I got a code like this in joomla backend.
<td class="center"><?php echo JHtml::_('jgrid.published', $item->published, $i, 'products.', TRUE, 'cb'); ?></td>
The publish function work correctly sending me to my controller products and method publish. However, the unpublish was not correct it send me to publish method instead of unpublish method, even though the anchor tag still show correctly like this <a class="jgrid" href="javascript:void(0);" onclick="return listItemTask('cb7','products.unpublish')" title="Unpublish Item">
anyone got any idea about it?
This is a really really old question, but I just came across the same problem myself.
It looks like they are saving space by using the same method (which you pointed out) "publish" for both publish and unpublish functionality.
The problem is that in the method it checks how to set the state, but does so based on the "task" which for some reason does not strip the context of the controller out of the post data. So... instead of looking for...
if( $post['task'] == 'unpublish' ){
...you should be looking for...
public function publish(){
$post = JRequest::get('post');
if( $post['task'] == 'items.unpublish'){
$state = 0;
}else{
$state = 1;
}
Notice how the task we are looking for is items.unpublish (items being your controller) instead of just unpublish.
I know this is probably way to late, but hopefully it helps someone.
Related
Got a question. For example, I change the code on the page
/catalog/view/theme/nextdef/template/extension/module/latest.twig
, or rather add a handler to the button:
<i class = "fa fa-heart" onclick = "window.dataLayer = window.dataLayer || [];
dataLayer.push ({'event': 'heart'}); "> </i> </button>
But when you click on this element, there are no changes. If you look at the page code, then it is also not updated. Although I write the cache and update the Disable cache inside the browser too, and still no changes ... I would be grateful if you help. thank
The problem was that the template editor had a history of this page. And there was no code. Apparently, he referred to her. I did not know that opencart prioritizes history compared to server files.
I have a form which I am validating using CFWheels model validation and form helpers.
My code for index() Action/View in controller:
public function index()
{
title = "Home";
forms = model("forms");
allforms = model("forms").findAll(order="id ASC");
}
#startFormTag(controller="form", action="init_form")#
<select class="form-control">
<option value="">Please select Form</option>
<cfloop query="allforms">
<option value="#allforms.id#">#allforms.name#</option>
</cfloop>
</select>
<input type="text" name="forms[name]" value="#forms.name#">
#errorMessageOn(objectName="forms", property="name")#
<button type="submit">Submit</button>
#endFormTag()#
This form is submitted to init_form() action and the code is :
public function init_form()
{
title = "Home";
forms = get_forms(params.forms);
if(isPost())
{
if(forms.hasErrors())
{
// don't want to retype allforms here ! but index page needs it
allforms = model(tables.forms).findAll(order="id ASC");
renderPage(action="index");
//redirectTo(action="index");
}
}
}
As you can see from the above code I am validating the value of form field and if any errors it is send to the original index page. My problem is that since I am rendering page, I also have to retype the other variables that page need such as "allforms" in this case for the drop down.
Is there a way not to type such variables? And if instead of renderPage() I use redirectTo(), then the errors don't show? Why is that?
Just to be clear, I want to send/redirect the page to original form and display error messages but I don't want to type other variables that are required to render that page? Is there are way.
Please let me know if you need more clarification.
This may seem a little off topic, but my guess is that this is an issue with the form being rendered using one controller (new) and processed using another (create) or in the case of updating, render using edit handle form using update.
I would argue, IMHO, etc... that the way that cfWheels routes are done leaves some room for improvement. You see in many of the various framework's routing components you can designate a different controller function for POST than your would use for GET. With cfWheels, all calls are handled based on the url, so a GET and a POST would be handled by the same controller if you use the same url (like when a form action is left blank).
This is the interaction as cfwheels does it:
While it is possible to change the way it does it, the documentation and tutorials you'll find seem to prefer this way of doing it.
TL; DR;
The workaround that is available, is to have the form be render (GET:new,edit) and processing (POST:create,update) handled by the same controller function (route). Within the function...
check if the user submitted using POST
if it is POST, run a private function (i.e. handle_create()) that handles the form
within the handle_create() function you can set up all your error checking and create the errors
if the function has no errors, create (or update) the model and optionally redirect to a success page
otherwise return an object/array of errors
make the result error object/array available to view
handle the form creation
In the view, if the errors are present, show them in the form or up top somewhere. Make sure that the form action either points to self or is empty. Giving the submit button a name and value can also help in determining whether a form was submitted.
This "pattern" works pretty well without sessions.
Otherwise you can use the Flash, as that is what it was created for, but you do need to have Sessions working. their use is described here: http://docs.cfwheels.org/docs/using-the-flash and here:http://docs.cfwheels.org/v1.4/docs/flashmessages
but it really is as easy as adding this to your controller
flashInsert(error="This is an error message.");
and this to your view
<cfif flashKeyExists("error")>
<p class="errorMessage">
#flash("error")#
</p>
</cfif>
I am building one of my first MVC 4 applications and I need some help with redirecting users.
I have a windows form application where I use a AxSHDocVw.AxWebBrowser to redirect the user to a specific URL , a SOAP web service to be precise, aswell as sending HTTP POST and HEADER data aswell.
This is done like so:
oHeaders = "Content-Type: application/x-www-form-urlencoded" + "\n" + "\r";
sPostData = "ExchangeSessionID=" + SessionID;
oPostData = ASCIIEncoding.ASCII.GetBytes(sPostData);
axWebBrowser2.Navigate2(ref oURL, ref o, ref o, ref oPostData, ref oHeaders);
I am looking to replicate this functionality in my MVC application, but am unsure of the how this can be done.
I was hoping to have this within an iframe, but can't find a way of sending the POST and HEADER data from this. This is what I have been trying so far:
Controller
ViewBag.URL = TempData["URL"];
ViewBag.SessionID = TempData["SessionID"];
ViewBag.FullURL = TempData["URL"] + "?ExchangeSessionID=" + TempData["SessionID"];
return View();
View
<iframe src="#ViewBag.FullURL" width="100%" height="500px"></iframe>
Basically I was trying to append the data to the end of the URL hoping this would work for the HTTP POST part. This is what I ended up with:
https://www.myurl.aspx?ExchangeSessionID=87689797
The user is being directed to the page, but the web service is giving me an error ( which tells me it is now receiving the POST data).
Can some please help me to try and fix this, or even give me advice on how to go about this another way. Like I said, I'm fairly new to MVC applications and I'm not entirely sure what I'm tryin to do is even possible.
Any help is appreciated. Thanks
I've decided to answer this question myself incase anybody is looking to do something similar in the future.
The first step was to create my iframe:
<iframe name="myframe" src="" width="100%" height="700px"></iframe>
Next I want to create a form with a button which, when pressed, will post the data to the url while targeting the iFrame (Note the target attribute of the form):
<form action="#ViewBag.URL" method="post" target="myframe">
<input type="hidden" name="ExchangeSessionID" value="#ViewBag.SessionID" />
<input type="submit" value="Submit" />
</form>
So what happens is, when the button is pressed, the form posts the ExchangeSessionID to the target URL and then the page response is displayed inside the iFrame.
My version :
SugarCRM CE 6.5.2 running on linux
What I want to do :
I've customized the Documents module in "custom/modules/Documents" by writing several logic hooks.
These logic hooks creates new folders in "ressources/" which is my new upload folder. (I've change the 'upload_dir' from "./upload" into "./ressources" in the config.php)
This is done through a custom field created in studio named "folder_name"
And then, the logic hooks cut and paste the document uploaded into this new folder.
What is my problem
So, with all of this, my download url in Edit, Detail and Revisions Subpanel Views is false. I would like to change it to the right folder, like, for example adding a folder parameter in the url
like this :
/index.php?entryPoint=download&folder=Images&id=idDoc&type=Documents
I tried to change the a href link in EditView.tpl or DetailView.tpl, (like )
but it didn't work since they were located in my cache/modules/Documents folder and were overriding when i did a quick repair.
So I copies/pasted the DetailView.tpl and the EditView.tpl into custom/modules/Documents/tpls and tried to override the view.edit.php and the view.detail.php to link the customized templates, but it did not work.
code :
<?php
require_once('include/MVC/View/views/view.detail.php');
class DocumentsViewDetail extends ViewDetail {
function DocumentsViewDetail() {
parent::ViewDetail();
}
function display() {
parent::display();
}
function detailViewProcess() {
$this->processSearchForm();
$this->lv->searchColumns = $this->searchForm->searchColumns;
if (!$this->headers)
return;
if (empty($_REQUEST['search_form_only']) || $_REQUEST['search_form_only'] == false) {
//here we are overriding with your custom template
$this->lv->setup($this->seed, 'custom/modules/Documents/tpls/DetailView.tpl', $this->where, $this->params);
echo $this->lv->display();
}
}
}
?>
Do you have any idea why this doesn't work?
Do you have any idea on how i could rewrite my URLS or override the Edit, Revisions SubPanel and Details Views?
Please answer, this is URGENT
Thank you by advance.
Try adding the folder parameter to the variable $file_url inside the method fill_in_additional_detail_fields() in modules/Documents/Document.php.
[Edited]
EditView: include/SugarFields/Fields/File/EditView.tpl
DetailView: include/SugarFields/Fields/File/DetailView.tpl
<a href="index.php?entryPoint=download&id={$fields.{{$vardef.fileId}}.value}&type={{$vardef.linkModule}}&folder=test" ...
ListView: include/SugarFields/Fields/File/ListView.tpl
<a href="index.php?entryPoint=download&id={$parentFieldArray.ID}&type={$displayParams.module}{$vardef.displayParams.module}&folder=test" ...
So, thanks to #air4x, i did answer my trouble : overriding the DetailView.tpl
To make it upgrade-safe, i copies it from
include/SugarFields/Fields/File/DetailView.tpl
to
custom/include/SugarFields/Fields/File/DetailView.tpl
It works!
BUT there is a big trouble coming...
explanations :
1] I create a new Document, uploading image01 to Folder01. Save. Database ok. in DetailView the folder name is "Folder01" and the link '//Folder01/image01_id' works.
2] I create another new Document, uploading image02 to Folder02. Save. Databse ok. BUT in DetailView the folder's name is not "Folder02" but "Folder01". AND the link is //Folder01/image02_id so it doesn't work, because in database or in my folders, the file is still in Folder02.
Here is my custom/include/SugarFields/Fields/File/DetailView.tpl code :
//BEGIN the code i modified
<span class="sugar_field" id="{{if empty($displayParams.idName)}}{{sugarvar key='name'}}{{else}}{{$displayParams.idName}}{{/if}}">
<a href="ressources/{$fields.folder_name_c.value}/{$fields.{{$vardef.fileId}}.value}" class="tabDetailViewDFLink" target='_blank'>{{sugarvar key='value'}}</a>
</span>
//END the code i modified
{{if isset($vardef) && isset($vardef.allowEapm) && $vardef.allowEapm}}
{if isset($fields.{{$vardef.docType}}) && !empty($fields.{{$vardef.docType}}.value) && $fields.{{$vardef.docType}}.value != 'SugarCRM' && !empty($fields.{{$vardef.docUrl}}.value) }
{capture name=imageNameCapture assign=imageName}
{$fields.{{$vardef.docType}}.value}_image_inline.png
{/capture}
{sugar_getimage name=$imageName alt=$imageName other_attributes='border="0" '}
{/if}
{{/if}}
{{if !empty($displayParams.enableConnectors)}}
{{sugarvar_connector view='DetailView'}}
{{/if}}
I really don't know why my $fields.folder_name_c.value stay from the first document and replace the one in the second document...
Do you know how i could do a sql query in my EditView.tpl to change it and have the right value?
Please, i really need help.
Thank you
(ps : #air4x, thanks a LOT, even if i have another trouble, that showed me hox to override EditView. THANK YOU! )
The basics:
I have a contact form that uses
php to validate the
forms. (in addition to client side) This could be done in any server side language though.
The server side only allows
A-z 0-9 for certain fields (it is
acceptable to validate this field to
English only with that extremely limited range)
If the form contains errors, I repopulate the fields so the user doesn't have to retype before submitting again
I am willing to not let other sites post to my form, even if legitimate use could be found there.
I can easily make a form on a different web site that posts a dirty word to a field. Certain dirty words are perfectly legit according to the validation rules, but my employeer obviously wouldn't like that to happen.
I am under the impression that dedicated hackers can affect cookies, php sessions and of course hidden fields are easy to spoof along with referrers and such. How can I block third party sites from posting to my page?
Please feel free to help me Google for this too. My search terms are weak and bringing up methods I know will fail.
What if somebody submits "d03boy eats cats" via a form on their site and gets people to click a link that submits it to my form? (Admit it is possible, and my company cannot accept any risk) Then when a user clicks the link they see inside the "name" field "d03boy eats cats" and gets super offended and contacts PETA about our site's content. We just cannot explain to the user what happened. True, nothing happened, but upsetting a single users isn't acceptable to my employer.
Our current solution is to not report any user input, which in my opinion is a big usability issue.
This sounds like you need a moderation system in place for user generated content, not a technical solution. Obviously you can check the referrer field, content scrub and attempt to filter the profane, but enumerating badness never works. (It can be an acceptable "first pass", but humans are infinitely resourceful in avoiding such filters).
Put the user submitted content into a queue and have moderators review and approve content. To lighten the load, you can set trusted users to "pre approved", but you have said your client can't accept any risk.
Frankly, I find that impossible: even with moderators there is the risk that a moderator will subvert your system. If that is actually true (that they have zero risk tolerance) then I suggest they not accept any user input, don't trust moderators and in fact eliminate the site itself (because an insider could go rogue and put something improper up). Clearly every act has risk; you need to find out how much they can accept, such as a moderator based approval queue.
I'm not sure I entirely understand your question but I'll do my best to give you a basic answer.
Cross Site Scripting (XSS) happens generally when someone else puts in HTML into your forms. Your website allows this to happen because it isn't escaping the HTML properly. If you use PHP you probably want to make use of the htmlentities($str, ENT_QUOTES) function.
htmlentities($str, ENT_QUOTES)
PHP htmlentities
My attempt
...
<?
$form_token = "";
$token = "";
$encoded_token = "";
$salt = "ThiséèÞ....$ÖyiìeéèÞ"; //it is 70 characters long
...
...
$blnGoodToken = false;
...
...
//Check for the encoded token
session_start();
$encoded_token = GetSuper('POST', 'TOKEN');
if (isset($_SESSION['TOKEN'])) {
if (sha1($_SESSION['TOKEN'] + $salt) === $encoded_token) {
$blnGoodToken = true;
//echo "Good Token";
}
else {
//echo "Bad Token";
$blnGoodToken = false;
unset($_SESSION);
session_unset();
session_destroy();
session_start();
}
}
else {
$blnDoit = false;
echo "No Token, possible no session";
}
$token = uniqid(rand(), TRUE);
$_SESSION['TOKEN'] = $token;
$form_token = sha1($token + $salt);
...
...
?>
...
...
<form action="request.php?doit=y" method="post">
<input type="text" name="TOKEN" id="TOKEN" value="<?=$form_token?>" />
<!--
form stuff
-->
<input type="reset" value="Clear" />
<input type="submit" value="Submit" />
</form>
Since I don't use sessions anywhere else on the site, I don't think we are exposed much to session hijacking. The token changes each load, and to get the token to match the session you would have to know
I am using SHA. An easy guess to
make on my php code
I keep it in the session. I suppose
the session is gettable
My salt. I think this is a good
secret. If they know my salt they already
owned my server