Jump to content

Using sanitizer with path in selector for $pages->get()

AAD Web Team

By AAD Web Team,
in API & Templates

 Share

Recommended Posts

AAD Web Team Sr. Member

AAD Web Team

Posted
Posted

I found the following to be a bit confusing, so I'm posting it to check if my understanding is correct…

If we're looking for a page at a particular path that unfortunately has a comma in it (I'm aiming to get rid of all commas in URLs in future, but there's a legacy of existing ones to deal with): 

$path = '/news/2012/australia,france';

We had the code: 

$result = $pages->get($path);

This was throwing an exception inside the ProcessWire core: 

Error: Exception: Unknown Selector operator: '[empty]' -- was your selector value properly escaped? (in /srv/www/antarctica/wire/core/Selectors.php line 420)

The mention of 'escaped' made me think to use sanitizer on the path before using it in a selector. So I changed the code: 

$safePath = $sanitizer->selectorValue($path);
$result = $pages->get($safePath);

This was surrounding the path with double-quotes before passing it through. However I was still getting the same error (with some slightly different details).

Then I realised that despite the error message mentioning 'selector', $pages->get() isn't actually treating the my $safePath variable as a selector string, but as a string that contains a page path, which is why it still crashes.

Then I tried this: 

$safePath = $sanitizer->selectorValue($path);
$result = $pages->get("path=$safePath");

This works! (i.e., it doesn't crash. We don't find any page – I don't think ProcessWire can have commas in paths anyway. So it's fine to return a NullPage, I just wanted it to not crash.)

However, using 'path=' in a selector isn't documented, so I'm not sure if this is something you're supposed to do. The instructions suggest that you use either a selector or a page path, but not a page path within a selector.

Does anyone have any advice about this? Is 'path=' supported in a selector? How does the $pages->get() or $pages->findOne() method know if it's being passed a selector string or a string that contains a page path?

Link to comment
Share on other sites
Robin S Hero Member

Robin S

Posted
Posted
1 hour ago, AAD Web Team said:

The mention of 'escaped' made me think to use sanitizer on the path before using it in a selector.

A sanitizer is a good idea, but not $sanitizer->selectorValue() because as you say you are not supplying a selector to the method but are supplying a path (you can also supply an ID which is different again). So you'd want $sanitizer->pagePathName().

2020-05-22_202739.png.c7ac27d45d864b07cd683cf2ef0213ab.png

1 hour ago, AAD Web Team said:

Is 'path=' supported in a selector?

Yes, in fact you can see in the error message that PW builds a selector using "path=" when you supply a path to $pages->get().

2020-05-22_202248.png.ccaef5066e3ff1b1ef88f17479b98d60.png

1 hour ago, AAD Web Team said:

How does the $pages->get() or $pages->findOne() method know if it's being passed a selector string or a string that contains a page path?

See here: https://github.com/processwire/processwire/blob/88e04129c72c1702926543c8bef555a9f0d1043f/wire/core/PagesLoader.php#L131-L133 

else if($selector[0] === '/') {
	// if selector begins with a slash, it is referring to a path
	$selector = "path=$selector";

 

  • Like 3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...