Oct 15, 2011

9608cqgp国际离岸业务操作中的合同关系人及如何隐身避险

尊敬的i.1, 您好:

            

        此致,

敬礼!

禄任辉 -2011-10-16-7:27:16

Oct 14, 2011

Key Differences Between Validation and Sanitization

Key Differences Between Validation and Sanitization  阅读原文»

VIP Services developer Daniel Bachhuber shares some tips on writing better code for your WordPress site:

Your code works, but is it safe? When writing code for a high-profile environment, you’ll need to be extra cautious of how you handle data coming into WordPress and how it’s presented to the end user. This commonly comes up when building a settings page for your theme, creating and manipulating shortcodes, or saving and rendering extra data associated with a post.

There’s a distinction between how input and output are managed, however.

Validation: Checking User Input

To validate is to ensure the data you’ve requested of the user matches what they’ve submitted. There are several core methods you can use for input validation; usage obviously depends on the type of fields you’d like to validate. Let’s take a look at an example.

Say we have an input area in our form like this:

<input type="text" id="my-zipcode" name="my-zipcode" maxlength="5" />

Just like that, we’ve limited my user to five characters of input, but there’s no limitation on what they can input. They could enter “11221″ or “eval(“. If we’re saving to the database, there’s no way we want to give the user unrestricted write access.

This is where validation plays a role. When processing the form, we’ll write code to check each field for its proper data type. If it’s not of the proper data type, we’ll discard it. For instance, to check “my-zipcode” field, we might do something like this:

$safe_zipcode = intval( $_POST['my-zipcode'] ); if ( ! $safe_zipcode ) $safe_zipcode = ''; update_post_meta( $post->ID, 'my_zipcode', $safe_zipcode );

The intval() function casts user input as an integer, and defaults to zero if the input was a non-numeric value. We then check to see if the value ended up as zero. If it did, we’ll save an empty value to the database. Otherwise, we’ll save the properly validated zipcode.

This style of validation most closely follows WordPress’ whitelist philosophy: only allow the user to input what you’re expecting. Luckily, there’s a number of handy helper functionsyou can use for most every data type.

Sanitization: Escaping Output

For security on the other end of the spectrum, we have sanitization. To sanitize is to take the data you may already have and help secure it prior to rendering it for the end user. WordPress thankfully has a few helper functions we can use for most of what we’ll commonly need to do:

esc_html() we should use anytime our HTML element encloses a section of data we’re outputting.

<h4><?php echo esc_html( $title ); ?></h4>

esc_url() should be used on all URLs, including those in the ‘src’ and ‘href’ attributes of an HTML element.

<img src="<?php echo esc_url( $great_user_picture_url ); ?>" />

esc_js() is intended for inline Javascript.

<a href="#" onclick="<?php echo esc_js( $custom_js ); ?>">Click me</a>

esc_attr() can be used on everything else that’s printed into an HTML element’s attribute.

<ul class="<?php echo esc_attr( $stored_class ); ?>">

It’s important to note that most WordPress functions properly prepare the data for output, and you don’t need to escape again.

<h4><?php the_title(); ?></h4>

Also, as there are always exceptions to the rule, there are a selection of user-submitted data that needs to be validated andsanitized. Freeform text areas would fall into this category. For this, you can run user data through sanitize_text_field() or any of the wp_kses_*() functions.

To recap:follow the whitelist philosophy with data validation, and only allow the user to input data of your expected type. If it’s not the proper type, discard it. Sanitize data as much as possible on output, and a selection needs to be sanitized on input too.

Hit us with your questions or tips in the comments.


阅读更多内容

该邮件由 QQ邮件列表 推送。
如果您不想继续收到该邮件,可点此 退订

Oct 13, 2011

063678包装|设计与|管理高|级训练|班

尊敬的i.9x8wh1, 您好:

            

        此致,

敬礼!

司旺骏 -2011-10-14-10:34:25

gblog.stutimes.com - Did you receive this email sent to you last week ?

Did you receive the e-mail which we sent to you recently (copied here-below)?
Please confirm since I have had problems lately with emails intercepted by spam-filters set too high.

Cordially,

Martin Vermont, Ph.D.
martinvermont@languageseo.net

I am Dr. Martin Vermont and I work for Multilingual Search Engine Optimization Inc. in Washington DC  (Tel: 1-202-558-2504) - I would like to speak with the person in charge of your international clientele. Who is my contact? Who should I speak to??

In fact, after visiting gblog.stutimes.com , I have noticed that your website cannot be found on foreign search engines (I tested it on Hispanic search engines, German search engines, Asian search engines, etc.) Our company is specialized in multilingual search engine promotions in 28 languages . From the Japanese Google to the German Yahoo, from the AOL  in Spanish to the MSN in Chinese, we can show you how to develop a true international online presence by promoting your website on foreign search engines.

Let us show  you how to develop a presence on the multilingual web without having to  translate your website: It is not necessary to translate your website in  order to submit to foreign search engines, however, you need to have at least  1 page in Japanese optimized with Japanese keywords and meta tags in order to  submit to Japanese search engines, at least 1 page in Spanish optimized with  Spanish keywords in order to submit to Hispanic search engines and so  on...

I strongly suggest that you watch our online presentation which explains clearly how to get top rankings on foreign search engines with  only 1 entry page per language (click on the following link or copy-paste it  into your web browser): http://www.languageseo.net/demo

From the Japanese Google to the German Yahoo, from the AOL  in Spanish to the MSN in Chinese, get users to find your website when  searching with YOUR KEYWORDS in their Native language.

Please call me at +1 (202) 558-2504 or email me and let's work on giving your website the true  international exposure which it deserves to have with foreign native online  users!!

Regards,

Martin Vermont, Ph.D.
martinvermont@languageseo.net

Multilingual Search Engine Optimization Inc.
1250 Connecticut Ave N.W. Suite  200
Washington, DC 20036 USA
TEL: +1 (202) 558-2504 - FAX: 1 (202)-318-4779
http://www.languageseo.net
Multilingual Search Engine Promotion Services since 1999.



Oct 12, 2011

506698-◤新任经理全面管理技能提升训练◥

尊敬的hzyjdcs, 您好:

 详情请查阅附件信息并转交相关人员!

        此致,

敬礼!

毛秀琴 -2011-10-13-9:26:48

Oct 11, 2011

gyjbbh沟通中有哪些因素影响客户是否与我们签单

尊敬的i.2ww0d, 您好:

            

        此致,

敬礼!

盛宏学 -2011-10-12-4:45:50

Oct 10, 2011

WordPress 3.3 Beta 1

WordPress 3.3 Beta 1  阅读原文»

WordPress 3.3 is ready for beta testers.

As always, this is software still in development andwe don't recommend that you run it on a production site― set up a test site just to play with the new version. If you break it (find a bug), please report it, and if you're a developer, try to help us fix it.

If all goes well, we hope to release WordPress 3.3 by the end of November. The more help we get with testing and fixing bugs, the sooner we will be able to release the final version. If you want to be a beta tester, you should check out the Codex article onhow to report bugs.

Here's some of what's new:

  • Media uploader
  • Improved admin bar
  • Fly out admin menus

Remember, if you find something you think is a bug, report it! You can bring it up in thealpha/beta forum, you can email it to thewp-testers list, or if you've confirmed that other people are experiencing the same bug, you can report it on theWordPress Core Trac. (We recommend starting in the forum or on the mailing list.)

Theme and plugin authors, if you haven't been following the 3.3 development cycle,please start nowso that you can update your themes and plugins to be compatible with the newest version of WordPress.

Download WordPress 3.3 Beta 1

And now, haiku.

Features almost done…

3.3 at Beta 1.

Test it now — have fun!

阅读更多内容

该邮件由 QQ邮件列表 推送。
如果您不想继续收到该邮件,可点此 退订

lxuvor善用四种销售人员类型:驼鸟型/玉兔型/雄狮型/野狼型

尊敬的i.am.weihua.1234, 您好:

            

        此致,

敬礼!

司马佩儒 -2011-10-11-5:15:24

Oct 9, 2011

3nzw2wk打造超级战斗力销售团队(第21-23期)

尊敬的i.am.weihua.1234, 您好:

            

        此致,

敬礼!

杭群原 -2011-10-10-10:04:34