Featured post

c# - Usage of Server Side Controls in MVC Frame work -

-
i using asp.net 4.0 , mvc 2.0 web application. project requiremrnt have use server side control in application not possibl in noraml case. ideally want use adrotator control , datalist control. i saw few samples , references in codepleax mvc controllib howwver found less useful. can tell how utilize theese controls in asp.net application along mvc. note: please provide functionalities related adrotator , datalist controls not equivalent functionalities thanks in advace. mvc pages not use normal .net solution makes use of normal .net components impossible. a normal .net page use event driven solution call different methods service side mvc use actions , view completly different way handle things. also, mvc not use viewstate normal .net controlls require. found article discussing mixing of normal .net , mvc.
3 comments

php - url or content as a variable in the header of the page -

-

i designing site external links form various being shown on page. using

$url=$_get['url']; $website_data = file_get_contents($url); echo $website_data;

so user click on hyperlink www.test.com/display_page.php?url=http://www.xyz.com/article/2.jpg

my page, list_of_images.php, typically has list of images href each image above on page , when image clicked go display_page.php, show our banner on top of page, text , image beneath that. image website.

i sending url directly , grabbing using get. understand users/hackers can coding , send commands url variable , break server or harmful , avoid method or sending url directly in header. alternate approach problem?

i make sure url starts http:// or https://:

if(preg_match("`^https?://`i", $_get['url'])) // stuff

you may want make sure isn't pointing anywhere internal:

if(preg_match('`^https?://(?!localhost|127\.|192\.|10\.0\.)`i', $_get['url'])) // stuff

rather big dirty regex, go more elegant host black-list approach, drift...


Comments

Post a Comment

Popular posts from this blog

c# - Usage of Server Side Controls in MVC Frame work -

-
i using asp.net 4.0 , mvc 2.0 web application. project requiremrnt have use server side control in application not possibl in noraml case. ideally want use adrotator control , datalist control. i saw few samples , references in codepleax mvc controllib howwver found less useful. can tell how utilize theese controls in asp.net application along mvc. note: please provide functionalities related adrotator , datalist controls not equivalent functionalities thanks in advace. mvc pages not use normal .net solution makes use of normal .net components impossible. a normal .net page use event driven solution call different methods service side mvc use actions , view completly different way handle things. also, mvc not use viewstate normal .net controlls require. found article discussing mixing of normal .net , mvc.
Read more

ios - Very simple iPhone App crashes on UILabel settext -

-
i have simple application. have button , label in ib. have ibaction onclick calls settext on label. there's outlet label. connected in ib. crashes app first time in simulator. when launch again, sets text. crashes again next time. crashes on actual device. should simple, i'm not sure i'm doing wrong. thanks. in .h file : #import <uikit/uikit.h> @interface untitledviewcontroller : uiviewcontroller { iboutlet uilabel *label; iboutlet uibutton *button; } @property (nonatomic, retain) uilabel *label; -(ibaction) onclick1: (id) sender; @end and in .m: - (ibaction) onclick1: (id) sender { //[label settext:@"hello world!"]; label.text = @"hello world!"; //[button settitle:@"clicked" forstate:uicontrolstatenormal]; } sorry, i'm new site. how crash log , stack? thanks. edit : while answer technically correct, doesn't answer question @ :( sorry < warning - guess > if you're...
Read more

mysql - Why there can be only one TIMESTAMP column with CURRENT_TIMESTAMP in DEFAULT clause? -

-
why there can 1 timestamp column current_timestamp in default or on update clause? create table `foo` ( `productid` int(10) unsigned not null, `addeddate` timestamp not null default current_timestamp, `updateddate` timestamp not null default current_timestamp on update current_timestamp ) engine=innodb; the error results: error code : 1293 incorrect table definition; there can 1 timestamp column current_timestamp in default or on update clause this limitation, due historical, code legacy reasons, has been lifted in recent versions of mysql: changes in mysql 5.6.5 (2012-04-10, milestone 8) previously, @ 1 timestamp column per table automatically initialized or updated current date , time. restriction has been lifted. timestamp column definition can have combination of default current_timestamp , on update current_timestamp clauses. in addition, these clauses can used datetime column definitions. more information, see automati...
Read more