If I send this header to the server:
Cookie: spaces=foo+bar%20baz; repeat=foo; repeat=bar
How should it be decoded?
PHP decodes it as
array (
'spaces' => 'foo bar baz',
'repeat' => 'foo',
)
But I think it should be
array(
'spaces' => 'foo bar baz',
'repeat' => array('foo','bar'),
)
Which is correct?
PHP has the known habit/peculiarity of overwriting any external parameters (GET/POST/COOKIE), when a parameter name occurs more than once.
For example with a query string such as ?spaces=foo+bar%20baz&repeat=foo&repeat=bar, you would have the same problem – in $_GET['repeat'], only the value bar would “survive”. (That should be the same in your cookie example btw., it should be 'repeat' => 'bar', not 'repeat' => 'foo'.)
To avoid this, square brackets at the end of the parameter name have to be used. Try
Cookie: spaces=foo+bar%20baz; repeat[]=foo; repeat[]=bar
– that should get you the array structure that you want in $_COOKIE.
Related
I'd like to use the methode editMessageReplyMarkup to get rid of my inline_keyboard buttons. I can get rid of them by passing the 'reply_markup' a json encoded keyboard like that:
$k = ['inline_keyboard' =>
[
[ ]
]
];
but as a result I get that error
Request has failed with error 400: Bad Request: object expected as reply markup
I tried a couple variants include not sending a 'reply_markup' at all as attribute to the methode, but I get the error "Bad Request: object expected as reply markup" or "Bad Request: can't parse inline keyboard button: InlineKeyboardButton must be an Object".
That is how I call the methode:
$bot->apiRequestJson("editMessageReplyMarkup", array(
'chat_id'=>$cb_chat_id,
'message_id'=>$cb_msg_id,
'reply_markup' => json_encode($k)
));
The function is taken from here: function taken from hellobot example https://core.telegram.org/bots/samples/hellobot
And to prove my function is working, that results in a new inline keyboard without any error
$k = ['inline_keyboard' => [
[
['text' => 'caption', 'callback_data' => 'test']
]
]];
Thanks for your help!
Markus
We are starting to use Cloudflare on a few Wordpress client accounts and notice in the CDN settings that my email address and API key are visible to the client.
Is this a potential security issues where others can see my Cloudlflare email address and API key? Should I be using 1 Cloudflare account per client account?
Here is a screenshot (i have blurred the API key and deleted the email input box in the console) but both these values are visible to the customer.
What is the worse thing they could do with these 2 pieces of data?
you have to use tokens instead of global api key. you strict token to certain zone only
This only will NOT solve the problem, you have to manually modify wp fastest cache plugin to modify the request to match API tokens usage.
the requests can be found in inc\cdn.php
The modified file:
https://gist.github.com/ahmed-abdelazim/7c8170f7fc4e821c6b015d770fcbf14a
so
$header = array("method" => "DELETE",
'headers' => array(
"X-Auth-Email" => $email,
"X-Auth-Key" => $key,
"Content-Type" => "application/json"
),
"body" => '{"purge_everything":true}'
);
is converted to
$header = array("method" => "DELETE",
'headers' => array(
//"X-Auth-Email" => $email,
"Authorization" => "Bearer ".$key,
"Content-Type" => "application/json"
),
"body" => '{"purge_everything":true}'
);
and this occured five times in the plugin in the cdn.php file
simply creating API Token worked for me. There are some pre made template. There was for wordpress one as well. Just selected and created and added it to wp fastest cache and that worked.
I'm currently writing a RESTful API in Cakephp 3 whereby I need to test a POST operation through http://host.com/api/pictures. The code for the test:
<?php
namespace App\Test\TestCase\Controller;
use App\Controller\Api\UsersController;
use Cake\TestSuite\IntegrationTestCase;
use Cake\Network\Http\Client;
use Cake\Network\Http\FormData;
class ApiPicturesControllerTest extends IntegrationTestCase{
public $fixtures = [
'app.users',
'app.comments',
'app.albums',
'app.users_albums'
];
public function testAdd(){
// $data = new FormData();
$accessToken ='eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOjksImV4cCI6MTQ1NzYyOTU3NH0.NnjXWEQCno3PUiwHhnUCBjiknR-NlmT42oPLA5KhuYo';
$http = new Client([
'headers' => ['Authorization' => 'Bearer ' . $accessToken, 'Content-Type' => 'application/json']
]);
$data = [
"album_id" => 1,
"link" => "http://www.google.com",
"description" => "testtesttest",
"favorite" => true
];
$result = $http->post('http://vecto.app/api/pictures/add.json', $data, ['type'=>'json']);
// $this->assertResponseOk();
// debug($result);
}
}
When I try to debug the result I get a 'cannot add or update child row' while I'm sure the responding id does exists
(the fixtures does have the id's too). Additionally, the log indicates that it only tries to insert the create/update rows. Therefore, I'm pretty sure the data is ignored but however I can't find a solution. I already tried different combination of headers like only application/json for Accept, application/json for Content-Type etc. I'm using the CRUD plugin for Cakephp to pass the data to an add function.
Postman output
Furthermore, I tried the Postman Chrome plugin to save the data and that actually does work. Does anyone know what I'm doing wrong in the test?
That's not how the integration test case is ment to be used. You are dispatching an external, real request, which will leave the test environment, while you should use the request dispatching tools that the integration test case supplies, that is
IntegrationTestCase::get()
IntegrationTestCase::post()
IntegrationTestCase::put()
etc...
These methods will dispatch simulated requests that do not leave the test environment, which is crucial for things to work properly, as you want to use test connections, inspect possible exceptions, have access to the used session, etc...
ie, you should do something along the lines of
$accessToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOjksImV4cCI6MTQ1NzYyOTU3NH0.NnjXWEQCno3PUiwHhnUCBjiknR-NlmT42oPLA5KhuYo';
$this->configRequest([
'headers' => [
'Authorization' => 'Bearer ' . $accessToken,
'Content-Type' => 'application/json'
]
]);
$data = [
"album_id" => 1,
"link" => "http://www.google.com",
"description" => "testtesttest",
"favorite" => true
];
$this->post('/api/pictures/add.json', json_encode($data));
Note that a content type of application/json will require you to send raw JSON data! If you don't actually need/want to test parsing of raw input, then you could skip that header, and pass the array as data instead.
See also
Cookbook > Testing > Controller Integration Testing
API > \Cake\TestSuite\IntegrationTestCase
I have several analytics API calls
that have been performing great up until recently. Now,
I've tried two servers, with different IP's and get the same result from my
queries. The IP and Results are below.
Both servers are in the USA, and I've even filled out the form located here https://support.google.com/websearch/contact/ip with no change.
The server IP information: https://geoiptool.com/en/?ip=69.12.70.137
I've even tried a different PHP client, same result.
The error received:
Array
(
[http_code] => 403
[error] => Array
(
[errors] => Array
(
[0] => Array
(
[domain] => global
[reason] => countryBlocked
[message] => This service is not available from
your country
)
)
[code] => 403
[message] => This service is not available from your country
)
)
This should be fixed for your IP, 69.12.70.137. Sorry about the trouble!
I'm using wp_remote_post to post some info to a secure connection like this
$url = 'https://example.com/path/file.json';
wp_remote_post($url, array(
'sslverify' => false,
'timeout' => 60,
'body' => $body,
));
But I get an error:
SSL: CA certificate set, but certificate verification is disabled
I though sslverifyset to false should prevent that?
If I set sslverify => true it works but may cause problems on other servers
Here's the complete wp_error object:
WP_Error Object
(
[errors:WP_Error:private] => Array
(
[http_request_failed] => Array
(
[0] => SSL: CA certificate set, but certificate verification is disabled
)
)
[error_data:WP_Error:private] => Array
(
)
)
Maybe it's related but on Apache 2.2 it works while on Apache 2.4 it doesn't
Looks like your Apache 2.2 and 2.4 configurations are different. On 2.4 you probably have SSLVerifyClient set to required which would cause it to act like what you are describing. You'd need to set it to none:
http://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLVerifyClient