I have this code on a page
<td>
<form method="DatabasePost" action=".../admin/users/1" accept-charset="UTF-8">
<input name="_method" type="hidden" value="DELETE">
<input name="_token" type="hidden" value="EMyKLKBmQjBUz63XqSRRqH06Mw0PwzikT5EkJZyc">
<input type="submit" value="Delete">
</form>
</td>
Generated by Blade in v.4.2. Laravel; yet in browser's Network developer tools I still recieve a GET request. What am I doing wrong? Do I have to enable these requests (delete/put) in Apache or something? I have this
<Directory />
AllowOverride All
<Limit GET HEAD POST PUT DELETE OPTIONS>
Order Allow,Deny
Allow from all
</Limit>
in apache's httpd.conf and this
<Limit GET POST PUT DELETE>
Allow from all
</Limit>
in .htaccess file but nothing seems to work..
On DELETE request #destroy method should be called in Laravel's controller but #show (GET request route) is called instead.
EDIT:
routes.php
Route::resource('admin/users', 'App\Controllers\Admin\UserController');
console command php artisan routes does in fact show all routes
Your form should be as follows (assume it is blade file):
<form method="post" action="{{url('admin/users/1')}}">
<input name="_method" type="hidden" value="DELETE">
<input name="_token" type="hidden" value="{{csrf_token()}}">
<input type="submit" value="Delete">
</form>
Related
As mentioned in this question's title, when using the boto3.client('s3').generate_presigned_post to generate an upload URL as per here and injecting the response of the function into the following form:
<form class="s3-upload" action="URL_VALUE" method="post" enctype="multipart/form-data">
<input type="hidden" name="key" value="VALUE"/>
<input type="hidden" name="AWSAccessKeyId" value="VALUE"/>
<input type="hidden" name="policy" value="VALUE"/>
<input type="hidden" name="signature" value="VALUE"/>
<input type="hidden" name="success_action_redirect" value="VALUE"/>
<input type="file" name="file" class="upload-input">
<p class="drag-text">Drag your file here or click in this area.</p>
<button id="uploadS3" type="submit" title="">Upload</button>
</form>
I receive the following error from AWS: The AWS Access Key Id you provided does not exist in our records.
The application runs inside a docker on AWS Fargate and has an AWS role attached to it. This must probably have something to do with the solution because the whole functionality works fine on my local machine. Furthermore, all other AWS related operations with S3 (also with SQS) work fine with that AWS Fargate/AWS role setting. I'm looking forward to any suggestions about what to do.
Here is the HTML code
<form method="POST" action="https://testnet.demo.example.org/api/v1/invoices">
<input type="hidden" name="storeId" value="LLKZz9dtP7DYvEUDq73K59EKvjMWox7nvnUhfCGMKsux" />
<input type="hidden" name="price" value="10" />
<input type="hidden" name="currency" value="USD" />
<input type="image" class="submit" name="submit">
</form>
When I click the "submit" button, it redirects me to a random url like this,
https://testnet.demo.example.org/invoice?id=KuVFG7YFmfArccjkmBPhyg
How can I send this POST request using command line using cURL and get that random invoice url?
Here is the command:
curl --verbose --request "POST" "https://testnet.demo.example.org/api/v1/invoices?storeId=LLKZz9dtP7DYvEUDq73K59EKvjMWox7nvnUhfCGMKsux&price=10¤cy=USD"
You can always use tools like this curl-builder, but I highly suggest to use tools like Postman to make api calls.
Well i have this search engine into my site
<form action="/apps/search/" name="g_search" id="cse-search-box" method="post">
<input type="hidden" name="cof" value="FORID:11;NB:1" />
<input type="hidden" name="ie" value="utf-8" />
<input type="text" autocomplete="off" name="google_seach" class="search-text" onfocus="searchtext('focus')" onblur="searchtext('blur')" />
<label style="color:#796b6b;float:left;padding:0;">|</label>
<input type="submit" style="float:right;margin-top:3px;cursor:pointer;width:16px;height:16px;background:url(/template/img/main/search-icon.jpg);border:none;" value="" alt="Αναζήτηση" title="Αναζήτηση" />
</form>
Now i want some code to results page.Somehow the post request readed from a file called search.php
This file have access to $_POST[] array..
The file initializes $selector variable (for template use).
What we want to echo into contentarea div must put into $body variable..
Any help?
<?php
$selector="search";
$body="<div id=\"cse-search-form\" style=\"width: 100%;\">Loading</div>";
?>
I have a similar issue, just use GCS code provide by Google as it easy, make sure in the option in GSE you select to visualize the search result on your page and not an Iframe
HI im trying to integrate zoho into my website and open a document in browser
Im using Wamp server.
This the code im trying to work with:
<html>
<head>
</head>
<body>
<form method="POST" action="http(s)://export.writer.zoho.com/remotedoc.im" target="_self"
accept-charset="UTF-8">
<input type="hidden" name="url" value="http://localhost/paper.doc">
<input type="hidden" name="apikey" value="here goes api key">
<input type="hidden" name="output" value="url">
<input type="hidden" name="mode" value="normaledit">
<input type="hidden" name="filename" value="paper.doc">
<input type="hidden" name="lang" value="en">
<input type="hidden" name="skey" value="here goes secret value">
<input type="hidden" name="id" value="12345678">
<input type="hidden" name="format" value="doc">
<input type="hidden" name="saveurl" value="http://localhost/save.php">
<input type="submit" name="submit" value="Open/Edit">
</form>
</body>
</html>
I dont know i get this error:
Forbidden
You don't have permission to access /http(s)://export.writer.zoho.com/remotedoc.im on this server.
I have entered the api key correctly and the secret key
Im just confused and stuck here.Im blocked
Here is the documentation : http://apihelp.wiki.zoho.com/Open-Document.html
You have taken the (s) out of the url right? I know it might seem like a silly question but I thought I should check in case you had overlooked it. The url resolves for me and gives an 'api key is invalid' warning.
The error given would seem to indicate the browser thinks its a relative instead of absolute url.
I dont know much more about ZOHO but i also want to implement this in my project in future. As i read in https://apihelp.wiki.zoho.com/Open-Document.html#mfs it says that saveurl must be publicly accessible and if it not accessible publicly it gives an error and localhost is not publicly accessible so it gives an error.
im trying out paypals html api where you specify price, item_name, customer information and so on in the html:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" id="payPalForm">
<input type="hidden" name="cmd" value="_cart" />
<input type="hidden" name="upload" value="1" />
<input type="hidden" name="no_note" value="1" />
<input type="hidden" name="business" value="your#paypalaccount.com" />
<input type="hidden" name="currency_code" value="SEK" />
<input type="hidden" name="return" value="http://freelanceswitch.com/payment-complete/" />
<input type="hidden" name="tax_rate" value="25" />
<input type="hidden" name="item_name_1" value="Apple Macpro" />
<input type="hidden" name="item_number_1" value="01 - Product 1" />
<input type="hidden" name="amount_1" value="25000" />
<input type="hidden" name="item_name_2" value="Apple Macbook" />
<input type="hidden" name="item_number_2" value="02 - Product 2" />
<input type="hidden" name="amount_2" value="12500" />
<input type="hidden" name="item_name_3" value="Apple Macbook Air" />
<input type="hidden" name="item_number_3" value="03 - Product 3" />
<input type="hidden" name="amount_3" value="12500" />
<input type="submit" name="Submit" value="Submit" />
</form>
when the user clicks submit it takes him/her to paypals payment page.
but doesn't this mean that a hacker could change the order by manipulating the html code?
i can´t figure out how paypal prevents this security problem.
Of course, it does appear as if someone could just change the HTML and re-submit the form.
I'm not sure about PayPal, but Google Checkout handles this by instead of setting HTML, it gets you to create XML, encrypt it using your merchant key, and use the encrypted string in your HTML to pass across to Google. Google then decrypts it using your merchant key and voila - tamper-free.
Have a look in PayPal's documentation for something along the lines of "cart signing" or "request encryption." They may also do a callback to your server, telling you what was sent and you can compare it to your database to see if the prices are still correct.
If this is anything like other html integrations, there should be a callback directly from Paypal to your server with all the fields that were entered. You can compare these to see if any have changed. There are usually various security mechanisms such as a shared hidden key so that you can validate that the callback is genuine.
It doesn't seem like it is safe by itself. On Paypal's Securing Your Website Payments Standard Buttons page, they talk about being able to create protected payment buttons. However further on they indicate that it doesn't work if Javascript is disabled which makes the protection useless! Then they talk about other manual processes that can be performed including reconciliation and instant notifications which should occur in any sound accounting process anyway.
Encrypted website payments really seems like the only secure option to me.