1. 首頁
  2. 問答
  3. JQuery似乎正在設置一個額外的$ _POST值

JQuery似乎正在設置一個額外的$ _POST值

2012-02-20 76 views
0

我正在開發一個Wordpress插件。有多個表單元素,出於某種原因,每次我單擊一個表單上的提交按鈕時,都會告訴另一個表單提交。這很不方便,因爲當我點擊按鈕來保存新信息時,另一個表單會從數據庫中刪除第一行。

使用Javascript:

//This is the Javascript that controls the remove all form. 
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script> 

<script type="text/javascript"> 
    $(document).ready(function(){ 
     $('tr.assoc_row').show(); 
     $('#settings-removed-msg').hide(); 
     $('#formdeleteassoc').submit(function(e){ 
      e.preventDefault(); //Works to prevent normal submission of the form. 

      $.ajax ({ 
       type: 'POST', 
       url: '', 
       data: {remove_all: '' 
       }, 
       success: function() { 
        $('#settings-removed-msg').fadeIn('fast'); //Working now 
        $('tr.assoc_row').fadeOut('fast'); //Working now 
        } 
      }); 

     }); 
    }); 
</script>

HTML

<!-- This the the HTML and PHP that renders the options page in Wordpress. --> 
<div class="wrap"> 
    <?php screen_icon('plugins'); ?> 
    <h2>Tag to Category Associator</h2> 
    <div id="settings-removed-msg" class="updated"><p>Associations were successfully removed.</p></div> 
    <form action="<?php echo $_SERVER['PHP_SELF'].'?page=tag2cat-associator'; ?>" method="post"> 


    <?php 
    settings_fields('cb_t2c_options'); 
    do_settings_sections('tag2cat-associator'); 
    ?> 

    <input name="Submit" type="submit" value="Save Changes" /> 
    </form></div>

PHP

//These are the form elements. 

//Show the buttons to remove all associations and remove a single association. 
    echo '<table>'; 
    echo '<tr>'; 
     echo '<td></strong>Remove existing associations</strong></td>'; 
     echo "<td><form action='" . $_SERVER['PHP_SELF'] . "?page=tag2cat-associator' method='post'>"; 
     echo "<select name='remove_single' id='removeSingle' class='remove-single' >"; 
      foreach ($cb_t2c_show_associations as $tags) { 
      echo "<option value = '".$tags->assoc_ID."'>".$tags->assoc_ID."</option>"; 
      } 
     echo '</select>'; 
     echo "&nbsp;<input type = 'submit' name='submit-remove' value='Remove'></input>"; 
    echo '</form></td></tr>'; 
    echo '<tr>'; 
     echo '<td>Remove all (Will delete existing associations)</td>'; 
     echo "<td><form action='" . $_SERVER['PHP_SELF'] . "?page=tag2cat-associator' id='formdeleteassoc' method='post'>"; 
     echo "<input name='remove_all' id='removeAll' class='remove-all' type='submit' value='Remove All'></input></form></td></tr>"; 
    echo '</table>'; 

//The if's alter the database if the right $_POST information occurs. 
if (isset($_REQUEST['remove_all'])){ 
     $wpdb->query("DELETE FROM ".$prefix."cb_tags2cats"); 
     } 

    if (isset($_REQUEST['remove_single'])) { 
     $remove_assoc = $_REQUEST['remove_single']; 
     $wpdb->query("DELETE FROM ".$prefix."cb_tags2cats WHERE assoc_ID = " . $remove_assoc); 
     }

來源

2012-02-20 ChrisBuck

+0

究竟是什麼問題? – SLaks 2012-02-20 05:56:09

+1

您有一個SQL注入漏洞。 – SLaks 2012-02-20 05:56:15

+0

你能更清楚地指出問題嗎? – gideon 2012-02-20 05:56:23

回答

0

的問題是由於具有2 settings_字段作爲Wordpress中的註冊設置。其基本結構是:

function cb_t2c_admin_init() { 
register_setting('cb_t2c_options', 'cb_t2c_options' /*'cv_t2c_validate_options'*/); 

    //Define sections and settings 
    add_settings_section(
     //This defined the settings section. 
     ); 

    add_settings_field(
     //This defined the first setting, with a call to a function. 
     ); 

    add_settings_field(
     //This defined the unwanted setting. 
    ); 

}

我想與WordPress的完成是有形式之外的部分,它會顯示用戶在簡單的HTML表格當前選擇的選項。因此,我刪除了第二個'add_settings_field'函數,將其回調函數的內容放到了繪製選項頁的函數的末尾。例如,

//Draw the options page 
function cb_t2c_plugin_options_page() { 
    $cb_t2c_remove_all_url = plugin_dir_url(_FILE_) . 'remove_all.php'; 
?> 

    <div class="wrap"> 
    <?php screen_icon('plugins'); ?> 
    <h2>Title</h2> 
    <div id="new-assoc-msg" class="updated"><p>Data was successfully added.</p></div> 
    <form id="formsavesettings" name="save_settings" action="<?php echo $_SERVER['PHP_SELF'].'?page=the_options_page'; ?>" method="post"> 

    <?php 
    settings_fields('cb_t2c_options'); 
    do_settings_sections('section_name'); 
    ?> 

    <input name="Submit" type="submit" value="Save Changes" /> 
    </form></div> 
    <?php 

// Here is where I added the PHP code to show my table full of already selected values. 
// This is accomplished with 1 settings section and 1 settings field. 
// By previously putting the code in a settings field, I was telling Wordpress to pass along the values to the form. 
};

這並沒有照顧到SQL注入漏洞的,但它確實解釋爲何意外的值獲取傳遞到窗體。

來源

2012-02-29 03:56:08 ChrisBuck

相關問題

 相關問題