[pLog-svn] r5861 - plog/branches/lifetype-1.2/class/data

Oscar Renalias oscar at renalias.net
Fri Aug 24 09:26:11 EDT 2007 

We can remove the $filter parameter from Properties::getValue() if
it's true that it is not being used. We don't need to implement
Properties::getUnfilteredValue() because we already have the opposite,
Properties::getFilteredValue(). But what would you need
Properties::filterData() for?

Why don't we just process all values in the request inside the Request
constructor, and perform the call to strip_slashes in there rather
than in the get[Filtered]Value() methods? In that case we wouldn't
need to worry about doing it later, and we could be sure that the data
has already been filtered.

Oscar

On 8/24/07, Jon Daley <plogworld at jon.limedaley.com> wrote:
>         Ah, now I see why we went crazy with the strip slashes.  filters
> get the data before the call to stripslashes in request.  That needs to
> change.
>         I can't quite figure out what I want.
>
> The simplest would be:
> Original request.class.php:
> function getValue( $key, $defaultValue = null, $filterClass = null ) {
>     $value = parent::getValue( $key, $defaultValue, $filterClass );
>     if( get_magic_quotes_gpc() && !is_array( $value ))
>           $value = stripslashes( $value );
>     return( $value );
> }
>
> Change to:
> function getValue( $key, $defaultValue = null, $filterClass = null ) {
>     if( get_magic_quotes_gpc() && !is_array( $value ))
>           $value = stripslashes( $value );
>     $value = parent::getValue( $key, $defaultValue, $filterClass );
>     return( $value );
> }
>
> But that doesn't work, because we don't have the value yet.
> I can't simply remove $filterClass, because the getValue doesn't really
> care if the filterClass is sent in or not, because we already called
> registerFilter()  (We actually never use the third parameter in any call
> to request->getValue(), so perhaps it should be removed, in favor of using
> the registerFilter() method)
>
> So, I kind of want properties->getUnfilteredValue($key, $defaultValue)
> and then call the filters on it later, after the stripslashes has been
> done.
>
>
> Since kses isn't stripping out the slashes, it rejects html that looks
> like:
> <a href=\"http://asd/\">asd</a> as being invalid.
>
> I don't think kses should have stripslashes in it, though, if you really
> wanted it there, it should be removed from request->getValue() and that
> feels wrong.
>
>
>
> So, I recommend adding:
> string Properties::filterData(string)
> string Properties::getUnfilteredValue(key, defaultValue)
> and move the filter code from Properties::getValue to
> Properties::filterData and then getValue calls filterData.
>
> Does that sound okay to people?
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>

More information about the pLog-svn mailing list