Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Template Validation


Go to End
Reply


9 Posts   1411 Views

Avatar
swaiba

Forum Moderator, 1799 Posts

23 July 2011 at 3:18am

Hi,

I am going to use the silverstirpe templating to provide some complex merging (fields and conditional paragraphs) and I'd like to validate their use of the templating first. It will look like this...

<% if Something %>
{$SomethingText}
<% else %>
{$SomethingElseText}
<% end_if %>

by having a relating object that I take the above info and wrap

//$str = string from above that the user can edit
$ad = new ArrayData(array('RelevantObject' => $do));
$t = SSViewer::fromString('<% control RelevantObject %>'.$str.'<% end_control %>');
$strMerged = $vd->customise($ad)->renderWith($t);

my issue is that users are users, meaning I am sure they will put things like...
{$SomeingElllse} or <% endifhere %>

which of course will result in some unexpected output and unhappy folks... so...

can anyone advise of a way to ensure their use of the syntax is ok and that they only use Something and SomethingText etc exist on the relevant object?

Avatar
martimiz

Forum Moderator, 1106 Posts

23 July 2011 at 4:19am

I'm trying to get this... Do you mean you want users to input this or any thinkable bit of template into, say, a Textarea field, and then inject it into the $t template?

<% if Something %>
{$SomethingText}
<% else %>
{$SomethingElseText}
<% end_if %>

Or have them input stringvalues for 'Something', 'SomethingText' and 'SometingElseText', and then especially check the 'Something' input? Or am I just completely beside the point? :-)

Avatar
swaiba

Forum Moderator, 1799 Posts

23 July 2011 at 4:35am

I want them to enter "that" into the a text area or html field, then I am going to merge it... think merging within mailchimp... including the {$FirstName} and having conditional paragraphs like <% if NotPaidBalance %>Pay the balance please<% end_if %>. This I am using the merge tech from ss to render the final message...

As I said leaving this to the user I am sure that wrong merge tags and stuff will be entered and I want to prevent it rather than deal with - "why did your system send a message with {$FrrstName} in it?"

Avatar
martimiz

Forum Moderator, 1106 Posts

23 July 2011 at 4:55am

If you're letting your users effectively create their own templates (am I still getting this correctly?) then you're probably going to use the onboard SilverStripe engine to parse it. It will generate an error if the template is invalid, so you'd have to intercept that in some user-friendly way,

Next, if it's valid, it will by default ignore properties that do not exist, leaving the space empty. You'd want to generate something like '$nickname doesn't exist for this context' and some such...' You'd probably have to extend the original parsing for that.

And then, if all validates, this could still be the weirdest, most dangerous bit of template you could imagine, eating resources and creating havoc...

I probably totally misunderstand this :-)

Avatar
swaiba

Forum Moderator, 1799 Posts

24 July 2011 at 9:28pm

Hey martimiz,

this could still be the weirdest, most dangerous bit of template you could imagine, eating resources and creating havoc

You're scaring me a bit there! Why do you think this so dangerous? After some effort from the user to create (and test) the templates they would be reliable - regarding resources I can garbage collect (see http://silverstripe.org/general-questions/show/16988) to prevent the memory errors - plus this would be on a cron job running outside of the high traffic hours for the server.

Basically I need to send messages that have a ton of merge fields and conditional paragraphs - I have considered preparing info and sending to mailchimp (or similar) but as soon as I prepare any data or custom fields they are out of date. I need to do the merge with a live dataobject or two. I also considered writing my own functionality for this - but seems crazy when there is one built intot he system for free...

Avatar
martimiz

Forum Moderator, 1106 Posts

25 July 2011 at 1:00am

Hi there,

Didn't really mean to scare you :-)

It's just that user-flexibility and security are constantly at war... OK the system is there, but I'd think it's aimed specifically at the developer, and that somehow doesn't convince me it is ready for use by the customer, at least if you'd still be responsible for the site's behaviour...

Taking it a step further would be having a WordPress site where the user can edit the stylesheets and templates and then expects you to ensure in advance nothing will crash :-) OK that might be a large step, but still...

So, if a set of predefined options that hook into the actual data will not work for you, then, sticking to the system, you could extend the process method to do some extra checking. Or you could go and develop a bit of pseudo code, that you can check and convert, thus restricting the user. Or you could take your chances, trust your settings and dive :-)

Avatar
swaiba

Forum Moderator, 1799 Posts

26 July 2011 at 12:49am

Edited: 26/07/2011 12:52am

Well,

I originally just had lines like this...

$strBody = str_replace('{$FirstName}',$doPurchaser->FirstName,$strBody);

but when asked to do conditional paragraphs it became a step too far and I'd have to do some fair string parsing and I'd still have the same worries about validation. Suppose I do develop psuedo code like...

[[IF condition]]
text
[[ENDIF]]

I'd still need to validate it... how would I ensure an IF has an ENDIF for example?

Avatar
martimiz

Forum Moderator, 1106 Posts

26 July 2011 at 1:57am

Edited: 26/07/2011 2:14am

regular expressions? And keeping it as simple as possible. Enforce restrictions, where you don't accept nested ifs. They probably don't want an entire programming language, and if they do, tell them how much that's going to cost... :-)

But I'm only vaguely thinking along with you, maybe others have wonderful real solutions :-)

[EDIT] But do they really want that much flexibility, or might there still be a way to realize a couple of (dynamic) precooked options. Quite often customers say they want 'everything' and then afterwards you find out they don't really. Well - you probably know that...

Go to Top