[pLog-svn] r2462 - plog/branches/plog-1.0.2/templates/summary

Mark Wu markplace at gmail.com
Mon Sep 12 13:40:57 GMT 2005 

Hi Jon:

Kindly take a look at _fetchCommonData()  in
/class/action/adminpostmanagementcommonaction.class.php , we already filter
the thml before we save it.. :D

$this->_postTopic    =
trim(Textfilter::xhtmlize(Textfilter::filterAllHTML($this->_request->getValu
e( "postTopic" ))));

Mark

> -----Original Message-----
> From: plog-svn-bounces at devel.plogworld.net 
> [mailto:plog-svn-bounces at devel.plogworld.net] On Behalf Of Jon Daley
> Sent: Monday, September 12, 2005 9:24 PM
> To: plog-svn at devel.plogworld.net
> Subject: RE: [pLog-svn] r2462 - 
> plog/branches/plog-1.0.2/templates/summary
> 
>  	Are you sure?  I don't think so.
> 
> On Mon, 12 Sep 2005, Mark Wu wrote:
> > Hi Jon:
> >
> > Sorry forget to metioned another thing, we already filter postTopic 
> > html tag in 1.0.2... Therefore, I think we don't need to 
> strip them in summary again.
> >
> > Mark
> >
> >> -----Original Message-----
> >> From: Mark Wu [mailto:markplace at gmail.com]
> >> Sent: Sunday, September 11, 2005 11:11 PM
> >> To: 'plog-svn at devel.plogworld.net'
> >> Subject: RE: [pLog-svn] r2462 -
> >> plog/branches/plog-1.0.2/templates/summary
> >>
> >> Hi Jon:
> >>
> >> I just think if we "have to" strip tags for comment topic, 
> why don't 
> >> we just remove it before we save the comments?
> >>
> >> How do you think?
> >>
> >> Mark
> >>
> >>> -----Original Message-----
> >>> From: plog-svn-bounces at devel.plogworld.net
> >>> [mailto:plog-svn-bounces at devel.plogworld.net] On Behalf Of 
> >>> jondaley at devel.plogworld.net
> >>> Sent: Sunday, September 11, 2005 7:32 PM
> >>> To: plog-svn at devel.plogworld.net
> >>> Subject: [pLog-svn] r2462 -
> >> plog/branches/plog-1.0.2/templates/summary
> >>>
> >>> Author: jondaley
> >>> Date: 2005-09-11 11:32:08 +0000 (Sun, 11 Sep 2005) New
> >> Revision: 2462
> >>>
> >>> Modified:
> >>>    plog/branches/plog-1.0.2/templates/summary/post.template
> >>>    plog/branches/plog-1.0.2/templates/summary/summary.template
> >>> Log:
> >>> remove html tags from comment Topic, in all cases.  Remove
> >> html from
> >>> postTopic, in admin interface.  This doesn't entirely solve the 
> >>> problem, because if users want to allow <a
> >> href=blah>...</a> in their
> >>> comments (and plog does that by
> >>> default) then the user is also allowed to have the iframe 
> attribute 
> >>> tag stuff.  A fair amount of discussion on the strip_tags
> >> section of
> >>> php.net
> >>>
> >>> Modified: plog/branches/plog-1.0.2/templates/summary/post.template
> >>> 
> ===================================================================
> >>> --- plog/branches/plog-1.0.2/templates/summary/post.template
> >>> 2005-09-11 11:04:03 UTC (rev 2461)
> >>> +++ plog/branches/plog-1.0.2/templates/summary/post.template
> >>> 2005-09-11 11:32:08 UTC (rev 2462)
> >>> @@ -1,6 +1,6 @@
> >>>      {assign var="blog" value=$post->getBlogInfo()}
> >>>  	{assign var="request" value=$blog->getBlogRequestGenerator()}
> >>> -    <h5>{$post->getTopic()}</h5>
> >>> +    <h5>{$post->getTopic()|strip_tags}</h5>
> >>>      <div class="subtitle">
> >>>          {$locale->tr("blog")} <a
> >>> href="{$request->blogLink()}">{$blog->getBlog()}</a>
> >>>      </div>
> >>> @@ -19,4 +19,4 @@
> >>>          <img src="imgs/comment.png" width="11" height="10"
> >>> alt="{$locale->tr("comments")}" />&nbsp;
> >>>          <a
> >>> href="{$request->postPermalink($post)}#comments">{if
> >>> $post->getTotalComments() eq 0}{$locale->tr("comment on 
> >>> this")}{else}{$post->getTotalComments()}
> >>> {$locale->tr("comments")|capitalize}{/if}</a>
> >>>          <br style="clear: both;" />
> >>> -    </div>
> >>> \ No newline at end of file
> >>> +    </div>
> >>>
> >>> Modified:
> >> plog/branches/plog-1.0.2/templates/summary/summary.template
> >>> 
> ===================================================================
> >>> ---
> >>> plog/branches/plog-1.0.2/templates/summary/summary.template
> >>> 2005-09-11 11:04:03 UTC (rev 2461)
> >>> +++
> >>> plog/branches/plog-1.0.2/templates/summary/summary.template
> >>> 2005-09-11 11:32:08 UTC (rev 2462)
> >>> @@ -1,6 +1,6 @@
> >>>  {include file="summary/header.template"}
> >>>   {foreach from=$posts item=post}
> >>> -   <h3>{$post->getTopic()}</h3>
> >>> +   <h3>{$post->getTopic()|strip_tags}</h3>
> >>>  {assign var="postDate" value=$post->getDateObject()} {assign 
> >>> var="postOwner" value=$post->getUserInfo()}  <span 
> >>> class="date">{$postOwner->getUsername()} | 
> >>> {$locale->formatDate($postDate,"%d %B, %Y %H:%M")}</span>
> >>>
> >>> _______________________________________________
> >>> pLog-svn mailing list
> >>> pLog-svn at devel.plogworld.net
> >>> http://devel.plogworld.net/mailman/listinfo/plog-svn
> >
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.plogworld.net
> > http://devel.plogworld.net/mailman/listinfo/plog-svn
> >
> 
> **************************************
> Jon Daley
> http://jon.limedaley.com/plog/
> 
> Quoting: the act of repeating erroneously the words of another.
> -- Ambrose Bierce
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.plogworld.net
> http://devel.plogworld.net/mailman/listinfo/plog-svn

More information about the pLog-svn mailing list