I am using joomla 2.5.4 and Virtuemart 2.0.6, When i try to do a payment with paypal, in paypal summary of order: Description is showing without special character. it shows like N�mero instead of Número.
How can i fix this ?
Go to plugins/vmpayment/paypal/paypal.php
And search for this function plgVmConfirmedOrder()
You can see this form at last of this function
$html = '<html><head><title>Redirection</title></head><body><div style="margin: auto; text-align: center;">';
$html .= '<form action="' . "https://" . $url . '" method="post" name="vm_paypal_form">';
$html.= '<input type="submit" value="' . JText::_('VMPAYMENT_PAYPAL_REDIRECT_MESSAGE') . '" />';
foreach ($post_variables as $name => $value) {
$html.= '<input type="hidden" name="' . $name . '" value="' . htmlspecialchars($value). '" />';
}
$html.= '</form></div>';
$html.= ' <script type="text/javascript">';
$html.= ' document.vm_paypal_form.submit();';
$html.= ' </script></body></html>';
Replace the form with this.
$html = '<html><head><title>Redirection</title></head><body><div style="margin: auto; text-align: center;">';
$html .= '<form action="' . "https://" . $url . '" method="post" name="vm_paypal_form">';
$html.= '<input type="submit" value="' . JText::_('VMPAYMENT_PAYPAL_REDIRECT_MESSAGE') . '" />';
foreach ($post_variables as $name => $value) {
$html.= '<input type="hidden" name="' . $name . '" value="' . htmlspecialchars($value). '" />';
}
$html.= '<input type="hidden" name="charset" value="utf-8">';
$html.= '</form></div>';
$html.= ' <script type="text/javascript">';
$html.= ' document.vm_paypal_form.submit();';
$html.= ' </script></body></html>';
We added a line
$html.= '<input type="hidden" name="charset" value="utf-8">';
This works fine for me.
Related
I originally had an AJAX call to my view, then I realized I can't return render(request, 'my/new/template.html, context)
So I came upon this related question, which led me to what I show below: Redirect to new page after receiving data from Javascript
However I'm having trouble getting the CSRF token to work, it's giving me a 403 error. As a side note, I am also using shell_plus to use a secure connection, but I don't think that is contributing to the issue.
Here is my call to the view function:
submitForm.addEventListener('submit', function (e) {
const form = new FormData(e.target);
// const csrf_token = form.get("csrfmiddlewaretoken");
// instead using var csrf_token = {{ csrf_token }} in template
e.preventDefault()
instance.requestPaymentMethod(function (err, payload) {
var url = '/shop/payment/';
var newForm = '<form action="' + url + '" method="post">';
newForm += '<input type="hidden" name="csrf_token" value="' + csrf_token +'" />'
newForm += '<input type="hidden" name="paymentMethodNonce" value="' + payload.nonce + '" />'
newForm += '<input type="hidden" name="orderTotal" value="' + order_total + '" />'
newForm += '<input type="hidden" name="address" value="' + $('#address-select').val() + '" />
newForm += '<input type="hidden" name="first-name" value="' + form.get("first-name") + '" />'
newForm += '<input type="hidden" name="last-name" value="' + form.get("last-name") + '" />'
newForm += '</form>'
var form_element = $(newForm);
$('body').append(form_element);
form_element.submit();
});
My previous attempt using ajax looked something like this:
$.ajax({
type: 'POST',
url: '/shop/payment/',
headers: { "X-CSRFToken": csrf_token },
data: {
'paymentMethodNonce': payload.nonce,
'orderTotal': order_total,
'address': $('#address-select').val(),
'first-name': form.get("first-name"),
'last-name': form.get("last-name")
}
}).done(function (result) {
console.log(result.result)
// WON'T REDIRECT
});
I solved this by using a regular form with method="post":
<form id="braintree-submit-form" method="post" action="{% url 'shop:payment' %}">
{% csrf_token %}
{# added any inputs I could get from the template here, for example #}
<input type="text" name="first-name" class="form-control" value="{{ request.user.first_name}}" required />
{# ... #}
I still needed to add some form inputs, whose values I could only access through javascript but I ended up with a much shorter simpler function. The reason is this is an implementation of Braintree's Dropin UI.
submitForm.addEventListener('submit', function (e) {
e.preventDefault()
instance.requestPaymentMethod(function (err, payload) {
var nonceInput = document.createElement("input")
nonceInput.setAttribute('name', 'paymentMethodNonce')
nonceInput.setAttribute('value', payload.nonce)
nonceInput.setAttribute('type', 'hidden')
submitForm.appendChild(nonceInput)
var addrInput = document.createElement("input")
addrInput.setAttribute('name', 'address')
addrInput.setAttribute('value', $('#address-select').val())
addrInput.setAttribute('type', 'hidden')
submitForm.appendChild(addrInput)
submitForm.submit()
})
I am getting this error:
Parse error: syntax error, unexpected '>' in
C:\xampp\htdocs\jagan\display.php on line 40
Here is my code:
<html>
<head><title> Display Student Results </title></head>
<body>
<form action="display.php method="post">
<table>
<tr>
<td>Enter Hallticket Number:
<td><input type="number" name="hno">
</tr>
<tr>
<td><input type="submit" name="btnsearch" value="search">
</tr>
</table>
</form>
</body>
</html>
<?php
$conn=mysqli_connect("localhost","root","")or die("unable to connect");
mysqli_select_db($conn,"college");
if(isset($_POST['btnsearch']))
{
$hall=$_POST['hno'];
$result=mysqli_connect($conn,"select * from student where hno=$hall");
echo "<h1> Student Results </h1>";
echo "<table border=5>";
echo "<tr>";
echo "<th> hallticket";
echo "<th> Name";
echo "<th> class";
echo "<th> gst";
echo "<th> Tax";
echo "<th> php";
echo "<th> dmdw";
echo "<th> accounts";
echo "</tr>;
while($rows=mysqli_fetch_assoc($result))
{
echo "<tr>";
echo "<td>".rows['hno'];
echo "<td>".rows['name'];
echo "<td>".rows['class'];
echo "<td>".rows['gst'];
echo "<td>".rows['tax'];
echo "<td>".rows['php'];
echo "<td>".rows['dmdw'];
echo "<td>".rows['acc'];
echo "</tr>";
}
echo "</table>";
}
?>
You aren't calling the mysql resultset properly, it's "row" not "rows". Here are the docs.
echo "<td>".rows['hno'];
Should be:
echo "<td>".row['hno'];
Also, your HTML table isn't properly formed. Take a look at this resource to understand how to create a table.
You need to close off your <th> and <td> tags like this:
echo "<th>Name</th>";
Here is a great tutorial that will walk you through PHP/MySQL coding. Working your way through that first will mean less trips here to SO seeking help.
I see my script is vulnerable to XSS, I am new to PHP so I really have no idea where I should look at. Here are all the codes I use:
<?php
$host = $_SERVER['HTTP_HOST'];
$map = opendir(gif);
$m = 0;
while(false !=($file = readdir($map))){
if($file != "." && $file != ".."){
$gif[$m]= $file;
$m++;
}
}
$random_gif=rand(0,count($gif)-1);
?>
&
<html>
<head>
<meta http-equiv = "Content-Type" content = "text/html; charset=UTF-8">
<title><?php echo $_GET['gif']; ?> - Xanu</title>
</head>
<body><center>
<object width="650" height="650">
<embed src="gif/<?php echo $_GET['gif']; ?>" width="640" height="480"></embed>
<br><b><font face="Arial">
<font size="10"><?php echo $_GET['gif']; ?></font><br><br>
Link naar de bullshit die hier boven staat?<br>
<input type="text" size="55" name="giflink" value="http://<?php echo $host; ?
>/file.php?gif=<?php echo $_GET['gif']; ?>"><br><br>
<?php
echo 'Klik hier voor nieuwe bullshit!';
?>
You're sending $_GET['gif'] back to user , so you should use htmlspecialchar:
<?php echo htmlspecialchar($_GET['gif'] , ENT_QUOTES); ?>
Greeting,
As per title, does anyone know how can I disable this feature? I have tried below two methods, Neither one works.
Method 1 in /catalog/controller/product/product.php find:
$this->data['popup'] = $this->model_tool_image->resize($image, $this->config->get('config_image_popup_width'), $this->config->get('config_image_popup_height'));
Change to:
$this->data['popup'] = 'image/' . $image;
in the same file find:
'popup' => $this->model_tool_image->resize($result['image'] , $this->config->get('config_image_popup_width'), $this->config->get('config_image_popup_height')),
Change to:
'popup' => 'image/' . $result['image'] ,
Method 2 in catalog/view/theme/default/template/product/product.tpl find:
<div class="image"> <img src="<?php echo $thumb; ?>" title="<?php echo $heading_title; ?>" alt="<?php echo $heading_title; ?>" id="image" /></div>
Change to:
<div class="image"><img src="<?php echo $thumb; ?>" title="<?php echo $heading_title; ?>" alt="<?php echo $heading_title; ?>" id="image" /> </div>
After try lots of options, the best and easiest for us has been add those lines in stylesheet.css:
.zoomLens {
display: none !important;
}
.zoomContainer {
display: none !important;
}
Thanks!!!
The right solution should be in catalog/view/theme/default/template/product/product.tpl find
<script type="text/javascript"><!--
$(document).ready(function() {
$('.colorbox').colorbox({
overlayClose: true,
opacity: 0.5,
rel: "colorbox"
});
});
//--></script>
(should start at line 335) and change it to:
<script type="text/javascript"><!--
/*$(document).ready(function() {
$('.colorbox').colorbox({
overlayClose: true,
opacity: 0.5,
rel: "colorbox"
});
});*/
//--></script>
Thus simply comment whole colorbox feature initialization...
I'm creating a comment system where users can answer to an existent comment but i want to know how to indent those replies ("child" comment) under the existent comment ("parent" comment).
Here current code:
<h2>Fiche</h2>
<?php
$_SESSION['cf']['message'] = $_GET['message'];
$reponse = db_query('SELECT * FROM messages WHERE id = ?', array($_SESSION['cf']['message']));
$donneesmsg = $reponse->fetch()
?>
<h5><?php echo $donneesmsg['Pseudo']; ?></h5>
<p class="text-center text-align"><?php echo $donneesmsg['Message']; ?></p>
Repondre
<?php
echo '<h4>Commentaires</h4>';
echo '<hr>';
$reponse1 = db_query('SELECT * FROM comment WHERE messages_id = ?', array($donneesmsg['id']));
$donneescom1 = $reponse1->fetch();
$reponse = db_query('SELECT * FROM comment WHERE messages_id = ? ORDER BY id ASC', array($donneesmsg['id']));
while ($donneescom = $reponse->fetch()) {
if ($donneescom['commentaires_id'] == 0)
{
echo '<center>';
echo '' .$donneescom['id']. '<br>';
echo '' .$donneescom['pseudo']. '<br>';
echo '' .$donneescom['commentaire']. '<br>';
echo 'Repondre';
echo '<hr>';
echo '</center>';
}
if ($donneescom['commentaires_id'] != 0)
{
echo 'En reponse au com ' .$donneescom['commentaires_id']. '<br>';
echo '' .$donneescom['id']. '<br>';
echo '' .$donneescom['pseudo']. '<br>';
echo '' .$donneescom['commentaire']. '<br>';
echo 'Repondre';
echo '<hr>';
}
}
?>
<form id="formcom" method="post" action="index.php?page=addcomment">
Pseudo: <input type="text" placeholder="Pseudo" name="pseudo"> <br>
Mail: <input type="email" placeholder="Mail" name="mail"> <br>
Commentaire: <textarea placeholder="Commentaire" name="commentaire"></textarea> <br>
<input type="hidden" name="date" value="<?php echo time(); ?>"><br>
<input type="hidden" name="messages_id" value="<?php echo $donneesmsg['id']; ?>"><br>
<input type="text" name="commentaires_id" value="<?php echo $_GET['com']; ?>"><br>
<input type="hidden" name="id" value="<?php echo $donneesmsg['id']; ?>"><br>
<input type="submit" value="Envoyer">
</form>