I would like to include the content of the body field of node 156 in the body of another node using php. Is this easy to do?
Any help would be appreciated.
Regards
Emma
Hi Emma,,
I don't have the snippet handy, I'm at my IPhone now. But certainly not too hard. But if you take that approach you won't be able to give access to that node to non-dev site admins without making your site vulnerable.
I'd rather create a view and use http://drupal.org/project/insert_view
Shai
Shai Gluskin
On Oct 9, 2009, at 6:23 AM, Emma Badger emma.badger@chocolateteapot.net wrote:
I would like to include the content of the body field of node 156 in the body of another node using php. Is this easy to do?
Any help would be appreciated.
Regards
Emma
-- [ Drupal support list | http://lists.drupal.org/ ]
in node1 body, with php filter <?php $node2 = node_load(156); echo $node2->body; ?>
or in template.php
YOURTHEME_preprocess_node(&$vars, $hook){ $nid = 1; // the nid of node container if(arg(0)==node && arg(1)==$nid){ $node2 = node_load(156); $vars['content'] .= $node2->body; } }
(then clear the cache in admin/settings/performance)
both should works.
Emma Badger ha scritto:
I would like to include the content of the body field of node 156 in the body of another node using php. Is this easy to do?
Any help would be appreciated.
Regards
Emma
Thanks to both of you that answered. I think option 1 is exactly what I want.
I didn't quite understand this Shai. But if you take that approach you won't be able to give access to that node to non-dev site admins without making your site vulnerable.
Anonymous users can see the content of the other node. Or do you mean that anonymous users shouldn't be allowed to input php - if so, yes that's how I have it set up, and it's just me that will need this functionality.
Thanks again.
Emma
On 9 Oct 2009, at 12:22, luca capra wrote:
in node1 body, with php filter
<?php $node2 = node_load(156); echo $node2->body; ?>
or in template.php
YOURTHEME_preprocess_node(&$vars, $hook){ $nid = 1; // the nid of node container if(arg(0)==node && arg(1)==$nid){ $node2 = node_load(156); $vars['content'] .= $node2->body; } }
(then clear the cache in admin/settings/performance)
both should works.
Emma Badger ha scritto:
I would like to include the content of the body field of node 156 in the body of another node using php. Is this easy to do?
Any help would be appreciated.
Regards
Emma
-- [ Drupal support list | http://lists.drupal.org/ ]
Emma,
What I meant is that other authenticated users shouldn't be able to input php. Typically only user/1 would be able to enter php and even some people recommend that the php input module be turned off and that all php should be in the code base and not stored in the database.
So let's say you developed the site and then handed off the site to content administrators, you wouldn't want those content administrators to be able to edit fields that have the php input filter turned on. That means they wouldn't have any editorial control over that node (other than editing the contents of the embedded node) without contacting you. OR, you'd have to give them permission to edit php filter-enabled nodes, and then you'd have the vulnerability.
But if you are the sole editor of the site and you aren't planning on creating other editor/admin roles, then the snippet approach is fine.
When developing a site it's always a good idea to think about maintenance of the site and the future of the site even while you are building the site now.
I was just on a webinar with Drupal security guru Greg Knaddison. One of the things that his firm does is security audits of Drupal sites. He said that the vast majority of the problems they find are with custom code. I know those snippets that Luca shared are really basic. But one misplaced or missing semi-colon can take down a site. I say, when there is a reasonable alternative that can prevent you from writing code, even if you know how, then you've made your site stronger and more maintainable.
Shai
On Fri, Oct 9, 2009 at 7:08 AM, Emma Badger <emma.badger@chocolateteapot.net
wrote:
Thanks to both of you that answered. I think option 1 is exactly what I want.
I didn't quite understand this Shai. But if you take that approach you won't be able to give access to that node to non-dev site admins without making your site vulnerable.
Anonymous users can see the content of the other node. Or do you mean that anonymous users shouldn't be allowed to input php - if so, yes that's how I have it set up, and it's just me that will need this functionality.
Thanks again.
Emma
On 9 Oct 2009, at 12:22, luca capra wrote:
in node1 body, with php filter
<?php $node2 = node_load(156); echo $node2->body; ?>
or in template.php
YOURTHEME_preprocess_node(&$vars, $hook){ $nid = 1; // the nid of node container if(arg(0)==node && arg(1)==$nid){ $node2 = node_load(156); $vars['content'] .= $node2->body; } }
(then clear the cache in admin/settings/performance)
both should works.
Emma Badger ha scritto:
I would like to include the content of the body field of node 156 in the body of another node using php. Is this easy to do?
Any help would be appreciated.
Regards
Emma
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
Yes, I see.
Thanks for your comments, I'll bear them in mind.
Thanks again for your help.
Regards
Emma
On 9 Oct 2009, at 13:06, Shai Gluskin wrote:
Emma,
What I meant is that other authenticated users shouldn't be able to input php. Typically only user/1 would be able to enter php and even some people recommend that the php input module be turned off and that all php should be in the code base and not stored in the database.
So let's say you developed the site and then handed off the site to content administrators, you wouldn't want those content administrators to be able to edit fields that have the php input filter turned on. That means they wouldn't have any editorial control over that node (other than editing the contents of the embedded node) without contacting you. OR, you'd have to give them permission to edit php filter-enabled nodes, and then you'd have the vulnerability.
But if you are the sole editor of the site and you aren't planning on creating other editor/admin roles, then the snippet approach is fine.
When developing a site it's always a good idea to think about maintenance of the site and the future of the site even while you are building the site now.
I was just on a webinar with Drupal security guru Greg Knaddison. One of the things that his firm does is security audits of Drupal sites. He said that the vast majority of the problems they find are with custom code. I know those snippets that Luca shared are really basic. But one misplaced or missing semi-colon can take down a site. I say, when there is a reasonable alternative that can prevent you from writing code, even if you know how, then you've made your site stronger and more maintainable.
Shai
On Fri, Oct 9, 2009 at 7:08 AM, Emma Badger <emma.badger@chocolateteapot.net
wrote:
Thanks to both of you that answered. I think option 1 is exactly what I want.
I didn't quite understand this Shai. But if you take that approach you won't be able to give access to that node to non-dev site admins without making your site vulnerable.
Anonymous users can see the content of the other node. Or do you mean that anonymous users shouldn't be allowed to input php - if so, yes that's how I have it set up, and it's just me that will need this functionality.
Thanks again.
Emma
On 9 Oct 2009, at 12:22, luca capra wrote:
in node1 body, with php filter
<?php $node2 = node_load(156); echo $node2->body; ?>
or in template.php
YOURTHEME_preprocess_node(&$vars, $hook){ $nid = 1; // the nid of node container if(arg(0)==node && arg(1)==$nid){ $node2 = node_load(156); $vars['content'] .= $node2->body; } }
(then clear the cache in admin/settings/performance)
both should works.
Emma Badger ha scritto:
I would like to include the content of the body field of node 156
in
the body of another node using php. Is this easy to do?
Any help would be appreciated.
Regards
Emma
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
Hello!
I have tried to unsubscribe to this list with no success. Can the responsible admi. please unsubscribe me from this Drupal list?
Thank you!
Gina Rydland
Hi I feel your pain i have tried to unsubscibe to the drupal list for 2 years if you find a way please contact me Thanks David Stein
Please check my linkedin and scribd sites
--- On Fri, 10/9/09, Gina Rydland girydlan@online.no wrote:
From: Gina Rydland girydlan@online.no Subject: [support] Unsubscribe to the list To: "Shai Gluskin" shai@content2zero.com, support@drupal.org Date: Friday, October 9, 2009, 8:20 AM
Hello!
I have tried to unsubscribe to this list with no success. Can the responsible admi. please unsubscribe me from this Drupal list?
Thank you!
Gina Rydland
-----Inline Attachment Follows-----
Go to: http://lists.drupal.org/listinfo/support http://lists.drupal.org/listinfo/supportAt the bottom of the page enter your email address and hit "Unsubscribe or edit options".
Follow the instructions from this point on.
Abraham
On Fri, Oct 9, 2009 at 15:02, David J. Stein steinwrites4u@yahoo.comwrote:
Hi I feel your pain i have tried to unsubscibe to the drupal list for 2 years if you find a way please contact me Thanks David Stein
Please check my linkedin and scribd sites
--- On *Fri, 10/9/09, Gina Rydland girydlan@online.no* wrote:
From: Gina Rydland girydlan@online.no Subject: [support] Unsubscribe to the list To: "Shai Gluskin" shai@content2zero.com, support@drupal.org Date: Friday, October 9, 2009, 8:20 AM
Hello!
I have tried to unsubscribe to this list with no success. Can the responsible admi. please unsubscribe me from this Drupal list?
Thank you!
Gina Rydland
-----Inline Attachment Follows-----
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
On Oct 9, 2009, at 1:21 PM, Abraham Williams wrote:
Go to: http://lists.drupal.org/listinfo/support
At the bottom of the page enter your email address and hit "Unsubscribe or edit options".
Follow the instructions from this point on.
Here's an important hint: check your message headers to see what address your mail is being delivered to. Many people have multiple addresses and/or create address aliases specific to mailing lists. Years (or days) later when they decide they want to get unsubscribed, they use their regular email address and nothing they try works because they are trying to unsubscribe an address that isn't subscribed.
That may not solve everyone's problems, but it is a common snafu.
Steve
I think its a good idea to always pass the content through a filter before you output it. I know its your own submitted node in this case so there will not be any security risk. But outputting $node2->body on user submitted content is unsafe. Do check_markup($node2->body) to be sure the body is cleaned by the input filter.
If you dont want to enable the php filter module, which is a good idea because safer to leave disabled, you can maka a custom block, leave the content empty and make a block-block-1.tpl.php where you put the php. Then enable that block for the content top region.
I also recommend the book "Cracking Drupal" of Greg Knaddison for interesting insight in making your Drupal site secure.
Hans Www.koba.be
2009/10/9, luca capra luca.capra@gmail.com:
in node1 body, with php filter
<?php $node2 = node_load(156); echo $node2->body; ?>
or in template.php
YOURTHEME_preprocess_node(&$vars, $hook){ $nid = 1; // the nid of node container if(arg(0)==node && arg(1)==$nid){ $node2 = node_load(156); $vars['content'] .= $node2->body; } }
(then clear the cache in admin/settings/performance)
both should works.
Emma Badger ha scritto:
I would like to include the content of the body field of node 156 in the body of another node using php. Is this easy to do?
Any help would be appreciated.
Regards
Emma
-- [ Drupal support list | http://lists.drupal.org/ ]
Thanks, I'll give that a go. On 9 Oct 2009, at 16:13, KOBA | Hans Rossel wrote:
I think its a good idea to always pass the content through a filter before you output it. I know its your own submitted node in this case so there will not be any security risk. But outputting $node2->body on user submitted content is unsafe. Do check_markup($node2->body) to be sure the body is cleaned by the input filter.
If you dont want to enable the php filter module, which is a good idea because safer to leave disabled, you can maka a custom block, leave the content empty and make a block-block-1.tpl.php where you put the php. Then enable that block for the content top region.
I also recommend the book "Cracking Drupal" of Greg Knaddison for interesting insight in making your Drupal site secure.
Hans Www.koba.be
2009/10/9, luca capra luca.capra@gmail.com:
in node1 body, with php filter
<?php $node2 = node_load(156); echo $node2->body; ?>
or in template.php
YOURTHEME_preprocess_node(&$vars, $hook){ $nid = 1; // the nid of node container if(arg(0)==node && arg(1)==$nid){ $node2 = node_load(156); $vars['content'] .= $node2->body; } }
(then clear the cache in admin/settings/performance)
both should works.
Emma Badger ha scritto:
I would like to include the content of the body field of node 156 in the body of another node using php. Is this easy to do?
Any help would be appreciated.
Regards
Emma
-- [ Drupal support list | http://lists.drupal.org/ ]
-- Hans Rossel KOBA Webdesign bvba Beukenlaan 56 9051 Gent (Sint-Denijs-Westrem) Belgium BTW 0817.931.516 +32.9.334.52.60 +32.472.79.32.16 www.koba.be info@koba.be -- [ Drupal support list | http://lists.drupal.org/ ]
-
Abraham Williams -
David J. Stein -
Emma Badger -
Gina Rydland -
KOBA | Hans Rossel -
luca capra -
Shai Gluskin -
Steven Scotten