I'm using this v-0.9.0 version of Validator.js,
I used below code,
$('#frmNew')[0].reset()
$('#frmNew').validator('destroy').validator()
When i use resetForm, Validation symbols and colors[Red & Green] are still exist in screen.
It's a known issue in 1000hz bootstrap-validator with no proper fix yet, can check this issue Destroy method doesnt remove icons on github
Possible solution is add following piece of code when reset or destroy the form and remove error and success classes.
this.$element.find('.has-error').removeClass('has-error')
var $feedback = this.$element.find('.form-control-feedback')
$feedback.removeClass('glyphicon-warning-sign').removeClass('glyphicon-remove')
this.$element.find('.has-success').removeClass('has-success')
var $feedback = this.$element.find('.form-control-feedback')
$feedback.removeClass('glyphicon-warning-sign').removeClass('glyphicon-ok')
Suggestion
Use this BootstrapValidator validation plugin, it gives more control to validate form fields, designed to use with Bootstrap 3 and will not face these types of issues & bugs.
Related
I am working with code someone else build. I see xss active in config:
global_xss_filtering = TRUE
I see also this is deprecated. I also found in Input class:
$this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
This means if activate "global_xss_filtering" in config, even if I turn off xss on input->post, it will apply xss filtering.
This means I have to turn it off on config and use
$this->securit->xss_clean($this->input->post())
My Questions are the following:
If no XSS applied through $this->input->post('variable'), which are other advantages of using this and not $_POST?
Which is the correct way to do XSS filtering in Codeigniter 3?
Thanks in advance.
Which is the correct way to do XSS filtering in Codeigniter 3?
The current consensus in the development community seems to be that XSS filtering should be done at output instead of input. There are strong arguments and supporters for both input and output filter though.
It is a large and somewhat complex topic. Find more than you wanted to know at
https://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/cross-site-malicious-content.html
and
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#Introduction
and
https://paragonie.com/blog/2015/06/preventing-xss-vulnerabilities-in-php-everything-you-need-know
After reading and comprehending all of that you may find that preventing XSS requires a lot of thought and work during both input and output.
Many people recommend not using Codeigniter's XSS functionality and opt for something like HTML Purifier instead.
If no XSS applied through $this->input->post('variable'), which are other advantages of using this and not $_POST?
The primary advantage of using $this->input->post('variable') is that it will check that the index ('variable") exists in $_POST. To use $_POST directly you really should make sure the array has that index.
if(isset($_POST['variable'])
{
// do stuff with $_POST['variable']
...
}
Without the isset test you run the risk of fatal runtime errors. So using $this->input->post('variable') removes the tedium of continually building that if block
On project http://conferience.com that I worked before 2 years we use(d) to html purifier prevent xss atacks. Also when a plaintext input needed then we just striped any html string using php's native strip_tags method.
Therefore we set the following setting:
$global_xss_filtering = FALSE
And used manual handling on $_POST['something']/$this->input->post('something') inputs.
I'm working with a component bitrix:catalog (which is standard one) and faced an issue. I want to add some extra GET parameters to switch view mode. I think there is no need to rewrite whole component to make such switcher, so I added extra keys in result_modifier in a way similar to:
$this->__component->arResultCacheKeys = array_merge($this->__component->arResultCacheKeys, array('key1', "key2"));
Earlier in the same result_modifier I perform adding those extra keys in $arResult['key1'] etc. They seem to be correctly saved, but only for current inquiry such as ?view=list or view=card, that means only one variable value is saved and it does not react on changing of GET parameter. Is there simple and correct way to make that component to cache and to output data based on GET variable? The only idea which came to my mind is to rewrite component by adding extra parameter and checking of GET, but I think there must more simple and correct solution to make in via template. Human Readable Links are turned on. And I want to have auto-cash being turned on as well. If I turn it off it starts working as planned.
One of possible solutions is to rewrite it cache by SetTemplateCachedData but it still seems to me rough and incorrect way for such simple task.
Bitrix masters please help me to find correct solution, google can't help at the moment.
If you use standard bitrix:catalog component, you may be use standart bitrix:catalog.section. In that component.php used standart component cache.
That means you can describe additional parametr in you custom .parameters.php, and set it in bitrix:catalog.section params.
Standart component cache set cacheId based on arParams.
So you include component should look like this:
$APPLICATION->IncludeComponent(
"bitrix:catalog.section",
"",
array(
"IBLOCK_TYPE" => $arParams["IBLOCK_TYPE"],
"IBLOCK_ID" => $arParams["IBLOCK_ID"],
"ELEMENT_SORT_FIELD" => $arParams["ELEMENT_SORT_FIELD"],
"ELEMENT_SORT_ORDER" => $arParams["ELEMENT_SORT_ORDER"],
....
....
"NEW_ADDITIONAL_GET_PARAMS"=> $_GET['view']
),
$component
);
Of course better way somethink like
"NEW_ADDITIONAL_GET_PARAMS"=> (in_array($_GET['view'],array('list','card'))?$_GET['view']:'list')
But may be you need just set right catalog params: SEF_MODE SEF_FOLDER SEF_URL_TEMPLATES
I have a problem, which I'm really trying to figure out how I could best solve this. I have read various posts regarding this error and seems you can avoid this by using JavaScript by using:
Xrm.Page.getAttribute("name").setSubmitMode("always");
which doesn't work for me or inside the plugin. Now to my problem, I have an update plugin firing on my incident form, which updates some fields. However when I try to resolve the case or cancel it I get the error from my update plugin "The object cannot be updated because it is read-only" I have tried the following and would appreciate if somone could advice me what I'm doing wrong. My code for a plugin I'm registering as SetState on pre-operation against the incident form:
SetStateRequest setState = new SetStateRequest();
setState.EntityMoniker = new EntityReference();
setState.EntityMoniker.Id = incidentId; //Id which needs to be resolved/canceld
setState.EntityMoniker.Name = "statecode";
setState.EntityMoniker.LogicalName = "incident";
setState.State = new OptionSetValue();
setState.Status = new OptionSetValue();
SetStateResponse setStateResponse = (SetStateResponse)service.Execute(setState); }
On the state and status I'm quite confused to what value I have to set it to. I'm just getting an error when my incident is on Active and I'm trying to resolve and cancel the case. I would appreciate if someone could help me out here. Thanks in advance.
I think there are a few areas of confusion in your post...
Xrm.Page.getAttribute("name").setSubmitMode("always");
This is clientside code and will never have any bearing on the behaviour of your (serverside) plugin. It merely forces an attribute on the form to be submitted whether it has changed or not, during a save. If the record is in a read-only state, it will not change that fact.
I'm not at all clear what you are trying to acheive in your code. You mention that an update plugin is failing; you have posted code which would attempt to set the state of the incident to something (as #glosrob suggests, you are not providing any values in the OptionSetValue objects for State and Status so as you might already know, the code you have posted is invalid); you then state that you have registered your plugin on the SetState request. This means that it would fire if the user tries to set the state of the incident. Given that your code is itself trying to set the status of the incident, I'm not sure that it makes sense...
It sounds like what you want to do is, on update of an incident, set certain values. If the incident is in a read-only state, make it readable first, and then update the values. Do you then need to restore the state of the entity to it's former state? It sounds awkward and might perhaps suggest that there is a better way to meet your core requirement.
Maybe start with what you are trying to achieve and we can work from there :)
You should remove
setState.EntityMoniker.Name = "statecode";
from your code. This field Name has other purpose.
Also, you should add
setState.State.Value = 1;
setState.Status.Value = -1;
I'm trying to learn FubuMVC and have gotten stuck on validating my input models.
What I want to accomplish is post-validate-redirect. That is, to redirect to same view and show the errors if the model is invalid. I'm using attributes on my models.
Also, how would I specify my own error messages, i.e localization?
I'm using the latest packages of Fubu from nuget.
My registry looks like this:
IncludeDiagnostics(true);
Applies.ToThisAssembly();
Actions.IncludeClassesSuffixedWithController();
Routes
.HomeIs<HomeController>(x => x.Index())
.IgnoreControllerNamesEntirely()
.IgnoreMethodsNamed("Index")
.IgnoreMethodsNamed("Query")
.IgnoreMethodsNamed("Command")
.IgnoreNamespaceText("Features")
.IgnoreMethodSuffix("Html")
.RootAtAssemblyNamespace()
.ConstrainToHttpMethod(x => x.Method.Name.EndsWith("Command"), "POST")
.ConstrainToHttpMethod(x => x.Method.Name.EndsWith("Query"), "GET");
this.UseSpark();
this.Validation();
HtmlConvention<SampleHtmlConventions>();
Views.TryToAttachWithDefaultConventions();
The FubuMVC.Validation package is really just an example of how to use FubuValidation as we haven't built it out for all of the edge cases. Having said that, let me explain a little bit about how it works so we can see if you can use it, or if you should just handroll your own validation behavior.
The ValidationBehavior uses the IValidationFailureHandler interface to "handle" validation failures. The Notification object built up from FubuValidation is shoved into the IFubuRequest when the behavior fires, and then the handler is called.
The ValidationFailureHandler class is wired up by default for all
validation failures. This delegates to the IValidationFailurePolicy to
determine the strategy to use for a given model type (see my post on
policies for an explanation of how this works).
The Validation extension method has an overload which gives a micro-
dsl for configuring these policies:
this.Validation(x => {
x.Failures....
});
From here you can 1) apply custom policies via the ApplyPolicy method
or 2) use the predicate based configuration approach via the IfModel methods.
If you go the predicate route (e.g., x.Failures.IfModelIs()), you can tell FubuMVC.Validation to use FubuContinuations to redirect or transfer to another behavior
chain. Rex recently posted about FubuContinuations if you're looking for some guidance in this area (http://rexflex.net/2011/07/fubumvc-fubucontinuation/).
Hope this helps and feel free to ask away if I didn't explain anything enough,
Josh
I just created a GUI using guide in MATLAB for a small project I'm working on. I have amongst other things two text fields for from and to dates. Now I'd like to get rid of them and use a Java date select tool. Of course this is not possible using guide so I need to add them manually.
I've managed to get them to show up by putting this code into my Opening_Fcn,
uicomponent(handles, 'style','com.jidesoft.combobox.DateChooserPanel','tag','til2');
using UICOMPONENT.
But even though it shows up I can't access the date select's attributes, for example
get(handles.til2)
returns
??? Reference to non-existent field 'til2'.
How can I fix this?
Unless you edit the saved GUI figure, the basic handles structure will not include your new component by default.
One way to access you component is to store the handle via guidata, by adding the following to your opening function:
handles.til2 = uicomponent(handles, 'style','com.jidesoft.combobox.DateChooserPanel','tag','til2');
guidata(hObject,handles)
Functions that need to access the handle need the line
handles = guidata(hObject)
to return the full handles structure that includes the filed til2