logs archiveIRC Archive / Freenode / #php / 2015 / July / 6 / 1
theskillwithin
http://pastebin.com/rJTBHf6R This returns NULL http://www.amazon.com/dp/B006ZUH8V8 =\
html loading does have a doctype
ahh using $doc->LoadHTML($html); instead
z1haze
ugh, i cant do this
too many friggin pieces
__adrian, Im pretty sure I know how to get every piece of information that the user is requesting, I just do not know how to put it all together
tw2113
use the kragle z1haze
z1haze
what?
tw2113
lego movie joke
ignore me
z1haze
oh
tw2113
krazy glue...kragle...:D
z1haze
lol
davidjmarland
http://img3.wikia.nocookie.net/__cb20140318065458/villains/images/thumb/8/83/Businessandkragle.jpg/500px-Businessandkragle.jpg
         

Joseph__Silber
What's the best way to filter an HTML string, allowing only whitelisted tags and attributes?
strip_tags doesn't strip attributes.
Zend_Filter_StripTags somehow doesn't work for me.
Anything else?
htmlpurifier is just way too complex for my taste
Bittarman
htmlpurifier is the defacto standard, and the only sanitizer which has stood up to any sort of scrutiny.
Joseph__Silber
Bittarman, but using is is soooo painful.
Bittarman
there is also wibble, which is very good, but has not had the maintainance as htmlpurifier, and as such, I wouldn't trust as much.
Joseph__Silber, its your choice, you can use htmlpurifier, or stop accepting html from your users.
theskillwithin
is there a quick way to print out all the values in an array. ie $tag1=$matches[0][0] . " " . $matches[0][1] ...
Joseph__Silber
"stop accepting html from your users"
Ha
Bittarman
because there basically is *no* other acceptable substitute currently.
Joseph__Silber, thats simple, htmlentities all your user input as you display it, and use markdown where you allow user formatting.
Joseph__Silber
No. I need this on a Wordpress site, where the editors copy HTML that comes along with all kind of junk.
Bittarman
you may laugh at it, but I'm laughing more at "but using is is soooo painful" as a reason to use something that will get you XSS'd.
oh, just use tinymce for that
Joseph__Silber
How so?
Bittarman
it has settings that allows you to strip all the rubbish word adds.
Joseph__Silber
Hmm. Any pointers?
Specifically when using it with Wordpress?
Bittarman
yes, its allowed tags setting allows you to specify which attributes it allows.
no idea what the correct way to manipulate those settings is in wordpress, #wordpress can help you there.
Joseph__Silber
Thanks.
BTW, by "using is is soooo painful", I meant that I hate its API.
tw2113
the visual editor in WordPress has been beefed up to handle MS Word copy/paste pretty well
Joseph__Silber
It might be a great piece of software, but its interface is crap.
Bittarman
I know... but theres no good substitute I'm afraid
Joseph__Silber
tw2113, that's what they said, but I'm running the latest version of Wordpress, and still getting tons of crap.
Bittarman
its just one of those things that you have to live with until someone else (or you) does a decent job of an alternative.
Joseph__Silber
:D
         

Bittarman
Joseph__Silber, teach them to stop writing drafts in word, and to use the draft functionality of wordpress ;)
and just refuse to fix it, as really, its a problem of their own making.
Gatomon
Joseph__Silber, why are you even accepting "HTML strings" for anyway?
Many solutions I can think of.
Bittarman
Gatomon, he's talking about the tinymce instance in wordpress.
Gatomon
o_O
Joseph__Silber
Bittarman, I don't think it comes from Word. They copy stories from the wires (AP/Reuters). That's where the crap comes from.
Gatomon
Ewww.
Bittarman
then teach them to paste via notepad.
Gatomon
(Action) would just use PHP's DOM extension, or flat-out use html_entities() or htmlspecialchars()
tw2113
rich content formatting
eck
Bittarman
Gatomon, and you'd get fired... good work.
Joseph__Silber
But they have to retain some stuff.
e.g. bold and italics.
z1haze
propery way to use a php function in an sql query?
Bittarman
Joseph__Silber, good luck :)
z1haze, you can't.
z1haze
oh
Gatomon
Bittarman, lol, good. I wouldn't want to work with noobs :p
Bittarman
your rdbms cannot run php in its query.
z1haze
I know but its in prepare
Bittarman
Gatomon, and you just got fired from every future job you get....
z1haze
still no?
Bittarman
z1haze, still no, prepare is a part of your rdbms, not php.
z1haze
like: $query = $db->prepare("SELECT * FROM '". getTables() ."' LIMIT 100";
oh ok
how would I get this data into my query then?
Bittarman
oh, you can do that, thats not the same as running it from in the sql
Gatomon
I see it's some sort of "WYSIWYG" thing. I do not like those.
Bittarman
thats just making the query itself.
z1haze
yea
Joseph__Silber
Gatomon, no programmer does. But users love them.
z1haze
But my color highlighting is all messed up, i think its wrong
tw2113
you can use php functions and whatnot when constructing the query string
but not with the actual execution
Bittarman
z1haze, you ide may tell you why if you hover over it.
z1haze
its not that nice haha
is it not the same as just concating when you echo?
Bittarman
z1haze, then blame your editor.
yes its the same
z1haze
"string " . function() . "
ok hmm
Bittarman
I thought you meant actually having the php function as something the db would call when executing the query
not making the query, thats fine.
Joseph__Silber
tw2113
to echo what was said earlier, #wordpress would be better for your questions
z1haze
it must not be the same because its not freaking working
tw2113
not trying to kick you or anything, just saying that TinyMCE is not all that much php
Joseph__Silber
tw2113, you are absolutely right.
tw2113
feel free to still hang out in here with us though :)
Joseph__Silber
z1haze, you can't put you table names in quotes.
Bittarman
z1haze... ` for identifiers in mysql, not '
z1haze
ok
Joseph__Silber
Bittarman, you're misleading him. getTables() probably returns multiple tables, in which case backticks will fails.
« prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 next »