[drupal-devel] Question on valid_input_data()

K B kbahey at gmail.com
Mon May 9 01:11:47 UTC 2005


Guys.

Thanks for all the replies. 

However, some of the answers do not apply in this case, such as giving
the permission to bypass input filters, or to set to Full HTML.

The module in question here is banner.module, and this particular
problem happens when it is configured to use files, and has to write
the a cache of the ad banners. This happens when cron runs only, and
not from any user screens.

It uses file_save_data()
http://drupaldocs.org/api/4.6/function/file_save_data

Which in turn calls valid_input_data()
http://drupaldocs.org/api/4.6/function/valid_input_data

I changed the text ads to say 
<span href="blah">...</span>

Instead of
<span onclick="parent.blah='/blah'">...</span>

This solved the problem. There is no way to set the filter to Full
HTML for cron, and it is extremely unwise to bypass input check for
anonymous users.

Thanks to all.



More information about the drupal-devel mailing list