Send random value with curl to server - post

Let's say I have an HTML form which looks like this:
<form method="post" action="anmeldung.fcgi" onsubmit="return chkForm()">
<input type=text name="person">
<input type=hidden name="id" value="1234"> <!-- this value is generated -->
<input type=submit name="press" value="OK">
</form>
The value from id is generated by a mechanism which is not known to us and every time you visite the site it is an other value. Now let's say that the script, which collects the data checks if the id is correct and only then the rest of the code is called.
Is there a way with curl to send the data with the correct id to the server? So can I read it out from the page and send it to the server anyway? I think I have to use the same "instance" of the HTML file or something like this?

It sounds like this would be a multi-step process, but could be scripted fairly easily. First, you would use curl to do a GET to the URL of the form, like so:
curl http://hostname/path/to/form.html
Then, you would parse the content returned from the above GET request, to pull the value that is stuffed in the hidden id field.
Then, you would use curl to do a POST to anmeldung.fcgi, setting the form inputs to be posted, like so:
curl --data "person=xxx&id=1234&press=OK" http://hostname/path/to/anmeldung.fcgi

Related

Browser ignores query string

I have a hardware device with an admin console accessed via a web interface. I want to pass a query string to the URL so that the username and password fields are pre-populated. I am doing so as follows but the browser ignores the query string:
http://192.168.5.50?username=abc?password=def
I have checked the page source and the username and password input fields are called "username" and "password".
EDIT:
I see that I have incorrectly used the character ? instead of & to separate the key/value pairs. Correcting this as follows does not change the outcome. The query string is still ignored.
http://192.168.5.50?username=abc&password=def
There is a form in the HTML with this definition:
<form name="myform" method="post" action="read" autocomplete="off">
Is the POST method incompatible with query strings? If so, is there another method of auto-populating fields?
You can try to create a form dynamically and submit it. You url should be something like this:
javascript:document.write('<form name="myform" method="post" action="read" autocomplete="off"><<input type="hidden" name="username" value="abc"><input type="hidden" name="password" value="def"></form><scr'+'ipt type="text/javascript">document.getElementsByTagName("form")[0].submit();</scr'+'ipt>');

Sending long text from web form to server

I try to move my text analyzer from console to web form.
I have simple form like this:
<form action="/">
<textarea name="str"></textarea>
<input type="submit">
</form>
Generally I could have very long texts for analysis inside of textarea. When I submit the form I get the following from thin:
Invalid request: Header longer than allowed
So the question is what is the proper approach to send long texts to server? Uploading files or filling links to url are not the option unfortunately.
By default the method of a form is GET, which has a limit on the number of characters allowed. (The limit depends on server and client, see for instance this answer, which specifies that usually it is 8KB).
You should use instead a method POST, which has much larger limit, around 2GB.
<form action="/" method="POST">
<textarea name="str"></textarea>
<input type="submit">
</form>

How rewrite URL?

I'm making a single web app.
I have a form with a POST method and an action value equal to "/login".
<form action="/login" method="POST">
<label for="mail">Email</label><input name="log" id="mail" type="text">
<label for="pass">Pass</label><input name="pass" id="pass" type="text">
<input type="submit">
When the submit button is press, server get the form, then return to the index page.
But, in the address bar, I have "local:5050/login" and would have "local:5050".
Can I remove the "login" mention ?
Since you are making a SPA, you will not want to have the POST method of the form actually complete. Generally this is done in dart by attaching a listener on the form element, within that listener you would then do a couple of things:
1) Cancel the default action (Also see: How do I prevent an on.submit event from changing/reloading the page?)
2) Get the values you're interested in from the form (or potentially take the entire form itself)
3) Send the values via an AJAX request to the server and listen for the response from the server to verify it was valid etc.
See the Dart tutorials on forms for more information on accomplishing the other steps.

Insert cakephp POST params into URL

I have this form below which contains two checkboxes to sort some products:
<form id="FiltreExtraForm" action="" method="post" name="FiltreExtraForm">
<input id="ProductsDeliveryPrice" type="checkbox" value="1" name="data[Products][delivery_price]"/>
<input id="ProductsPicture" type="checkbox" value="1" name="data[Products][picture]"/>
</form>
After POST I do the filtering but I also want to add received parameters to URL E.g: /products/index/delivery_price:1/picture:0 . Is this possible. How can I do that?
Note: I don't want to use GET to send form info.
Sounds like you are looking to do a Post/Redirect/Get.
Here are two examples of doing this in CakePHP:
Searching on surname
Searching on multiple fields
The two main advantages of redirecting a POST to a GET request are:
Users don't get the "Do you want to resubmit?" dialog if they refresh
The resulting page/query can be bookmarked
In the action to which you post, you could simply prepare the GET url and then redirect to this url. The action for that url then does the filtering.
If I understand you correctly (and I'm not sure that I do), you can pass additional variables on the query string of the form's action quite easily. Conventionally, that might look like this:
<form id="FiltreExtraForm" action="/products/index?delivery_price=1&picture=0" method="post" name="FiltreExtraForm">
Using Cake, you should be able to do the same without the traditional query string if you'd rather (though the traditional method above will also work):
<form id="FiltreExtraForm" action="/products/index/delivery_price:1/picture:0" method="post" name="FiltreExtraForm">
I would recommend looking at the form helper or at least constructing the action URI using helpers, but this should get you what you're after.

How can I emulate PUT/DELETE for Rails and GWT?

I would like to make my application somewhat REST compliant. I am using Rails on the backend and GWT on the frontend. I would like to do updates and deletes. I realize I can do something like mydomain.com/:id/delete (GET) and accomplish the same thing. However, as I stated previously, I would like to have a REST compliant backend. Thus, I want to do mydomain.com/:id (DELETE) and have it implicitly call my delete method.
Now, it's my understanding that if a browser (my browser is GWT RequestBuilder) doesn't support DELETE/GET, Rails somehow accomplishes this task with a POST and some other url parameter. So, how can I accomplish this with a GWT RequestBuilder?
Rails does this with hidden attributes. The easiest way to figure this out would be to create a new rails application, generate a scaffold and have a look at the HTML in a browser.
Try this:
rails jp
cd jp
./script/generate scaffold RequestBuilder name:string
rake db:migrate
./script/server
Then navigate to http://localhost:3000/request_builders, click on New and have a look at the HTML. You'll see something like:
<form action="/request_builders" class="new_request_builder"
id="new_request_builder" method="post">
<div style="margin:0;padding:0">
<input name="authenticity_token" type="hidden" value="e76..." />
</div>
This is a creation, method is POST. Enter a name, save then Edit:
<form action="/request_builders/1" class="edit_request_builder"
id="edit_request_builder_1" method="post">
<div style="margin:0;padding:0">
<input name="_method" type="hidden" value="put" />
<input name="authenticity_token" type="hidden" value="e76..." />
</div>
Of course the form is sent with POST, but Rails hads a hidden field to simulate a PUT request. Same for deletion, but the scaffold will do it with a bit of Javascript:
var m = document.createElement('input');
m.setAttribute('type', 'hidden');
m.setAttribute('name', '_method');
m.setAttribute('value', 'delete');
To have this work with another front-end, you'll have to both:
Use the same style URL such as /request_builders/1 (RESTful URLs)
Include the hidden fields (Rails trick)
Like #skrat said, the _method=PUT workaround doesn't work for any kind of body where Content-Type is not x-www-form-urlencoded, e.g. XML or JSON. Luckily, there is a header workaround as well:
https://zcox.wordpress.com/2009/06/17/override-the-http-request-method-in-jersey/
So to update a REST resource, just do a POST to its address and add the header X-HTTP-Method-Override: PUT. Rails will interpret this as a PUT to the address.

Resources