[pLog-svn] r2462 - plog/branches/plog-1.0.2/templates/summary
Jon Daley
plogworld at jon.limedaley.com
Mon Sep 12 13:22:37 GMT 2005
Ah - I didn't see the filter*ALL*html function, just the
filterHTML. Yes, that is a better solution.
We still need the strip_tags on the admin side, because maybe a
user wants to allow html in the post titles, etc.
On Sun, 11 Sep 2005, Reto Hugi wrote:
> On 11.09.2005 17:20, Mark Wu wrote:
>> Hi Jon:
>>
>> I think we can change
>>
>> $this->_commentTopic = trim($this->_request->getValue( "commentTopic" ));
>>
>> To
>>
>> $this->_commentTopic =
>> trim(Textfilter::filterAllHTML($this->_request->getValue( "commentTopic"
>> )));
>>
>> It will be eaiser. Or we have to modify "All" template sets, that will be a
>> big challenge for us :P
>>
>> Mark
>
>
> yes, and please consider that it's better to apply security relevant
> filtering bevore storage. there are already too many (modified)
> templates in use, which won't be updated by their users even if they
> upgrade to 1.0.2.
>
> reto
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.plogworld.net
> http://devel.plogworld.net/mailman/listinfo/plog-svn
>
**************************************
Jon Daley
http://jon.limedaley.com/plog/
True worship is that exercise of the human spirit that confronts us
with the mystery and the marvel of God in whose presence the most
appropriate and salutary response is adoring love.
-- Ralph Martin
More information about the pLog-svn
mailing list