I would like to make a simple "node flagging" tool on my site. I have a flag icon on every node which has the URL of the node (or the nid) inserted into it using php.
What I would like is for a user who clicks that to be sent to the contact form and for the page URL to appear in the "Message" text box already.
I've had a lot of problems with the Abuse module (especially the admin side of things...constant sql errors), so have decided to try to create something simpler. If the contact form can't be used like that, is there a way I can set up a simple form on a page (mysite.com/report) which is pre-filled with a flagged node's URL/nid as described above?
Thanks
Neil
I suppose tkaing the same development resources to look at fixing the abuse module is out of the question?
-Mike
__________________ Michael Prasuhn mike@mikeyp.net mikeyp.phone@gmail.com phone 714.356.0168 cell 949.200.7670 fax
-----Original Message----- From: "Neil: esl-lounge.com" neil@esl-lounge.com
Date: Sat, 22 Sep 2007 13:50:32 To:support@drupal.org Subject: [support] Simple form-based node flagging
I would like to make a simple "node flagging" tool on my site. I have a flag icon on every node which has the URL of the node (or the nid) inserted into it using php. What I would like is for a user who clicks that to be sent to the contact form and for the page URL to appear in the "Message" text box already. I've had a lot of problems with the Abuse module (especially the admin side of things...constant sql errors), so have decided to try to create something simpler. If the contact form can't be used like that, is there a way I can set up a simple form on a page (mysite.com/report) which is pre-filled with a flagged node's URL/nid as described above? Thanks Neil-- [ Drupal support list | http://lists.drupal.org/ ]
In the end, I added the following code to the contact.module:
// THESE NEXT TWO LINES ADDED FOR PRE-FILLING if( !isset( $_POST['subject']) && !empty($_GET['subject'])) // FIRST ADDITIONAL LINE $form['subject']['#value'] = $_GET['subject']; // SECOND AND LAST ADDITIONAL LINE
which allows me to create links like this:
<a href="/contact?subject=Page+Reported:http://www.mysite.com<?php print $_SERVER['REQUEST_URI'] ?>+(do+not+delete.)" rel="nofollow">Report Page</a>
which is exactly what I was after.
----- Original Message ----- From: "Michael Prasuhn" mike@mikeyp.net To: support@drupal.org Sent: Saturday, September 22, 2007 5:58 PM Subject: Re: [support] Simple form-based node flagging
I suppose tkaing the same development resources to look at fixing the abuse module is out of the question?
-Mike
__________________ Michael Prasuhn mike@mikeyp.net mikeyp.phone@gmail.com phone 714.356.0168 cell 949.200.7670 fax
-----Original Message----- From: "Neil: esl-lounge.com" neil@esl-lounge.com
Date: Sat, 22 Sep 2007 13:50:32 To:support@drupal.org Subject: [support] Simple form-based node flagging
I would like to make a simple "node flagging" tool on my site. I have a flag icon on every node which has the URL of the node (or the nid) inserted into it using php.
What I would like is for a user who clicks that to be sent to the contact form and for the page URL to appear in the "Message" text box already.
I've had a lot of problems with the Abuse module (especially the admin side of things...constant sql errors), so have decided to try to create something simpler. If the contact form can't be used like that, is there a way I can set up a simple form on a page (mysite.com/report) which is pre-filled with a flagged node's URL/nid as described above?
Thanks
Neil-- [ Drupal support list | http://lists.drupal.org/ ]
Please, please, please, put a check_plain around the $_GET['subject'] var.
http://api.drupal.org/?q=api/function/check_plain/5
Kitt.
Quoting "Neil: esl-lounge.com" neil@esl-lounge.com:
In the end, I added the following code to the contact.module:
// THESE NEXT TWO LINES ADDED FOR PRE-FILLING if( !isset( $_POST['subject']) && !empty($_GET['subject'])) // FIRSTADDITIONAL LINE $form['subject']['#value'] = $_GET['subject']; // SECOND AND LAST ADDITIONAL LINE
which allows me to create links like this:
<a href="/contact?subject=Page+Reported:http://www.mysite.com<?php print $_SERVER['REQUEST_URI'] ?>+(do+not+delete.)" rel="nofollow">Report Page</a>
which is exactly what I was after.
----- Original Message ----- From: "Michael Prasuhn" mike@mikeyp.net To: support@drupal.org Sent: Saturday, September 22, 2007 5:58 PM Subject: Re: [support] Simple form-based node flagging
I suppose tkaing the same development resources to look at fixing the abuse
module is out of the question?
-Mike
Michael Prasuhn mike@mikeyp.net mikeyp.phone@gmail.com phone 714.356.0168 cell 949.200.7670 fax
-----Original Message----- From: "Neil: esl-lounge.com" neil@esl-lounge.com
Date: Sat, 22 Sep 2007 13:50:32 To:support@drupal.org Subject: [support] Simple form-based node flagging
I would like to make a simple "node flagging" tool on my site. I have a flag
icon on every node which has the URL of the node (or the nid) inserted into
it using php.
What I would like is for a user who clicks that to be sent to the contact form and for the page URL to appear in the "Message" text box already.
I've had a lot of problems with the Abuse module (especially the admin side
of things...constant sql errors), so have decided to try to create something
simpler. If the contact form can't be used like that, is there a way I can set up a simple form on a page (mysite.com/report) which is pre-filled with
a flagged node's URL/nid as described above?
Thanks
Neil-- [ Drupal support list | http://lists.drupal.org/ ] -- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
Would the prepopulate module work for this?
http://drupal.org/project/prepopulate
If so, it could eliminate the need to touch core.
Cheers,
Bill
Kitt Hodsden wrote:
Please, please, please, put a check_plain around the $_GET['subject'] var.
http://api.drupal.org/?q=api/function/check_plain/5
Kitt.
Quoting "Neil: esl-lounge.com" neil@esl-lounge.com:
In the end, I added the following code to the contact.module:
// THESE NEXT TWO LINES ADDED FOR PRE-FILLING if( !isset( $_POST['subject']) && !empty($_GET['subject'])) // FIRSTADDITIONAL LINE $form['subject']['#value'] = $_GET['subject']; // SECOND AND LAST ADDITIONAL LINE
which allows me to create links like this:
<a href="/contact?subject=Page+Reported:http://www.mysite.com<?php print $_SERVER['REQUEST_URI'] ?>+(do+not+delete.)" rel="nofollow">Report Page</a>
which is exactly what I was after.
----- Original Message ----- From: "Michael Prasuhn" mike@mikeyp.net To: support@drupal.org Sent: Saturday, September 22, 2007 5:58 PM Subject: Re: [support] Simple form-based node flagging
I suppose tkaing the same development resources to look at fixing the abuse
module is out of the question?
-Mike
Michael Prasuhn mike@mikeyp.net mikeyp.phone@gmail.com phone 714.356.0168 cell 949.200.7670 fax
-----Original Message----- From: "Neil: esl-lounge.com" neil@esl-lounge.com
Date: Sat, 22 Sep 2007 13:50:32 To:support@drupal.org Subject: [support] Simple form-based node flagging
I would like to make a simple "node flagging" tool on my site. I have a flag
icon on every node which has the URL of the node (or the nid) inserted into
it using php.
What I would like is for a user who clicks that to be sent to the contact form and for the page URL to appear in the "Message" text box already.
I've had a lot of problems with the Abuse module (especially the admin side
of things...constant sql errors), so have decided to try to create something
simpler. If the contact form can't be used like that, is there a way I can set up a simple form on a page (mysite.com/report) which is pre-filled with
a flagged node's URL/nid as described above?
Thanks
Neil-- [ Drupal support list | http://lists.drupal.org/ ] -- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
I could be wrong but that seems to only be for the Create Content forms. Has anyone used it for the contact form?
----- Original Message ----- From: "Bill Fitzgerald" bill@funnymonkey.com To: support@drupal.org Sent: Monday, September 24, 2007 7:20 AM Subject: Re: [support] Simple form-based node flagging
Would the prepopulate module work for this?
http://drupal.org/project/prepopulate
If so, it could eliminate the need to touch core.
Cheers,
Bill
Kitt Hodsden wrote:
Please, please, please, put a check_plain around the $_GET['subject'] var.
http://api.drupal.org/?q=api/function/check_plain/5
Kitt.
Quoting "Neil: esl-lounge.com" neil@esl-lounge.com:
In the end, I added the following code to the contact.module:
// THESE NEXT TWO LINES ADDED FOR PRE-FILLING if( !isset( $_POST['subject']) && !empty($_GET['subject'])) // FIRSTADDITIONAL LINE $form['subject']['#value'] = $_GET['subject']; // SECOND AND LAST ADDITIONAL LINE
which allows me to create links like this:
<a href="/contact?subject=Page+Reported:http://www.mysite.com<?php print $_SERVER['REQUEST_URI'] ?>+(do+not+delete.)" rel="nofollow">Report Page</a>
which is exactly what I was after.
----- Original Message ----- From: "Michael Prasuhn" mike@mikeyp.net To: support@drupal.org Sent: Saturday, September 22, 2007 5:58 PM Subject: Re: [support] Simple form-based node flagging
I suppose tkaing the same development resources to look at fixing the abuse
module is out of the question?
-Mike
Michael Prasuhn mike@mikeyp.net mikeyp.phone@gmail.com phone 714.356.0168 cell 949.200.7670 fax
-----Original Message----- From: "Neil: esl-lounge.com" neil@esl-lounge.com
Date: Sat, 22 Sep 2007 13:50:32 To:support@drupal.org Subject: [support] Simple form-based node flagging
I would like to make a simple "node flagging" tool on my site. I have a flag
icon on every node which has the URL of the node (or the nid) inserted into
it using php.
What I would like is for a user who clicks that to be sent to the contact form and for the page URL to appear in the "Message" text box already.
I've had a lot of problems with the Abuse module (especially the admin side
of things...constant sql errors), so have decided to try to create something
simpler. If the contact form can't be used like that, is there a way I can set up a simple form on a page (mysite.com/report) which is pre-filled with
a flagged node's URL/nid as described above?
Thanks
Neil-- [ Drupal support list | http://lists.drupal.org/ ] -- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
-- Bill Fitzgerald http://www.funnymonkey.com Tools for Teachers 503.897.7160
-- [ Drupal support list | http://lists.drupal.org/ ]
Kitt,
how would the syntax for that look? I've never used it before. Why is it so important to use check_plain?
Neil
----- Original Message ----- From: "Kitt Hodsden" kitt-drupal@hodsden.org To: "Neil: esl-lounge.com" neil@esl-lounge.com Cc: support@drupal.org Sent: Monday, September 24, 2007 6:48 AM Subject: Re: [support] Simple form-based node flagging
Please, please, please, put a check_plain around the $_GET['subject'] var.
http://api.drupal.org/?q=api/function/check_plain/5
Kitt.
Quoting "Neil: esl-lounge.com" neil@esl-lounge.com:
In the end, I added the following code to the contact.module:
// THESE NEXT TWO LINES ADDED FOR PRE-FILLING if( !isset( $_POST['subject']) && !empty($_GET['subject'])) // FIRSTADDITIONAL LINE $form['subject']['#value'] = $_GET['subject']; // SECOND AND LAST ADDITIONAL LINE
which allows me to create links like this:
<a href="/contact?subject=Page+Reported:http://www.mysite.com<?php print $_SERVER['REQUEST_URI'] ?>+(do+not+delete.)" rel="nofollow">Report Page</a>
which is exactly what I was after.
----- Original Message ----- From: "Michael Prasuhn" mike@mikeyp.net To: support@drupal.org Sent: Saturday, September 22, 2007 5:58 PM Subject: Re: [support] Simple form-based node flagging
I suppose tkaing the same development resources to look at fixing the abuse
module is out of the question?
-Mike
Michael Prasuhn mike@mikeyp.net mikeyp.phone@gmail.com phone 714.356.0168 cell 949.200.7670 fax
-----Original Message----- From: "Neil: esl-lounge.com" neil@esl-lounge.com
Date: Sat, 22 Sep 2007 13:50:32 To:support@drupal.org Subject: [support] Simple form-based node flagging
I would like to make a simple "node flagging" tool on my site. I have a flag
icon on every node which has the URL of the node (or the nid) inserted into
it using php.
What I would like is for a user who clicks that to be sent to the contact form and for the page URL to appear in the "Message" text box already.
I've had a lot of problems with the Abuse module (especially the admin side
of things...constant sql errors), so have decided to try to create something
simpler. If the contact form can't be used like that, is there a way I can set up a simple form on a page (mysite.com/report) which is pre-filled with
a flagged node's URL/nid as described above?
Thanks
Neil-- [ Drupal support list | http://lists.drupal.org/ ] -- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
Neil,
Using your line, check_plain goes around the subject GET:
$form['subject']['#value'] = check_plain($_GET['subject']); // SECOND AND LAST ADDITIONAL LINE
If you don't, then people can use this parameter to get information about your site.
So, imagine I have a link from MY site which goes to YOUR site that looks like this (where "like" = not really checked for proper syntax, proper closing tags, etc. but you get the drift):
<a href="http://yoursite.com/contact?subject=%3E%3Cimg+src%3D%22http%3A%2F%2Fexample.com%2Fscandalous-image.jpg%22+%2F%3E">Report Page</a>
Now, when someone clicks on this link, my scandalous-image.jpg will display.
Or, if I'm exploiting the latest Adobe PDF download exploit, I could have a carefully crafted PDF sent automatically to the user who clicked on my link.
Or, I could include a javascript file that reads your site cookies and sends them to my site (enabling my hijacking of your users' sessions).
Drupal does a lot of GET and POST variable checking for you. If you're going to use the GET parameters directly, you need to do some of that checking yourself.
Kitt.
Quoting "Neil: esl-lounge.com" neil@esl-lounge.com:
Kitt,
how would the syntax for that look? I've never used it before. Why is it so
important to use check_plain?
Neil
----- Original Message ----- From: "Kitt Hodsden" kitt-drupal@hodsden.org To: "Neil: esl-lounge.com" neil@esl-lounge.com Cc: support@drupal.org Sent: Monday, September 24, 2007 6:48 AM Subject: Re: [support] Simple form-based node flagging
Please, please, please, put a check_plain around the $_GET['subject']
var.
http://api.drupal.org/?q=api/function/check_plain/5
Kitt.
Quoting "Neil: esl-lounge.com" neil@esl-lounge.com:
In the end, I added the following code to the contact.module:
// THESE NEXT TWO LINES ADDED FOR PRE-FILLING if( !isset( $_POST['subject']) && !empty($_GET['subject'])) // FIRSTADDITIONAL LINE $form['subject']['#value'] = $_GET['subject']; // SECOND AND LAST ADDITIONAL LINE
which allows me to create links like this:
<a href="/contact?subject=Page+Reported:http://www.mysite.com<?php print $_SERVER['REQUEST_URI'] ?>+(do+not+delete.)" rel="nofollow">Report Page</a>
which is exactly what I was after.
----- Original Message ----- From: "Michael Prasuhn" mike@mikeyp.net To: support@drupal.org Sent: Saturday, September 22, 2007 5:58 PM Subject: Re: [support] Simple form-based node flagging
I suppose tkaing the same development resources to look at fixing the abuse
module is out of the question?
-Mike
Michael Prasuhn mike@mikeyp.net mikeyp.phone@gmail.com phone 714.356.0168 cell 949.200.7670 fax
-----Original Message----- From: "Neil: esl-lounge.com" neil@esl-lounge.com
Date: Sat, 22 Sep 2007 13:50:32 To:support@drupal.org Subject: [support] Simple form-based node flagging
I would like to make a simple "node flagging" tool on my site. I have a flag
icon on every node which has the URL of the node (or the nid) inserted into
it using php.
What I would like is for a user who clicks that to be sent to the
contact
form and for the page URL to appear in the "Message" text box already.
I've had a lot of problems with the Abuse module (especially the admin side
of things...constant sql errors), so have decided to try to create something
simpler. If the contact form can't be used like that, is there a way I can set up a simple form on a page (mysite.com/report) which is pre-filled with
a flagged node's URL/nid as described above?
Thanks
Neil-- [ Drupal support list | http://lists.drupal.org/ ] -- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]