[development] valid_input_data no more available on 4.6.4
Nathan Vack
njvack at wisc.edu
Thu Dec 8 21:00:49 UTC 2005
On Dec 8, 2005, at 2:09 PM, Fabio Varesano wrote:
> I think that input checking on the css field is
> needed...
>
> This is how I'm using the valid_input_data :
>
> function css_nodeapi(&$node, $op, $teaser, $page) {
> ....
> case 'validate':
> if (variable_get('css_'. $node->type, TRUE) ||
> !user_access('create css for nodes')) {
> if (!valid_input_data($node->css_css)) {
> drupal_access_denied();
> }
> }
>
> How do you guys think I have to implement a input check?
You could use an HTTP library and send it through the w3c CSS
validator...
http://jigsaw.w3.org/css-validator/
That would ensure the CSS is well-formed. You could even
conditionally warn about valid but poor CSS practice (setting
background-color without setting color, for example).
Also -- that's probably a different error case than user_access();
I'm guessing you'd want to return a "Hey, your CSS isn't valid"
instead of "Access denied"...
Cheers,
-Nate
More information about the development
mailing list