Comments (7)
It is supported, but not documented. Forgot about it ...
You can set filters on __filters
key from your section array:
$_POST['sections']['news']['__filters'] = array('xss', 'etm-new-mail')
You can do it Frontend but I highly recommend doing it in a custom event. The priority of Sections Event
is set to LOW, but I recommend setting your custom event priority to HIGH.
from sections_event.
You can do it Frontend but I highly recommend doing it in a custom event.
Why recommend a custom event?
from sections_event.
Update: 10 may 2013: Fixed code to actually work.
You can set the filter in the Frontend like this:
<input name="sections[news][__filters][]" type="hidden" value="xss"/>
<input name="sections[news][__filters][]" type="hidden" value="etm-new-mail"/>
But you are vulnerable to DOM hijack.
So I recommend a custom event which simply sets the filter values in PHP:
public static function allowEditorToParse(){
return false;
}
public function priority(){
return self::kHIGH;
}
public function load(){
if( !isset($_REQUEST['action']['sections']) ) return;
$_REQUEST['sections']['news']['__filters'] = array(
'etm-new-mail',
'xss-fail'
);
}
from sections_event.
I've never thought about using an event in this way. Brilliant.
from sections_event.
Wow found this randomly. Filters work fine with the <input>
for me, but I can't get it working with the event
This is what I have.
<?php
require_once(TOOLKIT . '/class.event.php');
Class eventsend_message_notification extends SectionEvent{
public $ROOTELEMENT = 'send-message-notification';
public $eDefaultValues = array(
);
public static function about(){
return array(
'name' => 'Send message notification',
'author' => array(
'name' => 'Patrick Yan',
'website' => 'http://local.crashdwell.com:8888',
'email' => '[email protected]'),
'version' => 'Symphony 2.3.2',
'release-date' => '2013-04-12T02:55:54+00:00'
);
}
public static function allowEditorToParse(){
return false;
}
public function priority(){
return self::kHIGH;
}
public function execute(){
$_POST['sections']['messages']['__filters'] = array(
'etm-new-message',
'xss-fail'
);
return false;
}
public function load(){
}
}
from sections_event.
I'll have a look this weekend.
from sections_event.
@patrickyan I uploaded the code example in my above comment b/c it was flawed. The code you need should stay in the load()
method, not execute()
. In your case, this is what you need:
<?php
require_once(TOOLKIT . '/class.event.php');
Class eventsend_message_notification extends Event{
public static function about(){
return array(
'name' => 'Send message notification',
'author' => array(
'name' => 'Patrick Yan',
'website' => 'http://local.crashdwell.com:8888',
'email' => '[email protected]'),
'version' => 'Symphony 2.3.2',
'release-date' => '2013-04-12T02:55:54+00:00'
);
}
public static function allowEditorToParse(){
return false;
}
public function priority(){
return self::kHIGH;
}
public function load(){
if( !isset($_REQUEST['action']['sections']) ) return;
$_REQUEST['sections']['messages']['__filters'] = array(
'etm-new-message',
'xss-fail'
);
}
}
from sections_event.
Related Issues (15)
- Errors with 1.4 HOT 7
- Unable to get multiple ids in a SBL field HOT 5
- Weird validation errors HOT 2
- Same problem again as issue #2 with latest update HOT 5
- Feature request: custom validation messages HOT 2
- Files not uploading once again HOT 1
- Validation for multiple sections doesn't work HOT 5
- Suggest Feature: Something similar to Fingerprint extension HOT 2
- Problems when saving special characters HOT 6
- Inserting POST values with an event before Sections Event HOT 3
- Different filters on different sections? HOT 5
- Mutliple sections and Reflection Field HOT 22
- Sections Event and latest members not working HOT 4
- Sections Event without Members extension? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sections_event.