Could magic_quotes_gpc affect the StripTags filter in relation to the allowed attributes?
I do not have access to the server so I attempted to turn off magic-quotes in a php.ini file placed in my root directory, but doing this causes the following exception: *Message:* The PDO extension is required for this adapter but the extension is not loaded Without magic_quotes_gpc = Off in the php.ini The above exception does not occur. I'm on a shared host. On Wed, Jul 15, 2009 at 4:47 PM, J DeBord <[email protected]> wrote: > Thanks again Matthew. I just downloaded ZF from the trunk and I am 99% sure > it is the only copy on the include path. > > From my bootstrap: > > define('LIBRARY_PATH', APPLICATION_PATH . '/../library'); > > define('APPLICATION_ENVIRONMENT', 'development'); > > set_include_path(LIBRARY_PATH); > > In fact the library folder is the only thing on the include path. > > phpinfo() after setting the include path in the bootstrap: > > include_path/home/jasondeb/workspace/JDnetZend/application/../library > .:/usr/share/php:/usr/share/pear > I deleted the copy that was in /usr/share/php just to be sure. Still not > working. Any other ideas? > > Thanks, > > Jason > > > On Wed, Jul 15, 2009 at 2:09 PM, Matthew Weier O'Phinney <[email protected] > > wrote: > >> -- J DeBord <[email protected]> wrote >> (on Wednesday, 15 July 2009, 08:13 AM +0200): >> > Thanks for the reply Matthew. >> > >> > I'm using 1.84 >> > >> > Still not working. After executing the code below (see form and >> controller >> > code) and putting this into the textarea: >> > >> > <p> >> > This is <a onClick="foo.bar()" href="http://foo.com/"; >> > title="Foo!">linked text</a>. >> > </p> >> > >> > The following is entered into the MySql DB: >> > >> > >> > [ ] Edit Delete 49 2009-07-15 07:54:32 1 This is <a>linked text</a>. >> > >> > >> > Everything but the <a> tag is stripped as expected, but the href is >> still being >> > stripped. Could it have something to do with the Zend_Db_Table's insert >> method? >> >> There was a problem with attribute stripping identified and fixed in the >> 1.7 series, and what you're showing looks similar to that case -- but, >> as noted, the same code you have below is working for me (I just retried >> with your exact code, as well). >> >> I'm wondering if there is an older version of ZF on your include_path... >> >> > FORM: >> > >> > <?php >> > >> > class Form_NewMessage extends Form_Default { >> > >> > public function init() { >> > >> > $this->setMethod('post'); >> > >> > $this->setAttrib('id', 'new_message'); >> > $this->setDescription("What are you doing? What's new?"); >> > >> > $textarea = new Zend_Form_Element_Textarea('message', array( >> > 'id' => 'message', >> > 'filters' => array( >> > array('StripTags', array(array('a'), array('href', >> 'title'))), >> > 'StringTrim', >> > ), >> > 'validators' => array(), >> > 'rows' => 2, >> > 'cols' => 40, >> > )); >> > >> > $this->addElement($textarea); >> > >> > $this->addElement('Submit', 'submit', array( >> > 'Decorators' => array('ViewHelper'), >> > 'class' => 'submit', >> > 'Label' => 'Post Your Message!', >> > 'Ignore' => true, >> > )); >> > >> > $this->setDecorators(array( >> > 'Description', >> > 'FormElements', >> > 'Fieldset', >> > 'Form' >> > )); >> > >> > } >> > } >> > >> > CONTROLLER (postnewAction is the relevant piece): >> > >> > public function indexAction() { >> > >> > $this->view->headTitle('Message Board'); >> > >> > $this->view->newMessageForm = $this->_getNewMessageForm(); >> > >> > } >> > >> > public function postnewAction() { >> > >> > $request = $this->getRequest(); >> > >> > if(!$request->isPost()) { >> > $this->_helper->redirector('notauthorized', 'error'); >> > } >> > >> > $form = $this->_getNewMessageForm(); >> > >> > if (!$form->isValid($request->getPost())) { >> > $this->view->newMessageForm = $form; >> > return $this->render('index'); >> > } >> > >> > $values = $form->getValues(); >> > $values['user_id'] = >> Zend_Auth::getInstance()->getIdentity()->id; >> > $model = new Model_DbTable_Messages; >> > $result = $model->insert($values); >> > >> > if(!$result) { >> > throw new Zend_Exception('Problem adding message to >> database'); >> > } >> > >> > $this->_helper->redirector('index', 'messageboard'); >> > >> > } >> > >> > protected function _getNewMessageForm() { >> > >> > $form = new Form_NewMessage; >> > $form->setAction('/messageboard/postnew/'); >> > >> > return $form; >> > } >> > >> > >> > Again, I really appreciate your help. >> > >> > Thanks! >> > >> > J >> > >> > On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney < >> [email protected]> >> > wrote: >> > >> > -- J DeBord <[email protected]> wrote >> > (on Tuesday, 14 July 2009, 08:29 PM +0200): >> > > I've tried to make StripTags leave the href attribute, but it >> strips it >> > out. I >> > > can't find the right syntax or it just doesn't work. The <a> tag >> is left >> > > intact, every other tag is stripped, but the href and title get >> stripped >> > as >> > > well. >> > > >> > > I've also used the fluid interface when adding the Textarea, but >> changed >> > it to >> > > what is below in hopes that it would work. >> > > >> > > What am I doing wrong? >> > >> > What version of ZF are you using? >> > >> > I did the following using current trunk: >> > >> > $element = new Zend_Form_Element_Textarea('foo', array( >> > 'filters' => array( >> > array('StripTags', array(array('a'), array('href', >> 'title'))), >> > 'StringTrim', >> > ), >> > 'value' => '<p> >> > This is <a onClick="foo.bar()" href="http://foo.com/"; >> > title="Foo!">linked text</a>. >> > </p>', >> > )); >> > echo $element->getValue(); >> > >> > and got exactly what I expected: >> > >> > This is <a href="http://foo.com/"; title="Foo!">linked text</a>. >> > >> > >> > > <?php >> > > >> > > class Form_NewMessage extends Form_Default { >> > > >> > > public function init() { >> > > >> > > $this->setMethod('post'); >> > > >> > > $this->setAttrib('id', 'new_message'); >> > > >> > > $textarea = new Zend_Form_Element_Textarea('message'); >> > > $textarea->setDecorators($this->_defaultDecorators); >> > > >> > > $stripTags = new Zend_Filter_StripTags(array('a'), >> array('href', >> > > 'title')); >> > > >> > > $textarea->addFilter('StringTrim'); >> > > $textarea->addFilter($stripTags); >> > > $textarea->setValidators(array()); >> > > $textarea->setRequired(true); >> > > $textarea->setAttrib('cols', 40); >> > > $textarea->setAttrib('rows', 2); >> > > >> > > $this->addElement($textarea); >> > > >> > > $this->addElement('Submit', 'submit', array( >> > > 'Decorators' => array('ViewHelper'), >> > > 'class' => 'submit', >> > > 'Label' => 'Post Your Message!', >> > > 'Ignore' => true, >> > > )); >> > > >> > > $this->setDecorators(array( >> > > 'Description', >> > > 'FormElements', >> > > 'Fieldset', >> > > 'Form' >> > > )); >> > > >> > > } >> > > } >> > >> > -- >> > Matthew Weier O'Phinney >> > Project Lead | [email protected] >> > Zend Framework | http://framework.zend.com/ >> > >> > >> >> -- >> Matthew Weier O'Phinney >> Project Lead | [email protected] >> Zend Framework | http://framework.zend.com/ >> > >
