Jump to content
Sign in to follow this  
kongondo

Is this correct use of $sanitizer?

Recommended Posts

Hi,

I am sanitizing some variables coming in via GET through Ajax as follows before passing them on to a selector. Is this the correct way of doing it? Secondly, can I instead type cast where I am expecting integers? Thanks.

$sort = explode(" ", $sanitizer->selectorValue($input->get->SortX)); 
$sortOrder = $sort[1] == "DESC" ? "-" : "" ; 
$sortValue = $sort[0];

$start = $sanitizer->selectorValue($input->get->StartX);
$limit = $sanitizer->selectorValue($input->get->SizeX); 

//Would this suffice as well since I am expecting integers here?
//$start = (int) $input->get->StartX;
//$limit = (int) $input->get->SizeX;

//What about this (access as array index)?
//$start = (int) $input->get["StartX"];
//$limit = (int) $input->get["SizeX"];

$results = $pages->find("has_parent!=2, id!=2|7, include=all, start=$start, limit=$limit, sort=$sortOrder$sortValue");

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By jds43
      Hello,
      I have a search page loosely based on Skyscrapers where I'm parsing a selector with options 'beds', 'bathrooms', 'size' fields. It is working well until I select 'Any' after I've run a search. This is where no results are returned (/?beds=&bathrooms=&size=&submit=). I want it to reset and show all results.
      I hope this isn't too vague.
       
    • By brdje
      Greetings,
       
      I've created a product database which all use the template product.php and are published on the website.
      I'm trying to create an overview table with pagination of all the products, but using $pages->get does not return an object, only the object title.
      $products = $pages->get("template=product, limit=10"); This returns 10 strings in the frontend but not the object. When looping over the result set to get product fields, i get the following error:
      Notice: Trying to get property 'title' of non-object
       
      Because the product database is fairly large, i've added a pagination using the same query and this does return all the pages, but i can't click on the links that the paginator renders.
      $results = $pages->find("template=product, limit=10"); if($results->getTotal() > 10) { echo $results->renderPager(array( "nextItemLabel" => "Volgende", "previousItemLabel" => "Vorige", "currentItemClass" => 'active' )); }
      I've added the option in the template to allow page numbers. When i navigate to the link manually, i still end up seeing the 10 first products.
       
      I've tried changing several settings around, but i'm a bit stuck on how to resolve these issues. Do you have any advice what I need to adjust?
      Thanks in advance for your feedback.
       
       
    • By Robin S
      Sanitizer EasySlugger
      Allows the use of the EasySlugger library as Sanitizer methods.
      Installation
      Install the Sanitizer EasySlugger module.
      Usage
      The module adds four new sanitizer methods.
      slugger($string, $options)
      Similar to $sanitizer->pageName() - I'm not sure if there are any advantages over that method. Included because it is one of the methods offered by EasySlugger.
      $slug = $sanitizer->slugger('Lorem Ipsum'); // Result: lorem-ipsum utf8Slugger($string, $options)
      Creates slugs from non-latin alphabets.
      $slug = $sanitizer->utf8Slugger('这个用汉语怎么说'); // Result: zhe-ge-yong-han-yu-zen-me-shuo seoSlugger($string, $options)
      Augments the string before turning it into a slug. The conversions are related to numbers, currencies, email addresses and other common symbols.
      $slug = $sanitizer->seoSlugger('The price is $5.99'); // Result: the-price-is-5-dollars-99-cents See the EasySlugger readme for some more examples.
      seoUtf8Slugger($string, $options)
      A combination of utf8Slugger() and seoSlugger().
      $slug = $sanitizer->seoUtf8Slugger('价钱是 $5.99'); // Result: jia-qian-shi-5-dollars-99-cents $options argument
      Each of the methods can take an $options array as a second argument.
      separator (string): the character that separates words in the slug. Default: - unique (bool): Determines whether a random suffix is added at the end of the slug. Default: false $slug = $sanitizer->utf8Slugger('这个用汉语怎么说', ['separator' => '_', 'unique' => true]); // Result: zhe_ge_yong_han_yu_zen_me_shuo_3ad66c4  
      https://github.com/Toutouwai/SanitizerEasySlugger
      https://modules.processwire.com/modules/sanitizer-easy-slugger/
    • By iipa
      Hello forum!
      I have a site, where I want to remember two settings defined by user:
      1) Theme (light or dark)
      2) Language (Finnish or English)
      Because user makes changes to these settings on client side, I am a bit lost with how can I save them in ProcessWire $session variable? I would like to use $session for more reliable saving, and since it is only two variables I will use, I doubt it will become too resource-needy.
      I have tried using jQuery's post() -method referring to a file in Templates folder (theme.php), but I get 403 Forbidden Error. I don't like the idea of trying to post to same file user currently is in, which is why I thought having a separate file would be good in this.
      Contents of theme.php:
      <?php namespace ProcessWire; header('Access-Control-Allow-Origin: https://domain.com'); $theme = $input->post['theme']; if(!empty($theme)) $session->theme = $theme; ?> Long story short: Does anybody have any pro tips I could use with setting and getting $session variables?
    • By VeiJari
      Hello forum!
      I've yet again stumbled on a head-scratching situation. We have enabled the option on our articles template and events template that it skips the title adding part and goes straight to the form. This is what our customer wants. So when you add a new article or event it automatically names it temporary to "article-0000000" and same with event. Now the problem is that obviously after saving the form we want to change to page url or "name" to the title, like it's normally. 
      Now here's the code for the hook:
      wire()->addHookBefore("Pages::saved(template=tapahtuma|artikkeli)", function($hook) {
        $page = $hook->arguments(0);
        $newUrl = wire()->sanitizer->pageName($page->title); // give it a name used in the url for the page
        wire()->log->message($page->name);
        $page->setAndSave('name', $newUrl);
      });
      I get the correct page and the name and path changes when I log them, but when I try to save it. It just loads and then I get: 
      Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 262144 bytes) This happens in sanitizer.php
      and then another error: Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 262144 bytes) in Unknown on line 0
       
      What is happening? Am I not suppose to use sanitizer in this way? When we made a temporary page object in out other hook, the sanitizer worked perfectly.
      Thanks for the help!
×
×
  • Create New...