I´am searching for a solution to handle a form in Perl with multiple checkboxes. Following issue:
<input type="checkbox" name="checkbox" value="1">
<input type="checkbox" name="checkbox" value="2">
.....
<input type="checkbox" name="checkbox" value="500">
In the script:
$q = new CGI;
my $checkbox = $q->param("checkbox");
foreach ( CHECKED_CHECKBOXES )
{ do something }
I have no idea how to read out all checked checkboxes. May somebody an idea for me?
Call param in list context.
my #checkboxes = $q->param("checkbox");
Related
I have some problem with XSS scan on sitelock. They said that some of URL from html input form is vulnerable. They said each parameters which I sent through the form was vulnerable. In this case the vulnerability is from Paypal input form. I build my website with Paypal redirect so the user will input their own data into the form and the system will send it to paypal. This is the example of my form code:
<div class="col-md-5">
<input type="text" class="form-control" name="L_PAYMENTREQUEST_FIRSTNAME" id="L_PAYMENTREQUEST_FIRSTNAME" value="<?=$_SESSION['post_value']['shipping_first_name']?>" readonly="readonly">
</div>
<input type="hidden" name="billing_first_name" value="<?=$_POST['billing_first_name']?>">
<input type="hidden" name="billing_last_name" value="<?=$_POST['billing_last_name']?>">
<input type="hidden" name="billing_email" value="<?=$_POST['billing_email']?>">
<input type="hidden" name="billing_phone" value="<?=$_POST['billing_phone']?>">
<input type="hidden" name="billing_address" value="<?=$_POST['billing_address']?>">
<input type="hidden" name="billing_city" value="<?=$_POST['billing_city']?>">
<input type="hidden" name="billing_postcode" value="<?=$_POST['billing_postcode']?>">
<input type="hidden" name="billing_state" value="<?=$_POST['billing_state']?>">
That is some part of my form. What I want to know is whats wrong with that form and how to prevent Sitelock to scan XSS vulnerability ? Please anyone knows could help me.
I would also recommend using the HTTP header.
X-XSS-Protection: 1; mode=block
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
you probably dont check/nullify the data you are getting in the input fields
and by typing <script>alert('hacked')</script> in billing_address field
on next page where you print the billing_address you will get a popup window calling hacked
On the page that process your form you should validate that input fields doesn't have any javascript code.
for example
<?php
// define variables and set to empty values
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$website = test_input($_POST["website"]);
$comment = test_input($_POST["comment"]);
$gender = test_input($_POST["gender"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
you need to create a function like test_input and run for all your input fields
Here's what I have, below, trying to use bits from similar answers here, plus items from the parsley site.. Nothing happens..User is not alerted that at least 1 box must be checked. Do I have this all wrong? Thank you in advance for any clues!
<form action="success.html" id="contact-form" data-parsley-validate>
<label for="language">Please Choose your Language:<br>
<input type="checkbox" class="checkbox" name="language" value="english" parsley-group="language" parsley-mincheck="1">English<br>
<input type="checkbox" class="checkbox" name="language" value="spanish" parsley-group="language" >Spanish<br>
<input type="checkbox" class="checkbox" name="language" value="french" parsley-group="language" >French
</label>
You have some problems with your code:
parsley-group doesn't exist. There is a data-parsley-group and is applicable if you want to validate a portion of your form.
parsley-mincheck="1" doesn't exist. There is a data-parsley-mincheck="1".
Assuming that you require at least one language, but can accept more, this code should do the trick:
<form action="success.html" id="contact-form" data-parsley-validate>
<label for="language">Please Choose your Language:<br>
<input type="checkbox" class="checkbox" name="language[]"
value="english" required>English<br>
<input type="checkbox" class="checkbox" name="language[]"
value="spanish" required>Spanish<br>
<input type="checkbox" class="checkbox" name="language[]"
value="french" required >French</label>
<button type="submit" id="submit-button">Submit form</button>
</form>
$(document).ready(function() {
// bind parsley to the form
$("#contact-form").parsley();
// on form submit, validate form and, if valid, show valid in the console
$("#contact-form").submit(function() {
$(this).parsley("validate");
if ($(this).parsley("isValid")) {
console.log('valid');
}
event.preventDefault();
});
});
If you want the user to select one and only one option, I advice you to use radio buttons.
The HTML for my checkbox list is like this:
<dt id="list-label">
<label for="list" class="optional">
Choose which feeds to include in the mix
</label>
</dt>
<dd id="list-element">
<label for="list-1">
<input type="checkbox" name="list[]" id="list-1" value="1">Marko Polo
</label>
<br />
<label for="list-2">
<input type="checkbox" name="list[]" id="list-2" value="2">Jeano Polo
</label>
</dd>
I'm trying to pre-populate them with selected=selected for those with values of 1 from the database. I thought the following would work:
$form->setDefaults(array('list-1'=>1,'list-2'=>1));
But it doesn't. Is there a way to do this?
EDIT
Here is my form class code:
$model = new Admin_Model_Db();
$model->setTableName('graduates');
$gradA = $model->getAllGraduates();
foreach ($gradA as $grad){
if (!empty($grad['twitter'])){
$twitter[$grad['id']] = $grad['firstname'] . ' ' . $grad['lastname'];
}
}
$list = $this->CreateElement('multicheckbox', 'list')
->setLabel('Choose which feeds to include in the mix')
->setRequired(false)
->setMultiOptions($twitter);
Try this:
$all_record = array('k1'=>'v1', 'k2'=>'v2');
$checked_values = aray('k1');
$checkbox = new Zend_Form_Element_MultiCheckbox('id',
array('multiOptions' => $all_records)
);
$checkbox->setValue($checked_values);
// ...
$this->addElement($checkbox);
$this is Zend_Form of course :)
Your form element name is list[], this means that when your boxes are checked and you get their values this way :
$list = $form->getElement('list')->getValue();
$list's value will be array(1,2)
So logically this should work :
$form->setDefaults(array('list'=>array(1,2));
//if not, try with strings instead of integers array('1','2')
i want to use zend_form to validate and filter the POST data,and some form fields are disabled element,
but when i use $form->isValid($post) filtering the data and use $form->getValues() to get the filtered data, it returns all the elements value (including the disabled elements value which i don't want).
such as :
<form method="post" action="">
<input type="text" disabled="disabled" name="account_id" value="123456">
<input type="text" name="name" value="">
<input type="text" name="email" value="">
<input type="text" disabled="disabled" name="created_date" value="2011-06-12">
<input type="text" disabled="disabled" name="created_by" value="admin">
<input type="submit">
</form>
so is there any way to get rid of the disables elements value ?
(because there are many fields and disabled elements ,so i don't want to trim them manually)
thanks!
This is some sort of a hack. We get all elements and iterate through it. When we see an element is disabled we can skip.
$somearray = array();
$elements = $form->getElements();
foreach ($elements as $key => $element) {
//echo $key;
if( $element->disabled ) {
continue;
}
$somearray[$key] = $element->getValue();
}
Hope this helps, or you can hack on it ;) .
It looks like this is not a bug, but an accepted workflow for validating forms. see this: http://framework.zend.com/issues/browse/ZF-6909
it looks like the accepted solution/trick is to use
$form->isValidPartial($this->getRequest()->getPost())
instead of
$form->isValid($this->getRequest()->getPost())
isValidPartial only tests the form fields that are present in the post. disabled elements should not end up posted.
Been trying to find a solution for this for a while with not much luck...
Need to render a form with an array of checkboxes each having an associated textbox.
given an array of array('Dave'=>23,'Pete'=>12,'Si'=>43);
the resulting mark-up should yield:
<div>
<label><input type="checkbox" name="user_id[]" id="user_id-1" value="23" />Dave</label>
<label for="job-1">Job:</label><input type="text" name="job[]" id="job-1" />
</div>
<div>
<label><input type="checkbox" name="user_id[]" id="user_id-2" value="12" />Pete</label>
<label for="job-2">Job:</label><input type="text" name="job[]" id="job-2" />
</div>
<div>
<label><input type="checkbox" name="user_id[]" id="user_id-3" value="43" />Si</label>
<label for="job-3">Job:</label><input type="text" name="job[]" id="job-3" />
</div>
Complete zend noob so any help appreciuated (including decorators etc.)
Thanks peeps
Can't be done without custom elements. I'd suggest watching http://www.zendcasts.com/writing-composite-zend_form-elements/2010/03/
just create a custom decorator, extends from Zend_Form_Decorator_Abstract and define the function render, which returns the html that you define inside, for example you can do:
$html = ''; // some code html
$i = 0;
foreach ($element->getMultiOptions() as $value => $label){
$html .= '<label><input type="checkbox" name="'.$element->getName().'[]" id="'$element->getName()'-'.$i.'" value="'.$value.'" />'.$label.'</label>';
$i++;
}
return $html;