CodeExtinguisher Release Candidate 11

[eluser]Mahmoud M. Abdel-Fattah[/eluser]
how can I know the parameters for each plugin ?!

[eluser]Majd Taby[/eluser]
minimal design, what plugin are you using, can you paste the full, edited plugin here?

[eluser]minimal design[/eluser]
Sure, here it is.

It almost works, but I can't figure out how to get rid off the character -> entity conversion when data is inserted in DB. Thanks!

Code:

<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
class TextAreaClean extends codexForms
{
    function TextAreaClean($name,$params) {
        $params['attributes']['cols'] = (isset($params['attributes']['cols']))? $params['attributes']['cols'] : 30 ;
        $params['attributes']['rows'] = (isset($params['attributes']['rows']))? $params['attributes']['rows'] : 10 ;
        codexForms::initiate($name,$params);
    }

    function prepForDB($value){
        return $value;
    }

    function prepForDisplay($value){
        return $value;
    }

    function getHTML()
    {
        $html = "";
        $html .= $this->prefix;
        $html .= $this->getMessage($this->name);
        $html .= '
            <label for="'.$this->element_name.'">
                '.$this->label.'
            </label>
            &lt;textarea id="'.$this-&gt;name.'" name="'.$this->element_name.'" '.$this->getAttributes($this->attributes).'>'.$this->value.'&lt;/textarea&gt;
        ';
        $html .= $this->suffix;
        
        return $html;
    }
}
?&gt;

[eluser]Majd Taby[/eluser]
minimal design, I found the problem. Open config/config.php and change global_xss_filtering to FALSE. It wasn't a CodeExtinguisher issue

[eluser]minimal design[/eluser]
[quote author="jTaby" date="1209680048"]minimal design, I found the problem. Open config/config.php and change global_xss_filtering to FALSE. It wasn't a CodeExtinguisher issue [/quote]

Great news! I knew it had to be something up in the hierarchy, but I didn't think about looking all the way up to the config file!

Thanks a bunch!

[eluser]Majd Taby[/eluser]
well it was kind of tricky...it was being filtered...and I thought the browser was doing it..so I set up a 10 line straight-php file that just printed the $_POST array and saw that it wasn't being filtered...so I knew it was CodeIgniter...then I just went to the user guide and searched for html entities

[eluser]minimal design[/eluser]
[quote author="jTaby" date="1209680825"]well it was kind of tricky...it was being filtered...and I thought the browser was doing it..so I set up a 10 line straight-php file that just printed the $_POST array and saw that it wasn't being filtered...so I knew it was CodeIgniter...then I just went to the user guide and searched for html entities [/quote]

I'm assuming I have to add xss filtering back in "manually" in login controller right? Should be pretty easy, but if I may, I'd put in a feature request to have the xss filtering "hard coded" everywhere but not in the form field plugins, that way we can easily add markdown, Textile, or whatever wacky formatting option is out there

Thanks!

[eluser]Majd Taby[/eluser]
yes, it's actually unnecessary because all the default plugins do their own redundant xss filtering anyway

[eluser]minimal design[/eluser]
[quote author="jTaby" date="1209681403"]yes, it's actually unnecessary because all the default plugins do their own redundant xss filtering anyway[/quote]

sweet - so my feature request has already been implemented

[eluser]Majd Taby[/eluser]
To anyone subscribed to this thread, I have just release RC12, please try it and let me know how it works for you. There are a lot of changes so check out the changelog and again, let me know if you find any bugs.

Thanks for everything so far!

http://ellislab.com/forums/viewthread/78464/