I have a WordPress site with a form that people can fill out. The data is put into the database and used to create a simple one-page website. If the user wants to edit the website, the data is pulled out of the database and used to pre-populate the original form, where the user can change what they want and resubmit the form. The problem is that if the text entered into the form contains an apostrophe, as in "You'll love this product" when the text is read from the database and put into the value attribute for the input element, it displays in the form as "You\'ll love this product." An if that is submitted, the next time it comes back out of the database and into the form it's "You\\\'ll love this product.
How should I be handling this form text to keep these "\" escape characters from being generated and displayed?
Have you tried stripslashes(), regarding the line breaks just use the nl2br() function.
Example:
$yourString = "That\'s all\n folks";
$yourString = stripslashes(nl2br($yourString));
echo $yourString;
Note: \ double slashes will turn to \ single slashes
You should probably set-up your own function, something like:
$yourString = "That\'s all\n folks";
function escapeString($string) {
return stripslashes(nl2br($string));
}
echo escapeString($yourString);
Related
I'm trying to create a function on my theme's functions.php file that accomplishes that goal.
I want the editor to prevent saving or updating new posts when certain characters are used on the editor. Characters like non-breaking space, certain brackets and aposthrophes and encoded html entities.
I've managed to create a function to sanitize the input after the post was saved to the database, getting rid of all these undesired characters. I did this by writing a function that includes
$wpdb->update('wp_posts', ['post_excerpt' =>$sanitized_post_excerpt], ['id' => $post_id]);
and then adding the function as a hook to save_post:
add_action('save_post', 'sm_sanitize_HTML_entities', 99, 3);
Is there a way to prevent the input of the characters being saved (maybe even displaying a message to the user), rather than updating a sanitized version of the data after it's already been saved?
What da butt? enter code here
Blockquo [enter link description here][1]
Olá
[1]: https://%20xpt.
I tried to save a query with search query string like:
"order cancellation request received for userId = 123"
I need the whole string so I quote it with double quotations in the search bar. That query works but only until I save it and share the link.
When I save it with "Save" button top of search bar, or "disk" button at the left of search bar, the page reloads and my quotations are removed; now the results are not the same because the engine matches any of the words in the query and gets me more results.
When I check the url, I see this part:
...,query:(language:kuery,query:'order%20cancellation%20request%20received%20for%20userId%20%3D%20123'),...
Apparently, there are not quotations. So I tried to add %22 as how they should be encoded in URL, but no avail.
So, why? I expect Kibana to preserve the quotations in the search term.
Or, can someone suggests another kind of syntax which is valid, correct and shareable as an URL?
Nah. I found why.
You should add %22 inside 'xxxx' so that it would look like:
...,query:(language:kuery,query:'%22order%20cancellation%20request%20received%20for%20userId%20%3D%20123%22'),...
I'm a newbie but I think Paw can do what i need :
I need to extract a session id behind a login page.
I go to https://admin.booking.com, filling the form (login and pass) and the landing page behind includes a session id :
https://admin.booking.com/pc/index.html?ses=xxxxyyyyyzzzzz11112222233333
I'd like to :
1) Push credentials with Paw as part of my request,
2) get the above item (ses) item as a response so i can use the php script extension provided by Paw and then call this script "on demand".
Is this possible ? If so, what should i do ?
Thanks for your help
UPDATE*: we've added a documentation article to describe the process a little more: Login via a web form in Paw. We've detailed the process to deal with CSRF tokens too.
Paw isn't quite yet ready for handling web/HTML forms. Though, there's one way to do it the right way: if you inspect the form with the Chrome dev tools you'll find the name of the input from the DOM/HTML:
In your case, you have the inputs: loginname, password, lang.
Also, find the <form…> tag to see what's the action attribute. If there's no action attribute (like in your example), it means the target URL for your form is the current page's URL (https://admin.booking.com/ in your case). Also, make sure the method="POST" is also there in the <form…> tag, otherwise this method won't work.
Then jump into Paw and set:
URL (in your case https://admin.booking.com/)
method to POST
go to the Body tab and use "Form URL-Encoded + fill up the fields from your form
If all works, you'll see Paw show a redirection request, and if you go to the right-hand side panel under "Response" > "Headers", you should see a Location header with a value similar to the URL you initially mentioned (https://admin.booking.com/pc/index.html?ses=xxxxyyyyyzzzzz11112222233333). Hurray! You got your value into Paw!
Now that you have that, you can create in a new request (click on the + button at the bottom of the left-hand side list). And wherever you want to use this session token/ID, you can insert a dynamic value to retrieve that URL value. You have more infos here, in our docs, but I'll describe the steps here:
On whichever field you want to insert the token, right-click and pick Responses > Response Header.
Make sure you pick the first request in the "Request" dropdown menu, and enter Location in the "Header" field:
You should see the value of the Location header of the previous response appear here.
Now what you want to do is to extract only the part you want (i.e. the value of the ses param in your case). For that you'll need that extension for Paw, so please install it now: https://luckymarmot.com/paw/extensions/RegExMatch
Copy the dynamic value you have just inserted (the blue token), and right-click on that field to insert a new dynamic value, and pick Extensions > RegExp match:
In the Input field, paste the previous dynamic value you copied. And use the RegExp field to write a regular expression that will successfully extract the part of the URL you want (this should work in your case ses=(.*)).
Now that you're set up. You should be able to use this little new blue token wherever you like and automagically extract the value from the previous form. And whenever you send again the initial request, and get a new token, everything else will also update! :)
It was a little long guide, but I hope this will help you and hopefully others too.
How to escape multiline wordpress shortcode?
[accordion_item title="Item 2"]
item content
[/accordion_item]
We could use double brakets, but "/" sign brokes everything. Can't belive WP guys lost this case (
[[accordion_item title="Item 3"]]
item content
[[accordion_item]]
this works, but code below doesn't escaped properly
[[accordion_item title="Item 3"]]
item content
[[/accordion_item]]
Don't want to replace manually brakets with html codes. (and WP automatically get them back after user switch editor mode to visual)
Thanks in advance.
Function get_shortcode_regex() in shortcodes.php makes all logic with escaping shortcodes parsing (capture group 1 and 5)
For example with
[[new_something my_attr="test"]And have content!! [vc_tabs][/vc_tabs][/new_something]]
After preg_match_all you will get that
first capture group is not empty and it is "[" (so you can know that this shortcode is not for rendering)
second capture group will show shortcode name "new_something"
third capture group will show everything in attributes " my_attr="test""
four capture group will show content And have content!! [vc_tabs][/vc_tabs]
Five capture group will show that escape characters has at end.
Basically this means that all information is known when you write escape like this: [[your_shortcode]content[/your_shortcode]]
the Answer: replacing [ by [ and ] by ]
Link: https://wordpress.stackexchange.com/questions/33960/how-do-i-escape-a-in-a-short-code
Side Note:
Wysiwyg <=> text transition causing html encoding is, and always be a problem. I would recommend just getting rig of the visual editor all together!
I need your advice with converting plain text to an URL.
The scenario will be this: The user will select some entry and then click a "convert to link" button.
The entry text the user selected will convert to (link: selected_text). I do it with JavaScript. And after that, when he clicks the Save button to save all his entry, I don't know how to store (link: selected_text) in tha database.
The URL will be like this: www.mysite.aspx?t=selected_text.
I can convert (link: selected_text) by using replace function in code-behind. But then I don't know how to show user as clickable and also by not showing <a href="www.mysite.aspx?t=selected_text">
It can be difficult to understand therefore I will show some of my codes to explain.
Private Sub Save(ByVal Entry As String) ' Entry Comes from entry textbox '
Dim elected As String
selected = Entry.Replace("(link: ", "<a href http://www.mysite.com?link=")
selected = Entry.Replace(")", ">")
' then here starts save but not necessary to show '
End Sub
If you must save processed input for some reason
(link: here)
must be converted to
(link: here)
To store in database, you'll have to track the changes separately somehow and post them back to the server. I'd suggest a HiddenInput control.
Do not save it as www.mysite.com?t=here. Just save the entry as the user types it. While showing it to user later, convert the "(link: here)" to link and show that.
Save the post as the user wrote it. This will make it easier to allow editing of the post later. When you render the message you should use a regular expression to replace it with a real link. You should never replace all ")" with ">". What happends if i write "hello (world)"?
The result:
Hello (world>
You can find great regular expressions here:
http://regexlib.com