Home > Backend Development > PHP Tutorial > How Yii filters out bad code

How Yii filters out bad code

*文
Release: 2023-03-18 21:52:02
Original
1689 people have browsed it

How does Yii filter bad code? This article mainly introduces the usage of Yii purifier CHtmlPurifier, which can realize the function of filtering bad code and involves related usage skills in controllers, models, filters and views. Friends in need can refer to it. I hope it will be helpful to everyone.

The details are as follows:

1. Used in the controller:

public function actionCreate()
{
  $model=new News;
  $purifier = new CHtmlPurifier();
  $purifier->options = array(
    'URI.AllowedSchemes'=>array(
              'http' => true,
              'https' => true,
    ),
       'HTML.Allowed'=>'p',
  );
  if(isset($_POST['News']))
  {
    $model->attributes=$_POST['News'];
    $model->attributes['content'] = $purifier->purify($model->attributes['content']);
    if($model->save())
      $this->redirect(array('view','id'=>$model->id));
  }
}
Copy after login

2. Used in the model:

protected function beforeSave()
{
  $purifier = new CHtmlPurifier();
  $purifier->options = array(
    'URI.AllowedSchemes'=>array(
              'http' => true,
              'https' => true,
    ),
       'HTML.Allowed'=>'p',
  );
  if(parent::beforeSave()){
    if($this->isNewRecord){
      $this->create_data = date('y-m-d H:m:s');
      $this->content = $purifier->purify($this->content);
    }
    return true;
  }else{
    return false;
  }
}
Copy after login

3. Used in the filter Use in:

public function filters()
{
  return array(
    'accessControl', // perform access control for CRUD operations
    'postOnly + delete', // we only allow deletion via POST request
    'purifier + create', //载入插入页面时进行些过滤操作
  );
}
public function filterPurifier($filterChain){
  $purifier = new CHtmlPurifier();
  $purifier->options = array(
    'URI.AllowedSchemes'=>array(
              'http' => true,
              'https' => true,
    ),
       'HTML.Allowed'=>'p',
  );
  if(isset($_POST['news']){
    $_POST['news']['content'] = $purify($_POST['news']['content']);
  }
    $filterChain->run();
}
Copy after login

4. Use in views:

<?php $this->beginWidget(&#39;CHtmlPurifier&#39;); ?>
...display user-entered content here...
<?php $this->endWidget(); ?>
Copy after login

Related recommendations:

yii2 modal bomb ActiveForm of Window implements asynchronous form verification of ajax

Yii2 implements QQ Internet login

Yii2 Simple parsing using cache

The above is the detailed content of How Yii filters out bad code. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template