[support] Separately editable page sections?
Larry Garfield
larry at garfieldtech.com
Sat Sep 6 22:09:51 UTC 2008
On Thursday 04 September 2008 8:19:49 pm Luke wrote:
> On Thu, 4 Sep 2008, Fred Jones wrote:
> > > I might like that--will have to investigate it some. Have not used PHP
> > > to manipulate aspects of drupal, only to run custom stuff of mine
> > > integrated into nodes.
> >
> > very simple, like:
> >
> > <div id="x">
> > <?php
> > $n = node_load(34);
> > print $n->body;
> > ?>
> > </div>
>
> Beautiful. The only thing that doesn't seem to happen is a filter - from
> either the source or enclosing node.
> Probably a way to do that, but I can apply external or PHP formatting
> until I figure out how.
>
> Thanks
>
> Luke
Eeep!
The above code is a security hole as the body is not being escaped. Using the
above code will introduce a trivially simple XSS attack vector. DO NOT do
it.
If you want just certain parts of a node to be editable, use CCK fields for
the separate parts and use the cck_field_perms module to control access.
(That's now part of the base CCK package in Drupal 6.)
--
Larry Garfield
larry at garfieldtech.com
More information about the support
mailing list