Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
Could magic_quotes_gpc affect the StripTags filter in relation to the allowed attributes? I do not have access to the server so I attempted to turn off magic-quotes in a php.ini file placed in my root directory, but doing this causes the following exception: *Message:* The PDO extension is required for this adapter but the extension is not loaded Without magic_quotes_gpc = Off in the php.ini The above exception does not occur. I'm on a shared host. On Wed, Jul 15, 2009 at 4:47 PM, J DeBord jasdeb...@gmail.com wrote: Thanks again Matthew. I just downloaded ZF from the trunk and I am 99% sure it is the only copy on the include path. From my bootstrap: define('LIBRARY_PATH', APPLICATION_PATH . '/../library'); define('APPLICATION_ENVIRONMENT', 'development'); set_include_path(LIBRARY_PATH); In fact the library folder is the only thing on the include path. phpinfo() after setting the include path in the bootstrap: include_path/home/jasondeb/workspace/JDnetZend/application/../library .:/usr/share/php:/usr/share/pear I deleted the copy that was in /usr/share/php just to be sure. Still not working. Any other ideas? Thanks, Jason On Wed, Jul 15, 2009 at 2:09 PM, Matthew Weier O'Phinney matt...@zend.com wrote: -- J DeBord jasdeb...@gmail.com wrote (on Wednesday, 15 July 2009, 08:13 AM +0200): Thanks for the reply Matthew. I'm using 1.84 Still not working. After executing the code below (see form and controller code) and putting this into the textarea: p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p The following is entered into the MySql DB: [ ] Edit Delete 49 2009-07-15 07:54:32 1 This is alinked text/a. Everything but the a tag is stripped as expected, but the href is still being stripped. Could it have something to do with the Zend_Db_Table's insert method? There was a problem with attribute stripping identified and fixed in the 1.7 series, and what you're showing looks similar to that case -- but, as noted, the same code you have below is working for me (I just retried with your exact code, as well). I'm wondering if there is an older version of ZF on your include_path... FORM: ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $this-setDescription(What are you doing? What's new?); $textarea = new Zend_Form_Element_Textarea('message', array( 'id' = 'message', 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'validators' = array(), 'rows' = 2, 'cols' = 40, )); $this-addElement($textarea); $this-addElement('Submit', 'submit', array( 'Decorators' = array('ViewHelper'), 'class' = 'submit', 'Label' = 'Post Your Message!', 'Ignore' = true, )); $this-setDecorators(array( 'Description', 'FormElements', 'Fieldset', 'Form' )); } } CONTROLLER (postnewAction is the relevant piece): public function indexAction() { $this-view-headTitle('Message Board'); $this-view-newMessageForm = $this-_getNewMessageForm(); } public function postnewAction() { $request = $this-getRequest(); if(!$request-isPost()) { $this-_helper-redirector('notauthorized', 'error'); } $form = $this-_getNewMessageForm(); if (!$form-isValid($request-getPost())) { $this-view-newMessageForm = $form; return $this-render('index'); } $values = $form-getValues(); $values['user_id'] = Zend_Auth::getInstance()-getIdentity()-id; $model = new Model_DbTable_Messages; $result = $model-insert($values); if(!$result) { throw new Zend_Exception('Problem adding message to database'); } $this-_helper-redirector('index', 'messageboard'); } protected function _getNewMessageForm() { $form = new Form_NewMessage; $form-setAction('/messageboard/postnew/'); return $form; } Again, I really appreciate your help. Thanks! J On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney matt...@zend.com wrote: -- J DeBord jasdeb...@gmail.com wrote (on Tuesday, 14 July 2009, 08:29 PM +0200): I've tried to make StripTags leave the href attribute, but it strips it out. I can't find the right syntax or it just doesn't work. The a tag is left intact, every other tag is stripped,
Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
Thanks for the reply Matthew. I'm using 1.84 Still not working. After executing the code below (see form and controller code) and putting this into the textarea: p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p The following is entered into the MySql DB: [image: Edit]http://localhost/phpmyadmin/tbl_change.php?db=jasondeb_jdnet_Zendtable=messagesprimary_key=+%60messages%60.%60id%60+%3D+49sql_query=SELECT+%2A+FROM+%60messages%60goto=sql.phptoken=e863630c23d959b05950ce1d215c6df5 [image: Delete]http://localhost/phpmyadmin/sql.php?db=jasondeb_jdnet_Zendtable=messagessql_query=DELETE+FROM+%60jasondeb_jdnet_Zend%60.%60messages%60+WHERE+%60messages%60.%60id%60+%3D+49+LIMIT+1zero_rows=The+row+has+been+deletedgoto=sql.php%3Fdb%3Djasondeb_jdnet_Zend%26table%3Dmessages%26sql_query%3DSELECT%2B%252A%2BFROM%2B%2560messages%2560%26zero_rows%3DThe%2Brow%2Bhas%2Bbeen%2Bdeleted%26goto%3Dtbl_structure.php%26token%3De863630c23d959b05950ce1d215c6df5token=e863630c23d959b05950ce1d215c6df5 49 2009-07-15 07:54:32 1 This is alinked text/a. Everything but the a tag is stripped as expected, but the href is still being stripped. Could it have something to do with the Zend_Db_Table's insert method? FORM: ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $this-setDescription(What are you doing? What's new?); $textarea = new Zend_Form_Element_Textarea('message', array( 'id' = 'message', 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'validators' = array(), 'rows' = 2, 'cols' = 40, )); $this-addElement($textarea); $this-addElement('Submit', 'submit', array( 'Decorators' = array('ViewHelper'), 'class' = 'submit', 'Label' = 'Post Your Message!', 'Ignore' = true, )); $this-setDecorators(array( 'Description', 'FormElements', 'Fieldset', 'Form' )); } } CONTROLLER (postnewAction is the relevant piece): public function indexAction() { $this-view-headTitle('Message Board'); $this-view-newMessageForm = $this-_getNewMessageForm(); } public function postnewAction() { $request = $this-getRequest(); if(!$request-isPost()) { $this-_helper-redirector('notauthorized', 'error'); } $form = $this-_getNewMessageForm(); if (!$form-isValid($request-getPost())) { $this-view-newMessageForm = $form; return $this-render('index'); } $values = $form-getValues(); $values['user_id'] = Zend_Auth::getInstance()-getIdentity()-id; $model = new Model_DbTable_Messages; $result = $model-insert($values); if(!$result) { throw new Zend_Exception('Problem adding message to database'); } $this-_helper-redirector('index', 'messageboard'); } protected function _getNewMessageForm() { $form = new Form_NewMessage; $form-setAction('/messageboard/postnew/'); return $form; } Again, I really appreciate your help. Thanks! J On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney matt...@zend.comwrote: -- J DeBord jasdeb...@gmail.com wrote (on Tuesday, 14 July 2009, 08:29 PM +0200): I've tried to make StripTags leave the href attribute, but it strips it out. I can't find the right syntax or it just doesn't work. The a tag is left intact, every other tag is stripped, but the href and title get stripped as well. I've also used the fluid interface when adding the Textarea, but changed it to what is below in hopes that it would work. What am I doing wrong? What version of ZF are you using? I did the following using current trunk: $element = new Zend_Form_Element_Textarea('foo', array( 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'value' = 'p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p', )); echo $element-getValue(); and got exactly what I expected: This is a href=http://foo.com/; title=Foo!linked text/a. ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $textarea = new Zend_Form_Element_Textarea('message'); $textarea-setDecorators($this-_defaultDecorators); $stripTags = new Zend_Filter_StripTags(array('a'), array('href', 'title')); $textarea-addFilter('StringTrim');
Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
To add: public function postnewAction() { $request = $this-getRequest(); if(!$request-isPost()) { $this-_helper-redirector('notauthorized', 'error'); } $form = $this-_getNewMessageForm(); if (!$form-isValid($request-getPost())) { $this-view-newMessageForm = $form; return $this-render('index'); } $values = $form-getValues(); Zend_Debug::dump($values); exit; Outputs: array(1) { [message] = string(27) This is alinked text/a. } On Wed, Jul 15, 2009 at 8:13 AM, J DeBord jasdeb...@gmail.com wrote: Thanks for the reply Matthew. I'm using 1.84 Still not working. After executing the code below (see form and controller code) and putting this into the textarea: p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p The following is entered into the MySql DB: [image: Edit]http://localhost/phpmyadmin/tbl_change.php?db=jasondeb_jdnet_Zendtable=messagesprimary_key=+%60messages%60.%60id%60+%3D+49sql_query=SELECT+%2A+FROM+%60messages%60goto=sql.phptoken=e863630c23d959b05950ce1d215c6df5 [image: Delete]http://localhost/phpmyadmin/sql.php?db=jasondeb_jdnet_Zendtable=messagessql_query=DELETE+FROM+%60jasondeb_jdnet_Zend%60.%60messages%60+WHERE+%60messages%60.%60id%60+%3D+49+LIMIT+1zero_rows=The+row+has+been+deletedgoto=sql.php%3Fdb%3Djasondeb_jdnet_Zend%26table%3Dmessages%26sql_query%3DSELECT%2B%252A%2BFROM%2B%2560messages%2560%26zero_rows%3DThe%2Brow%2Bhas%2Bbeen%2Bdeleted%26goto%3Dtbl_structure.php%26token%3De863630c23d959b05950ce1d215c6df5token=e863630c23d959b05950ce1d215c6df5 49 2009-07-15 07:54:32 1 This is alinked text/a. Everything but the a tag is stripped as expected, but the href is still being stripped. Could it have something to do with the Zend_Db_Table's insert method? FORM: ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $this-setDescription(What are you doing? What's new?); $textarea = new Zend_Form_Element_Textarea('message', array( 'id' = 'message', 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'validators' = array(), 'rows' = 2, 'cols' = 40, )); $this-addElement($textarea); $this-addElement('Submit', 'submit', array( 'Decorators' = array('ViewHelper'), 'class' = 'submit', 'Label' = 'Post Your Message!', 'Ignore' = true, )); $this-setDecorators(array( 'Description', 'FormElements', 'Fieldset', 'Form' )); } } CONTROLLER (postnewAction is the relevant piece): public function indexAction() { $this-view-headTitle('Message Board'); $this-view-newMessageForm = $this-_getNewMessageForm(); } public function postnewAction() { $request = $this-getRequest(); if(!$request-isPost()) { $this-_helper-redirector('notauthorized', 'error'); } $form = $this-_getNewMessageForm(); if (!$form-isValid($request-getPost())) { $this-view-newMessageForm = $form; return $this-render('index'); } $values = $form-getValues(); $values['user_id'] = Zend_Auth::getInstance()-getIdentity()-id; $model = new Model_DbTable_Messages; $result = $model-insert($values); if(!$result) { throw new Zend_Exception('Problem adding message to database'); } $this-_helper-redirector('index', 'messageboard'); } protected function _getNewMessageForm() { $form = new Form_NewMessage; $form-setAction('/messageboard/postnew/'); return $form; } Again, I really appreciate your help. Thanks! J On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney matt...@zend.com wrote: -- J DeBord jasdeb...@gmail.com wrote (on Tuesday, 14 July 2009, 08:29 PM +0200): I've tried to make StripTags leave the href attribute, but it strips it out. I can't find the right syntax or it just doesn't work. The a tag is left intact, every other tag is stripped, but the href and title get stripped as well. I've also used the fluid interface when adding the Textarea, but changed it to what is below in hopes that it would work. What am I doing wrong? What version of ZF are you using? I did the following using current trunk: $element = new Zend_Form_Element_Textarea('foo', array( 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'value' = 'p
Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
-- J DeBord jasdeb...@gmail.com wrote (on Wednesday, 15 July 2009, 08:13 AM +0200): Thanks for the reply Matthew. I'm using 1.84 Still not working. After executing the code below (see form and controller code) and putting this into the textarea: p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p The following is entered into the MySql DB: [ ] Edit Delete 49 2009-07-15 07:54:32 1 This is alinked text/a. Everything but the a tag is stripped as expected, but the href is still being stripped. Could it have something to do with the Zend_Db_Table's insert method? There was a problem with attribute stripping identified and fixed in the 1.7 series, and what you're showing looks similar to that case -- but, as noted, the same code you have below is working for me (I just retried with your exact code, as well). I'm wondering if there is an older version of ZF on your include_path... FORM: ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $this-setDescription(What are you doing? What's new?); $textarea = new Zend_Form_Element_Textarea('message', array( 'id' = 'message', 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'validators' = array(), 'rows' = 2, 'cols' = 40, )); $this-addElement($textarea); $this-addElement('Submit', 'submit', array( 'Decorators' = array('ViewHelper'), 'class' = 'submit', 'Label' = 'Post Your Message!', 'Ignore' = true, )); $this-setDecorators(array( 'Description', 'FormElements', 'Fieldset', 'Form' )); } } CONTROLLER (postnewAction is the relevant piece): public function indexAction() { $this-view-headTitle('Message Board'); $this-view-newMessageForm = $this-_getNewMessageForm(); } public function postnewAction() { $request = $this-getRequest(); if(!$request-isPost()) { $this-_helper-redirector('notauthorized', 'error'); } $form = $this-_getNewMessageForm(); if (!$form-isValid($request-getPost())) { $this-view-newMessageForm = $form; return $this-render('index'); } $values = $form-getValues(); $values['user_id'] = Zend_Auth::getInstance()-getIdentity()-id; $model = new Model_DbTable_Messages; $result = $model-insert($values); if(!$result) { throw new Zend_Exception('Problem adding message to database'); } $this-_helper-redirector('index', 'messageboard'); } protected function _getNewMessageForm() { $form = new Form_NewMessage; $form-setAction('/messageboard/postnew/'); return $form; } Again, I really appreciate your help. Thanks! J On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney matt...@zend.com wrote: -- J DeBord jasdeb...@gmail.com wrote (on Tuesday, 14 July 2009, 08:29 PM +0200): I've tried to make StripTags leave the href attribute, but it strips it out. I can't find the right syntax or it just doesn't work. The a tag is left intact, every other tag is stripped, but the href and title get stripped as well. I've also used the fluid interface when adding the Textarea, but changed it to what is below in hopes that it would work. What am I doing wrong? What version of ZF are you using? I did the following using current trunk: $element = new Zend_Form_Element_Textarea('foo', array( 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'value' = 'p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p', )); echo $element-getValue(); and got exactly what I expected: This is a href=http://foo.com/; title=Foo!linked text/a. ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $textarea = new Zend_Form_Element_Textarea('message');
Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
Thanks again Matthew. I just downloaded ZF from the trunk and I am 99% sure it is the only copy on the include path. From my bootstrap: define('LIBRARY_PATH', APPLICATION_PATH . '/../library'); define('APPLICATION_ENVIRONMENT', 'development'); set_include_path(LIBRARY_PATH); In fact the library folder is the only thing on the include path. phpinfo() after setting the include path in the bootstrap: include_path/home/jasondeb/workspace/JDnetZend/application/../library .:/usr/share/php:/usr/share/pear I deleted the copy that was in /usr/share/php just to be sure. Still not working. Any other ideas? Thanks, Jason On Wed, Jul 15, 2009 at 2:09 PM, Matthew Weier O'Phinney matt...@zend.comwrote: -- J DeBord jasdeb...@gmail.com wrote (on Wednesday, 15 July 2009, 08:13 AM +0200): Thanks for the reply Matthew. I'm using 1.84 Still not working. After executing the code below (see form and controller code) and putting this into the textarea: p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p The following is entered into the MySql DB: [ ] Edit Delete 49 2009-07-15 07:54:32 1 This is alinked text/a. Everything but the a tag is stripped as expected, but the href is still being stripped. Could it have something to do with the Zend_Db_Table's insert method? There was a problem with attribute stripping identified and fixed in the 1.7 series, and what you're showing looks similar to that case -- but, as noted, the same code you have below is working for me (I just retried with your exact code, as well). I'm wondering if there is an older version of ZF on your include_path... FORM: ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $this-setDescription(What are you doing? What's new?); $textarea = new Zend_Form_Element_Textarea('message', array( 'id' = 'message', 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'validators' = array(), 'rows' = 2, 'cols' = 40, )); $this-addElement($textarea); $this-addElement('Submit', 'submit', array( 'Decorators' = array('ViewHelper'), 'class' = 'submit', 'Label' = 'Post Your Message!', 'Ignore' = true, )); $this-setDecorators(array( 'Description', 'FormElements', 'Fieldset', 'Form' )); } } CONTROLLER (postnewAction is the relevant piece): public function indexAction() { $this-view-headTitle('Message Board'); $this-view-newMessageForm = $this-_getNewMessageForm(); } public function postnewAction() { $request = $this-getRequest(); if(!$request-isPost()) { $this-_helper-redirector('notauthorized', 'error'); } $form = $this-_getNewMessageForm(); if (!$form-isValid($request-getPost())) { $this-view-newMessageForm = $form; return $this-render('index'); } $values = $form-getValues(); $values['user_id'] = Zend_Auth::getInstance()-getIdentity()-id; $model = new Model_DbTable_Messages; $result = $model-insert($values); if(!$result) { throw new Zend_Exception('Problem adding message to database'); } $this-_helper-redirector('index', 'messageboard'); } protected function _getNewMessageForm() { $form = new Form_NewMessage; $form-setAction('/messageboard/postnew/'); return $form; } Again, I really appreciate your help. Thanks! J On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney matt...@zend.com wrote: -- J DeBord jasdeb...@gmail.com wrote (on Tuesday, 14 July 2009, 08:29 PM +0200): I've tried to make StripTags leave the href attribute, but it strips it out. I can't find the right syntax or it just doesn't work. The a tag is left intact, every other tag is stripped, but the href and title get stripped as well. I've also used the fluid interface when adding the Textarea, but changed it to what is below in hopes that it would work. What am I doing wrong? What version of ZF are you using? I did the following using current trunk: $element = new Zend_Form_Element_Textarea('foo', array( 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim',
[fw-general] Zend_Filter_StripTags strips attributes even when told not to
I've tried to make StripTags leave the href attribute, but it strips it out. I can't find the right syntax or it just doesn't work. The a tag is left intact, every other tag is stripped, but the href and title get stripped as well. I've also used the fluid interface when adding the Textarea, but changed it to what is below in hopes that it would work. What am I doing wrong? Thanks, J ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $textarea = new Zend_Form_Element_Textarea('message'); $textarea-setDecorators($this-_defaultDecorators); $stripTags = new Zend_Filter_StripTags(array('a'), array('href', 'title')); $textarea-addFilter('StringTrim'); $textarea-addFilter($stripTags); $textarea-setValidators(array()); $textarea-setRequired(true); $textarea-setAttrib('cols', 40); $textarea-setAttrib('rows', 2); $this-addElement($textarea); $this-addElement('Submit', 'submit', array( 'Decorators' = array('ViewHelper'), 'class' = 'submit', 'Label' = 'Post Your Message!', 'Ignore' = true, )); $this-setDecorators(array( 'Description', 'FormElements', 'Fieldset', 'Form' )); } }
Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
-- J DeBord jasdeb...@gmail.com wrote (on Tuesday, 14 July 2009, 08:29 PM +0200): I've tried to make StripTags leave the href attribute, but it strips it out. I can't find the right syntax or it just doesn't work. The a tag is left intact, every other tag is stripped, but the href and title get stripped as well. I've also used the fluid interface when adding the Textarea, but changed it to what is below in hopes that it would work. What am I doing wrong? What version of ZF are you using? I did the following using current trunk: $element = new Zend_Form_Element_Textarea('foo', array( 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'value' = 'p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p', )); echo $element-getValue(); and got exactly what I expected: This is a href=http://foo.com/; title=Foo!linked text/a. ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $textarea = new Zend_Form_Element_Textarea('message'); $textarea-setDecorators($this-_defaultDecorators); $stripTags = new Zend_Filter_StripTags(array('a'), array('href', 'title')); $textarea-addFilter('StringTrim'); $textarea-addFilter($stripTags); $textarea-setValidators(array()); $textarea-setRequired(true); $textarea-setAttrib('cols', 40); $textarea-setAttrib('rows', 2); $this-addElement($textarea); $this-addElement('Submit', 'submit', array( 'Decorators' = array('ViewHelper'), 'class' = 'submit', 'Label' = 'Post Your Message!', 'Ignore' = true, )); $this-setDecorators(array( 'Description', 'FormElements', 'Fieldset', 'Form' )); } } -- Matthew Weier O'Phinney Project Lead| matt...@zend.com Zend Framework | http://framework.zend.com/