Login

Bertrand · (This post was last modified: 2014-03-07, 21:12:59 by Bertrand.)

Hello

I'm sorry to post what is probably a basic question, but I couldn't find quickly an answer in the forum (I probably didn't search enough ?)
What are the best way and best practice to modify a single page data (or some of them) such as modifying <menu />, <parent /> etc ... ?
Thanks in advance - I've been coding my own page hierarchy editor but now I need to save the structure modifications and wonder if there is an easy way before digging into the existing code.
I'd rather ask before breaking everything Smile

I reckon I didn't study the whole getSimple code before starting hacking together my plugins...

Bertrand

Bertrand · 2014-03-08, 00:21:36

From what I'm looking at in pages.php, it seems I should have to
- invoke getXML on each modified page,
- modify the xml data,
- save it with XMLsave
- when done for each file, call create_pagesxml to recreate the pages.xml file

is that correct ?
Am I right in assuming the best way to identify a page is by its slug corresponding to the filename ?

Thanks in advance again

Bertrand · 2014-03-08, 00:53:25

Okay, I don't know if that was the right way but it does seem to work, I still would love to know how it should be done, how you would do it, etc...

***shawn_a*** · 2014-03-08, 01:05:07

sounds right enough

Bertrand · 2014-03-08, 01:11:12

Thank you very much Shawn !

***shawn_a*** · 2014-03-08, 02:07:12

only create pagecache once at the end and dont forget the save argument
create_pagesxml(true)

Bertrand · (This post was last modified: 2014-03-08, 05:31:32 by Bertrand.)

Thanks a lot again Shawn, I already do the create pagecache only once but I double checked after your message to be sure.
My error handling is quite loose as I AND all the statuses from different XMLsave together, but I could fix that - what bother me a bit more is I don't use the standard way of displaying error or success messages but I should dig again deeper in the sources to see how it should be correctly done, so I could use (if possible) the undo function (which to my great shame I didn't study at all yet).

I've got a not-so-related question but I'll ask it anyway while it's hot :

I send my data in JSON format and use json_decode on the server side to save them : do you believe it's secure enough against XSS attacks ? It certainly isn't ideally secure enough but I have hard times figuring how to prevent such attacks, it would be ppretty easy to trigger a request from a distant site when a user is logged in... are there best practices for the developpers regarding this kind of stuff ? I mean I could check all the datas but a request that would erase all the pages hierarchy could also be legit (though thinking about it I can add a bit more security because my plugin as it is right now could enable an attacker to erase all the pages if he knows the site structure).
I didn't test this potential attack but maybe there's already a protection against this kind of attacks through a cookie or session check ? if so is it automatic or should I invoke it manually ?

I identify pages by their slug, maybe I could encode the slugs in the requests so it wouldn't be trivial to forge a request from the sitemap ?

Also a more related question : what would be the best practice to save data ? I tried to use the pages.php way of doing things by sending a header:location before redirecting to the plugin page, but although it works locally on the distant server headers are already sent, so maybe an ajax request would be a more effective way of doing things ?

I'm kind of old school and hacky in my coding so I like to have simple things all packed up in a single file - that's why I'd rather avoid the ajax request which would demand another php file for my plugin, I can also use a javascript redirect but even though my plugin relies heavily on javascript and jquery I feel it would be more consistent if the redirect command originated server side, so is there a way to send directly the headers from my plugin before something is triggered anywhere else ? I opened another thread about that, maybe I should have kept things only here - sorry about that : I'm posting in a hurry which is always a bad idea :/

***shawn_a*** · 2014-03-08, 06:31:07

We have nonce functions ( not really nonces )

getimple.js has a few ways to do messages, most of our ajax stuff is old parse out html response, only the new stuff i add will be json for a while until its converted.

so some use jquery find update blah
some use ajax response and jquery functions

Code:
notifyError('This notification blinks and autocloses').popit(ms speed).closeit(ms delay);

Problem with that is js i18n is not implemented, so your strings will have to be coming from php.

This is how most works, grabs the full page html over ajax, it basically parses them out, but non uniformly and without an actual parser, just copies of the same code here and there.

Code:
                            if ($(response).find('div.error').html()) {

                                $('div.bodycontent').before('<div class="error"><p>' + $(response).find('div.error').html() + '</p></div>');

                                popAlertMsg();

                            }

Bertrand · 2014-03-08, 09:01:00

Thank you very much for your patience and detailled answers Shawn !
Getting the strings from php sounds like a good option to me as js shouldn't be too concerned with content so I'll probably follow this route.

Bertrand · 2014-03-08, 10:17:31

regarding nonce : even if "not really nonce", it is quite smooth and easy to implement, thanks for the fourth or third time today - I'm slowly beginning to understand where I have to look around before asking more or less obvious questions.

***shawn_a*** · 2014-03-08, 10:22:22

Theme_functions
Template_functions
Security_functions
Cookie_functions
Basic

Login
Username:
Password:	Lost Password?
	Remember me