加载中...

Yii-CHtmlPurifier- 净化器的使用(yii过滤不良代码)


  1. 在控制器中使用:
    public function actionCreate()
    {
    	$model=new News;
    	
    	$purifier = new CHtmlPurifier();
    	$purifier->options = array(
    		'URI.AllowedSchemes'=>array(
    							'http' => true,
    						   'https' => true,
    		),
    			  'HTML.Allowed'=>'div',
    	);
    
    	if(isset($_POST['News']))
    	{	
    		$model->attributes=$_POST['News'];
    		$model->attributes['content'] = $purifier->purify($model->attributes['content']);
    		if($model->save())
    			$this->redirect(array('view','id'=>$model->id));
    	}
    }

  2. 在模型中的使用:
    protected function beforeSave()
    {
    	$purifier = new CHtmlPurifier();
    	$purifier->options = array(
    		'URI.AllowedSchemes'=>array(
    							'http' => true,
    						   'https' => true,
    		),
    			  'HTML.Allowed'=>'div',
    	);
    
    	if(parent::beforeSave()){
    		if($this->isNewRecord){
    			$this->create_data = date('y-m-d H:m:s');
    			$this->content = $purifier->purify($this->content);
    		}
    		return true;
    	}else{
    		return false;
    	}
    }

  3. 在过滤器中的使用:
    public function filters()
    {
    	return array(
    		'accessControl', // perform access control for CRUD operations
    		'postOnly + delete', // we only allow deletion via POST request
    		'purifier + create', //载入插入页面时进行些过滤操作
    	);
    }
    
    public function filterPurifier($filterChain){
    	$purifier = new CHtmlPurifier();
    	$purifier->options = array(
    		'URI.AllowedSchemes'=>array(
    							'http' => true,
    						   'https' => true,
    		),
    			  'HTML.Allowed'=>'div',
    	);
    	if(isset($_POST['news']){
    		$_POST['news']['content'] = $purify($_POST['news']['content']);
    	}
          	$filterChain->run();
    }

  4. 在视图中的使用:
    <?php $this->beginWidget('CHtmlPurifier'); ?>  
    ...display user-entered content here...  
    <?php $this->endWidget(); ?>




还没有评论.