Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Validation error output encoding, Session::set_flash()
  • Hi, I am new to fuelphp. I followed that tutorial: http://net.tutsplus.com/tutorials/php/build-an-admin-panel-with-the-fuel-php-framework/ to build an admin panel for my website. I got everything working well, except for one detail: when I'm editing or creating new content in the admin panel, and submit the form with missing or incorrect data, the validation errors output is encoded incorrectly and therefore displays in my views with visible tags. See screenshot of the problem here: http://img521.imageshack.us/img521/2926/errortest.jpg I know how to disable filtering before passing data to a view, but in this case the validations errors are passed by the controller to the admin template using Session::set_flash('error', $val->show_errors()) / Session::get_flash('error').
    Globally disabling output encoding by setting security.auto_filter_output to false in the config file won't resolve the problem either. The only way I found to fix it is using html_entity_decode() in the template, as so: Original code:
    <?php if (Session::get_flash('error')): ?>
    <div class="alert-message error">
    <?php echo implode('<&#47;p><p>', e((array) Session::get_flash('error'))); ?>
    <&#47;div>
    <?php endif; ?>
    

    => Modified code:
    <?php if (Session::get_flash('error')): ?>
    <div class="alert-message error">
    <?php $msg = implode('<&#47;p><p>', e((array) Session::get_flash('error'))); echo html_entity_decode($msg); ?>
    <&#47;div>
    <?php endif; ?>
    
    But I was wondering if there was a better solution to that problem. Thanks for your help!
  • By default the validation template encapsulates the errors in HTML, which as you have noticed will be encoded when send to the view. There are a couple of ways to deal with this:
    - use Session::get_flash() in your view. Not a very clean solution, your view should not contain code
    - retrieve the messages in your controller, and use set_safe() on the view object to pass without encoding
    - use a different validation template that doesn't include HTML I personally use the last method, I create a validation.php config file, with this:
    return array(
        'open_list' => '',
        'close_list' => '',
        'open_error' => '',
        'close_error' => '~',
    );
    
    And then use show_errors() to retrieve the validation errors. This will return all your errors as a single string, separated by a '~'. You can use that to explode the string in the view, and foreach over the exploded result to display them. Problem with the oil admin template is that you would want to escape the error message, but obviously not the HTML, which is not possible.
  • Thanks for your reply, well I guess I'm gonna use your method from now on as it's cleaner and only requires an extra config file and a small modification in one view, which is no big deal. :)

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion