How do you delete an image field?

[aidan]

I have image fields as part of a table (images stored in file system - Field type is container and widget type is file). In Edit mode there does not appear to be any way to delete an image once it has been added. I've been away from this Xataface application for a few months so I may be forgetting something, but how do you delete an image that has been added like this?

Regards,
Aidan Curran

[aidan]

Looking around the forum a bit more and I see this issue has come up before back in 2006:
http://xataface.com/forum/viewtopic.php?t=3844#19175

and an issue was posted in Bug Tracker but is still open:
http://bugs.weblite.ca/view.php?id=98

So it appears the ability to delete a file is still not there. Any pointers as to an easy approach for doing this (what files do I need to modify)? I'm not too concerned with deleting the actual files, just being able to remove the reference to the file from the db would suffice (although removing the files would be cleaner).

Thanks,
Aidan

[shannah]

Pretty much I'll need to create a custom action (or you could do it) that clears the desired image field in the database.

[aidan]

I should be able to do that as I know some PHP and SQL but not sure where to start since I'm not so familiar with the Xataface code. Any pointers or documentation on how to go about creating a custom action? Is that something that would go in ApplicationDelegate.php?

[shannah]

Check the getting started tutorial. There are a couple of sections on custom actions. Also check the wiki under 'actions' for some examples.

Also check the reference for the actions.ini file in the wiki.

-Steve

[aidan]

OK will do.

Thanks!
- Aidan

[aidan]

After a bit of work and figuring things out I got it done.

Other's may be wanting to do the same thing so here's the basics of how I did it:

1. Added this to actions.ini:

Code: Select all

[delete_file]
label = "Delete Image"
permission=edit

2. Created a file /actions/delete_file.php in application folder. Contents of file:

Code: Select all

<?php
class actions_delete_file {
    function handle(&$params){
        $app =& Dataface_Application::getInstance();  // reference to Dataface_Application object
        $request =& $app->getQuery();  // Request vars:  e.g. [-table]=>'Students', [-action]=>'hello'
        $current_tablename =& $request['-table'];
        $current_record =& $app->getRecord();  // Currently selected record (Dataface_Record object)
        $field_to_delete = $request['field'];
        $record_id = $current_record->getValue('id');
        $thesql = "UPDATE $current_tablename SET $field_to_delete = '' WHERE id = $record_id";
        $res = mysql_query($thesql, $app->db());
        if ($res) {
        ?>
        <script type="text/javascript">
        window.parent.document.getElementById('img_<?=$field_to_delete?>').style.display="none";
        window.parent.document.getElementById('actions_<?=$field_to_delete?>').style.display="none";
        alert('Image deleted');
        </script>
        <?
        }
    }
}
?>

3. Modified the template Dataface_Form_Section_Template.html:

Code: Select all

                  {if $element.properties.image_preview}
                     <img id="img_{$element.field.name}" src="{$element.properties.image_preview}" style="display: block; max-height: 200px" alt="{$element.field.name} preview image"/>
                  {/if}
                  {if $element.properties.preview}
                     <span id="actions_{$element.field.name}">
                     <a href="{$element.properties.preview}" target="_blank">{translate id="scripts.GLOBAL.MESSAGE_VIEW_FIELD_CONTENT"}View Field Content in new Window{/translate}</a>
                     &nbsp;&nbsp;&nbsp;<a href="{$ENV.SERVER.PHP_SELF}?-action=delete_file&field={$element.field.name}&{$ENV.SERVER.QUERY_STRING|replace:'-action=edit&':''}" target="hiddenFrame"><img src="{$ENV.DATAFACE_URL}/images/delete_icon.gif"/>Delete Image</a>
                     </span>
                     {/if}


4. Modified template Dataface_Main_Template.html to add a hidden iframe:

Code: Select all

<iframe name="hiddenFrame" id="hiddenFrame" style="width:0px; height:0px; border: 0px" src="blank.html"></iframe>


I think those were all or most of the steps involved. It could probably have been done using Ajax but the hidden iframe approach was easier for me to figure out and gives the same result - delete the image record without refreshing the screen (so user does not loose any changes they may have made). I did not do the actual removal of the files but code to do that could be added to delete_file.php quite easily.

Cheers,
Aidan

[shannah]

This looks good. One suggestion is that anything that you include in an SQL query should be sanitized.

E.g.

Code: Select all

$thesql = "UPDATE $current_tablename SET $field_to_delete = '' WHERE id = $record_id";


opens a security hold because $field_to_delete has not been sanitized. Try:

Code: Select all

if (strpos($field_to_delete, '`') !== false ){
    return PEAR::raiseError("Invalid field name contains a '`' character");
}
$thesql = "UPDATE $current_tablename SET `$field_to_delete` = '' WHERE id = $record_id";


Notice that I wrapped $field_to_delete in backticks.

-Steve

[aidan]

Thanks for making me aware of that Steve. In my case however, I reckon it's not required because all logged in users will be known and trusted and I don't think anyone not logged in would be able to pass a query (I set permission=edit for delete_file action so I think that ensures that the action can only be performed by someone logged in with edit permission).

However it does sound like good practice to get into the habit of doing.

Cheers,
Aidan