Ok.. so I have my css.module which adds a text area when editing a node. the text inserted into that text area will be used as css when displaying the page. I think that input checking on the css field is needed... This is how I'm using the valid_input_data : function css_nodeapi(&$node, $op, $teaser, $page) { .... case 'validate': if (variable_get('css_'. $node->type, TRUE) || !user_access('create css for nodes')) { if (!valid_input_data($node->css_css)) { drupal_access_denied(); } } How do you guys think I have to implement a input check? Thanks. Fabio Karoly Negyesi wrote:
On Thu, 08 Dec 2005 12:45:57 +0100, Fabio Varesano <fabio.varesano@gmail.com> wrote:
Hi everybody.
I just received a bug report on the bug tracking system of my css.module . http://drupal.org/node/40340
As wrote there function valid_input_data has been removed from 4.6.4 .
Why does it been removed? What can we use for input checking? filter_xss?
I think that this change (and others) should be documented on the handbooks.
I agree and I already mailed the list yesterday on this.
You can't really do input checking now, valid_input_data was broken beyond repair. We are filtering on output (this was so since long), use check_plain , check_url and check_output as appropriate. check_output when you have a filter format, check_url when you want to display a url and check_plain otherwise if you output your own content.
Regards
NK