# gsettings set org.gnome.desktop.wm.keybindings show-desktop "['']"
Block of Code
Sunday, July 8, 2012
Disable "Hide all normal windows" shortcut in Ubuntu+GNOME-Shell
Saturday, May 5, 2012
Wednesday, May 2, 2012
Gnome-Shell Extension Hamster Activities
hamster-search-provider@gnome-shell-extensions.fre-sch.github.com
to your .local/share/gnome-shell/extensions
directory and restart the shell. For now, you also need to start Hamster at least once, so the DBus hamster-service is running.Friday, March 16, 2012
AJAX and Cross Site Request Forgery
One of Yii's features is Cross Site Request Forgery protection. This is mostly transparent and happening automatically if enabled in protected/config/main.php
, the relevant option is:
<?php //... 'components'=>array( 'request'=>array( 'enableCsrfValidation'=>true, ), ), //...
On each request it then generates a new token which is transparently included in all forms generated by CHtml::beginForm
. Checking this token is also handled transparently on submission of these forms.
However, if you are doing AJAX requests, you'll have to pass the token manually. In practice, this is easily overlooked, and leads to irritating bug searches. Since Yii by default uses jQuery and jQuery supports setting default AJAX options, this is how AJAX requests can include the CSRF token automatically (in protected/components/Controller.php
):
<?php class Controller extends CController { public function init() { $this->initAjaxCsrfToken(); } protected function initAjaxCsrfToken() { Yii::app()->clientScript->registerScript('AjaxCsrfToken', 'jQuery.ajaxOptions({data:' . json_encode(array( Yii::app()->request->csrfTokenName => Yii::app()->request->csrfToken, )) .'});', CClientScript::POS_HEAD); } }
That's it, from now on all AJAX requests done using jQuery include the CSRF token. This includes requests done using $.ajax
, $.get
, $.post
, $.load
and others since they all fallback to using $.ajax
.
Thursday, March 15, 2012
Sluggable URLs with Catch All
In a previous post I explained a basic approach to make URLs more SEO-friendly. That approach works well if URLs can contain the controller name. But sometimes that's not desirable. What's needed then is a Catch All Route.