Log message #3881711

# At Username Text
# May 27th 2016, 16:02 nemmons if you can't do it in SQL, then the ORM can't do it either
# May 27th 2016, 16:02 ionas ~awesome
# May 27th 2016, 16:01 nemmons what he's asking you is, how would you write a SQL query to do what you want the CakeORM to do
# May 27th 2016, 16:01 max-86666 i'm quite stunned markstory is answering me, even if u can't help me :)
# May 27th 2016, 15:59 max-86666 i would like to use the Cake ORm to make my queries from controller, actually i use $critere = $this->Criteres->get($id, ['contain' => ['Users'] ]);
# May 27th 2016, 15:58 markstory What does a SQL query look like with these comma separated columns?
# May 27th 2016, 15:57 max-86666 in the initialize method of my table
# May 27th 2016, 15:56 markstory how do you write SQL to do your joins?
# May 27th 2016, 15:56 markstory You can't
# May 27th 2016, 15:55 max-86666 hellos everybedos, any clue on how i can link tables when foreign keys are store in a comma separated string ? (i can't change the DB design)
# May 27th 2016, 15:49 VzlaCaker @nemmons @ypnos thanks for your recommendations
# May 27th 2016, 15:46 ypnos you can also use htmlpurifier, see https://github.com/chrisShick/CakePHP3-HtmlPurifier
# May 27th 2016, 15:42 nemmons a low-tech solution might be to use http://php.net/manual/en/function.strip-tags.php to strip out all html tags except the ones you specifically want to allow
# May 27th 2016, 15:41 nemmons @VzlaCaker sorry, i don't have any experience in letting users format text.
# May 27th 2016, 15:37 markstory d0rxy: https://github.com/cakephp/debug_kit/pull/421
# May 27th 2016, 15:36 markstory that requires more sophisticated users though
# May 27th 2016, 15:36 markstory markdown
# May 27th 2016, 15:33 VzlaCaker I dont know how wordpress does it, I assume that it inserts html into the model as well.
# May 27th 2016, 15:31 VzlaCaker I mean, to avoid inserting html into the model directly
# May 27th 2016, 15:30 nemmons Do you have any recomendation for outputing html formatted text into the view other than using a wysiwyg editor for a client? Like a CMS.
# May 27th 2016, 15:12 Neon1024x Hello
# May 27th 2016, 14:51 nemmons hello
# May 27th 2016, 14:46 elboletaire hello
# May 27th 2016, 14:37 carlose119 hello
# May 27th 2016, 14:18 nemmons the safest way to do it would be to not put html in your database fields. then you can escape your database fields with h()
# May 27th 2016, 14:07 VzlaCaker is working now, but is this the safest way to do this?
# May 27th 2016, 14:07 Neon1024x Or hope that my name isn't "<script>alert('Ball bags')</script>"
# May 27th 2016, 14:06 VzlaCaker It doesnt have javascript
# May 27th 2016, 14:06 Neon1024x Remove the call to h() and hope that your html doesn't have javascript in it
# May 27th 2016, 14:06 slackebot Action: admad sighs
# May 27th 2016, 14:05 VzlaCaker What can I use to decode it?
# May 27th 2016, 14:02 admad *is
# May 27th 2016, 14:02 admad the whole point of `h()` method if to encode html entities
# May 27th 2016, 14:01 VzlaCaker <?= h($blog->description) ?> Is not working to echo html code =( the p tag gets translated like: andlt;pandgt; and in the view a plain <p> tag
# May 27th 2016, 13:52 admad arnis: almost none with opcode caching enabled, and even without it negligible
# May 27th 2016, 13:51 arnis hi. I was wondering if simply loading plugins do slow down things before I actualy start using them?
# May 27th 2016, 13:48 slackebot ~tell aro about slack
# May 27th 2016, 13:48 slackebot Command sent from Slack by admad:
# May 27th 2016, 13:47 admad rossc: that would practically be a rewrite
# May 27th 2016, 13:46 Neon1024x So you probably don't want to wrap it with that
# May 27th 2016, 13:46 Neon1024x Using h() will escape your html