Go For Expert

get session into action class in struts 2.x

JSPs contain implicit session object to use in the jsp pages, when an action in invoked in struts we need to get ‘session ‘ into the action class, we can do this by implementing “SessionAware” interface. Eclipse  will ask you to implement an unimplemented  method click on that meesage and eclipse will create the method for you called “public void setSession(Map<String, Object> arg0){//TODO}”

(more…)

xss cleanup filter php

You can check with this function

function xss_clean($data)
{
// Fix &entity\n;
$data = str_replace(array('&','<','>'), array('&','<','>'), $data);
$data = preg_replace('/(&#*\w+)[\x00-\x20]+;/u', '$1;', $data);
$data = preg_replace('/(&#x*[0-9A-F]+);*/iu', '$1;', $data);
$data = html_entity_decode($data, ENT_COMPAT, 'UTF-8');

// Remove any attribute starting with "on" or xmlns
$data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $data);

// Remove javascript: and vbscript: protocols
$data = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2nojavascript...', $data);
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2novbscript...', $data);
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#u', '$1=$2nomozbinding...', $data);

// Only works in IE: <span style="width: expression(alert('Ping!'));"></span>
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#iu', '$1>', $data);

// Remove namespaced elements (we do not need them)
$data = preg_replace('#</*\w+:\w[^>]*+>#i', '', $data);

do
{
// Remove really unwanted tags
$old_data = $data;
$data = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $data);
}
while ($old_data !== $data);

// we are done...
return $data;
}

the above function filters the cross site scripting vulnerabilities.

Autoloading a Class file in PHP

You can autoload a class file in php 5 version using once of its Magic Methods.

1. You can use the __autoload() magic method to do this .

Ex:

 function __autoload($classname) {

	  if(preg_match('/_/i',$classname))
	  {
	  	$class_array = explode('_',$classname);
	  	$temp_array = array();
	  	foreach ( $class_array as $key => $value ) {

			if($key == (count($class_array)-1))
			{
				$temp_array[] =  $value;
			}
			else
			{
				$temp_array[] = strtolower($value);
			}

	  	}

	  	$include_file_path = implode('/',$temp_array);
	  	 include_once( $include_file_path . ".php");
	  }
	  }

Importing a CSV file in PHP

You can use the below code to import a CSV file in php

$handler = fopen("filename.csv", 'r');
while(($finaldata = fgetcsv($handler, 1000, ",")) !== false)
{
 list($column1, $column2, ...) = $finaldata; // retreives all columns
}
fclose($handle);