[pLog-svn] r5861 - plog/branches/lifetype-1.2/class/data
Jon Daley
plogworld at jon.limedaley.com
Fri Aug 24 08:31:02 EDT 2007
Ah, now I see why we went crazy with the strip slashes. filters
get the data before the call to stripslashes in request. That needs to
change.
I can't quite figure out what I want.
The simplest would be:
Original request.class.php:
function getValue( $key, $defaultValue = null, $filterClass = null ) {
$value = parent::getValue( $key, $defaultValue, $filterClass );
if( get_magic_quotes_gpc() && !is_array( $value ))
$value = stripslashes( $value );
return( $value );
}
Change to:
function getValue( $key, $defaultValue = null, $filterClass = null ) {
if( get_magic_quotes_gpc() && !is_array( $value ))
$value = stripslashes( $value );
$value = parent::getValue( $key, $defaultValue, $filterClass );
return( $value );
}
But that doesn't work, because we don't have the value yet.
I can't simply remove $filterClass, because the getValue doesn't really
care if the filterClass is sent in or not, because we already called
registerFilter() (We actually never use the third parameter in any call
to request->getValue(), so perhaps it should be removed, in favor of using
the registerFilter() method)
So, I kind of want properties->getUnfilteredValue($key, $defaultValue)
and then call the filters on it later, after the stripslashes has been
done.
Since kses isn't stripping out the slashes, it rejects html that looks
like:
<a href=\"http://asd/\">asd</a> as being invalid.
I don't think kses should have stripslashes in it, though, if you really
wanted it there, it should be removed from request->getValue() and that
feels wrong.
So, I recommend adding:
string Properties::filterData(string)
string Properties::getUnfilteredValue(key, defaultValue)
and move the filter code from Properties::getValue to
Properties::filterData and then getValue calls filterData.
Does that sound okay to people?
More information about the pLog-svn
mailing list