[pLog-svn] r2462 - plog/branches/plog-1.0.2/templates/summary

Jon Daley plogworld at jon.limedaley.com
Mon Sep 12 14:33:07 GMT 2005 

 	Hrm.  I guess it is because people are still using 1.0.1, I see 
how they are stripped out now.  I thought I tested this before I checked 
the code in.  Certainly the comments still have that problem.
 	I would argue against filtering out all html on posts (I have used 
html inside the post title before, and it is nice to have that option). 
If a blog poster wants to mess up his own blog, that is fine, that is why 
I think we just need to filter the html in the summary and admin side, 
rather than everywhere.
 	But, I don't care about this a lot - I guess we will see if anyone 
else does when 1.0.2 is released.

On Mon, 12 Sep 2005, Mark Wu wrote:
> Hi Jon:
>
> Kindly take a look at _fetchCommonData()  in
> /class/action/adminpostmanagementcommonaction.class.php , we already filter
> the thml before we save it.. :D
>
> $this->_postTopic    =
> trim(Textfilter::xhtmlize(Textfilter::filterAllHTML($this->_request->getValu
> e( "postTopic" ))));
>
> Mark
>
>> -----Original Message-----
>> From: plog-svn-bounces at devel.plogworld.net
>> [mailto:plog-svn-bounces at devel.plogworld.net] On Behalf Of Jon Daley
>> Sent: Monday, September 12, 2005 9:24 PM
>> To: plog-svn at devel.plogworld.net
>> Subject: RE: [pLog-svn] r2462 -
>> plog/branches/plog-1.0.2/templates/summary
>>
>>  	Are you sure?  I don't think so.
>>
>> On Mon, 12 Sep 2005, Mark Wu wrote:
>>> Hi Jon:
>>>
>>> Sorry forget to metioned another thing, we already filter postTopic
>>> html tag in 1.0.2... Therefore, I think we don't need to
>> strip them in summary again.
>>>
>>> Mark
>>>
>>>> -----Original Message-----
>>>> From: Mark Wu [mailto:markplace at gmail.com]
>>>> Sent: Sunday, September 11, 2005 11:11 PM
>>>> To: 'plog-svn at devel.plogworld.net'
>>>> Subject: RE: [pLog-svn] r2462 -
>>>> plog/branches/plog-1.0.2/templates/summary
>>>>
>>>> Hi Jon:
>>>>
>>>> I just think if we "have to" strip tags for comment topic,
>> why don't
>>>> we just remove it before we save the comments?
>>>>
>>>> How do you think?
>>>>
>>>> Mark
>>>>
>>>>> -----Original Message-----
>>>>> From: plog-svn-bounces at devel.plogworld.net
>>>>> [mailto:plog-svn-bounces at devel.plogworld.net] On Behalf Of
>>>>> jondaley at devel.plogworld.net
>>>>> Sent: Sunday, September 11, 2005 7:32 PM
>>>>> To: plog-svn at devel.plogworld.net
>>>>> Subject: [pLog-svn] r2462 -
>>>> plog/branches/plog-1.0.2/templates/summary
>>>>>
>>>>> Author: jondaley
>>>>> Date: 2005-09-11 11:32:08 +0000 (Sun, 11 Sep 2005) New
>>>> Revision: 2462
>>>>>
>>>>> Modified:
>>>>>    plog/branches/plog-1.0.2/templates/summary/post.template
>>>>>    plog/branches/plog-1.0.2/templates/summary/summary.template
>>>>> Log:
>>>>> remove html tags from comment Topic, in all cases.  Remove
>>>> html from
>>>>> postTopic, in admin interface.  This doesn't entirely solve the
>>>>> problem, because if users want to allow <a
>>>> href=blah>...</a> in their
>>>>> comments (and plog does that by
>>>>> default) then the user is also allowed to have the iframe
>> attribute
>>>>> tag stuff.  A fair amount of discussion on the strip_tags
>>>> section of
>>>>> php.net
>>>>>
>>>>> Modified: plog/branches/plog-1.0.2/templates/summary/post.template
>>>>>
>> ===================================================================
>>>>> --- plog/branches/plog-1.0.2/templates/summary/post.template
>>>>> 2005-09-11 11:04:03 UTC (rev 2461)
>>>>> +++ plog/branches/plog-1.0.2/templates/summary/post.template
>>>>> 2005-09-11 11:32:08 UTC (rev 2462)
>>>>> @@ -1,6 +1,6 @@
>>>>>      {assign var="blog" value=$post->getBlogInfo()}
>>>>>  	{assign var="request" value=$blog->getBlogRequestGenerator()}
>>>>> -    <h5>{$post->getTopic()}</h5>
>>>>> +    <h5>{$post->getTopic()|strip_tags}</h5>
>>>>>      <div class="subtitle">
>>>>>          {$locale->tr("blog")} <a
>>>>> href="{$request->blogLink()}">{$blog->getBlog()}</a>
>>>>>      </div>
>>>>> @@ -19,4 +19,4 @@
>>>>>          <img src="imgs/comment.png" width="11" height="10"
>>>>> alt="{$locale->tr("comments")}" />&nbsp;
>>>>>          <a
>>>>> href="{$request->postPermalink($post)}#comments">{if
>>>>> $post->getTotalComments() eq 0}{$locale->tr("comment on
>>>>> this")}{else}{$post->getTotalComments()}
>>>>> {$locale->tr("comments")|capitalize}{/if}</a>
>>>>>          <br style="clear: both;" />
>>>>> -    </div>
>>>>> \ No newline at end of file
>>>>> +    </div>
>>>>>
>>>>> Modified:
>>>> plog/branches/plog-1.0.2/templates/summary/summary.template
>>>>>
>> ===================================================================
>>>>> ---
>>>>> plog/branches/plog-1.0.2/templates/summary/summary.template
>>>>> 2005-09-11 11:04:03 UTC (rev 2461)
>>>>> +++
>>>>> plog/branches/plog-1.0.2/templates/summary/summary.template
>>>>> 2005-09-11 11:32:08 UTC (rev 2462)
>>>>> @@ -1,6 +1,6 @@
>>>>>  {include file="summary/header.template"}
>>>>>   {foreach from=$posts item=post}
>>>>> -   <h3>{$post->getTopic()}</h3>
>>>>> +   <h3>{$post->getTopic()|strip_tags}</h3>
>>>>>  {assign var="postDate" value=$post->getDateObject()} {assign
>>>>> var="postOwner" value=$post->getUserInfo()}  <span
>>>>> class="date">{$postOwner->getUsername()} |
>>>>> {$locale->formatDate($postDate,"%d %B, %Y %H:%M")}</span>
>>>>>
>>>>> _______________________________________________
>>>>> pLog-svn mailing list
>>>>> pLog-svn at devel.plogworld.net
>>>>> http://devel.plogworld.net/mailman/listinfo/plog-svn
>>>
>>> _______________________________________________
>>> pLog-svn mailing list
>>> pLog-svn at devel.plogworld.net
>>> http://devel.plogworld.net/mailman/listinfo/plog-svn
>>>
>>
>> **************************************
>> Jon Daley
>> http://jon.limedaley.com/plog/
>>
>> Quoting: the act of repeating erroneously the words of another.
>> -- Ambrose Bierce
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.plogworld.net
>> http://devel.plogworld.net/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.plogworld.net
> http://devel.plogworld.net/mailman/listinfo/plog-svn
>

**************************************
Jon Daley
http://jon.limedaley.com/plog/

You've got a smarter IQ than I do,
   so that means you're freakin' brilliant.
-- Janet Wightman

More information about the pLog-svn mailing list