From: Chuck Scott Date: Mon, 23 Mar 2015 18:47:08 +0000 (-0400) Subject: Sorted out input filtering for the Data Abstract to use with tinyMCE editor and wp_ed... X-Git-Tag: v1.0.0~45 X-Git-Url: http://cvs2.gaslightmedia.com/gitweb/?a=commitdiff_plain;h=0a3227329f15bad7c7d64ba46e73660f246f4352;p=WP-Plugins%2Fglm-member-db.git Sorted out input filtering for the Data Abstract to use with tinyMCE editor and wp_editor(). --- diff --git a/classes/data/dataMemberInfo.php b/classes/data/dataMemberInfo.php index 82bdce26..893725cd 100644 --- a/classes/data/dataMemberInfo.php +++ b/classes/data/dataMemberInfo.php @@ -178,7 +178,6 @@ class GlmDataMemberInfo extends GlmDataAbstract 'descr' => array( 'field' => 'descr', 'type' => 'text', - 'filter' => FILTER_SANITIZE_MAGIC_QUOTES, 'use' => 'a' ), @@ -186,7 +185,7 @@ class GlmDataMemberInfo extends GlmDataAbstract 'short_descr' => array ( 'field' => 'short_descr', 'type' => 'text', - 'use' => 'a' + 'use' => 'a' ), // Address Line 1 @@ -311,7 +310,6 @@ class GlmDataMemberInfo extends GlmDataAbstract 'notes' => array ( 'field' => 'notes', 'type' => 'text', - 'filter' => FILTER_SANITIZE_MAGIC_QUOTES, 'use' => 'a' ) diff --git a/lib/GlmDataAbstract/.~lock.documentation.odt# b/lib/GlmDataAbstract/.~lock.documentation.odt# index 01daedf3..49fed26b 100644 --- a/lib/GlmDataAbstract/.~lock.documentation.odt# +++ b/lib/GlmDataAbstract/.~lock.documentation.odt# @@ -1 +1 @@ -,cscott,Ubuntu-1404,13.03.2015 12:40,file:///home/cscott/.config/libreoffice/4; \ No newline at end of file +,cscott,Ubuntu-1404,23.03.2015 14:45,file:///home/cscott/.config/libreoffice/4; \ No newline at end of file diff --git a/lib/GlmDataAbstract/DataAbstract.php b/lib/GlmDataAbstract/DataAbstract.php index c3d30a89..5fd3d3b7 100755 --- a/lib/GlmDataAbstract/DataAbstract.php +++ b/lib/GlmDataAbstract/DataAbstract.php @@ -1182,7 +1182,7 @@ abstract class GlmDataAbstract $this->inputFieldStatus = true; - // Set input filter or use specified filter - see PHP input_filter(); + // If a filter has been specified, use that with the php filter_input() function. $filter = FILTER_SANITIZE_STRING; if (isset($f['filter'])) { if (!is_numeric($f['filter'])) { @@ -1190,19 +1190,24 @@ abstract class GlmDataAbstract exit; } $filter = $f['filter']; - } - // Set input filter options or use specified filter options - see PHP input_filter(); - $filter_options = 0; //FILTER_FLAG_NO_ENCODE_QUOTES; - if (isset($f['filter_options'])) { - if (!is_numeric($f['filter_options'])) { - echo "

 

ERROR: Supplied value for 'filter_options' is fields array not a defined filter option for PHP filter_input();"; - exit; + // Set input filter options or use specified filter options - see PHP input_filter(); + $filter_options = 0; //FILTER_FLAG_NO_ENCODE_QUOTES; + if (isset($f['filter_options'])) { + if (!is_numeric($f['filter_options']) && !is_array($f['filter_options'])) { + echo "

 

ERROR: Supplied value for 'filter_options' is not valid;"; + exit; + } + $filter_options = $f['filter_options']; } - $filter_options = $f['filter_options']; + + $in = filter_input(INPUT_POST, $as, $filter, $filter_options); + + // Otherwise, if no filter is specified, use the standard WordPress wp_kses_post() function to to the filtering - Requires slashes removed first. + } else { + $in = wp_kses_post(stripslashes($_POST[$as])); } - $in = filter_input(INPUT_POST, $as, $filter, $filter_options); // Check for required field if (isset($f['required']) && $f['required'] && trim($in) == '') { diff --git a/lib/GlmDataAbstract/documentation.odt b/lib/GlmDataAbstract/documentation.odt index b1a35198..65242b3e 100644 Binary files a/lib/GlmDataAbstract/documentation.odt and b/lib/GlmDataAbstract/documentation.odt differ diff --git a/models/admin/member/memberInfo.php b/models/admin/member/memberInfo.php index b7cd2338..20a03f87 100644 --- a/models/admin/member/memberInfo.php +++ b/models/admin/member/memberInfo.php @@ -232,7 +232,7 @@ class GlmMembersAdmin_member_memberInfo extends GlmDataMemberInfo // Setup to input a new member information record case 'create': - $MemberInfo = $this->newEntry(); + $memberInfo = $this->newEntry(); break; @@ -242,7 +242,7 @@ class GlmMembersAdmin_member_memberInfo extends GlmDataMemberInfo if ($haveMemberInfo) { // Update the member Info data - $MemberInfo = $this->updateEntry($memberInfoID); + $memberInfo = $this->updateEntry($memberInfoID); break; } else { @@ -260,10 +260,10 @@ class GlmMembersAdmin_member_memberInfo extends GlmDataMemberInfo // Insert the new member info into the database $this->memberName = $memberData['name']; - $MemberInfo = $this->insertEntry(); - if ($MemberInfo['status']) { + $memberInfo = $this->insertEntry(); + if ($memberInfo['status']) { - $memberInfoID = $MemberInfo['fieldData']['id']; + $memberInfoID = $memberInfo['fieldData']['id']; $haveMemberInfo = true; // Also store member name for reference and sorting @@ -288,16 +288,16 @@ class GlmMembersAdmin_member_memberInfo extends GlmDataMemberInfo // Clone the current member info $memberInfoID = $CloneMemberInfo->cloneMemberInfo($memberInfoID); - $MemberInfo = $this->editEntry($memberInfoID); + $memberInfo = $this->editEntry($memberInfoID); // Default is to display the currently selected member information record in a form for updates default: // Edit the existing member - $MemberInfo = $this->editEntry($memberInfoID); + $memberInfo = $this->editEntry($memberInfoID); // If we have member data, say so - if (is_array($MemberInfo) && $MemberInfo['status']) { + if (is_array($memberInfo) && $memberInfo['status']) { $haveMemberInfo = true; @@ -339,7 +339,7 @@ class GlmMembersAdmin_member_memberInfo extends GlmDataMemberInfo $this->wpdb->query($sql); // Get updated member information for editing. - $MemberInfo = $this->editEntry($memberInfoID); + $memberInfo = $this->editEntry($memberInfoID); } } @@ -495,7 +495,7 @@ class GlmMembersAdmin_member_memberInfo extends GlmDataMemberInfo } if (GLM_MEMBERS_PLUGIN_ADMIN_DEBUG_VERBOSE) { - glmMembersAdmin::addNotice($MemberInfo, 'DataBlock', 'Member Data'); + glmMembersAdmin::addNotice($memberInfo, 'DataBlock', 'Member Data'); } // Compile template data @@ -505,7 +505,7 @@ class GlmMembersAdmin_member_memberInfo extends GlmDataMemberInfo 'member' => $memberData, 'haveMemberInfo' => $haveMemberInfo, 'memberInfoID' => $memberInfoID, - 'memberInfo' => $MemberInfo, + 'memberInfo' => $memberInfo, 'haveCategories' => $haveCategories, 'categories' => $categories, 'categoryMemberInfo' => $categoryMemberInfo, @@ -526,5 +526,4 @@ class GlmMembersAdmin_member_memberInfo extends GlmDataMemberInfo } - ?> diff --git a/views/admin/member/memberInfo.html b/views/admin/member/memberInfo.html index f8d27663..ec971fcb 100644 --- a/views/admin/member/memberInfo.html +++ b/views/admin/member/memberInfo.html @@ -91,9 +91,9 @@ Description: {php} - wp_editor('{$memberInfo.fieldData.descr}', 'glm_descr', array( - 'media_buttons' => false, - 'quicktags' => false, + wp_editor('{$memberInfo.fieldData.descr|escape:quotes}', 'glm_descr', array( + // 'media_buttons' => true, + // 'quicktags' => false, 'textarea_name' => 'descr', 'editor_height' => 200, // Height in px, overrides editor_rows // 'textarea_rows' => 8