Gossamer Forum
Home : Products : Gossamer Links : Development, Plugins and Globals :

'add_system_field' type functionalty?

Quote Reply
'add_system_field' type functionalty?
Alex,

Is there a way to get the same functionality of the 'add_sytem_fields' in a plugin?

Such that a user can set defaults

field_one=1,field_two='99', ....

And this is stored as a hash, rather than a string for the loader?

barring that, would this:

Code:
my $input = $IN->get_hash;
my $clean_fields = $PLUGIN_CFG->{add_plugin_fields};
my @valid_fields = split (',', $clean_fields);
foreach my $field (@valid_fields) {
my ($key, $value) = split (m'\s+=\s+', $field); ## should remove = and any attached spaces
$key =~ s/^\s+//g; ## might still have leading spaces
$value =~ s/\s+$//g; ## might still have trailing spaces
$value =~ s/^(\'|\")//; ## value might have been enclosed in ' or " leading
$value =~ s/(\'|\")$//; ## value might have been enclosed in ' or " trailing
$input->{$key} = $value; ## set, or overwrite any supplied values.
}
do what I think it should - which is set (or overwrite user-provided) fields to the
webmaster set defaults??

This would be changed slightly for a modify, where $PLUGIN_CFG->{'preserve_plugin_fields'}
would be used, and would overwrite the above values.

I'm concerned with security as much as efficiency, and draw any data from a stored database (links table, config files, etc) where possible, rather than trust they were sent back from a form unaltered. Only values that are allowed to change, or are presented to the user to be changed, are not overwritten or expunged before a database update or add.


PUGDOGŪ Enterprises, Inc.
FAQ:http://LinkSQL.com/FAQ
Plugins:http://LinkSQL.com/plugin
Quote Reply
Re: 'add_system_field' type functionalty? In reply to
I think you can reduce this:

Code:
$value =~ s/^(\'|\")//; ## value might have been enclosed in ' or " leading
$value =~ s/(\'|\")$//; ## value might have been enclosed in ' or " trailing
....to one line

Code:
$value =~ s/['"]//g; ## value might have been enclosed in ' or "
Installs:http://wiredon.net/gt
FAQ:http://www.perlmad.com

Quote Reply
Re: 'add_system_field' type functionalty? In reply to
In Reply To:
I think you can reduce this:
No, that removes all quotes, which is different then removing leading/trailing quotes.

You could reduce it to:

$value =~ s/^['"]|['"]$//g;

same for the white space:

$value =~ s/^\s*|\s*$//g;

Cheers,

Alex

--
Gossamer Threads Inc.
Quote Reply
Re: 'add_system_field' type functionalty? In reply to
Hi,

That would probably be the best way to do it. You may want to save some grief, and not allow quotes. If you do, it implies you can do:

field_one=1,field_two="this won't work, really",field_3=5

To do something like that is a lot harder. If you skip the quotes, then what you have will work fine.

Another idea is if you are using ->add() method and want to just preserve defaults, you can just do:

foreach my $system_column (qw/list of system columns/) {
$IN->delete($system_column);
}

and then add() will take the defaults. Same goes for modify.

Cheers,

Alex

--
Gossamer Threads Inc.
Quote Reply
Re: 'add_system_field' type functionalty? In reply to
In Reply To:
You could reduce it to:
$value =~ s/^['"]|['"]$//g;
same for the white space:
$value =~ s/^\s*|\s*$//g;
I figured I could... :) But sometimes it's clearer, and safer, especially during development not to confuse yourselelf too much <G> I confuse easily, remember :) I'll add these as comments and change them once I know it all works :)

In Reply To:
Another idea is if you are using ->add() method and want to just preserve defaults, you can just do:
foreach my $system_column (qw/list of system columns/) {
$IN->delete($system_column);
}
Just for the readers of this thread who might be confused by now.... by deleting all the hash values that match the 'system columns' (ie: fields in the table that you don't want a user to forge or fake), when you do a $db->add($hash_ref) of the remaining values, the add method will use the defaults you have set in the .def file and table for the table you are inserting into, for all values that have been "deleted" and are now "undefined" (that is what "defaults" are for :) :)

This works (relying on ->add()), if you set the defaults in the table or .def editor. This is a bit "low level" for some people, especially if they have a long-time working site, since it means modifying the tables. By using the same concept of the "add_system_fields" in the set up, then a webmaster can easily block-out or set certain fields from their forms without modifying the tables. This is more a "feature" for a working/existing site so the table doesn't have to be modified -- a webmaster can both "block" a field, and set a default value if they want.



PUGDOGŪ Enterprises, Inc.
FAQ:http://LinkSQL.com/FAQ
Plugins:http://LinkSQL.com/plugin