PEAK XOOPS - How to use minihaku (6)

How to use minihaku (6)

Date 2006-09-06 10:19:52 | Category: XOOPS

How to add text/textarea.
This is not same as adding integer/bool.

I. do ALTER TABLE

ALTER TABLE (prefix)_users ADD user_map text not null default '';

II. edit templates

minihaku_edituser.html (edit minihaku_register.html too, if necessary)


<textarea name="user_map" id="user_map" cols="50" rows="6" /><{$user_map|escape}></textarea>

Don't forget escape as one of default Smarty modifiers.

system_userinfo.html


<tr>
  <td class="head">MAP</td>
  <td align="center" class="odd"><{$user_uid|minihaku_userinfo:"user_map":"uid"}></td>
</tr>

minihaku_userinfo as a custom Smarty modifier escapes the text.

III. write logics into include/config.php

III-B define extra fields


$extra_fields = array(
	'user_map' => array(
		'initval' => '' ,
		) ,
	) ;

Notice that '' is a string.

III-C Initialization and Query Part


if( empty( $minihaku_uid4whr ) ) {
	foreach( $extra_fields as $key => $attribs ) {
		$allowed_requests[$key] = $attribs['initval'] ;
	}
} else {
	$db =& Database::getInstance() ;
	list( $allowed_requests['user_map'] ) = $db->fetchRow( $db->query( "SELECT user_map FROM ".$db->prefix("users")." WHERE uid=$minihaku_uid4whr" ) ) ;

	// for the plugin of modifier.minihaku_userinfo.php
	$myts =& MyTextSanitizer::getInstance() ;
	$fields4html['user_map'] = $myts->displayTarea( $allowed_requests['user_map'] , 0 , 1 , 1 , 1 , 1 ) ;
}

Don't forget escaping specialchars of HTML. (The second parameter for displayTarea should be 0 or false)

If you don't escape specialchars, your site will be vulnerable for script insertion attacks.

You can read more news at PEAK XOOPS.
http://xoops.peak.ne.jp

The URL for this story is:
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=360