6 replies to this topic

[formmailer]

Hi,

I'll try to explain my problem below:

I have an URL like:
http://mysite.com/maps/

This URL can have mulitiple get variables like:
http://mysite.com/maps/?region=1243 and http://mysite.com/maps/?sort=title

Problem is that these can be combined, but this will of course not work when I create a hyperlinks like this:
<a href="?region=1243">Region</a> or <a href="?sort=title">Sort by title</a>.

How can I work around this, so that, when I am on http://mysite.com/maps/?region=1243, I still can click on the sort link in order to get:
http://mysite.com/ma...1243&sort=title

I know the above is written in a confusing way, but I hope you understand.

//Jasper

[apeisa]

This will help you a lot:
http://php.net/manua...build-query.php

Simpler way is to always have all the parameters on links, but set them zero/empty when not set, so your urls would be like this:

?region=0&sort=title&type=0
?region=123&sort=0&type=item
etc...

[ryan]

http_build_query is nice. You can also build them yourself if you want. I usually use PW's $input->whitelist() to store values after I've sanitized them. As an added bonus, PW's pagination/pager module knows to include any $input->whitelist() get vars in it's links. So you can have your GET vars persist through pagination. Here's an example where the GET vars get used in a $pages->find() query, and also use them in any links.

$allowedTypes = array('item1', 'item3', 'item7'); 
$allowedSorts = array('title', 'date', '-title', '-date'); 

if($value = (int) $input->get->region) $input->whitelist('region', $value); 
if($value = $sanitizer->name($input->get->type) && in_array($value, $allowedTypes)) $input->whitelist('type', $value);
if($value = $sanitizer->name($input->get->sort) && in_array($value, $allowedSorts)) $input->whitelist('sort', $value);  

$selector = "template=something, parent=456, "; 
$url = "./?";

foreach($input->whitelist as $key => $value) {
    $selector .= "$key=$value, ";
    $url = "$key=$value&";
}

$url = rtrim($url, '&'); 
$selector = rtrim($selector, ", "); 
$results = $pages->find($selector); 
echo $results->render();

// link to another region but with all other vars the same
$region = 123; 
if($input->whitelist->region) $url2 = str_replace("region={$input->whitelist->region}", "region=$region", $url);  
    else $url2 = $url . "&region=$region";
echo "<a href='$url'>Region</a>"; 

[formmailer]

Thanks for the replies and the examples.
While thinking over everything, I figured that using URL segments might be a quite nice solution here, especially because of the caching options. I haven't used these before, but I'll give it a try.

@Ryan, is it recommended to sanitize even URL segments?

Edit: another question, are pages with a get variable, like ?sort=title being cached or is caching not working when using get variables?

Edit 2: I am not sure I understand these lines:

if($value = (int) $input->get->region) $input->whitelist('region', $value);
if($value = $sanitizer->name($input->get->type) && in_array($value, $allowedTypes)) $input->whitelist('type', $value);
if($value = $sanitizer->name($input->get->sort) && in_array($value, $allowedSorts)) $input->whitelist('sort', $value);

They don't seem to work, the outcome is a boolean false.

It seems to work when I use:

if($value = $sanitizer->name($input->get->sort) && in_array($input->get->sort, $allowedSorts)) $input->whitelist('sort', $value);

But I am not sure if this is the way it should be....


/Jasper

Edited by formmailer, 24 April 2012 - 03:06 PM.

[ryan]

is it recommended to sanitize even URL segments?

Technically you don't have to, as PW already has already sanitized the URL segments. But I think it's a good habit to sanitize anything is considered user input (as a URL segment would be). So rather than having to remember what you do or don't have to sanitize, I suggest just maintaining the habit of sanitizing everything that comes from input.

another question, are pages with a get variable, like ?sort=title being cached or is caching not working when using get variables?

They are not cached. Too many possibilities with GET vars in order to maintain a cache. Of course, you can always maintain your own MarkupCache if you want to. In the template cache options, you'll also see there is an option to make it bypass the cache when certain GET or POST vars are present.

They don't seem to work, the outcome is a boolean false.

Sorry, my mistake. I think that the first part of the expression needs to have parenthesis:

if(($value = $sanitizer->name($input->get->type)) && in_array($value, $allowedTypes)) $input->whitelist('type', $value);

[formmailer]

Thanks for the explanation, Ryan!

[formmailer]

Found time for a longer reply now.

Technically you don't have to, as PW already has already sanitized the URL segments. But I think it's a good habit to sanitize anything is considered user input (as a URL segment would be). So rather than having to remember what you do or don't have to sanitize, I suggest just maintaining the habit of sanitizing everything that comes from input.

That makes perfect sense.

They are not cached. Too many possibilities with GET vars in order to maintain a cache. Of course, you can always maintain your own MarkupCache if you want to. In the template cache options, you'll also see there is an option to make it bypass the cache when certain GET or POST vars are present.

I guessed it would be like this.
Another reason why I started using URL segments: I use an URL segment for "region". But I use an ordinary GET for sort, partially because of the risk for duplicate content in Google (using a get var you can go in to Googles Webmaster tools to tell Google that it's just a sorting var)

Sorry, my mistake. I think that the first part of the expression needs to have parenthesis:

if(($value = $sanitizer->name($input->get->type)) && in_array($value, $allowedTypes)) $input->whitelist('type', $value);

No problem. It works great now!

/Jasper