Cracking Drupal®: A Drop in the Bucket

A.1. Text-Filtering Functions

These functions form the basis of Drupal's text filtering and are often used in module development. They are also commonly called by other parts of the Drupal API, which make them useful to understand. Most were originally covered in Chapter 5.

t('String @cleaned', array('@cleaned' => $tainted))
- Description Takes user-supplied data, filters it, and inserts it into a message to be displayed to users. Messages are passed through the localization system. The two XSS-safe placeholder prefixes are @ and %, while the ! placeholder passes data through without any filtering.
- Use Filtering user-supplied data as it is inserted into messages to the user.
- Example The message after every node is created in node.pages.inc.
```
$t_args = array('@type' => node_get_types('name', $node),
                '%title' => $node->title);
if ($insert) {
  watchdog('content', '@type: added %title.', $watchdog_args, WATCHDOG_NOTICE,
    $node_link);
  drupal_set_message(t('@type %title has been created.', $t_args));
}
else {
  watchdog('content', '@type: updated %title.', $watchdog_args, WATCHDOG_NOTICE,
    $node_link);
  drupal_set_message(t('@type %title has been updated.', $t_args));

}
```
check_plain($tainted)
- Description Takes user-supplied data and returns the string in a format that can be mixed with HTML and presented to the user. Special characters like < will be transformed into their HTML counterparts like &, l, t, ;.
- Use Simple bits of text where HTML is not appropriate.
- Example Setting the title when editing ...

Get Cracking Drupal®: A Drop in the Bucket now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cracking Drupal®: A Drop in the Bucket by Greg Knaddison

A.1. Text-Filtering Functions

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly