Is there anyway to get around the maximum character limit on "mailto:"? the requirement is to have an option send email to all the persons returned by search criteria. So, on the controller side, after the person objects are gathered, I have iterated through them all to get a "To" string with all their emailids appended. But the issue is that, on the view side
Email all Returned results
won't work when the toList size exceeds certain limit(2083 for IE, apparently). So is there anyway to get around this limit? My requirement is not to send email to the results, just open up the e-mail client for users and they can decide what to have in body and whom to remove from the list etc..
First off, there's no way to "get around" that IE limit (more info here: http://support.microsoft.com/kb/208427 ).
If you really need to send so much emails at once switch to a server-side solution (and it will be far better even for the privacy) OR just ask the users to use another browser.
Related
On Wikipedia search box you can search for a term, e.g. 'lens', in article's title AND content. Using the search API however works only with titles. What request do I need to be able to extend the search on article content too?
The search API should perform "a full text search". The reason you're receiving only 10 results is most likely because you've not set the srlimit parameter which defaults to 10 and you're not continuing the query. You can set srlimit to max to receive 50 or 500 results (depends on the access level of your account) and in order to get the rest of the results one needs to continue the query using the parameters given in the last result.
I am trying to validate phone number for the below condition,
If all 10 digits are of same number,it should display an error message.
If it starts with 1, it should display an error message.
Please share your suggestion if you have come across such scenario.
Without example code, it will be hard for us to see what you are trying to do - and if you have even attempted at solving it yourself.
But oh well, there are multiple ways of doing this, what you want is serverside validation - as you NEVER want to validate on the users end.
How can you limit the value from input using AngularJS?
Adding a listener on a model in angularjs With this one (And I 'THINK' this is what you want), you can update 'something' according to what is being input into the text area.
I am using EWS to search for contacts via FindItem.
I added a Restriction to filter the results, and I am using Contains with ContainmentMode = Substring.
Contacts are being returned only when filtering with prefixes, but when using middle parts of their name/email nothing gets returned.
for example if user name is user3, then if i filter with "use"/"user" the contact returns, but if i use "ser"/"ser3" i get nothing.
can anyone help?
thanks a lot
So as the title says I'm curious, can user change the ID of an element through browser? I have a list of inputs - checkboxes, when you click on one of them ajax takes ID of that element and uses it to get data from database, so basically what I'm thinking is that if it is somehow possible to change the ID of the element my database wouldn't be secured. If that's possible, how I should protect it?
Okay, So I get the idea that it wouldn't be secured, If I'd use this way:
<?php
$mysqli = new mysqli("host", "user", "password", "database");
$usuario = $mysqli->real_escape_string($_POST["usuario"]);
$clave = $mysqli->real_escape_string($_POST["clave"]);
$sql=' SELECT * FROM usuarios
WHERE username="'.$usuario.'"
AND pass="'.$clave.'"
';
$mysqli->query($sql);
$mysqli->close();
?>
would it be enough, or there aren't actually safe enough way to protect data?
You are correct that this would be a security hole. The ID attributes could indeed be changed via the browser console.
Yes, they can change it or just make while request faked and you won't tell the difference. Rule of thumb here is NEVER trust any data that comes from user. It means - always validate, sanitize data on server-side, and always assume data that comes in request are there to fool/trick/hack you.
Yes. The user can do anything they like to the DOM once it is in their browser.
They can also execute any JS they like there.
You're worrying about the problem in the wrong place though. Your control ends at the edge of the webserver. Clients can make any HTTP request they like to it and include any id value they want. You need to address security there and not in the browser.
If you want to secure your database then you need to either allow no HTTP request to lead to the secret data being released / changed or you need to write server side rules that limit which HTTP requests can change them.
Typically this would involve Knowing Who The Request Comes From (Authentication) and Knowing Who Can Access Which IDs (Authorization).
A simple approach would be to keep a database that has a users table (including hashed passwords), a "things" table, and an ownership table (which has a column of user ids and a column of thing ids). If the request doesn't include a username and password you can cross reference from the thing id across the ownership table - return an error message instead of what was asked for.
Using the Box 1.0 REST API, I am trying to work with the functions in SOAP UI.
The API doc for get_managed_users with user_id=12345 (internal id retrieved with get_user_id call correctly) is returning all the users. The docs say that would be the case if you do not specify a user_id value. But my full command is: (Token and API key changed to protect the clueless)
https://www.box.com/api/1.0/rest?user_id=27360&auth_token=blahbalhblah1234&action=get_managed_users&api_key=someKeyYouShouldNotSee
Now I could work with the complete result list, but that won't scale as we get thousands of users into the system.
I can make a call with edit_managed_user, using the same user_id value and the change is reflected in the UI, and in the next get_managed_users call. Thus I do have the correct user_id value, I would so assume.
I tried testuser#gmail.com as the user_id value as well, and get the entire list back. This leads me to believe that somehow I am sending user_id wrong, but I just do not see it.
Any hints? Why, with what seems like a valid user_id value is it acting like it is absent or incorrect?
Most likely you have either called this method with an invalid user_id, or one that is not in your set of managed users. Can you double check that the user comes back in your list of already managed users?