What values can we use in `formattingControls` parameter in RichText component

Documentation says:

  • formattingControls={ [ 'bold', 'italic' ] } // Allow the content to be made bold or italic, but do not allow other formatting options

… but I can’t find a list of all the values ​​that we can use there.

I know about bold, italic, link, strikethrough but there are more elements.

So what is the complete list of supported values?

Confirm order page parameter for woocommerce

I have custom payment button i put on woocommerce checkout page before confirm order page, and it will redirect to confirm order page after the payment have been made.

The url look something like this

mydomainpayment.com/?recipient=someone&amount=' . (string) $  order->get_total() . '&returnurl=myshopdomain.com/(what-parameter-to-put-here-order-id)"><button type="button">Pay With Custom Payment</button></a>'; 

My question is what parameter to put at behind return url there.

Thank You in advance.

How to prevent SQL Injection via the array parameter? (CVE-2017-14069)

Hello, this page suggest that the sql_query

$  r = sql_query("SELECT modcomment FROM users WHERE id IN (" . implode(", ", $  _POST[usernw]) . ")")or sqlerr(__FILE__, __LINE__);
Code (SQL):

is vulnerable to a SQL injection "via the usernw array parameter to nowarn.php."

and the exploit is suggested:

POST nowarned=nowarned&usernw[]=(select*from(select sleep(10))x)
Code (markup):

Please how that sql_query should…

How to prevent SQL Injection via the array parameter? (CVE-2017-14069)

call_user_func() expects parameter 1 to be a valid callback … => brak możliwości zalogowania się do panelu administracyjnego

Warning: call_user_func() expects parameter 1 to be a valid callback, first array member is not a valid class name or object in /wordpress/wp-content/plugins/cache-enabler/inc/cache_enabler.class.php on line 1752

Best fit giving wrong parameter values

I’ve been trying to find the fit for my data using NonLinearModelFit

impedance[R_, L_, C1_, C2_, f_] :=    14.03 + ((R + 2 Pi I f L - I/(2 Pi f C1)) 1/(I 2 Pi f C2))/(    R + I 2 Pi f L + 1/(I 2 Pi f C1) + 1/(I 2 Pi f C2)); absimp[R_, L_, C1_, C2_, f_] =   Simplify[ComplexExpand[Abs[impedance[R, L, C1, C2, f]]]]; NonlinearModelFit[vacamp, (14.03*400)/   absimp[R, L, C1, C2, \[Omega]], {{R, 200}, {L, 10^6}, {C1,     2*10^-12}, {C2, 2*10^-9}}, \[Omega]] 

But this gives me the wrong fit. The data that I have looks approximately like a Gaussian in the range \Omega=32740 to 32800. I tried different starting points but no luck. Would appreciate some help. TIA!

Just adding basic token by POST parameter for securing the API. It is safe?

Let’s say I have an address for an API like this:

mywebsite.com/api/mydata 

If accessed, a JSON will appear like this:

[   {     "id":"1",     "name":"John"   },   {     "id":"2",     "name":"Smith"   } ] 

The result defaults will be displaying the entire data if a post has no parameters. If you use post "ID" and the ID parameter value is one of the existing data in the API, it will only display objects from the data selected based on the ID. The API can be accessed by anyone. API needs to be accessed using token parameters to secure the data.

Let’s say I add a token parameter to be able to access data like this:

yourtoken="yourtoken"  if (post_param[token]==yourtoken) {   // Displaying JSON } 

so if you want to open the API, you need to add a token parameter.

Is simple security like this worth using? what vulnerabilities will arise if I use this? is there a better way than this?

What Does Twitter’s s Parameter Mean?

When I use the share button on Twitter the link becomes https://twitter.com/username/status/ID?s=number instead of https://twitter.com/username/status/ID. What is the meaning of this ‘s’ parameter? Is it an ID that gets generated to see who uses the link you shared? I’m assuming the ‘s’ stands for share ID or <joke>spy on you</joke>. The link works the same without the ‘s’ parameter.

Am I right about this or is it something else?

Why SQLMap Doesn’t Attack Specified Parameter?

I am new to SQLMap. I have setup Kali and OWASPBWA VM. Both VMs are on same NAT Network set in VirtualBox.

When I try to run following command:

sqlmap -u "http://<IP_ADDRESS>/mutillidae/index.php?page=user-info.php?username=111&password=bbb&user-info-php-submit-button=View+Account+Details" -p username 

I get following messages:

  • Previous heuristics detected that the target is protected by some kind of WAF/IPS.
  • Multiple messages – Unable to connect to the targeturl. sqlmap is trying to reconnect.
  • heuristics test shows that GET parameter ‘username’ might not be injectable.

There are several YouTube videos which display same setup with above 2 VMs, and are able to run the command and find injection in username parameter. What am I doing wrong? Please help.

Transformation of an object into parameter value on submission of request

Today I saw rather a weird phenomeon, when submitting a request spontaneoulsy.

The URL I typed looked something like below:

https://example.com/en/trade/pro?layout= and when submitted it transformed into https://example.com/en/trade?layout=pro

If I correctly perceived that the pro object moved to a value of layout (if not just visually).

It didn’t work for https://example.com/en/trade/test?layout= and when submitted should transform into https://example.com/en/trade?layout=test, that didn’t work.

It did only work for the pro object.

Is this a behavior made by developers of the site or could this eventually lead to something interesting?

Plotting the Eigenvectors with respect to a parameter

I have a matrix of the form given below with a parameter $ \lambda$ . I would like to plot the quantity <$ \phi_{i}|Q|\phi_{i}>$ for the every Eigenvectors corresponding to ascending order in Eigenvalues of this matrix with respect $ \lambda$ . I am bit trouble to sort the eigenvectors and plot it w.r.t $ \lambda$ . Pl somebody help me to get that. Here {$ \lambda$ ,0,1.0,0.01}. Here $ |\phi_{i}>$ are the eigen vector of the matrix M.

M[\[Lambda]_] =  { {1, 1 + \[Lambda], -2, 5, \[Lambda], 0}, {0, Sqrt[\[Lambda]] + 3, 6, 7, 0, -3}, {1, 4, 6, \[Lambda] + 2, 0, 1}, {0.6, \[Lambda], 6, 4, 8, 0.5}, {Sqrt[2], 3, 11, Sqrt[\[Lambda] + 4], 0, 1}, {4, 0, \[Lambda], 6, 5, 2}}