[development] valid_input_data no more available on 4.6.4
Fabio Varesano
fabio.varesano at gmail.com
Thu Dec 8 20:09:12 UTC 2005
Ok..
so I have my css.module which adds a text area when
editing a node.
the text inserted into that text area will be used
as css when displaying the page.
I think that input checking on the css field is
needed...
This is how I'm using the valid_input_data :
function css_nodeapi(&$node, $op, $teaser, $page) {
....
case 'validate':
if (variable_get('css_'. $node->type, TRUE) ||
!user_access('create css for nodes')) {
if (!valid_input_data($node->css_css)) {
drupal_access_denied();
}
}
How do you guys think I have to implement a input check?
Thanks.
Fabio
Karoly Negyesi wrote:
> On Thu, 08 Dec 2005 12:45:57 +0100, Fabio Varesano
> <fabio.varesano at gmail.com> wrote:
>
>> Hi everybody.
>>
>> I just received a bug report on the bug tracking
>> system of my css.module .
>> http://drupal.org/node/40340
>>
>> As wrote there function valid_input_data has been
>> removed from 4.6.4 .
>>
>> Why does it been removed?
>> What can we use for input checking? filter_xss?
>>
>> I think that this change (and others) should be
>> documented on the handbooks.
>
>
> I agree and I already mailed the list yesterday on this.
>
> You can't really do input checking now, valid_input_data was broken
> beyond repair. We are filtering on output (this was so since long),
> use check_plain , check_url and check_output as appropriate.
> check_output when you have a filter format, check_url when you want to
> display a url and check_plain otherwise if you output your own content.
>
> Regards
>
> NK
>
More information about the development
mailing list