Formatted Include

This is a modification of the wikka include action adding css formatting. The idea & some of the code came from a gpl wikini action by Eric Feldstein.

You can use it to completely replace the include.php file in the action directory.

Useage is....

{{include page="HomePage" class="gray_background solid_border small_fonts height10em"}}

The class parameter is optional.

An example of it in use here.

<?php
// wikka include action modified by GmBowen so that included page is formatted according to css code
// Idea & code modifications from Wikini include action by Eric Feldstein released under GPL
if ($class) {
    $array_classes = explode(" ", $class);
    foreach ($array_classes as $c) { $classes = $classes . "include_" . $c . " "; }
    }
if (!$page) $page = $wikka_vars;
$page = strtolower($page);
if (!$this->config["includes"]) $this->config["includes"][] = strtolower($this->tag);

if (!in_array($page, $this->config["includes"]) && $page != $this->tag) {
    if ($this->HasAccess("read", $page)) {
        $this->config["includes"][] = $page;
            $page = $this->LoadPage($page);
        $output = $this->Format($page["body"]);
        if ($classes) echo "<div class=\"", $classes,"\">\n", $output, "</div>\n";
        else echo $output;
    }
} else print "<span class='error'>Circular reference detected</span>";

?>


the css file in use has to have the following text added to it....
.include_right { float: right; width: 17%; } /* floating box to the right */
.include_left { float: left; width: 17%; } /* floating box to the left*/
.include_solid_border { border: solid; padding: 2px; } /* solid border*/
.include_gray_background { background-color: #DDDDDD; } /* grey background*/
.include_small_fonts { font-size: 0.8em; } /* small fonts */
.include_big_fonts { font-size: 1.2em; } /* large fonts*/
.include_height10em { height: 10em; overflow: scroll; } /* in a scrollable box 10em high */
.include_height15em { height: 15em; overflow: scroll; } /* in a scrollable box 15em high */
.include_height30em { height: 30em; overflow: scroll; } /* in a scrollable box 30em high */
.include_height60em { height: 60em; overflow: scroll; } /* in a scrollable box 60em high */


CategoryUserContributions
Comments
Comment by JavaWoman
2005-01-03 11:24:11
I saw that at WikiNi - but I think we could do better than this. ;-)
Comment by GmBowen
2005-01-03 15:20:06
Oh I don't doubt we could....it was a "get the ball rolling" kind of thing. For me, it was also figuring out a bit about how arrays & css work (css I have a bit more of a handle on now, the logic for how arrays work still kinda escapes me.....which, I recall, was my problem with Fortran 24 years ago too). Also, for me it was not an "adapt" exercise (we already have too many includes floating around) but one where I had to identify what was happening in somebody else's code and figure out how to incorporate it into the codebase we already had. All in all a good Sunday exercise for me. But, as you noted, I can see lots of ways we could better develop this.
Comment by RomanIvanov
2005-01-09 15:39:28
XSS issue. $classes must be sanitized before output.
Comment by GmBowen
2005-01-09 16:36:08
Roman pointing out that there is a security problem with this action suggests there is a problem in the "release" version of include.php as well.
Comment by JavaWoman
2005-01-09 17:17:05
Mike,
I don't see how the release {{include}} action is a security risk - each (recursively) included $page is ultimately retrieved from the database via the LoadPage() function which takes care to mysql_real-escape_string() the page name before feeding it to the SQL query. And {{include}} has no other parameters except $page.

Roman is correct about the $class parameter in this action code here though: it is accepted without any validation or sanitation - that is indeed a security risk.

Do NOT EVER trust user input!
Comment by GmBowen
2005-01-09 17:28:47
whoops, compared to the wrong earlier version. NOW I get what Roman means....and your reply. Sorry. So, would $class=SafeHtml($class); solve the problem? I cannot test this actually....I'm using a version of wikka w/o SafeHtml....I'm awaiting the next release and then I'm going to do an update of everything w/ all my mods. Thanks for the feedback.
Comment by JavaWoman
2005-01-09 23:46:49
Mike, you don't really want *any* HTML in a class attribute (it wold not be a valid class name anyway), so strip_tags() would do the trick here. Alternatively (even better), use a regular expression to validate the $class value for correct syntax and discard it if it isn't correct.
Comment by JavaWoman
2005-01-10 00:11:19
A RE for recognizing a valid class name could become rather complicated if you allow non-ASCII and Unicode; if not, it's reasonably simple:
/[_a-z][_a-zA-Z0-9-]*/
(that's based on the CSS 2.1 standard).
For a class *attribute* you need to take into account that it should be a space-separated list of valid class names. So you'd get somethng like:
/([_a-z][_a-zA-Z0-9-]*)( ([_a-z][_a-zA-Z0-9-]*)*/
(I think - unchecked)
Comment by JasRandal
2005-07-09 14:59:02
Is there a way to vary the width of a float box on a single page. I asked somewhere and JavaWoman was kind enough to show me how to change the css value percentage which changes it site-wide. But can I do this in the edit section, perhaps, to change the width of a single float box? (I searched, but didn't see anything, nor a better place to ask this.) -JasRandal
Comment by DarTar
2005-07-09 15:35:29
Jas, the best way to change the width of a single float box, if you don't want to bother with the main stylesheet is to use embedded HTML and override the default style. Try for instance the following:

""<div style="float: left; width: 45%; margin: 0.5%; padding: 5px; background: #EAEAEA;
border: 1px #777 dotted; ">Here goes some text </div>""

Hope this helps
Comment by JasRandal
2005-07-09 15:50:50
Wow, DarTar, that's great, what I'm needing. Any way to activate the formatting? Or does this just permit plain text. I tried it out, and had some [[ ]] links, but they just appeared as plain text, formatting didn't work.
Comment by DarTar
2005-07-09 17:33:04
oh sure, everything within double-doublequotes is escaped and parsed as HTML, so the Wikka formatter will just skip it. You have to add HTML tags if you want to format text between "" "".
Comment by JavaWoman
2005-07-14 09:21:44
It shouldn't be too hard to extend the >> and << syntax with a "property" to set the desired width. Something like >>(200px)...>> to set a width of 200 pixels, or <<(20%)...<< to set a width of 20% of the enclosing element. That could be turned into a style attribute which would be more specific than the global style and so would override it.

Before going down that path though, we should discuss what other properties (if any) we would allow to be specified at the wikka syntax level - to avoid making it into a "full HTML equivalent".
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki