1
Pakaj
sanitizing wysiwyg editor input output
  • 2012/5/9 22:01

  • Pakaj

  • Friend of XOOPS

  • Posts: 34

  • Since: 2004/5/5 6


So I'm playing with a developing of a module. One of the data field is also "description", which I would like to be entered as wysiwyg editor.

in mysql I defined the field desciption as
....
desc text NOT NULL
....


then in myclass.php i defined
function __construct() 

... 
$this->initVar("desc"XOBJ_DTYPE_TXTAREA);
 ... 
}


Then in my admin project_admin.php when I am building admin form
I have declared field "desc" as:
$editor_configs=array(); 
$editor_configs["name"] ="desc"
$editor_configs["value"] = $myts->makeTboxData4Edit($objArray['desc']); $editor_configs["rows"] = 20;
 
$editor_configs["cols"] = 100
$editor_configs["width"] = "100%"
$editor_configs["height"] = "400px"
$editor_configs["editor"] = xoops_getModuleOption('general_editor''system'); 
$form->addElement(new XoopsFormEditor(_AM_MYMODULE_PROJECT_DESC"desc"$editor_configs), false);

The filed is propely displayed.

My BIG problem is, that if I entered smiley or image into text and then save the "desciption" field into DB and reedit that record, Iam getting images and smiley in bad HTML format.

For example: IF i enter in desc filed only (HTMLsource)
<p>this is smiley&nbsp;<img alt="Smile" border="0" src="http://localhost/xoops001/uploads/smilies/smil3dbd4d6422f04.gif" title="Smile" /></p>


after saving the record and rediting it I have got (HTML SOURCE)
<p>this is smiley&nbsp;<img alt="Smile" border="0" src="<a href=" title="http://localhost/xoops001/uploads/smilies/smil3dbd4d6422f04.gif" />http://localhost/xoops001/uploads/smi ... 4d6422f04.gif"" title="<a href="http://localhost/xoops001/uploads/smilies/smil3dbd4d6422f04.gif" rel="external" title="http://localhost/xoops001/uploads/smilies/smil3dbd4d6422f04.gif">http://localhost/xoops001/uploads/smi ... 4d6422f04.gif""</a> rel="external"><a href="http://localhost/xoops001/uploads/smi" rel="external" title="http://localhost/xoops001/uploads/smi">http://localhost/xoops001/uploads/smi ...  il3dbd4d6422f04.gif" title="Smile" /></p>

I know it got something to do with myts class and sanytizing, but I couldn't figure it out, how to properly use it.

So here are my questions :
1. what function of class myts should I Use in my edit/add function
$obj $this_handler->get($id);
 
$obj->setVars($_POST); 
$obj->setVar('desc'$myts->addSlashes$obj->getVar('desc')));
$this_handler->insert($obj)


2. what function of class myts should I Use when I building a admin form
$editor_configs["value"] = $myts->makeTboxData4Edit($objArray['desc']);


3.what function of class myts should I Use when I send to template?

I hope, Its not too hard to answer. It would make me very happy to get a solution, because this is occupying me for last 3 days.

I will post a solution how to upload multi files at once (tomorow), if anyone is interested.

2
wishcraft
Re: sanitizing wysiwyg editor input output

Thanks for the private message about answering your question, that is the best way to get me to look at something seeming i am not by everyday and sometimes miss headlines.

Okey for starters you have declared your variable incorrect this part in the __construct() should be as so:

function __construct() 

... 
$this->initVar("desc"XOBJ_DTYPE_OTHER);
 ... 
}


The project_admin.php is correct except $myts->makeTboxData4Edit is a depreciated function and not used anymore.

Now you have to output it there is two places you will need to format it for starters you will have to format it with the $myts (textsantizer) in the toArray() of the object in myclass.php not the handler so you will need to do the following in myclass.php.

class YourmoduleMyclass()


    function 
__construct() 
    { 
    ... 
    
$this->initVar("desc"XOBJ_DTYPE_OTHER);
     ... 
    }

    function 
toArray() {
        
$GLOBALS['myts'] = MyTextSanitizer::getInstance();
        
$ret parent::toArray();
        
$ret['desc'] = $GLOBALS['myts']->displayTarea($this->getVar('desc'), truetruetruetruetrue);
        return 
$ret;
    }
...
}


This will allow you after you include header.php on the XOOPS Root to pass the variables to an associative array for the smarty template like so:

...
    include_once(
$GLOBALS['xoops']->path('/header.php'));
    ...
    
$GLOBALS['xoopsTpl']->assign('myclass'$myclass->toArray());
    ...
    include_once(
$GLOBALS['xoops']->path('/footer.php'));
    ...


This will make the smarty object <{$myclass.desc}> populated with the description now with the smilies and so on. The alternative is to directly populate and item where in the example of the code below will make the smarty object <{$desc}> with the same data as <{$myclass.desc}> example.


$GLOBALS['myts'] = MyTextSanitizer::getInstance(); 
    include_once(
$GLOBALS['xoops']->path('/header.php'));
    ...
    
$GLOBALS['xoopsTpl']->assign('desc'$GLOBALS['myts']->displayTarea($myclass->getVar('desc'), truetruetruetruetrue));
    ...
    include_once(
$GLOBALS['xoops']->path('/footer.php'));
    ...


I hope that has answered your question, you can off course optionate the true clauses with NoHTML, NoBR, NoSmiles and other options see the text santizer for these.

When it comes to your question, you will find the frustration is by using TXTAREA or TXTBOX for any HTML code from an editor, you will have to use other.. the following code is what you should use for your questions.

1. what function of class myts should I Use in my edit/add function
$obj $this_handler->get($id);
$obj->setVars($_POST); 
$this_handler->insert($obj)


2. what function of class myts should I Use when I building a admin form
$editor_configs["value"] = $objArray['desc'];
Resized Image
www.ohloh.net/accounts/226400

Follow, Like & Read:-

twitter.com/SimonXaies
github.com/Chronolabs-Cooperative
facebook.com/SimonSXaies

3
Pakaj
Re: sanitizing wysiwyg editor input output
  • 2012/5/15 21:32

  • Pakaj

  • Friend of XOOPS

  • Posts: 34

  • Since: 2004/5/5 6


Thank you, thank you,.......,thank you very much. It worked! Man, am I happy.

It worked even without function toArray, so thats mean that

$this->initVar("opis"XOBJ_DTYPE_OTHER);


did that trick. Before that I tried all possible combination with class myts, but with no success.

Thank again for your time and detailed description of solution. It helped me a lot and I have learned something.

4
Pakaj
Re: sanitizing wysiwyg editor input output
  • 2012/5/15 21:33

  • Pakaj

  • Friend of XOOPS

  • Posts: 34

  • Since: 2004/5/5 6


solved

Login

Username:
Password:

Lost Password? Register now!

Who's Online

70 user(s) are online (47 user(s) are browsing Support Forums)


Members: 0


Guests: 70


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jun 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits