Store a value of cookie into <txp:variable>

gfdesign · 2012-05-22 22:46:51

First of all, sorry my English.
I’m wondering if it’s posible to store the value of a cookie into TXP variable using <txp:variable>

I’ve tried to use this code:
<txp:variable name="idioma" value="<script type='text/javascript'>document.write (getCookie('idioma'));</script>" />

but when I want to get the value of this variable, I get the script I used.
<script type='text/javascript'>document.write (getCookie('idioma'));</script>

Therefore, it doesn’t let me do conditional due I’ll never have the correct value when I use <txp:if_variable>

How should pass the value of a javascript variable to a TXP variable?
Is there any method?

Thanks a lot
Regards

uli · 2012-05-22 23:52:37

Try chs_cookie for that.

gfdesign · 2012-05-22 23:57:02

Thanks Uli for reply, but for this website I prefered to use cookies in manual way cause I need some options that this plugin doesn’t have.
Regards

maniqui · 2012-05-23 00:42:44

The reason why your code doesn’t work is because JS is a client-side language.
The JS is running on client-side, not on the server. Also, you are storing just an string inside the variable, not the result of some evaluation.

This approach won’t work. As Uli suggested, try with chs_cookie or maybe some raw PHP for accessing cookies.

etc · 2012-05-23 07:49:32

With etc_query plugin the following should work:

<txp:variable name="idioma" value='<txp:etc_query data="{?idioma}" globals="_COOKIE" />' />

Or, if you only want to check if the cookie is set

<txp:etc_query data="{?idioma}" globals="_COOKIE">
  do something
<txp:else />
  no cookie no cream
</txp:etc_query>

wet · 2012-05-23 09:34:30

A plugin-less solution:

<txp:php>
variable( array('name' => 'idioma', 'value' => htmlspecialchars( cs('idioma') )) );
</txp:php>

gfdesign · 2012-05-23 13:10:20

Thanks a lot for the solutions. Both do what I want.
But the problem that I noticed, in Google Chrome the value doesn’t keep in the Txp variable when I browse my site. I mean, when I display the value of cookie using javascript, it shows correctly, but when I use a TXP tag for displaying, the value doesn’t match. I repeat, it just happens with Google Chrome, in other browsers it works as I expect. It strange because one expect the issues come from IE side :D
Anyway, thanks for solutions. I’m afraid I will have to give up the idea that Maniquí knows that I had in mind.
Best regards.

Last edited by gfdesign (2012-05-23 19:38:13)

Gocom · 2012-05-23 13:41:34

etc wrote:

With etc_query plugin the following should work:

<txp:variable name="idioma" value='<txp:etc_query data="{?idioma}" globals="_COOKIE" />' />

That’s cool solution, but does etc_query sanitize values it returns? If it doesn’t, doing that will open tiny little security issue which just basically allows execute any code on the server remotely if/when the variable’s contents are returned/used in templates.

For example if the cookie named idioma contains any PHP code or TXP tags, it will get executed once the value is returned without sanitizing it first (with htmlspecialchars()). Hence Robert sanitizes the value in his plugin-less solution.

I.e. create a cookie named idioma and populate it with, let’s say, <txp:txp_die />. Then put the mentioned etc_query code to a page template, or output the create variable by using <txp:variable name="idioma" />. When you then load the page, it will show an error page as the <txp:txp_die /> tag in the cookie was executed.

Last edited by Gocom (2012-05-23 13:46:54)

etc · 2012-05-23 19:36:25

Gocom wrote:

That’s cool solution, but does etc_query sanitize values it returns?

Thank you for pointing to the problem. No, etc_query does not sanitize it automatically, since it can import any $GLOBALS (e.g. $thisarticle), so sanitizing is not always relevant. One could fix it with

<txp:variable name="idioma" value='<txp:etc_query data="{?idioma}" globals="_COOKIE" replace=".=$[htmlspecialchars]$" />' />

but there will certainly be no advantage over wet solution.

etc · 2012-05-23 21:06:03

After some thoughts, this should be safe too

<txp:variable name="idioma" value='<txp:etc_query data="{?idioma}" globals="_COOKIE">{?}</txp:etc_query>' />

because {?} will display the nodeValue of the data, so all eventual tags (with their content) will be stripped. But then you loose them.

etc · 2012-05-23 21:48:20

Finally, the initial solution seems to be relatively safe too, though I have no merit of it (and do not quite understand what happens). Textpattern strips <?php ?> tags (if configured so, of course), and someone else (dom parser?) converts <txp:something> to <something>, which is harmless. But I am not sure there is no way to cheat with namespaces, so etc_query will probably receive some sanitize attribute in near future.

Textpattern CMS

Textpattern CMS support forum

#1 2012-05-22 22:46:51

Store a value of cookie into <txp:variable>

#2 2012-05-22 23:52:37

Re: Store a value of cookie into <txp:variable>

#3 2012-05-22 23:57:02

Re: Store a value of cookie into <txp:variable>

#4 2012-05-23 00:42:44

Re: Store a value of cookie into <txp:variable>

#5 2012-05-23 07:49:32

Re: Store a value of cookie into <txp:variable>

#6 2012-05-23 09:34:30

Re: Store a value of cookie into <txp:variable>

#7 2012-05-23 13:10:20

Re: Store a value of cookie into <txp:variable>

#8 2012-05-23 13:41:34

Re: Store a value of cookie into <txp:variable>

#9 2012-05-23 19:36:25

Re: Store a value of cookie into <txp:variable>

#10 2012-05-23 21:06:03

Re: Store a value of cookie into <txp:variable>

#11 2012-05-23 21:48:20

Re: Store a value of cookie into <txp:variable>

Board footer