Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
#1 2013-04-18 08:12:00
- wavesource
- Member
- From: Australia
- Registered: 2011-08-02
- Posts: 56
TXP 4.5 and PHP html_entity_decode
Hi all
I am using the latest 4.5.4 TXP and I am very aware that raw PHP has been deprecated. But why can’t I get something like this to run like I used to:
<txp:php> echo html_entity_decode(“<txp:custom_field name=‘custom_code’ />”); </txp:php>
The field is a text field holding some extended code for a paypal button. The button/s have variable options so it is not like I can just embed the button code in the form and send the few variables like price and ID… I used to be able to just throw the whole button code into a textarea custom field and then html_entity_decode it to play on the page. But since 4.5 I have to use the <txp:php> tags and they don’t seem apply this common function… help or pointers would be grateful. I can code up workarounds that are more painful to administrate for the client, but I am just confused why I can’t process the custom field tag output using the TXPed php tags…
Cheers
Offline
Re: TXP 4.5 and PHP html_entity_decode
Be sure your are in article conext:
<txp:php>echo html_entity_decode($GLOBALS['thisarticle']['custom_code']);</txp:php>Tommy
Digital nomad, sailing the world on a sailboat: 32fthome.com
Offline
#3 2013-04-19 01:26:06
- wavesource
- Member
- From: Australia
- Registered: 2011-08-02
- Posts: 56
Re: TXP 4.5 and PHP html_entity_decode
Yep, it was definitely in article context, and it still didn’t work. I worked around it using an external script via iframe for buttons, but the deprecation of PHP from TXP has been a disappointing development from my view, and has had an impact on how I will use it in future. I have quite complex websites using external geolocation and membership scripts that require me to do some simple but necessary queries, and while I understand the security scope, and while I understand there are plugins like Stef’s smd_query that can fill some of if not most of the gap, I just don’t feel like TXP treats me as an adult any more. I guess that’s the rub with higher security requirements these days, so I’ll just go back to my corner and stew a bit. ;-)
Offline
Re: TXP 4.5 and PHP html_entity_decode
For us adults, here’s some working code. Try this:
<txp:php> echo html_entity_decode(parse("<txp:custom_field name='custom_code' />")); </txp:php>or this, which is a wee bit faster:
<txp:php> echo html_entity_decode(custom_field(array ('name' => 'custom_code'))); </txp:php>Last edited by wet (2013-04-19 07:43:33)
Offline
Re: TXP 4.5 and PHP html_entity_decode
Yep, it was definitely in article context, and it still didn’t work.
Then there is another problem. Are there any PHP or TXP errors? Whats does say the debug tag trace?
Digital nomad, sailing the world on a sailboat: 32fthome.com
Offline
Re: TXP 4.5 and PHP html_entity_decode
wavesource wrote:
The field is a text field holding some extended code for a paypal button. The button/s have variable options so it is not like I can just embed the button code in the form and send the few variables like price and ID
Any change that you are you running the decoder due to the custom_field”:http://www.textpattern.net/wiki/index.php?title=custom_field tag’s own encoding feature? If so, you can disable it with the escape attribute:
<txp:custom_field name="custom_code" escape="" />I used to be able to just throw the whole button code into a textarea custom field and then html_entity_decode it to play on the page.
It is good that it doesn’t happen. The previous raw PHP option was outright dangerous. For instance, what you are describing, allows some nasty PHP injections. Basically the page template code itself is evaluated, and PHP code transmuted.
But since 4.5 I have to use the <txp:php> tags and they don’t seem apply this common function…
It does, but the PHP block sees a literal string — as it should. The tag needs to be explicitly run through the parser, as Robert kindly demonstrates.
Offline
#7 2013-04-20 07:34:58
- wavesource
- Member
- From: Australia
- Registered: 2011-08-02
- Posts: 56
Re: TXP 4.5 and PHP html_entity_decode
Thank you everyone for your responses. I’ve made notes of all the solutions, I like Robert’s 2nd one especially, but I will be safe and use Jukka’s escaped version as much as possible, had no idea the custom_field tag was encoding, so I’d better brush up on my basic TXP. As my understanding grows, so does my appreciation for TXP. Just goes to show, should have popped a question here a long time ago and saved myself the consternation.
As for the raw PHP being dangerous, I entirely understand, so I will attempt to grow up a bit and begin to understand better how to avoid using such methods :-)
Offline
Pages: 1