1
Jakobo
Preparing Text to go in and out of a Xoops DB
  • 2004/1/8 0:23

  • Jakobo

  • Just popping in

  • Posts: 61

  • Since: 2003/12/18


(Edit: I could not see anything in the RFI forum for some strange reason, so I have no idea if these functions have been discussed )

Xoops ate my session, so this is going to be a lot more abbreviated than before. After looking through the class files, the forum, the news, and other modules, I have tried to put together a helpful reference on using the Text Sanitizer. If some other people in the mod community can verify these, it would be a huge help both to the mods and to the wiki. I do believe though that these functions (as used now) are marked "depreciated" in CVS, but I couldn't for the life of me find the new revised function names.

Get the instance of the MyText Sanitizer
Must do this first.
$myts =& MyTextsanitizer::getInstance();


Sanitize Data to save in a DB
$myts->makeTboxData4Save($text)



Prepare Data from DB to display on page
second option is to show smilies or not (optional)
$myts->makeTboxData4Show($text0)



Prepare data from DB to put back into a textbox
$myts->makeTboxData4Edit($text)



Prepare data from DB to put into a "preview" section
second option is to show smilies or not (optional)
$myts->makeTboxData4Preview($text0)



Prepare data from DB to put into a "preview" section that is contained in a form? (anyone actually use this?)
$myts->makeTboxData4PreviewInForm($text)



Sanitize Text Area Data to save in a DB
$myts->makeTareaData4Save($text)



Prepare Data from DB to display on page
1st option: convert html code (optional)
2nd option: convert smilies (optional)
3rd option: convert XOOPS code (optional)
$myts->&makeTareaData4Show(&$text111)



Prepare Data from DB to put back into a text area
$myts->makeTareaData4Edit($text)



Prepare Data from DB to display in a Preview
1st option: convert html code (optional)
2nd option: convert smilies (optional)
3rd option: convert XOOPS code (optional)
$myts->&makeTareaData4Preview(&$text111)



Prepare Data from DB to display in a Preview and that preview is contained in a form? (anyone actually use this?)
$myts->makeTareaData4PreviewInForm($text)



Prepare Data from DB to display in a "quote" format? (anyone actually use this?)
$myts->makeTareaData4InsideQuotes($text)

2
mvandam
Re: Preparing Text to go in and out of a Xoops DB
  • 2004/1/8 2:13

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


I believe that (some of) these functions are still used internally, but not intended to be part of the API used by developers.

Anyone please correct me if I'm wrong, but as far as I know, all the sanitization is done in class methods 'getVar' and 'setVar' of classes derived from XoopsObject.

- setVar(key,value) sets the value of a 'field'. It will automatically be sanitized before insert into the database.

- getVar(key,format) converts based on the 'type' of the variable and the selected 'format'. The values of 'format' can be:

(1) 's' for 'show' (use when displaying on a page)
(2) 'e' for 'edit' (use when you show in an edit box)
(3) 'p' for 'preview' (unsure of purpose)
(4) 'f' for 'formpreview' (unsure of purpose)
(5) 'n' for 'none' (use when you want the value exactly as inserted)

The options of whether you want to render smilies, html etc, is established when you call 'initVar' to initialize each var in your class (derived from XoopsObject). Have a look at e.g. kernel/user.php or kernel/module.php etc for some examples of class derived from XoopsObject. If all your data is handled by a XoopsObject then you just use 'setVar', 'getVar', and sanitization automagically happens when you insert into or retrieve from the database.

Hope this helps a bit...

3
Jakobo
Re: Preparing Text to go in and out of a Xoops DB
  • 2004/1/8 9:29

  • Jakobo

  • Just popping in

  • Posts: 61

  • Since: 2003/12/18


That does make a bit more sense, especially since a module would technically (in a perfect object-oriented world) be a derivation of a XOOPS Object (or more precicely, an instance of a XOOPS Module).

Given the amount of data that goes in and out of Xoops, it only made sense there be some sort of validation functions in the core, it's just been a matter of finding them.

Thank you very much for the help! I'll start digging and see what I can find about how to use those two examples in my code. Anything's worth a try, some things worth 2-3.

4
svaha
Re: Preparing Text to go in and out of a Xoops DB
  • 2004/1/8 9:31

  • svaha

  • Just can't stay away

  • Posts: 896

  • Since: 2003/8/2 2


I use the $myts things to force text to go through the sanitizer for my multilingo site.
When I read your lines here correct mvandam, does this mean that when getvar is used it is automatically sanitized? So it makes no sense to use $myts here?

Aloha

5
mvandam
Re: Preparing Text to go in and out of a Xoops DB
  • 2004/1/8 18:34

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Yes, 'getVar' causes automatic sanitization (according to the options you selected with 'initVar'... i.e. things like bbcode, smilies, etc.) Have a look in kernel/object.php for more details.

For the multilingual stuff, you would have to call the function manually as you are doing now. To save yourself a lot of extra function calls, you could implement the multilang stuff as a 'markup option' (as bbcode, smilies, html, etc...) and change the appropriate calls to 'initVar' to add this option on multilingual fields. I'm not sure how well this would work... just a thought off the top of my head.

6
svaha
Re: Preparing Text to go in and out of a Xoops DB
  • 2004/1/9 10:31

  • svaha

  • Just can't stay away

  • Posts: 896

  • Since: 2003/8/2 2


Thnx, it sure feels like a good idea to investigate this.
I'm also looking into possibilities of implementing these multilingo things in the frontend of Xoops, so smarty stuff and so on, because as it is now (hacks implemented in so many files) it's blood sweat and tears with every update. Gotta carefully compare every single file what exactly was changed for multilingo.
Aloha

7
Brad
Re: Preparing Text to go in and out of a Xoops DB
  • 2004/3/29 14:33

  • Brad

  • Not too shy to talk

  • Posts: 150

  • Since: 2003/12/4


Should one always use the text sanitizer when reading or writing from a table? If not, what are the guidelines on when one should or should not do so?

Brad

8
mvandam
Re: Preparing Text to go in and out of a Xoops DB
  • 2004/3/29 17:05

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Quote:

Should one always use the text sanitizer when reading or writing from a table? If not, what are the guidelines on when one should or should not do so?

Depends what you mean by 'reading' or 'writing' from a table. If you are writing a *query*, you should always use $xoopsDB->quoteString($blah) on ALL variables which are 'untrusted' or unvalidated. This includes integers etc, unless you explicitly check to make sure they are integers and contain no strange characters.

The text sanitizer is used for pieces of text. If you are extending XoopsObject, then initVar, setVar, getVar all call text sanitizer automagically. If you are not extending XoopsObject, then you may need to invoke the text sanitizer. Preparing for the database is only a tiny part of what text sanitizer can do... it also 'cleans' any strings so that when you display them as HTML you deactivate any potential 'attacks'.

9
jackt
Re: Preparing Text to go in and out of a Xoops DB
  • 2004/4/16 6:55

  • jackt

  • Just popping in

  • Posts: 31

  • Since: 2002/6/2 2


I've noticed that extending the XoopsObject class conveniently formats text for you assuming you initVar to set the data types, and then getVar and setVar will "sanitize" the text for database entry or display. I've also seen kernel and some OO based core modules also include a corresponding Handler class to handle database manipulation. Howvever, there exists very very few modules that actually take this route. The few modules that are OO either create a renderer class for display (I don't even quite understand why you'd throw in an extra layer between the calling page and smarty, why would you even need another class to render output for you.) or throw in database manipulation methods into the that very class.

I'm wondering what the benefit is by separating "data access mechanisms" methods into a handler class? No one seems to be doing it, but the core classes are practically all done this way.

In addition, it'd be very useful to include the initVar, getVar, setVar, etc functions in the module developement wiki. Alot of people don't use what's supplied in the core, and it would help them tremendously to know these tools are provided to you.

10
mvandam
Re: Preparing Text to go in and out of a Xoops DB
  • 2004/4/16 17:47

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Quote:

I'm wondering what the benefit is by separating "data access mechanisms" methods into a handler class? No one seems to be doing it, but the core classes are practically all done this way.

This is basically the same argument as why you separate your logic from your design - i.e. you use templates so all design-related stuff is in a *single* place.

You separate all DB things so that if there are ever changes (e.g. supporting other databases etc) then you can make all the changes in one place.

Quote:

In addition, it'd be very useful to include the initVar, getVar, setVar, etc functions in the module developement wiki. Alot of people don't use what's supplied in the core, and it would help them tremendously to know these tools are provided to you.

Feel free to start some pages if you have the time . There has been some talk on dev.xoops.org about providing at least one module written in the 'recommended' way, i.e. using all the core features etc. Not sure what the status is on that right now.

Login

Who's Online

157 user(s) are online (99 user(s) are browsing Support Forums)


Members: 0


Guests: 157


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits