Spotify app broken after update? - spotify

In regards to the following post
https://stackoverflow.com/a/10421944/1373154
will this be required with every application call? for example:
old script:
window.location = 'spotify:app:application:navTop';
new script:
window.location = 'spotify:app:application:bundleversion:navTop';
Curious if anyone knows how the change will effect scripting such as the example above

You misread the post — you only need to replace the folder name with the Bundle Identifier in the URL:
window.location = 'spotify:app:application-identifier:navTop';
However, a version needs to be present in the manifest file for the application to be loaded. It doesn't need to be specified in the URL.

Related

I'm looking for an example of writing to a file from a Chrome Extension [duplicate]

I'm currently creating an extension for google chrome which can save all images or links to images on the harddrive.
The problem is I don't know how to save file on disk with JS or with Google Chrome Extension API.
Have you got an idea ?
You can use HTML5 FileSystem features to write to disk using the Download API. That is the only way to download files to disk and it is limited.
You could take a look at NPAPI plugin. Another way to do what you need is simply send a request to an external website via XHR POST and then another GET request to retrieve the file back which will appear as a save file dialog.
For example, for my browser extension My Hangouts I created a utility to download a photo from HTML5 Canvas directly to disk. You can take a look at the code here capture_gallery_downloader.js the code that does that is:
var url = window.webkitURL || window.URL || window.mozURL || window.msURL;
var a = document.createElement('a');
a.download = 'MyHangouts-MomentCapture.jpg';
a.href = url.createObjectURL(dataURIToBlob(data.active, 'jpg'));
a.textContent = 'Click here to download!';
a.dataset.downloadurl = ['jpg', a.download, a.href].join(':');
If you would like the implementation of converting a URI to a Blob in HTML5 here is how I did it:
/**
* Converts the Data Image URI to a Blob.
*
* #param {string} dataURI base64 data image URI.
* #param {string} mimetype the image mimetype.
*/
var dataURIToBlob = function(dataURI, mimetype) {
var BASE64_MARKER = ';base64,';
var base64Index = dataURI.indexOf(BASE64_MARKER) + BASE64_MARKER.length;
var base64 = dataURI.substring(base64Index);
var raw = window.atob(base64);
var rawLength = raw.length;
var uInt8Array = new Uint8Array(rawLength);
for (var i = 0; i < rawLength; ++i) {
uInt8Array[i] = raw.charCodeAt(i);
}
var bb = new this.BlobBuilder();
bb.append(uInt8Array.buffer);
return bb.getBlob(mimetype);
};
Then after the user clicks on the download button, it will use the "download" HTML5 File API to download the blob URI into a file.
I had long been wishing to make a chrome extension for myself to batch download images. Yet every time I got frustrated because the only seemingly applicable option is NPAPI, which both chrome and firefox seem to have not desire in supporting any longer.
I suggest those who still wanted to implement 'save-file-on-disk' functionality to have a look at this Stackoverflow post, the comment below this post help me a lot.
Now since chrome 31+, the chrome.downloads API became stable. We can use it to programmatically download file. If the user didn't set the ask me before every download advance option in chrome setting, we can save file without prompting user to confirm!
Here is what I use (at extension's background page):
// remember to add "permissions": ["downloads"] to manifest.json
// this snippet is inside a onMessage() listener function
var imgurl = "https://www.google.com.hk/images/srpr/logo11w.png";
chrome.downloads.download({url:imgurl},function(downloadId){
console.log("download begin, the downId is:" + downloadId);
});
Though it's a pity that chrome still doesn't provide an Event when the download completes.chrome.downloads.download's callback function is called when the download begin successfully (not on completed)
The Official documentation about chrome.downloadsis here.
It's not my original idea about the solution, but I posted here hoping that it may be of some use to someone.
There's no way that I know of to silently save files to the user's drive, which is what it seems like you're hoping to do. I think you can ASK for files to be saved one at a time (prompting the user each time) using something like:
function saveAsMe (filename)
{
document.execCommand('SaveAs',null,filename)
}
If you wanted to only prompt the user once, you could grab all the images silently, zip them up in a bundle, then have the user download that. This might mean doing XmlHttpRequest on all the files, zipping them in Javascript, UPLOADING them to a staging area, and then asking the user if they would like to download the zip file. Sounds absurd, I know.
There are local storage options in the browser, but they are only for the developer's use, within the sandbox, as far as I know. (e.g. Gmail offline caching.) See recent announcements from Google like this one.
Google Webstore
Github
I made an extension that does something like this, if anyone here is still interested.
It uses an XMLHTTPRequest to grab the object, which in this case is presumed to be an image, then makes an ObjectURL to it, a link to that ObjectUrl, and clicks on the imaginary link.
Consider using the HTML5 FileSystem features that make writing to files possible using Javascript.
Looks like reading and writing files from browsers has become possible. Some newer Chromium based browsers can use the "Native File System API". This 2020 blog post shows code examples of reading from and writing to the local file system with JavaScript.
https://blog.merzlabs.com/posts/native-file-system/
This link shows which browsers support the Native File System API.
https://caniuse.com/native-filesystem-api
Since Javascript hitch-hikes to your computer with webpages from just about anywhere, it would be dangerous to give it the ability to write to your disk.
It's not allowed. Are you thinking that the Chrome extension will require user interaction? Otherwise it might fall into the same category.

Chrome extension chrome favicon permission [duplicate]

I have recently migrated my chrome extension to manifest v3 using this guide:
https://developer.chrome.com/docs/extensions/mv3/intro/mv3-migration/
The v3 manifest.json file no longer supports using chrome://favicon/. Looking through the documentation I could not find an alternative. There were some articles I found that said it might be moved to a new favicon permission and be available under the google.favicon namespace. However they were all older and speculative, I tried these speculations to no avail.
The new API was just released as part of Chrome 104!
To use it, first add the favicon permission to your manifest.json:
{
...
"permissions": ["favicon"],
...
}
Then you can load the favicon using your chrome extension's id, for example:
const faviconSrc = `chrome-extension://${chrome.runtime.id}/_favicon/?pageUrl=${encodeURIComponent(url)}&size=32`;
it seems like they forget to build this api, you can star this issue on the page or leave a comment to tell them.
Issue 104102: Create a new API permission for access to favicons was fixed on June 13, 2022.
chrome://favicon Replacement for Extensions document mentions the API:
var faviconUrl = new URL('chrome-extension://<id>/_favicon');
faviconUrl.searchParams.append('page_url', 'http://example.com');
let image = document.createElement('img');
image.src = faviconUrl.href;
// src is 'chrome-extension://<id>/?page_url=http%3A%2F%2Fexample.com%2F'
Note that there's a mistake on the last line. It should be:
// src is 'chrome-extension://<id>/_favicon?page_url=http%3A%2F%2Fexample.com%2F'
Unfortunately, I still hasn't been able to get this API working on Chrome Canary 105.0.5174.0, which should include the changes from the resolved bug already. I'm getting Failed to load resource: net::ERR_FAILED errors.

instagram feed on website

I'm trying to display an Instagram feed on my website. I am not familiar with server side scripts. The explanations I have read go over my head.
I have managed to get an access key through Instagram but I don't know how to proceed.
I also tried the instructions from a video "How to implement an Instagram Feed in PHP without using the Instagram API"
For that, my php file works, displays the feed but I don't understand how to make it appear on my html page.
I'd be happy to make either method work.
In your HTML you should include a JavaScript 'script' element where you do something called an AJAX Request. The request will access the PHP file that produces the Instagram feed. ECHO the result from the PHP file and it will be returned into the DATA variable in the AJAX request. The request looks roughly like this:
$.ajax({
method: ‘POST or GET, most likely POST’,
url: ‘not always an actual url, this is the path to your PHP file’,
success: function(data) {
//php file returns into variable ‘data’
//display the feed within this function
}
});
The result from the PHP file should be echo’d back in JSON notation, if it isn’t, just add this to end of PHP the file:
$whatever = json_encode($your_result);
echo $whatever; //this is still the feed, just encoded in JSON
And if you need to decode it for some reason, just do
json_decode($variable_to_decode);
There are other parameters you can use in the AJAX request, like if for instance you need access to certain variables in your PHP file, that currently only exist in your HTML document.
this was solved by saving the html as php. i don't know why that is but it worked

php library for flickr API

I am banging my head trying to use Flickr API...
My goal is to be able to upload images and create albums in my Flickr account from my website...
I tried the phpFlickr library but apparently it needs updates for getting authenticated tokens...It keeps giving me "Invalid auth token".
I did some reading on how to get tokens and using DPZFlickr managed to get oauth_token & oauth_verifier but failed to exchange that with an access token...It also failed in uploading any photo to my account using the included upload.php example (Giving me an "empty" error!).
After digging in DBZ flickr.php code, I managed to get this error when trying to upload to Flickr: "oauth_problem=signature_invalid&"
So I began to search how to create a valid signature to eventually get a valid access token...and concluded that it is quite some work to be done here if I am going to build everything from scratch.
So my question is: Are there any updated php libraries that I can use to successfully create albums and upload photos to my Flickr account? Or should I go ahead and try building one?
OK..I finally got it to work with the DPZ library.
For future reference anybody facing the same problem as I had:
I managed to create an album using DPZFlickr by changing the method in auth.php to flickr.photosets.create....which indicated that the library correctly generates an access token with write permission..
However, the upload example kept giving me the "Invalid signature" error....
I checked the code. Flickr.php correctly unsets the photo parameter before signing the request then adds it back and submits the request which is exactly as indicated in: www.flickr.com/services/api/upload.api.html
I found a discussion in https://www.flickr.com/groups/51035612836#N01/discuss/72157650261711318/ that cleared out that the error was not actually a signature problem, but rather the 'photo' parameter that is being sent is the problem. It's just that Flickr doesn't know what to do with the photo parameter so it sends the signature error.
So what' wrong with the photo parameter?
Flickr API requires that the image has to be sent in binary form...The DBZ library, Flickr.php script line 677, does the hard work for us using the cURL function in php (http://au.php.net/manual/en/function.curl-setopt.php).
It sends the $parameters (which includes the uploaded photo) to the post field of the http request which should do the upload in binary format for us.
However, a brilliant comment I found in CURL PHP send image
states that:
"CURLOPT_SAFE_UPLOAD defaulted to true in 5.6.0... so you will need to add curl_setopt($ch, CURLOPT_SAFE_UPLOAD, false); before setting CURLOPT_POSTFIELDS"
Checking the manual: http://au.php.net/manual/en/function.curl-setopt.php
it says:
"Added in PHP 5.5.0 with FALSE as the default value. PHP 5.6.0 changes the default value to TRUE."
So if your php version is 5.5.0 the library will work just fine whilst if using version PHP 5.6.0 you need to add a line before 677 in Flickr.php to change the CURLOPT_SAFE_UPLOAD to false (that's why the library works with some and others not).
To solve the issue...Just add this line before line 677 in Flickr.php:
curl_setopt($curl, CURLOPT_SAFE_UPLOAD, false);
That's it. (-:

Rails 4 path traversal possible?

The app I'm working on has a controller that issues templates to the front end (single page app). It's very basic, and simply consists of
#path = params[:path]
render template: "templates/#{#path}", layout: nil
Here my concern however is the direct use of the users input. Everything about this to me feels like it can be attacked with something as simple as path traversal. The route for this is
get "/templates/:path.html" => "templates#file", constraints: { path: /.+/ }, defaults: { format: 'html' }
I've tried multiple things to attempt a path traversal attack, such as
request /templates/path/to/../somewhere/else.html
request /templates?path=/path/to/../../something.rb
request /templates/index.html?path=/path/to/../../config/something.html
request /templates/path/../../../file.html
Fortunately, I haven't had any success with this. The requests that just start with /templates and don't specify anything after it, don't match the route thanks to the constraint so that is good.
It seems as though when that route is matched, rails doesn't allow you to override the path parameter through a url parameter, so I don't seem to be able to inject it there.
The ones that interest are the first and last examples above, where rails seems to internally be changing the requested URL before invoking the routes file. When I request /templates/path/to/../somewhere/else.html, my console output shows a request for /templates/path/somewhere/else.html. When I make a request for /templates/path/../../../file.html, the log shows a request for /file.html.
Am I missing something somewhere that will leave the app open to security issues, or is this just rails being sensible and protecting itself for me?
UPDATE
I've done some more digging, and if I try doing some URL encoding then I can cause the server to simply not respond at all. If I request /templates/%2e%2e%2f%2e%2e%2f%2e%2e%2ffresult.html then I just get an empty response with a connection: close header.
I assume that the parameter parser higher up in the rack is checking all urls for this type of attack? Regardless, my original question still stands. Am I missing something here?

Resources