ezoe attribute allowed input tag control
ezoe attribute allowed input tag control
Thursday 21 October 2010 1:45:21 pm - 4 replies
How can I in user ezoe comments, disallow any tags other than the simplest ones needed, (p, b, i, u, a, br, basically).
Suggestions welcome. I need this for only one user siteaccess. I would still like to be able to use the full tags in the admin siteacess.
Cheers
Modified on Thursday 21 October 2010 1:48:43 pm by James
Thursday 21 October 2010 1:54:58 pm
You can have different ezoe.ini settings pr siteaccess to hide buttons in frontend, but be aware of the fact that:
1. there is not filtering so if user disabled editor he can type in any kind of tag as you would be able to in admin
2. if you edit content created in admin with tags not 'available' in frontend, you'll still be able to edit thos by selecting them and clicking on tag name in path
Thursday 21 October 2010 2:17:58 pm
Hello Andre, thank you for your prompt reply.
What about ezxml.ini? I found this and read these classes extension/ezoe/ezxmltext/handlers/input/ezoexmlinput.php and kernel/classes/datatypes/ezxmltext/handlers/input/ezsimplifiedxmlinputparser.php
<?php /* #?ini charset="utf-8"? # eZ Publish configuration file for ezxml [InputSettings] AliasClasses[eZSimplifiedXMLInput]=eZOEXMLInput */ ?>
Could it be possible to some how override the class with a different class that had more strict input tags set?
Respectfully
Friday 28 October 2011 12:26:40 pm
I suppose the following should work:
1. Use an existing extension or create a new one and create the following folders/file in this extension:
extension/myextension/ezxmltext/handlers/input/ezmyxmlinput.php
2. Copy the code from:
extension/ezoe/ezxmltext/handlers/input/ezoexmlinput.php
to:
extension/myextension/ezxmltext/handlers/input/ezmyxmlinput.php
and replace 'eZOEXMLInput' with 'eZMYXMLInput' in this file (9 occurrences)
3. Copy extension/ezoe/settings/ezxml.ini.append.php to extension/myextension/settings/ezxml.ini.append.php
In ezxml.ini.append.php change
AliasClasses[eZSimplifiedXMLInput]=eZOEXMLInput
to
AliasClasses[eZSimplifiedXMLInput]=eZMYXMLInput
4. run php bin/php/ezpgenerateautoloads.php --extension
5. In extension/myextension/ezxmltext/handlers/input/ezmyxmlinput.php, in function validateInput(), around line 635,
just underneath $contentObjectAttribute->setValidationLog( $parser->Messages );
add the following code:
//Additional xml validator start $myclass = new MyClass(); $AdditionalvalidationErrors = $myclass->validateXML($xmlString); if ( $AdditionalvalidationErrors) { $errorMessages = '<br/>'.implode( '<br/>', $AdditionalvalidationErrors ); $contentObjectAttribute->setValidationError( $errorMessages ); return eZInputValidator::STATE_INVALID; } //Additional xml validator end
6. MyClass can be an existing class or a new class you create for the purposes of XML validation. Add the following function to MyClass:
function validateXML($xml) { //add code here to check $xml and return errors. You could use preg_match_all to locate unwanted tags/tag combinations. //then return errors as follows: $errors[]=ezpI18n::tr( 'extension/myextension/validation', 'This is an error message' ); $errors[]=ezpI18n::tr( 'extension/myextension/validation', 'This is another error message' ); return $errors; }
Of course it would be much nicer if the ezoe extension would just have a setting for an optional handler/function which adds additional XML validation functionality. That would save us step 1 to 5.
You must be logged in to post messages in this topic!