get data from just created node and pass it to url - drupal-6

I need to create an action that will be triggered after saving a certain content type node, I need the script to collect the zip location data from the node submited and submit it in to a view ulr
This is the form where the data is inserted.
<fieldset class="location">
<legend>Location</legend>
<div id="edit-locations-0-postal-code-wrapper" class="form-item">
<label for="edit-locations-0-postal-code">
Postal code:
<span title="This field is required." class="form-required">*</span>
</label>
<input type="text" class="form-text required" value="" size="16"
id="edit-locations-0-postal-code" name="locations[0][postal_code]"
maxlength="16">
</div>
</fieldset>
This is the url where I want to insert the data
www.mysite.com/testview?distance[postal_code]=DATA_GOES_HERE

You have to choices:
1) Installing the modules: Token + Rules
After you've enabled the modules follow these general steps:
create a new rule
event: after saving a new content
add a condition: Node: Content has type (select the content type you wish this rule to apply to)
add an action: System: Page redirect
use the token replacements patterns to built the URL you wish to redirect (you should have access to all the node fields, including the CCK ones)
2) Implementing in your custom module hook_nodeapi()
By implementing this hook you have access to the $node object and the second parameter passed to the hook is $op which tells you what action is being performed. In your case you might be interested in:
"insert": The node has just been created (inserted in the database).
Your question is very similar to this one, so have a look: Redirect a user after the node has been saved

Related

Multiple conflicting route parameter formats in Razor Pages

I'm making simple crud forms based on the tutorials for Razor Pages MVVM - https://learn.microsoft.com/en-us/aspnet/core/tutorials/razor-pages/?view=aspnetcore-2.1
The issue is the elements on the Index page use different formats for the route parameter and I end up with URL's like /StockIndexMonths/2?StockIndexId=1
Where both /2 and StockIndexId=1 are the same parameter
The select list will use ?StockIndexId=1
The Create New link will use /1, when returning to the Index /1 is used
If I use the select list again I get both /1?StockIndexId=2
Can anyone tell me the preferred way to force the same parameter format to be used? I'm trying to keep Razor Pages doing it's 'magic'
Index.cshtml
#page "{StockIndexId?}"
#model Investments.Pages.StockIndexMonths.IndexModel
#{
ViewData["Title"] = "Index";
}
<h2>Index</h2>
<form>
<select asp-for="StockIndexId" asp-items="Model.StockIndexNameSelect" onchange="this.form.submit();"></select>
</form>
<a asp-page="Create" asp-route-StockIndexId="#Model.StockIndexId">Create New</a>
<table class="table">
...
Alter the form tag so that it uses the POST method:
<form method="post">
Currently, because the method is not specified, GET is used by default, which appends forms values to the URL as query string values. That's why you see what you are seeing.

How to prevent xss in magento

I am trying from last 5-8 hours not getting solution for xss prevent in magento,
I have already installed all latest patch in my magento.
I am using this script in catalog search input box
"><img src=x onerror=prompt(1);>
and i am getting this output :-
xss result
I have also tried with some validation like htmlEscape , strip_tags but none of working for me.
Can someone please help me ?
I Made many themes in magneto 1.9 , and tested many xss scripts but script is not triggered.
1. <script>alert('hello')</script> even
2. In url www.yourwebsite.com?query=<script>alert('hello')</script> or
3. <img src=x onerror="alert('Pop-up window XSS infected');" in search box but every string is by default escaped by Magneto itself.
This can be happen if you made your own custom search and didn't followed magento standard to pass the data to controllers and back to fronted.
You can use value="<?php echo $this->htmlEscape(input_values_here) ?>"
Example: credit
Magento Xss Prevention
<li class="wide">
<label for="street_1" class="required"><em>*</em><?php echo $this->__('Street Address') ?></label>
<div class="input-box">
<input type="text" name="street[]" value="<?php echo $this->htmlEscape($this->getAddress()->getStreet(1)) ?>" title="<?php echo $this->__('Street Address') ?>" id="street_1" class="input-text required-entry" />
</div>
</li>
JUst for knowledge :
You can learn more about xss from
XSS Tutorial
You can even check is there any message from Magento in your admin panel or any patches .
Perform these basic tests on your application:
Interact with your custom form/search box. Insert strings that contain HTML and JavaScript match characters into all application inputs, such as forms, URL parameters, hidden fields(!), or cookie values.
If your form doesn't correctly escape this string, you will see an alert and will know that something went wrong.
Wherever your custom form handles user-supplied URLs, enter javascript:alert(0) or data:text/html,alert(0).
Create a test user profile with data similar to the test strings above. Use that profile to interact with your application. This can help identify stored XSS bugs.

Node Express routes - Absolute URL vs Relative URL

I have a simple form of this type
<form name="keywords" action="www.mydomain.com:6161/articles" method="post">
<input type="text" name="keyword" />
<input type="submit" name="submit" value="Submit" />
</form>
The Express 4 routes for handling the form post, is as follows
app.post('/articles', routes.article.keyword);
The actual route file has the following
exports.keyword = function(req,res,next){
res.send(req.body.keyword);
};
Based on the above circumstances, when I post the form in the browser, I see a page “The address wasn’t understood”.
But, if I use relative URL in the form action i.e.,
It works perfect. Why so?
Because in reality, I sometimes may have to post data to a different domain or URL altogether.
I will post my comment as an answer as it helped.
In order for the action to work, you need to either specify full url, that include schema:
<form name="keywords" action="http://www.example.com/articles" method="post">
Or you can just use a relative url:
<form name="keywords" action="/articles" method="post">
a relative path is one not starting with a / (forward-slash)... generally, this will attempt to load from the current url's base dir (you can set this in html, though the browsers default to the 'dirname' of the url (e.g. 'img/something.gif' on a page at '/some/path/index.html' will fetch it from /some/path/img/something.gif').
an absolute path is one starting with a /. it will be loaded using the same schema, host and optionally, port,user, etc (full url syntax: scheme:[//[user:password#]host[:port]][/]path[?query][#fragment]... read more here: https://en.wikipedia.org/wiki/Uniform_Resource_Locator).
a full url is one starting with a schema (http/https/ftp,etc...)... however (this comes in handy): if you're going to be using the same schema (which keeps your site's security score high), you can skip it, along with the colon.
e.g.: while viewing a site from 'https://blah.net', and attempting to load a resource from google (analytics maybe), you can reference it as:
'//google.com/path/to/whatever'
this will use https if the page was loaded over https, or http if not... keeps you from having to determine the scheme that was used when rendering the page.

Passing list as multiple parameter URL in snap

Is it possible to pass list parameter from browser to a handler function in Snap?
How do I construct a multiple parameters URL from a list and send it to a handler function?
For instance, I need to delete some table rows or any other objects.
I can not do it with the usual REST route:
("/objects/:id", method DELETE deleteObject)
simply because there could be too many and deleting 100 rows one by one can get a bit tedious.
I chose the doomed objects via checkbox input, say [3,4,6,8] rows need to be deleted.
So how do I pass that list to the handler within URL and what would route look like for the action ?
UPDATE
Well, I finally did it with jquery and ajax call.
Snap's "getParams" function can process multiple parameters URL but I still cannot figure out how to actually construct the URL without jquery and ajax.
I used javascript to collect the items to be deleted and build the array of the items.
I then used ajax to construct multiple parameters URL and send it to the handler.
Few things to note with this method and Snap:
-- Snaps's "getParams" function only supports old style multiple parameters URL:
"a=1&a=2&a=3&a=4"
and not the new one:
"a[]=1&a[]=2&a[]=3&a[]=4"
which makes passing complex parameters impossible.
-- The route should be:
("/objects/", method DELETE deleteObject)
and not the:
("/objects/:ids", method DELETE deleteObject)
I did not answer my question because I don't believe it is the only way to pass multiple parameters URL with snap.
Although "getParams" can process it, my question still stays: how do I construct the URL and send it off to a handler?
For instance, Rails uses "link_to" function within view logic to construct the URL. Snap does not use any logic inside templates so how does it work then?
It just can't be that the only way to pass multiple parameters URL in snap is with the help of javascript...?
Please someone confirm this for me?
You're pretty much there. The following form...
<form action="/foo">
<ul>
<li>Row 1: <input type="checkbox" name="a" value="1"/></li>
<li>Row 2: <input type="checkbox" name="a" value="2"/></li>
<li>Row 3: <input type="checkbox" name="a" value="3"/></li>
<li>Row 4: <input type="checkbox" name="a" value="4"/></li>
<li>Row 5: <input type="checkbox" name="a" value="5"/></li>
</ul>
<input type="submit" name="submit" value="Submit"/>
</form>
...gets submitted like this.
http://localhost:8000/foo?a=2&a=3&a=5&submit=Submit
Then, inside your handler, this will get you a list of ByteStrings.
fooHandler = do
as <- getsRequest (rqParam "a")
So this doesn't require JavaScript at all. But it works with JavaScript as well. If you use jQuery to submit a list like this...
var fieldData = { rows: [0,1,4], cols: [2,3,5] };
$.getJSON('http://localhost:8000/foo', fieldData, ...);
...then you'll have to make an adjustment for the brackets
rs <- getsRequest (rqParam "rows[]")
cs <- getsRequest (rqParam "cols[]")

How does form auto-filling in the browser work?

How does form autofill work in modern web browsers? Which are the most common techniques used in browsers that implement automatic form filling?
-- EDIT --
The question is not about autocomplete, is about form autofilling, which cares not only about the previously inputted values but also considers the meaning and structure of the field to be completed. Google Chrome implementation, for example, tries to parse the inputted fields to guess their type and structure. Or at least is that what I understood from the code linked above.
Take a look over at this answer by kmote.
Highlight is that the browser looks at the field's name tag and makes an educated guess at what sort of data would go there (regex matching is a good naive way to do this). Chrome is working to get some sort of standardization so that this isn't quite as hit-or-miss.
Different technologies and browsers use various methods to both calculate what to display as well as how they display it, but some sources to check out are:
Google's high-level description
How to implement it with jQuery (note that there is a jQuery autocomplete plugin as well).
If you are looking into implementing it (or just using it) yourself, I would highly recommend taking a look at the plugin.
The first element of answer is simply the non standard HTML form's autocomplete attribute that was introduced with Internet Explorer a few years ago.
Ironically, you can read a good history an introduction on mozilla site here: The autocomplete attribute and web documents using XHTML
This question is pretty old but I have an updated answer for 2017!
In order to trigger autocomplete, all you have to do is name it right.
The following answer is from my original answer from here: https://stackoverflow.com/a/41965106/1696153
Here's a link to the official current WHATWG HTML Standard for enabling autocomplete.
Google wrote a pretty nice guide for developing web applications that are friendly for mobile devices. They have a section on how to name the inputs on forms to easily use auto-fill. Eventhough it's written for mobile, this applies for both desktop and mobile!
How to Enable AutoComplete on your HTML forms
Here are some key points on how to enable autocomplete:
Use a <label> for all your <input> fields
Add a autocomplete attribute to your <input> tags and fill it in using this guide.
Name your name and autocomplete attributes correctly for all <input> tags
Example:
<label for="frmNameA">Name</label>
<input type="text" name="name" id="frmNameA"
placeholder="Full name" required autocomplete="name">
<label for="frmEmailA">Email</label>
<input type="email" name="email" id="frmEmailA"
placeholder="name#example.com" required autocomplete="email">
<!-- note that "emailC" will not be autocompleted -->
<label for="frmEmailC">Confirm Email</label>
<input type="email" name="emailC" id="frmEmailC"
placeholder="name#example.com" required autocomplete="email">
<label for="frmPhoneNumA">Phone</label>
<input type="tel" name="phone" id="frmPhoneNumA"
placeholder="+1-555-555-1212" required autocomplete="tel">
How to name your <input> tags
In order to trigger autocomplete, make sure you correctly name the name and autocomplete attributes in your <input> tags. This will automatically allow for autocomplete on forms. Make sure also to have a <label>! This information can also be found here.
Here's how to name your inputs:
Name
Use any of these for name: name fname mname lname
Use any of these for autocomplete:
name (for full name)
given-name (for first name)
additional-name (for middle name)
family-name (for last name)
Example: <input type="text" name="fname" autocomplete="given-name">
Email
Use any of these for name: email
Use any of these for autocomplete: email
Example: <input type="text" name="email" autocomplete="email">
Address
Use any of these for name: address city region province state zip zip2 postal country
Use any of these for autocomplete:
For one address input:
street-address
For two address inputs:
address-line1
address-line2
address-level1 (state or province)
address-level2 (city)
postal-code (zip code)
country
Phone
Use any of these for name: phone mobile country-code area-code exchange suffix ext
Use any of these for autocomplete: tel
Credit Card
Use any of these for name: ccname cardnumber cvc ccmonth ccyear exp-date card-type
Use any of these for autocomplete:
cc-name
cc-number
cc-csc
cc-exp-month
cc-exp-year
cc-exp
cc-type
Usernames
Use any of these for name: username
Use any of these for autocomplete: username
Passwords
Use any of these for name: password
Use any of these for autocomplete:
current-password (for sign-in forms)
new-password (for sign-up and password-change forms)
Resources
Current WHATWG HTML Standard for autocomplete.
"Create Amazing Forms" from Google. Seems to be updated almost daily. Excellent read.
"Help Users Checkout Faster with Autofill" from Google in 2015.

Resources