User Tag List

Page 2 of 2 FirstFirst 1 2
Results 11 to 19 of 19

Thread: Send JSON data from Click fusion 2.5

  1. #11
    Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleInstall Creator ProUnicode Add-on

    Join Date
    Jun 2011
    Posts
    628
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Bad idea LB... He should do that in server-side. Just send normal data but in your php code use addslashes function
    Code:
    $data = addslashes($_POST['data']);

  2. #12
    Clickteam Clickteam
    LB's Avatar
    Join Date
    Jun 2007
    Location
    Richardson, Texas, North America
    Posts
    8,937
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    ColdFire, the issue is that the data is being sent to the server in JSON format, and the client has to produce valid JSON for the server to parse it properly. Without sanitizing on clientside, the user could inject their own JSON key/value pairs and the server wouldn't even know the difference.
    Working as fast as I can on Fusion 3

  3. #13
    Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleInstall Creator ProUnicode Add-on

    Join Date
    Jun 2011
    Posts
    628
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    No, It work even without sanitizing in mfa source code and php code.

    json.php
    Code:
    <?php
    
    
    $data = addslashes($_POST['data']);
    //$data = $_POST['data'];
    
    
    if($data != ""){
        
        $fp = fopen("json.txt", "a"); 
        flock($fp, 2); 
        fwrite($fp, $data); 
        flock($fp, 3); 
        fclose($fp); 
    }
    
    
    ?>

    json.mfa:
    https://www.dropbox.com/s/29ao1sslzgnfls4/json.mfa?dl=0

  4. #14
    Clickteam Clickteam
    LB's Avatar
    Join Date
    Jun 2007
    Location
    Richardson, Texas, North America
    Posts
    8,937
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    No, you completely misunderstand. The format of the JSON is not determined by the user, only some parts of the premade JSON are filled in with user input. Look up SQL Injection for more information - it's basically the same thing.
    Working as fast as I can on Fusion 3

  5. #15
    Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleInstall Creator ProUnicode Add-on

    Join Date
    Jun 2011
    Posts
    628
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Without sanitizing on clientside, the user could inject their own JSON key/value pairs and the server wouldn't even know the difference.
    User always can do that if he have software like wireshark:> He need something stronger to secure it on server-side.


    He need something like this:
    Code:
    <?php
    
    
    // seciurity_code = MD5("{""key"": """ + ReplaceSubstring$( "Substring Replace", ReplaceSubstring$( "Substring Replace", Edittext$( "json_code" ), "\", "\\" ), """", "\""" ) + """}"+"topsecretpassword")
    
    $data = addslashes($_POST['data']);
    $sc = $_POST['seciurity_code'];     
    
    
    
    
    if($data != ""){
        
        if( md5($data+"topsecretpassword") == $sc ){
        
            $fp = fopen("json.txt", "a"); 
            flock($fp, 2); 
            fwrite($fp, $data); 
            flock($fp, 3); 
            fclose($fp);
    
    
    
    
            }
    }
    
    
    
    
    ?>

  6. #16
    Clickteam Clickteam
    LB's Avatar
    Join Date
    Jun 2007
    Location
    Richardson, Texas, North America
    Posts
    8,937
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    The point is to protect against doing it accidentally - for example if the user data contains quotes. Data should always be sanitized.
    Working as fast as I can on Fusion 3

  7. #17
    Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleInstall Creator ProUnicode Add-on

    Join Date
    Jun 2011
    Posts
    628
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    So my example is better because it protect it in both cases

  8. #18
    Clickteam Clickteam
    LB's Avatar
    Join Date
    Jun 2007
    Location
    Richardson, Texas, North America
    Posts
    8,937
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    What do you mean "both cases"? There is only one case: the clientside data contains quotes and/or backslashes. I'm not sure why you're involving MD5 here.
    Working as fast as I can on Fusion 3

  9. #19
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleiOS Export ModuleSWF Export Module
    Tuna's Avatar
    Join Date
    Feb 2008
    Location
    Central Texas
    Posts
    1,853
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I realize this thread is a bit old but I'm curious if this was worked out to your liking...

Page 2 of 2 FirstFirst 1 2

Similar Threads

  1. [bug rc1] Get Object (Send Data)
    By StingRay in forum Android Export Module Version 2.0
    Replies: 1
    Last Post: 12th October 2012, 06:05 PM
  2. Send data to GoogleMap App?!
    By StingRay in forum iOS Export Module Version 2.0
    Replies: 1
    Last Post: 15th October 2011, 03:22 PM
  3. Any way to send data through a proxy?
    By ClickerGuy in forum Multimedia Fusion 2 - Technical Support
    Replies: 4
    Last Post: 24th September 2008, 08:14 PM
  4. How do I send array data between sub and main app?
    By KuroiNeko in forum Multimedia Fusion 2 - Technical Support
    Replies: 12
    Last Post: 13th July 2008, 07:32 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •