Hi,

I set up a site for a client late last year which has been running fine (running CouchCMS 1.3.5).

She is now trying to add code (as provided by PayPal) for a PayPal button to one of her pages, using the source view of the section content, which is defined as an editable richtext area.

When the page is saved, all of the < and > in the code are converted to '&gt;' and '&lt;' and all double quotes are converted to &quot; so of course the form does not display properly.

Can anyone enlighten me as to why this is happening, and what I can do to allow her to add this code to her pages for herself, wherever she sees fit?

Thank you,

Nikki

[KK]

Hi Nikki,

That mangling of characters that you see is a security measure.
To side-step that, we have two ways -

1. The best is to define a separate editable region of type 'textarea' setting its 'no_xss_check' param to '1' (see the docs please). Let the client input the code within this region and display it on the frontend using the regular cms:show statement.

2. The method above is suitable in cases where you know the exact location on the template where the code would be displayed (that is where you'll place the cms:show statement).
For use-cases where the client wishes to input the code within the text of another region (as in your case), you can use 'shortcodes'. More info about it can be found at http://www.couchcms.com/docs/miscellane ... codes.html.

Hope this helps.

Hi KK,

That does help, as it explains why it is happening.

I understand both of your solutions, and the shortcode option does give her more flexibility as to where to add it, but I can see two limitations and I'd like your thoughts on them:

1. I'd have to add <cms:do_shortcodes></cms:do_shortcodes> tags around every region that she might want to use a short code in?
2. I'd have to set up a new shortcode for her each time she wanted to add a different PayPal button?

I was trying to give her complete independence from me with regard to adding content, but it seems that either she can have the freedom to put a given code anywhere (that I have to add for her via shortcode), or she can put any code in a given location (that I have to add to her template for her).

Can you think of a way that I can give her both freedom of code and location at the same time?

Thank you,

Nikki

[KK]

1. I'd have to add <cms:do_shortcodes></cms:do_shortcodes> tags around every region that she might want to use a short code in?

That is correct.
Usually there is only one main editable region per template that carries the main content. But if you have defined several, then each would need to be wrapped with the <cms:do_shortcodes></cms:do_shortcodes> tags.

2. I'd have to set up a new shortcode for her each time she wanted to add a different PayPal button?

Not necessary. The shortcodes support parameters. So, you could create a very generic shortcode that outputs different code depending upon the parameters.

That said, we can also combine the two methods I mentioned before (i.e. textarea editable region with no_xss_check and shortcodes). The logic could go like this -

1. Create a separate clonable template (say named 'paypal_buttons.php') and define a single region of type textarea with no_xss_check.
This way, for every new PayPal button the client will create a new cloned page and paste the button code within the region. Each page should be given a name that represents the type of the button.

2. Now create a shortcode that takes a single parameter - the name of a cloned page mentioned above. The shortcode would then fetch the specified page and output the code contained within it.

This would give you the kind of flexibility you are looking for.

Try creating such shortcode.
Do let us know if you run into any difficulty.

Thanks.

With apologies, KK's approach seems overly complex to me. There may be valid reasons for targeting shortcodes to a specific task in some cases. But for my own purposes, I've found that a single all-purpose shortcode is more flexible and easier to use.

If there are shortcomings, risks, or any other arguments against this approach, I am eager to hear about it.

To use this shortcode, your client would simply type:

Code: Select all

[embed code='<p>She can enter any embedded code here at all. PayPal, YouTube, HTML5, whatever (with some limitations).</p>']

The main risk that I see with adopting this approach is that you'll simply copy and paste, thereby losing the opportunity to learn more about using shortcodes for yourself. Another issue might be that it's so open, it gives no guidance for usage. A client might make some mistake and not understand why it's not working.

Code: Select all

   // Embed shortcode
   // Embed any code (almost).
   // Careful of your quotation mark types.
   // Won't accept the word "script."  No new lines. PHP code won't work.
   // Usage: [embed code='<p>Any code goes here.</p>']
   $FUNCS->register_shortcode( 'embed', 'embed_handler' );
   function embed_handler( $params, $content=null ){
      global $FUNCS;

      extract( $FUNCS->get_named_vars(array( 
         'code' => '',
      ), $params) );

       return $code;
   }

[KK]

@Tim, no apologies needed

I must say, yours has to be the 'broadest-spectrum' embed shortcode ever conceived
Thank you for sharing it with us.
I suggest you please also post it in the 'Tips and tricks' section.

Thanks.

@KK, it's already there.

viewtopic.php?f=8&t=7950

[KK]

I don't know how I missed that
Have renamed the post to something more descriptive - "All-purpose Embed shortcode".
Hope you won't mind

Brilliant, thank you KK and Tim.

I'll definitely give that a go.

The embed shortcode sounds like it will do the job perfectly, and I'll just make sure to give my client clear instructions on how to use it correctly, which will be fine, as she is very good at following directions.

Thank you so much for your helpfulness and responsiveness.

This is why I love CouchCMS