[development] valid_input_data no more available on 4.6.4

Fabio Varesano fabio.varesano at gmail.com
Thu Dec 8 20:09:12 UTC 2005


Ok..

so I have my css.module which adds a text area when
editing a node.
the text inserted into that text area will be used
as css when displaying the page.

I think that input checking on the css field is
needed...

This is how I'm using the valid_input_data :

function css_nodeapi(&$node, $op, $teaser, $page) {
....
case 'validate':
      if (variable_get('css_'. $node->type, TRUE) || 	
!user_access('create css for nodes')) {
        if (!valid_input_data($node->css_css)) {
          drupal_access_denied();
        }
      }

How do you guys think I have to implement a input check?

Thanks.

Fabio


Karoly Negyesi wrote:
> On Thu, 08 Dec 2005 12:45:57 +0100, Fabio Varesano 
> <fabio.varesano at gmail.com> wrote:
> 
>> Hi everybody.
>>
>> I just received a bug report on the bug tracking
>> system of my css.module .
>> http://drupal.org/node/40340
>>
>> As wrote there function valid_input_data has been
>> removed from 4.6.4 .
>>
>> Why does it been removed?
>> What can we use for input checking? filter_xss?
>>
>> I think that this change (and others) should be
>> documented on the handbooks.
> 
> 
> I agree and I already mailed the list yesterday on this.
> 
> You can't really do input checking now, valid_input_data was broken
> beyond  repair. We are filtering on output (this was so since long),
> use  check_plain , check_url and check_output as appropriate.
> check_output when  you have a filter format, check_url when you want to
> display a url and  check_plain otherwise if you output your own content.
> 
> Regards
> 
> NK
> 



More information about the development mailing list