- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
--> allow to enclose comma-separated checkbox and radio-button option values in quotes (\"), so they can contain commas
eg. file-names containing commas in the filemanager"
form get's summited via ajax (without the _FILES array), which caused the process_show for 'files' to stall the the ajax request
--> get's ignored now"
- the etemplate_request object which stores the request data in the
a) session (as before) or
b) compressed and encrypted in the form transmitted to the user
Benefit of b) is that the session does not grow and the form can
be submitted as long as the session exists, as we need no garbadge
collection. Of cause more data needs to be submitt between
browser and webserver. b) is choosen automatic if mcrypt and
gzcompress are available, but can be turned off via setting
etemplate_request::$request_class = 'etemplate_request_session';
- static class variables instead of the before used global ones
--> This new version of eTemplate is fully backward compatible with 1.6!
[] to the name of the widget, eg. "upload[]". In that case attaching a
file adds an other file upload via javascript direct under the current
upload and etemplate returns an array of files (each with keys
'tmp_name', 'name', etc.).
In the example the tab itself is named "tabs", with tabs "one", "two"
and "three". Therefore the name of the tab-widget (where the select tab
gets reported and used to disable a single tab) does no longer depend on
the available tabs. This allows for a deeper customization.
Examples on how to use it are in the next two commits: tracker and pm