Commit 93f829c8 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Manual.rst: fix formatting typo

parent f5d6e079
Pipeline #1760 passed with stage
in 3 minutes and 10 seconds
......@@ -1246,23 +1246,10 @@ Rules for CheckType Auto (by priority):
.. _`variable-escape`:
Escape
------
To 'escape' a character typically means: a character, which have a special meaning/function, should not treated as a special
character.
E.g. a string is surrounded by single ticks '. If such a string should contain a single tick inside (like 'Miller's'),
the inside single tick has to be escaped. This is typically done by a backlash: 'Millers\\'s'.
QFQ offers different ways of escaping. Which of them to use, depends on the situation.
Especially variables used in SQL Statements might cause trouble when using: NUL (ASCII 0), \\n, \\r, \\, ', ", or Control-Z.
Additional there function classes like 'p' (password hash) which is not 'escape' but hashing. It transforms the value of
the variable into a hash. The hash function is the one used by Typo3 to encrypt and salt a password. This is useful to
manipulate FE user passwords via QFQ. See `setFeUserPassword`_
Escape/Action class
-------------------
The following `escape`, `hashing`, `action` types are available:
The following `escape` & `action` types are available:
+-------+----------------------------------------------------------------------------------------------------------------------------------+
......@@ -1284,26 +1271,51 @@ The following `escape`, `hashing`, `action` types are available:
+-------+----------------------------------------------------------------------------------------------------------------------------------+
| p | Password hashing: depends on the hashing type in the Typo3 installation, includes salting if configured. |
+-------+----------------------------------------------------------------------------------------------------------------------------------+
| '' | Nothing defined - the escape type configured in `configuration`_. |
| '' | Nothing defined - the escape/action class type configured in `configuration`_. |
+-------+----------------------------------------------------------------------------------------------------------------------------------+
| - | No escaping. |
+-------+----------------------------------------------------------------------------------------------------------------------------------+
| S | Stop replace. If the replaced value contains variables, they won't be replaced. |
| S | Stop replace. If the replaced value contains nested variables, they won't be replaced. |
+-------+----------------------------------------------------------------------------------------------------------------------------------+
| X | Throw exception if variable is not found in the given store(s). Outputs `variable-type-message-violate`_ |
+-------+----------------------------------------------------------------------------------------------------------------------------------+
* The `escape` type is defined by the fourth parameter of the variable. E.g.: `{{name:FE:alnumx:m}}` (m = mysql).
* It's possible to combine multiple `escape` types, they will be processed in the order given. E.g. `{{name:FE:alnumx:Ls}}` (L, s).
* The ``escape/action`` class is defined by the fourth parameter of the variable. E.g.: ``{{name:FE:alnumx:m}}`` (m = mysql).
* It's possible to combine multiple ``escape/action`` classes, they will be processed in the order given. E.g. ``{{name:FE:alnumx:Ls}}`` (L, s).
* Escaping is typically necessary for all user supplied content, especially if they are processed via SQL or LDAP queries.
* Be careful when escaping nested variables. Best is to escape **only** the most outer variable.
* In configuration_ a global `escapeTypeDefault` can be defined. The configured escape type applies to all substituted
variables, who *do not* contain a *specific* escape type.
* Additionally a `defaultEscapeType` can be defined per `Form` (separate field in the *Form editor*). This overwrites the
global definition of `configuration`. By default, every `Form.defaultEscapeType` = 'c' (=config), which means the setting
* In configuration_ a global ``escapeTypeDefault`` can be defined. The configured ``escape/action`` class applies to all substituted
variables, who *do not* contain a *specific* ``escape/action`` class.
* Additionally a ``defaultEscapeType`` can be defined per ``Form`` (separate field in the *Form editor*). This overwrites the
global definition of ``configuration``. By default, every ``Form.defaultEscapeType`` = 'c' (=config), which means the setting
in `configuration`_.
* To suppress an escape type, define the `escape type` = '-' on the specific variable. E.g.: `{{name:FE:alnumx:-}}`.
* To suppress an escape type, define the ``escape type`` = '-' on the specific variable. E.g.: ``{{name:FE:alnumx:-}}``.
Escape
^^^^^^
To 'escape' a character typically means: a character, which have a special meaning/function, should not treated as a special
character.
E.g. a string is surrounded by single ticks '. If such a string should contain a single tick inside (like 'Miller's'),
the inside single tick has to be escaped. This is typically done by a backlash: 'Millers\\'s'.
QFQ offers different ways of escaping. Which of them to use, depends on the situation.
Especially variables used in SQL Statements might cause trouble when using: NUL (ASCII 0), \\n, \\r, \\, ', ", or Control-Z.
Action
^^^^^^
* *password* - 'p': transforms the value of the variable into a Typo3 salted password hash. The hash function is the one
used by Typo3 to encrypt and salt a password. This is useful to manipulate FE user passwords via QFQ. See `setFeUserPassword`_
* *stop replace* - 'S': typically QFQ will replace nested variables as long as there are variables to replace. This options
stops this
* *exception* - 'X': If a variable is not found in any given store, it's replace by a default value or an error message.
In special situation it might be useful to do a full stop on all current actions (no further procession). A custom
message can be defined via: `variable-type-message-violate`_.
.. _`variable-default`:
......@@ -6218,21 +6230,21 @@ Run any command on the web server.
* Text send to 'stderr' is not returned at all.
* If 'stderr' should be shown, redirect the output::
SELECT 'touch /root 2>&1' AS _exec
SELECT 'touch /root 2>&1' AS _exec
* If 'stdout' / 'stderr' should not be displayed, redirect the output::
SELECT 'touch /tmp >/dev/null' AS _exec
SELECT 'touch /root 2>&1 >/dev/null' AS _exec
SELECT 'touch /tmp >/dev/null' AS _exec
SELECT 'touch /root 2>&1 >/dev/null' AS _exec
* Multiple commands can be concatenated by `;`::
SELECT 'date; date' AS _exec
SELECT 'date; date' AS _exec
* If the return code is not 0, the string '[<rc>] ', will be prepended.
* If it is not wished to see the return code, just add ``true`` to fake rc of 0 (only the last rc will be reported)::
SELECT 'touch /root; true' AS _exec
SELECT 'touch /root; true' AS _exec
**Syntax**
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment