Access ProcessWire api from external file

[microcipcip]

How do you access ProcessWire API from an external file? I wrote a class and I need to use the API from there...my php file is in templates/includes/file.php

<?php namespace ProcessWire;

include_once('../../../index.php');

class myClass {
  private function ($query){
    return $sanitizer->selectorValue($query);
  }
}

I get this error: Call to a member function selectorValue() on a non-object

[clsource]

if your file is in templates and is using the ProcessWire namespace you don't need to include index.php.

take a look in my rest helper if you need an example

 

https://github.com/NinjasCL/pw-rest

 

[adrian]

You need wire('sanitizer') or $this->wire('saniizer') or $this->sanitizer when you are inside the scope of a function. It doesn't have anything to do with bootstrapping PW like you are doing there by loading a file that is not in the root of the templates directory.

Have a read here (https://processwire.com/blog/posts/processwire-2.6.21-upgrades-comments-more-on-pw-3.x/#more-updates-on-processwire-3.0) for more details of what works where.

[microcipcip]

7 hours ago, adrian said:

You need wire('sanitizer') or $this->wire('saniizer') or $this->sanitizer when you are inside the scope of a function. It doesn't have anything to do with bootstrapping PW like you are doing there by loading a file that is not in the root of the templates directory.

Thanks a lot, that was it. I was actually looking at https://github.com/NinjasCL/pw-rest trying to understand why it didn't need to include the index.php file .
BTW, do you know if this is the correct way of sanitizing a query?
 

function getSelectors() {
  $selectors = [];
  foreach ($input->get->getArray() as $key => $query) {
    $query = wire('sanitizer')->selectorValue($query);
    array_push($selectors, $key.'='.$query);
  }
  return implode(',', $selectors);
}

// then below I'd use...
$p->children(getSelectors());

I have a query of this kind (in a REST API) "http:/mysite.com/api/pages/1?template=home|about" but when I debug it I get 0 => "template=home about" so it seems that it is removing the pipe. It also removes selector operators like >, =, < etc...

[adrian]

@microcipcip - "selectorValue" as the sanitizer is correct so I don't see any issues with what you have done. I am curious though - are you using that getSelectors() function elsewhere, or just calling it the once? If just once there is no real advantage to making it a function.

Also, you might find the array approach to selectors easier in this case. Have a read here:
https://processwire.com/blog/posts/processwire-3.0.13-selector-upgrades-and-new-form-builder-version/#new-selectors-as-regular-arrays

[microcipcip]

I need the function because I need to use it in several places and I want to allow only certain search queries (otherwise someone may be able to see hidden pages or hidden fields). The array approach seems interesting, I'll have a look, thanks a lot for your help

[kongondo]

@microcipcip....not sure if you know that a find call, e.g. $pages->find, p->children never returns hidden pages unless you declare include=hidden etc (@see here:

http://processwire.com/api/selectors/#access_control

[microcipcip]

Yes I know this, that's why I'll filter the results, I have an array of allowed selectors. I just wasn't sure about how to sanitize the query properly, it's for a REST API. It seems I only need to specify type cast, but I can also make use of an array as specified here, although I am not sure which one is more secure and how easy it is to convert from the query to that format.

[microcipcip]

Actually It seems that it is more challenging than what I initially thought as it seems difficult to predict all possible results, for example if I have a query like this !body*=sushi tobiko&body|sidebar*=carbonated it will return

"!body*" => "sushi tobiko" 
"body|sidebar*" => "carbonated" 

Also I need to take into account the selector operators....what is a good practice and the correct query syntax to get the selectors and santizie them properly? For example if I don't wan't to allow fields not visible in the API or disable include=hidden, etc?