久久久久久久av_日韩在线中文_看一级毛片视频_日本精品二区_成人深夜福利视频_武道仙尊动漫在线观看

請(qǐng)求已被黑洞 - CakePHP

2023-03-20 php問題 html5模板網(wǎng)

The request has been black-holed - CakePHP(請(qǐng)求已被黑洞 - CakePHP)

本文介紹了請(qǐng)求已被黑洞 - CakePHP的處理方法，對(duì)大家解決問題具有一定的參考價(jià)值，需要的朋友們下面隨著小編來一起學(xué)習(xí)吧！

問題描述

我正在使用 CakePHP 的 SecurityComponent.而且它非常重要，因?yàn)樗梢詮?CSRF 攻擊中保存表單.我的項(xiàng)目共有 10-12 個(gè)表單，這是我的第一個(gè) CakePHP 項(xiàng)目.啟用 SecurityComponent 后，我遇到了一些麻煩，但經(jīng)過幾分鐘的小心后可以擺脫.這是我的項(xiàng)目的最后一個(gè)形式，似乎一切對(duì)我來說都是正確的，但表單仍然被黑洞:(.有人能告訴我問題嗎?我不想禁用 CSRF 檢查或 SecurityComponent.這是我的視圖代碼:

Form->create('Record');?><script type="text/javascript">var me = new MetroExam();<div class="exam_paper"><div class="question_box" id="q_b"><div class="q_n_a_header"><div class="指令"><b>說明:</b><br><?=$inst['value_text'];?>

<div id="timer">請(qǐng)稍候</div>

<div id="q_paper"><img id="q" style="display: none;"src="/oes/<?=$exam['path'].'?ts='.time(); ?>"><img id="loading_img" src="/oes/img/loading.gif">

<div class="ans_box" id="a_b"><?php$i = 0;//這些字段對(duì)于評(píng)估 ans 論文至關(guān)重要echo $this->Form->hidden('submit', array('value' => 'true'));echo $this->Form->hidden('start_time', array('value' => ''));echo $this->Form->hidden('end_time', array('value' => ''));echo $this->Form->hidden('duration', array('value' => ''));echo $this->Form->hidden('valid', array('value' => ''));echo $this->Form->hidden('passed', array('value' => ''));//所有收音機(jī)的選項(xiàng)$options = 數(shù)組('1' =>'一個(gè)'，'2' =>'乙','3' =>'C'，'4' =>'D');if($exam['choices'] == 5){$options['5'] = '無';}$questions = (int)$exam['questions'];//40 <= $exam['questions'] <= 100$i = 1;而($問題--){echo '<div class="'.(($i%2)==1?'each_answer_even':'each_answer_odd').'" id="ans-'.$i.'">';echo '<div class="q_number">'.($i <= 9 ? '0'.$i : $i).'</div>';$name = 'ans'.str_pad($i, 3, '0', STR_PAD_LEFT);$attributes = array('empty' => false, 'legend' => false, 'onclick' => 'me.answer_click('.$i.')');echo '<div class="mcq">'.$this->Form->radio($name, $options, $attributes).'</div>';回聲'</div>';$i++;}echo $this->Form->end('Submit');?>

這基本上是一個(gè) MCQ 考試表格.每個(gè)組有 4 或 5 個(gè)單選按鈕，表單中總共有 40 到 100 個(gè)組.我正在使用 CakePHP 2.4.提前致謝.

解決方案

根據(jù)評(píng)論，出現(xiàn)問題是因?yàn)槟诟谋韱蔚碾[藏值.SecurityComponent 的工作方式是鎖定"字段的名稱，因此一旦發(fā)送表單，作惡者就無法添加新字段或更改值.但是它對(duì)隱藏值更加嚴(yán)格，因?yàn)樗i定了字段名稱和值.因此，通過使用 jQuery 更改它，您就是在黑洞化您自己的表單.

有一個(gè)不錯(cuò)的小帖子，我學(xué)到了這一點(diǎn)，請(qǐng)參考看看它.那里的作者還解釋了繞過這個(gè)問題的兩種方法.一種是禁用隱藏字段的安全性，因此為令牌計(jì)算的哈希不包括那些值......這不是真正安全...... 另一種解決方案是修改 FormHelper，并告訴它鎖定"隱藏字段 names 而不是值.我不記得作者在示例中使用了什么版本的 Cake，但是那里給出的代碼實(shí)際上應(yīng)該是相同的.因此，使用該解決方案，您可以使用選項(xiàng)數(shù)組告訴表單不要對(duì)您如此嚴(yán)格.

哦，那里給出的另一個(gè)選項(xiàng)(這是我通常使用的)(我現(xiàn)在剛在那里讀過......我想我自己認(rèn)為......哦)，就是使用普通輸入為您想要隱藏的文本字段添加一個(gè) css 樣式，如 display:none.

你認(rèn)為什么是最好的取決于你.我喜歡 css 選項(xiàng)，因?yàn)樗唵危覍?shí)際上，如果有人要弄亂我的 css evily(使用 firebug 或類似的東西)，他們也可以使用隱藏字段的值來做，它不需要再努力.無論如何，在處理該表單提交時(shí)，您應(yīng)該采取所有額外的步驟和驗(yàn)證.但就像我說的，由您決定，您認(rèn)為哪種方式最適合您的情況.

I'm using CakePHP's SecurityComponent. And it's very essential as it saves forms from CSRF attacks. My project has total 10-12 forms and this is my first CakePHP project. After enabling SecurityComponent I was in a bit trouble but could get rid off after some careful minutes. This is the last form of my project and seems everything is correct to me but still the form is being black holed :(. Can anybody please tell me the problem? I don't want to disable CSRF checking or SecurityComponent. Here is my view code:

<?php
echo $this->Form->create('Record');
?>
<script type="text/javascript"> var me = new MetroExam(); </script>
<div class="exam_paper">
    <div class="question_box" id="q_b">
        <div class="q_n_a_header">
            <div class="instructions">
                <b>Instructions:</b><br>
                <?=$inst['value_text']; ?>
            </div>
            <div id="timer">Please wait</div>
        </div>
        <div id="q_paper">
           <img id="q" style="display: none;" src="/oes/<?=$exam['path'].'?ts='.time(); ?>">

            <img id="loading_img" src="/oes/img/loading.gif">
        </div>
    </div>
    <div class="ans_box" id="a_b">
        <!-- information about answer paper. !important -->
        <?php
        $i = 0;

        //these fields are essential for evaluating ans paper
        echo $this->Form->hidden('submit', array('value' => 'true'));
        echo $this->Form->hidden('start_time', array('value' => ''));
        echo $this->Form->hidden('end_time', array('value' => ''));
        echo $this->Form->hidden('duration', array('value' => ''));
        echo $this->Form->hidden('valid', array('value' => ''));
        echo $this->Form->hidden('passed', array('value' => ''));

        //options for all radio
        $options     = array(
            '1' => 'A',
            '2' => 'B',
            '3' => 'C',
            '4' => 'D'
        );
        if($exam['choices'] == 5){
            $options['5'] = 'None';
        }

        $questions = (int)$exam['questions']; // 40 <= $exam['questions'] <= 100
        $i = 1;
        while($questions--){
            echo '<div class="'.(($i%2)==1?'each_answer_even':'each_answer_odd').'" id="ans-'.$i.'">';
            echo '<div class="q_number">'.($i <= 9 ? '0'.$i : $i).'</div>';
            $name       = 'ans'.str_pad($i, 3, '0', STR_PAD_LEFT);
            $attributes = array('empty' => false, 'legend' => false, 'onclick' => 'me.answer_click('.$i.')');
            echo '<div class="mcq">'.$this->Form->radio($name, $options, $attributes).'</div>';
            echo '</div>';
            $i++;
        }
        echo $this->Form->end('Submit');
        ?>
    </div>
</div>

This is basically a MCQ exam form. Where each group has 4 or 5 radio buttons and total 40 to 100 groups in a form. I'm using CakePHP 2.4. Thanks in advance.

解決方案

As per the comments, the problem appears because you are changing the hidden values of the form. The way SecurityComponent works, is that it "locks" the name of the fields, so an evildoer can't add new fields or change the values once the form is sent. But it is even more strict with the hidden values, because it locks the field name and value. So by changing it with jQuery you're blackhole-ing your own form.



There's a nice little post where I learned this, take a look at it. The author there also explains two ways of bypassing this problem. One is to disable the security for hidden fields, so the hash calculated for the token doesn't include those values... which isn't really secure...

And another solution is to modify the FormHelper, and tell it to "lock" the hidden fields names but not the values. I don't remember what version of Cake the author uses for the example, but the code given there should be practicaly the same. So with that solution, you can tell the form to not be so strict with you with an option array.

Oh, and the other option given there (this is what I normally use) (I just read it now there... I thought I figure that on my own... oh well), is to just use normal input text fields for the ones you want hidden, and add a css style like display:none. 

It's up to you what you think is best. I like the css option because is simpler, and really, if someone is going to mess with my css evily (with firebug or something like that), they might just as well do it with the values of hidden fields, it doesn't require any more effort. You should take all the extra steps and verifications when handling that form submission anyway. But like I said, up to you which do you think is best for your situation.

                        這篇關(guān)于請(qǐng)求已被黑洞 - CakePHP的文章就介紹到這了，希望我們推薦的答案對(duì)大家有所幫助，也希望大家多多支持html5模板網(wǎng)！
                【網(wǎng)站聲明】本站部分內(nèi)容來源于互聯(lián)網(wǎng),旨在幫助大家更快的解決問題，如果有圖片或者內(nèi)容侵犯了您的權(quán)益，請(qǐng)聯(lián)系我們刪除處理，感謝您的支持！

久久久久久久av_日韩在线中文_看一级毛片视频_日本精品二区_成人深夜福利视频_武道仙尊动漫在线观看

請(qǐng)求已被黑洞 - CakePHP

問題描述

相關(guān)文檔推薦