Yii Framework Forum: Not Having To Use Eval With Dynamic Content - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Not Having To Use Eval With Dynamic Content Rate Topic: -----

#1 User is offline   rpaulpen 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 136
  • Joined: 01-December 08

Posted 20 February 2013 - 11:37 PM

Hi All,

I have a site where my pages contents are stored in a database and in most of my views I just use something like
echo "$content"
.

That works fine if the data is html, but if I want to include a Yii construct like
<p>Click the following link ". CHtml::link('careers',array('jobs/list))."</p> 

it outputs it literally rather than creating the link.

The only way I've been able to output it correctly is using EVAL, something like this
eval("echo '".$content."';");
but wondering if there is a better way to do it rather than using EVAL.
0

#2 User is offline   rpaulpen 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 136
  • Joined: 01-December 08

Posted 01 March 2013 - 07:08 AM

bump
0

#3 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 2,601
  • Joined: 10-October 10
  • Location:Denmark

Posted 01 March 2013 - 07:12 AM

'type' => 'raw'
"Less noise - more signal"
0

#4 User is offline   rpaulpen 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 136
  • Joined: 01-December 08

Posted 01 March 2013 - 09:02 AM

Thanks for your response, but I'm not quite sure where to add this. Here is an example that i think might be correct:

Action:
 
public function actionAbout()
	{
	$this->render('about', array( 'type'=>'raw')); 
	}



View file About:

echo $content;


Is this correct?
0

#5 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 2,601
  • Joined: 10-October 10
  • Location:Denmark

Posted 01 March 2013 - 10:21 AM

type raw will work in a grid view, not in a regular view.

I don't think there's a way around using eval if you store php code in the database. Any reason why you are doing that? And not just the output html? The latter is a much safer approach IMO.

(( Edit: I suspect that Yii uses 'eval' for type raw anyway.. ))
"Less noise - more signal"
0

#6 User is offline   rpaulpen 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 136
  • Joined: 01-December 08

Posted 01 March 2013 - 10:30 AM

I can see all kinds of examples where it is needed to store the html in a database so that the user can edit the content. All i want to do is be able to add a link within the content and not use <href... since it requires the literal url(ie. http://mydomain.com) rather than Yii's link format (i.e.. CHtml::link('link',array(action/view)). I want to be able to use Yii's link format.
0

#7 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 2,601
  • Joined: 10-October 10
  • Location:Denmark

Posted 01 March 2013 - 10:32 AM

Then, in that case, you need something clever, like this:
http://www.yiiframew...dgets-behavior/

Or just parse the content yourself - substituting {{link}} with the url generated by Yii.
"Less noise - more signal"
0

#8 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 2,601
  • Joined: 10-October 10
  • Location:Denmark

Posted 01 March 2013 - 10:33 AM

Relative links almost always works, btw.
"Less noise - more signal"
0

#9 User is offline   rpaulpen 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 136
  • Joined: 01-December 08

Posted 01 March 2013 - 10:42 AM

When you say relative links almost always work, i assume like the example below should work or am I just screwing up the syntax?

I've tried this, but just can't get it to work. Here is my code:

Action:
class PortletColumn1 extends Portlet
	{
    	protected function renderContent()
    		{
            	// 'content' is pulled from a database but just typed it below for simplification 
		$this->render('portletColumn', array('content'=>"\"CHtml::link('linker',array('solutions/tab1'))\"", 'type'=>'raw'));
    		}
	}


porletColumn:

<div class=''>
        
    <?php echo ".$content."; ?>
   
</div>


The output looks like this:

."CHtml::link('linker',array('solutions/tab1'))".
0

#10 User is offline   alex-w 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 213
  • Joined: 25-November 10

Posted 01 March 2013 - 11:17 AM

Would be a massive security flaw to eval user content.

Have a look at Twig, http://twig.sensiolabs.org/
and the twig extension, http://www.yiiframew...g-view-renderer
0

#11 User is offline   rpaulpen 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 136
  • Joined: 01-December 08

Posted 01 March 2013 - 02:01 PM

I decided to try and parse the record and convert it to a Yii link, but it won't create a link on output. i'm not sure what is wrong since the output is exactly the correct syntax. I would really appreciate some help on this.

Here is the data:

{link_url}solutions/tab1{/link_url}{link_title}Linker{/link_title}



I then parse it with this code. it's not very efficient yet, but it works:
class PortletColumn1 extends Portlet
{
    
 
    protected function renderContent()
    {
        
        $link = "&lt;a href=\'".Yii::app()->homeUrl."?r=";   		//set the prefix for yii format link
        
	// parse the "link_url" data        
	$string = Yii::app()->RCnar->getContent('frontPage_column1');
        $regex = "#([{]link_url[}])(.*)([{]/link_url[}])#e";
        $content = preg_replace($regex,"('$link$2\'&gt;')",$string);

 		//parse the "link_title" datta   
        $string = $content;
        $regex = "#([{]link_title[}])(.*)([{]/link_title[}])#e";
        $content = preg_replace($regex,"('$2&lt/a&gt;')",$string);
      
        $this->render('portletColumn', array('content'=>$content, 'type'=>'raw'));
        
    }
}


Here is the parsed output:
<a href='http://www.mydomain.com?r=solutions/tab1'>Linker</a>



Here is the view file:
 <?php echo "$content";?>
 


Here is the browser output:
[color=#6B6B6B]<a href='http://www.mydomain.com?r=solutions/tab1'>Linker</a>[/color]


Any ideas to why it won't create the link?
0

#12 User is offline   rpaulpen 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 136
  • Joined: 01-December 08

Posted 04 March 2013 - 01:16 AM

View Postrpaulpen, on 01 March 2013 - 02:01 PM, said:

I decided to try and parse the record and convert it to a Yii link, but it won't create a link on output. i'm not sure what is wrong since the output is exactly the correct syntax. I would really appreciate some help on this.

Here is the data:

{link_url}solutions/tab1{/link_url}{link_title}Linker{/link_title}



I then parse it with this code. it's not very efficient yet, but it works:
class PortletColumn1 extends Portlet
{
    
 
    protected function renderContent()
    {
        
        $link = "&lt;a href=\'".Yii::app()->homeUrl."?r=";   		//set the prefix for yii format link
        
	// parse the "link_url" data        
	$string = Yii::app()->RCnar->getContent('frontPage_column1');
        $regex = "#([{]link_url[}])(.*)([{]/link_url[}])#e";
        $content = preg_replace($regex,"('$link$2\'&gt;')",$string);

 		//parse the "link_title" datta   
        $string = $content;
        $regex = "#([{]link_title[}])(.*)([{]/link_title[}])#e";
        $content = preg_replace($regex,"('$2&lt/a&gt;')",$string);
      
        $this->render('portletColumn', array('content'=>$content, 'type'=>'raw'));
        
    }
}


Here is the parsed output:
<a href='http://www.mydomain.com?r=solutions/tab1'>Linker</a>



Here is the view file:
 <?php echo "$content";?>
 


Here is the browser output:
[color=#6B6B6B]<a href='http://www.mydomain.com?r=solutions/tab1'>Linker</a>[/color]


Any ideas to why it won't create the link?


Answered it myself. Used CHtml::decode and it renders the link correctly.



0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users