[pLog-svn] r2462 - plog/branches/plog-1.0.2/templates/summary

Mark Wu markplace at gmail.com
Sun Sep 11 15:10:38 GMT 2005 

Hi Jon:

I just think if we "have to" strip tags for comment topic, why don't we just
remove it before we save the comments?

How do you think?

Mark

> -----Original Message-----
> From: plog-svn-bounces at devel.plogworld.net 
> [mailto:plog-svn-bounces at devel.plogworld.net] On Behalf Of 
> jondaley at devel.plogworld.net
> Sent: Sunday, September 11, 2005 7:32 PM
> To: plog-svn at devel.plogworld.net
> Subject: [pLog-svn] r2462 - plog/branches/plog-1.0.2/templates/summary
> 
> Author: jondaley
> Date: 2005-09-11 11:32:08 +0000 (Sun, 11 Sep 2005) New Revision: 2462
> 
> Modified:
>    plog/branches/plog-1.0.2/templates/summary/post.template
>    plog/branches/plog-1.0.2/templates/summary/summary.template
> Log:
> remove html tags from comment Topic, in all cases.  Remove 
> html from postTopic, in admin interface.  This doesn't 
> entirely solve the problem, because if users want to allow <a 
> href=blah>...</a> in their comments (and plog does that by 
> default) then the user is also allowed to have the iframe 
> attribute tag stuff.  A fair amount of discussion on the 
> strip_tags section of php.net
> 
> Modified: plog/branches/plog-1.0.2/templates/summary/post.template
> ===================================================================
> --- plog/branches/plog-1.0.2/templates/summary/post.template	
> 2005-09-11 11:04:03 UTC (rev 2461)
> +++ plog/branches/plog-1.0.2/templates/summary/post.template	
> 2005-09-11 11:32:08 UTC (rev 2462)
> @@ -1,6 +1,6 @@
>      {assign var="blog" value=$post->getBlogInfo()}
>  	{assign var="request" value=$blog->getBlogRequestGenerator()}
> -    <h5>{$post->getTopic()}</h5>
> +    <h5>{$post->getTopic()|strip_tags}</h5>
>      <div class="subtitle">
>          {$locale->tr("blog")} <a 
> href="{$request->blogLink()}">{$blog->getBlog()}</a>
>      </div>
> @@ -19,4 +19,4 @@
>          <img src="imgs/comment.png" width="11" height="10" 
> alt="{$locale->tr("comments")}" />&nbsp;
>          <a 
> href="{$request->postPermalink($post)}#comments">{if 
> $post->getTotalComments() eq 0}{$locale->tr("comment on 
> this")}{else}{$post->getTotalComments()} 
> {$locale->tr("comments")|capitalize}{/if}</a>
>          <br style="clear: both;" />
> -    </div>
> \ No newline at end of file
> +    </div>
> 
> Modified: plog/branches/plog-1.0.2/templates/summary/summary.template
> ===================================================================
> --- 
> plog/branches/plog-1.0.2/templates/summary/summary.template	
> 2005-09-11 11:04:03 UTC (rev 2461)
> +++ 
> plog/branches/plog-1.0.2/templates/summary/summary.template	
> 2005-09-11 11:32:08 UTC (rev 2462)
> @@ -1,6 +1,6 @@
>  {include file="summary/header.template"}
>   {foreach from=$posts item=post}
> -   <h3>{$post->getTopic()}</h3>
> +   <h3>{$post->getTopic()|strip_tags}</h3>
>  {assign var="postDate" value=$post->getDateObject()}  
> {assign var="postOwner" value=$post->getUserInfo()}  <span 
> class="date">{$postOwner->getUsername()} | 
> {$locale->formatDate($postDate,"%d %B, %Y %H:%M")}</span>
> 
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.plogworld.net
> http://devel.plogworld.net/mailman/listinfo/plog-svn

More information about the pLog-svn mailing list