On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • Hi!
    In first, thanks for this snippet! very userfull smiley
    I had problems to save datas in the database, because i had " ’ " character inside the posted values.
    I changed
    $fields_values[$key] = $value;
    

    to
    $fields_values[$key] = htmlentities($value, ENT_QUOTES);
    


    on line 173 (in pp.resources.inc.php).

    Then, i can update the database with the values smiley.

    If there a way to do this automaticaly with eForm (beacuse i hadn’t learn eForm yet :’(), i’ll be glad to know how grin

    Thanks again for this snippet!
    • Shouldn’t those values be run through $modx->db->escape() before going anywhere near the database?
        Studying MODX in the desert - http://sottwell.com
        Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
        Join the Slack Community - http://modx.org
      • hey atm i have the snippet fully working and have bulit on top of the tutorial I wanted to display avatars so i made a simple table that stores the url they enter into the text field and i made it so that [+avatar+] was a image but i was wondering if there is any way that i can have some pre-defined images that the user can select and it automatically stick it in the table for me? sorry if it don’t make sense tried my best to word it right lol.
        • Quote from: sottwell at Nov 12, 2006, 07:22 PM

          Shouldn’t those values be run through $modx->db->escape() before going anywhere near the database?

          yep smiley
          i replace htmlentities with escape(), it works fine.
          thanks!
          • Quote from: sottwell at Nov 12, 2006, 07:22 PM

            Shouldn’t those values be run through $modx->db->escape() before going anywhere near the database?
            Yes, of course they should, I’ll update the file in a few minutes.

            I really would hope that someone experienced looked through my code for security issues, as it seems like people will be using this live despite my warnings not to! wink

            So, if Susan or someone else could do that I’d be forever grateful!
            • Security release 0.1.1 beta.

              If you run 0.1 beta 1 you should replace the ppp.resources.inc.php in the /assets/snippets/ppp folder with the attached file.

              The zip file in the first post will be replaced in a few minutes. Done.

              Please note that this is my first snippet, and it may be several security issues and other problems. I definitely don’t recommend using this snippet live yet.

              Edit: Sorry for the stupid naming of versions, I’ll keep to one standard from now.

              EDIT: File removed, use latest version from first post in this thread.
              • Quote from: nicpan at Nov 12, 2006, 07:20 PM
                In first, thanks for this snippet! very userfull smiley
                If there a way to do this automatically with eForm (because i hadn’t learn eForm yet :’(), i’ll be glad to know how grin
                Glad you like it. I hope you didn’t miss my warning about using it on a live site? wink

                Thanks for noticing the "bug". I’ve corrected the file now. But you can be almost sure that there are more security issues, hopefully some experienced programmer will look through the code soon.

                With eForm you can do a lot of validation, you should really look into the great documentation that comes with eForm!

                Quote from: SynthX at Nov 12, 2006, 07:42 PM
                I have the snippet fully working
                Nice to hear that it works. I hope it’s only a test installation you installed ppp on? There could be problems with the code, so be carefull.

                I’m currently working on picture handling, I’ll hope to release next version soon. But it seems you made your own solution, great!

                It should be possible to store multiple pictures and then create some solution where the user can select from them. I’ll think about that...

                Thanks,

                Anders
                • yep, be sure that for the moment, its only for a testing purpose (anyway, this snippet is pretty complete!) smiley
                  • Hi. For those trying to use PPP with MODX .95rc2 there could be some trouble due to the following, taken from http://modxcms.com/forums/index.php/topic,1767.0.html

                    "FYI, 0.9.5 RC2 introduced some changes to getLoginUserID that made it return the manager user ID on the front-end, if no web user was logged into the front-end. I reverted this behavior as of revision 2001 today because it was causing problems with various components that rely on it not returning an ID for a manager in the front end."

                    If logged in in manager and trying to access the front end there will be a parse error on pages with a ppp snippet call if not logged in as web user.

                    This should only affect 095rc2, and is fixed in later version of MODx as stated above.

                    Sorry if you downloaded PPP and just got an error when trying it out. Please try it again if you had this problem.

                    I will not create any fix in PPP as this isn’t a ppp issue, and it will not be a problem in future versions of MODx.

                    Disclaimer: I could have misunderstood this completely! wink

                    /Anders
                    • ...I’m getting an error when unzipping the new file: 0.1.1_beta_ppp.resources.inc.zip with Stuffit on MacOs 10.4
                        ----------------------------------------------------------
                        http://www.linkedin.com/in/lucapost/
                        http://www.twitter.com/lukwe/
                        ----------------------------------------------------------