Automatic tag processes

Most SPIP tags, especially those that involve reading data from the database, perform some automatic processes to block malicious code that might have been added by article editors when they write their articles (PHP code or JavaScript scripts).

As well as these standard processes, there are others that can be defined for any SQL field in order to systematically apply those processes to the field in question. These operations are defined in the ecrire/public/interfaces.php file using a global table called $table_des_traitements.
The key to this table is the tag name, the value being an associated table:

  • its "0" key (the first $table_des_traitements['BALISE'][] encountered) defines a process regardless of the table in question,
  • a "table_name" key ($table_des_traitements['BALISE']['table_name'] without the table prefix) defines a process for a tag in that particular table.

The processes are provided by entering a character string fonction(%s) that explicitly reference the functions to be applied. Within that function call, "%s" will be replaced by the contents of the field.

$table_des_traitements['BALISE'][]= 'traitement(%s)';
$table_des_traitements['BALISE']['objets']= 'traitement(%s)';

Two common usages of automatic filters, which have additionally been defined with constants, can be reused:

  • _TRAITEMENT_TYPO applies the SPIP typographical processes (applying bold, for example),
  • _TRAITEMENT_RACCOURCIS applies the typographical processes and translations of SPIP links (adding the html attribute class="spip_out", for example).

Example

The #TITRE and #TEXTE tags are processed automatically regardless of which or how many loops they are used in, and these processes are defined as follow:

$table_des_traitements['TEXTE'][]= _TRAITEMENT_RACCOURCIS;
$table_des_traitements['TITRE'][]= _TRAITEMENT_TYPO;

The #FICHIER tag performs a special process only within a documents loop:

$table_des_traitements['FICHIER']['documents']= 'get_spip_doc(%s)';

Author Mark Baber Published : Updated : 12/03/23

Translations : English, Español, français, Nederlands