Home >Backend Development >PHP Tutorial >How Yii filters out bad code
How does Yii filter bad code? This article mainly introduces the usage of Yii purifier CHtmlPurifier, which can realize the function of filtering bad code and involves related usage skills in controllers, models, filters and views. Friends in need can refer to it. I hope it will be helpful to everyone.
The details are as follows:
1. Used in the controller:
public function actionCreate() { $model=new News; $purifier = new CHtmlPurifier(); $purifier->options = array( 'URI.AllowedSchemes'=>array( 'http' => true, 'https' => true, ), 'HTML.Allowed'=>'p', ); if(isset($_POST['News'])) { $model->attributes=$_POST['News']; $model->attributes['content'] = $purifier->purify($model->attributes['content']); if($model->save()) $this->redirect(array('view','id'=>$model->id)); } }
2. Used in the model:
protected function beforeSave() { $purifier = new CHtmlPurifier(); $purifier->options = array( 'URI.AllowedSchemes'=>array( 'http' => true, 'https' => true, ), 'HTML.Allowed'=>'p', ); if(parent::beforeSave()){ if($this->isNewRecord){ $this->create_data = date('y-m-d H:m:s'); $this->content = $purifier->purify($this->content); } return true; }else{ return false; } }
3. Used in the filter Use in:
public function filters() { return array( 'accessControl', // perform access control for CRUD operations 'postOnly + delete', // we only allow deletion via POST request 'purifier + create', //载入插入页面时进行些过滤操作 ); } public function filterPurifier($filterChain){ $purifier = new CHtmlPurifier(); $purifier->options = array( 'URI.AllowedSchemes'=>array( 'http' => true, 'https' => true, ), 'HTML.Allowed'=>'p', ); if(isset($_POST['news']){ $_POST['news']['content'] = $purify($_POST['news']['content']); } $filterChain->run(); }
4. Use in views:
<?php $this->beginWidget('CHtmlPurifier'); ?> ...display user-entered content here... <?php $this->endWidget(); ?>
Related recommendations:
yii2 modal bomb ActiveForm of Window implements asynchronous form verification of ajax
Yii2 implements QQ Internet login
Yii2 Simple parsing using cache
The above is the detailed content of How Yii filters out bad code. For more information, please follow other related articles on the PHP Chinese website!