Search the Community
Showing results for tags 'Sanitizer'.
-
Hi all! FYI / to be fixed Background: I tried updating on of our websites from a PHP7 to a PHP8 version, also migrating from 3.0.200 to 3.0.229 when an existing piece of code triggered a timeout. In this case I'm using the Sanitizer->truncate (WireTextTools - truncate) method with option 'collapseLinesWith' using an empty string as value. This triggered a timeout. Finding out why this occurred, I cannot find a clue. It seems between the referred versions there wasn't an update for this method. Anyhow, the fix is quite simple. Just using a blank space instead of the empty string fixed it. $html = '<p>Ligula sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Maecenas faucibus mollis interdum. Praesent commodo cursus magna, vel scelerisque nisl consectetur et. Nullam id dolor id nibh ultricies vehicula ut id elit. Donec ullamcorper nulla non metus auctor fringilla.</p> <h3>Header</h3> <p>Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus. Donec ullamcorper nulla non metus auctor fringilla. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Donec sed odio dui. Praesent commodo cursus magna, vel scelerisque nisl consectetur et. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum.</p> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Vestibulum id ligula porta felis euismod semper. Nullam id dolor id nibh ultricies vehicula ut id elit. Aenean lacinia bibendum nulla sed consectetur. <a href="https://www.processwire.com" target="_blank">Look at this!</a>.</p>'; $intro = $sanitizer->truncate($html, [ 'type' => 'word', 'maxLength' => 350, 'visible' => false, 'collapseLinesWith' => '', // BUG! - just a blank space fixed it 'keepFormatTags' => false, ]); var_dump($intro);
-
A community member raised a question and I thought a new sanitizer method for the purpose would be useful, hence... Sanitizer Transliterate Adds a transliterate method to $sanitizer that performs character replacements as defined in the module config. The default character replacements are based on the defaults from InputfieldPageName, but with uppercase characters included too. Usage Install the Sanitizer Transliterate module. Customise the character replacements in the module config as needed. Use the sanitizer on strings like so: $transliterated_string = $sanitizer->transliterate($string); https://github.com/Toutouwai/SanitizerTransliterate https://modules.processwire.com/modules/sanitizer-transliterate/
- 8 replies
-
- 13
-
- transliterate
- module
-
(and 1 more)
Tagged with:
-
Hi, I've been using PW as the back end for a number of contest sites in which users enter a short bit of text as an answer to a question. Each "entry" ends up as a PW Page. In this case, it's quite common for people to provide the same answer, which of course results in a duplicate page error (Exception: Duplicate entry). I'm wondering if there is a way to have PW automatically create a unique page name when it creates a new page that would have a duplicate name - like this-is-a-test becoming this-is-a-test-2. Any help is great appreciated! Thanks.
-
Hi Forum! I have the following content in a ckeditor body-field: <figure class="align_right"><img alt="some random alt text" src="path/to/image-file" /> <figcaption>some random caption text</figcaption> </figure> <p>some random text</p> I use $text = $sanitizer->truncate($page->body, [ 'type' => 'sentence', 'maxLength' => 400, 'visible' => true ]); $content = "<p>"; $content .= $text; $content .= "</p>"; echo $content; to output the body-field in my template, which results in… <p>some random caption text some random text</p> Is there any way to tell $sanitizer->truncate to skip/remove/ignore anything that’s inside a <figure> Tag, so that I get rid of the part "some random caption text"?
-
Sanitizer EasySlugger Allows the use of the EasySlugger library as Sanitizer methods. Installation Install the Sanitizer EasySlugger module. Usage The module adds four new sanitizer methods. slugger($string, $options) Similar to $sanitizer->pageName() - I'm not sure if there are any advantages over that method. Included because it is one of the methods offered by EasySlugger. $slug = $sanitizer->slugger('Lorem Ipsum'); // Result: lorem-ipsum utf8Slugger($string, $options) Creates slugs from non-latin alphabets. $slug = $sanitizer->utf8Slugger('这个用汉语怎么说'); // Result: zhe-ge-yong-han-yu-zen-me-shuo seoSlugger($string, $options) Augments the string before turning it into a slug. The conversions are related to numbers, currencies, email addresses and other common symbols. $slug = $sanitizer->seoSlugger('The price is $5.99'); // Result: the-price-is-5-dollars-99-cents See the EasySlugger readme for some more examples. seoUtf8Slugger($string, $options) A combination of utf8Slugger() and seoSlugger(). $slug = $sanitizer->seoUtf8Slugger('价钱是 $5.99'); // Result: jia-qian-shi-5-dollars-99-cents $options argument Each of the methods can take an $options array as a second argument. separator (string): the character that separates words in the slug. Default: - unique (bool): Determines whether a random suffix is added at the end of the slug. Default: false $slug = $sanitizer->utf8Slugger('这个用汉语怎么说', ['separator' => '_', 'unique' => true]); // Result: zhe_ge_yong_han_yu_zen_me_shuo_3ad66c4 https://github.com/Toutouwai/SanitizerEasySlugger https://modules.processwire.com/modules/sanitizer-easy-slugger/
-
Hello forum! I've yet again stumbled on a head-scratching situation. We have enabled the option on our articles template and events template that it skips the title adding part and goes straight to the form. This is what our customer wants. So when you add a new article or event it automatically names it temporary to "article-0000000" and same with event. Now the problem is that obviously after saving the form we want to change to page url or "name" to the title, like it's normally. Now here's the code for the hook: wire()->addHookBefore("Pages::saved(template=tapahtuma|artikkeli)", function($hook) { $page = $hook->arguments(0); $newUrl = wire()->sanitizer->pageName($page->title); // give it a name used in the url for the page wire()->log->message($page->name); $page->setAndSave('name', $newUrl); }); I get the correct page and the name and path changes when I log them, but when I try to save it. It just loads and then I get: Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 262144 bytes) This happens in sanitizer.php and then another error: Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 262144 bytes) in Unknown on line 0 What is happening? Am I not suppose to use sanitizer in this way? When we made a temporary page object in out other hook, the sanitizer worked perfectly. Thanks for the help!
-
To create a new gitlab issue, I'd like to send an Email to the following email address using FormBuilder: incoming+account/repository@incoming.gitlab.com unfortunately, the / in the email gets striped by the sanitizer: wire('sanitizer')->email(incoming+account/repository@incoming.gitlab.com'); // output: incoming+accountrepository@incoming.gitlab.com Is there any way to configure the sanitizer? Any other Ideas how to send the mail to this address? Ps.: I can not define the email format as it is defined by gitlab. The format is also kind of "common" and known as email-alias in the form of emailaccount+alias@domain.com – gmail uses it to label mails… https://help.wodify.com/hc/en-us/articles/234441508-How-Do-I-Create-an-Email-Alias-
- 6 replies
-
- formbuilder
- configure
-
(and 2 more)
Tagged with:
-
See gif: When I use $sanitizer->pageName() to sanitize a title as name, I get a different result from what processwire automatically replaces, when editing the name in the CMS. I have to manually replace the dashes and even dots! I would expect the name to be equal to the last segment of the pagepath.
-
Hello, and thanks again for PW. The more I use it, the more I like it. I have a silly problem, and since I have tested several (bad) solutions, I come and ask for help. I think I'm just being thick there... Is there a relatively simple way to add an allowed character to the default search form's sanitizer ? FYI, I'm working on a dictionary in breton language (60k entries), and I must find a way to allow apostrophes in search input. (In breton language, "CH" and "C'H" are actually two different letters altogether). I must say I'm a bit confused by the sanitizer. On the regular search form, it appears three times. Once in the input field itself, and twice on the search template. I did read the sanitizer page and sanitizer class page, but I'm not sure to understand where to go from there. From what I understand, the $sanitizer->name methods would accept some extra allowed character, but I seem to have no luck in adding this to my template. Morevover, do I have to change any sanitizer call to a -> name one ? The sanitizer php core page includes an "allowedASCII" which seems very promising, but is there a way to override it ? Hooks ? (not used to them I'm affraid...) Morevover, the fact that i'm trying to implement the (') character worries my a bit. Can I escape it ? would something like '\'' do the trick ? Thank in advance to you, good men. The site building is reaching an end, and I am tired indeed. (you wouldn't believe the state of the initial DB I had to work from...)
-
I just noticed these outputs: echo wire('sanitizer')->date('2017/02/27'); // 1488153600 echo wire('sanitizer')->date('2017/02/31'); // 1488499200 - FAIL echo wire('sanitizer')->date('2017/02/32'); // NULL Shouldn't the sanitizer return NULL on the second line? If it were looking for a valid date format only then the third line should return a timestamp too.
-
Hi, I have a site search working correctly on a project, however I seem to be having issue when the search term contains characters such as question marks or brackets. I'm doing the following... $q = $input->get->text('q'); if($q) { $input->whitelist('q', $q); $q = $input->get->selectorValue('q'); } $matches = "search_cache~={$q}, sort=-publish_date"; This works correctly for everything except searches that include characters such as ? or ( ) So for example a searches for the following (where the page title is "example title?") example title example title? The first one works as expected and the second returns 0 results. As the titles are very specific for a user to search, I need to make sure the search works with these kind of characters. How can I make sure search works with these kind of characters?
- 2 replies
-
- selectorvalue
- search
-
(and 1 more)
Tagged with:
-
Am I right in understanding that there's no way to escape or encode a dash ("-") for use within a selector value (that has to be sanitized)? Looking at the code for $sanitizer it looks like it's just converted to a space. That seemingly makes it impossible to search for terms like "x-ray." Any workarounds for this?
-
The username sanitizer (wire('sanitizer')->username("string")) is currently deprecated in favor of the using the pageName sanitizer because users are stored internally as pages. From a code readability standpoint it is more self-documenting to use a "username" sanitizer, not a "pageName" sanitizer. If, for whatever reason, the underlying implementation as pages changes there is no problem when using "username". If, for whatever reason, the allowable character set is different for usernames than page names there is no problem when using "username". The only benefit I can see that comes from removing the username sanitizer is the removal of a very small bit of code. Hence, my suggestion for keeping the username sanitizer and decoupling the API from the implementation.
-
Buenos dias amigos, We just noticed that our contact form, and for sure comment form, too (custom build / not FieldtypeComments) occasionally strips whole paragraphs of the user content. (A girl told us that she wrote more than she saw in the replies quote) I'm cleaning input right away using $sanitizer->textarea So I tested a little and could narrow it down to strip_tags which is part of $sanitizer->text Commenting it out kept all paragraphs of my test string which were mainly lorem ipsum. With it enabled only the first line would come through. After a lot of searching and trying to PM users here in the forum in hope they would reply soon, I found the actual issue. I started the test mail with a line dedicated to my girlfriend (because she would read it) and ended it with a heart <3 strip_tags things it's the beginning of a tag and therefore strips not only the heart itself but everything after it. O.o By the way, FieldtypeComments is using strip_tags, too. And I just commented the newest Blog post about 3.0.9 and my "<3 Processwire" got stripped, too. Then I wasn't sure how to sanitize the input, didn't wanted to loose any more content, since our crowdfunding we're getting a huge load of mails every day. Thought about entities/entitiesMarkdown but when using it right on the input I needed to unentities on ouput which doesn't make sense because everything like <a onclick="alert('fooo')">click</a> would stay intact.. Many people are suggesting htmlentities for user input..when outputting though. But I don't want/need any tags except for hearts and stuff because we're hippies (quote of my girl^^) Right now I'm using $sanitizer->purify($str, array('HTML.Allowed' => '')); which works at the moment, maybe there other options? Ah, one mentioned to not sanitize input at all but store it as is in db and only escaping (e.g. htmlentities) on output.. I was quite astonished that strip_tags still considers <3 as html, even though emojis exist for decades.. What do you think, or what is your way of dealing with user input? Saludos and good night Can Ah, as far as I know it's not possible to declare <3 as valid tag to strip_tags because it's not an actual tag right? At least my testing didn't work..
-
Hello, I'd like to adapt a search page to searching for dates, like ?q=1428166659 Do I need to sanitize this? If, so, how? Thanks!
-
Hello, everybody. I decided to give my users a rich text editor (CLEditor). How do I sanitize the input without ruining the HTML markup? $sanitizer->textarea(...) works just as expected--it strips out all the formatting. I would like to keep it but remove tags like <script> and other potentially dangerous items (?) It there a reliable approach to rich text sanitization? Thank you in advance for your ideas, help, hints and links.
-
Hello, everyone. I am building a web site for Cyrillic-reading audience. I wanted to convert Cyrillic user names into ASCII and it seems I found a problem. Capitalized Cyrillic letters are stripped out after Sanitizer::translate. E.g. "Иван" becomes "van". There's a workaround, however: $sanitizer->pageName(mb_strtolower($text), Sanitizer::translate); This problem also impacts page name translations to ASCII, so whenever I create a page from the Admin backend, I have to get back after saving, and correct the page name. Here I cannot use the above workaround because I can damage the PW core (which is the last thing one would like to do). I am posting this for any other developers working with Cyrillic, and maybe for Ryan to look at this issue Thanks!
-
Hi, I am sanitizing some variables coming in via GET through Ajax as follows before passing them on to a selector. Is this the correct way of doing it? Secondly, can I instead type cast where I am expecting integers? Thanks. $sort = explode(" ", $sanitizer->selectorValue($input->get->SortX)); $sortOrder = $sort[1] == "DESC" ? "-" : "" ; $sortValue = $sort[0]; $start = $sanitizer->selectorValue($input->get->StartX); $limit = $sanitizer->selectorValue($input->get->SizeX); //Would this suffice as well since I am expecting integers here? //$start = (int) $input->get->StartX; //$limit = (int) $input->get->SizeX; //What about this (access as array index)? //$start = (int) $input->get["StartX"]; //$limit = (int) $input->get["SizeX"]; $results = $pages->find("has_parent!=2, id!=2|7, include=all, start=$start, limit=$limit, sort=$sortOrder$sortValue");
-
Hi, I'm trying to build a search function using selectors but when "sanitizing" a string, containing a comma, with Sanitizer::selectorValue it sometimes removes the comma. Here are some test runs (first row is input, second is selectorValue output) : 'test' 'test' "test' "test" ,test, ' "test '" ' '' ','test' "'test" guns n' roses, mötley crüe "guns n' roses mötley crüe" ','test "'test" "''" "" , "" test, test2 "test, test2" Also in the documentation for selectorValue it says: does this mean you can't search for all characters (comma)?