PEAK XOOPS - News 
I've just released d3forum-0.77.
You can use fckxoops with this version.
Perhaps, you've already known forum modules can use WYSIWYG Editors.
But d3forum is far differnt from them because of the security.
If you turn "Enable HTML" on, your post will be filtered HTMLPurifier automatically.
Then, all of JavaScripts will be removed from the post.
I've opened "HTML allowd FORUM" for my experments.
http://xoops.peak.ne.jp/md/d3forum/index.php?forum_id=12
Only with the forum, you can use fckxoops and allow HTML.
Of couse, you can control such detailed settings by forum's option.
Now, I show a practical examples how to use pico's formmail system.
Case 1:
"Implant forms after product presentation pages"
You can easily achive it using pico's smarty plugisn "pico" and "formmail".
Make a content like this. (Turn "Smarty" filter on)
(products introducing section)
<{capture}>
<{pico id="(content ID describing the form)"}>
<{/capture}>
<{formmail4fleamarket mail_body_pre="A query from visitor exists\nContact him/her soon as possible\n\n" from_name="Product manager" cc_field_name="youremail" cc_mail_subject="A confirmation for your query" cc_mail_body_pre="Thank you for querying us.\nThis is the content you have queried\n"}>
Also, you have to make a content like this.
<form>
name: <input type="text" name="name" class="required" /><br />
email: <input type="text" name="youremail" class="email" />
<input type="submit" />
</form>
This content ID(number) will be specified the former content.
You can make a variety of forms, and specify their numbers as you like.
Of course, you can make form contents into the other pico module instance.
You can specify the form content by "dirname" parameter.h
<{pico id="(conent ID)" dirname="(dirname)"}>
Now we look long parameters of <{formmail}>.
Their parameters controls "mail actions".
legend)
mail_body_pre: specifying body part before the query content. (from XOOPS to adminmail)
from_name: specifying sender name
cc_field_name: specifying a field name for sending "confirming mail" to form poster.
cc_mail_subject: specifying Subject of "confirming mail"
cc_mail_body_pre: specifying body part before the query content of "confirming mail"
WYSIWYG Editors require "allow HTML" for the system.
But it must invite "Script Insertion" attacks easily.
kentauls told me HTMLPurifier.
http://htmlpurifier.org/
It looks great especially smoketest for XSS.
You should know HTMLPurifier can work with PHP5 only though the documentation tells us that it can work with PHP>=4.3.2.
Anyway, I've included this library into Protector.
You can try "postcommon_post_htmlpurify4guest.php" as protector's filter plugin.
But, it is just a sample.
I'll modify my modules can use HTMLPurifier as necessary by config.
HTMLPurifier allows us "WYSIWYG forum" etc.
In pico-1.52, the spec of formmail system has been fixed.
Then, I'll write example codes.
Look again the skelton.
<{capture}>
<form>
(describe form parts)
</form>
<{/capture}>
<{formmail}>
Now, try a checkbox.
<{capture}>
<form>
<input type="checkbox" name="Favorite_Fruits" value="Orange" />Orange
<input type="checkbox" name="Favorite_Fruits" value="Apple" />Apple
<input type="checkbox" name="Favorite_Fruits" value="Pear" />Pear
<input type="submit" value="Confirm" />
</form>
<{/capture}>
<{formmail}>
This is the simplest pattern.
You should check "Favorite_Fruits" instead of "Favorite_Fruits[]".
(Of course, you can also use "Favorite_Fruits[]" there)
With this system, you need not add [] after "name" attribute.
You can write better form HTML like:
<{capture}>
<form>
<fieldset>
<legend>Favorite Fruits</legend>
<input type="checkbox" name="favorite_fruits" id="favorite_fruits_orange" value="Orange" /><label for="favorite_fruits_orange">Orange</label>
<input type="checkbox" name="favorite_fruits" id="favorite_fruits_apple" value="Apple" /><label for="favorite_fruits_apple">Apple</label>
<input type="checkbox" name="favorite_fruits" id="favorite_fruits_pear" value="Pear" /><label for="favorite_fruits_pear">Pear</label>
</fieldset>
<input type="submit" value="Confirm" />
</form>
<{/capture}>
<{formmail}>
With this example, you can get the field's title as "Favorite Fruits" instead of "favorite_fruits".
Only checkbox and radio get their field's title from <legend>. You can use ' ' for field's title.
With upper example, you can get the field's title from "name" attribute.
Then, you cannot use ' '(space) .
In pico-1.51, the rule for "Form validated by HTML" has been changed radically.
read (1)~(3) again, please.
These are the new rule of the system for HTML designers.
Name of the field
It is "name" attribute.
You can also use linear array by just adding [] after the name.
eg) name="favorite_fruits[]"
Title of the field
The 1st option is <label> corresponding the <input>.
While the 1st option for "checkbox" or "radio" will be <legend> inside <fieldset></fieldset>
2nd option is "title" attribute in the tag.
Last option is "name" attribute in the tag. (same as Name)
essential
Specify it by class attribute.
eg1) <input ... class="required" />
eg2) <input ... class="required int" /> // "int" AND "required"
Type
Specify it by class attribute.
Only a type can be valid.
- int
-- filtered by intval()
- double
-- filtered by doubleval()
- singlebytes
-- filtered by mb_convert_kana( ... , 'as' )
- email
-- checked by RFC2822. an error will be raised if it is invalid.
- telephone
-- characters unused as telephone number will be removed.