I have a delete link to delete a Comment object by ID /comment/:id/delete
In order to secure this link I add a csrf token to the link
$CSRFTokenForm = new BaseForm();
$link = url_for(..., array('_csrf_token' => $CSRFTokenForm->getCSRFToken()));
and in the executeDelete i use the checkCSRFProtection() method, and it all works fine.
The only thing is that each comment is displayed by a partial, and each partial creates it's own BaseForm() in order to create the token, which is waste of time since they're all the same..
Do you have a better idea on how to make it more efficient, like maybe a static getCSRFToken() method or creating a global BaseForm()?
Use SF's method => delete. It creates the CSRF token for you:
<?php
echo link_to('comment/' . $comment->getId() . '/delete',
array(
'method' => 'delete',
'confirm' => 'Do you really want to delete the comment??',
'title' => 'Delete'
)
);
?>
Yes it's a jQuery Plugin error. If you are using sfJqueryReloadedPlugin - 1.4.3 you need to change the source code of the file jQueryHelper in the plugin's directory and put "BaseForm" instead of "sfForm" in the "csrf => 1" sectuo
With the jQuery Plugin try:
jq_link_to_remote('comment/' . $comment->getId() . '/delete', array('csrf' => 1))
Found it in the sourcecode and they do it with a BaseForm instance, too.
Related
I am new in prestashop (version 1.6) and I have some problem about a link.
I want to add another login link with extra parameters so that I can hide registration part from connexion page.
So in nav.tpl, I added extra parameters :
$link->getPageLink('my-account', true, NULL, ['params' => 'myTest'])|escape:'html':'UTF-8'}
When I click on that link, It completely disappear and in AuthController (initContent) Tools:getValue('params') returns null. I don't know how to figure it out. Thanks
You should work with Smarty.
The parameter you should pass the file AuthController in function initContent.
Edit this:
$this->context->smarty->assign(array(
'inOrderProcess' => true,
'PS_GUEST_CHECKOUT_ENABLED' => Configuration::get('PS_GUEST_CHECKOUT_ENABLED'),
'PS_REGISTRATION_PROCESS_TYPE' => Configuration::get('PS_REGISTRATION_PROCESS_TYPE'),
'sl_country' => (int)$this->id_country,
'countries' => $countries
));
Alternative method
In the same function you can do another change
Of prestashop you can use the GET and POST using the function:
$param = (int) (Tools::getValue ('myTest'));
The Array that you have passed to getPageLink function seems wrong, please try the following:
{$params = ['params' => 'myTest']}
$link->getPageLink('my-account', true, NULL, $params)|escape:'html':'UTF-8'}
That is because when a FrontController is protected (such as MyAccountController) the user is redirected to the login page and the query params are lost. To fix it, change /classes/controller/FrontController.php:
Tools::redirect('index.php?controller=authentication'.($this->authRedirection ? '&back='.$this->authRedirection : ''));
to:
Tools::redirect('index.php?controller=authentication'.($this->authRedirection ? '&back='.$this->authRedirection.'&'.$_SERVER['QUERY_STRING'] : ''));
That should preserve the additional query params on the login page.
tl;dr; Trying to link the 'save and return' button when editing/deleting a course to my local plugins index.php instead of moodles default redirect for these features, moodle allready has a returnTo query parameter so i was thinking if that could be used somehow.
Hey
I am creating a local plugin that has a administration panel, where you can access CRUD on all courses in the system as seen in the picture below:
The problem now is that whenever I click edit, I get into the course edit page of course, but when I return from there I click "save and return" I would like to get back to my own admin page instead of the course page or category manage page.
The code I have right now looks like this:
//edit
$edit_course_moodle_url = new moodle_url('/course/edit.php', array('id' => $course->id, 'returnto' => 'local/adminpanel/index.php'));
$edit_course_url = $edit_course_moodle_url->get_path() . '?id=' . $edit_course_moodle_url->get_param('id') . '&returnto=' . $edit_course_moodle_url->get_param('returnto');
//delete
$delete_course_moodle_url = new moodle_url('/course/delete.php', array('id' => $course->id, 'returnto' => 'local/adminpanel/index.php'));
$delete_course_url = $delete_course_moodle_url->get_path() . '?id=' . $delete_course_moodle_url->get_param('id') . '&returnto=' . $delete_course_moodle_url->get_param('returnto');
As you can see I use the "returnto" query parameter, normally moodle has a "catmanage" as "returnto" that returns you to the category management page, where moodle has its own CRUD for categories and courses. So my question is, can I create my own alias for a link and use it like moodle uses the catmanage link, but for my admin page instead.
Thanks a lot ! :)
EDIT:
Change code to the following:
if (empty($CFG->loginhttps)) {
$securewwwroot = $CFG->wwwroot;
} else {
$securewwwroot = str_replace('http:','https:',$CFG->wwwroot);
}
$returnurl = new moodle_url($securewwwroot . '/local/adminpanel/index.php');
$edit_course_moodle_url = new moodle_url($securewwwroot . '/course/edit.php', array(
'id' => $course->id,
'sesskey' => sesskey(),
'returnto' => 'url',
'returnurl' => $returnurl->out(false))
);
$edit_course_url = $edit_course_moodle_url->out();
But it looks like moodle took away the button from edit course called "save and return" now it only has "save and display" or "Cancel" , both of which brings me back to the course, sad times :(
According to the code I can see in course/edit.php, you should use the following URL arguments:
returnto: 'url'
returnurl: The url
sesskey: sesskey()
In code that gives us:
$returnurl = new moodle_url('/local/plugin/page.php');
$editurl = new moodle_url('/course/edit.php', array(
'id' => 2,
'sesskey' => sesskey(),
'returnto' => 'url',
'returnurl' => $url->out(false)
));
echo $editurl->out();
The page course/delete.php does not seem to support those arguments. But it's probably easier for your plugin to delete the course by itself, it's as simple as calling delete_course($courseid);.
Given that I have a WHMCS addon that I call 'my_addon'. I created the main addon file 'my_addon.php' which does contain nothing than:
<?php
function my_addon_clientarea($vars) {
$client = null;
return array(
'pagetitle' => 'My Addon',
'breadcrumb' => array('index.php?m=my_addon'=>'My Addon'),
'templatefile' => 'views/myaddon_view',
'vars' => array(
'client' => $client
)
);
}
This does basically work. It does give me my template file, everything is passed through. My question is: How do I get the currently logged in client from within that function?
I didn't find any API method and I can't see any constant which does hold this information.
There must be a way to get the current client within the clientarea? Thanks for your help!
For those who do come after me and have the same problem: it's easy to solve. Turned out, that I just had to think it through... I found the client id to be available in the $_SESSION-variable.
So, if you are looking for the client's id:
<?php
function my_addon_clientarea($vars) {
$clientid = $_SESSION['uid'];
// And so on...
}
The official way to get current user information is:
$currentUser = new \WHMCS\Authentication\CurrentUser;
$user = $currentUser->user();
You can find more information here
This should be fairly simple for anyone familiar with MediaWiki, but it's stumping me for me because being me.
I'm working on a skin, and I need to show the currently logged in user's name in a top bar - let's assume in plain text, for simplicity's sake, with changes via CSS.
Initially, I was planning on using the automatically generated one used in the personal tools bar, but since the generating line in the skin is
<?php $this->renderNavigation( 'PERSONAL' ); ?>
, it's inseparable from there. I looked in User.php and found its generation line:
public function getUserPage() {
return Title::makeTitle( NS_USER, $this->getName() );
}
So, I figure I might be able to use this function somehow, but I have very little knowledge of PHP, and am unsure how.
EDIT: It appears that this is used for the generation in the personal tools line itself, but again, I'm not sure how to adapt this.
$personal_urls['userpage'] = array(
'text' => $this->username,
'href' => &$this->userpageUrlDetails['href'],
'class' => $this->userpageUrlDetails['exists'] ? false : 'new',
'active' => ( $this->userpageUrlDetails['href'] == $pageurl )
);
Could I duplicate this into a separate function, and make something like the following?
<?php $this->renderNavigation( 'USERNAME' ); ?>
You can use this code:
<?php echo htmlspecialchars($this->getSkin()->getUser()->getName()); ?>
Or, as the User class has a __ToString() magic method:
<?php echo htmlspecialchars($this->getSkin()->getUser()); ?>
Sources :
The SkinTemplate class in MediaWiki code documentation
The User class in the same documentation
CurrentUsers
http://www.mediawiki.org/wiki/Extension:CurrentUsers
GetUserName
http://www.mediawiki.org/wiki/Extension:GetUserName
Modify these extension for your needs
If you indeed just want the username inserted somewhere into the skin HTML, this should do it:
<?php echo htmlspecialchars( $this->username ); ?>
I'm using Symfony 1.2 in a standard Propel form class.
public function configure()
{
$this->setWidgets(array(
'graduate_job_title' => new sfWidgetFormInput( array(), array( 'maxlength' => 80, 'size' => 30, 'value' => '' ) )
));
//etc
}
However, I want the value of this field to come from the user information, which I'd normally access using $this->getUser()->getAttribute( '...' ). However, this doesn't seem to work in the form.
What should I be using?
It's a very bad idea to rely on the sfContext instance.
It's better to pass what you need during sfForm initialization in the options array parameter.
http://www.symfony-project.org/api/1_4/sfForm
__contruct method
for example in your action:
$form = new myForm(null,
array('attributeFoo' =>
$this->getUser()->getAttribute('attributeFoo'));
and then retrieve the value inside the form class:
$this->getOption('attributeFoo');
cirpo
Does that work?
sfContext::getInstance()->getUser()->getAttribute('...');
// Edit : See cirpo's recommandation on the use of sfContext instead.
If someone need the same in admin (backend) here is a solution:
http://blog.nevalon.de/en/wie-nutze-ich-die-rechteverwaltung-in-symfony-admin-generator-formularen-20100729
In Symfony 1.4, object $sf_user