The only added header I send is the content type:
header( "content-type: text/xml" );
BUT in my code comments I found this:
// don't return empty tags, prototype will barf
// <tag></tag> stops all processing on the client side
if(empty($val) || $val == "" || is_null($val))
$val = "null";
In my client side javascript I have this function
function convertNull(xmlString)
{
if(xmlString == "null")
return null;
else
return xmlString;
}
called by this code:
$('ajRecord').value =
convertNull(transport.responseXML.getElementsByTagName('record')[0].firstChild.nodeValue);
Might be a better way of doing it (i.e. converting the project to json) but
several years ago this is what I finally ended up with.
The ajax call was made this way:
function dofill(url) {
var options = {
method: 'post',
parameters: $('myform').serialize(),
onSuccess: fill_in,
onFailure: ajax_err,
on0: ajax_err
};
new Ajax.Request( url+".php", options );
}
In the above notice how I append the extension to the url (what happens is
that hackers pull the url from the form and then try submitting data
(including sql injection attacks) directly to the form processor. If you
add the url during the call, the hackers only see /folder/forms_processor
and they (their bots) assume its a folder. In your 404 logs you end up
with a lot of hits on those non-existent folder.
On Sun, Nov 24, 2013 at 9:05 AM, Phil Petree <phil.pet...@gmail.com> wrote:
> Let me fire up my laptop and look at some code I have... I'm returning xml
> and it seems there was something I had to do differently but I don't recall
> what (or if) it was...
> On Nov 24, 2013 9:00 AM, "blumus" <leiman.bar...@gmail.com> wrote:
>
>> Using Java
>>
>> *Here is the "header code" from Java*
>>
>> public void handle(HttpExchange t) throws IOException {
>> System.out.println("Received Request
>> from"+t.getRemoteAddress().getHostString());
>>
>>
>>
>> // set headers
>>
>>
>>
>> *Headers headers = t.getResponseHeaders();
>> headers.set("Access-Control-Allow-Origin", "*");
>> headers.set("Access-Control-Allow-Methods", "GET");
>> headers.set("Content-Type", "application/xml");*
>>
>>
>> String response = RESPONSE;
>> *t.sendResponseHeaders(200, response.length());*
>>
>> *Here are the headers from wireshark*
>> HTTP/1.1 200 OK
>> Content-type: application/xml
>> Content-length: 276
>> Access-control-allow-origin: *
>> Date: Sun, 24 Nov 2013 05:46:49 GMT
>> Access-control-allow-methods: GET
>> <?xml version="1.0" encoding="utf-8" ?><ajax-response><response
>> type="object" id="productDetails"><monthly-
>> sales><employee-sales><employee-id>1234</employee-id>
>> <year-month>1998-01</year-month><sales>$8,115.36</sales>
>> </employee-sales></monthly-sales></response></ajax-response>
>>
>> Thanks blumus
>> On Sunday, November 24, 2013 3:43:21 PM UTC+2, ppetree wrote:
>>>
>>> Php on the back end? What headers are you sending back?
>>> On Nov 24, 2013 7:53 AM, "blumus" <leiman...@gmail.com> wrote:
>>>
>>>> Hi:
>>>>
>>>> I'm a newbie to html, js and protype.js. I've written a small script to
>>>> try out Ajax.request.
>>>>
>>>> $("sendFormSimple")
>>>> .observe(
>>>> "submit",
>>>> function(e) {
>>>> e.stop();
>>>> log("Send Http Button
>>>> Pressed \n");
>>>> new Ajax.Request(
>>>> '
>>>> http://127.0.0.1:8000/test<http://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8000%2Ftest&sa=D&sntz=1&usg=AFQjCNFMhun0Vydf4ufBpg2WRRnyvrvj_w>
>>>> ',
>>>> {
>>>> method : 'get',
>>>>
>>>> contentType:'application/xml',
>>>> onSuccess :
>>>> function(
>>>>
>>>> transport) {
>>>> var
>>>> response = transport.responseText
>>>> ||
>>>> "no response text";
>>>>
>>>> log("Success! "
>>>> +
>>>> response
>>>> +
>>>> "\n");
>>>> },
>>>> onFailure :
>>>> function() {
>>>>
>>>> log("Something went wrong...\n");
>>>> }
>>>> });
>>>> });
>>>> ....
>>>> <br>
>>>> <form id="sendFormSimple">
>>>> <input type="submit" value="Send Http">
>>>> </form>
>>>> <br>
>>>>
>>>> When the button to http is pressed a request goes out but it *does not
>>>> *come back to the js code. The request/response is seen/successful
>>>> from
>>>> 1) the server logs
>>>> 2) wireshark
>>>> 3) when accessing
>>>> http://127.0.0.1:8000/test<http://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8000%2Ftest&sa=D&sntz=1&usg=AFQjCNFMhun0Vydf4ufBpg2WRRnyvrvj_w>from
>>>> the browser (firefox&chrome)
>>>>
>>>> Here is the response from wireshark
>>>>
>>>> HTTP/1.1 200 OK
>>>> Content-type: application/xml
>>>> Content-length: 276
>>>> Access-control-allow-origin: *
>>>> Date: Sun, 24 Nov 2013 05:46:49 GMT
>>>> Access-control-allow-methods: GET
>>>> <?xml version="1.0" encoding="utf-8" ?><ajax-response><response
>>>> type="object" id="productDetails"><monthly-sales><employee-sales><
>>>> employee-id>1234</employee-id><year-month>1998-01</year-
>>>> month><sales>$8,115.36</sales></employee-sales></monthly-
>>>> sales></response></ajax-response>
>>>>
>>>> Based on other posts
>>>> * added Access-control-allow-origin: * to header
>>>> * running from apache server instead of file system
>>>> Still the response is not received
>>>>
>>>> Any help would be appreciated. Thanks
>>>>
>>>> BTW - here is the debugger output
>>>> transport
>>>> klass { request=klass, transport=XMLHttpRequest, readyState=4, more...}
>>>> headerJSON
>>>> null
>>>> readyState
>>>> 4
>>>> request
>>>> klass { options={...}, transport=XMLHttpRequest, url=
>>>> "http://127.0.0.1:8000/test";, more...}
>>>> responseJSON
>>>> null
>>>> responseText
>>>> ""
>>>> responseXML
>>>> null
>>>> status
>>>> 0
>>>> statusText
>>>> ""
>>>> transport
>>>> XMLHttpRequest { readyState=4, timeout=0, withCredentials=false,
>>>> more...}
>>>> _getHeaderJSON
>>>> function()
>>>> _getResponseJSON
>>>> function()
>>>> getAllHeaders
>>>> function()
>>>> getAllResponseHeaders
>>>> function()
>>>> getHeader
>>>> function()
>>>> getResponseHeader
>>>> function()
>>>> getStatus
>>>> function()
>>>> getStatusText
>>>> function()
>>>> initialize
>>>> function()
>>>> __proto__
>>>> klass { status=0, initialize=function(), statusText="", more...}
>>>> toString
>>>> function()
>>>>
>>>>
>>>> --
>>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Prototype & script.aculo.us" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to prototype-scriptaculous+unsubscr...@googlegroups.com.
>> To post to this group, send email to
>> prototype-scriptaculous@googlegroups.com.
>> Visit this group at
>> http://groups.google.com/group/prototype-scriptaculous.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Prototype & script.aculo.us" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to prototype-scriptaculous+unsubscr...@googlegroups.com.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
Visit this group at http://groups.google.com/group/prototype-scriptaculous.
For more options, visit https://groups.google.com/groups/opt_out.
