Jump to content

Create pages using the API


onjegolders
 Share

Recommended Posts

Sorry, but can find no reference to be able to create pages using the API but am sure it's possible. Is there a reference anywhere?

At present, I'm using guesswork..

$new_page = new Page();

How do you set the name, template and parent?

Any nod in the right direction would be much appreciated.

Link to comment
Share on other sites

Thanks again, any ideas how to update a "page" field via the API?

I can use either a multi select or a checkbox in the form but not too sure how to send that to the newly created page.

My example is a new student who needs to be linked to one or more subjects (subjects are pages)

Link to comment
Share on other sites

You do it as with the other fields, but pass it a page object instead of a string

$p->page_field = $pages->get("/new/");

will replace the page tat is already there in a single page field, and add a new page to a multi pages field.

In a multi pages field you can also pass a page array:

$p->page_field = $pages->find("template=any");

Edit: to remove pages use remove():

$p->page_field->remove($pages->get("/new/"));

Ryan, would be nice if this page would be updated with API info

Link to comment
Share on other sites

Thanks Diogo, any idea on how to combine that with $input->post->type?

It would be coming from a front-end form, probably as the output of a multi select or checkbox.

At the moment I have this, which returns the first selected subject but cannot get more than 1. I'm imagining I have to input it somehow as an array?

<?php
 // user is authenticated and may change their password
 if($input->post->submit_pass) {
    if($input->post->pass !== $input->post->pass_confirm) {
	  echo "<h2>Passwords do not match!</h2>";
    } else if(strlen($input->post->pass) < 6) {
	  // if you want to enforce a minimum password length (recommended)
	  echo "<h2>Your password is too short. Must be 6 characters or more.</h2>";
    } else {
	  $student_page = new Page();
	  $student_page->of(false);
   $student_page->template = "student";
   $student_page->parent = $pages->get("/students/");
   $student_page->title = $input->post->first_name . " " . $input->post->last_name;
	  $student_page->set("first_name", $input->post->first_name);
	  $student_page->set("last_name", $input->post->last_name);
	  $student_page->set("email", $input->post->email);
	  $student_page->set("skype_name", $input->post->skype_name);
	  $student_page->set("subject", $input->post->subject);
	  $student_page->save();
	  $student_page->of(true);
	  echo "<h5>Student has been added</h5>";
    }
 }
?>
<form action="" id="add_user" method="post">
 <label for="username">Username</label>
 <input type="text" name="username">
 <label for="first_name">First Name</label>
 <input type="text" name="first_name">
 <label for="last_name">Last Name</label>
 <input type="text" name="last_name">
 <label for="email">Email address</label>
 <input type="text" name="email">
 <label for="skype_name">Skype name</label>
 <input type="text" name="skype_name">
 <label for="pass">New password</label>
 <input type="password" name="pass">
 <label for="pass_confirm">Confirm password</label>
 <input type="password" name="pass_confirm">
 <label for="subject">Subject</label>
 <select multiple name="subject">
  <?php foreach ($pages->get("template=subjects")->children() as $subject) { ?>
  <option name="subject" value="<?php echo $subject->id; ?>"><?php echo $subject->title; ?>
 <?php } ?>
 </select>
 <input type="submit" name="submit_pass">
</form>
Link to comment
Share on other sites

Since you are setting your text fields directly from $input->post variables without sanitization/validation, make sure that all of your text fields have the HTML Entities textformatter enabled. To illustrate the potential problem, try putting this into a text field that does not have an HTML Entities textformatter enabled:

<script>alert('gotcha!')</script>

If you get a "gotcha" alert box, then someone can basically take over the entire page and your site is vulnerable to cross-site scripting attacks. That's why it's really important to make sure any output coming from non-trusted users is always entity encoded.

  • Like 1
Link to comment
Share on other sites

Should I generally leave it on for all text fields?

If any of the users who get to enter stuff into these fields are students then I'd say "Yes!" Make sure every field they can type into is encoded. Similarly, if input is coming from staff or contractors, any of whom may get disgruntled or leave with a grudge, then leave it on.

Link to comment
Share on other sites

Thanks Ryan, is there any reason why it's not on by default? Should I generally leave it on for all text fields?

I don't want to make assumptions about what people are using the text field for. If you are planning to use HTML, Textile, Markdown, BBCode, etc., then you don't want this Textformatter on. I usually make most of my text fields use Textile or Markdown (rather than HTML Entities) so that I can still have the ability to insert links and have basic formatting when I need it (even for single line text fields like 'title'). If the fields will contain untrusted user input, then I would choose TextileRestricted or BBCode (Markdown is not safe here, as it still allows HTML). Though if you don't need them to have any formatting ability, then I would just stick with HTML Entities, to exclude that possibility.

There are just so many legitimate uses of tags in a field that I'd rather someone decide what they plan to use it for rather than us assuming what they will use it for. Still, I can see someone skipping over this not really understanding the security risks, so what may be warranted is for me to have it show a warning when no Textformatter is selected. There are plenty of cases where you actually don't want any Textformatters, but something containing untrusted user input is not one of them.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...