Jump to content

Access ProcessWire api from external file


microcipcip
 Share

Recommended Posts

How do you access ProcessWire API from an external file? I wrote a class and I need to use the API from there...my php file is in templates/includes/file.php

<?php namespace ProcessWire;

include_once('../../../index.php');

class myClass {
  private function ($query){
    return $sanitizer->selectorValue($query);
  }
}

I get this error: Call to a member function selectorValue() on a non-object

Link to comment
Share on other sites

You need wire('sanitizer') or $this->wire('saniizer') or $this->sanitizer when you are inside the scope of a function. It doesn't have anything to do with bootstrapping PW like you are doing there by loading a file that is not in the root of the templates directory.

Have a read here (https://processwire.com/blog/posts/processwire-2.6.21-upgrades-comments-more-on-pw-3.x/#more-updates-on-processwire-3.0) for more details of what works where.

  • Like 1
Link to comment
Share on other sites

7 hours ago, adrian said:

You need wire('sanitizer') or $this->wire('saniizer') or $this->sanitizer when you are inside the scope of a function. It doesn't have anything to do with bootstrapping PW like you are doing there by loading a file that is not in the root of the templates directory.

Thanks a lot, that was it. I was actually looking at https://github.com/NinjasCL/pw-rest trying to understand why it didn't need to include the index.php file :).
BTW, do you know if this is the correct way of sanitizing a query?
 

function getSelectors() {
  $selectors = [];
  foreach ($input->get->getArray() as $key => $query) {
    $query = wire('sanitizer')->selectorValue($query);
    array_push($selectors, $key.'='.$query);
  }
  return implode(',', $selectors);
}

// then below I'd use...
$p->children(getSelectors());

I have a query of this kind (in a REST API) "http:/mysite.com/api/pages/1?template=home|about" but when I debug it I get 0 => "template=home about" so it seems that it is removing the pipe. It also removes selector operators like >, =, < etc...

Link to comment
Share on other sites

@microcipcip - "selectorValue" as the sanitizer is correct so I don't see any issues with what you have done. I am curious though - are you using that getSelectors() function elsewhere, or just calling it the once? If just once there is no real advantage to making it a function.

Also, you might find the array approach to selectors easier in this case. Have a read here:
https://processwire.com/blog/posts/processwire-3.0.13-selector-upgrades-and-new-form-builder-version/#new-selectors-as-regular-arrays

  • Like 1
Link to comment
Share on other sites

Yes I know this, that's why I'll filter the results, I have an array of allowed selectors. I just wasn't sure about how to sanitize the query properly, it's for a REST API. It seems I only need to specify type cast, but I can also make use of an array as specified here, although I am not sure which one is more secure and how easy it is to convert from the query to that format.

Link to comment
Share on other sites

Actually It seems that it is more challenging than what I initially thought as it seems difficult to predict all possible results, for example if I have a query like this !body*=sushi tobiko&body|sidebar*=carbonated it will return

"!body*" => "sushi tobiko" 
"body|sidebar*" => "carbonated" 

Also I need to take into account the selector operators....what is a good practice and the correct query syntax to get the selectors and santizie them properly? For example if I don't wan't to allow fields not visible in the API or disable include=hidden, etc?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...