RE: Hidden fields in forms
Status: Alpha
Brought to you by:
coroberti
Menu
▾
▴
RE: Hidden fields in forms
|
From: Peter B. <pwb...@ho...> - 2010-06-25 09:24:15
|
Many thanks Gary for your most helpful reply.
I had read the section in the documentation on RESPONSE_TOKEN many times, and unfortunately it does not have the detail you provided here. As you point out, I need a feature which curl-loader cannot at present do.
This is probably a common issue, as the security feature I encountered is part of a standard Django/Python framework. It is most disapointing that you don't have access to a system! Its probably a small change - just to look for a slightly different pattern: /name="x" value="y"/ instead of /x="y"/. Is there any way we can arrange to add this to the code? As per my first post, I found the section of code which applies, but getting to understand it all was a bit daunting: scan_response/keyval_scan/kv_scan/scan_for_key/bitap_search... If I email you the source, please could you outline the change(s) needed, and I can implement them? I am fluent in C, so you would just have to give a little assistance...
(This is, of course, only applicable if the current developer team are not willing to assist with this!)
Kind regards,
Peter
From: ga...@iF...
Subject: Re: Hidden fields in forms
Date: Wed, 23 Jun 2010 15:47:58 -0700
To: cur...@li...
Peter,
I was the one who added the RESPONSE_TOKEN function to curl_loader. I no longer have access to my original code, or to a system where I could work on the code, but I do occasionally look at this list, and I did find some of the documentation for RESPONSE_TOKEN that I contributed:
RESPONSE_TOKEN - (Example: RESPONSE_TOKEN = user_id) There can be any number of RESPONSE_TOKENs in an URL or URL_TEMPLATE subsection. When curl-loader fetches the url, it will scan the server's response for all the response tokens. If found, curl-loader will save the "value" of each response token for use in constructing later URL_TEMPLATEs (see URL_TOKEN below). For instance, if we specify RESPONSE_TOKEN = user_id, and if the server response contains ... user_id=1234 ..., then we will save the name-value pair "user_id, 1234". Different clients may well receive different responses and save different values, thus constructing different urls from later templates.
In more detail: names and values are either quoted strings or extended-alphanumeric strings that may contain the 8-bit characters A-Z, a-z, 0-9, @, underscore, and dot. When an url is fetched, the server's response will be scanned for tokens that match any of the url's RESPONSE_TOKENs. If a match is found, the next extended alphanumeric token, or quoted string, in the server response will be taken as the value. All such values will be saved on a per-client basis, and used to construct subsequent URL_TEMPLATEs for that client (see URL_TOKEN below).
Notes: The order of the RESPONSE_TOKENs in the url subsection is immaterial. Matches and values are collected across response-packet boundaries. Once a value is collected from a particular server response, the scanning for that token stops, and subsequent occurrences of that token in the response will not trigger a new value collection. Finally, a RESPONSE_TOKEN with the same name as one in a previous url will replace any previously collected value for that name.
Examples: RESPONSE_TOKEN = user_id would collect the intended value in the following server responses: ... user_id 1234 ... user_id = 1234 ... user_id="1234" ... user_id = "Jane Doe" ... user_id = ja...@fo... ... <user_id> 1234 </user_id>. (This mechanism would not work for ...name=user_id value=1234... and other more complex syntax.) Limitations: There is no support for wide characters, and no support for saving multiple values of the same name from different responses.
As you can see from the last paragraph, the capability you want isn't there, and you would have to add it. Sorry.
Gary Fitts
On Jun 22, 2010, at 1:48 PM, Peter Becker wrote:
CURL-LOADER VERSION: 0.51, Juanuart, 2010
HW DETAILS: CPU/S and memory are must: IRRELEVANT
LINUX DISTRIBUTION and KERNEL (uname -r): IRRELEVANT
GCC VERSION (gcc -v): IRRELEVANT
COMPILATION AND MAKING OPTIONS (if defaults changed): IRRELEVANT
COMMAND-LINE: IRRELEVANT
CONFIGURATION-FILE (The most common source of problems):
Place the file inline here: n/a, IRRELEVANT
DOES THE PROBLEM AFFECT:
COMPILATION? No
LINKING? No
EXECUTION? No
OTHER (please specify)?
Have you run $make cleanall prior to $make ? YES/IRRELEVANT
DESCRIPTION: See below
QUESTION/ SUGGESTION/ PATCH:
I want to know if I can pick up the value of a hidden field as below, and post that back.
<input type='hidden' id='securitytoken' name='securitytoken' value='123456789abcdef0123456' />
When I try to use RESPONSE_TOKEN=securitytoken, the value of this token is recorded as 'name', but (of course) I need to post back 123456789abcdef0123456.
Date: Tue, 22 Jun 2010 18:47:42 +0300
Subject: Re: Hidden fields in forms
From: cor...@gm...
To: cur...@li...
Hi Peter,
The rules of the list: the PRF first.
--
Truly,
Robert Iakobashvili, Ph.D.
......................................................................
www.ghotit.com
Assistive technology that understands you
......................................................................
Hotmail: Powerful Free email with security by Microsoft. Get it now. ------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo_______________________________________________
curl-loader-devel mailing list
cur...@li...
https://lists.sourceforge.net/lists/listinfo/curl-loader-devel
_________________________________________________________________
Hotmail: Free, trusted and rich email service.
https://signup.live.com/signup.aspx?id=60969 |
