Is there any way of disabling a stylesheet in view.yml for a specific action in Symfony?
For example I've got this in my view.yml:
default:
stylesheets: [default.css]
I want to be able to do something like:
displaySuccess:
stylesheet: [!default.css]
to disable default.css in displaySuccess only
Is this possible or do I have to explicitly say which modules/actions should have default.css?
You can remove or add stylesheets to a modules view.yml by doing the following:
displaySuccess:
stylesheet: [-default]
would remove default.css from the display action. Simply putting
displaySuccess:
stylesheet: [-*]
would remove all stylesheets.
to remove for example, unecessary /sfDoctrinePlugin/css/default.css, now you can overwrite the backend styles with your own!
maybe put it into yout layout.php:
<?php sfContext::getInstance()->getResponse()->removeStylesheet('/sfDoctrinePlugin/css/global.css'); ?>
<?php sfContext::getInstance()->getResponse()->removeStylesheet('/sfDoctrinePlugin/css/default.css'); ?>
I'm not 100% certain, but I believe the compiled view.yml file is processed before execution of the action. If that's true, you can do:
public function executeDisplay()
{
$this->response->removeStylesheet('default.css');
}
I find view.yml to be a little inflexible. You may find it easier to have a global "head" template that gets included in your layout(s). Then you can check sfConfig values to see if you should include individual files, making it easier to turn them on and off.
Related
I haven't quite the right process to change the body classes based on the page being viewed.
I have about 20 or so pages within a subsection that all have a different background color and reversed nav links from the main site.
I can't figure out if there is some kind of preprocess function to use (and which) in template.php or if I should do something specifically in the certain xx-page.tpl.php file.
Just adding an ID to the body tag in the xx-page.tpl.php isn't reliable due to browser caching.
I've seen this snippet:
if (drupal_is_front_page()) {
$vars['body_class'] .= ' home';
}
however, "is it the front or not" isn't enough because it's also not just a page, it's a specific page but I've either missed the syntax or am doing something wrong.
Is this a case where I need to create a custom function and if so, is the template.php page where it goes?
also, I'm in Drupal 6.26
Thanks
Are you looking for this function?
http://api.drupal.org/api/drupal/includes!theme.inc/function/template_preprocess_page/6
You might also want to have a look at the Context module.
I have been using CakePHP for a while and recently needed to send emails from an app. Unfortunately I can not figure out a way to tell CakePHP to include the css directly in the document as an internal style sheet instead of a link. I know people think that is a bad idea, but my app is only sending emails to our company so I'm not worried too much about someone's email client messing it up. If I just include the link it doesn't work since the reference is wrong, although if I could make the link an absolute link (http://myserver/css/myfile.css instead of /css/myfile.css) that would be a 2nd best alternative since they would have access to my server.
If there isn't a way to do it in Cake, is there a quick way to just use PHP to read the contents of the file and dump it in the view? I guess I could do that from the controller, sounds like a bad hack though.
Any ideas would be appreciated, thanks
You could use readfile() to print the file content directly in your view.
Or you could $this->Html->url('css/yourcss.css', true) to get the full path to the file and pass it too the css method.
I would like to suggest you to use php variable as style class and use it directly as css class. For example.
$class1 = "border : 1px solid #eeeeee; font-family : font1, font2, font3; color : #785634;"
And use it in your email template as
<div id='my-div' style=<?php echo $class1; ?>>Your div content </div>
Even I do not know any way to include style sheet in the email, and if you create some classes those will not work in email templates.
So this is how I'm using css in my projects.
you can put the css in email layout like normal html (use html email layout)
<style type="text/css"></style>
Reviewing the code of the htmlHelper shows that it can't be done.
However, you can change or overload the helper; to do so in the simplest way just add a new option between line 371 to 378.
I used PHP's include function enclosed in a script tag and it worked perfectly! In the default email view:
<script>
include('css/your_css_doc.css');`
</script>
You can write css inline:
<h2 style="color:#818381">Here are the latest stories everyone's talking about...</h2>
I am building a module that lets the administrator choose a number of optional CSS and JS files that should be included when every page is rendered.
The function hook_init seems to be the right place, but on the hook_init page it says that this is actually not the right way to do it:
To add CSS or JS that should be present on all pages, modules should not implement this hook, but declare these files in their .info file.
Does this not apply to my case, or is there a better way to do it?
That doesn't apply in your case. It only applies if the include of the CSS and JS are not conditional on anything.
My problem was aggregation if the css was added conditionally(in my case conditioned on language).
The result was the css not being loaded when aggregation was enabled.
Simply reading the documentation of drupal_add_css helped me a lot.
I had 2 options preventing this from working:
'every_page' set to TRUE because I misinterpreted it ( I actually wanted it on all pages, but only for certain languages )
'preprocess' has a default value of TRUE and it causes a css to be included in aggreation, problem being that if it is not loaded at the time the aggregated files get created, it will not be loaded at all afterwards.
Solution was: drupal_add_css(path_to_theme() . '/css/language-override.css', array('weight' => 101, 'preprocess' => FALSE));
I want to load an external script in <head>. It is module specific so I want my module to take care of the loading.
In Drupal 6, function drupal_add_js() does not allow to add an external script in <head>. It will be available in Drupal 7 passing the "external" argument to the function. In D6, I can use drupal_set_html_head() instead, but it inserts the given data in the beginning of the <head> which I don't want. I'd like to append data in it.
It turned out that drupal_html_set_head() appends data.
$stored_head .= $data ."\n";
So the behavior I experimented--data was inserted in the beginning of head data--should come from that I call drupal_html_set_head() in my module's hook_init() function.
How can I append data to the very and of <head>?
The default page.tpl.php (you can find it in /modules/system/page.tpl.php is this:
<head>
<title><?php print $head_title; ?></title>
<?php print $head; ?>
<?php print $styles; ?>
<?php print $scripts; ?>
<script type="text/javascript"><?php /* Needed to avoid Flash of Unstyled Content in IE */ ?> </script>
</head>
When you make drupal_set_html_head() it is appending stuff to variable $head, but still there are more variables appended as you see.
One possible solutions is to append the stuff that you want to $scripts, instead of $head.
How?
with a preprocess function from your module:
function MYMODULE_preprocess_page(&$variables) {
$variables['scripts'] .= $your_stuff;
}
I didn't try this solution, but if doesn't work maybe is because the order of execution. Try to set your module's weight higher, so it will run after the system_preprocess_page.
Other reason why may not work is because the theme is printing the variables in different order in page.tpl.php. But you can't control this from the code of a module.
There are multiple solutions to work around the problem.
use hook_footer() to add the js to the footer
make a small jquery script, which creates the <script> element and adds it to <head>
do it with a template preprocess function
make your own page.tpl.php
Drupal uses the .= operator to create the $head variable. The $js and $css is kept in an array, and allows you to be re-orderd.
$head is a string, and cannot be re-orderd, othern then by ugly, error-prone hacks. Such as regular-expression explosions, re-ordering and imploding.
$heads = preg_explode("\n", $head);
ksort($heads);
$head = implode("\n", $heads);
in your theme's variable pre-processor.
Did you see this comment?
Beware when using this to set an external js file call in D6, eg:
drupal_set_html_head('');
If you don't include a full script closing tag (ie ), it will
break in Firefox (and possibly other browsers, webkit-based ones seem
fine). The tag will fail to close, and will wipe out any other headers
up to the next available tag. This usually results in all
your css files failing to load, plus the next fully-tagged js file. So
use this form instead:
drupal_set_html_head('');
This applies up to and including Drupal 6.16. You can overcome it in
D7 with the new external option in drupal_add_js.
In my application I am allowing users to upload their css style sheets so they can applied to templates. The css is written as an internal style sheet, because at this time I would not like to expose the css style sheet to other users.
That creates room for users to include malicious code into the css file. Initially my plan was to convert all '<' and '>', but that is needed in the css syntax. I am after a white list solution, since it won't be feasible to exhaustively eliminate unwanted characters.
Any suggestions for implementing security measures to this scenario?
You should definitely also filter out at least IE expressions and FF -moz-binding properties... both can be used to run (potentionally malicious) javascript using css.
This cheat sheet contains the most obvious XSS tactics, including some CSS ones.
The safest solution would probably be whitelisting as you suggested (if it is acceptable to limit users to only use whitelisted properties).
I implemented a filter that replaces all < characters to <. The reason is that CSS does not need the < character; the only character it needs is the > which is used for child selectors.
That way users cannot open tags to write malicious code.
I am more than happy to consider any other/better solutions.
Dont allow users to upload a CSS FILE, make an interface that generate the CSS files dynamicly based on the options selected by the user. The options you allow. then you can make a fisical CSS file or you can make a dynamic application who writes CSS based on that configuration, this avoid to have lots of CSS files on the server... its another approach and you dont need to check every posible XSS exploit, its more easy to define what is allowed than parsing CSS and rejecting some dangerous code.
Use CDATA and escape the terminating sequence (]]>). I'm not sure about browser compatibility, though.
Example (untested):
<?PHP
function strReplaceAll($needle, $replacement, $haystack)
{
// Check for infinite loop. (NOT FOOL PROOF!)
if(strpos($replacement, $needle) === FALSE)
return;
$numReplacements = 42;
while($numReplacements)
{
$haystack = str_replace($needle, $replacement, $haystack, &$numReplacements);
}
return $haystack;
}
?>
<style type="text/css">
/*
<![CDATA[
*/
<?PHP echo sstrReplaceAll(']]>', '', $userCss); ?>
/*
]]>
*/
</style>