[pLog-svn] question

Oscar Renalias phunkphorce at gmail.com
Thu Mar 3 08:43:35 GMT 2005


the funniest of all things is that this does not work in
devel.plogworld.net, see for yourselves.

In my win2k or OSX installs, if I add a call to stripslashes() in
class/action/admin/admnpostmanagementaction.class.php (lines 121 and
122):

$this->_postText     =
stripslashes(trim(Textfilter::xhtmlize($this->_request->getValue(
"postText" ))));
$this->_postExtendedText =
stripslashes(trim(Textfilter::xhtmlize($this->_request->getValue(
"postExtendedText" ))));

it will work fine. However in devel.plogoworld.net (to where I do not
have access now and therefore cannot change the code) this is not
needed and Mark's example is not reproducible.

I've also been able to find out via debug statements that the post
text is already escaped wtih backslashes once it reaches plog (try
putting a print($_REQUEST["postText"] and you'll see what I'm talking
about) while this does not happen in the devel server.

Quite weird, I had never seen this one before and I definitely never
happened to me. It's quite strange that it is suddenly happening...

Oscar

On Thu, 3 Mar 2005 10:23:56 +0200, Oscar Renalias <phunkphorce at gmail.com> wrote:
> but slashes are only added whenever magic_quotes_gpc is set to 'On'
> right? I don't understand where those slashes are being added now
> because I have them set to disabled.
> 
> Oscar
> 
> 
> On Thu, 3 Mar 2005 15:48:57 +0800, Mark Wu <markplace at gmail.com> wrote:
> > Hi Oscar:
> >
> > I guess, only guess ...
> >
> > Do you remember the Summary register bug I mentioned before , I need to
> > stripslashes the blogname before I use it. It seems the same situation
> >
> > When we validate the form field, if it's wrong, then plog pass the same
> > field value back to the form .... But in the same time, php will addslahes
> > by itself...  So, that's why....
> >
> > So, maybe we need to add a stripslashes after we validate the fom ...
> >
> > I only guess.
> >
> > Mark
> >
> > -----Original Message-----
> > From: plog-svn-bounces at devel.plogworld.net
> > [mailto:plog-svn-bounces at devel.plogworld.net] On Behalf Of Oscar Renalias
> > Sent: Thursday, March 03, 2005 3:36 PM
> > To: plog-svn at devel.plogworld.net
> > Subject: Re: [pLog-svn] question
> >
> > confirmed, I can reproduce this one. I am just wondering which component is
> > doing this to the code...
> >
> > Oscar
> >
> > On Thu, 3 Mar 2005 11:59:44 +0800, Mark Wu <markplace at gmail.com> wrote:
> > > Hi Oscar:
> > >
> > > I just replicate the question.
> > >
> > > 1. Newpost
> > > 2. Post the follow code to htmlarea in text mode
> > >
> > > <OBJECT ID="WMPlay" WIDTH=320 HEIGHT=240
> > > CLASSID="CLSID:22D6f312-B0F6-11D0-94AB-0080C74C7E95"
> > > CODEBASE="http://activex.microsoft.com/activex/controls/mplayer/en/
> > > nsmp2inf.cab#Version=6,4,5,715"
> > > STANDBY="Loading Microsoft? Windows Media? Player components..."
> > > TYPE="application/x-oleobject">
> > > </OBJECT>
> > >
> > > 3. DO NOT CHOOSE CATEGORY
> > > 4. Press Blog this
> > > 5. Plog will show you  wrong message
> > > 6. change to text mode again , you will get
> > >
> > > <object id="\"WMPlay\""
> > > codebase="\"http://activex.microsoft.com/activex/controls/mplayer/en/"
> > > type="\"application/x-oleobject\"" height="240" standby="\"Loading"
> > > width="320" classid="\"CLSID:22D6f312-B0F6-11D0-94AB-0080C74C7E95\""
> > > nsmp2inf.cab#version="6,4,5,715\"" />
> > >
> > > Mark
> > > -----Original Message-----
> > > From: plog-svn-bounces at devel.plogworld.net
> > > [mailto:plog-svn-bounces at devel.plogworld.net] On Behalf Of Jon Daley
> > > Sent: Thursday, March 03, 2005 4:23 AM
> > > To: plog-svn at devel.plogworld.net
> > > Subject: Re: [pLog-svn] question
> > >
> > > In rev 1274 with xhtml_converter enabled, aggressive_converter
> > > disabled, magic_quotes_gpc = On magic_quotes_runtime = Off
> > > magic_quotes_sybase = Off
> > >
> > > I don't have any problems.
> > >
> > > I also checked rev 1292 with and without aggressive converter enabled,
> > > and it is fine also, using your example code.
> > >
> > > I had a problem like that a long time ago, but I couldn't figure out
> > > why it was happening, it was only on one particular machine.  You had
> > > asked me to play around with the magic_quotes vars, but that didn't make a
> > difference.
> > >
> > > On Wed, 2 Mar 2005, Oscar Renalias wrote:
> > >
> > > > is anybody else having problems with the "preview post" function? It
> > > > seems like somewhere, somebody is adding quotes to the post text,
> > > > even if magic_quotes_gpc and magic_quotes_runtime are disabled. So
> > > > something like
> > > > this:
> > > >
> > > > <a href="http://localhost/plog/resserver.php?blogId=2&amp;
> > > > resource=IMG_3281.JPG"><img style="margin: 5px;" border="0" alt="test"
> > > > src="http://localhost/plog/resserver.php?blogId=2&amp;
> > > > resource=IMG_3281.JPG&amp;mode=preview" /></a>
> > > >
> > > > becomes
> > > >
> > > > <a href=\"http://localhost/plog/resserver.php?blogId=2&amp;
> > > > resource=IMG_3281.JPG\"><img style=\"margin: 5px;\" border=\"0\"
> > > alt=\"test\"
> > > > src=\"http://localhost/plog/resserver.php?blogId=2&amp;
> > > > resource=IMG_3281.JPG&amp;mode=preview\" /></a>
> > > >
> > > > and I have no clue why... Anybody noticed the same problem?
> > > >
> > > > Oscar
> > > >
> > > > _______________________________________________
> > > > pLog-svn mailing list
> > > > pLog-svn at devel.plogworld.net
> > > > http://devel.plogworld.net/mailman/listinfo/plog-svn
> > > >
> > >
> > > **************************************************************
> > > *     Jonathan M. Daley     *   Don't tell people how to do  *
> > > *                           *  things.  Tell them what to do *
> > > *   jondaley at snurgle.org    *    and let them surprise you   *
> > > *                           *       with their results.      *
> > > * www.snurgle.org/~jondaley *               -- George Patton *
> > > **************************************************************
> > > _______________________________________________
> > > pLog-svn mailing list
> > > pLog-svn at devel.plogworld.net
> > > http://devel.plogworld.net/mailman/listinfo/plog-svn
> > >
> > > _______________________________________________
> > > pLog-svn mailing list
> > > pLog-svn at devel.plogworld.net
> > > http://devel.plogworld.net/mailman/listinfo/plog-svn
> > >
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.plogworld.net
> > http://devel.plogworld.net/mailman/listinfo/plog-svn
> >
> >
>



More information about the pLog-svn mailing list