I'm searching the answer but without any luck. Perhaps I asked wrong question. I have a form in my cms page in PS 1.6. Code below:
<form method="post" action=""><input name="text1" type="text" /><br /> <input value="Check" onclick="getStatus()" type="button" /></form>
In \override\controllers\front\CmsController.php I have getStatus function. Which return "Hello world". Like You see "action" in form is empty. How to create link to this controller which is overrider ?
Kind regards
you can do like this.
In tpl
<form method="post" action="">
<input name="text1" type="text" /><br />
<input type="hidden" name="action" value="getStatus">
<input value="Check" type="submit" />
</form>
In Override controller
class CmsController extends CmsControllerCore
{
public function initContent(){
parent::initContent();
if(Tools::getValue('action') && Tools::getValue('action')=='getStatus'){
// Do your work What you want
echo "Hello world";
}
}
}
You can put: _PS_URI_?controller=cms&id_cms=1
Also can check dispatcher core and add your own rule or create a little module.
If is an override Controller u delete the file cache/class_index.php ?
Related
I have a button on a GET Form on asp.net core razor pages
<form method="get" asp-page="Index">
<button type="submit" asp-page="Index" asp-page-handler="Something" class="btn btn-primary"></button>
</form>
and the code behind
public IActionResult OnGetSomething(){
//... some code
return Page();
}
My problem is the onget handler code is never executed
If the form is POST the onpost handler will work fine but if it is GET it doesn’t work
So what am I missing here? and how to make the onget handler work?
When you submit a form using GET, the browser trashes query string values in the form action and replaces them with a new query string built from the form fields. You can hit your handler by adding an appropriate hidden field to the form:
<form method="get" asp-page="Index">
<input type="hidden" name="handler" value="Something" />
<button type="submit" class="btn btn-primary">Get</button>
</form>
you can't go to get method because of parameters miss matching.
Suppose:
In controller
[HttpGet]
public IActionResult Create()
{
return View();
}
//Post Method
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create(string Name)
{
}
In View:
<form asp-action="Create">
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
<div class="form-group">
<label asp-for="Name" class="control-label"></label>
<input asp-for="Name" class="form-control" />
<span asp-validation-for="Name" class="text-danger"></span>
</div>]
<div class="form-group">
<input type="submit" value="Create" class="btn btn-primary" />
</div>
</form>
Then it go post method cause it has 1 parameters (Name). if we not net any input or parameters are not same then it hit different method.
It the concept of method overloading
In details of method overloading https://www.geeksforgeeks.org/c-sharp-method-overloading/
Context
I've noticed that after creating a new ASP.NET Core Razor page application in VS 2019 from its out of the box template, even the purest html form with the purest model class renders output with <input name="__RequestVerificationToken" type="hidden" value="...">
Question
Am I missing something and there is somewhere an explicit attribute/statement which instructs ASP.NET Core to add anti forgery or now this is the default? (which makes using [AutoValidateAntiforgeryToken] obsolete)
...or...
It is just the <input name="__RequestVerificationToken" type="hidden" value="..."> which is rendered always unconditionally and with the [AutoValidateAntiforgeryToken]I can turn on the server side validation against it? This case how can I smoke test if validation is in effect or not?
Sample Code
#page
#model TestFormModel
#{
ViewData["Title"] = "Home page";
}
<div class="text-center">
<form method="post">
<input type="text" name="myinput"/>
<input type="submit" value="Submit" />
</form>
</div>
//[AutoValidateAntiforgeryToken]
public class TestFormModel : PageModel
{
private readonly ILogger<TestFormModel> _logger;
public TestFormModel(ILogger<TestFormModel> logger)
{
_logger = logger;
}
public void OnGet()
{
}
public void OnPost()
{
}
}
Previously in .NET Framework versions of ASP.NET you did have to opt-in to anti-forgery token usually with an attribute.
[ValidateAntiForgeryToken]
public ActionResult Save(Product product)
{
db.Product.Add(product);
Return View();
}
In ASPNET Core this automagically included in the Form Tag Helper. So any time your CSHTML includes a FORM element, the hidden field is included for you by the ASPNET Core runtime.
The basis for including this by default is the mantra of "Convention over configuration". By convention, 80+% of developers would opt to protect their application against CSRF attacks. If you wish to go against the convention, you can find the option to opt out in the conventions helper in the ConfigureServices portion of your Startup class.
public void ConfigureServices(IServiceCollection services)
{
services.AddRazorPages()
.AddRazorPagesOptions(options =>
{
options.Conventions
.ConfigureFilter(new IgnoreAntiforgeryTokenAttribute());
});
}
This blog post goes in further detail specific to Razor Pages, options and usage scenarios.
Update - Response to comment
If you read the a code, you may notice that there is no taghelper. –
g.pickardou
There is indeed a tag helper. In a new Razor Pages project template you can find the tag helpers are included in the _ViewImports.cshtml file here:
#addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
We can validate that your <form /> element, as written in the OP is invoking an ASP.NET tag helper as follows:
<form method="post">
<input type="text" name="myinput"/>
<input type="submit" value="Submit" />
</form>
If we inspect the page source on this, you will see the result
<form method="post">
<input type="text" name="myinput" />
<input type="submit" value="Submit" />
<input name="__RequestVerificationToken" type="hidden" value="{{token}}" />
</form>
Now, if we use the syntax to opt out of individual tag helpers
<!form method="post">
<input type="text" name="myinput" />
<input type="submit" value="Submit" />
</!form>
And again inspect the page source we can clearly see we have explicitly opted out of this tag helper.
<form method="post">
<input type="text" name="myinput" />
<input type="submit" value="Submit" />
</form>
For .Net 3.1 the form helper does add the validation token to forms when you use it like <form asp-action="...
With asp.net core 3.1 with a form that does not use asp-action and or asp-controller
like:
<form asp-action="Index" asp-controller="Home" method="post">
and uses this:
<form action="Index" method="post">
To include this: (in the form {before the closing form: })
<input name="__RequestVerificationToken" type="hidden" value="..." />
I just add this to the form:
asp-antiforgery="true"
like:
<form action="Index" method="post" asp-antiforgery="true">
Always works for me
This does not work for me:
<input name="__RequestVerificationToken" type="hidden" value="{{token}}" />
I just get that exact thing which doesn't have the token.
Of course you then need the decorator before your method like:
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Update(...
Hope that helps someone searching for how to include the RequestVerificationToken or ValidateAntiForgeryToken
For the later Core versions (6,7 and maybe earlier), here's what the documentation states regarding when/if a token will be generated automatically:
The automatic generation of antiforgery tokens for HTML form elements happens when the <form> tag contains the method="post" attribute and either of the following are true:
The action attribute is empty (action="").
The action attribute isn't supplied (<form method="post">).
That mean that if to set a form's action attribute to a custom value, the "Antiforgery" element won't be injected automatically.
Here are a few ways one can do in those cases to have one injected:
Add the tag helper asp-antiforgery="true" to the form element
Add #Html.AntiForgeryToken() within the form element
Add #inject Microsoft.AspNetCore.Antiforgery.IAntiforgery Xsrf to the view and
<input id="__RequestVerificationToken" type="hidden" value="#Xsrf.GetAndStoreTokens(Context).RequestToken" /> within the form element
Use the submit element's formaction attribute instead of the form's.
SiteFinity noob here.
I've edited the widget via File Manager: Resource Packages>Bootstrap>MVC>Views>Captcha.
the file there is "Write.default.cshtml". I changed the following line-
<img data-sf-role="captcha-image" src='#Url.WidgetContent("assets/dist/img/dummy.jpg")'/>
to
<img data-sf-role="captcha-image" alt="captcha Image src='#Url.WidgetContent("assets/dist/img/dummy.jpg")'/>
However, although saved, this doesn't show up in the widget code when I put it on my form. I used File Manager, as I dont have a connection via .net editor.
Am I in the wrong place? Do I need to somehow restart the application?
Here is complete code:
#model Telerik.Sitefinity.Frontend.Forms.Mvc.Models.Fields.Captcha.CaptchaViewModel
#using Telerik.Sitefinity.Frontend.Mvc.Helpers;
#using Telerik.Sitefinity.Modules.Pages;
#using Telerik.Sitefinity.Services;
#Html.Script(ScriptRef.JQuery, "top", false)
<div data-sf-role="field-captcha-container" style="display:none;" class="#Model.CssClass form-group">
<div>
**<img data-sf-role="captcha-image" src='#Url.WidgetContent("assets/dist/img/dummy.jpg")'/>**
</div>
<a data-sf-role="captcha-refresh-button">#Html.Resource("NewCode")</a>
<div class="form-inline">
<div class="form-group">
<input data-sf-role="violation-messages" type="hidden" value='{"required": "#Model.ValidatorDefinition.RequiredViolationMessage"}' />
<label for='#Html.UniqueId("Textbox")'>#Html.Resource("TypeCodeAbove") </label>
<input id='#Html.UniqueId("Textbox")' type="text" data-sf-role="captcha-input" name="#Model.CaptchaAnswerFormKey" required="required" class="form-control input-sm"/>
</div>
</div>
<input type="hidden" data-sf-role="captcha-ca" name="#Model.CaptchaCorrectAnswerFormKey" />
<input type="hidden" data-sf-role="captcha-iv" name="#Model.CaptchaInitializationVectorFormKey" />
<input type="hidden" data-sf-role="captcha-k" name="#Model.CaptchaKeyFormKey" />
<input type="hidden" data-sf-role="captcha-settings" value="#Model.GenerateUrl"
</div>
#if (SystemManager.IsDesignMode)
{
var scriptUrl = Url.WidgetContent("Mvc/Scripts/Captcha/captcha.js");
var queryAddition = scriptUrl.Contains("?") ? "&" : "?";
var fullScriptUrl = scriptUrl + queryAddition + string.Format("_={0}", DateTime.UtcNow.Ticks.ToString());
<script type="text/javascript" src='#fullScriptUrl'></script>
}
else
{
#Html.Script(Url.WidgetContent("Mvc/Scripts/Captcha/captcha.js"), "bottom", false)
}
You'll need to make sure you are using the Bootstrap package. Go to Design > Page Template and see which resource package your page templates are using. Often times it's not the Bootstrap, but a copy of it.
A restart may help as well.
I have a form that will processing input.how to make it run continuos after i just click submit once?
I want to know the method.
say i have the code :
<form name="form1" action="" method="post">
<input type="text" name="tfcari" />
<input type="submit" name="btcari" />
</form>
<?php
if (isset($_POST['btcari'])) {
get(..);
?>
Thanks.
Well i have this search engine into my site
<form action="/apps/search/" name="g_search" id="cse-search-box" method="post">
<input type="hidden" name="cof" value="FORID:11;NB:1" />
<input type="hidden" name="ie" value="utf-8" />
<input type="text" autocomplete="off" name="google_seach" class="search-text" onfocus="searchtext('focus')" onblur="searchtext('blur')" />
<label style="color:#796b6b;float:left;padding:0;">|</label>
<input type="submit" style="float:right;margin-top:3px;cursor:pointer;width:16px;height:16px;background:url(/template/img/main/search-icon.jpg);border:none;" value="" alt="Αναζήτηση" title="Αναζήτηση" />
</form>
Now i want some code to results page.Somehow the post request readed from a file called search.php
This file have access to $_POST[] array..
The file initializes $selector variable (for template use).
What we want to echo into contentarea div must put into $body variable..
Any help?
<?php
$selector="search";
$body="<div id=\"cse-search-form\" style=\"width: 100%;\">Loading</div>";
?>
I have a similar issue, just use GCS code provide by Google as it easy, make sure in the option in GSE you select to visualize the search result on your page and not an Iframe