09.12.2021 How to edit the BLOB editor and copy paste

The recommended method of customizing your AppGini-generated application is through hooks. But sometimes you might need to add functionality not accessible through hooks. You can discuss this here.
User avatar
jsetzer
AppGini Super Hero
AppGini Super Hero
Posts: 1807
Joined: 2018-07-06 06:03
Location: Kiel, Germany
Contact:

Re: 09.12.2021 How to edit the BLOB editor and copy paste

Post by jsetzer » 2022-02-09 09:10

That's really weird :o

I did the same on a LONG BLOB field in AppGini 22.11, newly generated app, no additional libraries nor code.
Browser: Google Chrome 97.0

ezgif.com-gif-maker (5).gif
ezgif.com-gif-maker (5).gif (160.87 KiB) Viewed 1336 times

The pasted image is missing after reload of DV.

Which browsers are you using?
I am going to check with different browsers the next minutes
Kind regards,
<js />

My AppGini Blog:
https://appgini.bizzworxx.de/blog

You can help us helping you:
Please always put code fragments inside [code]...[/code] blocks for better readability

AppGini 24.10 Revision 1579 + all AppGini Helper tools

User avatar
jsetzer
AppGini Super Hero
AppGini Super Hero
Posts: 1807
Joined: 2018-07-06 06:03
Location: Kiel, Germany
Contact:

Re: 09.12.2021 How to edit the BLOB editor and copy paste

Post by jsetzer » 2022-02-09 09:20

:( The same problem with...
  • Google Chrome 97
  • Firefox 92
  • Opera 83
So, I guess this is not a browser-related issue (allthough I have read somewhere that Firefox handles pasting images differently)
Kind regards,
<js />

My AppGini Blog:
https://appgini.bizzworxx.de/blog

You can help us helping you:
Please always put code fragments inside [code]...[/code] blocks for better readability

AppGini 24.10 Revision 1579 + all AppGini Helper tools

User avatar
jsetzer
AppGini Super Hero
AppGini Super Hero
Posts: 1807
Joined: 2018-07-06 06:03
Location: Kiel, Germany
Contact:

Re: 09.12.2021 How to edit the BLOB editor and copy paste

Post by jsetzer » 2022-02-09 09:34

@pböttcher Please don't get me wrong, I'm just trying to find differences between our environments for narrowing down the problem.

In your screen recording I can see the nicEditor has very small height.

chrome_Zuh8VpQKeM.png
chrome_Zuh8VpQKeM.png (7.4 KiB) Viewed 1335 times

If I remember right, that was a bug prior to AG 5.95 (see changelog, chapter "AppGini 5.95, Mar 29, 2021").

So, maybe we three are using different versions or there may be a caching issue?
Kind regards,
<js />

My AppGini Blog:
https://appgini.bizzworxx.de/blog

You can help us helping you:
Please always put code fragments inside [code]...[/code] blocks for better readability

AppGini 24.10 Revision 1579 + all AppGini Helper tools

pbottcher
AppGini Super Hero
AppGini Super Hero
Posts: 1635
Joined: 2018-04-01 10:12

Re: 09.12.2021 How to edit the BLOB editor and copy paste

Post by pbottcher » 2022-02-09 11:39

Hi Jan,

did you add the code to display the image back? Otherwise that is exactly the behaviour pasbonte discribed.
Any help offered comes with the best of intentions. Use it at your own risk. In any case, please make a backup of your existing environment before applying any changes.

User avatar
jsetzer
AppGini Super Hero
AppGini Super Hero
Posts: 1807
Joined: 2018-07-06 06:03
Location: Kiel, Germany
Contact:

Re: 09.12.2021 How to edit the BLOB editor and copy paste

Post by jsetzer » 2022-02-09 12:02

Hi pböttcher,

it's just plain AG v22.11 generated code. No modifications, no extra code, no extra libraries. I was trying to figure out why it works on your machine but not in our machines.

Maybe I misunderstood your previous post: In your tests, did you remove the safe_html()-call for the image field?

For me, still, it only works if I remove safe_html()-calls in TABLENAME_dml.php

Code_kixcDJ9eGe.png
Code_kixcDJ9eGe.png (13.05 KiB) Viewed 1329 times

But I'd like to avoid this for security reasons and because changes will be overwritten on next code generation. I still don't know any hooks-only solution.

Did I miss anything?
Kind regards,
<js />

My AppGini Blog:
https://appgini.bizzworxx.de/blog

You can help us helping you:
Please always put code fragments inside [code]...[/code] blocks for better readability

AppGini 24.10 Revision 1579 + all AppGini Helper tools

pbottcher
AppGini Super Hero
AppGini Super Hero
Posts: 1635
Joined: 2018-04-01 10:12

Re: 09.12.2021 How to edit the BLOB editor and copy paste

Post by pbottcher » 2022-02-09 12:31

Hi Jan,

indeed, there is this friendly feature safe_html. So that is why I provided the code to add to the hooks/TABLENAME.php

viewtopic.php?f=8&t=4544#p18620

If you use this code, the image shall be displayed again (at least it works in my environment with an empty app, just this code added).

For the question from pasbonte I think the issue with his second question was that the fielddefinition was too small for the imagesize he tried to insert.

On my tests, that is what happens. If the image is too big, it will not be stored (for obvious reasons). The second part where pasbonte explained that going through another forum is clear, as here, no image is inserted, but the link to an image that was uploaded to i-imgur.

So maybe you check the code I posted to see if that works for you.
Any help offered comes with the best of intentions. Use it at your own risk. In any case, please make a backup of your existing environment before applying any changes.

User avatar
jsetzer
AppGini Super Hero
AppGini Super Hero
Posts: 1807
Joined: 2018-07-06 06:03
Location: Kiel, Germany
Contact:

Re: 09.12.2021 How to edit the BLOB editor and copy paste

Post by jsetzer » 2022-02-09 14:54

Hi again,

so, there was a misunderstanding of "the code provided above". I'm sorry, I got it wrong! Thanks for pointing us to your code from the very begining of the conversation.

Obviously, your code will display the raw-data from the database. I'm wondering, if, when bypassing safe_html(), we can have at least a mimimum protection against XSS.
  1. Best option (from my point of view) would be if AppGini's safe_html() function could keep base64-enoded image data.
    I hope I will get a response from BigProf soon.
  2. One alternative would be already sanitizing data before_insert / before_update. Doing so, stored data would be safe already and we could use your solution.
  3. Another alternative could be an extension of your solution: passing the data through a customized safe_html() function before.
For (III) I was thinking about something like this:

Code: Select all

if ($selectedID) {
  $blob = getRecord('TABLENAME', $selectedID)['FIELDNAME'];
  $blob_safe = safe_html_custom($blob);
  $html .= "<script>\$j(function() {\$j('#FIELDNAME').val('".$blob."')})</script>";
}

function safe_html_custom($unsafe_data) {
  // do some magic on $unsafe_data 
  // and then
  return $safe_data;
}
Kind regards,
<js />

My AppGini Blog:
https://appgini.bizzworxx.de/blog

You can help us helping you:
Please always put code fragments inside [code]...[/code] blocks for better readability

AppGini 24.10 Revision 1579 + all AppGini Helper tools

Post Reply