Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2008-09-14 18:24:12
- lee
- Member
- From: Normandy, France
- Registered: 2004-06-17
- Posts: 831
[request] Front end article limit
The article tag lets you specify limit=”“, be useful if a site visitor could choose in some way choose how many articles to display.
Best wishes
Lee
Offline
Re: [request] Front end article limit
What happens if a visitor specifies limit=“10000”?
Offline
#3 2008-09-15 00:51:03
- redbot
- Plugin Author
- Registered: 2006-02-14
- Posts: 1,410
Re: [request] Front end article limit
lee, ruud,
I think a reasonable compromise (not very elegant but should work) might be something like this:
<ul>
<li><a href="http://www.my_site_url?article_limit=50">50</a></li>
<li><a href="http://www.my_site_url?article_limit=100>100</a></li>
</ul>and then
<txp:smd_if field="urlvar:article_limit" operator="eq" value="50">
<txp:article limit="50" />
</txp:smd_if>
<txp:smd_if field="urlvar:article_limit" operator="eq" value="100">
<txp:article limit="100" />
</txp:smd_if>clearly this is a barebone example, you can add as many links as you want and adapt it to your specific situation.
I hope I’m not wrong, but doing this way you should be able to prevent ruud scenario and avoid any security risk related to using url get variables.
Offline
Re: [request] Front end article limit
redbot wrote:
I hope I’m not wrong, but doing this way you should be able to prevent ruud scenario and avoid any security risk related to using url get variables.
There are zero security risks if the code is quality writtern, and takes out scenarios where the PHP itself can be buggy. In example, you can compine eregi(), Textpattern’s doSlash() and gps().
Last edited by Gocom (2008-09-15 01:36:54)
Offline
#5 2008-09-15 02:10:54
- redbot
- Plugin Author
- Registered: 2006-02-14
- Posts: 1,410
Re: [request] Front end article limit
Jukka,
you’re right in general, expecially when a get variable is used in a database, but in this very case I don’t think you need doslash() etc. since the <txp:article /> tag is called only if the get variable is “50” or “100” in the previous example.
If another value is manually entered in the url it will not be even taken into consideration.
Offline
Re: [request] Front end article limit
redbot wrote:
you’re right in general … If another value is manually entered in the url it will not be even taken into consideration.
Yes, and i meant in the general too – about the get variable you mentioned and it’s ‘security risks’. Or are u taking me as a completely baka (eng. idiot) ;)
And ofcourse we don’t need doSlash() if there isn’t anything to clean up or if the value already is escaped by TXP itself :P
Last edited by Gocom (2008-09-15 02:26:37)
Offline
#7 2008-09-15 11:04:07
- redbot
- Plugin Author
- Registered: 2006-02-14
- Posts: 1,410
Re: [request] Front end article limit
;)
No Jukka, I’m not taking you as a completely ‘baka’.
Offline