCode')->name('edit kode');
You're expecting the request to be a POST request in your routes, but your form is submitting a PATCH request (because of the method_field('patch') at the top of your form). Either remove the method_field() call, or change Route::post(...) to Route::patch(...).
You can read more about form method spoofing in the Laravel documentation:
HTML forms do not support PUT, PATCH or DELETE actions. So, when defining PUT, PATCH or DELETE routes that are called from an HTML form, you will need to add a hidden _method field to the form. The value sent with the _method field will be used as the HTTP request method:
<form action="/foo/bar" method="POST">
<input type="hidden" name="_method" value="PUT">
<input type="hidden" name="_token" value="{{ csrf_token() }}">
</form>

Searching option and value in the URL LARAVEL 5.2

Hello I need to put searching option and value in the URL. I know it's very basic but I have never implement the search function before ever always used the templates one but this time I need to use it. below is my code please help me.
Right now I am getting this in the link
list/%7Boption%7D/%7Bvalue%7D
but I want this in the link list/Hello/thisishelloworld or this may be list/option?Hello/value?thisishelloworld but I think I can get the second option using Get instead of Post method
AND YA ITS IN LARAVEL 5.2
<center>
<div class="form-group">
<label>Select your option from below</label>
<select class="form-control" id="options" name="options" style="width:100%" type="checkbox">
<option>Hello</option>
<option>World</option>
<option>it's Me</option>
</select>
</div>
<div class="col-md-4" id="value">
<div class="panel panel-warning">
<div class="panel-heading">
Enter your Search below
</div>
<form role="form" action="/list/{option}/{value}" method="post">
{{ csrf_field() }}
<div class="form-group has-success">
<input class="form-control" placeholder="Search" type="text" name="{{ value }}" id="value">
<input type="submit" class="btn btn-primary" name="submit" value="Search">
</div>
</form>
</div>
</div>
</center>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script>
function hide() {
$("#value").hide();
$("#h").hide();
$("#search").hide();
}
function show() {
$("#value").show();
$("#h").show();
$("#search").show();
}
function initHandlers() {
$("#options").change(function() {
show();
});
}
hide();
initHandlers();
</script>
Laravel 5. 2
Step 1:
First you have to create a route.
Routes.php :
Route::get('/list', function(){
// do process
})->name('search');
HTML :
something.blade.php :
{!! Form::open('search', ['route' => 'search', 'method' => 'GET']) !!}
<div class="form-group has-success">
<input class="form-control" placeholder="Search" type="text" name="search" id="value">
<input type="submit" class="btn btn-primary" name="submit" value="Search">
</div>
</form>

Modx formit working in one site - not working in another

I have a form and formit call that works in one site and not another, which is a direct copy of the first [migrating to a new design] The sites are identical right now, files & database were just copied. All the plugins were checked and even reinstalled.
What I have is:
<!-- contact page -->
[[!FormIt?
&placeholderPrefix=`contact.`
&hooks=`spam,email,redirect,FormItAutoResponder`
&emailTo=`[[GetSystemSetting? &setting=`emailContactMailTo`]]`
&emailSubject=`domain.com Contact form has been submitted. [[+contact.subject]]`
&emailTpl=`ContactCustomEmailTpl`
&redirectTo=`346`
&emailReplyTo=`no-reply#domain.com`
&submitVar=`contactSubmit`
&validate=`name:required,email:email:required,subject:required,text:required:stripTags`
&fiarSubject=`Your contact request to domain.com`
&fiarTpl=`ContactCustomEmailTpl`
&fiarReplyTo=`no-reply#domain.com`
]]
<form class="form" action="[[~[[*id]]]]" method="post" role="form">
<input type="hidden" name="nospam:blank" value="" />
<div class="row">
[[!+contact.error_message:notempty=`<div class="col-sm-12"><div class="alert alert-danger">[[!+contact.error_message]]</div></div>`]]
<div class="col-sm-4[[+contact.error.name:notempty=` has-error`]]">
<div class="form-group">
<label for="name"> Name: *</label>
<input id="name" type="text" name="name" value="[[!+contact.name]]" class="form-control" />
</div>
</div>
<div class="col-sm-4[[+contact.error.email:notempty=` has-error`]]">
<div class="form-group">
<label for="email"> Email: *</label>
<input id="email" type="text" name="email" value="[[!+contact.email]]" class="form-control" />
</div>
</div>
<div class="col-sm-4[[+contact.error.subject:notempty=` has-error`]]">
<div class="form-group">
<label for="subject"> Subject: *</label>
<input id="subject" type="text" name="subject" value="[[!+contact.subject]]" class="form-control" />
</div>
</div>
</div>
<div class="row">
<div class="col-sm-12[[+contact.error.text:notempty=` has-error`]]">
<div class="form-group">
<label for="text"> Message: *</label>
<textarea id="text" name="text" rows="7" class="form-control">[[!+contact.text]]</textarea>
</div>
</div>
<div class="col-sm-6 col-sm-offset-3">
<div class="form-group">
<label> </label>
<input class="btn btn-primary btn-block" type="submit" name="contactSubmit" value="Send Contact Inquiry" onClick="_gaq.push(['_trackEvent', 'ContactPage', 'Contact Submitted']);" />
</div>
</div>
</div>
</form>
</div>
The form will work if I remove the 'FormItAutoResponder' from the &hooks AND all items from the &validate parameters.
What is wrong with this form?
no usefull errors in modx or server logs
reinstalled formit
isolated it in a test page with no other markup
the emailTpl is present and mail gets sent if the 2 parameters are removed from the formit call
Perhaps the GetSystemSetting snippet is missing? Why not just use [[++emailContactMailTo]] instead?
Are the MODX and FormIt versions the same on both sites?
Try calling this debug snippet somewhere below the FormIt call. Look for unshown errors (starting with contact.error.) or any other unexpected placeholders.

Resources