Jump to content

Fi8sVrs

Active Members
  • Content count

    2199
  • Joined

  • Last visited

  • Days Won

    30

Fi8sVrs last won the day on July 14

Fi8sVrs had the most liked content!

Community Reputation

917 Excellent

1 Follower

About Fi8sVrs

  • Rank
    Kamikaze

Recent Profile Visitors

1848 profile views
  1. Are you using Foxit PDF Reader? If yes, then you need to watch your back. Security researchers have discovered two critical zero-day security vulnerabilities in Foxit Reader software that could allow attackers to execute arbitrary code on a targeted computer, if not configured to open files in the Safe Reading Mode. The first vulnerability (CVE-2017-10951) is a command injection bug discovered by researcher Ariele Caltabiano working with Trend Micro's Zero Day Initiative (ZDI), while the second bug (CVE-2017-10952) is a file write issue found by Offensive Security researcher Steven Seeley. An attacker can exploit these bugs by sending a specially crafted PDF file to a Foxit user and enticing them to open it. Foxit refused to patch both the vulnerabilities because they would not work with the "safe reading mode" feature that fortunately comes enabled by default in Foxit Reader. However, researchers believe building a mitigation doesn't patch the vulnerabilities completely, which if remained unpatched, could be exploited if attackers find a way to bypass safe reading mode in the near future. Both unpatched vulnerabilities can be triggered through the JavaScript API in Foxit Reader. CVE-2017-10951: The command injection bug resides in an app.launchURL function that executes strings provided by attackers on the targeted system due to lack of proper validation, as demonstrated in the video given below. CVE-2017-10952: This vulnerability exists within the "saveAs" JavaScript function that allows attackers to write an arbitrary file on a targeted system at any specific location, as demonstrated in the video given below. If you are one of those using Foxit Reader and PhantomPDF, ensure you have the "Safe Reading Mode" feature enabled. Additionally, you can also uncheck the "Enable JavaScript Actions" from Foxit's Preferences menu, although this may break some functionality. Users are also recommended always to be vigilant while opening any files they received via email. Just recently, we reported how opening a malicious PowerPoint file could compromise your computer with malware. So, always beware of phishing emails, spams, and clicking the malicious attachment. Source: https://thehackernews.com/2017/08/two-critical-zero-day-flaws-disclosed.html
  2. More than 4.7 million users were apparently exposed to potentially malicious ads and credential theft after cybercriminals managed to hijack the developer accounts of several popular Chrome extensions. The actors used phishing emails to gain access to the developers’ Google accounts and submit to the Chrome Web Store malicious versions of legitimate extensions. The malicious code injected in these tools was meant to modify the advertisements displayed to users and to grab specific credentials from the victims’ machines. After taking a closer look at the incidents, Proofpoint concluded that 8 Chrome extensions have been compromised by the actor using the same modus operandi: Web Developer Chrometana Infinity New Tab CopyFish Web Paint Social Fixer TouchVPN Betternet VPN At the moment, these extensions have a combined user base of more than 4.77 million users. As previously reported, the phishing attack to compromise the developer accounts was pretty straightforward: an email purporting to come from Google Support prompted the targeted developers to log into their accounts to update some information. The login link in the email, however, would take developers to the attacker’s site instead, resulting in their credentials being stolen. Next, the attackers would take over the compromised developer account and/or hijack their Chrome extension to replace it with a malicious variant. According to Proofpoint, the actor included in the code a check to ensure the extension has been installed for at least 10 minutes before starting the malicious behavior, most probably in an attempt to bypass detection. The malicious code was also observed attempting to retrieve a remote file called ga.js over HTTPS, from a domain generated via a domain generation algorithm (DGA). Analysis of the malicious components in Web Developer revealed that the code from this step was meant to conditionally call additional scripts, including some that would harvest Cloudflare credentials after the victim’s login. Next, “the compromised version of the extension attempts to substitute ads on the victim’s browser, hijacking traffic from legitimate advertising networks,” Proofpoint says, adding that the attackers focused mainly on carefully crafted substitution ads on adult websites, although they targeted a variety of other websites as well. The ad substitutions work for 33 popular banner sizes including 468x60, 728x90, and many more spanning numerous aspect ratios, the researchers say. In many instances, the victims were presented with fake JavaScript alerts claiming that the computer required repairing. Clicking on these ads would redirect users to affiliate programs from which the threat actors could profit. Proofpoint observed the compromised Web Developer extension directing victims to two such affiliates, but says that others may also have been used. The popup alerts were also associated with the compromise of the Infinity New Tab extension in May 2017, as well as with fake EU cookie-consent alerts last year. Via http://www.securityweek.com/hijacked-extensions-put-47-million-chrome-users-risk
  3. Achizitionare Server Dedicat

    e geu sa dai un Lookup pe celelate site-uri? http://whois.domaintools.com/filmehd.site http://whois.domaintools.com/filmecinema.net
  4. HBO doesn't need hackers to leak its widely watched "Game of Thrones" episodes, as it is sufficient enough to leak them by its own. In what seems to be a terrible blunder, HBO Spain appeared to have accidentally broadcast the next episode—Episode 6—of Game of Thrones season 7 five days before its official premiere. And as expected, the GoT episode 6 quickly began circulating online. HBO has recently been facing trouble from a hacker or group of hackers who claimed to have obtained nearly 1.5 terabytes of information from the entertainment company. Late last month, the unknown hackers dropped upcoming episodes of "Ballers" as well as "Room 104," along with a script of the fourth episode of "Game of Thrones" on the internet. The leak was followed by another dump of a half-gigabyte sample of stolen HBO data, including HBO's emails, employment agreements, and balance sheets, along with the script of the upcoming Game of Thrones episode, demanding a ransom—nearly $6 Million in Bitcoins. A recently leaked screenshot of an email from an HBO executive also suggested that the company offered hackers $25,000 and requested them to extend the ransom payment deadline by one week. Sadly, the proposal apparently failed to satisfy the desires of HBO hackers, and they threatened to release more data from its 1.5 terabytes of stolen data every Sunday until the complete ransom of millions of dollars was paid. However, the recent leak has nothing to do with hackers, and rather the new unreleased episode was accidentally broadcast by HBO Nordic in Spain for about an hour before it was removed, first spotted by Reddit users. The new GOT episode was purportedly available via the HBO's Spanish on-demand service. Here's what HBO has to say about the latest leak: Short footage and GIFs from the GOT S07E06 was started circulating on YouTube, Reddit, Instagram, Twitch and other streaming services. The episode 6 of "Game of Thrones" will officially be premiered on Sunday at 9 p.m. on HBO. Via https://thehackernews.com/2017/08/game-of-thrones-season7.html
  5. PyStat - Advanced Netstat For Windows Features: Know remote address of process Know remote ports of process Know which user using process along with title & PID Changelogs: Auto Install python modules support added in install.py Installation Guide Download the .zip file Extract the pystat folder from .zip file to some drive i.e C:\tools\pystat Goto C:\tools\pystat Press SHIFT KEY + RIGHT CLICK and select open Command Window here Enter this command python install.py, Enjoy Warning! Don't move pystat folder after installation, will stop working Download PyStat-master.zip Source: https://github.com/roothaxor/PyStat
  6. AUTHENTICATION SERVER The idea behind Isolate is that we should somehow manage how do people get access to our servers. How can we make this process more secure? How could we prevent a system from being compromised when someone lost the laptop with ssh key. What would we do in case someone quits the company - is there an alternative to just changing all passwords, keys, etc? Isolate adds OTP 2FA to SSH login. It could be hardware YubiKey or Google Authenticator app. If someone lost the password - OTP key is here and the intruder can't get access to the bastion host. Users don't get direct access to endpoint servers - they go there through Isolate server, the system tracks their actions. You can easily manage access to the bastion server - add/remove users, etc. Technically you should generate and place the bastion host key on endpoint servers, and users will get regular access to Isolate server with the sudoer access to ssh command. Once they want to connect to the endpoint server, the system executes ssh command and ssh client running with privileged user permissions gets server key and using it the system gets access to the server we need to get access to. Supports OTP (counter and time based) 2FA algorithms SSH sessions logging Requirements Fresh CentOS 7 / Ubuntu 16.04 / Debian 9 setup Ansible 2.3+ for install or update Installation https://github.com/itsumma/isolate#install Download isolate-master.zip Source: https://github.com/itsumma/isolate
  7. SAML Raider - SAML2 Burp Extension

    tu chiar nu observi ca nu iti acord atentie?!
  8. Description SAML Raider is a Burp Suite extension for testing SAML infrastructures. It contains two core functionalities: Manipulating SAML Messages and manage X.509 certificates. This software was created by Roland Bischofberger and Emanuel Duss during a bachelor thesis at the Hochschule für Technik Rapperswil (HSR). Our project partner and advisor was Compass Security Schweiz AG. We thank Compass for the nice collaboration and support during our bachelor thesis. Features The extension is divided in two parts. A SAML message editor and a certificate management tool. Message Editor Features of the SAML Raider message editor: Sign SAML Messages Sign SAML Assertions Remove Signatures Edit SAML Message (Supported Messages: SAMLRequest and SAMLResponse) Preview eight common XSW Attacks Execute eight common XSW Attacks Send certificate to SAMl Raider Certificate Management Undo all changes of a SAML Message Supported Profiles: SAML Webbrowser Single Sign-on Profile, Web Services Security SAML Token Profile Supported Bindings: POST Binding, Redirect Binding, SOAP Binding, URI Binding Certificate Management Features of the SAML Raider Certificate Management: Import X.509 certificates (PEM and DER format) Import X.509 certificate chains Export X.509 certificates (PEM format) Delete imported X.509 certificates Display informations of X.509 certificates Import private keys (PKCD#8 in DER format and traditional RSA in PEM Format) Export private keys (traditional RSA Key PEM Format) Cloning X.509 certificates Cloning X.509 certificate chains Create new X.509 certificates Editing and self-sign existing X.509 certificates Download: saml-raider-1.2.1.jar Installation: https://github.com/SAMLRaider/SAMLRaider#installation Source: https://github.com/SAMLRaider/SAMLRaider
  9. JWT cracker

    JWT cracker A multi-threaded JWT brute-force cracker written in C. If you are very lucky or have a huge computing power, this program should find the secret key of a JWT token, allowing you to forge valid tokens. This is for testing purposes only, do not put yourself in trouble I used the Apple Base64 implementation that I modified slightly. Compile Make sure you have openssl's headers installed. On Ubuntu you can install them with apt-get install libssl-dev make If you use a Mac, you can install OpenSSL with brew install openssl, but the headers will be stored in a different location: make OPENSSL=/usr/local/opt/openssl/include OPENSSL_LIB=-L/usr/local/opt/openssl/lib Run $ > ./jwtcrack eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.cAOIAifu3fykvhkHpbuhbvtH807-Z2rI1FS3vX1XMjE In the above example, the key is Sn1f. It takes approximately 2 seconds to crack on my Macbook. Contribute No progress status If you stop the program, you cannot start back where you were IMPORTANT: Known bugs The base64 implementation I use (from Apple) is sometimes buggy because not every Base64 implementation is the same. So sometimes, decrypting of your Base64 token will only work partially and thus you will be able to find a secret to your token that is not the correct one. If someone is willing to implement a more robust Base64 implementation, that would be great Download c-jwt-cracker-master.zip Source: https://github.com/brendan-rius/c-jwt-cracker
  10. Quali CloudShell version 7.1.0.65.08 (Patch 6) suffers from multiple persistent cross site scripting vulnerabilities. # Vulnerability type: Multiple Stored Cross Site Scripting # Vendor: Quali # Product: CloudShell # Affected version: v7.1.0.6508 (Patch 6) # Patched version: v8 and up # Credit: Benjamin Lee # CVE ID: CVE-2017-9767 ========================================================== # Overview Quali CloudShell (v7.1.0.6508 Patch 6) is vulnerable to multiple stored XSS vulnerabilities on its platform this can be exploited to execute arbitrary HTML and script code on all users (including administrators) from a low-privileged account. ========================================================== # Vulnerable URL 1 (Reservation Function) /RM/Reservation/ReserveNew # Vulnerable parameter(s) - Name - Description # Sample payload '"><script>alert("xss")</script> # PROOF OF CONCEPT - Go to the "Inventory" tab - Click on details button on either of the items - Click on the reserve button and enter the XSS payload onto the affected parameters - Add users to the permitted user list (e.g. admin accounts) - Once the user click on the reservation list details, the XSS would be executed ========================================================== # Vulnerable URL 2 (Environment Function) /RM/Topology/Update # Vulnerable parameter(s) - Description # Sample payload '"><script>alert("xss")</script> # PROOF OF CONCEPT - Go to the "Environment" tab - Click on item properties button - Enter the XSS payload onto the affected parameters - Change the owner to another user (e.g. admin accounts) - Once the user click on the more info button of the item in the environment tab, the XSS would be executed ========================================================== # Vulnerable URL 3 (Job Scheduling Function) /SnQ/JobTemplate/Edit?jobTemplateId=<job template id> # Vulnerable parameter(s) - Name - Description - ExecutionBatches[0].Name - ExecutionBatches[0].Description - Labels # Sample payload '"><script>alert("xss")</script> # PROOF OF CONCEPT - Go to the "Job Scheduling > Add New Suite" tab - Enter the XSS payload onto the affected parameters - Once the user view details of this suite, the XSS would be executed ========================================================== # Vulnerable URL 4 (Resource Template Function) /RM/AbstractTemplate/AddOrUpdateAbstractTemplate # Vulnerable parameter(s) - Alias - Description # Sample payload '"><script>alert("xss")</script> # PROOF OF CONCEPT - Go to the "Inventory > abstract template > Add New" tab - Enter the XSS payload onto the affected parameters - Once the user click on the more info button of the item, the XSS would be executed ========================================================== # Timeline - 06/06/2017: Vulnerability found - 20/06/2017: Vendor informed - 20/06/2017: Vendor responded and acknowledged - 16/07/2017: Vendor fixed the issue - 12/08/2017: Vendor agreed on public disclosure - 14/08/2017: Public disclosure https://packetstormsecurity.com/files/143746/Quali-CloudShell-7.1.0.6508-Patch-6-Cross-Site-Scripting.html
  11. A few months back we reported how opening a simple MS Word file could compromise your computer using a critical vulnerability in Microsoft Office. The Microsoft Office remote code execution vulnerability (CVE-2017-0199) resided in the Windows Object Linking and Embedding (OLE) interface for which a patch was issued in April this year, but threat actors are still abusing the flaw through the different mediums. Security researchers have spotted a new malware campaign that is leveraging the same exploit, but for the first time, hidden behind a specially crafted PowerPoint (PPSX) Presentation file. According to the researchers at Trend Micro, who spotted the malware campaign, the targeted attack starts with a convincing spear-phishing email attachment, purportedly from a cable manufacturing provider and mainly targets companies involved in the electronics manufacturing industry. Researchers believe this attack involves the use of a sender address disguised as a legitimate email sent by a sales and billing department. Here's How the Attack Works: The complete attack scenario is listed below: Step 1: The attack begins with an email that contains a malicious PowerPoint (PPSX) file in the attachment, pretending to be shipping information about an order request. Step 2: Once executed, the PPSX file calls an XML file programmed in it to download "logo.doc" file from a remote location and runs it via the PowerPoint Show animations feature. Step 3: The malformed Logo.doc file then triggers the CVE-2017-0199 vulnerability, which downloads and executes RATMAN.exe on the targeted system. Step 4: RATMAN.exe is a Trojanized version of the Remcos Remote Control tool, which when installed, allows attackers to control infected computers from its command-and-control server remotely. Remcos is a legitimate and customizable remote access tool that allows users to control their system from anywhere in the world with some capabilities, like a download and execute the command, a keylogger, a screen logger, and recorders for both webcam and microphone. Since the exploit is used to deliver infected Rich Text File (.RTF) documents, most detection methods for CVE-2017-0199 focuses on the RTF. So, the use of a new PPSX files allows attackers to evade antivirus detection as well. The easiest way to prevent yourself completely from this attack is to download and apply patches released by Microsoft in April that will address the CVE-2017-0199 vulnerability. Source
  12. react-beautiful-dnd

    Beautiful, accessible drag and drop for lists with React.js Examples See how beautiful it is for yourself - have a play with the examples! Core characteristics: beautiful, natural movement of items clean and powerful api which is simple to get started with unopinionated styling no creation of additional wrapper dom nodes - flexbox and focus management friendly! plays well with existing interactive nodes such as anchors state driven dragging - which allows for dragging from many input types, including programatic dragging. Currently only mouse and keyboard dragging are supported Why not react-dnd? There are a lot of libraries out there that allow for drag and drop interactions within React. Most notable of these is the amazing react-dnd. It does an incredible job at providing a great set of drag and drop primitives which work especially well with the wildly inconsistent html5 drag and drop feature. react-beautiful-dnd is a higher level abstraction specifically built for vertical and horizontal lists. Within that subset of functionality react-beautiful-dnd offers a powerful, natural and beautiful drag and drop experience. However, it does not provide the breadth of functionality offered by react-dnd. So this library might not be for you depending on what your use case is. Still young! This library is still fairly new and so there is a relatively small feature set. Be patient! Things will be moving rather quickly! Currently supported feature set dragging an item within a single vertical list multiple independent lists on the one page mouse and keyboard dragging flexible height items (the draggable items can have different heights) custom drag handle (you can drag a whole item by just a part of it) the vertical list can be a scroll container (without a scrollable parent) or be the child of a scroll container (that also does not have a scrollable parent) Short term backlog Dragging within a horizontal list Moving items between vertical lists (until this lands conditional dropping will not be available) Medium term backlog Moving items between horizontal lists Moving a Draggable from a vertical list to a horizontal list Dragging multiple items at once Long term backlog Touch support Automatically disabling animations when the frame rate drops below a threshold. A mechanism to programatically perform dragging without user input And lots more! Basic usage example This is a simple reorderable list. You can play with it on webpackbin import React, { Component } from 'react'; import ReactDOM from 'react-dom'; import { DragDropContext, Droppable, Draggable } from 'react-beautiful-dnd'; // fake data generator const getItems = (count) => Array.from({length: count}, (v, k) => k).map(k => ({ id: `item-${k}`, content: `item ${k}` })); // a little function to help us with reordering the result const reorder = (list, startIndex, endIndex) => { const result = Array.from(list); const [removed] = result.splice(startIndex, 1); result.splice(endIndex, 0, removed); return result; }; // using some little inline style helpers to make the app look okay const grid = 8; const getItemStyle = (draggableStyle, isDragging) => ({ // some basic styles to make the items look a bit nicer userSelect: 'none', padding: grid * 2, marginBottom: grid, // change background colour if dragging background: isDragging ? 'lightgreen' : 'grey', // styles we need to apply on draggables ...draggableStyle }); const getListStyle = (isDraggingOver) => ({ background: isDraggingOver ? 'lightblue' : 'lightgrey', padding: grid, width: 250 }); class App extends Component { constructor(props) { super(props); this.state = { items: getItems(10) } this.onDragEnd = this.onDragEnd.bind(this); } onDragEnd (result) { // dropped outside the list if(!result.destination) { return; } const items = reorder( this.state.items, result.source.index, result.destination.index ); this.setState({ items }); } // Normally you would want to split things out into separate components. // But in this example everything is just done in one place for simplicity render() { return ( <DragDropContext onDragEnd={this.onDragEnd}> <Droppable droppableId="droppable"> {(provided, snapshot) => ( <div ref={provided.innerRef} style={getListStyle(snapshot.isDraggingOver)} > {this.state.items.map(item => ( <Draggable key={item.id} draggableId={item.id} > {(provided, snapshot) => ( <div> <div ref={provided.innerRef} style={getItemStyle( provided.draggableStyle, snapshot.isDragging )} {...provided.dragHandleProps} > {item.content} </div> {provided.placeholder} </div> )} </Draggable> ))} </div> )} </Droppable> </DragDropContext> ); } } // Put the thing into the DOM! ReactDOM.render(<App />, document.getElementById('app')); Core design principle Drag and drop with react-beautiful-dnd is supposed to feel physical and natural - similar to that of moving physical objects around. Things should never 'snap' anywhere. Rather, everything should move naturally as much as possible. Application 1: knowing when to move Draggables will move into their new position based on their center of gravity. Regardless of where a user grabs an item from - the movement of other things is based on its center position. This is similar to a set of scales . Here are some rules that are followed to allow for a natural drag experience even with items of flexible height: A Droppable is dragged over when the center position of a dragging item goes over one of the boundaries of the Droppable A resting Draggable will move out of the way of a dragging Draggable when the center position of the dragging Draggable goes over the edge of the resting Draggable. Put another way: once the center position of a Draggable (A) goes over the edge of another Draggable (B), B moves out of the way. Application 2: no drop shadows Drop shadows are useful in an environment where items and their destinations snap around. However, with react-beautiful-dnd it should be obvious where things will be dropping based on the movement of items. This might be changed in the future - but the experiment is to see how far we can get without any of these affordances. Sloppy clicks and click blocking A drag will not start until a user has dragged their mouse past a small threshold. If this threshold is not exceeded then the library will not impact the mouse click and will release the event to the browser. When a user presses the mouse down on an element, we cannot determine if the user was clicking or dragging. If the sloppy click threshold was not exceeded then the event will be treated as if it where a click and the click event will bubble up unmodified. If the user has started dragging by moving the mouse beyond the sloppy click threshold then the click event will be prevented. This behavior allows you to wrap an element that has click behavior such as an anchor and have it work just like a standard anchor while also allowing it to be dragged. is a schrodinger's cat joke) Focus management react-beautiful-dnd does not create any wrapper elements. This means that it will not impact the usage tab flow of a document. For example, if you are wrapping an anchor tag then the user will tab to the anchor directly and not an element surrounding the anchor. Whatever element you wrap will be given a tab-index to ensure that users can tab to the element to perform keyboard dragging. Keyboard dragging Traditionally drag and drop interactions have been exclusively a mouse or touch interaction. This library supports drag and drop interactions using only a keyboard. This enables power users to drive more of our interfaces with a keyboard. It also opens drag and drop interactions to those who previously would be unable to use them due to an impediment. Shortcuts Currently the keyboard handling is hard coded. This could be changed in the future to become customisable. Here is the existing keyboard mapping: tab ↹ - standard browser tabbing will navigate through the Droppable's. The library does not do anything fancy with tab while users are selecting. Once a drag has started, tab is blocked for the duration of the drag. spacebar - lift a focused Draggable. Also, drop a dragging Draggable where the drag was started with a spacebar. Up arrow ↑ - move a Draggable that is dragging up on a vertical list Down arrow ↓ - move a Draggable that is dragging down on a vertical list Escape esc - cancel an existing drag - regardless of whether the user is dragging with the keyboard or mouse. Limitations of keyboard dragging There is a currently limitation of keyboard dragging: the drag will cancel if the user scrolls the window. This could be worked around but for now it is the simpliest initial approach. Installation # yarn yarn add react-beautiful-dnd # npm npm install react-beautiful-dnd --save API So how do you use the library? DragDropContext In order to use drag and drop, you need to have the part of your react tree that you want to be able to use drag and drop in wrapped in a DragDropContext. It is advised to just wrap your entire application in a DragDropContext. Having nested DragDropContext's is not supported. You will be able to achieve your desired conditional dragging and dropping using the props of Droppable and Draggable. You can think of DragDropContext as having a similar purpose to the react-redux Provider component Prop type information type Hooks = {| onDragStart?: (id: DraggableId, location: DraggableLocation) => void, onDragEnd: (result: DropResult) => void, |} type Props = Hooks & {| children?: ReactElement, |} Basic usage import { DragDropContext } from 'react-beautiful-dnd'; class App extends React.Component { onDragStart = () => {...} onDragEnd = () => {...} render() { return ( <DragDropContext onDragStart={this.onDragStart} onDragEnd={this.onDragEnd} > <div>Hello world</div> </DragDropContext> ) } } Hooks These are top level application events that you can use to perform your own state updates. onDragStart (optional) This function will get notified when a drag starts. You are provided with the following details: id: the id of the Draggable that is now dragging location: the location (droppableId and index) of where the dragging item has started within a Droppable. This function is optional and therefore does not need to be provided. It is highly recommended that you use this function to block updates to all Draggable and Droppable components during a drag. (See Best hooks practices) Type information onDragStart?: (id: DraggableId, location: DraggableLocation) => void // supporting types type Id = string; type DroppableId: Id; type DraggableId: Id; type DraggableLocation = {| droppableId: DroppableId, // the position of the draggable within a droppable index: number |}; onDragEnd (required) This function is extremely important and has an critical role to play in the application lifecycle. This function must result in the synchronous reordering of a list of Draggables It is provided with all the information about a drag: result: DragResult result.draggableId: the id of the Draggable was dragging. result.source: the location that the Draggable started in. result.destination: the location that the Draggable finished in. The destination will be null if the user dropped into no position (such as outside any list) or if they dropped the Draggable back into the same position that it started in. Synchronous reordering Because this library does not control your state, it is up to you to synchronously reorder your lists based on the result. Here is what you need to do: if the destination is null: all done! if source.droppableId equals destination.droppableId you need to remove the item from your list and insert it at the correct position. if source.droppableId does not equal destination.droppable you need to the Draggable from the source.droppableId list and add it into the correct position of the destination.droppableId list. Type information onDragEnd: (result: DropResult) => void // supporting types type DropResult = {| draggableId: DraggableId, source: DraggableLocation, // may not have any destination (drag to nowhere) destination: ?DraggableLocation |} type Id = string; type DroppableId: Id; type DraggableId: Id; type DraggableLocation = {| droppableId: DroppableId, // the position of the droppable within a droppable index: number |}; Best practices for hooks Block updates during a drag It is highly recommended that while a user is dragging that you block any state updates that might impact the amount of Draggables and Droppables, or their dimensions. Please listen to onDragStart and block updates to the Draggables and Droppables until you receive at onDragEnd. When the user starts dragging we take a snapshot of all of the dimensions of the applicable Draggable and Droppable nodes. If these change during a drag we will not know about it. Here are a few poor user experiences that can occur if you change things during a drag: If you increase the amount of nodes the library will not know about them and they will not be moved when the user would expect them to be. If you decrease the amount of nodes then there might be gaps and unexpected movements in your lists. If you change the dimensions of any node, it can cause the changed node as well as others to move at incorrect times. If you remove the node that the user is dragging the drag will instantly end If you change the dimension of the dragging node then other things will not move out of the way at the correct time. onDragStart and onDragEnd pairing We try very hard to ensure that each onDragStart event is paired with a single onDragEnd event. However, there maybe a rouge situation where this is not the case. If that occurs - it is a bug. Currently there is no mechanism to tell the library to cancel a current drag externally. Style During a drag it is recommended that you add two styles to the body: user-select: none; and cursor: grab; (or whatever cursor you want to use while dragging) user-select: none; prevents the user drag from selecting text on the page as they drag. cursor: [your desired cursor]; is needed because we apply pointer-events: none; to the dragging item. This prevents you setting your own cursor style on the Draggable directly based on snapshot.isDragging (see Draggable). Dynamic hooks Your hook functions will only be captured once at start up. Please do not change the function after that. If there is a valid use case for this then dynamic hooks could be supported. However, at this time it is not. Droppable Droppable components can be dropped on by a Draggable. They also contain Draggables. A Draggable must be contained within a Droppable. import { Droppable } from 'react-beautiful-dnd'; <Droppable droppableId="droppable-1" type="PERSON" > {(provided, snapshot) => ( <div ref={provided.innerRef} style={{backgroundColor: snapshot.isDraggingOver ? 'blue' : 'grey'}} > I am a droppable! </div> )} </Droppable> Props droppableId: A required DroppableId(string) that uniquely identifies the droppable for the application. Please do not change this prop - especially during a drag. type: An optional TypeId(string) that can be used to simply accept a class of Draggable. For example, if you use the type PERSON then it will only allow Draggables of type PERSON to be dropped on itself. Draggables of type TASK would not be able to be dropped on a Droppable with type PERSON. If no type is provided, it will be set to 'DEFAULT'. Currently the type of the Draggables within a Droppable must be the same. This restriction might be loosened in the future if there is a valid use case. isDropDisabled: An optional flag to control whether or not dropping is currently allowed on the Droppable. You can use this to implement your own conditional dropping logic. It will default to false. Children function The React children of a Droppable must be a function that returns a ReactElement. <Droppable droppableId="droppable-1"> {(provided, snapshot) => ( // ... )} </Droppable> The function is provided with two arguments: 1. provided: (Provided) type Provided = {| innerRef: (HTMLElement) => mixed, |} In order for the droppable to function correctly, you must bind the provided.innerRef to the highest possible DOM node in the ReactElement. We do this in order to avoid needing to use ReactDOM to look up your DOM node. <Droppable droppableId="droppable-1"> {(provided, snapshot) => ( <div ref={provided.innerRef}> Good to go </div> )} </Droppable> 2. snapshot: (StateSnapshot) type StateSnapshot = {| isDraggingOver: boolean, |} The children function is also provided with a small about of state relating to the current drag state. This can be optionally used to enhance your component. A common use case is changing the appearance of a Droppable while it is being dragged over. <Droppable droppableId="droppable-1"> {(provided, snapshot) => ( <div ref={provided.innerRef} style={{backgroundColor: snapshot.isDraggingOver ? 'blue' : 'grey'}} > I am a droppable! </div> )} </Droppable> Conditionally dropping Keep in mind that this is not supported at this time. In this current initial version we only support reordering within a single list. Droppables can only be dropped on by Draggables who share the same type. This is a simple way of allowing conditional dropping. If you do not provide a type for the Droppable then it will only accept Draggables which also have the default type. Draggables and Droppables both will have their types set to 'DEFAULT' when none is provided. There is currently no way to set multiple types, or a type wildcard that will accept Draggables of multiple any types. This could be added if there is a valid use case. Using the isDropDisabled prop you can conditionally allow dropping. This allows you to do arbitrarily complex conditional transitions. This will only be considered if the type of the Droppable matches the type of the currently dragging Draggable. You can disable dropping on a Droppable altogether by always setting isDropDisabled to false. You can do this to create a list that is never able to be dropped on, but contains Draggables. Technically you do not need to use type and do all of your conditional drop logic with the isDropDisabled function. The type parameter is a convenient shortcut for a common use case. Scroll containers This library supports dragging within scroll containers (DOM elements that have overflow: auto; or overflow: scroll;). The only supported use cases are: The Droppable can itself be a scroll container with no scrollable parents The Droppable has one scrollable parent Auto scrolling is not provided Currently auto scrolling of scroll containers is not part of this library. Auto scrolling is where the container automatically scrolls to make room for the dragging item as you drag near the edge of a scroll container. You are welcome to build your own auto scrolling list, or if you would you really like it as part of this library we could provide a auto scrolling Droppable. Users will be able to scroll a scroll container while dragging by using their trackpad or mouse wheel. Keyboard dragging limitation Getting keyboard dragging to work with scroll containers is quite difficult. Currently there is a limitation: you cannot drag with a keyboard beyond the visible edge of a scroll container. This limitation could be removed if we introduced auto scrolling. Draggable Draggable components can be dragged around and dropped onto Droppables. A Draggable must always be contained within a Droppable. It is possible to reorder a Draggable within its home Droppable or move to another Droppable. It is possible because a Droppable is free to control what it allows to be dropped on it. Note: moving between Droppables is currently not supported in the initial version. import { Draggable } from 'react-beautiful-dnd'; <Draggable draggableId="draggable-1" type="PERSON" > {(provided, snapshot) => ( <div> <div ref={draggableProvided.innerRef} style={draggableProvided.draggableStyle} {...draggableProvided.dragHandleProps} > <h4>My draggable</h4> </div> {provided.placeholder} </div> )} </Draggable> Note: when the library moves to React 16 this will be cleaned up a little bit as we will be able to return the placeholder as a sibling to your child function without you needing to create a wrapping element Props draggableId: A required DraggableId(string) that uniquely identifies the Draggable for the application. Please do not change this prop - especially during a drag. type: An optional type (TypeId(string)) of the Draggable. This is used to control what Droppables the Draggable is permitted to drop on. Draggables can only drop on Droppables that share the same type. If no type is provided, it will be set to 'DEFAULT'. Currently the type of a Draggable must be the same as its container Droppable. This restriction might be loosened in the future if there is a valid use case. isDragDisabled: An optional flag to control whether or not dropping is currently allowed on the Droppable. You can use this to implement your own conditional dropping logic. It will default to false. Children function The React children of a Draggable must be a function that returns a ReactElement. <Draggable draggableId="draggable-1"> {(provided, snapshot) => ( <div> <div ref={provided.innerRef} style={provided.draggableStyle} {...provided.dragHandleProps} > Drag me! </div> {provided.placeholder} </div> )} </Draggable> The function is provided with two arguments: 1. provided: (Provided) type Provided = {| innerRef: (HTMLElement) => void, draggableStyle: ?DraggableStyle, dragHandleProps: ?DragHandleProvided, placeholder: ?ReactElement, |} Everything within the provided object must be applied for the Draggable to function correctly. provided.innerRef (innerRef: (HTMLElement) => void): In order for the Droppable to function correctly, you must bind the innerRef function to the ReactElement that you want to be considered the Draggable node. We do this in order to avoid needing to use ReactDOM to look up your DOM node. <Draggable draggableId="draggable-1"> {(provided, snapshot) => ( <div ref={provided.innerRef}> Drag me! </div> )} </Draggable> Type information innerRef: (HTMLElement) => void provided.draggableStyle (?DraggableStyle): This is an Object or null that contains an a number of styles that needs to be applied to the Draggable. This needs to be applied to the same node that you apply provided.innerRef to. The controls the movement of the draggable when it is dragging and not dragging. You are welcome to add your own styles to this object - but please do not remove or replace any of the properties. Ownership It is a contract of this library that it own the positioning logic of the dragging element. This includes properties such as top, right, bottom, left and transform. The library may change how it positions things and what properties it uses without performing a major version bump. It is also recommended that you do not apply your own transition property to the dragging element. <Draggable draggableId="draggable-1"> {(provided, snapshot) => ( <div> <div ref={provided.innerRef} style={provided.draggableStyle} > Drag me! </div> </div> )} </Draggable> Extending with your own styles <Draggable draggable="draggable-1"> {(provided, snapshot) => { const style = { ...provided.draggableStyle, backgroundColor: snapshot.isDragging : 'blue' : 'white', fontSize: 18, } return ( <div> <div ref={provided.innerRef} style={style} > Drag me! </div> </div> ); }} </Draggable> Type information type DraggableStyle = DraggingStyle | NotDraggingStyle; type DraggingStyle = {| position: 'fixed', boxSizing: 'border-box', // allow scrolling of the element behind the dragging element pointerEvents: 'none', zIndex: ZIndex, width: number, height: number, top: number, left: number, transform: ?string, |} type NotDraggingStyle = {| transition: ?string, transform: ?string, pointerEvents: 'none' | 'auto', |} provided.placeholder (?ReactElement) The Draggable element has position:fixed applied to it while it is dragging. The role of the placeholder is to sit in the place that the Draggable was during a drag. It is needed to stop the Droppable list from collapsing when you drag. It is advised to render it as a sibling to the Draggable node. When the library moves to React 16 the placeholder will be removed from api. <Draggable draggableId="draggable-1"> {(provided, snapshot) => ( <div> <div ref={provided.innerRef} style={provided.draggableStyle} > Drag me! </div> {/* Always render me - I will be null if not required */} {provided.placeholder} </div> )} </Draggable> provided.dragHandleProps (?DragHandleProps) every Draggable has a drag handle. This is what is used to drag the whole Draggable. Often this will be the same as the node as the Draggable, but sometimes it can be a child of the Draggable. DragHandleProps need to be applied to the node that you want to be the drag handle. This is a number of props that need to be applied to the Draggable node. The simpliest approach is to spread the props onto the draggable node ({...provided.dragHandleProps}). However, you are also welcome to monkey patch these props if you also need to respond to them. DragHandleProps will be null when isDragDisabled is set to true. Type information type DragHandleProps = {| onMouseDown: (event: MouseEvent) => void, onKeyDown: (event: KeyboardEvent) => void, onClick: (event: MouseEvent) => void, tabIndex: number, 'aria-grabbed': boolean, draggable: boolean, onDragStart: () => void, onDrop: () => void |} Standard example <Draggable draggableId="draggable-1"> {(provided, snapshot) => ( <div> <div ref={provided.innerRef} style={provided.draggableStyle} {...provided.dragHandleProps} > Drag me! </div> {provided.placeholder} </div> )} </Draggable> Custom drag handle <Draggable draggableId="draggable-1"> {(provided, snapshot) => ( <div> <div ref={provided.innerRef} style={provided.draggableStyle} > <h2>Hello there</h2> <div {...provided.dragHandleProps}> Drag handle </div> </div> {provided.placeholder} </div> )} </Draggable> Monkey patching If you want to also use one of the props in DragHandleProps const myOnClick = (event) => console.log('clicked on', event.target); <Draggable draggableId="draggable-1"> {(provided, snapshot) => { const onClick = (() => { // dragHandleProps might be null if(!provided.dragHandleProps) { return myOnClick; } // creating a new onClick function that calls my onClick // event as well as the provided one. return (event) => { provided.dragHandleProps.onClick(event); // You may want to check if event.defaultPrevented // is true and optionally fire your handler myOnClick(event); } })(); return ( <div> <div ref={provided.innerRef} style={provided.draggableStyle} {...provided.dragHandleProps} onClick={onClick} > Drag me! </div> {provided.placeholder} </div> ); }} </Draggable> 2. snapshot: (StateSnapshot) type StateSnapshot = {| isDragging: boolean, |} The children function is also provided with a small about of state relating to the current drag state. This can be optionally used to enhance your component. A common use case is changing the appearance of a Draggable while it is being dragged. Note: if you want to change the cursor to something like grab you will need to add the style to the body. (See DragDropContext > style above) <Draggable draggableId="draggable-1"> {(provided, snapshot) => { const style = { ...provided.draggableStyle, backgroundColor: snapshot.isDragging ? 'blue' : 'grey', }; return ( <div> <div ref={provided.innerRef} style={style} {...provided.dragHandleProps} > Drag me! </div> {provided.placeholder} </div> ); }} </Draggable> Engineering health Typed This codebase is typed with flowtype to promote greater internal consistency and more resilient code. Tested This code base employs a number of different testing strategies including unit, performance and integration tests. Testing various aspects of the system helps to promote its quality and stability. While code coverage is not a guarantee of code health, it is a good indicator. This code base currently sits at ~95% coverage. Performance This codebase is designed to be extremely performant - it is part of its DNA. It builds on prior investigations into React performance that you can read about here and here. It is designed to perform the minimum number of renders required for each task. Highlights using connected-components with memoization to ensure the only components that render are the ones that need to - thanks react-redux, reselect and memoize-one all movements are throttled with a requestAnimationFrame - thanks raf-schd memoization is used all over the place - thanks memoize-one conditionally disabling pointer-events on Draggables while dragging to prevent the browser needing to do redundant work Minimal browser paints Minimal React updates Supported browsers This library supports the standard Atlassian supported browsers for desktop: Desktop Version Microsoft Internet Explorer(Windows) Version 11 Microsoft Edge Latest stable version supported Mozilla Firefox (all platforms) Latest stable version supported Google Chrome (Windows and Mac) Latest stable version supported Safari (Mac) Latest stable version on latest OS release supported Currently mobile is not supported. However, there are plans to add touch support in the future Author / maintainer Alex Reardon - @alexandereardon - areardon@atlassian.com Download react-beautiful-dnd-master.zip Source: https://github.com/atlassian/react-beautiful-dnd
  13. EqualizeCss - is light-weighted css-grid built on the properties of flexboxes and written on the sass. Using it you can easily build adaptive sites and web applications, manage columns and markup the necessary styles only by substituting. Class names coincide with other popular css-frameworks, so moving to it will be very easy. Documentation Install with npm: $ npm install equalizecss --save with browser: $ bower install equalizecss with yarn: $ yarn add equalizecss Download equalizecss-master.zip Source: https://equalizecss.com/
  14. Php Titlu unic

    ///
  15. passcape windows password recovery

    WPR-5CMJX-QZM33-VHPWD-42UX7-WGRCY Passcape.Windows.Password.Recovery.v3.3.1.312.Advanced.Edition wrong section!
×