Good morning,
I'm trying to develop a smartphone application connected to an API Platform API.
I need the option to upload some files from the application.
I cannot trust those who send files.
I've followed the https://api-platform.com/docs/core/file-upload/ guidlines. Thus, I can't see how to prevent a CWE-434 vulnerability (Unrestricted Upload of File with Dangerous Type, https://cwe.mitre.org/data/definitions/434.html). I've done it myself on my system, so the vulnerability works with my configuration. I cannot believe that it was forgotten from the vichuploaderbundle. It must be something else, but I can't figure out what.
Should I write my own image handler, or is there a way to use vichuploaderbundle with safety ?
Related
While migrating a Xamarin forms app, I find my self having this Android specific code that try to load my sound resource with a resource id
MediaPlayer.Create(Android.App.Application.Context, Resource.Raw.beepok);
I see that maui is bunding everything on Resources\Raw\** as MauiAsset
How i can still get the resource id?
It seem that AndroidResource still works, it seem that i was hit a build cache of sort, after clean and restarting vs the resource is available
In a Symfony 5.x project I use knplabs/knp-snappy-bundle.
Having private data-folders for different users results in generating PDF-documents that require images from folders which are not publicly accessable.
When trying to generate a PDF-document with an image in such a folder knpsnappy runs into a 60 sec timeout. The Symfony log says
Guard authenticator does not support the request.
I assume something regarding the "external" tool knpsnappy calling from outside the application but from the same server but does not triggering any security definition I defined.
I am unsure on how to allow knpsnappy to access a specific route.
Maybe someone can lead me into the right direction...?
I was misslead.
The cause of the problem wasn't access rights but the way the img-pathes were defined.
knp snappy wont be able to render images with URL-routes.
I switched the pathes to be absolut server pathes and now it works.
Found the solution here:
KnpSnappyBundle and Symfony 3.4 : images and/or css cause timeout
All,
Sorry in advance - I'm a total novice when it comes to ASP.net.
I'm working on a project that's fairly simple. I have single HTML page that collects input from the user. When the input is complete - the html page uses AJAX to post the data to a web service. That service receives the data, does some processing on it, then sends back a response.
The "client" part of this app is pure HTML/Javascript (not ASP.net), and is complete and works perfectly.
The "service" part of this app (MyHandler.ashx) is built using ASP.net. Technically - what it does is receive data from the AJAX post. It then uses Microsoft.Office.Interop.Excel to open an Excel spreadsheet, pass the users' inputs into that spreadsheet, then retrieve several calculated values from the spreadsheet, and returns those values in the response to the AJAX post.
Using Visual Studio VS I've got this whole process running locally on my PC.
When I "publish" the project - VS creates a ton of files. I sent those files to the team that manages the server; they deployed them, and voilĂ - it works. (The necessary Office interop libraries are installed on the server).
So - my question - as I make a few modest changes (e.g., validation, error handling) to the handler - MyHandler.ashx - which of those published files actually change? If i want to reploy - do I simply need to resend an updated version of MyHandler.ashx? Or, do simple coding changes to that file require changes to the DLL?
I guess my question is, generally - what's in the DLL? (E.g., is it a compiled version of MyHandler.ashx?)
More specifically - publishing my project creates the following files that I don't really understand:
Web.config
Global.asax (in my project, there's not much in here)
bin/MyProject.dll
So, if I make changes to MyHandler.ashx - can I simply reploy THAT file? Or, do I need to "publish", then "redeploy" thd dll? (By changes - I mean simple code changes, not decisions to include/exclude other external dependencies).
Sorry - this question must seem like nonsense to knowledgeable ASP.net developers. But, with other technologies I've used, things were clear:
If you're developing a Flash project, you write source code in .FLA files, then compile, then deploy the resulting .SWF files.
If you're developing an HTML/JavaScript/PHP project, you write those files, then deploy those same files
I'd trying to get a better understanding of what's what with ASP.net.
Thanks again.
The DLL contains the compiled code behind the ASHX file. The ASHX is just a service definition for an HTTP handler. When you make changes to the service (e.g. the code), simply issue another Publish like you did before and send the entire package.
But in short, when you change the code, the DLL is what's changing.
We are hosting huge app for our cutomers. There are diffrent configuration and contents (images, user files). But the core code, directories structure, databse scheme is this same for every client.
I'm looking for a way to create one core code repository, so all clientes will use it. We do updates often, so this will make our live easyer.
The idea is to create the repo and In clients directories create just symbolic links to that repo direcories: bin, App_Resources, Css, SystemImages etc.
Is this a good idea? Will ASP.NET MVC app handle this correctly, or I've to add some code for it handle the 'virtual direcotories'?
I would suggest that you take a look Single-tenant and Multi-tenant applications even if you say that your code base is the same for every one.
Here is a nice Multi-Tenancy ASP.NET example
I would also suggest that you check http://appHarbour.com as you can easily push changes from your master repository to appHarbour using Git or Mercurial.
Regarding your exact question, I also keep static files in a custom scheme under Amazon S3, so each client can upload there own files, plus the ones I have and all is based on a single location that does not put more resources just to delivery static files.
You can see my live web application using this technique checking the View Source.
I'm embedding a Flex app in a WordPress page using Matt Carpenter's great plugin. It's a map created using Google Maps' Flash API.
I'm getting an initialization failure. Is that because the API key is in the Flex app and
Google can't "see" it?
This is the error that I'm getting:
Initialization failed: please check
the API key, swf location, version and
network availability.
Or do I have something else going on? Any suggestions?
Generally, the API key can only be used on 1 domain. Try creating a new key that's specifically to be used for online files. Use the other key you already have for offline testing.
Lewis