Looked at seperating out code into engine function BOLTfunc, and I
like it.
I makes it easy to call other functions from plugins going through
both BOLTauth and translate.
AND it solved my problem.
AND BOLTMfunc is actually a markup function now.
GOD I hope you agree that this is the way to go, Dan, cause I've just
edit my core-files :p
Here is my suggestion. Comments have not been re-written.
function BOLTMfunc($params, $zone='') {
## THIS IS THE FUNCTION THAT HANDLES THE VARIOUS FUNCTION MARKUPS. IT
ALSO HANDLES MANY OUTPUT OPTIONS INCLUDING: FALSE, SOURCE, NOLINES,
CSV, & ESCAPE
global $pageLink, $actionLink, $BOLTtoolmap, $Token;
$params = BOLTstripslashes($params);
if (strpos($params, " ") !== false) {
$function = substr($params, 0, strpos($params, " "));
$params = substr($params, strlen($function));
$args = BOLTargs($params, "f_$function");
}
else {
$function = $params;
$args = Array();
}
$value = BOLTfunc($function, $args);
return $value;
}
function BOLTfunc($function, $args, $zone='') {
global $pageLink, $actionLink, $BOLTtoolmap, $Token;
$function = strtolower($function);
if ($args['stopwatch'] == 'true') {$m = microtime(); $t1 = substr($m,
-10) . substr($m, 1, 6);}
if ($BOLTtoolmap['f'][$function] != '') $function = $BOLTtoolmap['f']
[$function];
else $function = BOLTtranslate($function, '', 1);
if (function_exists("BOLTF$function")) {
$BOLTfunction = "BOLTF$function";
if (! BOLTexists('site.auth.functions')) $value = $BOLTfunction
($args, $zone);
elseif ((BOLTauth($pageLink, $function, 'functions')) ||
(BOLTauth
($actionLink, $function, 'functions'))) $value = $BOLTfunction($args,
$zone);
else {
$c = 0;
while (isset($msg["function_not_enabled_$c"])) {$c = $c
+ 1;}
BOLTabort("function_not_enabled_$c", "Function $1 not
enabled for
this page.~$function");
}
}
if (isset($args['output'])) {
if (preg_match('/^\~\~([0-9]+)\~\~$/', $value) == 1) {
$escape = substr($value, 2, -2);
$value = $Token[$escape];
}
switch($args['output']) {
case 'false' : return; break;
case 'source' : $value = str_replace("\n", '<br />',
$value);
break;
case 'nolines' : $value = str_replace("\n", ' ',
$value); break;
case 'csv' : $value = str_replace("\n", ',', $value);
break;
}
if (isset($escape) || $args['output'] == 'escape') $value =
BOLTescape($value);
}
if ($args['stopwatch'] == 'true') {
global $BOLTstopWatchMsg;
$m = microtime(); $t2 = substr($m, -10) . substr($m, 1, 6);
$t = substr($t2 - $t1, 0, 6);
$BOLTstopWatchMsg = $BOLTstopWatchMsg . "<br /
> Function $function took $t seconds";
}
return $value;
}
On Sep 23, 6:23 pm, DrunkenMonk <[email protected]> wrote:
> The result is now:
>
> UPDATE kmsortiment_st SET name='(?name)' , category='(?cat)
> ' ,
> typ='(?typ)' , base_price=30 , km_price=35 , box_size=20 ,
> unit='(?u)' , group_unit='(?gu)' WHERE id=1
>
> Another place where things are going to be escaped weirdly. There must
> be a better way to do this.
>
> What if we added a third argument to BOLTMfunction,
>
> // Don't do this, use the next suggestion
> BOLTMfunction($params, $zone='', $args='')
>
> and joined the BOLTargs argument? we wouldnt need to parse the array
> in BOLTcomm2func as a string, only to be parsed back as an array.
>
> Alternately, BOLTargs would have to unescape. BUT in that case we
> would have to force all inputs to BOLTargs to be escaped in the first
> place, and I don't like the thought of sending escaped strings around
> boltwire. Boltwire should always expect utf input to all functions.
> Also, composing a string only to have it parsed into an array is a
> strange thing to do. In this (and other cases, like memberships) I
> think you should strive to order things in lists/arrays as soon as
> possible.
>
> If I may go into stingy mode, I actually don't like how much
> BOLTMfunctions does anyway. It's a markup, it should take string input
> and output something boltwire can use, not handle options. I strongly
> suggest moving all logic out to a
>
> // this, right here, is the proverbial shit.
> BOLTfunction($function, $args, $field)
>
> function. BOLTMfunction would be left taking a string, calling
> BOLTargs, and passing the result to BOLTfunction. Other boltwire-
> functions would then simply tap into BOLTfunction directly, without
> risking problems with BOLTargs. Much prettier. The engine should never
> have to call markup except on content.
>
> The colossal amount of search and replace going on in the engine isn't
> optimal anyway. Lets do without. Faster, prettier, less bug prone IS
> the way to go.
>
> On Sep 22, 8:47 pm, The Editor <[email protected]> wrote:
>
> > On Tue, Sep 22, 2009 at 1:58 PM, DrunkenMonk <[email protected]> wrote:
>
> > > On Sep 22, 5:14 pm, The Editor <[email protected]> wrote:
> > >> What version are you using? If you recall I reworked the comm2func
> > >> function in a recent release to handle this better, but don't see it
> > >> documented, so perhaps it was more recent. (I'm thinking it was 3.14).
> > >> Anyway check to see if you have this line in your comm2func function:
>
> > >> foreach($args as $f => $v) $value .= "$f='" .
> > >> str_replace(Array("'",
> > >> '"'), Array(''', '"'), $v) . "' ";
>
> > > I couldn't see this, so I upgraded to 3.15 from 3.14
> > > Didn't help, and I still can't find the "str_replace" part.
>
> > > Are you sure you included it in the release?
>
> > No, it could be just on mine. It will be in the next one though. It is
> > in engine.php, line 453, replace a very similar line to the following
> > to the following:
>
> > foreach($args as $f => $v) $value .= "$f='" .
> > str_replace(Array("'",
> > '"'), Array(''', '"'), $v) . "' ";
>
> > It just escapes any parameters in a form value from messing up the
> > parsing of the arg array... I had problems with the rss plugin. Guess
> > it was been since the last release. Must by why it wasn't documented!
> > :)
>
> > > Yeah... I have full mysql functionality, essentially the mysql command
> > > line accessible via boltwire. I don't want to dumb that down when the
> > > function-version works perfectly fine.
> > > In fact, I currently have an easier time formatting output with mysql
> > > than with templates. Especially given mysqls inbuilt math functions.
>
> > > Once we get this string-escape fixed I'll show you how simple and
> > > powerful my solution is to use. I'm sure you'll see it my way.
>
> > I am excited. Now that I think about it, you are no doubt right. It
> > would be better to have full msql functionality. That probably is how
> > I would have done it after thinking about it a bit more. Not sure how
> > you have handled security though. A simple dumbed down peek function
> > and poke command might be useful, with the full query function
> > available perhaps to admins or something. Otherwise, how are you going
> > to limit the queries? Pardon my ignorance of msql. Haven't looked
> > into it much. Just thinking out loud. It would be nice to have a
> > simple security interface with BoltWire, but that may not be possible.
>
> > Cheers,
> > Dan
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/boltwire?hl=en
-~----------~----~----~----~------~----~------~--~---
