View Revisions: Note 2989

Back to Issue
Summary 1205: Input filtering
Revision 2015-07-28 11:42 by Guest
Note Input Filtering

We can control the data fields in Composr using the fields.xml file which is located in data/fields.xml, this file defines all the restrictions for the website which goes in to the fields.

Composr has a special built-in editor just to edit this file so you don't have to manually go to that file to make the changes. You can go to this editor by logging in to your Adminzone and then going to
“setup>>field filters”. There you will find the editor with the contents from fields.xml which are basically some pre-defined set of configurations.
 
The root XML tag for the config file is 'fieldRestrictions'. Furthermore, 'qualify' and 'filter' tags can be placed underneath themselves and each other to provide nestings of arbitrary complexity. The 'qualify' tag is used to limit the context under which restriction tags may apply. The 'filter' tag is used to limit the situations under which restriction tags may apply, but it filters based on membership rather than context.

Filters -
1) As you might see in pre-defined configuration, in the filter tag, an 'notstaff' flag is set to 1, this means the contained restrictions will only apply to non-staff, if you will leave it out this will apply to all the members.
2) Apart from 'notstaff' we have two other flags , 'groups' and 'members' respectively. In the 'groups' flag you can provide a comma-separated list of usergroup ID numbers to which the contained restrictions will apply, likewise for 'members' flag you can provide a comma-separated list of member ID's.


Qualify-
1) The Qualify tag can have three types of attributes namely, pages, types, and fields.
2) In the pages attribute you can provide a comma-separated list of strings of page names where the restrictions have to be applied.
3) Types attribute can have a comma-separated list indicating which types have to be targeted to apply the restrictions. For example the URL 'type' parameters.
4) Fields attribute can have a comma-separated list of names of parameters to which the restrictions have to be applied. For example, you can set add the title to fields like this “ fields='title' ”.

Restrictions -
Restrictions are what we define within the qualify tag, there are many different types of restriction tags,
'minlength', give an error if the field value does not meet the minimum length. This is useful to prevent people posting poorly completed entries. 'maxlength', give an error if the field value does not meet the maximum length. There are many others like 'shun' which will provide an error if the value doesn't match the contained expression and 'pattern' which will fail if the regular expression doesn't match.

We can try the following example to remove the shouting from the news page. This you should find in the predefined configuration you can remove the comments which would make it look something like this,

    
<filter notstaff="1">
        <qualify pages="cms_news" types="add,_add" fields="post">
            <minLength>5</minLength>
            <maxLength>32000</maxLength>
            <shun>Testing</shun>
            <disallowedWord>shit*</disallowedWord>
            <disallowedSubstring>I shouldn't be telling you this, but</disallowedSubstring>
        </qualify>
    </filter>

As you can see the qualify tag defines “cms_news” page in the pages attribute, and there are restrictions like minLength, maxLength, shun, dissallowedWord, which would basically ban or restrict a word from being used in the field, and also we have disallowedSubstring which will provide an error if the field value contains a match for the contained wildcard expression. This is useful as a blocking word-filter.
Revision 2015-07-28 11:42 by Guest
Note Input Filtering

We can control the data fields in Composr using the fields.xml file which is located in data/fields.xml, this file defines all the restrictions for the website which goes in to the fields. You will see there are some default settings in that file.
The root XML tag for the config file is 'fieldRestrictions'. The 'qualify' tag is used to limit the context under which restriction tags may apply.

The tag may take 3 attributes (all are optional):
'pages', a comma-separated list of strings (with wildcard support) indicating the page on which the contained restrictions apply
'types', a comma-separated list of strings (with wildcard support) indicating the types (i.e. the URL 'type' parameter) on which the contained restrictions apply
'fields', a comma-separated list of strings (with wildcard support) indicating the names of parameters on which the contained restrictions apply
The 'filter' tag again is used to limit the situations under which restriction tags may apply, but it filters based on membership rather than context. The tag may take 3 attributes (all optional):
'notstaff', if this is set to '1' then the contained restrictions will only apply to non-staff (if you leave it out it will apply to all)
'groups', a comma-separated list of usergroup ID numbers to which the contained restrictions will apply (if you leave it out it will apply to all)
'members', a comma-separated list of member ID numbers to which the contained restrictions will apply (if you leave it out it will apply to all)
'notstaff', if this is set to '1' then the contained restrictions will only apply to non-staff (if you leave it out it will apply to all)
Restriction tags
'minlength', give an error if the field value does not meet the minimum length. This is useful to prevent people posting poorly completed entries.
'maxlength', give an error if the field value does not meet the maximum length.
'possibilityset', give an error if the field value does not match the contained wildcard expression. If you apply the 'secretive' attribute with a value of '1' then the user will not be told what the possible values are, which is useful if you are trying to implement a password (e.g. you can only send me a PT if you use the word "abracadabra" in it).
'disallowedsubstring', provide an error if the field value contains a match for the contained wildcard expression. This is useful as a blocking word-filter. Unlike the main Composr word filter, you have full qualification and filter support, so it is selectively applied as you require.
'disallowedword', as above but will only match whole words.
'shun', provide an error if the field value equals the contained wildcard expression. This is different from 'disallowedsubstring' simply because it shuns complete matches against the field value rather than substrings.
'pattern', provide an error if the given regular expression does not pass


Input Filtering

We can control the data fields in Composr using the fields.xml file which is located in data/fields.xml, this file defines all the restrictions for the website which goes in to the fields.

Composr has a special built-in editor just to edit this file so you don't have to manually go to that file to make the changes. You can go to this editor by logging in to your Adminzone and then going to
“setup>>field filters”. There you will find the editor with the contents from fields.xml which are basically some pre-defined set of configurations.
 
The root XML tag for the config file is 'fieldRestrictions'. Furthermore, 'qualify' and 'filter' tags can be placed underneath themselves and each other to provide nestings of arbitrary complexity. The 'qualify' tag is used to limit the context under which restriction tags may apply. The 'filter' tag is used to limit the situations under which restriction tags may apply, but it filters based on membership rather than context.

Filters -
1) As you might see in pre-defined configuration, in the filter tag, an 'notstaff' flag is set to 1, this means the contained restrictions will only apply to non-staff, if you will leave it out this will apply to all the members.
2) Apart from 'notstaff' we have two other flags , 'groups' and 'members' respectively. In the 'groups' flag you can provide a comma-separated list of usergroup ID numbers to which the contained restrictions will apply, likewise for 'members' flag you can provide a comma-separated list of member ID's.


Qualify-
1) The Qualify tag can have three types of attributes namely, pages, types, and fields.
2) In the pages attribute you can provide a comma-separated list of strings of page names where the restrictions have to be applied.
3) Types attribute can have a comma-separated list indicating which types have to be targeted to apply the restrictions. For example the URL 'type' parameters.
4) Fields attribute can have a comma-separated list of names of parameters to which the restrictions have to be applied. For example, you can set add the title to fields like this “ fields='title' ”.

Restrictions -
Restrictions are what we define within the qualify tag, there are many different types of restriction tags,
'minlength', give an error if the field value does not meet the minimum length. This is useful to prevent people posting poorly completed entries. 'maxlength', give an error if the field value does not meet the maximum length. There are many others like 'shun' which will provide an error if the value doesn't match the contained expression and 'pattern' which will fail if the regular expression doesn't match.

We can try the following example to remove the shouting from the news page. This you should find in the predefined configuration you can remove the comments which would make it look something like this,

    
<filter notstaff="1">
        <qualify pages="cms_news" types="add,_add" fields="post">
            <minLength>5</minLength>
            <maxLength>32000</maxLength>
            <shun>Testing</shun>
            <disallowedWord>shit*</disallowedWord>
            <disallowedSubstring>I shouldn't be telling you this, but</disallowedSubstring>
        </qualify>
    </filter>

As you can see the qualify tag defines “cms_news” page in the pages attribute, and there are restrictions like minLength, maxLength, shun, dissallowedWord, which would basically ban or restrict a word from being used in the field, and also we have disallowedSubstring which will provide an error if the field value contains a match for the contained wildcard expression. This is useful as a blocking word-filter.
Revision 2015-07-27 11:42 by Guest
Note Input Filtering

We can control the data fields in Composr using the fields.xml file which is located in data/fields.xml, this file defines all the restrictions for the website which goes in to the fields. You will see there are some default settings in that file.
The root XML tag for the config file is 'fieldRestrictions'. The 'qualify' tag is used to limit the context under which restriction tags may apply.

The tag may take 3 attributes (all are optional):
'pages', a comma-separated list of strings (with wildcard support) indicating the page on which the contained restrictions apply
'types', a comma-separated list of strings (with wildcard support) indicating the types (i.e. the URL 'type' parameter) on which the contained restrictions apply
'fields', a comma-separated list of strings (with wildcard support) indicating the names of parameters on which the contained restrictions apply
The 'filter' tag again is used to limit the situations under which restriction tags may apply, but it filters based on membership rather than context. The tag may take 3 attributes (all optional):
'notstaff', if this is set to '1' then the contained restrictions will only apply to non-staff (if you leave it out it will apply to all)
'groups', a comma-separated list of usergroup ID numbers to which the contained restrictions will apply (if you leave it out it will apply to all)
'members', a comma-separated list of member ID numbers to which the contained restrictions will apply (if you leave it out it will apply to all)
'notstaff', if this is set to '1' then the contained restrictions will only apply to non-staff (if you leave it out it will apply to all)
Restriction tags
'minlength', give an error if the field value does not meet the minimum length. This is useful to prevent people posting poorly completed entries.
'maxlength', give an error if the field value does not meet the maximum length.
'possibilityset', give an error if the field value does not match the contained wildcard expression. If you apply the 'secretive' attribute with a value of '1' then the user will not be told what the possible values are, which is useful if you are trying to implement a password (e.g. you can only send me a PT if you use the word "abracadabra" in it).
'disallowedsubstring', provide an error if the field value contains a match for the contained wildcard expression. This is useful as a blocking word-filter. Unlike the main Composr word filter, you have full qualification and filter support, so it is selectively applied as you require.
'disallowedword', as above but will only match whole words.
'shun', provide an error if the field value equals the contained wildcard expression. This is different from 'disallowedsubstring' simply because it shuns complete matches against the field value rather than substrings.
'pattern', provide an error if the given regular expression does not pass


Example: You can remove the shouting from the News page using the following,
    <filter notstaff="1">
        <qualify pages="cms_news" types="add,_add" fields="post">
            <minLength>5</minLength>
            <maxLength>32000</maxLength>
            <shun>Testing</shun>
            <disallowedWord>shit*</disallowedWord>
            <disallowedSubstring>I shouldn't be telling you this, but</disallowedSubstring>
        </qualify>
    </filter>