Does Bolt have any built-in data purification?
I have several front-end forms which create content type records on the back-end. These are then later output to the front-end of the website. I was wondering whether Bolt had any built in parsers I could use to purify the input?
If not I will add HTML Purifier to my extension processing the forms.
Cheers.
I have only touched lightly on this myself and someone might have a better idea. But Bolt bundles Symfony Forms, so you can use the functionality provided there.
How it's done in the SimpleForms extension is a good starting place.
That depends on how you work with your forms.
Bolt uses twig, and twig has some builtin stuff to cleanup the input, like {{ var|escape }}. http://twig.sensiolabs.org/
You can build an extension that provides the forms, and in that extension you can use all of the validation methods in the symfony form components or whatever you throw at it in php before you store the form values. But you need to configure it all yourself.
If you use the simpleforms extension most of that will be done for you. In that case some filtering is done on the form input, but what happens with it will be up to you again.
If you just create some plain forms in HTML and add those to your template or content there is no filtering, and you need to do that (serverside) in the script that handles the form.
Related
TL;DR - Is there a way CF7 can pull it's form markup and tags from a static file, instead of the database? So I can maintain that file in version control.
We have a very complex form running under Contact Form 7. It has branching, logic and more, all handled by custom code using hooks and filters. However we still have to copy and paste the (thousands of lines) of code that describes this form into the "form editor" in the Wordpress admin panel if the form is changed. We would never edit it there though, it'd be impossible, and in fact we keep this form as a static file, so we can version it. So we rely on the fact that the form in the database matches this static file at all times.
It occured to me today - why not cut out the middle-man and simply have CF7 use markup from this file directly? It would be easier to maintain, and stop anyone accidentally damaging the form markup in the editor.
Is such a mechanism available? Many thanks.
I have discovered this: https://medium.com/#deyanyanakiev/embed-contact-form-7-in-your-custom-theme-9e038c494815 a technique to replace teh default form on installation, but as I understand it, that would be a one-off operation and would not allow for the form to be updated.
We would never edit it there though, it'd be impossible,
quite, the CF7 plugin was never conceived for anything more complex than a contact form unfortunately. You may want to play around with the Smart Grid-layout extension which was specifically designed for creating and maintaining complex forms. It has a modular functionality that allows you to build a form using sub-forms, making form maintenance much easier.
It also uses the excellent CodeMirror editor as its code editor, much more powerful than the ridiculous textarea used in CF7 plugin.
simply have CF7 use markup from this file directly?
yes, that the simplest way to solve your problem. Hook the following CF7 filter,
add_filter('wpcf7_default_template', 'load_custom_form_template',10,2);
function load_custom_form_template($template, $prop){
if($prop !== 'form') return $template;
include( 'path-to-your-default-form.php');
return $template;
}
Now, if you do use the Smart Grid extension which has the ability to load form specific js and css scripts (only on the pages where the form is loaded), then you can hook the following actions to add JavaScript template,
add_action('cf7sg_default_custom_js_template', 'use_js_script',10,1);
function use_js_script($cf7_key){
include_once 'path-to-your-default-js';
}
and CSS stylesheet template,
add_action('cf7sg_default_custom_css_template', 'use_css_script',10,1);
function use_css_script($cf7_key){
include_once 'path-to-your-default-css';
}
I've been asked to create a CakePHP plugin that would allow users to dynamically generate forms. This doesn't sound too hard in and of itself (pull fields from DB, figure out what kind of input, show in HTML), but I don't understand how I can "save" the forms to a new page.
From my understanding, Wordpress circumvents this problem by storing all data in the database, and can use shortcodes to just "insert" the form into another page. Seeing that CakePHP handles relies on CTP files to define views (and not Database fields), I don't see any simple approach to doing this.
Is this goal of a WYSIWYG form editor possible in CakePHP (without having to resort to terrible practices like editing CTP/PHP files from within the app)? If so, can you point me towards some strategies I can use to develop this plugin?
I'm not sure what you do with the dynamic form, to me it sounds like you're describing two totally different things.
Save the structure of the generated form somehow in the DB, key/value, serialized via php or as json object
Return the data, set it to the view
Write a helper that turns the structure that describes the form again in
The editable version, restore the form
Parses the structure and returns the HTML of whatever the fields of the form should do
You'll have to write your own parser that looks for things like [gallery id=1] and replace that with the result of a function call. Assuming that this is what you want to do. So you'll have to map the "gallery" to a functional call. I think the best here would be to use requestAction()
The *.ctp files are what WP considers it's template files, and honestly, Wordpress is just a horrible awkward piece of software from a developer perspective.
All we like simple, structured code that is easy to comply with. We try to bring a difference between appearance and logics. In PHP, for instance, we can use a template mechanism, i.e. create an html-formatted file with php tags that uses some predefined variables that get ready for use through a logic resposible script.
Is there some analog for JavaScript?
What methods do you use to create dynamic content of certain type? (For example list items, complex forms that can be repeated several times)
There are many js template engin as below. Choose as you want. Handlebars is my suggestion.
Handlebars. http://handlebarsjs.com/
jquery template. http://api.jquery.com/jQuery.template/
Ejs http://embeddedjs.com/.
Underscore has template engin. http://documentcloud.github.com/underscore/#template
trimpath http://code.google.com/p/trimpath/wiki/JavaScriptTemplates
John Resig's micro template engin. http://ejohn.org/blog/javascript-micro-templating/
mustaches is also a good one. https://github.com/janl/mustache.js/
Underscore.js has simple templating mechanism as well. (And I think it must be in every javascript developer's toolbox).
jQuery's is more sophisticated, though - and probably more useful (Update: but now is deprecated).
I've used things like js-template for client side templates. For server side, whatever template mechanism was present in the system at hand could usually be applied to plain text javascript files.
Try looking into jQuery Templates. It is one of the many solutions available.
I have an empty template with just a safecracker form consists of 2 custom field. When i try to load it up in the browser, it takes about 2-3 seconds to load. Looking in firebug i see the following GET
http://localhost/ee1/?ACT=7&ui=core,widget,mouse,position,draggable,resizable,button,dialog,datepicker&plugin=scrollable,scrollable.navigator,ee_filebrowser,ee_fileuploader,markitup,thickbox,toolbox.expose,overlay,tmpl&v=1308711156&use_live_url=y&include_jquery=y
I don't need to load most of the things showing in the url above. How can i control what is loaded with safecracker form. I will be loading jQuery/UI directly from google so i don't need safecracker to load it. I'm able to remove jQuery and datepicker from safecracker form by doing datepicker="no" include_jquery="no", but what about removing other things mentioned in the url such as scrollable, draggable, thickbox and other things.
The Short Answer:
Sadly, there's no way to disable many of the included SafeCracker JavaScripts.
The Long Answer:
SafeCracker is designed to be as general purpose as possible and to suit the needs of the largest audience.
With this tradeoff, SafeCracker bundles jQuery, jQuery UI Widgets, jQuery Tools and various other jQuery Plugins and functions to facilitate client-side form validation and presentation of custom fieldtypes.
As you've shown, you can disable jQuery from automatically being output by SafeCracker — say, if you want to use a newer version that what's available from EE's Control Panel — and can you disable the DatePicker, but as far as I know you can't prevent the rest of the JavaScripts from being output without hacking the core SafeCracker library.
Understandbly, I'm not a big fan of this "include everything and the kitchen sink approach" and hate seeing extraneous and bloated scripts being added to the page — especially ones that I would never use in the first place.
Nevertheless, it's clearly a design decision that SafeCracker was built to include all of the JavaScripts it outputs since there isn't an approved way to remove them. So we're essentially stuck dealing with them for the unforeseen future.
If you feel strongly about this, I would suggest submitting a Feature Request to EllisLab to allow more configurability to SafeCracker's sloppy way of outputting more JavaScripts that what's really necessary.
For the curious, take a peak around Line 887 in the following file to see just how many jQuery UI Widgets are bundled in the SafeCracker tag pair.
/system/expressionengine/modules/safecracker/libraries/safecracker_lib.php
Note: If you want to take matters into your own hands, you can comment out some of the items in the $js_defaults and $ui array, which will remove the JavaScripts from being output. However, in doing so you assume all responsibility and risk for SafeCracker's operation.
I'm assuming this has changed since rjb's answer, but SafeCracker provides two parameters I found helpful in drastically reducing page load time:
include_jquery="no" safecracker_head="no"
Relevant documentation
How do you add javascript to forms created with the Zend framework? For instance, if I wanted to validate the form, or if I wanted to utilize events like blur, focus and onclick?
What I tend to do is :
From the PHP code, generate the form, using Zend_Form and the related classes
This includes setting up the form itself,
But also server-side validations and all that
Once the form works fine, I add Javascript in an un-obstrusive way.
Which means my JS code is totally distinct from the PHP/Zend_Form code.
And also mean my form doesn't rely on Javascript being activated in the user's browser, as the form already works before.
If you are using jQuery, you can detect when the page is loaded $.ready, and hook a function on that event -- function that will add some dynamic bahaviors to your form.
Of course, you can do the same sort of thing with other JS libraries -- I only took jQuery as an example because of its popularity, and the fact there are some jQuery-related components in ZendX.