Sunday, July 8, 2012

Disable "Hide all normal windows" shortcut in Ubuntu+GNOME-Shell

Run this command in a terminal to completely disable the show-desktop key binding:
# gsettings set org.gnome.desktop.wm.keybindings show-desktop "['']"

Saturday, May 5, 2012

GNOME-Shell Hamster Extension Update


A few bugs left to fix before I push it to github!

Wednesday, May 2, 2012

Gnome-Shell Extension Hamster Activities

At work I use Hamster for tracking time. Recently I moved to Ubuntu 12.04 and GNOME-Shell. Unfortunately, there is currently no applet or other integration of any kind for Hamster and GNOME-Shell. So I made my own: It's a search provider that gets the activities via DBus and presents them as icons. Activating them starts tracking the selected activity in Hamster.


Simply copy the directory hamster-search-provider@gnome-shell-extensions.fre-sch.github.com to your .local/share/gnome-shell/extensions directory and restart the shell. For now, you also need to start Hamster at least once, so the DBus hamster-service is running.

Friday, March 16, 2012

AJAX and Cross Site Request Forgery

One of Yii's features is Cross Site Request Forgery protection. This is mostly transparent and happening automatically if enabled in protected/config/main.php, the relevant option is:

<?php
    //...
    'components'=>array(
        'request'=>array(
            'enableCsrfValidation'=>true,
        ),
    ),
    //...

On each request it then generates a new token which is transparently included in all forms generated by CHtml::beginForm. Checking this token is also handled transparently on submission of these forms.

However, if you are doing AJAX requests, you'll have to pass the token manually. In practice, this is easily overlooked, and leads to irritating bug searches. Since Yii by default uses jQuery and jQuery supports setting default AJAX options, this is how AJAX requests can include the CSRF token automatically (in protected/components/Controller.php):

<?php
class Controller extends CController
{
    public function init()
    {
        $this->initAjaxCsrfToken();
    }
    protected function initAjaxCsrfToken()
    {
        Yii::app()->clientScript->registerScript('AjaxCsrfToken',
        'jQuery.ajaxOptions({data:' . json_encode(array(
            Yii::app()->request->csrfTokenName => Yii::app()->request->csrfToken,
        )) .'});', CClientScript::POS_HEAD);
    }
}

That's it, from now on all AJAX requests done using jQuery include the CSRF token. This includes requests done using $.ajax, $.get, $.post, $.load and others since they all fallback to using $.ajax.

Thursday, March 15, 2012

Sluggable URLs with Catch All

In a previous post I explained a basic approach to make URLs more SEO-friendly. That approach works well if URLs can contain the controller name. But sometimes that's not desirable. What's needed then is a Catch All Route.