How to sanitize input parameters with CMSMS? (the built-in mechanism)

Talk about writing modules and plugins for CMS Made Simple, or about specific core functionality. This board is for PHP programmers that are contributing to CMSMS not for site developers
Post Reply
mihai11
New Member
New Member
Posts: 8
Joined: Mon Jun 15, 2009 6:34 am

How to sanitize input parameters with CMSMS? (the built-in mechanism)

Post by mihai11 »

Hello,



I am trying to sanitize the input parameters using the mechanism that is built-in into CMSMS. For this purpose, in the function "SetParameters()" I am defining this:

Code: Select all

function SetParameters()
{
	$this->RestrictUnknownParams();
	$this->SetParameterType('step', CLEAN_STRING);
	$this->mCachable = false;
}
and in the file "action.default.php" I am trying to read the params like this:

Code: Select all

$step = $params['step'];
echo "step = '$step' <br />";
It doesn't matter how am I sending the 'step' parameter to the form - thru POST or GET. The 'step' is alsways empty.

If I am reading the parameters thru $_REQUEST, $_POST and $_GET everything seems to work:

Code: Select all

$step = $_REQUEST['step'];
but the variables are not "cleaned".

Please tell me what am I doing wrong.


Note: I am using the CMSMS version 1.5.4.



Regards,
Razvan
Top
alby

Re: How to sanitize input parameters with CMSMS? (the built-in mechanism)

Post by alby »

mihai11 wrote:

Code: Select all

$step = $_REQUEST['step'];
You must use a CreateForm/CreateLink API's for sending.
This create a (about) m1_step if you look in $_REQUEST and step in $params

Alby
Top
mihai11
New Member
New Member
Posts: 8
Joined: Mon Jun 15, 2009 6:34 am

Re: How to sanitize input parameters with CMSMS? (the built-in mechanism)

Post by mihai11 »

alby wrote:
mihai11 wrote:

Code: Select all

$step = $_REQUEST['step'];
You must use a CreateForm/CreateLink API's for sending.
This create a (about) m1_step if you look in $_REQUEST and step in $params

Alby
Thank you for your answer.

I've seen in the "News" plugin that they are using code like this:

Code: Select all

$step = $params['step'];
When should this be used?

Other observations:
1) Can't I just sanitize any parameter that is defined with a call to "SetParameterType"?
2) For a given module I might have many forms on different templates; Where should I call the CreateForm/CreateLink API's? Can you provide a fully functional example?



Regards,
Razvan
Last edited by mihai11 on Tue Jun 16, 2009 6:37 am, edited 1 time in total.
Top
alby

Re: How to sanitize input parameters with CMSMS? (the built-in mechanism)

Post by alby »

mihai11 wrote:

Code: Select all

$step = $params['step'];
In general in your target (Form or Link is your source with your variables) or are params in your template tag

mihai11 wrote: 1) Can't I just sanitize any parameter that is defined with a call to "SetParameterType"?
Yes, if you use a param not set you have a error (depend of configuration will be displayed or not)

mihai11 wrote: 2) For a given module I might have many forms on different templates; Where should I call the CreateForm/CreateLink API's?
In your source, for example create your form with form's API:
CreateFormStart
CreateFormEnd
CreateInputSubmit
CreateLabelForInput
CreateInputText
CreateTextarea
.............
.............

mihai11 wrote: Can you provide a fully functional example?
Look source in any "recent" module and play

Alby
Top
Post Reply

Return to “Developers Discussion”