Thank you Anthony, thats not far off what i have already:
import StringIO
def index():
if request.args:
pageurl='/'.join(request.args)
try:
cmspages = db(db.cmspages.pageurl==pageurl).select().first()
response.title = cmspages.title
response.meta.keywords = cmspages.metakeywords
response.meta.description = cmspages.metadescription
except:
raise HTTP(404)
display_template=db(db.pagetemplate.id==cmspages.pagetemplate).
select()[0]
view_text=StringIO.StringIO(display_template.pagecontent)
return response.render(view_text,dict(cmspages=cmspages))
else:
return redirect(URL('cms2py', 'pages', 'index', args=('home')))
the trouble i have though, is that the table field called "pagecontent",
which i am calling in the view/template contains helpers and these
currently don't get executed without eval. In my testing, i have
"pagecontent" containing:
MARKMIN("**My Site**")
the eventual plan is a combination of markmin markup and calls to a plugin
or function for the slideshow based on it's id or name like "slideshow(21)"
amongst all the content.
any thoughts?
On Thursday, 17 October 2013 18:26:49 UTC+1, Anthony wrote:
>
> I think you can do something like this in the controller:
>
> from gluon.template import render
>
> def myaction():
> template_code = db.mytable([record id]).code
> plugin_content = XML(render(template_code, context=globals())
> return dict(plugin_content=plugin_content)
>
> and in the view:
>
> {{=plugin_content}}
>
> Be careful, though -- that will still execute whatever template code is
> stored in the database, so you have to sure you absolutely trust it (even
> mere errors, rather than malicious attacks, could cause problems). A better
> approach might be to come up with a syntax for specifying a particular
> plugin and any arguments, and then call the plugin function explicitly
> rather than allowing any arbitrary template code to be stored and executed.
>
> Anthony
>
> On Thursday, October 17, 2013 10:52:20 AM UTC-4, Alan wrote:
>>
>>
>> Hi
>>
>> im writing application that render the view and the content from the
>> database, but i want to have the content contain calls to plugins (one
>> example will generate slideshow code from a given id).
>>
>> Is eval my only option here to ensure the call to the plugin from the
>> database field of page content is processed or is there something im
>> missing?
>>
>> I need the call to the plugin to be editable to the user who
>> administrates the site content, so they can just reference one as the page
>> requires.
>>
>> Thanks,
>>
>> Alan
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
