I run a PHP script that sends mails. In header there is an information about script's path. Is there a way to hide it? Is there a way to hide or change the name of a domain from that I send a mail?
Try overwriting it to null by adding it as a header:
$headers = 'X-PHP-Script: ';
mail($to, $subject, $message, $headers);
Alternative, you could edit the contents of the header as explained by this tutorial.
Please contact your hoster about the options you have here. It's a security related setting and it's not always intended that you can disable/change it.
Try this - it work
// prevent user/script details being exposed in X-PHP-Script header
$oldphpself = $_SERVER['PHP_SELF'];
$oldremoteaddr = $_SERVER['REMOTE_ADDR'];
$_SERVER['PHP_SELF'] = "/";
$_SERVER['REMOTE_ADDR'] = $_SERVER['SERVER_ADDR'];
// send the email
mail($to, $subject, $message[, $additional_headers[, $additional_parameters]])
// restore obfuscated server variables
$_SERVER['PHP_SELF'] = $oldphpself;
$_SERVER['REMOTE_ADDR'] = $oldremoteaddr;
The hosting company knows why they want these headers - to spare themselves from spammers.
They usually do not want allow you to change it.
Related
Does any of you know how to do (implement) something like this:
sample.feature
...
scenario: unauthorized user cannot delete event
Given list of events
When event is deleted
Then nothing happen
...
sample_steps.rb
...
When /^event is deleted$/ do
delete (_path_to_controller_ + "/%d" % #events.first().id)
...
Of course in this step I want to send a request according to the result of rake routes, which is something like this (I've moved resources under admin path):
rake routes
...
DELETE /admin/controller_name/:id(.:format) controller_name#destroy
...
I have been experimenting and searching internet for so long and yet I don't know how to do it :(
I've used Rack::Test in the past to send DELETE requests to an API:
When /^event is deleted$/ do
header 'Accept', 'application/json'
header 'Content-Type', 'application/json'
authorize "username", "password"
url = _path_to_controller_ + "/%d" % #events.first().id)
delete url
end
Having said that, I'm not sure I'd recommend it in your case. Is the event going to be deleted from some action in the interface such as clicking a button? If so, you should use capybara to log in and click the button. This gives you the benefit of full integration coverage and you don't have to deal with Rack::Test (not that it's a bad tool, but it's another tool).
Uff I've solved the problem.
Great Thanks to Beerlington
So in this post I will sum up my time with the problem and its solution.
Related topics and documentation
StackOverflow: HTTP basic auth for Capybara
Devise: How To: Use HTTP Basic Authentication
Background
I'm using devise gem for authentication. My goal was to check if possible is manual hacking to resource management features like delete.
Problem
Above ;D
Solution
When /^event is deleted$/ do
header 'Accept', 'application/json'
header 'Content-Type', 'application/json'
authorize "username", "password"
url = _path_to_controller_ + "/%d" % #events.first().id)
delete url
end
is not working with default devise configuration. Because it uses HTTP authentication which is disabled by default.
config/initializers/devise.rb
# Tell if authentication through HTTP Basic Auth is enabled. False by default.
# It can be set to an array that will enable http authentication only for the
# given strategies, for example, `config.http_authenticatable = [:token]` will
# enable it only for token authentication.
# config.http_authenticatable = false
So if we want to make above test working, we need to change last line to:
config.http_authenticatable = true
But the question is do we really wanna do it ?
And as a last note: header calls are optional. Records are deleted with or without them.
with them delete return with status code : 204 No Content
and without them delete return with status code : 302 Found
I set up speedy_c2dm to send "push" messages to android devices.
The gem was working fine, but now I get this NoMethodError message when I call
SpeedyC2DM::API.send_notification(options)
the options parameter is good, I have verified this.
From the ruby-doc I got the following code from the gem:
def get_auth_token(email, password)
data = "accountType=HOSTED_OR_GOOGLE&Email=#{email}&Passwd=#{password}&service=ac2dm"
headers = { "Content-type" => "application/x-www-form-urlencoded",
"Content-length" => "#{data.length}"}
uri = URI.parse(AUTH_URL)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
response, body = http.post(uri.path, data, headers)
return body.split("\n")[2].gsub("Auth=", "")
end
You can see that the last line uses gsub, so I believe the problem is in the authentication method.
I have changed the password of the account since I created this, I updated the file with the password, initializers/speedy_c2dm.rb:
C2DM_API_EMAIL = "myemail#gmail.com"
C2DM_API_PASSWORD = "mynewpassword"
SpeedyC2DM::API.set_account(C2DM_API_EMAIL, C2DM_API_PASSWORD)
Can this be causing the error? That I changed the password even though I updated this file?
(Google doesn't let me to go back to the old password, I have to create a new one different from the old ones if I change it again)
Its the only thing I can think of since I didn't modify the gem's code.
How can I fix it? C2DM is deprecated now, but its supposed to keep working for old users. I don't want to migrate to GCM if I don't need to, everything is set up to work with C2DM
Any other ideas to fix it are welcome.
The problem was fixed after I removed the "two step verification" for logging in to my email.
This change can be made in the account configuration of gmail.
I want to remove a Storeitem in ExtJS4.1 using store.remove(item), but i don't want to send a delete request to the server.
In the stores proxy api i have only the read-Url defined:
api: {
read: '/daten/zhalter'
}
Now when i remove the item a javascript error is thrown. I found out that it comes because i don't have destroy-url defined, when i define one everything is fine.
My Question is: How can i delete an item without sending a delete request?
I've found an answer by myself. I turned autosync off for that command:
quellStore.autoSync = false;
quellStore.remove(item);
quellStore.autoSync = true;
You should add destroy property:
api: {destory: 'url/delete'}
Then use:
store.sync();
My application is generating some absolute links via $this->get('request')->getHost().
Problem is: when I try to run testcases, I get following error message:
[exception] 500 | Internal Server Error | Twig_Error_Runtime
[message] An exception has been thrown during the rendering of a template ("Undefined index: HTTP_HOST") in "::base.html.twig" at line 69.
Somehow it's clear to me that there is no host when calling my app via CLI, but I think there must be a way to prevent Symfony2 from throwing that error.
Anyone knows how to get rid of it?
You could create the request like this:
$request = Request::create('http://example.com/path');
That will make the HTTP host be set.
Maybe what you could do is to inject the host you need directly in the request headers before calling the getter. The host is retrieved by looking at various parameter values. First, the headers parameter X_FORWARDED_HOST is checked to see if it is set. If it is set, it is returned otherwise the method getHost checks if the headers parameter HOST is set then the if the server parameter SERVER_NAME is set and finally if the server parameter SERVER_ADDR is set.
What you could try is to set the header parameter HOST like this before calling the getHost method:
$request = $this->get('request');
$request->headers->set('HOST', 'yourhosthere');
$request->getHost(); // Should return yourhosthere
That being said, I'm not sure this will solve the problem because the error you mentioning tells us that the template tries to retrieve the value of the index HTTP_HOST but it is not defined. Looking at the methods $request->getHost and $request->getHttpHost, I don't see anything trying to retrieve a value having HTTP_HOST as the index but I could have missed it. Could you post the file ::base.html.twig to see if the problem could be lying there.
Regards,
Matt
Thanks guys- your answers lead me into the right direction.
This is no Symfony2 issue, as i figured out:
It's just the facebook API PHP wrapper which directly accesses the SERVER parameters. This code solved my issue:
$facebook = $this->container->get('facebook');
$returnUrl = 'http://'.$request->getHost();
$returnUrl .= $this->container->get('router')->generate('_validate_facebook');
$_SERVER['HTTP_HOST'] = $request->getHost();
$_SERVER['REQUEST_URI'] = $request->getRequestUri();
$loginUrl = $facebook->getLoginUrl(array(
'req_perms' => 'publish_stream',
'next' => $returnUrl,
));
return $loginUrl;
now my app runs from web and CLI again
I'm working on a homework assignment in Perl CGI using the CGI.pm module. In my code I am checking for a cookie. If the cookie exists, I want to initiate another CGI script. In other situations I was able to use similar code, but in this instance I merely get the following browser output, not the redirect that I was looking for.
Refresh: 1; URL=homepage.pl.cgi
Content-Type: text/html; charset=ISO-8859-1
Here's my code:
#get the cookie
my %SIDhash = cookie('SIDhash');
if ( exists $SIDhash{"SID"} ) {
print header(-refresh=>'0; homepage.pl.cgi');
}
What fundamentals am I not understanding here?
Thanks,
CB
This should do the trick:
print header(
-refresh => '0; url=homepage.pl.cgi',
-cookie => $cookie,
);
If you are assembling the header in pieces, in various places in your code, save the header components in a variable first, e.g.:
my %headers;
# later...
$headers{-cookie} = $cookie;
# later still:
if (exists $SIDhash{SID})
{
# we want to redirect, so print all headers and we're done.
print header(%headers, -refresh => '0; url=homepage.pl.cgi');
exit;
}
# if we're still here, nothing is printed yet.. continue preparing data and print when ready.
# ...
I'm not sure why your refresh doesn't work, but it sounds like it would be more appropriate to use:
HTTP/1.1 302 Found
Location: http://www.example.org/
Just a thought.
Try changing the line to
print header(-refresh=>'0; url=homepage.pl.cgi');
From what I can tell, this should be correct now.
This page on Wikipedia offers information on Refresh and other methods of redirection.