Log message #3881720

# At Username Text
# May 27th 2016, 16:03 max-86666 if u tell me it's not possible, i'll believe you and make it raw query
# May 27th 2016, 16:03 ionas ;)
# May 27th 2016, 16:03 ionas nemmon better yet, install parsedown and let them use markdown
# May 27th 2016, 16:03 ionas and h()
# May 27th 2016, 16:03 ionas nemmons: HtmlPurifier (google for HTML5 + HTML Purifier), DomDocument, Tidy
# May 27th 2016, 16:03 max-86666 sure, i can do it in raw sql, but i'd like to keep the magic from cake
# May 27th 2016, 16:02 max-86666 i guess FIND_IN_SET()
# May 27th 2016, 16:02 nemmons if you can't do it in SQL, then the ORM can't do it either
# May 27th 2016, 16:02 ionas ~awesome
# May 27th 2016, 16:01 nemmons what he's asking you is, how would you write a SQL query to do what you want the CakeORM to do
# May 27th 2016, 16:01 max-86666 i'm quite stunned markstory is answering me, even if u can't help me :)
# May 27th 2016, 15:59 max-86666 i would like to use the Cake ORm to make my queries from controller, actually i use $critere = $this->Criteres->get($id, ['contain' => ['Users'] ]);
# May 27th 2016, 15:58 markstory What does a SQL query look like with these comma separated columns?
# May 27th 2016, 15:57 max-86666 in the initialize method of my table
# May 27th 2016, 15:56 markstory how do you write SQL to do your joins?
# May 27th 2016, 15:56 markstory You can't
# May 27th 2016, 15:55 max-86666 hellos everybedos, any clue on how i can link tables when foreign keys are store in a comma separated string ? (i can't change the DB design)
# May 27th 2016, 15:49 VzlaCaker @nemmons @ypnos thanks for your recommendations
# May 27th 2016, 15:46 ypnos you can also use htmlpurifier, see https://github.com/chrisShick/CakePHP3-HtmlPurifier
# May 27th 2016, 15:42 nemmons a low-tech solution might be to use http://php.net/manual/en/function.strip-tags.php to strip out all html tags except the ones you specifically want to allow
# May 27th 2016, 15:41 nemmons @VzlaCaker sorry, i don't have any experience in letting users format text.
# May 27th 2016, 15:37 markstory d0rxy: https://github.com/cakephp/debug_kit/pull/421
# May 27th 2016, 15:36 markstory that requires more sophisticated users though
# May 27th 2016, 15:36 markstory markdown
# May 27th 2016, 15:33 VzlaCaker I dont know how wordpress does it, I assume that it inserts html into the model as well.
# May 27th 2016, 15:31 VzlaCaker I mean, to avoid inserting html into the model directly
# May 27th 2016, 15:30 nemmons Do you have any recomendation for outputing html formatted text into the view other than using a wysiwyg editor for a client? Like a CMS.
# May 27th 2016, 15:12 Neon1024x Hello
# May 27th 2016, 14:51 nemmons hello
# May 27th 2016, 14:46 elboletaire hello
# May 27th 2016, 14:37 carlose119 hello
# May 27th 2016, 14:18 nemmons the safest way to do it would be to not put html in your database fields. then you can escape your database fields with h()
# May 27th 2016, 14:07 VzlaCaker is working now, but is this the safest way to do this?
# May 27th 2016, 14:07 Neon1024x Or hope that my name isn't "<script>alert('Ball bags')</script>"
# May 27th 2016, 14:06 VzlaCaker It doesnt have javascript
# May 27th 2016, 14:06 Neon1024x Remove the call to h() and hope that your html doesn't have javascript in it
# May 27th 2016, 14:06 slackebot Action: admad sighs
# May 27th 2016, 14:05 VzlaCaker What can I use to decode it?
# May 27th 2016, 14:02 admad *is
# May 27th 2016, 14:02 admad the whole point of `h()` method if to encode html entities
# May 27th 2016, 14:01 VzlaCaker <?= h($blog->description) ?> Is not working to echo html code =( the p tag gets translated like: andlt;pandgt; and in the view a plain <p> tag