Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Plugin Example/Help. Trapping user input.

I am looking for how to trap the data from my editor before it goes into my database. I would like to sanitize the html before it goes into my database and not every time a user displays it.


  • Options

    it is sanitised in the sense it is sanitised againt sql injection.

    Preformating in this data has pitfalls. For one when editing the content it can cause all sort of issue with consistency.

    I can understand why you might want to do this, but the reality is formatters like HTMLawed are pretty efficient.

    I understand you are using HTMLPurifier, which I would advise against. For one the plugin is out of date, and outputs XHTML which is large fallen by the wayside.

    If the issue is with the table formatting there could be other way round that. Obviously it is fixed in later version of Vanilla so you could backport those. Seems a better solution especially if you forum is up an running.

    grep is your friend.

  • Options
    R_JR_J Ex-Fanboy Munich Admin
    edited January 2014

    You have to hook two different events. Create following functions:

    Both should call your own transformation function and pass $Sender to it.
    You could change the text by changing $Sender->EventArguments['FormPostValues']->Body, I think...

Sign In or Register to comment.