I have created a script which posts data to a page automatically. It can be found below:
echo '
<html>
<body onLoad="javascript: document.process.submit();">
<form method="post" action="pagehere.php" name="process">
';
foreach($post_data as $k => $v) {
echo "<input type='hidden' name='$k' value='$v' />";
}
echo '
<input type="submit">
</form>
</body>
</html>
';
It works as intended in all other browsers apart from Opera (testing on version 11.50). The <form action> attribute works and the user is redirected to the new page. However, the hidden input fields are not sent to the new page.
I have tried removing the JS and replacing it with a standard submit button, with no luck. I have also tried using standard <input type="text"> tags just to test, and again, have had no luck. Oh, and no luck submitting with jQuery either, although that again was fine with IE/FF.
Am I missing something stupid, or is this a very strange problem?
Thanks.
After hours of searching the internet, it turned out I was looking at the wrong thing completely. The proxy settings in Opera were not configured correctly for my development environment...
Thanks to everybody who took the trouble to read/answer.
Related
I'm trying to build a form to asynchronously upload images to my site. It works perfectly on newer browsers and then the AJAX updates my list of images without refreshing the entire page.
The problem I'm having is it doesn't work on IE8 & IE9 (and probably others) because those browsers don't support "FormData". I need an alternative where a user uploads an image (with additional hidden form input fields), the list of images should update after the upload is complete - WITHOUT having the entire page refresh.
Here is basically what I have so far:
<div class="imagelist">
... list of images here should be updated by ajax after each upload...
</div>
<form name="uploadform" id="uploadform" method="post" action="/edit-images/uploadimage.php" enctype="multipart/form-data">
<input type="hidden" name="itemimagesid" value="<?php echo $itemid; ?>" />
<input type="hidden" name="itemtype" value="new" />
<input type="file" name="imagefile" id="imagefile" onchange="uploadFile()">
</form>
<script type="text/javascript">
function uploadFile() {
if (!window.FormData || window.FormData === undefined) { // old crappy browsers that can't use ajax/file submit.
$('#uploadform').append("<input type='hidden' name='oldbrowser' value='1'>");
...
[ need a solution here ]
...
return;
}
}
</script>
I need something that works in 2016. I have bootstrap 3.3.2 which uses the jQuery version 1.11.2. I've searched stackoverflow and none of the solutions work. I've tried "jQuery Form Plugin", that does absolutely nothing, doesn't even initialize - probably because my jQuery version is too new for that script. Hopefully there is a better solution for today.
Nevermind, I was able to figure out the iframe hack.
I am trying to submit a simple form that is in a pop-up dialog and then close the dialog.
The best article I've seen is Submit a form in a popup, and then close the popup but it seems to work intermittently for me. The page launched by the form is a PHP page that modifies a record in the database. I thought that once the request is sent the PHP page will execute, even if the launching window is closed. Apparently not though. Sometimes the table is updated, sometimes it isn't. It seems like if the SQL operation isn't fast enough the page will be closed and the process is killed.
Here's the code:
<form id="xlationform" action="updatexlation.php" method="post" onsubmit="return closeForm(this);">
Source: <br>
<textarea disabled name="sterm" rows=10 cols=50><?php echo $source ?></textarea><br><br>
Translation: <br>
<textarea name="xlt" rows=10 cols=50><?php echo $xlation ?></textarea><br><br>
<input type="hidden" name="id" value="<?php echo $termid ?>">
<input type="submit" value="Update">
</form>
<script>
function closeForm(f) {
f.submit();
window.close();
}
</script>
What's the best way of working this out? I want the window to be closed but the DB operation needs to complete first and I don't want to query the DB again if possible. Thanks for your help.
Do it in updatexlation.php like :
$e = mysqli_query(...) if ($e) { echo "<script>window.close();</script>"; }
But as mentioned above, avoid using popups.
The response page should simply have window.close in the onload event.
I wanna make a little input box where a user can submit a code and it happen like i they put
<script>alert("this is an alert")</script>
then a alert would pop up on the page
I need this for education purposes
<form><input type="text" name="xss"><input type="submit"></form>
<p>Result: <?= $_GET['xss'] ?></p>
Thats what i have tried but it doesnt work and w3c does not cover how to MAKE an XSS vulnerable input
There are several ways to do this. As one person suggested you could indeed use eval(). Just like the following:
<input type='text' id='vulnBox' value="alert('hello');"/>
<button onclick="eval(document.getElementById('vulnBox').value)">test</button>
Here's the corresponding fiddle example JSFiddle
If your interaction is more client to server then you could use $_GET in php to read your malicious javascript from the url and output into the contents of the page.
So someone would visit the page with a URL like:
yoursite.com?xss=%3Cscript%3Ealert()%3C%2Fscript%3E
and your php file would contain:
<?php echo urldecode($_GET['xss']); ?>
Hope this helps!
I've been trying to integrate ckeditor in my php website, and I've encountered the following issue.
Essentially, the content in ckeditor wouldn't appear in the $_POST variable after submitting the form.
I looked the issue up and apparently one has to update the form field with a small piece of code.
So I wrote the corresponding script and linked it to the submit button in order to get the result I want, but $_POST still shows up as empty.
I'm inexperienced with Javascript so the error probably lies there. Any ideas?
cktest.php:
<!DOCTYPE html>
<html>
<head>
<title>A Simple Page with CKEditor</title>
<!-- Make sure the path to CKEditor is correct. -->
<script src="http://localhost/ECLIPSEPHP/ckeditor/ckeditor.js"></script>
</head>
<body>
<form action = <?php echo $_SERVER['PHP_SELF']
?>>
<textarea name="test" id="test" rows="10" cols="80">
This is my textarea to be replaced with CKEditor.
</textarea>
<input type = "submit" name = 'submitButton' id = 'submitButton' value = 'Submit'>
<script>
// Replace the <textarea id="test"> with a CKEditor
// instance, using default configuration.
CKEDITOR.replace( 'test' );
</script>
<script type = "text/javascript" src = "http://localhost/ECLIPSEPHP/js/update.js"></script>
</form>
</body>
</html>
<?php
var_dump($_POST);
//echo $_POST['test'];
?>
The javascript supposed to handle the onclick event :
function updateAllMessageForms()
{
for (instance in CKEDITOR.instances) {
CKEDITOR.instances[instance].updateElement();
}
}
var submitButton = document.getElementById('submitButton');
submitButton.onclick = updateAllMessageForms;
There are quite a lot of problems with that code. The first thing to check is to add a method to that form tag: method="post".
See what <form action = <?php echo $_SERVER['PHP_SELF'] ?>> renders. It looks like it could be a wrong. I'm guessing it should be more like <form action="<?php echo $_SERVER['PHP_SELF'] ?>">.
Don't use ' for HTML attribute delimiters, use " instead: 'submitButton' --> "submitButton".
If you edit the updateElement a little: CKEDITOR.instances[instance].updateElement(); alert(1); - do you see the alert? If not, that code is not being called and you need to edit it so that it is.
Don't add spaces between your attribute name, the equals symbol and the value. That looks very strange and could be interpreted wrong or it could send Internet Explorer into quirks mode. Try to change this style: type = "submit" to type="submit" and keep up with that style.
Remember that it's often a good idea to look at the Rendered source in the browser to see what the browser actually gets. Happy coding!
I've got a very simple Javascript form that posts to a PHP page. This page is launching from a CRM system and the page itself can only be an HTML page, so I can't use PHP for the form. The form posts the user id (which is generated by the CRM system) over to a PHP page and then does a load of stuff based on the UserID.
The problem, however, is that some users now have IE9 and it doesn't seem to work with that! IE 8 is absolutely fine, but IE9 just doesn't seem to post the userid.
The form within the CRM system is as follows:
<form action="http://intranet-srv02/reports/contact.php" method="post" onsubmit="target_popup(this)">
<input name="userid" type="hidden" value="[userid]" />
<input type="submit" value="Reports" />
</form>
<script language="JavaScript1.2">
function target_popup(form) {
window.open('', 'formpopup', 'width=1100,height=750,resizeable,scrollbars');
form.target = 'formpopup';
}
</script>
And when, on the contact.php page put
<?php
$userid = $_POST['userid'];
echo $userid;
?>
Nothing echos on IE9 (but on IE8 and others it does)
Any help much appreciated!
EDIT: I've updated the deprecated language attribute, but still having the same issue. The form now reads:
<form action="http://intranet-srv02/reports/contact.php" method="post" onsubmit="target_popup(this)">
<input name="userid" type="hidden" value="[userid]" />
<input type="submit" value="Reports" />
</form>
<script type="text/javascript">
function target_popup(form) {
window.open('', 'formpopup', 'width=1100,height=750,resizeable,scrollbars');
form.target = 'formpopup';
}
</script>
Any other ideas?!
So it turns out that there is a (currently unknown exactly what) problem with IE9 and user profiles.
Possibly the problem is when users were on XP and then they started working on a Windows 7 box. Ultimately we haven't completely narrowed it down yet, but re-creating the user's profile seems to fix the issue!
The joys of Windows...