Search

A new extension, “HTML Panel field” is now available for download. Comments and feedback can be left here but if you discover any issues, please post it on the issue tracker.

Ah this could be great for putting instructions or notes for clients in the backend

@jeffleeder, Documenter might be of interest to you in that case as well.

@nick, Awesome idea for an extension! So simple, yet can have almost unlimited potential!

Hi Nick,

Could you elaborate on the Descroption a bit more, it’s a bit vaque (to me at least ;)). Especially this bit:

To reduce the barrier to entry of embedding of content within the Symphony backend without so that developers do not have experience of creating Extensions and system Fields.

Take a look at the README and see what the example achieves — you end up with an Order Summary panel which aggregates related Order Item entries. This is achieved using only the native tools that we use on the frontend (Pages, XSLT, Data Sources). So this extension allows developers to add this sort of thing to the backend without having to know how to make custom fields/extensions (i.e. learning PHP and the Symphony extension/class/API structure).

So if you know how to make a frontend Page and render some data from a Data Source, you now have all the knowledge you need to produce these sort of display customisations in the backend. Reducing the barrier to entry :-)

Nick, the “orders” example in your README sounds a bit dangerous to me – any pages you load using the gateway method must be accessible on the frontend. So there is definitely a security issue with your example.

So there is definitely a security issue with your example.

There is indeed, and one I’d hope any developer would be conscious of. The Order example was useful since it was specific to a forum request, and indicates the mechanics of parent/child relationships well.

This issue can be mitigated by making the “URL Expression” for the HTML Panel field also pass a unique password/token in the URL which is checked against in the XSLT of the panel field.

/panel/order-summary/{entry/@id}/?token=abc

In the XSLT:

<xsl:if test="$url-token='abc'">...</xsl:if>

However this could be extended slightly further so that the Symphony cookie is also sent with the request to grab the page, so that the “Login Info” event can be used to verify the authenticity of the user.

So if you know how to make a frontend Page and render some data from a Data Source, you now have all the knowledge you need to produce these sort of display customisations in the backend. Reducing the barrier to entry

Thanks Nick, I’m a pure frontend Symph guy as yet, so that sounds great ;)

(…) the “Login Info” event can be used to verify the authenticity of the user.

I guess this resolve the security issue completely.

This is a great extensions. Customers who demand a lot of detail will appreciate!

Thanks Nickdunn.

HTML Panel field updated to version 1.1 on 4th of March 2010

The request to the frontend page now passes the Symphony cookie so that XSLT can verify its authenticity. I’ve added a note on security to the README suggesting using the Login Info event to check if the user is logged in.

Very cool, Nick!

Here’s another example of its use:

A section contains a Text Input to hold a URL of a YouTube video, and an HTML Panel pointing to a Symphony page.
Fig 1

The page XSLT looks like this. Checks for an incoming ?video and grabs the video ID from this string.

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">

<xsl:output method="xml" omit-xml-declaration="yes" encoding="UTF-8" indent="yes" />

<xsl:template match="/">

    <xsl:variable name="id" select="substring-after($url-video,'watch?v=')"/>

    <xsl:choose>
        <xsl:when test="$id=''">
            <span class="inactive">No video.</span>
        </xsl:when>
        <xsl:otherwise>
            <object width="300" height="180">
                <param name="movie" value="http://www.youtube.com/v/{$id}"></param>
                <param name="allowFullScreen" value="true"></param>
                <param name="allowscriptaccess" value="always"></param>
                <embed src="http://www.youtube.com/v/{$id}" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="300" height="180"></embed>
            </object>
        </xsl:otherwise>
    </xsl:choose>

</xsl:template>

</xsl:stylesheet>

When a new entry is created, the panel returns the first condition.
Fig 2

When when saved with a valid URL, the video is embedded :-) Fig 3

You’re a genious, nick. Awesome extension!

Any way to do it without cURL?

I tried using Symphony’s own ‘gateway’ but found CURL is a requirement to pass the Symphony cookie with the request. If you have any bright ideas please fork and send me a pull request though!

Yes! Great extensio opens many possibilites. Thank’s Nick!

Oh wow, this is such a great idea… nice work!

If you could pass the ?auth-token={current-user-login-token} as part of the URL, it would work without cURL.

I don’t actually know what you are doing at the moment, so forgive me if this is a redundant idea.

Can I pass the auth-token to frontend pages to log a Symphony user in? If so, that will solve my problem!

Also, as you have already noticed Nick, one of the latest commits improved the Gateway class so you can now send headers without curl.

I have a small patch at hand, just in case :)

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details