I have a problem when reading an associative array that's inside a cookie.
)
When I set it like this in the controller:
$this->set('info', $this->Cookie->read('info'));
I can read data this way in the view:
$info[0]['records'];
[ 'person_id' => 2, ...]
)
When I do this (because I read the cookie from a view cell):
$this->set('info', $this->request->cookie('info'));
I get the associative array as an string. (?) The whole array is an string:
'.''[{"person_id":2, ... "}]''.'
So, how can I 'avoid' this? Why does it become, via 'request', a String?
Edit:
In CakePHP, when you try to retrieve a cookie via 'request' (2.), you will normally get the hashed value of the cookie. When creating the cookie, I disabled the hashing. Maybe I didn't do that correctly.
Is it also possible to unhash it in a view cell?
What you have there is a JSON string.
The Cookie component by default stores all data JSON encoded, and also encrypted (AES by default). Consequently it also decrypts and decodes the data when reading cookies.
When the cookie isn't encrypted, you could easily JSON decode it.
$decoded = json_decode($encoded, true);
If you were using encryption too, and/or you were unsure whether the value is JSON encoded or not, you could either use the Cookie component to decrypt/decode the cookies at controller level, like
$this->request->coookies['info'] = $this->Cookie->read('info');
or set it as a view variable that you can pass to your cell as an argument.
See also Cookbook > Views > View Cells > Passing Arguments to a Cell
As of CakePHP 3.1.7 you can also use the \Cake\Utility\CookieCryptTrait trait, which is used by the cookie component too. Just add it to your class, implement the CookieCryptTrait::_getCookieEncryptionKey() method to return the proper encryption key (by default the security salt), and use CookieCryptTrait::_decrypt() to unscramble the cookie data.
See also API > \Cake\Utility\CookieCryptTrait
While this would work in a cell, the "problem" is that that the cell needs to know stuff from the outside world in order for this to work, it needs to know about the encryption key, and the encryption mode. Personally I'd probably use the former method, and if it would need to be the latter, pass the key and the mode to the cell as arguments.
Related
I'm developing SPA using ASP.NET Core and ReactJS.
In some places of application users have an opportunity to create comments, that will be shown everyone. So I have string inputs in controllers, and I save data 'as is' in database.
I've added attribute [Produces("application/json")] for each controller - to return json as results (I don't use server-side render).
My question: should I additionally encode input data (before saving in DB or before sending to user) - or this attribute automatically encodes all strings (before sending to user) and I won't have any chance have XSS attack in my application?
Thanks.
As the docs specify
A filter that specifies the expected Type the action will return and
the supported response content types. The ContentTypes value is used
to set ContentTypes
The Produces attribute will only define what the action/method will produce, it will not encode any input string
Very new to coldfusion. So I have a a form outputs values from DB into checkboxes.
<cfoutput query="Offices">
<label><input type="checkbox" value="#offices#" name="Offices">#offices#</label>
</cfoutput>
and when a user selects more than one checkbox it passes multiple parameters into URL which looks like this:
offices.cfm?Offices=A&Offices=B&Offices=C
I am trying to prevent multiple of the same parameters being passed so I want it to return like:
offices.cfm?Offices=A,B,C&...
I am really struggling to figure this out. Help is appreciated.
(Summary from comments, just to close out this thread ...)
True, but that is just how the parameters are transmitted in the url. Per the html specs, when using method GET, the browser builds a builds a big string of name/value pairs for all (successful) form fields. Then appends them to the url as the query string:
Submit the encoded form data set
If the method is "get" and the action is an HTTP URI, the user agent takes the value of action, appends a ? to it,
then appends the form data set, encoded using the "application/x-www-form-urlencoded" content type.
form data set
A form data set is a sequence of control-name/current-value pairs constructed from successful controls
However, it does not matter that the field name appears multiple times in the URL. If you dump the #URL# scope, you will see that CF has already parsed those values into a single CSV list for you. That list can be accessed using the variable name URL.Offices.
I have a objects in which i am storing it into the local storage.If i want to store another object ,before it is saved i want to check wheather the object is already existed in the localstorage .If existed if u want to replace it or add it with another name .
I need to do this ..I am unable to identify how to search if number of objects are already stored in the local storage.Can anyone please solve this problem.
localStorage.setItem( $scope.form.Name, angular.toJson($scope.form));
you can't search in the local storage - you have to get the value from the storage and search it yourself, as you would with a file for example.
But you could use a [web database] (http://www.tutorialspoint.com/html5/html5_web_sql.htm) (also HTML5 feature) which allows you to store and find object in a DB.
use localStorage.get("prop") to verify if the name is already taken and the value exists (then you can compare values), if it's not you will get an undefined, so you can run this test
if (localStorage.get("prop")) {
// do something to prop because it exists
}
get length of localStorage by using the build-in length property, like
console.log(localStorage.length);
// will print 42 or something..
if you want to see what's inside localStorage, remember that it's an JS object like everything else so you can iterate it's properties using a for .. in loop
for (var prop in localStorage) {
console.log(localStorage[prop]);
}
I have an instance where an external source is going to pop a browser that will navigate to my host page for my Silverlight application.
Within the query string that third party is sending pseudo-sensitive data that I do not want the user to be able to manipulate.
Seeing the data itself isn't the issue, it's simply being able to increment or change the values to assumed values.
My issue is that most cryptography I've found is not usable in Silverlight to decrypt the query string values.
I have 3 query string parameters that need encrypted.
i.e.
3rd Party: (encrypted values would need to be value1, 2 and 3)
//make call to Silverlight application host page
http://server/SilverlightRIA.aspx?value1=blah&value2=foo&value3=bar
My application's ASPX page will strip the query string parameters and send them to the Silverlight application through init parameters.
At this point they can be decrypted and set as globals variables or whatever the case may be.
I'm hoping for some suggestions on the best way or most efficient/simplest way to encrypt the values.
Actually ended up finding a fairly simple encryption method that will work with Silverlight.
My extjs store is not loaded even if the server reutrns a correct json response.
I checked that the fields return from the response has the same names as the fields defined in the store.
The grid is just blank.
What can I check?
You should check you are returning an array of objects to ExtJS. If you are returning an object, containing the array of objects as a field, make sure you specify rootProperty for JsonReader to find the array. Make sure you are using correct data reader (i.e. JsonReader).
You may also try adding data from response manually into store via add to check that the data fits in well.