ContentEdit

Returns a list of template names used by specific content types.

Returns a whitelist of permitted content object types.

Use this whitelist when dynamically instantiating content objects. If you create additional types of content object (which must be descendants of the TfContentObject class) you must add them to the whitelist below. Otherwise their use will be denied in many parts of the Tuskfish system.

Return a configured instance of HTMLPurifier.

Return a list of permitted audio mimetypes and extensions.

Return a list of permitted image mimetypes and extensions.

Return a list of permitted video mimetypes and extensions.

Returns an array of mimetypes that are permitted for upload to the media directory.

NOTE: Adding HTML or any other scripting language or executable to this list would be a BAD IDEA, as such files can include PHP code, although uploaded files have execution permissions removed and are stored outside of the web root in order to prevent direct access by browser.

Check if a file path contains traversals (including encoded traversals) or null bytes.

Directory traversals are not permitted in Tuskfish method parameters. If a path is found to contain a traversal it is presumed to be an attack. Encoded traversals are a clear sign of attempted abuse.

In general untrusted data should never be used to construct a file path. This method exists as a second line safety measure.

URL-encode and escape a query string for use in a URL.

Trims, checks for UTF-8 compliance, rawurlencodes and then escapes with htmlspecialchars(). If you wish to use the data on a landing page you must decode it with htmlspecialchars_decode() followed by rawurldecode() in that order. But really, if you are using any characters that need to be encoded in the first place you should probably just stop.

Check that a string is comprised solely of alphanumeric characters.

Accented regional characters are rejected. This method is designed to be used to check database identifiers or object property names.

Check that a string is comprised solely of alphanumeric characters and underscores.

Accented regional characters are rejected. This method is designed to be used to check database identifiers or object property names.

Check that a string is comprised solely of alphabetical characters.

Tolerates vanilla ASCII only. Accented regional characters are rejected. This method is designed to be used to check database identifiers or object property names.

Check if the character encoding of text is UTF-8.

All strings received from external sources must be passed through this function, particularly prior to storage in the database.

Cast to string, check UTF-8 encoding and strip trailing whitespace and control characters.

Removes trailing whitespace and control characters (ASCII <= 32 / UTF-8 points 0-32 inclusive), checks for UTF-8 character set and casts input to a string. Note that the data returned by this function still requires escaping at the point of use; it is not database or XSS safe.

As the input is cast to a string do NOT apply this function to non-string types (int, float, bool, object, resource, null, array, etc).

Constructor.

Edit content object.

Insert a content object into the database.

Update a content object in the database.

Get all colllection-type content objects.

Returns the date template as per the date() function of PHP.

Returns the default language preference.

Return an instance of the Tuskfish site preferences.

Returns the site author preference.

Returns a list of options for the tag select box.

Validate submitted form data for content object.