Stripslashes formatter?

Nathaniel · April 27, 2022, 8:55pm

Hello,

I’m working on oauth worklow that returns a URL for an avatar with backslahes - I’m not sure if they are added by wappler or by the provider, it looks like: https:\/\/lh3.googleusercontent.com\/a-\/AOh14Gjms154fm1hJhTcVFlkVkC7IVI1R-.
I want to store this value in a database and I was looking for a formatted (PHP model) that could do this, but didn’t find any. When I tried to make my own with a simple stripslahes(val) , it doesn’t seem to work - Im assuming, unless I’m doing something wrong, that it’s to protect the code from malicious operations.

Would anyone have a suggestion?

sophos707 · April 27, 2022, 11:53pm

Can you show us your server action that’s doing this?

Nathaniel · April 28, 2022, 7:08am

Of course, @sophos707:

The API action has the schema fetched and all fields are returning as expected, except for the picture one which has what seems to be addslashes applied to it.

sophos707 · April 28, 2022, 3:11pm

Ah, I see now.

I had a similar situation.
I needed to read email and enter it into a database. So, I had an API that would go out and grab the email. But, of course, there were all sorts of dangerous or incorrect characters and I didn’t want to put it my database without fixing it.

There is a lot of debate online about the proper way to sanitize strings or URLs for database entry. So I’ll let you wrestle with “the right way” … But…

There are a few ways to do this.
In Wappler, load the Server Data Bindings on the value you have:

Then, after you did that, click the edit icon:

Then, append .stripslashes to the end of your value.
You might have to make a “value” that grabs your data, and then edit that.

I’m not sure that will work.

ANOTHER METHOD
If you have have some PHP knowledge you could do what I did. Mine was complicated and I couldn’t just do it in Wappler.

You could write your own PHP API file that grabs the information, sanitizes it, then outputs it.

Then use the Wappler API Action (like you’re doing here) to grab the sanitized data.

Or you could use the same API Action you have right now and then make a new API that outputs what you got from Google into your own PHP file.
Then sanitize it, and give it back.

The code would look like this:

<?php
$Message = "https:\/\/lh3.googleusercontent.com\/a-\/AOh14Gjms154fm1hJhTcVFlkVkC7IVI1R-";
$Message = stripslashes($Message);
echo $Message;
?>

Of course, you would replace the URL with a variable, so something like:

<?php
$Message = $VariableFromYourWapplerValue
$Message = stripslashes($Message);
echo $Message;
?>

Nathaniel · April 28, 2022, 3:38pm

Thanks very much. I didn’t know there was an option to append stripslashes() and initialilly created a customer formatter:

However it doesn’t seem to work, but as I writing this I’m being told there is a cache issue in the environment. It would be nice if it were down to that.

sophos707 · April 28, 2022, 4:02pm

Yeah custom formatter was my first thought… but I haven’t been able to get mine to work, either.

patrick · April 29, 2022, 9:33am

Did you put the file with the custom formatters in the correct folder (extensions/server_connect/formatters)?

Nathaniel · April 29, 2022, 9:49am

Hi Patrick @patrick,

Yes, the formatters are in the right folder - actually the first formatter is working fine, it’s only the second one that doesn’t seem to. I haven’t been able to get back to this since my last message and try this on a different environment.

Nathaniel · May 3, 2022, 12:51pm

This seems to do with the json_encode settings. Would there be any way to custom escape values/arrays, @patrick ?