Search the Community
Showing results for tags 'whitelist'.
-
Hello, When do you choose to use $input->whitelist($key, $value) rather than $session->myvar (with myvar = 3 for example) ? The documentation uses the example of the MarkupPagerNav module : "An example is the MarkupPagerNav plugin module, which provides an easy way for you to have pagination. Lets say that you used it to paginate search engine results. [...]" (from https://processwire.com/api/variables/input/) But If I don't have pagination, but some variables to store for each member of my website, do I have any interest to store them with whitelist rather than within sessions ? Thanks
-
Hello processwire community, this is my very first post, I am newbie in php - trying to test a simple search form which allow frontend user to search and filter data. Macro steps are as follow: 1) Create the form with options as checkboxes, allowing the user to choose multiple values selection within multiple checkbox groups; 2) Create the pw process code in order to revert back the selected items (as a result of multiple checkbox filter combination), allowing pagination as some results may be more than 50 items; --- Here some of the most related topics I've found over PW forum: https://processwire.com/talk/topic/7282-paging-issue-with-html-form-check-boxes/ https://processwire.com/talk/topic/3472-enable-pagination-for-search-results/#comment-38214 https://processwire.com/talk/topic/1883-how-to-use-input-whitelist-with-checkboxes-or-any-array/ https://processwire.com/talk/topic/1547-getting-multiple-checkbox-values-within-processwire/ https://processwire.com/talk/topic/1034-search-form-with-multiple-fields/ https://processwire.com/talk/topic/10193-multiselect-search/ --- Now, the html form works just fine (code below), it brings all checked values to the url string. Essentially I have four different groups of checkboxes: cb_sectors[] (multiple pages as categories); cb_expertise[] (multiple pages as categories); cb_status[] (multiple pages as categories); cb_year[] (integer). The user may select multiple values within the above four checkbox groups, thus creating even quite complex combination. <form name='search' id='search-works' method='get' role='form' action='<?php echo $pages->get('/search/')->url; ?>'> <div class="collapsible-header">Sector</div> <?php foreach($pages->get("/sectors")->children as $sec) echo " <p class='checkbox'> <input type='checkbox' name='cb_sectors[]' value='{$sec->name}' id='{$sec->name}'/> <label for='{$sec->name}'>{$sec->title}</label> </p> " ?> <div class="collapsible-header">Status</div> <?php foreach($pages->get("/taxonomy/Status")->children as $st) echo " <p class='checkbox'> <input type='checkbox' name='cb_status[]' value='{$st->name}' id='{$st->name}' /> <label for='{$st->name}'>{$st->title}</label> </p> " ?> <div class="collapsible-header no-padding">Expertise</div> <?php foreach($pages->get("/expertise")->children as $cb_expertise) $checked = $cb_expertise->name == $input->whitelist->cb_expertise ? " selected='selected' " : ''; echo " <p class='checkbox'> <input type='checkbox' name='cb_expertise[]' value='{$cb_expertise->name}' id='{$cb_expertise->name}' $checked/> <label for='{$cb_expertise->name}'>{$cb_expertise->title}</label> </p> " ?> <div class="collapsible-header no-padding">Year</div> <?php // generate a range of years from '09 to '17, or maybe better doing it via pages as years? for($year = 2009; $year <= 2017; $year += 1){ echo " <p class='checkbox'> <input type='checkbox' name='cb_year[]' value='$year' id='$year' /> <label for='$year'>{$year}</label> </p> "; } ?> <input class="no-class" type="submit" id="search-submit" name="submit" value="Search"> </form> The question is then mostly focusing on the second step, the pw process code: As some previous posts on this topic say - I should (in sequence) sanitize, whitelist and validate the results before pass them to the final output (correct me if I'm wrong). The thing is that I cannot find a way to get all values in a array and sanitize/whitelist/validate them -> some post suggest to use arraytoCSV as a way to let PW remember the filtered items while moving through pagination. Is arraytoCSV the best way to sanitize and whitelist the user input combination? The following code simply get selected values coming from the above form. As you can see, no sanitize nor whitelist nor validation is in place, as without the array the sanitizing function gives back only the last selected value (not the full combination for every group of checkboxes). Can you please help me implementing an array within the following code and the way to sanitize - whitelist - validate "get" values? I know for most of you is just as simple as drinking coffe, but would be great if you could drive me in the right direction. Thank you in advance! <?php namespace ProcessWire; if(count($input->get)) { if($input->get->cb_expertise) { foreach ($input->get->cb_expertise as $expertise) { // here we are just ensuring submitted products are in fact valid echo $expertise; } } if($input->get->cb_sectors) { foreach($input->get->cb_sectors as $sector) { // here we are just ensuring submitted products are in fact valid echo $sector; } } if($input->get->cb_status) { foreach($input->get->cb_status as $status) { // here we are just ensuring submitted products are in fact valid echo $status; } } if($input->get->cb_year) { foreach($input->get->cb_year as $year) { // here we are just ensuring submitted products are in fact valid echo $year; } } } ?>
- 21 replies