Input Filters are a great feature of Drupal. They can be very useful. They allow you to:
- Modify the output of a user's submission without changing their input (one of Drupal's golden rules)
- Hide complicated code to do clever things
What do I mean by these things? well, allow me to explain.
Modify user's output
One of the Golden Rules of Drupal is to never modify user input. A user's data should; always remain intact, and any clever things should be done on the way out of the database. Filters allow you to hook into the process of displaying nodes to edit output.
Hide Complicated Code
OK, so who feels comfortable with telling your site users
So, switch the node to PHP Input Format and type do_clever_code('my input snippet');
Not me, and you shouldn't either. Allowing your users access to the PHP Input Format means that anyone can call functions within your site, and these function could range from print('hello, world!'); to a complicated query to drop your entire database. Not good. Whats my point? Input Filters allow you to abstract the need for functions in the node, if the filter is enabled, the page just gets ran through the filters, and it calls do_clever_code(); for you. Therefore, you don't open your site to any malicious attacks.
Enough Background. How do I use them?
Well, they really are quite easy to set up. Head on over to your Administration section, and under the 'Site Configuration' section, you should see the link 'Input formats'. Click on that bad boy and let's get started.
Input Formats? I thought we were talking about Filters?
We are. Input Formats use filters to process user defined text. (as Drupal puts it).
On this page, you can see a list of all the Input Formats on you site.
Under the Hood
Ok, to really understand how these puppies work, we need to get our hands dirty. Choose an input format to modify. In this example, I will use the Full HTML input format. Click the 'configure' link to see the details of the format in all it's glory.
On the page that loads, you can see that there is an option to change the name of the Input Format, assign it to different user roles, and change the filters used. Bingo.
OK, now what?
Now to the interesting stuff. We are going to turn some of these filters off to get an idea of what they don't do, because you may have been taking them for granted before (line break converter, anyone?). OK, lets turn off the URL filter. That's right. As standard, Drupal will convert links in posts to actual <a> tags for you. How kind.
Un-check that filter, save the options, and head to the 'Create Content' section.
In your new node, add a link by typing www.example.com and save it. Boring huh? The link is just plain text. OK, so now for the clever part. Go back to your Input Formats configuration screens, and modify the Full HTML format. Add the URL Filter back in, and save. Go back to your test node and refresh it, and hey presto, you should have a properly formatted link. How does this work I hear you cry? Hold on, you're about to find out.
The Drupal Page Creation Process
Don't get too excited, the whole page creation is beyond the scope of this article, but we will talk about how filters are applied.
During the node preparation, a function called check_markup(); is called. This function is very clever; it tidies up things like platform-specific new line characters, and calls each filter enabled for the input format of that node. Now, each filter runs through your code, and depending on what they're built to do, they change the post before it is outputted. So, in the case of our example, the URL Filter looks for links, and applies the correct HTML to them.
For a more in-depth look at check_markup, look at the Drupal API.
Order of Flow
The order of the filter list is significant. They are executed from top to bottom. So if filter B relies on something from filter A, make sure that you have dragged filter A to the top of the stack, otherwise, bad things can happen!
To Sum it Up
So you've seen how Input Filters work, how to use them and hopefully understand why they are in Drupal.
But, why stop there? Why not build your own? It's very easy (the one I build for my work was 3 lines of code excluding the set up of the Drupal hook), and can really boost the functionality of your site.
Feel free to leave your comments, and suggestions. Next time, we will look at how to actually make a filter.
