Development:Output functions: Difference between revisions
(seems easier to read) |
mNo edit summary |
||
Line 3: | Line 3: | ||
By using them you will be helping to have better, more secure and readable code. Spend some minutes trying to understand them, please! | By using them you will be helping to have better, more secure and readable code. Spend some minutes trying to understand them, please! | ||
Of course, | Of course, these functions can be discussed, modified and new functions can arrive if there are some good reasons for it. Just discuss it in the [http://moodle.org/mod/forum/view.php?id=55 General developer forum] at [http://moodle.org moodle.org]. | ||
For each of the functions below we'll try to explain when they should be used, explaining the most important parameters supported and their meaning. Let's review them! | For each of the functions below we'll try to explain when they should be used, explaining the most important parameters supported and their meaning. Let's review them! |
Revision as of 12:20, 14 March 2007
This page tries to explain a bit how dynamic data should be sent from Moodle to the browser in an organised and standard way. Obviously it's possible to have your own output methods but, thinking that you are going to share your code (yep, this is an OpenSource project!) and in the collaborative way we try to build and maintain the system every day, it would be really better to follow the basic guidelines explained below.
By using them you will be helping to have better, more secure and readable code. Spend some minutes trying to understand them, please!
Of course, these functions can be discussed, modified and new functions can arrive if there are some good reasons for it. Just discuss it in the General developer forum at moodle.org.
For each of the functions below we'll try to explain when they should be used, explaining the most important parameters supported and their meaning. Let's review them!
p() and s()
function s($var, $strip=false) function p($var, $strip=false)
These functions share the same code so they will be explained together. The only difference is that s() returns the string while p() prints it directly.
These functions should be used to:
- print all the values of form fields like <input> or <textarea> tags.
- to show plain (non html) text that has been introduced by the user (search string, quiz responses...).
- in general, all the dynamic data, not being html, that doesn't need to be cleaned nor processed by filters
It is important not to use these functions for strings that contain html markup.
The functions replace certain characters that would have special meaning in html ( <, >, ", ', and &) by html entities so that they are displayed as intended. Note that even though the value of form fields printed with p() will have these characters converted to html entities, the submitted values will contain the original characters again.
The key parameter for this function is:
- strip: it decides if we want to strip slashes from the string or no. By default it's 'false' so no strip will be performed. We should set such parameter to 'true' only when data to be processed isn't coming from database but from http requests (forms, links...).
format_text()
function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL )
This function should be used to:
- print any html/plain/markdown/moodle text, needing any of the features below. Mainly used for long strings like posts, answers, glossary items...
Note that this function is really heavy because it supports cleaning of dangerous contents, delegates processing to enabled filters, supports different formats of text (HTML, PLAIN, MARKDOWN, MOODLE) and performs a lot of automatic conversions like adding smilies, build links. Also, it includes a strong cache mechanism (DB based) that will alleviate the server from a lot of work processing the same texts time and again.
Some interesting parameters for this function are:
- format: To tell the function about how the data has been entered. It defaults to FORMAT_MOODLE that is a cool format to process plain text because it features automatic link conversion, smilies and good conversion to html output. Other formats are FORMAT_HTML, FORMAT_PLAIN, FORMAT_MARKDOWN. See Formatting options.
- options: Here we can specify how we want the process to be performed. You only need to define them if they are different from the default value assumed. Main options are:
- options->noclean: To decide if we want to skip the clean of text, un-protecting us from attacks and other security flaws (defaults to false, so protection is enabled. You shouldn't set it to true never unless you are 200% sure that only controlled users can edit it (mainly admins). Never use it for general text places (posts...) or you will be, sooner or later, attacked! Note that this option is ignored for FORMAT_PLAIN, the text is never cleaned.
- options->filter: To decide if you want to allow filters to process the text (defaults to true). This is ignored by FORMAT_PLAIN for which filters are never applied.
- options->smiley: To decide if we want automatic conversion of smilies to images (defaults to true). This is ignored by FORMAT_PLAIN for which smileys are never converted.
- options->para: To decide if you want every paragraph automatically enclosed between html paragraph tags (<p>...</p>) (defaults to true). This option only applies to FORMAT_MOODLE.
- options->newlines: To decide if linefeeds in text should be converted to html newlines (<br />) (defaults to true). This option only applies to FORMAT_MOODLE.
- courseid: This parameter should be passed always to help filters to know how they should work. This parameter will become less and less important Moodle was 100% of the current course using some session or global variable (it's one work in progress just now) but, for now, it's recommended to set it always in the function call.
format_string()
function format_string ($string, $striplinks = false, $courseid=NULL )
This function should be used to:
- print short strings (non html) that need filter processing (activity titles, post subjects, glossary concepts...).
Please note that this function is basically one stripped version of the full format_text() function detailed above and it doesn't offer any of it options nor protections. It simply filters the strings and return the result, so we must ensure that text being processed has been properly cleaned at input time, using the proper xxx_param() functions.
Some interesting parameters for this function are:
- striplinks: To decide if, after the text has been processed by filters, we must delete any link from the result test. Used when we want to show the text inside menus, page titles... (defaults to false).
- courseid: This parameter should be passed always to help filters to know how they should work. This parameter will become less and less important Moodle was 100% of the current course using some session or global variable (it's one work in progress just now) but, for now, it's recommended to set it always in the function call.
print_textarea()
function print_textarea($usehtmleditor, $rows, $cols, $width, $height, $name, $value='', $courseid=0, $return=false)
This function should be used to:
- display <textarea> fields when we want to allow users (based in their preferences and browser capabilities) to use the visual HTML editor instead of one standard 'plain' area.
Some interesting parameters for this function are:
- usehtmleditor: to decide if the HTML editor must be showed. The value of this parameter must be calculated by the can_use_html_editor() function.
- rows, cols: to be applied it the standard textarea is showed.
- width, height: to be applied if the HTML editor is used.
- name: the name of the field that will contain the text once the form was submitted.
- value: the initial value of the textarea.
- courseid: This parameter should be passed always to help the editor to know where it is work. This parameter will become less and less important Moodle was 100% of the current course using some session or global variable (it's one work in progress just now) but, for now, it's recommended to set it always in the function call.
- return: to decide if the generated html code must be returned to the caller (true) or printed directly (false). Defaults to false.