Custom Web Publishing Guide
Table Of Contents
- Chapter 1 Introducing Custom Web Publishing
- Chapter 2 Preparing databases for Custom Web Publishing
- Chapter 3 Accessing XML data with the Web Publishing Engine
- Using Custom Web Publishing with XML
- General process for accessing XML data from the Web Publishing Engine
- About the URL syntax for XML data and container objects
- Accessing XML data via the Web Publishing Engine
- Using the fmresultset grammar
- Using other FileMaker XML grammars
- About UTF-8 encoded data
- Using FileMaker query strings to request XML data
- Switching layouts for an XML response
- Understanding how an XML request is processed
- Using server-side and client-side processing of stylesheets
- Troubleshooting XML document access
- Chapter 4 Introduction to Custom Web Publishing with XSLT
- Chapter 5 Developing FileMaker XSLT stylesheets
- Using XSLT stylesheets with the Web Publishing Engine
- About the FileMaker XSLT Extension Function Reference
- About the URL syntax for FileMaker XSLT stylesheets
- About the URL syntax for FileMaker container objects in XSLT solutions
- Using query strings in FileMaker XSLT stylesheets
- Specifying an XML grammar for a FileMaker XSLT stylesheet
- About namespaces and prefixes for FileMaker XSLT stylesheets
- Using statically defined query commands and query parameters
- Setting text encoding for requests
- Specifying an output method and encoding
- About the encoding of XSLT stylesheets
- Processing XSLT requests that do not query FileMaker Server
- Using tokens to pass information between stylesheets
- Using the FileMaker XSLT extension functions and parameters
- About the FileMaker-specific XSLT parameters set by the Web Publishing Engine
- Accessing the query information in a request
- Obtaining client information
- Using the Web Publishing Engine base URI parameter
- Using the authenticated base URI parameter
- Loading additional documents
- Using a database’s layout information in a stylesheet
- Using content buffering
- Using Web Publishing Engine sessions to store information between requests
- Using the session extension functions
- Sending email messages from the Web Publishing Engine
- Using the header functions
- Using the cookie extension functions
- Using the string manipulation extension functions
- Comparing strings using Perl 5 regular expressions
- Checking for values in a field formatted as a checkbox
- Using the date, time, and day extension functions
- Checking the error status of extension functions
- Using logging
- Chapter 6 Testing and monitoring a site
- Appendix A Valid names used in query strings
- About the query commands and parameters
- Using the query commands
- -dbnames (Database names) query command
- -delete (Delete record) query command
- -dup (Duplicate record) query command
- -edit (Edit record) query command
- -find, -findall, or -findany (Find records) query commands
- -layoutnames (Layout names) query command
- -new (New record) query command
- -process (Process XSLT stylesheets)
- -scriptnames (Script names) query command
- -view (View layout information) query command
- Using the query parameters
- -db (Database name) query parameter
- -encoding (Encoding XSLT request) query parameter
- -field (Container field name) query parameter
- fieldname (Non-container field name) query parameter
- fieldname.op (Comparison operator) query parameter
- -grammar (Grammar for XSLT stylesheets) query parameter
- -lay (Layout) query parameter
- -lay.response (Switch layout for response) query parameter
- -lop (Logical operator) query parameter
- -max (Maximum records) query parameter
- -modid (Modification ID) query parameter
- -recid (Record ID) query parameter
- -script (Script) query parameter
- -script.prefind (Script before Find) query parameter
- -script.presort (Script before Sort) query parameter
- -skip (Skip records) query parameter
- -sortfield (Sort field) query parameter
- -sortorder (Sort order) query parameter
- -styletype (Style type) query parameter
- -stylehref (Style href) query parameter
- -token.[string] (Pass values between XSLT stylesheets) query parameter
- Appendix B Error codes for Custom Web Publishing
- Appendix C Converting CDML solutions to FileMaker XSLT
- About the process of converting CDML solutions to FileMaker XSLT solutions
- Conversion of CDML action tags, variable tags, and URLs
- Conversion of the -error and -errornum CDML variable tags
- Conversion of obsolete CDML action tags
- Conversion of supported CDML action tags
- Conversion of obsolete CDML variable tags
- Conversion of supported CDML variable tags
- Conversion of CDML boolean parameters to XPath boolean parameters
- Conversion of CDML boolean operators to XPath
- Conversion of CDML intratag parameters to XSLT-CWP
- Manually fixing CDML conversion errors
- Conversion of CDML replacement tags to XSLT-CWP
- Index
Developing FileMaker XSLT stylesheets 51
Using statically defined query commands and query parameters
You can prevent the unauthorized use of query commands and query parameters with your FileMaker XSLT
stylesheet by statically defining the query commands and parameters that you want to use when XML data is
requested. Although not required, if any query commands and parameters are statically defined in a stylesheet,
they take precedence over any matching query command or parameters that a client may attempt to specify in
the URL query string.
The stylesheets generated by the Site Assistant and CDML Converter tools use statically defined query
commands and parameters. FileMaker recommends using statically defined query commands and parameters
as a best practice technique for enhancing the security of your solution.
To statically define query commands and parameters, use the following processing instruction at the beginning
of your FileMaker XSLT stylesheet:
<?xslt-cwp-query params="query string-fragment"?>
where:
query string-fragment is a string that contains the name-value pairs in the following format:
name=value&name2=value2....
where:
name is a string that is the name of a query command, query parameter, or database field.
value is an arbitrary length string value. For query parameters and field names, use the particular value you
want to define, such as “–db=products”. For query commands, don’t specify an “=” sign or a value after the
command name, such as –findall. See
appendix A, “Valid names used in query strings.”
The strings used in the fragment must be URL encoded. See “About URL text encoding” on page 25.You must
use the same character encoding that is specified by the encoding attribute in the <xsl:output> tag. If no
encoding is specified, then the Web Publishing Engine uses its configured default encoding.
The separator between two name value pairs must be an ampersand (&).
For example, suppose you used the following processing instruction in a stylesheet named my_stylesheet.xsl:
<?xslt-cwp-query params="-db=products&-lay=sales&-grammar=fmresultset&productname=the%20item&-find"?>
This example processing instruction would force all requests for the my_stylesheet.xsl to use the fmresultset
grammar with the products database and the sales layout, and do a –find request with the productname field
set to the value “the%20item”.
If a client made the following request using my_stylesheet.xsl:
http://server.company.com/fmi/xsl/my_stylesheet.xsl?-lay=revenue&city=London&-edit
then the Web Publishing Engine would process the following XML request:
http://server.company.com/fmi/xml/fmresultset.xml?-db=products&-lay=sales&productname=the%20item&city=London
&-find
The statically defined query command and parameters override the –lay=revenue query parameter and the
–edit query command provided by the client. Because the city field was not statically defined in the processing
instruction, the Web Publishing Engine includes in the XML request the value of “London” for the city field
that the client provided.