Search the Community
Showing results for tags 'sanitize'.
-
I have a CKEditor Textarea in a page template. Some users like to add text in them by pasting from Word document. This leads to internal server error when saving page. When using paste without formatting (cmd + shift + V), page is saved normally, so I assume error has something to do with Word's hidden characters that cause issues in many other programs as well. (I don't have Word myself, so I debugged this with video chat with user. I forgot to ask to check code view, so I'm not sure if they are visible there.) Is there a way in ProcessWire/PHP to sanitize Textarea input from these hidden characters, or can I prevent this by changing editor settings (listed below, if it helps)? I don't like leaving error handling rely to user action - somebody always forgets to do things specific way and it weakens user experience. Textarea formatting: none (htmlspecialchars off) field type: CKEditor content type: markup/html experimental markup/html settings: all on acf: on html purifier: on additional purify settings: all on extra allowed content: none add-ons: pwimage, pwlink, sourcedialog sourcedialog settings: none disabled add-ons: image, magicline
- 4 replies
-
- ckeditor
- microsoft word
-
(and 1 more)
Tagged with:
-
My Code: $lpTitle = strip_tags($thisActivity->Location['name']); $lp = $this->sanitizer->selectorValue($this->pages->get("template=location, title=$lpTitle")); I get this notice: Notice: Trying to get property of non-object in /blabla/blabla/blablabla/site/modules/ProcessXMLImport/ProcessXMLImport.module.php on line 247 Notice: What I am Doing wrong?
-
User input should be sanitized... If I use CKEditor at PW admin to change a field value it should be sanitized by CKEditor Advanced Content Filter (ACF) and HTML Purifier (activated at CKEditor Settings). At the moment I play with frontend edit solutions. Frontend form (based on form api and PW inputfields) with a custom save process (set and save field value with PW api) Inline edit (jquery plugins jEditable, x-editable, jinplace) and a custom save process (see above) So the values not saved by the PW admin / backend process and would be saved without sanitizing in both ways above... right?
-
Hello, i need to import a large number of articles from an old site into my PW project. So I wrote an import script which gets the data and for each row, creates a new page in PW and inserts it. So far, so easy. Problems arise because the old DB is latin-1 encoded and I keep getting strange results which are probably due to character encoding. $con = mysql_connect("localhost","yes","also"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_set_charset("latin1", $con); mysql_select_db("mtb", $con); $result = mysql_query('SELECT * FROM stuff'); while($row = mysql_fetch_array($result)) { $new = new Page(); $new->of(false); $new->template = wire('templates')->get('article'); $new->parent = wire('pages')->get('/news/'); $name = wire('sanitizer')->pageName(utf8_encode($row['HEADLINE'])); [*]$new_name = $name; $i = 1; while(isset($found{$new_name})) { error_log('DOPPLER! '.$new_name); $new_name = $name.'-'.$i; $i++; } $found{$new_name} = 1; } Even though I check for double page names, I keep getting the 'Duplicate entry' error. I also tried while(wire('pages')->get("name=$new_name,template=article")->id) {} to find duplicates but it stops with 'Duplicate entry' at a different data set ...I'm confused ... can anyone help? Thanks, thomas