Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#25 2019-10-18 15:33:37

etc
Developer
Registered: 2010-11-11
Posts: 5,257
Website GitHub

Re: custom field value as a variable for link and category name

Ok, since <txp:article(_custom) /> already accepts match attribute, let’s abuse it. This commit introduces the following filters:

<txp:article_custom custom1 match="custom2" />

will match all articles with not empty custom1 field and with custom2 matching the current article’s custom2 in article context or URL var custom2.

Offline

#26 2019-10-18 15:37:47

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,754
Website

Re: custom field value as a variable for link and category name

etc wrote #319773:

Oops.. sorry! I thought there was some magic git command for everything.

Finally I find @jakob valueless cf attributes interpretation as “not empty” more logical. If we need to enable filtering by URL vars, we can introduce some searchby attribute.

Dunno. You might be right that valueless cf attributes should simply mean “a value exists”.

Then again, I found the prospect you dangled of being able to do ‘intelligent’ multi-filtering just on the basis of whether an url var was supplied quite enticing. The could be quite powerful. It just has to be controllable by the developer; you don’t want people doing their own non-permitted filtering via urlvars. Maybe some predefined reserved value terms such as custom_field_name="urlvar:varname" or custom_field_name="article:parent"

Bloke wrote #319774:

It’s pretty easy to revert atomic commits as you can just git revert <commit-id>

Thank you! I just thought it would be useful for this “momentous” event to be traceable again at some time in the future. I think you can just revert the whole commit, then recommit as two separate commits. Either way, it’s all good now. Thank you!


TXP Builders – finely-crafted code, design and txp

Offline

#27 2019-10-18 15:45:08

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,754
Website

Re: custom field value as a variable for link and category name

etc wrote #319776:

This commit introduces the following filters:

<txp:article_custom custom1 match="custom2" />...

will match all articles with not empty custom1 field and with custom2 matching the current article’s custom2 in article context or URL var custom2.

Can you do multiple matches with that? Maybe as comma-separated custom fields…


TXP Builders – finely-crafted code, design and txp

Offline

#28 2019-10-18 15:50:42

etc
Developer
Registered: 2010-11-11
Posts: 5,257
Website GitHub

Re: custom field value as a variable for link and category name

jakob wrote #319778:

Can you do multiple matches with that? Maybe as comma-separated custom fields…

Yes we can :-) It’s default value is Category1, Category2, historically joined by OR, but cf and other filters are joined by AND.

It just has to be controllable by the developer; you don’t want people doing their own non-permitted filtering via urlvars. Maybe some predefined reserved value terms such as custom_field_name="urlvar:varname" or custom_field_name="article:parent"

Txp authors can set a filter anyway, via custom1='<txp:page_url type="custom1" />', so nothing new here. And site visitors will be able to filter only by attributes in match.

Offline

#29 2019-12-22 17:34:49

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,754
Website

Re: custom field value as a variable for link and category name

I’ve been forced to do an emergency upgrade of a really ancient site (v4.0.8) because the host upgraded mySQL and no-one can log in now. It was long overdue anyway but a central aspect of this particular site is a very old version of Gerhard’s glz_custom_field from the days when he had some public-side tags. There were two parts:

  • a select drop-down that populated the options from custom fields that could hold multiple values, like an array of checkboxes and passed them as POST variables.
  • a parallel tag to txp:article that could filter via custom fields and match a value in a custom_field that holds multiple values separated by a | pipe.

I tried to replicate this using the new custom field filtering in txp 4.8.0 but have come up against a problem. At first I thought I had it working but when checking against the public site (still the old version) I got different query results.

You mention multiple matches above, but if I’ve understood your example above correctly, that means filtering results by multiple attributes (categories, more than one custom field, etc.) at once (which is certainly useful).

In this case I need to test if the url query matches a value in a series of values. Is there a way to match against multiple values within a field using the standard tag(s)? Or is this a query I need to construct using smd_query?


TXP Builders – finely-crafted code, design and txp

Offline

#30 2019-12-22 19:44:15

etc
Developer
Registered: 2010-11-11
Posts: 5,257
Website GitHub

Re: custom field value as a variable for link and category name

jakob wrote #320658:

In this case I need to test if the url query matches a value in a series of values. Is there a way to match against multiple values within a field using the standard tag(s)?

If URL query parameter is an array (like param[]=one&param[]=two), txp will transform it into

(param LIKE 'one' OR param LIKE 'two')

If you manage to somehow insert %one% and %two% into URL, this could work provided they don’t make part of longer values.

Offline

#31 2019-12-22 20:58:38

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,754
Website

Re: custom field value as a variable for link and category name

etc wrote #320659:

If you manage to somehow insert %one% and %two% into URL, this could work provided they don’t make part of longer values.

Thanks! That was a good tip.

I understand I could get false matches when the query string happens to occur in two possible values in the same multi-item value, but for this site I seem to get identical results to the existing/old site using gerhard’s old plugin (probably because the query strings are relatively long and dissimilar).

With match alone, I didn’t get the desired results, but with match AND the additional specification of the match value surrounded by added % gives me good results. This is what I have:

<txp:variable name="this_project_type"><txp:page_url type="project_type" /></txp:variable>
<txp:variable name="this_project_clientele"><txp:page_url type="project_clientele" /></txp:variable>
<txp:variable name="this_project_form"><txp:page_url type="project_form" /></txp:variable>
...
<txp:article limit="100" form="project_profile" listform="project_list" 
             match="project_type,project_clientele,project_form" 
             project_type='%<txp:variable name="this_project_type" />%'
             project_clientele='%<txp:variable name="this_project_clientele" />%'
             project_form='%<txp:variable name="this_project_form" />%' />

This avoids having to add %-chars into the url query. It also seems to play well with query strings that have a %-sign in them, i.e. an encoded slash or space. Is it perhaps wiser to urldecode those?

One more question: is this setup safe security-wise?

(At present I’m not filtering by combinations of these, so haven’t had to apply them together).


TXP Builders – finely-crafted code, design and txp

Offline

#32 2019-12-22 21:26:02

etc
Developer
Registered: 2010-11-11
Posts: 5,257
Website GitHub

Re: custom field value as a variable for link and category name

jakob wrote #320661:

With match alone, I didn’t get the desired results, but with match AND the additional specification of the match value surrounded by added % gives me good results.

Then enclosing URL values in % should work too?

This is what I have:

<txp:variable name="this_project_type"><txp:page_url type="project_type" /></txp:variable>...

There is no real need to store <txp:page_url /> in <txp:variable />, unless you need to test its value – it’s not any faster. You also don’t need to add these cf to match since you set them explicitly.

This avoids having to add %-chars into the url query. It also seems to play well with query strings that have a %-sign in them, i.e. an encoded slash or space. Is it perhaps wiser to urldecode those?

A numeric value preceded by % in URL will be urldecoded, so yes, this makes adding % to the query hazardous. On the other hand, <txp:page_url /> HTML-escapes its output by default which could be problematic if URL values contain <,>,',". You might want to add escape="" to <txp:page_url /> passed to cf.

One more question: is this setup safe security-wise?

All values inserted into db queries internally are sanitized, so it should be ok as long as you don’t output/insert them yourself.

Offline

#33 2019-12-22 21:38:22

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,754
Website

Re: custom field value as a variable for link and category name

etc wrote #320662:

Then enclosing URL values in % should work too?

Yes, it did! Then match without explicit values would work too as you say, but I got %-signs in my headings (which I could strip out I suppose).

There is no real need to store <txp:page_url /> in <txp:variable />

I had done that already to use them for headings and to make the selected states of the select drop-downs.

You also don’t need to add these cf to match since you set them explicitly.

I found that it worked just with match as you had suggested. If I used explicit values without specifying match but without the %-signs (i.e. if I didn’t happen to have multi-item values) I didn’t get the right matches. The custom fields that were empty resulted in combo-queries rather than ignoring them. With the %-signs it works again (I guess because when a custom field is not set, you end up with custom_field="%%" which is a general match).

A numeric value preceded by % in URL will be urldecoded, so yes, this makes adding % to the query hazardous.

I guessed that was probably the reason why it worked.

On the other hand, <txp:page_url /> HTML-escapes its output by default which could be problematic if URL values contain <,>,',". You might want to add escape="" to <txp:page_url /> passed to cf.

I don’t have those at present, but that would be a good idea.

All values inserted into db queries internally are sanitized, so it should be ok as long as you don’t output/insert them yourself.

Excellent. I thought so too, but wanted to be sure :-)


TXP Builders – finely-crafted code, design and txp

Offline

#34 2019-12-22 21:51:23

etc
Developer
Registered: 2010-11-11
Posts: 5,257
Website GitHub

Re: custom field value as a variable for link and category name

jakob wrote #320663:

The custom fields that were empty resulted in combo-queries rather than ignoring them.

Yes, if a cf is set (even empty) in URL, it will be taken into account. If they come from, say, <select /> combo, the ‘empty’ value should be represented by %.

We have yet time to tweak it before 4.8 release. A possible fix is allowing % in match attribute: match="%cf" could be transformed in

cf LIKE '%cf_value'

Offline

Board footer

Powered by FluxBB